> SIP, SCTP and P2P are examples of where statefulness is both required > for security and where the same statefulness permits such applications > and protocols to work seamlessly with NAT.
SIP works through NAT if you implement ICE, STUN and TURN. That is, SIP developers have engineered with great pain a set of workarounds that mostly works through most NAT. There are still residual cases where it breaks, e.g. some pathological NAT. The workarounds have significant deployment costs, e.g. TURN servers in the DMZ, and significant run time overhead, e.g. constant flow of state maintenance packets with their cost in traffic overhead and battery life. Saying that "stateful NAT enables SIP" is only right in some Orwellian twist of the word "enables." As for P2P, I don't know what you refer to. P2P protocols based on TCP-IP mostly don't work through NAT, although they can be made to work through some NAT if one deploys TCP > IPv6 > Teredo -- another of those "interesting" engineering efforts designed to alleviate the effects of NAT. Saying that P2P works seamlessly with NAT smells of Alice in Wonderland... -- Christian Huitema _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
