Especially interesting for ISP deployments and product offerings is the capability of modern Multiprotocol Label Switching (MPLS) implementations (edge routers) to configure NAT between MPLS virtual private networks (VPNs) with overlapping address space (for example, extranets) and the global routing table.
NAT-T (NAT Traversal) essentially sums up attempts to reduce issues of tunnel deployments and protocol traversal in the context of NAT gateways. For more information, see the IETF draft document "Negotiation of NAT-Traversal in the IKE" (referenced in the "Recommended Reading" section at this end of this chapter), a self-description of which follows:
This document describes how to detect one or more network address translation devices (NATs) between IPSec hosts, and how to negotiate the use of UDP encapsulation of IPSec packets through NAT boxes in Internet Key Exchange (IKE).
With regard to NAT-hostile protocols, the current approach of choice to remedy the problem is described in RFC 3489, "STUN-Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translation." In addition, consult RFC 3519, "Mobile IP Traversal of Network Address Translation (NAT) Devices," for caveats in the context of mobile deployments.
0 comments:
Post a Comment