[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SIIT/NAT64 is similar to RSIP



>I'm not assuming that.
>Please read more carefully what I wrote.
>--> 'The SIIT box does not need to be collocated with the firewall.'
>It does not mean it can not.

	ok, then how do you make SIIT and firewall collocate on the same box?

>> SIIT/NAT64 is RSIP.  a proof - SIIT/NAT64 FTP client has to know
>> about how to deal with PORT/PASV command, even though they run on
>> IPv6-only stack.
>>
>> If the IPv6-only node only implements EPSV/EPRT
>> (with IPv6 address support only), it won't be able to use FTP over
>> SIIT/NAT64.  SIIT/NAT64 imposes very strange requirement to the end
>> devices.
>>
>> normal NAT box, and good translators, does not impose any new
>> requrirement to end clients.  NAT-PT and TRT requires no modification
>> at all to IPv6-only (or IPv4/v6 dual stack) nodes in the cloud
>I may be ignorant, then please educate me with a clear example
>how NAT64 is different from NAT-PT in that regard.
>
>An IPv6-only end node working in an NAT64 environement
>will have to inplement what you call SIIT kernel behavior,
>that's all. the 'peer' address will be an IPv6 address, the same way
>as NAT-PT. It just happend that this address is a v4-mapped address,
>but as it would be sent over the wire, I still see no difference with NAT-PT
>in that regard.

	no, the above description is incorrect.

	SIIT/NAT64 environment:
	For an FTP client on IPv6 only kernel (on the lefthand side of the
	diagram) to be able to contact and transfer files across SIIT box,
	the FTP client has to implement and understand IPv4 FTP commands,
	such as PORT and PASV.  this is not a normal requirement to IPv6-only
	FTP client.  IPv6-only FTP client normally implement EPSV/EPRT, for
	protocol #2 (IPv6) only, and that's all.  remember SIIT/NAT64 box will
	not rewrite the payload of packets.
	so, the FTP client knows about IPv4 (= outside world from the SIIT box).
	this is why i call SIIT/NAT64 similar to RSIP.

	NAT-PT environment:
	FTP client on IPv6 only kernel (or IPv6/v4 dual stack kernel) talks
	EPSV/EPRT, with protocol #2 (IPv6).  NAT-PT box will translate the
	content of the FTP control traffic into IPv4 ones (PORT/PASV).
	therefore, FTP client is seeing IPv6 peer from FTP protocol point
	of view.

itojun


SIIT/NAT64 environment

FTP client
========== AF_INET6 API
IPv6 only kernel		SIIT box	IPv4 FTP server
  |				 |   |		  |a.b.c.d
==+==============================+= =+============+==
	IPv6 traffic			IPv4 traffic
	(::ffff:a.b.c.d)

SIIT/NAT64 environment

FTP client
========== AF_INET6 API
IPv6 only/dualstack		NAT-PT box	IPv4 FTP server
  |				 |   |		  |a.b.c.d
==+==============================+= =+============+==
	IPv6 traffic			IPv4 traffic
	(to some fake address)