Problems with removing NAT from a network

Owen DeLong owen at delong.com
Fri Jan 7 13:47:29 CST 2011


On Jan 7, 2011, at 6:32 AM, Jack Bates wrote:

> 
> 
> On 1/7/2011 4:44 AM, Dobbins, Roland wrote:
>> Yes, it has.  There're lots of issues with embedding IP addresses
>> directly into apps and so forth which have nothing to do with NAT.
> 
> Embedding into apps isn't the same as embedding into protocol packets. While NAT and stateful firewalls do tend to break with embedded addresses that they don't know to check for, it's still not a bad idea.
> I was fixing to complain that the IPv6 designers didn't take the chance to add the embedding to the Packet headers, when it occurs to me, they made the headers nice and extensible.
> 
> It also baffles me as to why applications such as skype dealing with NAT64 can't use the compatibility addressing to start communicating with v4 hosts from a v6 only NIC. I thought this was already a fixed problem not requiring DNS to deal with. It's not like NAT46 (anyone actually publish such a hideous protocol?), which requires really messy state tables bidirectionally for everything and DNS rewrites.
> 
> Jack

Compatibility addresses don't work on the wire. They're not supposed to. It's a huge problem if they do.

Compatibility addresses allow you to write an IPv6 application, run it on a dual-stacked host and talk to
the IPv4 and IPv6 remote systems as if all of them are IPv6 hosts. The IPv4 hosts appear to come
from the IPv6 range ::ffff:ip:v4 which is often presented to the user as ::ffff:i.p.v.4 .

Hope that clarifies things.

Owen





More information about the NANOG mailing list