NAT traversal and its relation to IPv6 [RE: Comments on draft-tsirtsis-dsmip-problem-01.txt]

[Pekka Savola <pekkas@netcore.fi>]

I'm picking up one issue here which may be interesting for a bigger 
audience too.  I'm also tailing down the Cc: list.

On Mon, 1 Sep 2003, Alexandru Petrescu wrote:
[...]
> With respect to dual-stacks, the thing I'd like to have is the Mobile
> IPv6 MN-HA tunnel to be a v6-in-v4 tunnel instead of v6-in-v6, and
> moreover that tunnel to drill through the NAT gateway, and even stay up
> when applications are silent (heartbeats bubbling or such).  This would
> allow an IPv6 mobile host to attach to an exclusively-v4
> public-access-private-address ISP, and then to another, while
> maintaining a fixed IPv6 Home Address.  By my reading, the draft already
> covers this case, so I don't complain.

My concern is this: we already have about half a dozen IPv4 NAT traversal 
techniques (IPsec, MIPv4, STUN, TURN, a number of others) -- and some have 
been proposed to allow IPv6-in-IPv4 tunneling to also traverse NAT (none 
taken up by this WG, at the moment, though.).

So you want to implement and specify one for dual-stack Mobile IPv6 *too*?  
:...-(((

My _personal_ two top priorities in this context: 

 1) make sure NAT traversal stays an _IPv4_ problem.  Traverse a NAT to 
get a global IPv4 address, then activate an IPv6 transition mechanism.  
Everything is transparent to the IPv6 transition mechanism.

 2) failing that, provide *one*, *very simple* (most likely, a
bidirectional tunnel or something like that) mechanism which is close to
bulletproof to enable IPv6 tunneling over NAT.  When you have an IPv6
connectivity, you don't have to worry about NAT's anymore in any of the
scopes listed above (MIP, IPsec, etc.etc.).

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings