[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tunnel-to-NAT scenario

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: Tunnel-to-NAT scenario
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Date: Wed, 18 Jun 2008 09:45:25 +1200
Cc: IPv6 Operations <v6ops@ops.ietf.org>
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=ZbW3PK6G9csAAbP9L/ruETsHtrFHR9HApOus5CgkuhbKdocrmrz4/ZCBRVQAiowdQ+ KmR94B6o0sdVvmJMdClxYYi5ZDdwyH93kqX0XeIzm57ErwcY1aLt4m2iBdcfnvmja3P5 VwvzlS4kl/JtySPbKHbALoj/qNkVrjelcf8/E=
In-reply-to: <7446ED57-C2AF-40D2-A993-42E8F592F049@muada.com>
Organization: University of Auckland
References: <4856F297.50608@gmail.com> <7446ED57-C2AF-40D2-A993-42E8F592F049@muada.com>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

Iljitsch,

On 2008-06-17 23:14, Iljitsch van Beijnum wrote:
> On 17 jun 2008, at 1:09, Brian E Carpenter wrote:
> 
>> I believe that we also need to come up with a solution for an
>> IPv4 initiator reaching a server with IPv6-only connectivity.
>> My question is whether we can be satisfied with a solution
>> that requires that server to be dual stack, so that it can
>> tunnel IPv4 in IPv6 to a conventional IPv4-to-IPv4 NAT.
>> (Crude diagram below.)
> 
> [...]
> 
>> +------+-----+-------+          +------+-----+          +-----+------+
>> |Server|IPv4 |Encaps |__________|Decaps|NAT44|__________|IPv4 |Client|
>> |      |stack|in IPv6| IPv6 net |      |     | IPv4 net |stack|      |
>> +------+-----+-------+          +------+-----+          +-----+------+
> 
> How does the tunneling help?

Er, it gets IPv4 packets across the IPv6-only network.

> The actual packet mangling should be simple
> enough, the problem is that the client can't express the IPv6
> destination in an IPv4 packet without modifications to the IPv4 client
> (and those modifications would be unlikely to work through middleboxes).

That's why you go to a traditional v4-to-v4 NAT at the boundary.
No new mangling code is needed. From the v4 point of view this
is bog standard NAPT with configured port mapping. I'll have to
look at Alain's draft to see if he's already written up the
whole thing, or if I need to write more.

    Brian

Follow-Ups:
- Re: Tunnel-to-NAT scenario
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- Tunnel-to-NAT scenario
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: Tunnel-to-NAT scenario
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: a comment on nat requirements draft
Next by Date: Re: Tunnel-to-NAT scenario
Previous by thread: Re: Tunnel-to-NAT scenario
Next by thread: Re: Tunnel-to-NAT scenario
Index(es):
- Date
- Thread