[e2e] overlay over TCP

Dan Wing dwing at cisco.com
Wed Jan 26 09:07:14 PST 2005 

On Jan 24, 2005, at 4:52 AM, Randall Stewart wrote:

> Dan Wing wrote:
>> On Jan 21, 2005, at 12:15 PM, David P. Reed wrote:
>>> Dan Wing wrote:
>>>
>>>>
>>>> Yes, combined with little market demand, as yet, for a NAT to 
>>>> handle SCTP.
>>>
>>>
>>> There is this chicken/egg problem.  If SCTP doesn't work over NATs 
>>> it won't be used for applications where NATs are heavily used.   
>>> Then there won't be demand (at least no evidence of it).
>> This egg was demonstrably cooked with IPsec, which had the same 
>> problem.  IPsec "passthru" was implemented on nearly all vendor's 
>> residential NATs at about the same time IPsec-over-UDP was beginning 
>> to hit the market.  Passthru works by examining SPI's and simple 
>> mechanisms have drawbacks (only one session through the NAT, or only 
>> one session to a specific remote IP address, for example), and 
>> IPsec-over-UDP has even more packet bloat than IPsec itself.
>> I expect DCCP, SCTP, and other new protocols will suffer the same 
>> awkward deployment unless we (in the collective sense) improve the 
>> situation with guidance from people familiar with those new 
>> protocols.  draft-xie-tsvwg-sctp-nat-00.txt is a move in the right 
>> direction, although it seems NATting SCTP may well be complex.
>
> It's not that complex..

I admit to only reading that I-D once, but NATting SCTP is certainly 
more complex than NATting TCP or UDP, especially with multihoming.

I'm unclear how two SCTP devices, behind their own NATs, can 
communicate with each other.  The communication problem seems akin to 
two UDP or TCP devices, behind their own NATs, communicating with each 
other ---- the NAT will have to preserve the port numbers which means 
only one SCTP device is permitted behind a NAT, or else the NAT will 
have to multiplex using something other than the SCTP port number, or 
else you need an SCTP port discovery protocol (akin to STUN for UDP).

> and yes Cisco has had at least one
> customer ask for it... Have they had lots .. no. The
> reason being where Cisco currently makes money from
> SCTP is inside the network. Most folks don't run their
> SS7 over IP network where they want to have a NAT
> to Global address cross over.
[...]

I expect SCTP will find more applications than just SS7-over-SCTP, and 
that will help drive the need for NATs that understand SCTP.

-d

More information about the end2end-interest mailing list