H.323 and NAT

[Tom-PT Taylor]

How about a protocol that allows applications to discover NAT operating
in front of them and obtain external/local address pairs in advance of
use?

> -----Original Message-----
> From: Annika Kilegran [SMTP:Annika.W.Kilegran at TELIA.SE]
> Sent: Monday, March 09, 1998 4:06 AM
> To:   ITU-SG16 at MAILBAG.INTEL.COM
> Subject:      H.323 and NAT
>
> Network Address Translation (NAT) is used as a solution to the
> problem of few available IPv4 addresses. The idea is to use private
> addresses within a domain and when IP traffic leaves or enters the
> internal network the address fields are translated between the public
> IP
> addresses and the corresponding private address. A private address is
> only associated with a public address when the node communicates
> externally. By using this mechanism it is possible to have many more
> IP
> nodes in the private domain then the number of assigned public IP
> addresses to that domain. NAT is a defacto solution to connect for big
> groups of users.
>
>
> The combination of NAT and applications exchanging IP addresses in the
> protocol (like H.323 does) creates problems.
> The applications are either broken, or gets more difficult to run.
> There are different solutions for how to be able to run these
> application in combination with NAT. We list the
> alternatives in the bottom of this mail.
>
> Does anybody on the mailing have an opinion?
> For instance, a Gatekeeper might have to interact with the NAT
> (co-located), and possibly act as an application gateway.
> By the way the question might com up on the DAVIC meeting next week.
>
> Best regards,
>
> Annika Kilegran
>
> **********************************************************************
> Telia Research
> S-136 80 HANINGE, Sweden
> Tel +46 8 707 55 15
> Fax +46 8 707 53 10
> Email: annika.w.kilegran at telia.se
> **********************************************************************
> *
>
>
> The differnt alternatives:
> -----------------------------
> 1) Use an Application layer gateway, that translates addresses in the
> application protocol. Used today for FTP.
> Will work, but will be quite complex for H.323. The Application layer
> gateway would typically be co-located with the NAT-box.
>
> 2) Use the location of servers, and the configuration of servers and
> clients to overcome the problem.
> DNS is handled this way today. Seems not to work for H.323.
>
> 3) A combination of alternatives1 and 2 should be possible, and may
> acheive a lesser complexity than 1.
>
> 4) NAT bypass using tunneling over the
> local network. The global address is
> available in the host and is used in the application, removing the
> problem. This kind of solution have been
> proposed in contributions to IETF.
>
> 5) Skip NAT altogether. Instead use IPv.6, or something like NNAT (No
> NAT) for IPv.4. NNAT will completely replace NAT, and uses DHCPv.6 for
> assigning global addresses. NNAT remains to be specified for
> IPv.4 operation.