NAT6 draft-jennings-behave-nat6-00

1
NAT6draft-jennings-behave-nat6-00

• Cullen Jennings
• IETF 72

2
Fragmentation

• V6 / V4 Mismatch
• V6 applications often send packets smaller than
  1280 in a way that indicates they should not be
  fragmented
• V4 links can have a MTU less than 1280
• Option A
• When using NAT, V6 packets which can be
  fragmented, are sent with fragmentation header
  even if smaller than 1280
• Option B
• Dont translate V6 do not fragment to V4
• Breaks MTU path discovery

3
DNS ALG
DNS
DNS ALG
Server
V4
App
NAT
OS
V6

• Some software needs to map DNS A record result
  from V4 to V6
• Could be done by
• DNS ALG in network (Pink)
• or by application on end host (Yellow)

4
DNS - What to do

• Recommendation
• Have the application (not host) form IP address
  from DNS result
• Cons
• has the negative characteristic of importing
  NAT-related issues into IPv6-related code
• Pros
• Works with DNSSEC
• Application understands it is working over NAT
• Application can use full V6 when not using NAT
• No split horizon DNS concerns

5
Filtering

• Many NATs use address dependent filtering to get
  firewall like behavior
• This NAT should use Address independent filtering
• Pros
• Can run servers such as HTTP SIP behind NAT
• Cons
• Firewall protection from ????

6
FTP

• Is there a way to change the FTP client so that,
  if it is behind a NAT, it will still work to a
  typical FTP server?

7
ICMP

• Can applications rely on getting ICMP?
• Clearly ICMP is nice to have but do we have to
  require it?
• From NAT implementation point of view ICMP is two
  separate things
• Support for ping and traceroute
• Per protocol error translation

8
DCCP/SCTP

• DCCP and SCTP NAT should be specified in separate
  RFC from base UDP/TCP translation
• Pros
• Allows the most critical work to get finished
  sooner
• Allows the options of the protocol X WG deciding
  if they want a strategy of X over UDP or native
  NAT for X