[e2e] overlay over TCP

Randall Stewart randall at stewart.chicago.il.us
Thu Jan 20 07:11:21 PST 2005 

Joe Touch wrote:
>> Nope.. you DON'T need to rewrite NAT to do SCTP.. its a simple
>> set of changes..
> 
> 
> Let's see. You rewrite your NAT to understand a new protocol number, 
> where the ports might be, and how to rewrite DATA IN ITS BODY. How do 
> you accomplish that without "doing SCTP"?
> 

Would you like me to send you the code? I have it
done for FreeBSD.. have not went through extensive testing
yet since I ran out of time and still have the f/w side
to complete.

As to "doing SCTP" NAT's don't do TCP.. they know about
it.. where the ports are, what the c-sum is etc.
Same for UDP and of course the same thing is needed
for SCTP. You have to understand a "SYN" or an "INIT"
but it is not as complex as you make out.. no more
complex than having a NAT do TCP...

>> You just don't get multi-homing with NAT. But
>> if you need a NAT chances are you are not too interested in
>> multi-homing anyway.
>>
>> R
> 
> 
> Well, tell that to people behind multiple firewall NATs at companies 
> that would like not to be susceptible to one going down. We have a VPN 
> that goes through such NATs (using UDP) that supports multihoming and 
> dynamic routing (which is what dynamic choice of a multihomed path is, 
> IMO), based on a variant of the X-Bone. But then, you knew I preferred 
> modular solutions based on existing protocols rather than rolling a 
> vertical stack...
> 
Well.. one could extend NAT in such a way to support your UDP or
SCTPish type multi-homing.. but I have never been a proponent of
such.. it gets ugly. And you end up with the same problem with
TCP (assuming your earlier routing solution).. since you have
two different NAT's and they need to share state to know
what has been translated.. the problems are pretty much the
same... assuming you of course are not using the same NAT
for all networks (which would defeat the whole purpose
of multiple networks ... aka no single point of failure
since the NAT would be a big one)... so I think the same
problem exists... NATs are just plain ugly... use them
and you loose flexibility... unless you continue to hack
an ugly thing :-D

R

-- 
Randall Stewart
803-345-0369 <or> 815-342-5222(cell)

More information about the end2end-interest mailing list