[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: on NAT-PT

To: <itojun@iijlab.net>
Subject: RE: on NAT-PT
From: "Christian Huitema" <huitema@windows.microsoft.com>
Date: Wed, 4 Dec 2002 18:08:14 -0800
Cc: <v6ops@ops.ietf.org>
The problem is that the solution you propose is not applicable. You say:
"don't use DNS-ALG if you are a dual stack node." The problem is that a
host on an unmanaged cannot choose which DNS server to use: it receives
a configuration through DHCP, and the configuration is the same for
every host. The DHCP server does not know whether the host is dual stack
or not, so it cannot give different value to different hosts.

The solution is probably to not use NAT-PT at all in unmanaged networks:
in practice, the host who desires to communicate with legacy IPv4
services will be dual stack.

We need however to mitigate the problem posed by NAT-PT when it does
address translation, and we should do that by following Rob's suggestion
of reserving address ranges for the result of translation + making these
addresses least preferred in the address selection rules.

> -----Original Message-----
> From: itojun@iijlab.net [mailto:itojun@iijlab.net]
> Sent: Wednesday, December 04, 2002 3:49 PM
> To: Christian Huitema
> Cc: v6ops@ops.ietf.org
> Subject: Re: on NAT-PT
> 
> >The following text is an extract from
> >draft-huitema-ngtrans-unmaneval-01.txt, section 3.2.1: the problem
with
> >address translation:
> (snip)
> >In short, the problem is that inserting the DNS-ALG function in a
> >gateway might be beneficial in the IPv4-only to IPv6-only scenario,
but
> >is detrimental in the scenarios that involve dual stack hosts. Since
> >there is likely to be many more dual stack hosts than IPv6 only
hosts,
> >this means that NAT-PT as its stands is detrimental to IPv6
transition.
> 
> 	i don't think you have checked my initial posting.
> 	header is attached as an evidence.
> 
> itojun
> 
> 
> ---
> Return-Path: <owner-v6ops@ops.ietf.org>
> Delivered-To: itojun@itojun.org
> Received: from psg.com (psg.com [147.28.0.62])
> 	by coconut.itojun.org (Postfix) with ESMTP id 1AB2E4B22
> 	for <itojun@itojun.org>; Thu, 28 Nov 2002 13:49:08 +0900 (JST)
> Received: from lserv by psg.com with local (Exim 3.36 #2)
> 	id 18HGZY-000Ee4-00
> 	for v6ops-data@psg.com; Wed, 27 Nov 2002 20:46:44 -0800
> Received: from coconut.itojun.org ([219.101.47.130])
> 	by psg.com with esmtp (Exim 3.36 #2)
> 	id 18HGZV-000Eds-00
> 	for v6ops@ops.ietf.org; Wed, 27 Nov 2002 20:46:41 -0800
> Received: from itojun.org (localhost [127.0.0.1])
> 	by coconut.itojun.org (Postfix) with ESMTP id BC9C24B22
> 	for <v6ops@ops.ietf.org>; Thu, 28 Nov 2002 13:46:37 +0900 (JST)
> To: v6ops@ops.ietf.org
> Subject: on NAT-PT
> X-Template-Reply-To: itojun@itojun.org
> X-Template-Return-Receipt-To: itojun@itojun.org
> X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD  90 5F B4 60 79 54 16 E2
> From: itojun@iijlab.net
> Date: Thu, 28 Nov 2002 13:46:37 +0900
> Message-Id: <20021128044637.BC9C24B22@coconut.itojun.org>
> X-Spam-Status: No, hits=1.0 required=5.0
> 	tests=NO_REAL_NAME,QUOTED_EMAIL_TEXT,SPAM_PHRASE_01_02
> 	version=2.43
> X-Spam-Level: *
> Sender: owner-v6ops@ops.ietf.org
> Precedence: bulk
> X-Filter: mailagent [version 3.0 PL73] for itojun@itojun.org
> 
> 	there are some concerns raised in the working group meeting
> 	with respect to NAT-PT.  it seems to me that the concerns does
not
> 	have enough technical ground (or there are some confusions in
> 	understanding how NAT-PT works).  i don't see the need for
revising
> 	NAT-PT at all.  some clarifications on the document might be
nice,
> 	but no major re-work is needed, IMHO.
> 
> itojun
> 
> 
> (snip)
> draft-huitema-ngtrans-unmaneval-01.txt, page 4:
> 
> >This section makes an important assumption: it assumes that the NAT-
> >PT acts as a bridge between two networks, one IPv6-only and the
> >other IPv6-only. As a result, the DNS-ALG will translate a DNS
> 
> 	"and the other IPv4-only", i suppose.
> 
> >request for a AAAA record coming from the IPv6 host into a request
> >for an A record, and vice versa. The problem is that address
> >translation does not know if the traffic originates from an IPv4
> >only/IPv6 only node or from a dual stack node. When a dual stack
> >node A wants to communicate with an IPv4 only host B, the dual stack
> >host A gets either the IPv4 address of B (preferred) or an IPv6
> >address which is some kind of translation of the IPv4 address of B.
> >This latter situation is not wanted, because it means unnecessary
> >translation between IPv4 and IPv6. This is shown in the table below.
> 
> 	the answer is simple - don't use DNS-ALG if you are a dual stack
> node.
> 	use DNS-ALG as your recursive resolver only when you are IPv6
only
> 	node (hence you use NAT-PT translation part if the ultimate
> 	destionation is IPv4-only).
Prev by Date: Re: on NAT-PT
Next by Date: RE: on NAT-PT
Previous by thread: Re: on NAT-PT
Next by thread: RE: on NAT-PT
Index(es):
- Date
- Thread