IETF Logo Mail Archive

Re: [v6ops] double nat

Nick Hilliard <nick@inex.ie> Tue, 02 October 2012 11:24 UTC

Return-Path: <nick@inex.ie>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D194921F8A31 for <v6ops@ietfa.amsl.com>; Tue, 2 Oct 2012 04:24:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3lRCocNlyhIx for <v6ops@ietfa.amsl.com>; Tue, 2 Oct 2012 04:24:22 -0700 (PDT)
Received: from mail.acquirer.com (mail.acquirer.com [IPv6:2a03:8900:0:100::5]) by ietfa.amsl.com (Postfix) with ESMTP id EAFFA21F8A2F for <v6ops@ietf.org>; Tue, 2 Oct 2012 04:24:15 -0700 (PDT)
X-Envelope-To: v6ops@ietf.org
Received: from crumpet.local (inet-gw.acquirer.com [87.198.142.10]) (authenticated bits=0) by mail.acquirer.com (8.14.4/8.14.4) with ESMTP id q92BNq0i028980 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 2 Oct 2012 12:23:52 +0100 (IST) (envelope-from nick@inex.ie)
Message-ID: <506ACEDD.2080501@inex.ie>
Date: Tue, 02 Oct 2012 12:24:13 +0100
From: Nick Hilliard <nick@inex.ie>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:15.0) Gecko/20120907 Thunderbird/15.0.1
MIME-Version: 1.0
To: Randy Bush <randy@psg.com>
References: <m2lifpnpvf.wl%randy@psg.com>
In-Reply-To: <m2lifpnpvf.wl%randy@psg.com>
X-Enigmail-Version: 1.4.4
X-Company-Info-1: Internet Neutral Exchange Association Limited. Registered in Ireland No. 253804
X-Company-Info-2: Registered Offices: 1-2, Marino Mart, Fairview, Dublin 3
X-Company-Info-3: Internet Neutral Exchange Association Limited is limited by guarantee
X-Company-Info-4: Offices: 4027 Kingswood Road, Citywest, Dublin 24.
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: IETF v6ops list <v6ops@ietf.org>
Subject: Re: [v6ops] double nat
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Oct 2012 11:24:22 -0000

On 02/10/2012 11:13, Randy Bush wrote:
> draft-donley-nat444-impacts-04.txt seems to back off reports of
> application issues.  anyone care to swing the clue by four as to
> where multiple layers of nat are formally worse than one layer?

on a slightly less facetious note, you will run into the problem that your
feature set will be reduced to the lowest common denominator feature set of
all the nat implementations on your network path + some delta breakage.
For many services this probably won't make a whole pile of difference, but
for protocols which require ALG support, you can run into difficulties
either through implementation or policy.  E.g. PASV followed by no PASV for
ftp, broken sip implementations, etc.

Nick

v2.23.0 | Report a Bug | By Email