undefined | Better HN

0 pointsgabereiser2y ago0 comments

>”So every owner of a ipv4 would get, say, an entire 32 bit space that routes over existing IPv4 infrastructure.”

So… NAT.

0 comments

No. There would be no NAT box holding IP-port mappings in its internal memory, with the related timeouts, flakiness, port clobbering etc. and no packet re-writing. All routing decisions would be static, based on information in the IP header: the legacy outside routers would just examine the legacy part of the IP address and packet, while the internal IPv4.1 would use the extended bits. So just like any packet routing and without translation.

Critically, this solves the cold start and connectability problem of NAT: if you get a packet addressed to your outside IP, to a port that has no memorized mapping, to what internal IP do you send it to? Lacking a static or UPnP port assignment, it can only be dropped. The extended packet format would provide this information for every packet, the upgraded outside host would tell you what upgraded internal host it wants to talk to.

thelastparadise2y ago

It sounds nice on paper but typically we don't want unsolicited packets to reach internal hosts.

Yes, NAT is not a firewall --yet we don't see admins eager to put random lan hosts in the DMZ or enable UPnP.

throw0101c2y ago

This is solved by statefulness: the router/firewall can be told to drop by default any unsolicited connections.

It's how things work with IPv6, which doesn't have NAT (by default): just because a host has a globally routable address does not mean it is reachable by default.

cornholio2y ago

You won't have the "NAT as a firewall" dilemma because there would be no NAT - this whole thought experiment would take place in the 1996 era, before the explosion of NATs. Expecting your /32 gateway to do any firewalling wouldn't be too different from expecting your ISP to do the same for the entire city at the /18 level.

GoblinSlayer2y ago

Is UPnP really unsolicited?

dtech2y ago

Not really, since in this proposal you'd still have the end-to-end routability that NAT prevents

j / k navigate · click thread line to collapse

0 comments

cornholio2y ago

thelastparadise2y ago

It sounds nice on paper but typically we don't want unsolicited packets to reach internal hosts.

Yes, NAT is not a firewall --yet we don't see admins eager to put random lan hosts in the DMZ or enable UPnP.

throw0101c2y ago

This is solved by statefulness: the router/firewall can be told to drop by default any unsolicited connections.

It's how things work with IPv6, which doesn't have NAT (by default): just because a host has a globally routable address does not mean it is reachable by default.

cornholio2y ago

GoblinSlayer2y ago

Is UPnP really unsolicited?

dtech2y ago

Not really, since in this proposal you'd still have the end-to-end routability that NAT prevents

j / k navigate · click thread line to collapse