[Info-vax] implementing IPv6 on the internet

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Sat Sep 24 08:31:12 EDT 2016 

On 2016-09-23 20:59:40 +0000, David Froble said:

> Look, I'm not an expert at this stuff, but I have to ask, why is it so hard?
> 
> Right now, NAT somehow figures which internal address to send a 
> response coming back from the internet.  I think I read once that it 
> puts the internal IP address in the packet.  Don't know much about 
> that.  But if so, then at least returning packets via IPv6 could have 
> inside the packet the IPv4 address for the internal system.
> 
> As for connection attempts from outside, the sender would have to have 
> knowledge of the internal address, and perhaps places that in the 
> packet.
> 
> Not real clean, but, wouldn't it work?


The NAT device must maintain a list of which internal device is 
communicating with which external device, and via which port.  That's 
what is used to try to sort out incoming connections and associate 
those connections with an internal (outbound) connection, and it's why 
NAT falls on its face in more than a few circumstances, and why there's 
more than a little add-on baggage to work around NAT, and there's that 
NAT is really nasty to deal with.  Port forwarding also plays here, and 
that's a mess to deal with when there's some sort of fan-out in the 
incoming connections; when there's more than one internal host that's 
accessible.  Then there's the mess that NAT makes for VPNs.

If you have packets inside packets, that's tunneling.   Which is a pain 
around NAT, particularly when you have more than one connection to a 
remote host.   Those connections tend to get dropped, absent 
out-of-band mechanisms such as NAT Traversal.

https://en.wikipedia.org/wiki/NAT_traversal

What you're trying to reinvent here is 6to4, which is an approach that 
avoids having to create tunnels everywhere.   With 6to4 set up, 
incoming connections are using IPv6 and have the target address, so 
there's no need to deal with NAT.   This exists between your network 
and your relay server, and is necessary only as long as your connection 
is via IPv4.

https://en.wikipedia.org/wiki/6to4

Internal networks are running IPv6 already, and all modern clients and 
servers are dual-stack.   Even OpenVMS is dual-stack, though the 
OpenVMS IPv6 management and related mechanisms and OpenVMS application 
support is sketchy at best.






-- 
Pure Personal Opinion | HoffmanLabs LLC

More information about the Info-vax mailing list