ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Stupid NAT tricks and how to stop them.

2006-03-28 09:24:57
from [Jeroen Massar] [Permanent Link] 
On Tue, 2006-03-28 at 08:00 -0800, Hallam-Baker, Phillip wrote:

From: Kurt Erik Lindqvist [mailto:kurtis(_at_)kurtis(_dot_)pp(_dot_)se] 



NAT is a dead end.  If the Internet does not develop a way 

to obsolete 

NAT, the Internet will die.  It will gradually be replaced 

by networks 

that are more-or-less IP based but which only run a small number of 
applications, poorly, and expensively.



...or you will see an overlay network build on top of 
NAT+IPv4 that abstracts the shortcomings away - aka what the 
peer to peer networks are doing. End-to-end addressing...


Precisely. Just what is this fetish about keeping the IP address the same as
the packet travels?


It certainly doesn't have to be. As long as there is one global
identifier which is the same on the other side. A double NAT (thus
making sure the packet is 100% identical on the sending and receiving
side) with a signalling protocol in between is the solution for this.
And there is something already being worked on which does that: shim6.


If there is a way for the host to determine that it is behind a NAT and to
request external registration of necessary ports the whole process can be
made completely transparent to the hosts at each end.


You are thinking of UPNP (See http://www.upnp.org or read for instance
http://www.microsoft.com/windowsxp/using/setup/expert/crawford_02july22.mspx). 
Which is already support by Windows for some time and many "NAT boxes" (ohno I 
should say 'router' or 'firewall' according to them) vendors also nicely 
implement it. But it is a kludge and a heavy one as all the applications using 
it also have to support it and it is not always available and there are not too 
many applications supporting it, let alone protocols. Next to that, when the 
well known port on the outside IP is taken it won't work. Just like when there 
are multiple levels of NAT, or there are no rights to control the UPNP process 
at all.

IPv6 thus gives the advantage over UPNP that:
 - it is clear and simple to all the applications who they are
   talking to based on the source/destination IPv6 address
 - same ideas as IPv4 and no kludges
 - firewalling can remain the normal firewalling
 - multiple tools can use the wellknown ports as there are multiple IP's
 - etc...

Other thing you might want to look at is Teredo (RFC4380), which
basically implements an p2p overlay network on top of IPv4, but using
IPv6 for addressing. (Funny eh that both Teredo and UPNP come out of the
MS stables, guess what these guys wanted to solve...)

Greets,
 Jeroen

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: About cookies and refreshments cost and abuse, Steve Silverman
Next by Date:  Re: About cookies and refreshments cost and abuse, Scott W Brim
Previous by Thread:  RE: Stupid NAT tricks and how to stop them., Hallam-Baker, Phillip
Next by Thread:  Re: Stupid NAT tricks and how to stop them., Keith Moore
Indexes:  [Date] [Thread] [Top] [All Lists]