[Csci551-talk] Re: Csci551-talk digest, Vol 1 #69 - 2 msgs

Dwipal Desai dwipalde@usc.edu
Mon, 27 Jan 2003 13:43:46 -0800 

Hi
Well you are right, i couldnt practically find a thing that the NAT box
that we have currently does not do. but as u said, it does it by
"tricks", and tricks are something we dont want (like in FTP server
example, u cant use 2 FTP servers unless u change the standard port of
one of them). another example which i had great trouble behind the NAT
was using X-Term. I had used port forwarding for port 6000 on my laptop.
but then my desktop wont work with XTerm unless i change the default
port. and more of that, we have 5 computers behind NAT, and if everyone
want to use X-Term, then i am sure things will be pretty much out of
control, specially when you use DHCP.(Turnaround for this is i used SSH
Tunneling). there might be really smart applications that can handle all
this like mapping your mac address and then automatically updating the
port forwarding when you plug in your computer, but then there is
definitely a "crack" somewhere in the middle of the stack. The Hourglass
paper has the best diagram for this.

As the NAT boxes are evolving, they are becoming more and more powerful
and are providing more and more services. So you can say that it is
definitely solving the End to End argument (though its doing it by
"tricks"). What i feel is that IPV6 would just be a better replacement
once it is widespread so that we dont have to do any "tricks" for IP
Sharing.

What i think about NAT is exactly the opposite of end to end, in
end-to-end, we discussed that you put some advanced features in the
lower layer, and then they are reflected to the upper layers. In NAT, we
are just doing the opposite thing. We want features on upper layers, so
we are changing (patching) the lower layer for them. (May be this is
also a form of the end-to-end argument which NAT solves).

Regards
-Dwipal


On Mon, 2003-01-27 at 13:22, JongAm Park wrote:
> Hello.
> 
> Thank you for your explaining of NAT box. However there is something
> I'd like to ask you.
> 
>  > If we consider the "end to end" arguments for NAT boxes, first of all,
>  > (in my view) an IP network does a bunch of other things then just
>  > routing the packets, like QoS, security, etc. Now when we talk about the
>  > NAT boxes, how they are made is they rip off the current IP header in
>  > the packet and replace it with a new one. That might create a loss of
>  > certain information that you wish to pass on in the header.
>  >
> 
> Could you tell me more information about what the NAT box doesn't
> maintain some information in a IP header?
> 
> 
> > Well, also, try using VPN to our USC network when you are behind the NAT
> > boxes. It wont work. What i mean to say that thought NAT boxes perform a
> > great job in providing service to the machines behind it, it does remove
> > some of the features that might be essential for proper functioning of
> > the IP network. Another example that wont work from a NAT box is Napster
> > or Kaaza. For kaaza, you can download from other people's machines but
> > they cant download from your machine. So NAT boxes might qualify in the
> > end to end argument if u remove certain services from the "ends", but
> > not always. In short, it definitely does not fit exactly and "cleanly"
> > in the structure (The best diagram for this is from the hourglass paper
> > which we discussed). 
> 
> Well, there is something I'd like to you add your explanation.
> If you are talking about PURE NAT boxes, your above metioning can be
> right. However most NAT boxes are not made so.
> I've used Napster and Kazza with my NAT boxes well. Actually what I used
> was a bad one. Better ones do that in better way.
> Anyway they make that kind of service by port mapping.
> Portmapping works quite well. However, there is some problems with it.
> Let's assume that there are 3 PCs in your private network isolated by
> a NAT box. On 2 PCs, there can be FTP servers for their own purpose.
> The NAT box can map FTP port to one of the two FTP servers IP and its
> FTP port. ( Let's assume that the FTP ports used are the standard one. )
> Then you can't use one of the two FTP servers from outside of your 
> private network, because you can't map two
> internal IPs and ports to one port of the NAT box.
> 
> VPN can be a problem, though. However there is a work-around for that.
> It's said to be called, "NAT Transparency".
> 
> Well, you can use virtually anything with your NAT box, however it
> prevents smooth integration with existing network as you can see. :)
> 
> > 
> > If we talk about the whole network hidden by the NAT box as one end,
> > "hiding" is not very exactly what we want to do as there are better and
> > cleaner methods of doing the same thing. NAT is mainly created to
> > provide access to machines on the internal network without the need of
> > giving them a live IP. Actually, you can call NAT as "PROXY IP". Just
> > like a application level proxy server, we use it because we dont have
> > much choice. I might also be totally wrong in this, but this is what i
> > think about.
> > 
> 
> It has easier term, IP sharing.
> 
> Why do we talk about NAT boxes, or IP sharing box? Does it have problem
> with end-to-end argument? Well, yes, so far. NAT boxes achieve their
> goals using tricky method, I mean that it's not usual method. So, that
> point makes it have problem with end-to-end argument.
> 
> However, things are changing. If there is some problems then there are
> solutions and future hardware and software, or new standard will try to
> handle it. I have no idea what method current newest IP sharing boxes
> use. There are alreay IP sharing box which uses USB as its network
> facility. They probably use TCP/IP over USB and it doesn't have 
> problems. (Let's hope. :) )
> 
> Anyway, if you want to find out some good IP sharing box, you can
> visit here, http://www.airlinktek.com/
> There is an english page. I think you can find information about
> their porducts there.
> 
> With their products, you can use these features :
> 
>    DMZ host
>    Port mapping
>    PPTP/IPsec VPN support
>    H.323 support
>    MSN messenger support ( Some NAT boxes have problems with MSN messenger)
>    VoIP without any setting :  DialPad, WowCall, TeleFree
>    Battlenet support
>    IP phone / Web Camera support
>    Switching Hub included
>    PPPoE support
>    etc..
> 
> Some IP sharing box even support DDNS (Dynamic DNS ).
> Reenet's one is pretty good, but I'm sorry that there is no
> English page. http://www.reenet.co.kr/
> 
> Anyway what they show is that NAT boxes are also evolving, and
> end-to-end argument problem can be solved someway.
> 
> 
> 
>