rfc4966.Reasons to Move the Network Address Transl

legacy78920
4 ℃
2020-06-29

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

NetworkWorkingGroupC.AounRequestforComments:4966EnergizeUrnetObsoletes:2766E.DaviesCategory:InformationalFollyConsultingJuly2007ReasonstoMovetheNetworkAddressTranslator-ProtocolTranslator(NAT-PT)toHistoricStatusStatusofThisMemoThismemoprovidesinformationfortheInternetcommunity.ItdoesnotspecifyanInternetstandardofanykind.Distributionofthismemoisunlimited.CopyrightNoticeCopyright(C)TheIETFTrust(2007).AbstractThisdocumentdiscussesissueswiththespecificformofIPv6-IPv4protocoltranslationmechanismimplementedbytheNetworkAddressTranslator-ProtocolTranslator(NAT-PT)definedinRFC2766.TheseissuesaresufficientlyseriousthatrecommendingRFC2766asageneralpurposetransitionmechanismisnolongerdesirable,andthisdocumentrecommendsthattheIETFshouldreclassifyRFC2766fromProposedStandardtoHistoricstatus.Aoun&DaviesInformational[Page1]RFC4966NAT-PTIssuesAnalysisJuly2007TableofContents1.Introduction.........................32.IssuesUnrelatedtoanDNS-ALG................72.1.IssueswithProtocolsEmbeddingIPAddresses.......72.2.NAPT-PTRedirectionIssues................82.3.NAT-PTBindingStateDecay................82.4.LossofInformationthroughIncompatibleSemantics....92.5.NAT-PTandFragmentation.................102.6.NAT-PTInteractionwithSCTPandMultihoming.......112.7.NAT-PTasaProxyCorrespondentNodeforMIPv6......122.8.NAT-PTandMulticast...................123.IssuesExacerbatedbytheUseofDNS-ALG...........133.1.NetworkTopologyConstraintsImpliedbyNAT-PT......133.2.ScalabilityandSinglePointofFailureConcerns.....143.3.IssueswithLackofAddressPersistence.........153.4.DoSAttacksonMemoryandAddress/PortPools.......164.IssuesDirectlyRelatedtoUseofDNS-ALG..........164.1.AddressSelectionIssueswhenCommunicatingwithDual-StackEnd-Hosts...................164.2.Non-GlobalValidityofTranslatedRRRecords.......184.3.InappropriateTranslationofResponsestoAQueries...194.4.DNS-ALGandMulti-AddressedNodes............194.5.LimitationsonDeploymentofDNSSecurityCapabilities..195.ImpactonIPv6ApplicationDevelopment............206.SecurityConsiderations...................207.Conclusion..........................218.Acknowledgments.......................229.References..........................229.1.NormativeReferences...................229.2.InformativeReferences..................23Aoun&DaviesInformational[Page2]RFC4966NAT-PTIssuesAnalysisJuly20071.IntroductionTheNetworkAddressTranslator-ProtocolTranslator(NAT-PT)document[RFC2766]definesasetofnetwork-layertranslationmechanismsdesignedtoallownodesthatonlysupportIPv4tocommunicatewithnodesthatonlysupportIPv6,duringthetransitiontotheuseofIPv6intheInternet.[RFC2766]specifiesthebasicNAT-PT,inwhichonlyaddressesaretranslated,andtheNetworkAddressPortTranslator-ProtocolTranslator(NAPT-PT),whichalsotranslatestransportidentifiers,allowingforgreatereconomyofscarceIPv4addresses.ProtocoltranslationisperformedusingtheStatelessIP/ICMPTranslationAlgorithm(SIIT)definedin[RFC2765].Inthefollowingdiscussion,wherethetermNAT-PTisusedunqualified,thediscussionappliestobothbasicNAT-PTandNAPT-PT.BasicNAT-PTwillbeusedifpointsapplytothebasicaddress-onlytranslator.AnumberofpreviousdocumentshaveraisedissueswithNAT-PT.Thisdocumentwillsummarizetheseissues,noteseveralotherissuescarriedoverfromtraditionalIPv4NATs,andidentifysomeadditionalissuesthathavenotbeendiscussedelsewhere.Proposedsolutionstotheissuesarementionedandanyresultingneedforchangestothespecificationisidentified.WhereasNATisseenasanongoingcapabilitythatisneededtoworkaroundthelimitedavailabilityofgloballyuniqueIPv4addresses,NAT-PThasadifferentstatusasatransitionmechanismforIPv6.Assuch,NAT-PTshouldnotbeallowedtoconstrainthedevelopmentofIPv6applicationsorimposelimitationsonfuturedevelopmentsofIPv6.Thisdocumentdrawstheconclusionthatthetechnicalandoperationaldifficultiesresultingfromtheseissues,especiallythepossiblefutureconstraintsonthedevelopmentofIPv6networks(seeSection5),makeitundesirabletorecommendNAT-PTasdescribedin[RFC2766]asageneralpurposetransitionmechanismforintercommunicationbetweenIPv6networksandIPv4networks.Althoughthe[RFC2766]formofpackettranslationisnotgenerallyapplicable,itislikelythatinsomecircumstancesanodethatcanonlysupportIPv4willneedtocommunicatewithanodethatcanonlysupportIPv6;thisneedsatranslationmechanismofsomekind.Althoughthismaybebettercarriedoutbyanapplication-levelproxyortransport-layertranslator,theremaystillbescenariosinwhicharevised,possiblyrestrictedversionofNAT-PTcanbeasuitablesolution;accordingly,thisdocumentrecommendsthattheIETFshouldreclassifyRFC2766fromProposedStandardtoHistoricstatustoAoun&DaviesInformational[Page3]RFC4966NAT-PTIssuesAnalysisJuly2007avoiditfrombeingusedininappropriatescenarioswhileanyreplacementisdeveloped.ThefollowingdocumentsrelatingdirectlytoNAT-PThavebeenreviewedwhiledraftingthisdocument:oNetworkAddressTranslation-ProtocolTranslation(NAT-PT)[RFC2766]oStatelessIP/ICMPTranslationAlgorithm(SIIT)[RFC2765]oNAT-PTApplicabilityStatement[NATP-APP]oIssueswithNAT-PTDNSALG(ApplicationLayerGateway)inRFC2766[DNS-ALG-ISSUES]oNAT-PTDNSALGSolutions[DNS-ALG-SOL]oNAT-PTSe