On Mar 11, 2008, at 14:55, teemu.savolainen@nokia.com wrote:
[I wrote:]+ On the subject of ALG requirements in this alternative: yes, the ALG's at both the v4->v6 NAT and the v6-v4 NAT will be required to translate addresses in the application protocols.Could you clarify why the v4->v6 NAT would require ALG, i.e. why it would not be enough to have that just in the v6-v4 NAT?
It's complicated. At the very least, it needs "transparency helpers" which are only distinguishable from ALG's in that they doesn't actually need to rewrite the application stream. Let's consider the case of, say, RTSP with RTCP/RTP where the media player is being the v4v6v4-NAT chain and the media server is on the public IPv4 network.
The v4->v6 NAT needs to rewrite the client_ip parameter in the Transport header of the SETUP method. Even without that function, which isn't widely used, there needs to be a transparency helper that notices the use of client_port parameters and ensures that a v4-v6 translation state entry is opened for the RTCP and RTP media streams it references.
Active mode FTP is a similar case. IPsec VPN without NAT-traversal in UDP encapsulation is another one.
-- james woodyatt <jhw@apple.com> member of technical staff, communications engineering