[e2e] Mystery
Perry E. Metzger
perry at wasabisystems.com
Tue May 1 08:30:12 PDT 2001
"David P. Reed" <dpreed at reed.com> writes:
> At 11:32 PM 4/30/01 -0400, Perry E. Metzger wrote:
> >You can easily tunnel through NAT boxes by doing IPv6 in UDP
> >encapsulation. Unfortunately we don't have a standard for that, though
> >we should.
>
> The concern I have is about address administration. Yes, you can tunnel
> anything out, but for this to work, you still have to have a v6
> encapsulator that acts as a v6 edge router and a v6 address management
> scheme that works on your side of the firewall.
You need a tunnel endpoint inside your firewall, and you need to
figure out what numbers to assign to what networks. All this is
completely straightforward.
> It's too much of a burden to put complex NAT recognition logic that
> decides when and how to do UDP encapsulation in a device's IPv6
> stack.
All we're trying to do here is get past a NAT box that doesn't
understand v6. The v6 router is just a v6 router. The only difference
here is that its link to the world goes over an IPv6 in UDP link
through a NAT box instead of an IPv6 in IPv4 encapsulation or a native
IPv6 connection. There is no "complex NAT recognition logic" involved.
> Do we build NAT kludgery into v6 forever?
The v6 machine doesn't need to understand NAT.
--
Perry E. Metzger perry at wasabisystems.com
--
Quality NetBSD CDs, Support & Service. http://www.wasabisystems.com/
More information about the end2end-interest
mailing list