nanog mailing list archives

Re: Problems with removing NAT from a network

From: Benson Schliesser <bensons () queuefull net>
Date: Fri, 7 Jan 2011 01:49:50 -0600


On Jan 7, 2011, at 12:39 AM, Matthew Kaufman wrote:

On 1/6/2011 9:28 PM, Dan Wing wrote:


Skype could make it work with direct UDP packets in about 92% of
cases, per Google's published direct-to-direct statistic at
http://code.google.com/apis/talk/libjingle/important_concepts.html

If one end is behind a NAT64 and there is no mechanism for discovering the NAT64's IPv6 interface prefix and mapping 
algorithm (and at present there is not), there is no way to send IPv6 IP packets from the IPv6-only host to IPv4 
literal addresses (that is to say, addresses learned via a mechanism other than DNS responses synthesized by the 
DNS64 part of the NAT64 "solution") on the IPv4 Internet through said NAT64.

That's the case we're discussing here.

It breaks Skype, Adobe's RTMFP, BitTorrent, ICE-based NAT traversal, etc. Even the protocol described in the 
referenced document, Jingle (as it essentially uses ICE) fails. The candidate IPv4 addresses for the end that's on 
the IPv4 Internet (local and STUN-derived) that are delivered over Jingle's XMPP path cannot be used by the host that 
is on IPv6 + NAT64 to reach the IPv4 Internet because it has no IPv4 sockets available to it and even if it knew that 
NAT64 existed (which would take a modification to the Jingle-based apps) and opened an IPv6 socket it wouldn't know 
what IPv6 address to use to reach the IPv4 host because there's no discovery mechanism. If you want we can take this 
back to the BEHAVE list now.


To paraphrase what you're saying: stuff that embeds and passes around IPv4 addresses will break.  I'm sorry to say 
this, but that's just reality.  Embedded IP addresses has always been a Bad Idea (tm) in development and operations, 
and I don't think P2P protocols get a pass - building your own discovery and topology mechanisms don't insulate you 
from having to use the underlying network.

The best chance anybody has, is to build dual-stack support and start using DNS names rather than IP numbers.  Oh, and 
expect IPv4 to start breaking in the near future.  We're trying to make IPv4 work long enough to survive the 
transition, but it's not a good bet for new protocols.

Cheers,
-Benson

Current thread:

Re: Problems with removing NAT from a network, (continued)
- - - Re: Problems with removing NAT from a network Owen DeLong (Jan 09)
    - Re: Problems with removing NAT from a network Owen DeLong (Jan 09)
    - Re: Problems with removing NAT from a network Matthew Kaufman (Jan 10)
    - Re: Problems with removing NAT from a network Mark Andrews (Jan 10)
    - RE: Problems with removing NAT from a network Frank Bulk (Jan 08)
    - Re: Problems with removing NAT from a network Joel Jaeggli (Jan 09)
    - Re: Problems with removing NAT from a network Matthew Kaufman (Jan 06)
    - RE: Problems with removing NAT from a network Dan Wing (Jan 06)
    - Re: Problems with removing NAT from a network Matthew Kaufman (Jan 06)
    - Re: Problems with removing NAT from a network Mikael Abrahamsson (Jan 06)
    - Re: Problems with removing NAT from a network Benson Schliesser (Jan 06)
    - Re: Problems with removing NAT from a network Owen DeLong (Jan 07)
    - Re: Problems with removing NAT from a network Dobbins, Roland (Jan 07)
    - Re: Problems with removing NAT from a network Jack Bates (Jan 07)
    - Re: Problems with removing NAT from a network Owen DeLong (Jan 07)
    - Re: Problems with removing NAT from a network Jack Bates (Jan 07)
    - Re: Problems with removing NAT from a network Jared Mauch (Jan 07)
    - RE: Problems with removing NAT from a network Dan Wing (Jan 07)
    - Re: Problems with removing NAT from a network Jima (Jan 08)
    - Re: Problems with removing NAT from a network Matthew Kaufman (Jan 08)
    - RE: Problems with removing NAT from a network Frank Bulk (Jan 08)

(Thread continues...)