[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPv6 /64 links (was Re: ipv6 book recommendations?)

Subject: IPv6 /64 links (was Re: ipv6 book recommendations?)
From: owen at delong.com (Owen DeLong)
Date: Wed, 13 Jun 2012 06:34:49 -0700
In-reply-to: <[email protected]>
References: <OF81E9E43F.7BD2CCFA-ON85257A15.004EFFD7-85257A15.00502F69@videotron.com> <1339017457.2754.8.camel@karl> <[email protected]> <1339106986.2754.37.camel@karl> <[email protected]> <1339493145.15324.229.camel@karl> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAMbSiYBP73eshQxXbki9XTYdBDC3KHkHKKnyoXH9voQZEBi+QA@mail.gmail.com> <[email protected]>

On Jun 12, 2012, at 10:47 PM, Masataka Ohta wrote:

> Dave Hart wrote:
> 
>> It is
>> not transparent when you have to negotiate an inbound path for each
>> service.
> 
> I mean, for applications, global address and global port
> numbers are visible.
> 

Showing that you don't actually understand what everyone else means when
they say "end-to-end".

>> UPnP
>> is inadequate for carrier NAT due to its model assuming the NAT trusts
>> its clients.
> 
> UPnP gateway configured with purely static port mapping needs
> no security.
> 
> Assuming shared global address of 131.112.32.132, TCP/UDP port
> 100 to 199 may be forwarded to port 100 to 199 of 192.168.1.1,
> port 200 to 299 be forwarded to port 200 to 299 of 192.168.1.2,
> ...
> 

No carrier is going to implement that for obvious reasons.

Besides, that's not transparent end-to-end, that's predictably opaque
end-to-end.

>> When TCP headers are being rewritten, it's a strong hint that
>> transparency has been lost, even if some communication remains
>> possible.
> 
> UPnP provides information for clients to restore IP and TCP
> headers from local ones back to global ones, which is visible
> to applications.
> 

But it doesn't work across multiple layers of NAT.

> See the following protocol stack.
> 
>    UPnP capable NAT GW                              Client
>                                                   +---------+
>                                                   | public  |
>                                                   |  appli- |
>                                                   | cation  |
>                              information          +---------+
>                +------+  for reverse translation  | public  |
>                | UPnP |-------------------------->|transport|
>   +---------+---------+                           +---------+
>   | public  | private |                           | private |
>   |transport|transport|                           |transport|
>   +---------+---------+        +---------+        +---------+
>   | public  | private |        | private |        | private |
>   |   IP    |   IP    |        |   IP    |        |   IP    |
>   +---------+-----------------------+-----------------------+
>             |   privatte datalink   |   private datalink    |
>             +-----------------------+-----------------------+

Now, redraw the diagram for the real world scenario:

host <-> UPnP NAT <-> Carrier NAT <-> Internet <-> Carrier NAT <-> UPnP NAT <-> host

Tell me again how the application signaling from UPnP survives through all that and comes up with correct answers?

Yeah, thought so.

Owen

Follow-Ups:
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: mohta at necom830.hpcl.titech.ac.jp (Masataka Ohta)

References:
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: Jean-Francois.TremblayING at videotron.com (Jean-Francois.TremblayING at videotron.com)
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: kauer at biplane.com.au (Karl Auer)
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: jfbeam at gmail.com (Ricky Beam)
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: kauer at biplane.com.au (Karl Auer)
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: mohta at necom830.hpcl.titech.ac.jp (Masataka Ohta)
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: kauer at biplane.com.au (Karl Auer)
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: mohta at necom830.hpcl.titech.ac.jp (Masataka Ohta)
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: alh-ietf at tndh.net (Tony Hain)
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: mohta at necom830.hpcl.titech.ac.jp (Masataka Ohta)
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: alh-ietf at tndh.net (Tony Hain)
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: mohta at necom830.hpcl.titech.ac.jp (Masataka Ohta)
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: owen at delong.com (Owen DeLong)
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: mohta at necom830.hpcl.titech.ac.jp (Masataka Ohta)
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: davehart at gmail.com (Dave Hart)
- IPv6 /64 links (was Re: ipv6 book recommendations?)
  - From: mohta at necom830.hpcl.titech.ac.jp (Masataka Ohta)

Prev by Date: EBAY and AMAZON
Next by Date: vulnerability and popularity (was: EBAY and AMAZON)
Previous by thread: IPv6 /64 links (was Re: ipv6 book recommendations?)
Next by thread: IPv6 /64 links (was Re: ipv6 book recommendations?)
Index(es):
- Date
- Thread