[e2e] NATting SCTP

Dan Wing dwing at cisco.com
Wed Jan 26 13:48:15 PST 2005 

(CC'ing ietf-behave, and setting reply-to to ietf-behave)

On Jan 26, 2005, at 12:20 PM, Randall Stewart wrote:
>>>
>> I admit to only reading that I-D once, but NATting SCTP is certainly 
>> more complex than NATting TCP or UDP, especially with multihoming.
>> I'm unclear how two SCTP devices, behind their own NATs, can 
>> communicate with each other.  The communication problem seems akin to 
>> two UDP or TCP devices, behind their own NATs, communicating with 
>> each other ---- the NAT will have to preserve the port numbers which 
>> means only one SCTP device is permitted behind a NAT, or else the NAT 
>> will have to multiplex using something other than the SCTP port 
>> number, or else you need an SCTP port discovery protocol (akin to 
>> STUN for UDP).
> No why do you say that? If you follow the recomendation of the
> drafts you get
>
> --From IP-A'(port:2222)-INIT(**)-To:IP-Z:port-80---->
>
> ** No addresses listed aka we are singly homed.
>
> Nat gets it and makes it
>
> ----->From IP-A(port:9999)-INIT(**)---To:IPZ:port-80-------->
>
> Nat at IPZ gets it and does whatever static mapping.. i.e. you
> have the same problem you have with a apache server behind a NAT .. you
> must have the NAT direct the port 80 connection somewhere.. this is
> the same for TCP..
>
> ----From IP-A(port:9999)---INIT(**)----To:IPZ':port-8080---->
>
>
> And the reverse mappings take place the opposite ways...
>
> I don't see how this does not work..

I agree it works, but only if:

   1.  you know the SCTP servers behind the NAT, and
   2.  reconfigure your NAT to do port forwarding, and
   3.  inform the remote SCTP client of your public SCTP port (which,
       if there is only one SCTP device behind the NAT, might well be
       the same as your application's default SCTP port).

However, the barista at the local coffeeshop won't reconfigure their 
NAT to support your SCTP server while you're using wireless at the 
coffeeshop.  And my proverbial father wouldn't know how to reconfigure 
his NAT, either, and my SCTP application won't know the public SCTP 
port he chose to use when I visit his house with my wireless device.

As to your statement that this is how TCP works, there are active 
efforts to make TCP servers behind NATs 'just work', without requiring 
the NAT to be configured for port forwarding.  See for example
http://nutss.gforge.cis.cornell.edu/stunt.php, which would require only 
(3) from my list above -- which is necessary anyway if the same 
application exists on multiple hosts behind a common NAT.

-d


> R
>
>>> and yes Cisco has had at least one
>>> customer ask for it... Have they had lots .. no. The
>>> reason being where Cisco currently makes money from
>>> SCTP is inside the network. Most folks don't run their
>>> SS7 over IP network where they want to have a NAT
>>> to Global address cross over.
>> [...]
>> I expect SCTP will find more applications than just SS7-over-SCTP, 
>> and that will help drive the need for NATs that understand SCTP.
>> -d
>
>
> -- 
> Randall Stewart
> 803-345-0369 <or> 815-342-5222(cell)
>

More information about the end2end-interest mailing list