[LINK] There goes the neighbourhood...

Kim Holburn kim at holburn.net
Wed May 11 19:58:58 AEST 2011 

On 2011/May/11, at 7:12 PM, Paul Brooks wrote:

> On 11/05/2011 6:51 PM, Kim Holburn wrote:
>> The main reason NAT is a problem for VOIP/SIP/H323 is that they put IP addresses in the data.  If they relied on IP headers like every sensible protocol designer it would never have been an issue.  You wouldn't need STUN servers or anything else.  Just the packets.  The other fault is that they splatter udp connections with lots of ports.  Not necessary.
> 
> However, when the IP addresses that need to be transported around refer to third-party
> hosts (i.e. neither of the source or destination hosts of the IP stream) there isn't
> really anywhere else to stuff them than inside the data fields being transported. Not
> every problem is solved by  a simple bilateral protocol like Telnet.

If both the source and destination are private then no amount of stuffing is going to help.  Packets need the right addresses.  Putting the IP addresses in the data doesn't help anyone.  Routers don't have access to the data, only the headers.  I'm not sure why the designers of those protocols did that.  It was probably before the widespread use of NAT.  Still a lot of P2P protocols get around the problem of both parties being behind a NAT.

> NAT is a problem because NAT is the problem. Remove the need for NAT as IPv6 allows,
> and voila there is no longer any problem with having IP addresses embedded within data
> streams, since they no longer have to be munged.

But will present a lot of people with other problems - like it will break the old internet adage: "On the internet nobody knows you're a dog."  NAT isn't all bad.

> OK, they could have embedded DNS names instead of IP addresses, but at the time small
> fixed-length rather than long variable length fields were considered better.

No they couldn't have, that just adds a DNS lookup to the mix.  If you can make a connection you only need the IP addresses in the headers.  If you can't make a connection it doesn't matter.  


-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list