Subject: Re: IPv6 Comment
To: None <email@example.com>
From: Sean Doran <firstname.lastname@example.org>
Date: 09/01/2000 19:10:43
| That is simply not true. NAT, in order to map one to many or many to
| few, must translate based on address,some-other-key, which is generally
| "port number" for TCP and UDP.
Oh great, so now NAT is not just ALG, it is also PAT?
There is no particular reason to go one-to-many/many-to-few; what
NAT (and *STRICTLY* NAT) does is allows you to do three things:
1/ rapid renumbering of everything "inside" the NAT
by changing "outside" addresses and causing all new
exchanges to use the new "outside" addresses. Nothing
inside ever needs to know or adapt.
2/ selectively hide or expose "inside" devices to the
outside world. no mapping, no connectivity.
there are lots of little things in many networks
that don't need outside exposure.
3/ as an extension of 1 & 2, you can compress your
address utilization down to _exactly_ the number
of things "inside" which need to talk to "outside".
No PAT, no ALG; we JUST rewrite IP headers.
What *you* are saying NAT does is added-feature stuff that is
often associated with devices which perform Network Address Translations,
since NAT is not very difficult or sexy, breaks some NAT-unfriendly
protocols, and doesn't in itself allow for compressing address
utilization to LESS than the number of things "inside" which need
to communicate with the outside.
PAT is gross & ugly, but is driven by the inability to have the
"smtp" port number for one DNS name be different than the "smtp"
port number for another host name from the perspective of a host
doing a getservbyname(3) call. Otherwise, you might see something
zembu.com. IN MX 1 mail.zembu.com.
mail.zembu.com. IN A 184.108.40.206
smtp.mail.zembu.com. IN PORT 25
It would be OK to have such an RR simply override a local default
(e.g., one's /etc/services file's contents), but no work has been
done on virtualizing this part of a connection name in EITHER
IPv4 or IPv6 (which is inherently hostile to separating name from location).
| ...and the rewriting of the IP header is also incompatible with
| integrity-ensuring protocols such as AH (which accounts for changes
| to e.g. the TTL field).
Right, but AH is stupid.