[e2e] Internet Draft and survey on P2P in the presence of NAT
Bryan Ford
baford at mit.edu
Wed Apr 9 16:43:22 PDT 2003
Quoting out of order from Christian's message:
> When it comes to NAT traversal, Bryan's survey omits an important
> reference, the UPNP "Internet Gateway Device" specification, available
> at:
Actually, there _is_ a reference to that exact link in the draft, right there
along with MIDCOM, RSIP, and SOCKS5. :)
Although I recognize that there is unfortunately a need for these protocols, I
shudder at the prospect of getting my P2P application working in a future
where my UPnP NAT router at home sits behind my ISP's external NAT which
speaks MIDCOM instead... Ugh. "How many lines of code" indeed.
> I certainly agree with Dave -- the way out of the NAT morass is to get
> global addresses, so P2P applications don't have to incorporate this
> kind of NAT traversal logic. The obvious solution is IPv6, including:
I agree that IPv6 is "the obvious solution"; unfortunately my pessimistic side
is forced to wonder if IPv6 actually _would_ solve the problem. Suppose we
could snap our fingers and have all our worldwide IPv4 infrastructure be
upgraded to IPv6 overnight. Even if IP addresses became plentiful, ISPs
would probably still charge more for several than they do for one, just
because they can. Modern business practice is all about differentiation of
services, creating scarcity even where there technically isn't one. And
customers will still get around it by taking that one IP address and running
a NAT on it.
Even if ISPs are generous and give all their customers as many IPv6 addresses
as they want, making the NAT functions of NAT/firewall boxes obsolete, that
won't make the firewall part obsolete. Individuals and corporations alike
will still install firewalls and configure them to block all
apparently-unsolicited incoming TCP or UDP connections, because doing so
simply makes good security sense and reduces practical vulnerability even if
it is far from an end-all security solution. And as long as firewalls are
blocking incoming connections, tricks like UDP hole punching or the use of
protocols like UPNP or MIDCOM will be needed in order to make P2P
applications work. For better or worse I fear we're in this for the long
haul.
Bryan
More information about the end2end-interest
mailing list