Re: Problems with removing NAT from a network

[Owen DeLong <owen () delong com>]

On Jan 7, 2011, at 6:32 AM, Jack Bates wrote:

> On 1/7/2011 4:44 AM, Dobbins, Roland wrote:
> > Yes, it has.  There're lots of issues with embedding IP addresses
> > directly into apps and so forth which have nothing to do with NAT.
>
> Embedding into apps isn't the same as embedding into protocol packets. While NAT and stateful firewalls do tend to 
> break with embedded addresses that they don't know to check for, it's still not a bad idea.
> I was fixing to complain that the IPv6 designers didn't take the chance to add the embedding to the Packet headers, 
> when it occurs to me, they made the headers nice and extensible.
>
> It also baffles me as to why applications such as skype dealing with NAT64 can't use the compatibility addressing to 
> start communicating with v4 hosts from a v6 only NIC. I thought this was already a fixed problem not requiring DNS to 
> deal with. It's not like NAT46 (anyone actually publish such a hideous protocol?), which requires really messy state 
> tables bidirectionally for everything and DNS rewrites.
>
> Jack

Compatibility addresses don't work on the wire. They're not supposed to. It's a huge problem if they do.

Compatibility addresses allow you to write an IPv6 application, run it on a dual-stacked host and talk to
the IPv4 and IPv6 remote systems as if all of them are IPv6 hosts. The IPv4 hosts appear to come
from the IPv6 range ::ffff:ip:v4 which is often presented to the user as ::ffff:i.p.v.4 .

Hope that clarifies things.

Owen