[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A slightly more detailed analysis Re: NAT64 and IPsec support

To: George Tsirtsis <tsirtsis@googlemail.com>
Subject: Re: A slightly more detailed analysis Re: NAT64 and IPsec support
From: Rémi Després <remi.despres@free.fr>
Date: Mon, 21 Apr 2008 11:00:11 +0200
Cc: Iljitsch van Beijnum <iljitsch@muada.com>, marcelo bagnulo <marcelo@it.uc3m.es>, IPv6 Operations <v6ops@ops.ietf.org>, mcr@sandelman.ca, narten@us.ibm.com, dthaler@microsoft.com
In-reply-to: <d3886a520804020814g75190da6t5e797003cfe487fd@mail.gmail.com>
References: <d3886a520804010246v61801e88o8b44fafcdf094bd1@mail.gmail.com> <47F23BA6.8070802@it.uc3m.es> <d3886a520804010654y2867aaebxc484c1411ab564e@mail.gmail.com> <47F2573B.3000909@it.uc3m.es> <E3F9A48F-8550-407C-AE7F-ACC9574D07B4@muada.com> <d3886a520804020814g75190da6t5e797003cfe487fd@mail.gmail.com>
User-agent: Thunderbird 2.0.0.12 (Macintosh/20080213)

George Tsirtsis wrote :

The scenarios you describe below require a box that can receive anIPv6 tunnel from one side and forward the encapsulated IPv4 trafficon the other side. This could also be combined with a v4NAT forefficient use of IPv4 addresses, but in now way this requiresprotocol translation.

IPv6/IPv4 Node ======= TunnelEndPoint+v4NAT -------- IPv4 only node


A configuration with similar properties is covered in:
http://www.ietf.org/internet-drafts/draft-despres-v6ops-apbp-00.txt

The configuration, where APBP means Address-port-borrowing-protocol,
looks like:

Dual-stack node+APBP ======= APBP ===== IPv4-only node

- No NAT is needed (E2E transport connections are transparent IPv4
between applications)
- TUNNELS v4 over v6 are etablished "per connection", with a request to
an anycast address to find each APBP tunnel endpoint.


Another important configuration is:

IPv4-only node ------- v4NAT+APBP ======= APBP ------- IPv4 node

... such a function would make sense to be collocated in a NAT64 box,
but it has nothing to do with an IPv6 to IPv4 protocol translationas such.

Right.
With APBP, the v4NAT+APBP function also can be collocated in a NAT64 box.
The need for NAT64 is however mitigated if APBP is available.

(Comments most welcome.)

Regards.

Rémi

References:
- A slightly more detailed analysis Re: NAT64 and IPsec support
  - From: "George Tsirtsis" <tsirtsis@googlemail.com>
- Re: A slightly more detailed analysis Re: NAT64 and IPsec support
  - From: marcelo bagnulo <marcelo@it.uc3m.es>
- Re: A slightly more detailed analysis Re: NAT64 and IPsec support
  - From: marcelo bagnulo <marcelo@it.uc3m.es>
- Re: A slightly more detailed analysis Re: NAT64 and IPsec support
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: A slightly more detailed analysis Re: NAT64 and IPsec support
  - From: "George Tsirtsis" <tsirtsis@googlemail.com>

Prev by Date: Re: A Transition architecture where neither ISP-NATs nor CPE-NAT64s are neeeded
Next by Date: I-D Action:draft-ietf-v6ops-addr-select-ps-05.txt
Previous by thread: Tunnels vs translation, was: Re: A slightly more detailed analysis Re: NAT64 and IPsec support
Next by thread: Re: A slightly more detailed analysis Re: NAT64 and IPsec support
Index(es):
- Date
- Thread