[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: ocean: do not boil
At 04:07 AM 9/26/02, Bound, Jim wrote:
every input I get is that they don't want NAT and want it to go away as
soon as possible.
To be replaced by NAT-PT?
What is the technical advantage to running an IPv6-only internal network
that uses NAT-PT to reach external IPv4-only services, as opposed to running
a shared IPv4/IPv6 network with IPv4 NAT?
[Please give _technical_ reasons, like X works with NAT-PT, but doesn't
work with IPv4 NAT... I understand that some folks have emotional/marketing/
other reasons for wanting to use something they think of as "pure IPv6", and
we may need to deal with that attitude in the marketplace. I'd just like to
put that aside for a moment and understand the technical differences between
these two solutions.]
I've been thinking about this a lot, and I have come up with the following
thoughts:
Network set-up is fairly similar in these two cases:
- An IPv4/IPv6 network with IPv4 NAT requires:
- Setting up an IPv4 NAT box(es). This includes
providing at least one globally routable
IPv4 address (to use as the source address
for translated packets).
- Configuring routers with IPv4 and IPv6
prefixes and default routes,
including IPv4 default routes
that lead out through the NAT box(es)
- Setting up an IPv4 DHCP server
- Running dual-stack hosts and routers
- An IPv6-only network with NAT-PT requires:
- Setting up a NAT-PT box(es). This includes
providing at least one globally routable
IPv4 address (to use as the source address
for translated packets).
- Configuring routers with IPv6 prefixes and default
routes, plus static routes to send traffic
addressed to IPv4 mapped addresses out through
the NAT-PT box(es)
- Running special DNS resolver code on the hosts and/or
configuring DNS servers to return AAAA IPv4 mapped
addresses for any A records.
Please note that both solutions require IPv4 service at the translation
point, including at least one globally routable IPv4 address.
Once the network has been set-up, these two choices _should_ work the
same for IPv4 traffic sent outside the site. However, there are a
few of key differences:
- The IPv4 NAT solution supports the use of IPv4-only
services within the site, whereas NAT-PT only
supports IPv4 communication with the outside (there
is no internal IPv4 routing).
- The NAT-PT solution does not require running a DHCP server
or assigning private IPv4 prefixes to internal networks.
- The NAT-PT solution involves changes to DNS (either to
resolver on each host, or to the server), and the IPv4
NAT solution does not.
Are there some other technical advantages to the NAT-PT solution that I
am missing?
How will hosts know that they are running in a NAT-PT environment,
and that they shouldn't send IPv4 traffic? Will they default to
using IPv4-mapped addresses whenever they don't have IPv4 addresses
configured? What would be the implications of this behaviour
(if any) in the event of a DHCP failure on an IPv4-only or IPv4/IPv6
network that is running these same implementations?
Is the routing set-up necessary to support multiple NAT-PT boxes the
same as the routing set-up needed to support multiple IPv4 NATs? What
are the key differences, if any?
I am concerned about the DNS modifications needed to make NAT-PT work
correctly. We know that applications that currently work behind an
IPv4 NAT will work properly with the IPv4 NAT choice. Are we _sure_
that all of those applications will work properly in the NAT-PT case?
Who has explored this in detail, and what did you find?
BTW, I think it is _very_ appropriate for the working group to be
analyzing different solution choices at this point. Two of our scenario
documents are nearly complete (3GPP and unmanaged) and work is already
underway on the analysis documents. Those analysis documents will
contain our recommended solutions for different scenarios, so it
makes perfect sense for us to discuss which solutions we will
recommend and why.
Margaret