[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ocean: do not boil



>                  - Running special DNS resolver code on the hosts and/or
>                          configuring DNS servers to return AAAA IPv4 mapped
>                          addresses for any A records.

DNS-ALG does this. resolver code does not have to chang in NAT-PT case

>          - The NAT-PT solution involves changes to DNS (either to
>                  resolver on each host, or to the server), and the IPv4
>                  NAT solution does not.

both NAT and NAT-PT do not involve any changes to DNS resolver/server

>
> Are there some other technical advantages to the NAT-PT solution that I
> am missing?

technically, network has IPv6-only traffic. router either runs dual-stack+v4NAT
or dual-stack+NAT-PT; both may not be equal in terms of complexity, as Erik
already mentioned the ALG factor which is more in v4NAT today than in
NAT-PT.

there are clearly operational advantages, as mentioned already by folks.

>
> How will hosts know that they are running in a NAT-PT environment,
> and that they shouldn't send IPv4 traffic?

the problem here is dual-stack behavior is not clear. i tend to think they
would try to resolve using a AAAA first and then A, there might be
implementations that are doing A first, then AAAA

there is a problem for dual-stacks that are behind a NAT-PT, which i will
come to later.

>
> Is the routing set-up necessary to support multiple NAT-PT boxes the
> same as the routing set-up needed to support multiple IPv4 NATs?  What
> are the key differences, if any?

no differences.

>
> I am concerned about the DNS modifications needed to make NAT-PT work
> correctly.  We know that applications that currently work behind an
> IPv4 NAT will work properly with the IPv4 NAT choice.  Are we _sure_
> that all of those applications will work properly in the NAT-PT case?

as i said, no DNS modifications are needed. just like in v4NAT, one would
point host resolver to a NAT-PT box. apps will work as they were with
v4NAT, as long as ALG support is there with NAT-PT

> Who has explored this in detail, and what did you find?

while Alain did explore this, there are solutions to overcome most
problems that Alain pointed out except DNS-SEC.

Now the dual-stack problem: with NAT-PT, dual-stack will always be forced
to use a IPv6-mapped address (translation path) that the DNS-ALG
synthesized for a v4 destination. dual-stack could very well use IPv4 to
talk to the destination, but is forced to use IPv6+NAT-PT because of
DNS-ALG's current behavior. this is assuming dual-stack is sending AAAA
first, and then A; but not true for other cases.

-Suresh