multiple prefixes

Fred Baker fred at cisco.com
Tue Feb 12 19:47:32 CET 2013


On Feb 12, 2013, at 12:38 AM, Doug Barton <dougb at dougbarton.us> wrote:

> Please demonstrate how these costs pertain to NPT. To the application there shouldn't be any difference between operating in an NPT environment than operating on GUAs. (This response also applies to your comment about skype.)

There is one difference. I'll agree with 99% of what you have said about NAT vs NPT; there is a huge difference between anything stateful and anything stateless, and between a firewall and a translator of any kind. I really scratch my head when I hear smart people confuse "state" with "no state".

But an application operating with global addresses has one difference from an application operating with a zoned address. When two peers are communicating using global addresses, the address a datagram is sent from/to from the perspective of one peer is sent from/to the same address from the perspective of the other peer. If the applications depend on the address domains being common, they are common. When two peers have one or more translators between them, the addresses as seen by one peer are different than the addresses as seen by the other. This affects any redirect or other URI; when they are expressed using DNS names, and especially if the applications implement happy eyeballs, it falls out, but if they use binary addresses or address literals, they have a coupling problem. Think SIP/SDP. I talked about that in section 5 of the NPTv6 document.

I asked Xing Li, who is running an IPv6-only network (CERNET2) and communicates to IPv4 domains (especially CERNET, which is IPv4-only) using a stateless NAT64 (RFC 6145/6147) translator, how this affects him. His report is that the vast majority of redirects that he observes (99.lots percent) use DNS names, but specifically video services seem to like to use IPv4 address literals in redirect URIs. Given the popularity of video services, that is a headache for his IPv6-only network. 


More information about the ipv6-ops mailing list