Re: Multi-homed SCTP with NAT - Marcelo Ricardo Leitner

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: linux-sctp@vger.kernel.org
Subject: Re: Multi-homed SCTP with NAT
Date: Wed, 22 Nov 2017 18:55:54 +0000	[thread overview]
Message-ID: <20171122185554.GC3380@localhost.localdomain> (raw)
In-Reply-To: <BY2PR03MB409F0A6B2B29B20B0201BCCD62E0@BY2PR03MB409.namprd03.prod.outlook.com>

On Thu, Nov 16, 2017 at 03:21:55PM +0000, Butler, Peter wrote:
> Are there any Linux tools/tricks/hacks that would allow us to setup
> a multi-homed association through a NAT?

Not really, because

> 
> I am aware of the information in the SCTP Applicability Statement
> (RFC 3257), however the NAT in question does not have an internal
> Application Layer Gateway (ALG) capable of intelligently translating
> the additional IP addresses embedded within the INIT and INIT ACK
> chunks (only the addresses in the IP header are translated).  As
> such, these additional address do not get translated to addresses
> that the remote end understands.

If you're really leveraging multi-homing, the router doing NAT for the
INIT chunk may not even know the public address for the other path,
rendering it unable to do the translation even if it knew how to
mangle the INIT chunk.

And the router on the secondary path may not know about the
association at all until a HEARTBEAT or so comes through.

In order to do it right we need
https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-natsupp
but we don't have that. (note that even the VTAG should be translated)

As already suggested, probably setting up tunnels between the
endpoints and avoiding the translation at all is a better way to go.

  Marcelo

next prev parent reply	other threads:[~2017-11-22 18:55 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-16 15:21 Multi-homed SCTP with NAT Butler, Peter
2017-11-17 12:35 ` Neil Horman
2017-11-21 14:15 ` David Laight
2017-11-21 17:03 ` Butler, Peter
2017-11-22 18:55 ` Marcelo Ricardo Leitner [this message]
2017-11-22 19:15 ` Michael Tuexen
2017-11-22 19:33 ` Marcelo Ricardo Leitner
2017-11-22 19:37 ` Butler, Peter
2017-11-22 20:19 ` Michael Tuexen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171122185554.GC3380@localhost.localdomain \
    --to=marcelo.leitner@gmail.com \
    --cc=linux-sctp@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.