nanog mailing list archives
Re: V6 still not supported
From: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
Date: Sun, 3 Apr 2022 15:36:27 +0900
Matthew Petach wrote:
Hi Masataka,
Hi,
One quick question. If every host is granted a range of public port numbers on the static stateful NAT device, what happens when two customers need access to the same port number?
I mean static outgoing port number, but your concern should be well known incoming port number, which is an issue not specific to "static stateful" NAT.
Because there's no way in a DNS NS entry to specify a port number, if I need to run a DNS server behind this static NAT, I *have* to be given port 53 in my range; there's no other way to make DNS work.
And SMTP, as is explained in draft-ohta-e2e-nat-00: A server port number different from well known ones may be specified through mechanisms to specify an address of the server, which is the case of URLs. However, port numbers for DNS and SMTP are, in general, implicitly assumed by DNS and are not changeable. Or, a NAT gateway may receive packets to certain ports and behave as an application gateway to end hosts, if request messages to the server contains information, such as domain names, which is the case with DNS, SMTP and HTTP, to demultiplex the request messages to end hosts. However, for an ISP operating the NAT gateway, it may be easier to operate independent servers at default port for DNS, SMTP, HTTP and other applications for their customers than operating application relays. Though the draft is for E2ENAT, situation is same for any kind of NAT.
This means that if I have two customers that each need to run a DNS server, I have to put them on separate static NAT boxes--because they can't both get access to port 53.
See above for other possibilities.
This limits the effectiveness of a stateful static NAT box
For incoming port, static stateful NAT is no worse than dynamic NAT. Both may be configured to map certain incoming ports to certain local ports and addresses statically or dynamically with, say, UPnP. The point of static stateful NAT is for outgoing port that it does not require logging.
tl;dr -- "if only we'd thought of putting a port number field in the NS records in DNS back in 1983..."
And, MX. As named has "-p" option, I think some people were already aware of uselessness of the option in 1983. But, putting a port number field at that time is overkill. Masataka Ohta
Current thread:
- RE: V6 still not supported Pascal Thubert (pthubert) via NANOG (Apr 01)
- Re: V6 still not supported Rubens Kuhl (Apr 01)
- RE: V6 still not supported Pascal Thubert (pthubert) via NANOG (Apr 01)
- Re: V6 still not supported Masataka Ohta (Apr 01)
- Re: V6 still not supported Matthew Petach (Apr 02)
- Enhance CG-NAT Re: V6 still not supported Abraham Y. Chen (Apr 02)
- RE: Enhance CG-NAT Re: V6 still not supported Vasilenko Eduard via NANOG (Apr 04)
- Re: Enhance CG-NAT Re: V6 still not supported Abraham Y. Chen (Apr 04)
- Message not available
- Re: Enhance CG-NAT Re: V6 still not supported Abraham Y. Chen (Apr 06)
- Message not available
- Re: Enhance CG-NAT Re: V6 still not supported Abraham Y. Chen (Apr 06)
- Re: V6 still not supported Matthew Petach (Apr 02)
- Re: V6 still not supported Rubens Kuhl (Apr 01)
- Re: V6 still not supported Masataka Ohta (Apr 02)
- Re: V4 via V6 and IGP routing protocols Masataka Ohta (Apr 03)
- Re: V4 via V6 and IGP routing protocols Dave Taht (Apr 03)
- Re: V4 via V6 and IGP routing protocols Mark Tinka (Apr 04)
- Re: V4 via V6 and IGP routing protocols Dave Taht (Apr 04)
- Re: V4 via V6 and IGP routing protocols Masataka Ohta (Apr 04)
- Re: V4 via V6 and IGP routing protocols Mark Tinka (Apr 04)
- Re: V4 via V6 and IGP routing protocols Masataka Ohta (Apr 04)