diff options
Diffstat (limited to 'doc/rfc/rfc5902.txt')
-rw-r--r-- | doc/rfc/rfc5902.txt | 843 |
1 files changed, 843 insertions, 0 deletions
diff --git a/doc/rfc/rfc5902.txt b/doc/rfc/rfc5902.txt new file mode 100644 index 0000000..d5e3a6c --- /dev/null +++ b/doc/rfc/rfc5902.txt @@ -0,0 +1,843 @@ + + + + + + +Internet Architecture Board (IAB) D. Thaler +Request for Comments: 5902 L. Zhang +Category: Informational G. Lebovitz +ISSN: 2070-1721 July 2010 + + + IAB Thoughts on IPv6 Network Address Translation + +Abstract + + There has been much recent discussion on the topic of whether the + IETF should develop standards for IPv6 Network Address Translators + (NATs). This document articulates the architectural issues raised by + IPv6 NATs, the pros and cons of having IPv6 NATs, and provides the + IAB's thoughts on the current open issues and the solution space. + +Status of This Memo + + This document is not an Internet Standards Track specification; it is + published for informational purposes. + + This document is a product of the Internet Architecture Board (IAB) + and represents information that the IAB has deemed valuable to + provide for permanent record. Documents approved for publication by + the IAB are not a candidate for any level of Internet Standard; see + Section 2 of RFC 5741. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + http://www.rfc-editor.org/info/rfc5902. + +Copyright Notice + + Copyright (c) 2010 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. + + + + + + + + + +Thaler, et al. Informational [Page 1] + +RFC 5902 IPv6 NAT Considerations July 2010 + + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 + 2. What is the problem? . . . . . . . . . . . . . . . . . . . . . 3 + 2.1. Avoiding Renumbering . . . . . . . . . . . . . . . . . . . 3 + 2.2. Site Multihoming . . . . . . . . . . . . . . . . . . . . . 4 + 2.3. Homogenous Edge Network Configurations . . . . . . . . . . 4 + 2.4. Network Obfuscation . . . . . . . . . . . . . . . . . . . 5 + 2.4.1. Hiding Hosts . . . . . . . . . . . . . . . . . . . . . 5 + 2.4.2. Topology Hiding . . . . . . . . . . . . . . . . . . . 8 + 2.4.3. Summary Regarding NAT as a Tool for Network + Obfuscation . . . . . . . . . . . . . . . . . . . . . 8 + 2.5. Simple Security . . . . . . . . . . . . . . . . . . . . . 9 + 2.6. Discussion . . . . . . . . . . . . . . . . . . . . . . . . 9 + 3. Architectural Considerations of IPv6 NAT . . . . . . . . . . . 9 + 4. Solution Space . . . . . . . . . . . . . . . . . . . . . . . . 11 + 4.1. Discussion . . . . . . . . . . . . . . . . . . . . . . . . 12 + 5. Security Considerations . . . . . . . . . . . . . . . . . . . 13 + 6. IAB Members at the Time of Approval . . . . . . . . . . . . . 13 + 7. Informative References . . . . . . . . . . . . . . . . . . . . 14 + +1. Introduction + + In the past, the IAB has published a number of documents relating to + Internet transparency and the end-to-end principle, and other IETF + documents have also touched on these issues as well. These documents + articulate the general principles on which the Internet architecture + is based, as well as the core values that the Internet community + seeks to protect going forward. Most recently, RFC 4924 [RFC4924] + reaffirms these principles and provides a review of the various + documents in this area. + + Facing imminent IPv4 address space exhaustion, recently there have + been increased efforts in IPv6 deployment. However, since late 2008 + there have also been increased discussions about whether the IETF + should standardize network address translation within IPv6. People + who are against standardizing IPv6 NAT argue that there is no + fundamental need for IPv6 NAT, and that as IPv6 continues to roll + out, the Internet should converge towards reinstallation of the end- + to-end reachability that has been a key factor in the Internet's + success. On the other hand, people who are for IPv6 NAT believe that + NAT vendors would provide IPv6 NAT implementations anyway as NAT can + be a solution to a number of problems, and that the IETF should avoid + repeating the same mistake as with IPv4 NAT, where the lack of + protocol standards led to different IPv4 NAT implementations, making + NAT traversal difficult. + + + + + +Thaler, et al. Informational [Page 2] + +RFC 5902 IPv6 NAT Considerations July 2010 + + + An earlier effort, [RFC4864], provides a discussion of the real or + perceived benefits of NAT and suggests alternatives for most of them, + with the intent of showing that NAT is not required to get the + desired benefits. However, it also identifies several gaps remaining + to be filled. + + This document provides the IAB's current thoughts on this debate. We + believe that the issue at hand must be viewed from an overall + architectural standpoint in order to fully assess the pros and cons + of IPv6 NAT on the global Internet and its future development. + +2. What is the problem? + + The discussions on the desire for IPv6 NAT can be summarized as + follows. Network address translation is viewed as a solution to + achieve a number of desired properties for individual networks: + avoiding renumbering, facilitating multihoming, making configurations + homogenous, hiding internal network details, and providing simple + security. + +2.1. Avoiding Renumbering + + As discussed in [RFC4864], Section 2.5, the ability to change service + providers with minimal operational difficulty is an important + requirement in many networks. However, renumbering is still quite + painful today, as discussed in [RFC5887]. Currently it requires + reconfiguring devices that deal with IP addresses or prefixes, + including DNS servers, DHCP servers, firewalls, IPsec policies, and + potentially many other systems such as intrusion detection systems, + inventory management systems, patch management systems, etc. + + In practice today, renumbering does not seem to be a significant + problem in consumer networks, such as home networks, where addresses + or prefixes are typically obtained through DHCP and are rarely + manually configured in any component. However, in managed networks, + renumbering can be a serious problem. + + We also note that many, if not most, large enterprise networks avoid + the renumbering problem by using provider-independent (PI) IP address + blocks. The use of PI addresses is inherent in today's Internet + operations. However, in smaller managed networks that cannot get + provider-independent IP address blocks, renumbering remains a serious + issue. Regional Internet Registries (RIRs) constantly receive + requests for PI address blocks; one main reason that they hesitate in + assigning PI address blocks to all users is the concern about the PI + addresses' impact on the routing system scalability. + + + + + +Thaler, et al. Informational [Page 3] + +RFC 5902 IPv6 NAT Considerations July 2010 + + +2.2. Site Multihoming + + Another important requirement in many networks is site multihoming. + A multihomed site essentially requires that its IP prefixes be + present in the global routing table to achieve the desired + reliability in its Internet connectivity as well as load balancing. + In today's practice, multihomed sites with PI addresses announce + their PI prefixes to the global routing system; multihomed sites with + provider-allocated (PA) addresses also announce the PA prefix they + obtained from one service provider to the global routing system + through another service provider, effectively disabling provider- + based prefix aggregation. This practice makes the global routing + table scale linearly with the number of multihomed user networks. + + This issue was identified in [RFC4864], Section 6.4. Unfortunately, + no solution except NAT has been deployed today that can insulate the + global routing system from the growing number of multihomed sites, + where a multihomed site simply assigns multiple IPv4 addresses (one + from each of its service providers) to its exit router, which is an + IPv4 NAT box. Using address translation to facilitate multihoming + support has one unique advantage: there is no impact on the routing + system scalability, as the NAT box simply takes one address from each + service provider, and the multihomed site does not inject its own + routes into the system. Intuitively, it also seems straightforward + to roll the same solution into multihoming support in the IPv6 + deployment. However, one should keep in mind that this approach + brings all the drawbacks of putting a site behind a NAT box, + including the loss of reachability to the servers behind the NAT box. + + It is also important to point out that a multihomed site announcing + its own prefix(es) achieves two important benefits that NAT-based + multihoming support does not provide. First, end-to-end + communications can be preserved in face of connectivity failures of + individual service providers, as long as the site remains connected + through at least one operational service provider. Second, + announcing one's prefixes also gives a multihomed site the ability to + perform traffic engineering and load balancing. + +2.3. Homogenous Edge Network Configurations + + Service providers supporting residential customers need to minimize + support costs (e.g., help desk calls). Often a key factor in + minimizing support costs is ensuring customers have homogenous + configurations, including the addressing architecture. Today, when + IPv4 NATs are provided by a service provider, all customers get the + same address space on their home networks, and hence the home gateway + + + + + +Thaler, et al. Informational [Page 4] + +RFC 5902 IPv6 NAT Considerations July 2010 + + + always has the same address. From a customer-support perspective, + this perhaps represents the most important property of NAT usage + today. + + In IPv6, link-local addresses can be used to ensure that all home + gateways have the same address, and to provide homogenous addresses + to any other devices supported by the service provider. Unlike IPv4, + having a globally unique address does not prevent the use of a + homogenous address within the subnet. It is only in the case of + multi-subnet customers that IPv6 NAT would provide some homogeneity + that wouldn't be provided by link-local addresses. For multi-subnet + customers (e.g., a customer using a wireless access point behind the + service provider router/modem), service providers today might only + discuss problems (for IPv4 or IPv6) from computers connected directly + to the service provider router. + + It is currently unknown whether IPv6 link-local addresses provide + sufficient homogeneity to minimize help desk calls. If they do not, + providers might still desire IPv6 NATs in the residential gateways + they provide. + +2.4. Network Obfuscation + + Most network administrators want to hide the details of the computing + resources, information infrastructure, and communications networks + within their borders. This desire is rooted in the basic security + principle that an organization's assets are for its sole use and all + information about those assets, their operation, and the methods and + tactics of their use are proprietary secrets. Some organizations use + their information and communication technologies as a competitive + advantage in their industries. It is a generally held belief that + measures must be taken to protect those secrets. The first layer of + protection of those secrets is preventing access to the secrets or + knowledge about the secrets whenever possible. It is understandable + why network administrators would want to keep the details about the + hosts on their network, as well as the network infrastructure itself, + private. They believe that NAT helps achieve this goal. + +2.4.1. Hiding Hosts + + As a specific measure of network obfuscation, network administrators + wish to keep secret any and all information about the computer + systems residing within their network boundaries. Such computer + systems include workstations, laptops, servers, function-specific + end-points (e.g., printers, scanners, IP telephones, point-of-sale + machines, building door access-control devices), and such. They want + to prevent an external entity from counting the number of hosts on + the network. They also want to prevent host fingerprinting, i.e., + + + +Thaler, et al. Informational [Page 5] + +RFC 5902 IPv6 NAT Considerations July 2010 + + + gaining information about the constitution, contents, or function of + a host. For example, they want to hide the role of a host, as + whether it is a user workstation, a finance server, a source code + build server, or a printer. A second element of host-fingerprinting + prevention is to hide details that could aid an attacker in + compromising the host. Such details might include the type of + operating system, its version number, any patches it may or may not + have, the make and model of the device hardware, any application + software packages loaded, those version numbers and patches, and so + on. With such information about hosts, an attacker can launch a more + focused, targeted attack. Operators want to stop both host counting + and host fingerprinting. + + Where host counting is a concern, it is worth pointing out some of + the challenges in preventing it. [Bellovin] showed how one can + successfully count the number of hosts behind a certain type of + simple NAT box. More complex NAT deployments, e.g., ones employing + Network Address Port Translators (NAPTs) with a pool of public + addresses that are randomly bound to internal hosts dynamically upon + receipt of any new connection, and do so without persistency across + connections from the same host are more successful in preventing host + counting. However, the more complex the NAT deployment, the less + likely that complex connection types like the Session Initiation + Protocol (SIP) [RFC3261] and the Stream Control Transmission Protocol + (SCTP) [RFC4960] will be able to successfully traverse the NAT. This + observation follows the age-old axiom for networked computer systems: + for every unit of security you gain, you give up a unit of + convenience, and for every unit of convenience you hope to gain, you + must give up a unit of security. + + If fields such as fragment ID, TCP initial sequence number, or + ephemeral port number are chosen in a predictable fashion (e.g., + sequentially), then an attacker may correlate packets or connections + coming from the same host. + + To prevent counting hosts by counting addresses, one might be tempted + to use a separate IP address for each transport-layer connection. + Such an approach introduces other architectural problems, however. + Within the host's subnet, various devices including switches, + routers, and even the host's own hardware interface often have a + limited amount of state available before causing communication that + uses a large number of addresses to suffer significant performance + problems. In addition, if an attacker can somehow determine an + average number of connections per host, the attacker can still + estimate the number of hosts based on the number of connections + observed. Hence, such an approach can adversely affect legitimate + communication at all times, simply to raise the bar for an attacker. + + + + +Thaler, et al. Informational [Page 6] + +RFC 5902 IPv6 NAT Considerations July 2010 + + + Where host fingerprinting is concerned, even a complex NAT cannot + prevent fingerprinting completely. The way that different hosts + respond to different requests and sequences of events will indicate + consistently the type of a host that it is, its OS, version number, + and sometimes applications installed, etc. Products exist that do + this for network administrators as a service, as part of a + vulnerability assessment. + + These scanning tools initiate connections of various types across a + range of possible IP addresses reachable through that network. They + observe what returns, and then send follow-up messages accordingly + until they "fingerprint" the host thoroughly. When run as part of a + network assessment process, these tools are normally run from the + inside of the network, behind the NAT. If such a tool is set outside + a network boundary (as part of an external vulnerability assessment + or penetration test) along the path of packets, and is passively + observing and recording connection exchanges, over time it can + fingerprint hosts only if it has a means of determining which + externally viewed connections are originating from the same internal + host. If the NATing is simple and static, and each host's internal + address is always mapped to the same external address and vice versa, + the tool has 100% success fingerprinting the host. With the internal + hosts mapped to their external IP addresses and fingerprinted, the + attacker can launch targeted attacks into those hosts, or reliably + attempt to hijack those hosts' connections. If the NAT uses a single + external IP, or a pool of dynamically assigned IP addresses for each + host, but does so in a deterministic and predictable way, then the + operation of fingerprinting is more complex, but quite achievable. + + If the NAT uses dynamically assigned addresses, with short-term + persistency, but no externally learnable determinism, then the + problem gets harder for the attacker. The observer may be able to + fingerprint a host during the lifetime of a particular IP address + mapping, and across connections, but once that IP mapping is + terminated, the observer doesn't immediately know which new mapping + will be that same host. After much observation and correlation, the + attacker could sometimes determine if an observed new connection in + flight is from a familiar host. With that information, and a good + set of man-in-the-middle attack tools, the attacker could attempt to + compromise the host by hijacking a new connection of adequately long + duration. If temporal persistency is not deployed on the NAT, then + this tactic becomes almost impossible. As the difficulty and cost of + the attack increases, the number of attackers attempting to employ it + decreases. And certainly the attacker would not be able to initiate + a connection toward a host for which the attacker does not know the + current IP address binding. So, the attacker is limited to hijacking + observed connections thought to be from a familiar host, or to + blindly initiating attacks on connections in flight. This is why + + + +Thaler, et al. Informational [Page 7] + +RFC 5902 IPv6 NAT Considerations July 2010 + + + network administrators appreciate complex NATs' ability to deter host + counting and fingerprinting, but such deterrence comes at a cost of + host reachability. + +2.4.2. Topology Hiding + + It is perceived that a network operator may want to hide the details + of the network topology, the size of the network, the identities of + the internal routers, and the interconnection among the routers. + This desire has been discussed in [RFC4864], Sections 4.4 and 6.2. + + However, the success of topology hiding is dependent upon the + complexity, dynamism, and pervasiveness of bindings the NAT employs + (all of which were described above). The more complex, the more the + topology will be hidden, but the less likely that complex connection + types will successfully traverse the NAT barrier. Thus, the trade- + off is reachability across applications. + + Even if one can hide the actual addresses of internal hosts through + address translation, this does not necessarily prove sufficient to + hide internal topology. It may be possible to infer some aspects of + topological information from passively observing packets. For + example, based on packet timing, delay measurements, the Hop Limit + field, or other fields in the packet header, one could infer the + relative distance between multiple hosts. Once an observed session + is believed to match a previously fingerprinted host, that host's + distance from the NAT device may be learned, but not its exact + location or particular internal subnet. + + Host fingerprinting is required in order to do a thorough distance + mapping. An attacker might then use message contents to lump certain + types of devices into logical clusters, and take educated guesses at + attacks. This is not, however, a thorough mapping. Some NATs change + the TTL hop counts, much like an application-layer proxy would, while + others don't; this is an administrative setting on more advanced + NATs. The simpler and more static the NAT, the more possible this + is. The more complex and dynamic and non-persistent the NAT + bindings, the more difficult. + +2.4.3. Summary Regarding NAT as a Tool for Network Obfuscation + + The degree of obfuscation a NAT can achieve will be a function of its + complexity as measured by: + + o The use of one-to-many NAPT mappings; + + + + + + +Thaler, et al. Informational [Page 8] + +RFC 5902 IPv6 NAT Considerations July 2010 + + + o The randomness over time of the mappings from internal to external + IP addresses, i.e., non-deterministic mappings from an outsider's + perspective; + + o The lack of persistence of mappings, i.e., the shortness of + mapping lifetimes and not using the same mapping repeatedly; + + o The use of re-writing in IP header fields such as TTL. + + However, deployers be warned: as obfuscation increases, host + reachability decreases. Mechanisms such as STUN [RFC5389] and Teredo + [RFC4380] fail with the more complex NAT mechanisms. + +2.5. Simple Security + + It is commonly perceived that a NAT box provides one level of + protection because external hosts cannot directly initiate + communication with hosts behind a NAT. However, one should not + confuse NAT boxes with firewalls. As discussed in [RFC4864], Section + 2.2, the act of translation does not provide security in itself. The + stateful filtering function can provide the same level of protection + without requiring a translation function. For further discussion, + see [RFC4864], Section 4.2. + +2.6. Discussion + + At present, the primary benefits one may receive from deploying NAT + appear to be avoiding renumbering, facilitating multihoming without + impacting routing scalability, and making edge consumer network + configurations homogenous. + + Network obfuscation (host hiding, both counting and fingerprinting + prevention, and topology hiding) may well be achieved with more + complex NATs, but at the cost of losing some reachability and + application success. Again, when it comes to security, this is often + the case: to gain security one must give up some measure of + convenience. + +3. Architectural Considerations of IPv6 NAT + + First, it is important to distinguish between the effects of a NAT + box vs. the effects of a firewall. A firewall is intended to prevent + unwanted traffic [RFC4948] without impacting wanted traffic, whereas + a NAT box also interferes with wanted traffic. In the remainder of + this section, the term "reachability" is used with respect to wanted + traffic. + + + + + +Thaler, et al. Informational [Page 9] + +RFC 5902 IPv6 NAT Considerations July 2010 + + + The discussions on IPv6 NAT often refer to the wide deployment of + IPv4 NAT, where people have both identified tangible benefits and + gained operational experience. However, the discussions so far seem + mostly focused on the potential benefits that IPv6 NAT may, or may + not, bring. Little attention has been paid to the bigger picture, as + we elaborate below. + + When considering the benefits that IPv6 NAT may bring to a site that + deploys it, we must not overlook a bigger question: if one site + deploys IPv6 NAT, what is the potential impact it brings to the rest + of the Internet that does not do IPv6 NAT? By "the rest of the + Internet", we mean the Internet community that develops, deploys, and + uses end-to-end applications and protocols and hence is affected by + any loss of transparency (see [RFC2993] and [RFC4924] for further + discussion). This important question does not seem to have been + addressed, or addressed adequately. + + We believe that the discussions on IPv6 NAT should be put in the + context of the overall Internet architecture. The foremost question + is not how many benefits one may derive from using IPv6 NAT, but more + fundamentally, whether a significant portion of parties on the + Internet are willing to deploy IPv6 NAT, and hence whether we want to + make IP address translation a permanent building block in the + Internet architecture. + + One may argue that the answers to the above questions depend on + whether we can find adequate solutions to the renumbering, site + multihoming, and edge network configuration problems, and whether the + solutions provide transparency or not. If transparency is not + provided, making NAT a permanent building block in the Internet would + represent a fundamental architectural change. + + It is desirable that IPv6 users and applications be able to reach + each other directly without having to worry about address translation + boxes between the two ends. IPv6 application developers in general + should be able to program based on the assumption of end-to-end + reachability (of wanted traffic), without having to address the issue + of traversing NAT boxes. For example, referrals and multi-party + conversations are straightforward with end-to-end addressing, but + vastly complicated in the presence of address translation. + Similarly, network administrators should be able to run their + networks without the added complexity of NATs, which can bring not + only the cost of additional boxes, but also increased difficulties in + network monitoring and problem debugging. + + + + + + + +Thaler, et al. Informational [Page 10] + +RFC 5902 IPv6 NAT Considerations July 2010 + + + Given the diversity of the Internet user populations and the + diversity in today's operational practice, it is conceivable that + some parties may have a strong desire to deploy IPv6 NAT, and the + Internet should accommodate different views that lead to different + practices (i.e., some using IPv6 NAT, others not). + + If we accept the view that some, but not all, parties want IPv6 NAT, + then the real debate should not be on what benefits IPv6 NAT may + bring to the parties who deploy it. It is undeniable that network + address translation can bring certain benefits to its users. + However, the real challenge we should address is how to design IPv6 + NAT in such a way that it can hide its impact within some localized + scope. If IPv6 NAT design can achieve this goal, then the Internet + as a whole can strive for (reinstalling) the end-to-end reachability + model. + +4. Solution Space + + From an end-to-end perspective, the solution space for renumbering + and multihoming can be broadly divided into three classes: + + + 1. Endpoints get a stable, globally reachable address: In this class + of solutions, end sites use provider-independent addressing and + hence endpoints are unaffected by changing service providers. + For this to be a complete solution, provider-independent + addressing must be available to all managed networks (i.e., all + networks that use manual configuration of addresses or prefixes + in any type of system). However, in today's practice, assigning + provider-independent addresses to all networks, including small + ones, raises concerns with the scalability of the global routing + system. This is an area of ongoing research and experimentation. + In practice, network administrators have also been developing + short-term approaches to resolve today's gap between the + continued routing table growth and limitations in existing router + capacity [NANOG]. + + 2. Endpoints get a stable but non-globally-routable address on + physical interfaces but a dynamic, globally routable address + inside a tunnel: In this class of solutions, hosts use locally- + scoped (and hence provider-independent) addresses for + communication within the site using their physical interfaces. + As a result, managed systems such as routers, DHCP servers, etc., + all see stable addresses. Tunneling from the host to some + infrastructure device is then used to communicate externally. + Tunneling provides the host with globally routable addresses that + may change, but address changes are constrained to systems that + operate over or beyond the tunnel, including DNS servers and + + + +Thaler, et al. Informational [Page 11] + +RFC 5902 IPv6 NAT Considerations July 2010 + + + applications. These systems, however, are the ones that often + can already deal with changes today using mechanisms such as DNS + dynamic update. However, if endpoints and the tunnel + infrastructure devices are owned by different organizations, then + solutions are harder to incrementally deploy due to the incentive + and coordination issues involved. + + 3. Endpoints get a stable address that gets translated in the + network: In this class of solutions, end sites use non-globally- + routable addresses within the site, and translate them to + globally routable addresses somewhere in the network. In + general, this causes the loss of end-to-end transparency, which + is the subject of [RFC4924] and the documents it surveys. If the + translation is reversible, and the translation is indeed reversed + by the time it reaches the other end of communication, then end- + to-end transparency can be provided. However, if the two + translators involved are owned by different organizations, then + solutions are harder to incrementally deploy due to the incentive + and coordination issues involved. + + Concerning routing scalability, although there is no immediate + danger, routing scalability has been a longtime concern in + operational communities, and an effective and deployable solution + must be found. We observe that the question at hand is not about + whether some parties can run NAT, but rather, whether the Internet as + a whole would be willing to rely on NAT to curtail the routing + scalability problem, and whether we have investigated all the + potential impacts of doing so to understand its cost on the overall + architecture. If effective solutions can be deployed in time to + allow assigning provider-independent IPv6 addresses to all user + communities, the Internet can avoid the complexity and fragility and + other unforeseen problems introduced by NAT. + +4.1. Discussion + + As [RFC4924] states: + + A network that does not filter or transform the data that it + carries may be said to be "transparent" or "oblivious" to the + content of packets. Networks that provide oblivious transport + enable the deployment of new services without requiring changes to + the core. It is this flexibility that is perhaps both the + Internet's most essential characteristic as well as one of the + most important contributors to its success. + + We believe that providing end-to-end transparency, as defined above, + is key to the success of the Internet. While some fields of traffic + (e.g., Hop Limit) are defined to be mutable, transparency requires + + + +Thaler, et al. Informational [Page 12] + +RFC 5902 IPv6 NAT Considerations July 2010 + + + that fields not defined as such arrive un-transformed. Currently, + the source and destination addresses are defined as immutable fields, + and are used as such by many protocols and applications. + + Each of the three classes of solution can be defined in a way that + preserves end-to-end transparency. + + While we do not consider IPv6 NATs to be desirable, we understand + that some deployment of them is likely unless workable solutions to + avoiding renumbering, facilitating multihoming without adversely + impacting routing scalability, and homogeneity are generally + recognized as useful and appropriate. + + As such, we strongly encourage the community to consider end-to-end + transparency as a requirement when proposing any solution, whether it + be based on tunneling or translation or some other technique. + Solutions can then be compared based on other aspects such as + scalability and ease of deployment. + +5. Security Considerations + + Section 2 discusses potential privacy concerns as part of the Host + Counting and Topology Hiding problems. + +6. IAB Members at the Time of Approval + + Marcelo Bagnulo + Gonzalo Camarillo + Stuart Cheshire + Vijay Gill + Russ Housley + John Klensin + Olaf Kolkman + Gregory Lebovitz + Andrew Malis + Danny McPherson + David Oran + Jon Peterson + Dave Thaler + + + + + + + + + + + + +Thaler, et al. Informational [Page 13] + +RFC 5902 IPv6 NAT Considerations July 2010 + + +7. Informative References + + [Bellovin] Bellovin, S., "A Technique for Counting NATted Hosts", + Proc. Second Internet Measurement Workshop, + November 2002, + <http://www.cs.columbia.edu/~smb/papers/fnat.pdf>. + + [NANOG] "Extending the Life of Layer 3 Switches in a 256k+ Route + World", NANOG 44, October 2008, <http://www.nanog.org/ + meetings/nanog44/presentations/Monday/ + Roisman_lightning.pdf>. + + [RFC2993] Hain, T., "Architectural Implications of NAT", RFC 2993, + November 2000. + + [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, + A., Peterson, J., Sparks, R., Handley, M., and E. + Schooler, "SIP: Session Initiation Protocol", RFC 3261, + June 2002. + + [RFC4380] Huitema, C., "Teredo: Tunneling IPv6 over UDP through + Network Address Translations (NATs)", RFC 4380, + February 2006. + + [RFC4864] Van de Velde, G., Hain, T., Droms, R., Carpenter, B., and + E. Klein, "Local Network Protection for IPv6", RFC 4864, + May 2007. + + [RFC4924] Aboba, B. and E. Davies, "Reflections on Internet + Transparency", RFC 4924, July 2007. + + [RFC4948] Andersson, L., Davies, E., and L. Zhang, "Report from the + IAB workshop on Unwanted Traffic March 9-10, 2006", + RFC 4948, August 2007. + + [RFC4960] Stewart, R., "Stream Control Transmission Protocol", + RFC 4960, September 2007. + + [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, + "Session Traversal Utilities for NAT (STUN)", RFC 5389, + October 2008. + + [RFC5887] Carpenter, B., Atkinson, R., and H. Flinck, "Renumbering + Still Needs Work", RFC 5887, May 2010. + + + + + + + +Thaler, et al. Informational [Page 14] + +RFC 5902 IPv6 NAT Considerations July 2010 + + +Authors' Addresses + + Dave Thaler + Microsoft Corporation + One Microsoft Way + Redmond, WA 98052 + USA + + Phone: +1 425 703 8835 + EMail: dthaler@microsoft.com + + + Lixia Zhang + UCLA Computer Science Department + 3713 Boelter Hall + Los Angeles, CA 90095 + USA + + Phone: +1 310 825 2695 + EMail: lixia@cs.ucla.edu + + + Gregory Lebovitz + Juniper Networks, Inc. + 1194 North Mathilda Ave. + Sunnyvale, CA 94089 + USA + + EMail: gregory.ietf@gmail.com + + + Internet Architecture Board + + EMail: iab@iab.org + + + + + + + + + + + + + + + + + +Thaler, et al. Informational [Page 15] + |