[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: on NAT-PT
On Thursday, November 28, 2002, at 01:16 AM, Brian E Carpenter wrote:
I think we need an RFC which discusses the issues with NAT-PT
that are discussed for NAT-v4 in RFC 2993 and RFC 3027.
Maybe it could be quite short, if the issues are the same,
but it needs to be written.
As NAT-PT stand, in the v6 to v4 translation, it is worse than
regular NAT, because of side effects introduce by the DNS ALG part.
In the v4 to v6 translation, it is problematic because
of the possibility for DOS attack.
As described, NAT-PT does not scale as regular NAT, this is bad,
especially when people (like 3G) have been discussing using it
massively! (I'm not saying it is a good thing to use NAT massively,
and although the current RFC tries to somehow limit its domain
of use, the statements are not strong enough and side effects need to be
documented)
NAT-PT needs to be revisited:
It needs to remove the DNS-ALG part in the v6 tov4 case,
it needs to limit the DOS thread and need to scale better,
at least as well/bad as NAT.
A new RFC needs to define the tradeoff when to use it
compare to using dual stack.
- Alain.