nanog mailing list archives
Re: [arin-announce] IPv4 Address Space (fwd)
From: Owen DeLong <owen () delong com>
Date: Wed, 29 Oct 2003 09:13:47 -0800
No. IPSEC and SIP break because their payloads include information that is dependent on the IP address header. In the case of IPSEC, this is to support end-to-end authentication and avoid certain kinds of man-in- the-middle attacks. In the case of SIP, it's because SIP is a call setup protocol which facilitates the creation of an RTP session. It's much the same problem as FTP. The reason FTP doesn't BORK is because most NAT gateways understand about the need to proxy FTP and because PASSIVE mode FTP doesn't have the same call-setup problems. In the case of IPSEC, there is an IPSEC standard for NAT traversal. It allows for a slight compromise in the end-to-end security while still preserving most of the capabilities of IPSEC. UDP works just fine through NAT, as evidenced by DNS and other protocols that aren't inherently broken with NAT. (Of course, DNS could suffer from the same effects as SIP on some levels since the contents of the DNS A record answers may be dependent on an un-natted world). Owen--On Wednesday, October 29, 2003 10:57 AM +0000 Dave Howe <DaveHowe () gmx co uk> wrote:
Avleen Vig wrote:If "more IP addresses" is the only motivation for using IPv6, it's really not enough. For environments where direct access to the internet isn't required, NAT serves perfectly well.IPSec, SIP/VoIP or almost anything that relies on UDP borks on NAT, doesn't it?
-- If it wasn't signed, it probably didn't come from me.
Attachment:
_bin
Description:
Current thread:
- Re: [arin-announce] IPv4 Address Space (fwd), (continued)
- Re: [arin-announce] IPv4 Address Space (fwd) Dave Howe (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Simon Lockhart (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Avleen Vig (Oct 29)
- Re[2]: [arin-announce] IPv4 Address Space (fwd) Richard Welty (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Dave Howe (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Jack Bates (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Greg Maxwell (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Owen DeLong (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Dave Howe (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Owen DeLong (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Owen DeLong (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Crist Clark (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Paul Timmins (Oct 29)
- RE: [arin-announce] IPv4 Address Space (fwd) Deepak Jain (Oct 27)
- Re: [arin-announce] IPv4 Address Space (fwd) Andy Dills (Oct 28)
- Re: [arin-announce] IPv4 Address Space (fwd) Bruce Pinsky (Oct 28)
- Re: [arin-announce] IPv4 Address Space (fwd) sthaug (Oct 28)
- Re: [arin-announce] IPv4 Address Space (fwd) Henry Linneweh (Oct 28)