Oleksiy Mark - Fotolia
Network address translation, or NAT, tends to impose a lot of burden on peer-to-peer applications, because they...
require the use of procedures -- called NAT traversal techniques -- that establish and maintain IP connections across multiple gateways that support NAT.
One of the promises of IPv6 has been to get rid of NAT and all of its associated burdens, thus permitting simpler peer-to-peer (P2P) applications. But it's likely these applications could face new performance issues with IPv6. Here's why.
NAT devices normally block unsolicited incoming communications. As a result, in a network where two P2P nodes reside behind a respective NAT device, neither node can communicate with the other. Instead, each node must use some clever tricks or other mechanisms to override the connectivity restrictions NAT imposes. This means increased complexity and performance degradation, even for the simplest P2P implementation.
Network address translation operation
NATs are typically employed to share a single IP address among multiple hosts. Network address translation -- or, more specifically, the so-called network address Port Translation Protocol -- works roughly as follows:
- When the NAT device receives a packet from the internal network, it overwrites the source address of the packet with the public address of the NAT device and overwrites the transport protocol source port number. This means each communication instance generates a unique tuple with a source address, destination address, source port and destination port. The corresponding mapping and address translation is recorded in a NAT table.
- When the NAT device receives a packet from the external, or public, network, the packet is employed to look up an entry in the NAT table. If an entry is found, the destination address and destination port of the incoming packet are overwritten. If an entry is not found, the packet is discarded.
This explains why NAT devices block unsolicited incoming communications. If there is no corresponding entry in the NAT table for the incoming packet, it is impossible for the NAT device to determine how the packet should be translated. Hence, the NAT device must drop the packet. That's a problem with peer-to-peer applications, and that behavior causes issues with IPv6.
Firewalls replace NAT components
IPv6 networks do not normally employ NATs, but rather replace the NAT device with an IPv6 firewall that usually allows only outgoing communications -- thus enforcing a similar packet-filtering policy to that of IPv4 NATs. This filtering policy also represents a challenge to peer-to-peer applications, which must implement tricks or mechanisms to somehow allow unsolicited incoming communications.
As IPv6 deployments continue to increase -- with 23% of networks now supporting the protocol, according to the Internet Society -- improving P2P performance and eliminating issues with IPv6 are top priorities.
One of the mechanisms widely employed for traversing NATs is the Universal Plug and Play (UPnP) protocol suite, which allows hosts to dynamically configure port redirection on NAT devices -- that is, it causes packets that are directed to some port at the NAT device to be redirected to some possibly different port on one of the internal nodes.
UPnP is widely implemented in IPv4-based branch- and small-office routers, and it is commonly employed to map or redirect packets sent to an external port at a NAT device to a possibly different port at a host on the internal network. That is, a host can employ UPnP to request that incoming communications received on some port at the NAT device be allowed and redirected to some port at one of the internal hosts. This effectively enables peer-to-peer applications such as Skype and WhatsApp to receive unsolicited incoming communications even when they are behind a NAT device. This approach yields a simple and effective approach for enabling P2P operation and reducing issues with IPv6.
While UPnP is commonly supported in IPv4 routers, that's not the case for all IPv6 routers. As a result, it may be necessary to manually configure branch- and small-office IPv6 routers to ensure P2P file transfers will work.
The use of dual-stack routers -- those capable of supporting IPv4 and IPv6 -- is an option. But if IPv4 support is removed, then peer-to-peer communication problems will likely occur.