V6 still not supported

• Previous message (by thread): Enhance CG-NAT Re: V6 still not supported
• Next message (by thread): V6 still not supported
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Matthew Petach wrote:

> Hi Masataka,

Hi,

> One quick question.  If every host is granted a range of public port
> numbers on the static stateful NAT device, what happens when
> two customers need access to the same port number?

I mean static outgoing port number, but your concern
should be well known incoming port number, which is
an issue not specific to "static stateful" NAT.
> Because there's no way in a DNS NS entry to specify a
> port number, if I need to run a DNS server behind this
> static NAT, I *have* to be given port 53 in my range;
> there's no other way to make DNS work.

And SMTP, as is explained in draft-ohta-e2e-nat-00:

    A server port number different from well known ones may be specified
    through mechanisms to specify an address of the server, which is the
    case of URLs. However, port numbers for DNS and SMTP are, in general,
    implicitly assumed by DNS and are not changeable.


    Or, a NAT gateway may receive packets to certain ports and behave as
    an application gateway to end hosts, if request messages to the
    server contains information, such as domain names, which is the case
    with DNS, SMTP and HTTP, to demultiplex the request messages to end
    hosts.  However, for an ISP operating the NAT gateway, it may be
    easier to operate independent servers at default port for DNS, SMTP,
    HTTP and other applications for their customers than operating
    application relays.

Though the draft is for E2ENAT, situation is same
for any kind of NAT.

> This means
> that if I have two customers that each need to run a
> DNS server, I have to put them on separate static
> NAT boxes--because they can't both get access to
> port 53.

See above for other possibilities.

> This limits the effectiveness of a stateful static NAT
> box

For incoming port, static stateful NAT is no worse than
dynamic NAT. Both may be configured to map certain
incoming ports to certain local ports and addresses
statically or dynamically with, say, UPnP.

The point of static stateful NAT is for outgoing port
that it does not require logging.

> tl;dr -- "if only we'd thought of putting a port number field
> in the NS records in DNS back in 1983..."

And, MX.

As named has "-p" option, I think some people were already
aware of uselessness of the option in 1983. But, putting
a port number field at that time is overkill.

					Masataka Ohta

• Previous message (by thread): Enhance CG-NAT Re: V6 still not supported
• Next message (by thread): V6 still not supported
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]