[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SIIT/NAT64 is similar to RSIP



>> 	bzzzt.  wrong.
>> 	if your FTP client is IPv6-only, it will issue EPSV/EPRT with protocol
>> 	#2.   FTP server on the other end is IPv4-only, which does not
>> 	understand it.
>BZZZZ.. Wrong. :-)
>This goes to the NAT64 box which does the translation the same way 
>NAT-PT would do!

	hmm, then that's the fundamental difference between NAT64 and SIIT.
	NAT64 does rewrite the content of the packet, which means,
	- support nightmare just like we had in IPv4-to-IPv4 NAT, just like
	  NAT-PT,
	- you can't put multiple NAT64 boxes in your site border (= scalability
	  problem) just like NAT-PT.
	- NAT64 box has to deal with fragmentation issue just like NAT-PT.
	- NAT64 translator box is stateful, and single point of failure,
	  just like NAT-PT.

	draft-durand-ngtrans-nat64-nat46-00.txt is not clear enough about it
	(or i wasn't careful when reading it), and i'm not happy with "scalable
	NAT mechanism" written in the abstract of the draft.  it doesn't scale.


	anyways, you didn't answer my first question - how do you collocate
	IPv4 firewall and NAT64 into the same box?

itojun