[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ocean: do not boil



At 04:07 AM 9/26/02, Bound, Jim wrote:
every input I get is that they don't want NAT and want it to go away as soon as possible.
To be replaced by NAT-PT?

What is the technical advantage to running an IPv6-only internal network
that uses NAT-PT to reach external IPv4-only services, as opposed to running
a shared IPv4/IPv6 network with IPv4 NAT?

[Please give _technical_ reasons, like X works with NAT-PT, but doesn't
work with IPv4 NAT...  I understand that some folks have emotional/marketing/
other reasons for wanting to use something they think of as "pure IPv6", and
we may need to deal with that attitude in the marketplace.  I'd just like to
put that aside for a moment and understand the technical differences between
these two solutions.]

I've been thinking about this a lot, and I have come up with the following
thoughts:

Network set-up is fairly similar in these two cases:

        - An IPv4/IPv6 network with IPv4 NAT requires:
                - Setting up an IPv4 NAT box(es).  This includes
                        providing at least one globally routable
                        IPv4 address (to use as the source address
                        for translated packets).
                - Configuring routers with IPv4 and IPv6
                        prefixes and default routes,
                        including IPv4 default routes
                        that lead out through the NAT box(es)
                - Setting up an IPv4 DHCP server
                - Running dual-stack hosts and routers

        - An IPv6-only network with NAT-PT requires:
                - Setting up a NAT-PT box(es).  This includes
                        providing at least one globally routable
                        IPv4 address (to use as the source address
                        for translated packets).
                - Configuring routers with IPv6 prefixes and default
                        routes, plus static routes to send traffic
                        addressed to IPv4 mapped addresses out through
                        the NAT-PT box(es)
                - Running special DNS resolver code on the hosts and/or
                        configuring DNS servers to return AAAA IPv4 mapped
                        addresses for any A records.

Please note that both solutions require IPv4 service at the translation
point, including at least one globally routable IPv4 address.

Once the network has been set-up, these two choices _should_ work the
same for IPv4 traffic sent outside the site.  However, there are a
few of key differences:

        - The IPv4 NAT solution supports the use of IPv4-only
                services within the site, whereas NAT-PT only
                supports IPv4 communication with the outside (there
                is no internal IPv4 routing).

        - The NAT-PT solution does not require running a DHCP server
                or assigning private IPv4 prefixes to internal networks.

        - The NAT-PT solution involves changes to DNS (either to
                resolver on each host, or to the server), and the IPv4
                NAT solution does not.

Are there some other technical advantages to the NAT-PT solution that I
am missing?

How will hosts know that they are running in a NAT-PT environment,
and that they shouldn't send IPv4 traffic?  Will they default to
using IPv4-mapped addresses whenever they don't have IPv4 addresses
configured?  What would be the implications of this behaviour
(if any) in the event of a DHCP failure on an IPv4-only or IPv4/IPv6
network that is running these same implementations?

Is the routing set-up necessary to support multiple NAT-PT boxes the
same as the routing set-up needed to support multiple IPv4 NATs?  What
are the key differences, if any?

I am concerned about the DNS modifications needed to make NAT-PT work
correctly.  We know that applications that currently work behind an
IPv4 NAT will work properly with the IPv4 NAT choice.  Are we _sure_
that all of those applications will work properly in the NAT-PT case?
Who has explored this in detail, and what did you find?

BTW, I think it is _very_ appropriate for the working group to be
analyzing different solution choices at this point.  Two of our scenario
documents are nearly complete (3GPP and unmanaged) and work is already
underway on the analysis documents.  Those analysis documents will
contain our recommended solutions for different scenarios, so it
makes perfect sense for us to discuss which solutions we will
recommend and why.

Margaret