[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: v4 NAT vs NAT-PT models

To: Suresh Satapati <satapati@cisco.com>
Subject: Re: v4 NAT vs NAT-PT models
From: Pekka Savola <pekkas@netcore.fi>
Date: Wed, 19 Nov 2003 11:15:00 +0200 (EET)
Cc: v6ops@ops.ietf.org
In-reply-to: <Pine.GSO.4.53.0311181200390.20015@satapati-u10.cisco.com>

Hi,

On Tue, 18 Nov 2003, Suresh Satapati wrote:
> > I do not know why you insist on that, because it's clearly wrong, or
> > you have a lot of assumptions about what you mean with "make NAT-PT
> > work".
> >
> > If I am behind a v4 NAT without DNS-ALG, and I try to connect to
> > www.google.com, the connection succeeds and it works.
> >
> > If I am behind NAT-PT, without DNS-ALG, have v6-only host, and I try
> > to connect to www.google.com, the connection fails because the NAT-PT
> > cannot find the AAAA record for www.google.com.
> >
> > These models are NOT the same.
> >
> > You probably assume some other mechanism for providing similar mapping
> > than DNS-ALG for NAT-PT.  For example, manual assignment could be OK
> > for "inbound" services.  But that's completely unspecified.
> 
> I agree it is much simpler in v4NAT to do that, than in v6<->v4. As
> you mentioned above, the way to do w/o ALG maybe unspecified in the RFC.
> But then most RFC's are like that. They leave a lot for the implementors.
> Because something is unspecified doesn't rule out the possibility.
> 
> I'd request you to stop this and get back to the original thread
[...]

In turn, I'd request you to stop spreading the gross simplification
that NAT-PT is equal to plain old v4 NAT, and NAT-PT works as 
specified without DNS-ALG.  This is definitely not the case.

If we refer someone to RFC2766 for translation, there are two options:  
either implementing DNS-ALG or inventing a replacement on your own; I
don't think there exists even an internet-draft describing other
possibilities to achieve the same effect.  Making such a referral
without explicit mention to requirements regarding DNS-ALG or similar
behaviour is necessary to avoid causing any more confusion.

Of course, vendors are free to deploy any unspecified mechanisms they
want.  But that doesn't fix the problem for those who haven't
developed an unspecified mechanism for achieving the same effect;  
for all intents and purposes, unless something has been specified or
documented, it does not exist.

> I'd like to get a sense on where the WG Chairs stand regarding:
[...]

I take it that you're asking for an "official" standing.  Could you
clarify what the question is, or would you just want us to comment?
I'll add that on our agenda, but the response could take a while..

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- Re: v4 NAT vs NAT-PT models
  - From: Suresh Satapati <satapati@cisco.com>

References:
- Re: v4 NAT vs NAT-PT models [Re: 3gpp-analysis: IMS/SIP transition [RE: NAT-PT Applicabilty for 3GPP]]
  - From: Suresh Satapati <satapati@cisco.com>

Prev by Date: Re: Comments on unmaneval-00
Next by Date: Re: Comments on unmaneval-00
Previous by thread: Re: v4 NAT vs NAT-PT models [Re: 3gpp-analysis: IMS/SIP transition [RE: NAT-PT Applicabilty for 3GPP]]
Next by thread: Re: v4 NAT vs NAT-PT models
Index(es):
- Date
- Thread