datatracker.ietf.org
Sign in
Version 5.6.2.p3, 2014-07-31
Report a bug

Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status
RFC 4966

Network Working Group                                            C. Aoun
Request for Comments: 4966                                Energize Urnet
Obsoletes: 2766                                                E. Davies
Category: Informational                                 Folly Consulting
                                                               July 2007

  Reasons to Move the Network Address Translator - Protocol Translator
                      (NAT-PT) to Historic Status

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   This document discusses issues with the specific form of IPv6-IPv4
   protocol translation mechanism implemented by the Network Address
   Translator - Protocol Translator (NAT-PT) defined in RFC 2766.  These
   issues are sufficiently serious that recommending RFC 2766 as a
   general purpose transition mechanism is no longer desirable, and this
   document recommends that the IETF should reclassify RFC 2766 from
   Proposed Standard to Historic status.

Aoun & Davies                Informational                      [Page 1]
RFC 4966                 NAT-PT Issues Analysis                July 2007

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Issues Unrelated to an DNS-ALG . . . . . . . . . . . . . . . .  7
     2.1.  Issues with Protocols Embedding IP Addresses . . . . . . .  7
     2.2.  NAPT-PT Redirection Issues . . . . . . . . . . . . . . . .  8
     2.3.  NAT-PT Binding State Decay . . . . . . . . . . . . . . . .  8
     2.4.  Loss of Information through Incompatible Semantics . . . .  9
     2.5.  NAT-PT and Fragmentation . . . . . . . . . . . . . . . . . 10
     2.6.  NAT-PT Interaction with SCTP and Multihoming . . . . . . . 11
     2.7.  NAT-PT as a Proxy Correspondent Node for MIPv6 . . . . . . 12
     2.8.  NAT-PT and Multicast . . . . . . . . . . . . . . . . . . . 12
   3.  Issues Exacerbated by the Use of DNS-ALG . . . . . . . . . . . 13
     3.1.  Network Topology Constraints Implied by NAT-PT . . . . . . 13
     3.2.  Scalability and Single Point of Failure Concerns . . . . . 14
     3.3.  Issues with Lack of Address Persistence  . . . . . . . . . 15
     3.4.  DoS Attacks on Memory and Address/Port Pools . . . . . . . 16
   4.  Issues Directly Related to Use of DNS-ALG  . . . . . . . . . . 16
     4.1.  Address Selection Issues when Communicating with
           Dual-Stack End-Hosts . . . . . . . . . . . . . . . . . . . 16
     4.2.  Non-Global Validity of Translated RR Records . . . . . . . 18
     4.3.  Inappropriate Translation of Responses to A Queries  . . . 19
     4.4.  DNS-ALG and Multi-Addressed Nodes  . . . . . . . . . . . . 19
     4.5.  Limitations on Deployment of DNS Security Capabilities . . 19
   5.  Impact on IPv6 Application Development . . . . . . . . . . . . 20
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 20
   7.  Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 21
   8.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 22
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 22
     9.1.  Normative References . . . . . . . . . . . . . . . . . . . 22
     9.2.  Informative References . . . . . . . . . . . . . . . . . . 23

Aoun & Davies                Informational                      [Page 2]
RFC 4966                 NAT-PT Issues Analysis                July 2007

1.  Introduction

   The Network Address Translator - Protocol Translator (NAT-PT)
   document [RFC2766] defines a set of network-layer translation
   mechanisms designed to allow nodes that only support IPv4 to
   communicate with nodes that only support IPv6, during the transition
   to the use of IPv6 in the Internet.

   [RFC2766] specifies the basic NAT-PT, in which only addresses are
   translated, and the Network Address Port Translator - Protocol
   Translator (NAPT-PT), which also translates transport identifiers,
   allowing for greater economy of scarce IPv4 addresses.  Protocol
   translation is performed using the Stateless IP/ICMP Translation
   Algorithm (SIIT) defined in [RFC2765].  In the following discussion,
   where the term "NAT-PT" is used unqualified, the discussion applies
   to both basic NAT-PT and NAPT-PT.  "Basic NAT-PT" will be used if
   points apply to the basic address-only translator.

   A number of previous documents have raised issues with NAT-PT.  This
   document will summarize these issues, note several other issues
   carried over from traditional IPv4 NATs, and identify some additional

[include full document text]