Hi there, > Many applications have two channels, one is data channel, the other is > control channel, both have different ports, > so we need ALG to help these protocols to cut through FW, i think it is a > pretty important feature and > it has been surpported by almost every manufacturer on their NAT devices.
It has been supported with varying success. Take RFC5389 and the XOR-MAPPED-ADDRESS, where the STUN protocol where forced to hide IP addresses in the payload because misguided ALGs rewrote them. ALGs are often more of a hinderance to application developers than not. ALGs are hard to get right, and they lead to ossification. It is easier to write application if you have a predictable network. Any application on todays network either uses port 443 or it has to deal with NAT traversal. The IPv4 Internet wth address exhaustion is evolving. Address sharing is a fundamental part of the architecture now. Take mechanisms like MAP-E (RFC7597) where ALGs will not be included. If you have a specific request for a particular application we can talk about it. But in general my stance is "not the network's problem to solve". Best regards, Ole
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
