[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: on NAT-PT

To: Erik Nordmark <Erik.Nordmark@sun.com>
Subject: Re: on NAT-PT
From: Margaret Wasserman <mrw@windriver.com>
Date: Mon, 20 Jan 2003 10:21:25 -0500
Cc: itojun@iijlab.net, v6ops@ops.ietf.org
In-reply-to: <Roam.SIMC.2.0.6.1043020775.3058.nordmark@bebop.france>
References: <"Your message with ID" <20021128044637.BC9C24B22@coconut.itojun.org>

As a WG contributor I disagree.
I think both NAT-PT and SIIT should be moved to historic or at least
to a status where their deployment is not recommended.

Also as an individual contributor...

I agree with Erik.  I haven't seen a case yet where NAT-PT cannot be
replaced with a less damaging and simpler mechanism (or combination
of mechanisms), such as dual-stack hosts and tunneling.

I assert that 90-99% of the cases where they are used one can instead
use dual-stack hosts (and routers) with private IPv4 addresses and
a good old IPv4 NAT.
[...]
So I think the preferred scheme for this type of interoperability should
be what we already have - IPv4 private addresses and IPv4 NATs.
With IPv6 end-to-end communication when communicating with IPv6 peers.

Exactly.  Any node that needs to make a connection to an IPv4-only
node or service must include an IPv4 stack.  Any node that needs to
connect to an IPv6-only node or service must include an IPv6 stack.
Nodes that need to do both must be dual-stack.  It just make sense.

NAT-PT also has some problems that would be a serious limitation for
almost any deployment, such as the inability for two nodes on the
IPv6-only side of a NAT-PT box to establish an IPv4 connection to
each other.

Of course, there is 1-10% of cases when this is unattractive e.g. due
to the need to route IPv4 inside the domain and it would make sense for the
WG to try to understand that space better. In some of those cases
I think the dual routing will be simpler than having a new type of NAT device
to deal with. In other cases it might be sufficient to have proxy functionality
at the v4/v6 boundary and no NAT (e.g. SIP, HTTP, SMTP)

There are also other alternatives that would not require IPv4
routing within the domain.  For example, a dual stack host running
in an IPv6-only infrastructure could set-up an IPv4 in IPv6 tunnel to the
a dual-stack router on the edge of the IPv6-only network.  The IPv4 address
for the dual-stack host could be dynamically allocated/leased, allowing a
large number of nodes that occasionally use IPv4 to share a smaller
number of IPv4 addresses.  DSTM offers one example of this type of
mechanism.

The proxy alternative may make sense for the 3GPP IMS case, as this
is a special case where only certain services are required to be
IPv6-only.  IMS-capable handsets may still be capable of opening
IPv4 PDP contexts for communication with non-IMS IPv4 nodes and
services.

I don't think that we've explored these alternatives enough to know
which would make the most sense for the 3GPP IMS situation, and I
don't think that we should settle on NAT-PT as the solution for that
scenario until we have actively looked for alternatives that avoid the
problems of NAT-PT.

Margaret

Follow-Ups:
- Re: on NAT-PT
  - From: Erik Nordmark <Erik.Nordmark@sun.com>

References:
- Re: on NAT-PT
  - From: Erik Nordmark <Erik.Nordmark@sun.com>

Prev by Date: Re: comment on: draft-ietf-v6ops-unman-scenarios-00.txt
Next by Date: Re: An alternative to 6to4 and teredo
Previous by thread: Re: on NAT-PT
Next by thread: Re: on NAT-PT
Index(es):
- Date
- Thread