NAT遍历和IPv6 [英] NAT Traversal and IPv6
问题描述
一旦IPv6的部署和使用量增加,我对NAT和NAT遍历机制的实用性感到好奇.我们有太多的NAT遍历机制(包括专有的),主要是针对某些住宅或企业NAT背后的IPv4设备/客户端的.既然NAT是由于IPv4中缺少可用地址而产生的,那么由于IPv6具有足够的地址,在未来几年中广泛使用IPv6后,它是否有可能成为冗余?
I am curious about the usefulness of NAT and NAT traversal mechanisms once the deployment and usage of IPv6 increases. We have so many NAT traversal mechanisms (including proprietary) which are intended for mainly IPv4 devices/clients which are behind some kind of residential or enterprise NAT's. Given that NAT came about because of the lack of available addresses in IPv4, is it likely to become redundant once IPv6 is adopted widely in the coming years since IPv6 has enough addresses?
当然,我确实知道IPv6的采用不会一overnight而就,这是一个逐步而痛苦的过程.在此期间,设备将必须支持某种双协议栈(IPv4和IPv6),或者某些网络实体将在两者之间进行转换.我相信,即使在IPv6世界中,防火墙也将继续存在,以保护最终用户并提供一定的安全性.
Of course, I do understand that adoption of IPv6 will not happen overnight and it is a gradual and painful process. And during this time, devices will have to support some sort of dual stack (IPv4 and IPv6) OR some network entity will do the translation between the two. I believe the firewalls will continue to exist to protect the end users and provide some security even in IPv6 world.
就标准化而言,IETF对NAT问题的态度如何?鉴于他们在这期间都忽略了NAT,从而导致协议破裂.
What is the attitude of IETF towards the NAT issue as far as standardization is concerned? given that they have ignored NAT all this while which thus led to broken protocols.
我希望有人能对此有所启发.
I hope someone can throw some light on this.
推荐答案
对于IPv6,避免依赖IP地址作为主机标识符仍然很明智.引入标准化网络前缀转换器的建议,例如 I-D.mrw-nat66 ,似乎从未离出版太远.但是,更重要的是,防火墙不会很快消失,请参见c.f.. ID.ietf-v6ops-cpe-simple-security .尽管您可能不必担心前缀或地址转换会破坏应用程序,但可以预期,无处不在的防火墙将继续干扰应用程序协议,并要求您执行与IPv4/NAT相同的所有基本遍历方法以维护状态记录在应用程序路径上的中间框中.
With IPv6, it will still be smart to avoid relying on IP addresses as host identifiers. Proposals to introduce standardized network prefix translators, e.g. I-D.mrw-nat66, never seem to be too far away from publication. More importantly, however, is that firewalls won't be going away anytime soon, c.f. I-D.ietf-v6ops-cpe-simple-security. While you may not have to worry about prefix or address translation breaking your applications, you can expect that ubiquitous firewalls will continue to interfere with application protocols and require you to do all the same basic traversal methods that IPv4/NAT entails in order to maintain state records in the middleboxes on your application paths.
这篇关于NAT遍历和IPv6的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
