Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status
RFC 4966
Document Type RFC - Informational (July 2007; Errata)
Obsoletes RFC 2766
Last updated 2015-10-14
Replaces draft-ietf-v6ops-natpt-to-exprmntl
Stream IETF
Formats plain text pdf html bibtex
Reviews
SECDIR Last Call Review
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state RFC 4966 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD David Kessens
Send notices to (None)
Email authors Email WG IPR 1 References Referenced by Nits 
Network Working Group                                            C. Aoun
Request for Comments: 4966                                Energize Urnet
Obsoletes: 2766                                                E. Davies
Category: Informational                                 Folly Consulting
                                                               July 2007

  Reasons to Move the Network Address Translator - Protocol Translator
                      (NAT-PT) to Historic Status

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   This document discusses issues with the specific form of IPv6-IPv4
   protocol translation mechanism implemented by the Network Address
   Translator - Protocol Translator (NAT-PT) defined in RFC 2766.  These
   issues are sufficiently serious that recommending RFC 2766 as a
   general purpose transition mechanism is no longer desirable, and this
   document recommends that the IETF should reclassify RFC 2766 from
   Proposed Standard to Historic status.

Aoun & Davies                Informational                      [Page 1]
RFC 4966                 NAT-PT Issues Analysis                July 2007

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Issues Unrelated to an DNS-ALG . . . . . . . . . . . . . . . .  7
     2.1.  Issues with Protocols Embedding IP Addresses . . . . . . .  7
     2.2.  NAPT-PT Redirection Issues . . . . . . . . . . . . . . . .  8
     2.3.  NAT-PT Binding State Decay . . . . . . . . . . . . . . . .  8
     2.4.  Loss of Information through Incompatible Semantics . . . .  9
     2.5.  NAT-PT and Fragmentation . . . . . . . . . . . . . . . . . 10
     2.6.  NAT-PT Interaction with SCTP and Multihoming . . . . . . . 11
     2.7.  NAT-PT as a Proxy Correspondent Node for MIPv6 . . . . . . 12
     2.8.  NAT-PT and Multicast . . . . . . . . . . . . . . . . . . . 12
   3.  Issues Exacerbated by the Use of DNS-ALG . . . . . . . . . . . 13
     3.1.  Network Topology Constraints Implied by NAT-PT . . . . . . 13
     3.2.  Scalability and Single Point of Failure Concerns . . . . . 14
     3.3.  Issues with Lack of Address Persistence  . . . . . . . . . 15
     3.4.  DoS Attacks on Memory and Address/Port Pools . . . . . . . 16
   4.  Issues Directly Related to Use of DNS-ALG  . . . . . . . . . . 16
     4.1.  Address Selection Issues when Communicating with
           Dual-Stack End-Hosts . . . . . . . . . . . . . . . . . . . 16
     4.2.  Non-Global Validity of Translated RR Records . . . . . . . 18
     4.3.  Inappropriate Translation of Responses to A Queries  . . . 19
     4.4.  DNS-ALG and Multi-Addressed Nodes  . . . . . . . . . . . . 19
     4.5.  Limitations on Deployment of DNS Security Capabilities . . 19
   5.  Impact on IPv6 Application Development . . . . . . . . . . . . 20
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 20
   7.  Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 21
   8.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 22
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 22
     9.1.  Normative References . . . . . . . . . . . . . . . . . . . 22
     9.2.  Informative References . . . . . . . . . . . . . . . . . . 23

Aoun & Davies                Informational                      [Page 2]
RFC 4966                 NAT-PT Issues Analysis                July 2007

1.  Introduction

   The Network Address Translator - Protocol Translator (NAT-PT)
   document [RFC2766] defines a set of network-layer translation
   mechanisms designed to allow nodes that only support IPv4 to
   communicate with nodes that only support IPv6, during the transition
   to the use of IPv6 in the Internet.

   [RFC2766] specifies the basic NAT-PT, in which only addresses are
   translated, and the Network Address Port Translator - Protocol
   Translator (NAPT-PT), which also translates transport identifiers,
   allowing for greater economy of scarce IPv4 addresses.  Protocol
   translation is performed using the Stateless IP/ICMP Translation
   Algorithm (SIIT) defined in [RFC2765].  In the following discussion,
   where the term "NAT-PT" is used unqualified, the discussion applies
   to both basic NAT-PT and NAPT-PT.  "Basic NAT-PT" will be used if
   points apply to the basic address-only translator.

   A number of previous documents have raised issues with NAT-PT.  This
   document will summarize these issues, note several other issues
   carried over from traditional IPv4 NATs, and identify some additional
   issues that have not been discussed elsewhere.  Proposed solutions to
   the issues are mentioned and any resulting need for changes to the
   specification is identified.

   Whereas NAT is seen as an ongoing capability that is needed to work
Show full document text
ISOC IETF Trust RFC Editor IRTF IESG IETF IAB IASA & IAOC IETF Tools IANA