[e2e] Mystery

Christian Huitema huitema at exchange.microsoft.com
Tue May 1 09:45:58 PDT 2001

There is some discussion of the problem in the draft "Short term NAT
requirements for IPv6 transition"
xt). Related documents are 
"Connection of IPv6 Domains via IPv4 Clouds"
(http://www.ietf.org/rfc/rfc3056.txt), "An anycast prefix for 6to4 relay
xt) and also
http://www.ietf.org/internet-drafts/draft-moore-6overnat-00.txt, which
defines a UDP encapsulation. I have to update the NAT requirement draft
following the discussions we had at in Minneapolis, but the basic idea

1) If the edge-box/NAT receives a global IPv4 address from the ISP, and
if it has the required IPv6 code (basically, 6to4 and neighbor
discovery), then it can derive a 6to4 prefix from the v4 address and act
as a v6 edge router.

2) If it receives an IPv6 prefix from the ISP, and has adequate code
(neighbor discovery and default forwarding) the edge-box NAT can
advertise the prefix and act as a v6 edge router.

3) If the edge-box NAT does not know about IPv6, but has been programmed
to let protocol type 41 pass through, and if the NAT receives at least
one global IPv4 address from the ISP, then an internal node can start to
act as the 6to4 relay router. (The question raised in Minneapolis was
whether we wanted configured routers or some form of distributed

4) If neither 1, 2 or 3 holds, an internal node can still establish a
UDP tunnel with an external relay, and act as a an IPv6 router for the
rest of the network. (The debate on this solution is whether some form
of AAA has to be used together with tunnel establishment.)

-- Christian Huitema

> -----Original Message-----
> From: David P. Reed [mailto:dpreed at reed.com]
> Sent: Tuesday, May 01, 2001 7:36 AM
> To: Perry E. Metzger
> Cc: Steve Deering; end2end-interest at postel.org
> Subject: Re: [e2e] Mystery
> At 11:32 PM 4/30/01 -0400, Perry E. Metzger wrote:
> >You can easily tunnel through NAT boxes by doing IPv6 in UDP
> >encapsulation. Unfortunately we don't have a standard for that,
> >we should.
> The concern I have is about address administration.  Yes, you can
> anything out, but for this to work, you still have to have a v6
> encapsulator that acts as a v6 edge router and a v6 address management
> scheme that works on your side of the firewall.  It's too much of a
> to put complex NAT recognition logic that decides when and how to do
> encapsulation in a device's IPv6 stack.  Do we build NAT kludgery into
> forever?
> - David
> --------------------------------------------
> WWW Page: http://www.reed.com/dpr.html

More information about the end2end-interest mailing list