[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D Action:draft-van-beijnum-modified-nat-pt-02.txt

To: "Iljitsch van Beijnum" <iljitsch@muada.com>
Subject: Re: I-D Action:draft-van-beijnum-modified-nat-pt-02.txt
From: "Erik Kline" <ekline@ekline.com>
Date: Tue, 4 Dec 2007 22:16:27 -0800
Cc: "Brian Dickson" <briand@ca.afilias.info>, "IPv6 Operations" <v6ops@ops.ietf.org>
In-reply-to: <A2A09549-8B6F-454D-9805-EB4882926814@muada.com>
References: <E1Iu5v0-0001hM-7w@stiedprstage1.ietf.org> <33D2999E-3BA9-4FE6-AD88-BA3A4D881482@muada.com> <4754859D.20005@ca.afilias.info> <A2A09549-8B6F-454D-9805-EB4882926814@muada.com>

On 12/4/07, Iljitsch van Beijnum <iljitsch@muada.com> wrote:
> On 3 dec 2007, at 14:39, Brian Dickson wrote:
>
> > Do IPv4-to-IPv6 protocol translation - but now, the extra "twist" -
> > embed the *port* in the IPv6 destination, *above* the IPv4 address.
> > This lets us set up "generic" ALGs, based on covering aggregates for
> > the "special" address space we use for the place where 6-back-to-4
> > happens.
> > And, we can then set up ALGs on a per-port basis, which are more-
> > specific addresses.
>
> When I read this it wasn't obvious to me what you meant, but being
> able to talk in person can sometimes be helpful.  :-)
>
> The idea is to have a format like ::port:v4:addr which makes it
> possible to route all traffic for a given destination port to a
> separate translator that is better prepared to translate the protocol
> in question. This is a good trick!

Do you want to include the protocol number in there as well? that way
you could route SCTP separately.  Not a really good argument, but I
thought I'd toss the idea out there.

> > There are even a few advanced tricks that can be accomplished, like
> > reverse-port-mapping to request inbound port(s) and possibly inbound
> > port+IPv4 address "reservation".
> > Combined with dynamic DNS, it may be possible to extend the
> > usefulness of a very small number of IPv4 addresses, to support a
> > much larger of "servers" who need reserved ports, although possibly
> > only intermittently. (Think SMTP for hosting, inbound with MX and
> > relay.)
>
> Right, there are services that need a more or less permanent inbound
> capability and others that only need this at certain times. I'd say
> that SMTP is an example of the former, though. The latter would be
> things like peer-to-peer applications that only run once in a while,
> such as videoconferencing.
>
> > The implementation of things like DHCP (for IPv4) use well-know IPv4
> > "broadcast" address destination 255.255.255.255. But, having an IPv6
> > host listen on that address, transmogrified by the mapping including
> > port, means a specific IPv6 address can act as a DHCP server (or
> > relay).
>
> Is this useful?
>
> > Oh, yeah, one other good thing - there is no requirement that the
> > ALGs or NAT-PT exist on the same network, just that they be
> > reachable via IPv6 natively. So, a small network could point their
> > "ALG default" at an upstream, who then would handle all the NAT-PT
> > stuff (presumably as either a value-add, paid, or bundled service)
> > for access to the V4 Internet.
>
> Indeed.
>
>

References:
- Fwd: I-D Action:draft-van-beijnum-modified-nat-pt-02.txt
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Fwd: I-D Action:draft-van-beijnum-modified-nat-pt-02.txt
  - From: Brian Dickson <briand@ca.afilias.info>
- Re: I-D Action:draft-van-beijnum-modified-nat-pt-02.txt
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: draft-ietf-v6ops-cpe-simple-security-00
Next by Date: RE: draft-ietf-v6ops-cpe-simple-security-00
Previous by thread: Re: I-D Action:draft-van-beijnum-modified-nat-pt-02.txt
Next by thread: I-D Action:draft-ietf-v6ops-scanning-implications-04.txt
Index(es):
- Date
- Thread