Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status
RFC 4966
Document | Type |
RFC - Informational
(July 2007; Errata)
Obsoletes RFC 2766
|
|
---|---|---|---|
Authors | Cedric Aoun , Elwyn Davies | ||
Last updated | 2020-01-21 | ||
Replaces | draft-ietf-v6ops-natpt-to-exprmntl | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Reviews | |||
Stream | WG state | WG Document | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4966 (Informational) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | David Kessens | ||
Send notices to | (None) |
Network Working Group C. Aoun Request for Comments: 4966 Energize Urnet Obsoletes: 2766 E. Davies Category: Informational Folly Consulting July 2007 Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract This document discusses issues with the specific form of IPv6-IPv4 protocol translation mechanism implemented by the Network Address Translator - Protocol Translator (NAT-PT) defined in RFC 2766. These issues are sufficiently serious that recommending RFC 2766 as a general purpose transition mechanism is no longer desirable, and this document recommends that the IETF should reclassify RFC 2766 from Proposed Standard to Historic status. Aoun & Davies Informational [Page 1] RFC 4966 NAT-PT Issues Analysis July 2007 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Issues Unrelated to an DNS-ALG . . . . . . . . . . . . . . . . 7 2.1. Issues with Protocols Embedding IP Addresses . . . . . . . 7 2.2. NAPT-PT Redirection Issues . . . . . . . . . . . . . . . . 8 2.3. NAT-PT Binding State Decay . . . . . . . . . . . . . . . . 8 2.4. Loss of Information through Incompatible Semantics . . . . 9 2.5. NAT-PT and Fragmentation . . . . . . . . . . . . . . . . . 10 2.6. NAT-PT Interaction with SCTP and Multihoming . . . . . . . 11 2.7. NAT-PT as a Proxy Correspondent Node for MIPv6 . . . . . . 12 2.8. NAT-PT and Multicast . . . . . . . . . . . . . . . . . . . 12 3. Issues Exacerbated by the Use of DNS-ALG . . . . . . . . . . . 13 3.1. Network Topology Constraints Implied by NAT-PT . . . . . . 13 3.2. Scalability and Single Point of Failure Concerns . . . . . 14 3.3. Issues with Lack of Address Persistence . . . . . . . . . 15 3.4. DoS Attacks on Memory and Address/Port Pools . . . . . . . 16 4. Issues Directly Related to Use of DNS-ALG . . . . . . . . . . 16 4.1. Address Selection Issues when Communicating with Dual-Stack End-Hosts . . . . . . . . . . . . . . . . . . . 16 4.2. Non-Global Validity of Translated RR Records . . . . . . . 18 4.3. Inappropriate Translation of Responses to A Queries . . . 19 4.4. DNS-ALG and Multi-Addressed Nodes . . . . . . . . . . . . 19 4.5. Limitations on Deployment of DNS Security Capabilities . . 19 5. Impact on IPv6 Application Development . . . . . . . . . . . . 20 6. Security Considerations . . . . . . . . . . . . . . . . . . . 20 7. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 21 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 22 9.1. Normative References . . . . . . . . . . . . . . . . . . . 22 9.2. Informative References . . . . . . . . . . . . . . . . . . 23 Aoun & Davies Informational [Page 2] RFC 4966 NAT-PT Issues Analysis July 2007 1. Introduction The Network Address Translator - Protocol Translator (NAT-PT) document [RFC2766] defines a set of network-layer translation mechanisms designed to allow nodes that only support IPv4 to communicate with nodes that only support IPv6, during the transition to the use of IPv6 in the Internet. [RFC2766] specifies the basic NAT-PT, in which only addresses are translated, and the Network Address Port Translator - Protocol Translator (NAPT-PT), which also translates transport identifiers, allowing for greater economy of scarce IPv4 addresses. Protocol translation is performed using the Stateless IP/ICMP Translation Algorithm (SIIT) defined in [RFC2765]. In the following discussion, where the term "NAT-PT" is used unqualified, the discussion applies to both basic NAT-PT and NAPT-PT. "Basic NAT-PT" will be used if points apply to the basic address-only translator. A number of previous documents have raised issues with NAT-PT. This document will summarize these issues, note several other issues carried over from traditional IPv4 NATs, and identify some additional issues that have not been discussed elsewhere. Proposed solutions to the issues are mentioned and any resulting need for changes to the specification is identified. Whereas NAT is seen as an ongoing capability that is needed to workShow full document text