<!DOCTYPE html PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'>
<html><head><meta http-equiv="Content-Type" content="text/html;charset=us-ascii">
<style>BODY{font:10pt Tahoma, Verdana, sans-serif}</style></head><body>
<DIV>If you have a full IPv6 network, using all the protocols, like dns registration, DHCP-V6 for assigning networks to routers, Neighbor Discovery both directions, so that DNS delegations can be automated, then as long as you reference everything by host name, it should all just work. It's been working that way for me, with the only having to update nameserver helper records once and a while.</DIV>
<DIV> </DIV>
<DIV>If you happen have your own address space, and with to managed it downstream, all the services can also be implmented easy so that your down streams don't have to do anything to make all the auto address assignment, and DNS work. </DIV>
<DIV> </DIV>
<DIV>If you're going to use IPv6, set up the infrastructure FIRST, so managing it doesn't get out of hand. If done right at all layers it just works, when you use names.</DIV>
<DIV> </DIV>
<DIV>--Dave</DIV><BR>
<BLOCKQUOTE style="BORDER-LEFT: #0000ff 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px">
<HR>
<B>From:</B> Scott [mailto:8f27e956@gmail.com]<BR><B>To:</B> FreeSWITCH Users Help [mailto:freeswitch-users@lists.freeswitch.org]<BR><B>Sent:</B> Mon, 24 Dec 2012 16:14:03 -0800<BR><B>Subject:</B> Re: [Freeswitch-users] NAT traversal - the final say..!<BR><BR>IPv6 is NOT a NAT cure all (it may look like it remedies IPv4 PORT-address-translations (PAT, not NAT) issues, but IPv6 brings its own issues to the table.<BR><BR>The intrinsic structure of the IPv6 address favors carriers/providers. Today, you get a global IPv4 WAN address and, typically, you then use a 10/8, 172/12, 192.168/16 LAN address schema. WITH IPv6 and WITHOUT IPv6-NAT (or NAT64), as an end user topology, the network portion of your carrier/provider IPv6 WAN address is, all other things being equal, propagated into LAN addresses schema on down to the deepest end points. If you subsequently change carrier/provider, then the network portion changes and, in this use case, ALL your LAN addressing MUST change accordingly. Things like statically addressed servers and router/switch ports, et al, ALL have to be re-configured.<BR><BR>WITH IPv6 and WITH IPv6-NAT (and/or NAT64), you can utilize an internal IPv6 LAN address schema that can then be 1:1 IPv6-NAT'ed to anything your carrier/provider throws at you, regardless of whether you change C/P or the C/P periodically changes your addresses. This true NETWORK-address-translation (NAT) affords a 1:1 address mapping, which eliminates the shortfalls of the current IPv4 PORT-address-translations (PAT, not NAT). Other reasons for inside-outside translations include topology hiding (security), et cetera.<BR><BR>Anyone with medium to large addressable end-points in their installations really needs to look at implementing IPv6 WITH -- repeat WITH -- IPv6-NAT (and/or NAT64) in the mix. <BR><BR>IMO, NAT will NOT BE DEAD in an IPv6 universe. PAT may be n-stage, but not NAT.<BR><BR><BR><BR>
<DIV class=gmail_quote>On 22 December 2012 23:19, Tim St. Pierre <SPAN><<A href="mailto:fs-list@communicatefreely.net">fs-list@communicatefreely.net</A>></SPAN> wrote:<BR>
<BLOCKQUOTE style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class=gmail_quote>Just throwing this out there -<BR><BR>As it's clear how many problems NAT causes, why don't we all step up the pressure on phone<BR>manufacturers and ISPs to provide working IPv6 implementations so we can put NAT behind us<BR> as soon as possible.<BR><BR>Just saying -<BR><BR>-Tim<BR><BR><BR>Cal Leeming [Simplicity Media Ltd] wrote:<BR>> *Any and all feedback on this thread would be much welcomed.*<BR>><BR>> Hello,<BR>> *<BR>
<DIV class=im>> *<BR>> There seems to be a large number of discussions surrounding NAT<BR>> traversal, as well as lots of documentation, but with no concrete answers.<BR>><BR>> The NAT related wiki documentation is tedious, and depending on the<BR>> outcome of this thread, I'd like to spend some time cleaning it up.<BR>><BR>> The most common problem (the same as ours) was having a router with<BR>> broken ALG and a softphone that does not seem to work with STUN.<BR>><BR>> The following REGISTER is sent from a phone.<BR>><BR></DIV>> REGISTER sip:<A href="http://1.2.3.4:5060/">1.2.3.4:5060</A> <<A href="http://1.2.3.4:5060/">http://1.2.3.4:5060</A>> SIP/2.0<BR>
<DIV class=im>> Via: SIP/2.0/UDP<BR>> 192.168.1.102:57787;branch=z9hG4bK-d8754z-b31b18401713de75-1---d8754z-;rport<BR>> Max-Forwards: 70<BR>> Contact: <sip:<A href="mailto:2000@192.168.1.102">2000@192.168.1.102</A>:57787;rinstance=0c7190b115a36513><BR></DIV>> To: "foxx"<<A href="http://sip:2000@1.2.3.4:5060">sip:2000@1.2.3.4:5060</A> <<A href="http://sip:2000@1.2.3.4:5060">http://sip:2000@1.2.3.4:5060</A>>><BR>
<DIV class=im>> From: "foxx"<<A href="http://sip:2000@1.2.3.4:5060">sip:2000@1.2.3.4:5060</A><BR></DIV>> <<A href="http://sip:2000@1.2.3.4:5060">http://sip:2000@1.2.3.4:5060</A>>>;tag=83311448<BR>
<DIV>
<DIV class=h5>> Call-ID: NGQyMjJkODlhMzQ1ZWY4ZDk4ZjZmZWRhODU0NWE5YWI.<BR>> CSeq: 7 REGISTER<BR>> Expires: 120<BR>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, SUBSCRIBE, NOTIFY,<BR>> REFER, INFO, MESSAGE<BR>> Supported: replaces<BR>> User-Agent: 3CXPhone 6.0.25732.0<BR>> Content-Length: 0<BR>><BR>> As you can see, the client's public IP is not specified<BR>> anywhere. FreeSWITCH offers several ways around this, the main ones being;<BR>><BR>> * NDLB-connectile-dysfunction<BR>> * NDLB-force-rport<BR>> * apply-nat-acl<BR>> * sip-force-contact<BR>><BR>> The one that has worked in our case was "NDLB-connectile-dysfunction"<BR>> (otherwise known as NAT HACK), however there seems to be a lot of<BR>> negative comments about using this.<BR>><BR>> From what I can tell, the general argument is that NAT HACK is<BR>> considered a non RFC compliant hack, and the SIP phones should be doing<BR>> a better job of keeping to the RFCs.<BR>><BR>> In principle, this is a fair argument - but in practise, it's not a<BR>> reasonable assumption that all phones are RFC compliant, and (imho) not<BR>> a reasonable argument to have this functionality disabled by default.<BR>><BR>> So, I'd like to present the following arguments;<BR>><BR>> * Are there any other negative aspects about<BR>> using NDLB-connectile-dysfunction, other than it is a non compliant RFC<BR>> hack?<BR>><BR>> * Why is NDLB-connectile-dysfunction not enabled by default when certain<BR>> conditions are met? In the event that FreeSWITCH receives a REGISTER<BR>> from a phone specifying a Contact/Via as <A href="http://192.168.0.0/16">192.168.0.0/16</A><BR></DIV></DIV>> <<A href="http://192.168.0.0/16">http://192.168.0.0/16</A>>, but received on a public IP, then it should be<BR>
<DIV class=im>> obvious that NAT is broken and automatically try to circumvent it.<BR>><BR>> * People seem to get confused between server side and client side NAT<BR>> problems, and that they both need to be resolved in a different way. The<BR>> documentation doesn't seem to reflect this clearly.<BR>><BR>><BR></DIV>> ------------------------------------------------------------------------<BR>
<DIV class=HOEnZb>
<DIV class=h5>><BR>> _________________________________________________________________________<BR>> Professional FreeSWITCH Consulting Services:<BR>> <A href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</A><BR>> <A href="http://www.freeswitchsolutions.com/">http://www.freeswitchsolutions.com</A><BR>><BR>> FreeSWITCH-powered IP PBX: The CudaTel Communication Server<BR>> <A href="http://www.cudatel.com/">http://www.cudatel.com</A><BR>><BR>> Official FreeSWITCH Sites<BR>> <A href="http://www.freeswitch.org/">http://www.freeswitch.org</A><BR>> <A href="http://wiki.freeswitch.org/">http://wiki.freeswitch.org</A><BR>> <A href="http://www.cluecon.com/">http://www.cluecon.com</A><BR>><BR>> FreeSWITCH-users mailing list<BR>> <A href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</A><BR>> <A href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</A><BR>> UNSUBSCRIBE:<A href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</A><BR>> <A href="http://www.freeswitch.org/">http://www.freeswitch.org</A><BR><BR><BR>_________________________________________________________________________<BR>Professional FreeSWITCH Consulting Services:<BR><A href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</A><BR><A href="http://www.freeswitchsolutions.com/">http://www.freeswitchsolutions.com</A><BR><BR>FreeSWITCH-powered IP PBX: The CudaTel Communication Server<BR><A href="http://www.cudatel.com/">http://www.cudatel.com</A><BR><BR>Official FreeSWITCH Sites<BR><A href="http://www.freeswitch.org/">http://www.freeswitch.org</A><BR><A href="http://wiki.freeswitch.org/">http://wiki.freeswitch.org</A><BR><A href="http://www.cluecon.com/">http://www.cluecon.com</A><BR><BR>FreeSWITCH-users mailing list<BR><A href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</A><BR><A href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</A><BR>UNSUBSCRIBE:<A href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</A><BR><A href="http://www.freeswitch.org/">http://www.freeswitch.org</A><BR></DIV></DIV></BLOCKQUOTE></DIV><BR></BLOCKQUOTE>
<STYLE>
</STYLE>
<DIV> </DIV>
<DIV> </DIV></body></html>