[e2e] Internet Draft and survey on P2P in the presence of NAT

Bryan Ford baford at mit.edu
Wed Apr 9 16:43:22 PDT 2003


Quoting out of order from Christian's message:
> When it comes to NAT traversal, Bryan's survey omits an important
> reference, the UPNP "Internet Gateway Device" specification, available
> at:

Actually, there _is_ a reference to that exact link in the draft, right there 
along with MIDCOM, RSIP, and SOCKS5. :)

Although I recognize that there is unfortunately a need for these protocols, I 
shudder at the prospect of getting my P2P application working in a future 
where my UPnP NAT router at home sits behind my ISP's external NAT which 
speaks MIDCOM instead...  Ugh.  "How many lines of code" indeed.

> I certainly agree with Dave -- the way out of the NAT morass is to get
> global addresses, so P2P applications don't have to incorporate this
> kind of NAT traversal logic. The obvious solution is IPv6, including:

I agree that IPv6 is "the obvious solution"; unfortunately my pessimistic side 
is forced to wonder if IPv6 actually _would_ solve the problem.  Suppose we 
could snap our fingers and have all our worldwide IPv4 infrastructure be 
upgraded to IPv6 overnight.  Even if IP addresses became plentiful, ISPs 
would probably still charge more for several than they do for one, just 
because they can.  Modern business practice is all about differentiation of 
services, creating scarcity even where there technically isn't one.  And 
customers will still get around it by taking that one IP address and running 
a NAT on it.

Even if ISPs are generous and give all their customers as many IPv6 addresses 
as they want, making the NAT functions of NAT/firewall boxes obsolete, that 
won't make the firewall part obsolete.  Individuals and corporations alike 
will still install firewalls and configure them to block all 
apparently-unsolicited incoming TCP or UDP connections, because doing so 
simply makes good security sense and reduces practical vulnerability even if 
it is far from an end-all security solution.  And as long as firewalls are 
blocking incoming connections, tricks like UDP hole punching or the use of 
protocols like UPNP or MIDCOM will be needed in order to make P2P 
applications work.  For better or worse I fear we're in this for the long 
haul.

Bryan





More information about the end2end-interest mailing list