[134596] in North American Network Operators' Group
Re: Problems with removing NAT from a network
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Jan 7 14:53:04 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <4D2723F1.6070003@brightok.net>
Date: Fri, 7 Jan 2011 11:47:29 -0800
To: Jack Bates <jbates@brightok.net>
Cc: Nanog Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 7, 2011, at 6:32 AM, Jack Bates wrote:
>=20
>=20
> On 1/7/2011 4:44 AM, Dobbins, Roland wrote:
>> Yes, it has. There're lots of issues with embedding IP addresses
>> directly into apps and so forth which have nothing to do with NAT.
>=20
> Embedding into apps isn't the same as embedding into protocol packets. =
While NAT and stateful firewalls do tend to break with embedded =
addresses that they don't know to check for, it's still not a bad idea.
> I was fixing to complain that the IPv6 designers didn't take the =
chance to add the embedding to the Packet headers, when it occurs to me, =
they made the headers nice and extensible.
>=20
> It also baffles me as to why applications such as skype dealing with =
NAT64 can't use the compatibility addressing to start communicating with =
v4 hosts from a v6 only NIC. I thought this was already a fixed problem =
not requiring DNS to deal with. It's not like NAT46 (anyone actually =
publish such a hideous protocol?), which requires really messy state =
tables bidirectionally for everything and DNS rewrites.
>=20
> Jack
Compatibility addresses don't work on the wire. They're not supposed to. =
It's a huge problem if they do.
Compatibility addresses allow you to write an IPv6 application, run it =
on a dual-stacked host and talk to
the IPv4 and IPv6 remote systems as if all of them are IPv6 hosts. The =
IPv4 hosts appear to come
from the IPv6 range ::ffff:ip:v4 which is often presented to the user as =
::ffff:i.p.v.4 .
Hope that clarifies things.
Owen
