[e2e] Mystery

Perry E. Metzger perry at wasabisystems.com
Tue May 1 08:30:12 PDT 2001

"David P. Reed" <dpreed at reed.com> writes:
> At 11:32 PM 4/30/01 -0400, Perry E. Metzger wrote:
> >You can easily tunnel through NAT boxes by doing IPv6 in UDP
> >encapsulation. Unfortunately we don't have a standard for that, though
> >we should.
> The concern I have is about address administration.  Yes, you can tunnel 
> anything out, but for this to work, you still have to have a v6 
> encapsulator that acts as a v6 edge router and a v6 address management 
> scheme that works on your side of the firewall.

You need a tunnel endpoint inside your firewall, and you need to
figure out what numbers to assign to what networks. All this is
completely straightforward.

> It's too much of a burden to put complex NAT recognition logic that
> decides when and how to do UDP encapsulation in a device's IPv6
> stack.

All we're trying to do here is get past a NAT box that doesn't
understand v6. The v6 router is just a v6 router. The only difference
here is that its link to the world goes over an IPv6 in UDP link
through a NAT box instead of an IPv6 in IPv4 encapsulation or a native
IPv6 connection. There is no "complex NAT recognition logic" involved.

> Do we build NAT kludgery into v6 forever?

The v6 machine doesn't need to understand NAT.

Perry E. Metzger		perry at wasabisystems.com
Quality NetBSD CDs, Support & Service. http://www.wasabisystems.com/

More information about the end2end-interest mailing list