IETF Logo Mail Archive

Re: [v6ops] double nat

Gert Doering <gert@space.net> Tue, 02 October 2012 11:54 UTC

Return-Path: <gert@space.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4162121F8AC7 for <v6ops@ietfa.amsl.com>; Tue, 2 Oct 2012 04:54:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.364
X-Spam-Level:
X-Spam-Status: No, score=-2.364 tagged_above=-999 required=5 tests=[AWL=0.235, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4JyBLorCLBnZ for <v6ops@ietfa.amsl.com>; Tue, 2 Oct 2012 04:54:22 -0700 (PDT)
Received: from mobil.space.net (mobil.Space.Net [IPv6:2001:608:2:81::2]) by ietfa.amsl.com (Postfix) with ESMTP id AABA121F896F for <v6ops@ietf.org>; Tue, 2 Oct 2012 04:54:22 -0700 (PDT)
Received: from mobil.space.net (localhost [127.0.0.1]) by mobil.space.net (Postfix) with ESMTP id 9A995F8D8F for <v6ops@ietf.org>; Tue, 2 Oct 2012 13:54:21 +0200 (CEST)
X-SpaceNet-Relay: true
Received: from moebius3.space.net (moebius3.Space.Net [IPv6:2001:608:2:2::250]) by mobil.space.net (Postfix) with ESMTPS id 705F1F8D8C for <v6ops@ietf.org>; Tue, 2 Oct 2012 13:54:21 +0200 (CEST)
Received: (qmail 68734 invoked by uid 1007); 2 Oct 2012 13:54:21 +0200
Date: Tue, 02 Oct 2012 13:54:21 +0200
From: Gert Doering <gert@space.net>
To: Randy Bush <randy@psg.com>
Message-ID: <20121002115421.GY13776@Space.Net>
References: <m2lifpnpvf.wl%randy@psg.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <m2lifpnpvf.wl%randy@psg.com>
X-NCC-RegID: de.space
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: IETF v6ops list <v6ops@ietf.org>
Subject: Re: [v6ops] double nat
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Oct 2012 11:54:23 -0000

Hi,

On Tue, Oct 02, 2012 at 11:13:24AM +0100, Randy Bush wrote:
> so, is double nat really worse than single nat?  is it formally
> different?  except in the case of overlapping spaces, of course.
> 
> draft-donley-nat444-impacts-04.txt seems to back off reports of
> application issues.  anyone care to swing the clue by four as to
> where multiple layers of nat are formally worse than one layer?

One of the problems with "someone else controls your NAT" is that
you can't add port mappings.  This seems to be an inevitable side 
effect of NAT444 (but can happen with single NAT44 as well, of course,
depending on where it's placed).

Gert Doering
        -- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

v2.23.0 | Report a Bug | By Email