[VOIPSEC] IPv6 and the demise (or not) of NAT (was Re: Interactive Connectivity Establishment (ICE))

Randell Jesup rjesup at wgate.com
Tue Nov 15 17:09:32 CST 2005 

"Dan Wing" <dwing at cisco.com> writes:
>Thanks.  I'll see if Cullen (the author of
>draft-jennings-behave-test-results) can get those routers and do another
>round of tests.  Having accurate information is useful for everyone.

        Few if any of those NATs are still in production (at least with
those firmware revs).  Sometimes the same "model" is available, but
the hardware and software may be totally different (witness the Netgear
614 in original/v2/3/4/5/6 variants - and that's just the hardware).  DLink
614's have different CPUs (ARM vs MIPS) depending on the version.

        There's a site out there collecting NAT configuration info, though
not what is needed here (portforward.com).  On a 1620x1280 screen in my
browser there are 6 pages of 4 columns of routers.  They have 52 DLink
models alone - and that's not counting firmware revs, or units with the
same model number and UI but different hardware.

>The IETF BEHAVE document draft-ietf-behave-nat-udp-04.txt specifies
>non-symmetric NAT behavior in order to avoid media relays.  When that
>document goes to RFC vendors can declare a NAT device to be 'compliance with
>RFCxxx' and consumers can decide to purchase those RFC-compliant devices,
>decide to pay (directly or indirectly) for a media relay service with a
>non-RFC-compliant device or with their RFC-compliant device (if they feel
>the media relay and symmetric NAT behavior offer 'better security').

        When was the last time someone went into CompUSA and asked for an
RFC 1234-compliant router?

        They _might_ be trained to look for a symbol/label associated with
"works for VoIP" or "VoIP certified" or "Vonage certified", etc.  The
problem is explaining to the user why they need this without causing their
head to explode - and getting all the router makers to add that to their
packaging in a prominent place.  Uh huh, that will happen easily...

-- 
Randell Jesup, Worldgate (developers of the Ojo videophone), ex-Amiga OS team
rjesup at wgate.com

More information about the Voipsec mailing list