[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Six/One Router Design Clarifications



On 2008-07-17 06:19, Christian Vogt wrote:
> 
> Brian E. Carpenter wrote:
> 
>>> For communications between upgraded and legacy edge networks, address
>>> rewriting happens unilaterally on the border of the upgraded edge
>>> network.  To avoid address inconsistencies between IP header and
>>> payload also in this case, Six/One Router relies on application
>>> functionality for network address translator traversal.  Applications
>>> that may be affected by such address inconsistencies depend on this
>>> functionality already today, due to the existing deployment of network
>>> address translators.  It is hence safe to assume that those
>>> applications, which use addresses in packet payloads, also support
>>> network address translator traversal.
>>
>> I don't find this OK in an IPv6 environment. We've worked very hard
>> for years to make sure that IPv6 deployment doesn't require NAT, and
>> it is not a correct assumption that applications can support NAT
>> kludges for IPv6 just because they must do so for IPv4 (including
>> IPv6-IPv4 packet level translation).
> 
> 
> Brian,
> 
> you are implying that stateless unilateral address rewriting, which
> the Six/One Router paper [1] proposes for backwards compatibility, is
> as evil as classic NAT'ing.  I would like to question this.
> 
> I know you are very critical of NAT'ing, and rightly so because
> NAT'ing has three fundamental shortfalls:
> 
> (a) NAT'ing makes it hard to contact hosts behind a NAT because hosts
>     behind a NAT use non-unique addresses.
> 
> (b) NAT'ing reduces the ability of the network to re-route traffic in
>     the event of a path failure because it creates a state in the
>     network that communication sessions depend on.
> 
> (c) NAT'ing requires applications that use address referrals in packet
>     payloads to implements NAT traversal capabilities.

(c) is only part of the problem caused by the Internet's conflation
of the locator and identifier functions - the application layer is
full of this problem, and only a few very well-defined applications
can be fixed up by an ALG as a result. I really don't see any reason
to drag this problem into IPv6. The idea is to get away from
the need for horrible things like STUN, not to perpetuate them.

> 
> But it would not be correct to conclude that stateless unilateral
> address rewriting has the same issues.  In fact, as I had explained in
> earlier emails, issues (a) and (b) are not present in stateless
> unilateral address rewriting because this uses only globally unique
> addresses and works without state.  This leaves issue (c).

Well, (c++) since you only described part of the application layer
problem.

> 
> The excerpt from my email to which you are responding (which is
> re-cited at the very top of this email) argues that also issue (c) is
> non-critical due to the existence of NAT traversal functionality in
> applications.  You argue that this is not necessarily so, and I agree
> with you that this would be a drawback of unilateral address rewriting
> as a backwards compatibility method.

I think it is much more serious than a drawback. But, on the other hand,
we are at the beginning of IPv6 deployment. I'm not convinced that
we can't evade this problem somehow.
> 
> But you have yet to convince me that applications won't use NAT
> traversal for IPv6.  It won't be hard to change an existing IPv4 NAT
> traversal code base to IPv6, so doing it in order to improve the
> functioning of an application in NAT'ed environments would be
> straightforward in my opinion.

But this is exactly what we must fight to avoid, so that all the
distortions of the session architecture created by NAT do not
get a chance to distort the v6 world too.

> - Christian
> 
> 
> PS:  FWIW, I understand issue (c) as being of less grave nature than
> issues (a) and (b).  Issue (c) is an implementation issue, NOT an
> architectural issue like issues (a) and (b).

Absolutely not. It's an architectural issue in the session layer,
when session IDs have no universality.

   Brian

> 
> [1] 
> http://users.piuha.net/chvogt/pub/2008/vogt-2008-six-one-router-design.pdf
> 
> 
> 

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg