On Nov 2, 2010, at 01:25 , Rémi Després wrote: > Le 31 oct. 2010 à 17:47, Roger Marquis a écrit : >> ... >> ... SCTP ... are examples of where statefulness is both required for >> security and where the same statefulness permits such applications and >> protocols to work seamlessly with NAT. > > SCTP depends on hosts knowing their global addresses, and the same holds for > SHIM6. > Both are therefore incompatible with all variants of NAT66 as specified today.
Actually, SCTP uses IP addresses in pretty much the same way as TCP and other connection-oriented transport protocols. From the perspective of a NAT, however, the requirements to maintain state for SCTP are quite a bit simpler than for TCP and other protocols. You only need to hold onto the interior and exterior IP addresses of the association endpoints, unified by the verification tag for each association. No port translation is necessary-- it's not even helpful for the purposes of address amplification. The addresses are amplified in the 32-bit verification tag, not the port numbers. -- james woodyatt <[email protected]> member of technical staff, communications engineering _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
