RFC 3235 (rfc3235) - Page 2 of 13
Network Address Translator (NAT)-Friendly Application Design Guidelines
Alternative Format: Original Text Document
RFC 3235 NAT Friendly Application Design Guidelines January 2002
that the ALG design may be simple and automated. ALGs typically
operate inside small routers along with the NAT component. Ideally,
the ALG should be simple and not require excessive computation or
state storage.
Many of the same issues in application design that create issues for
NAT (and thus can require ALG support) are also issues for firewalls.
An application designer would do well to keep this in mind, as any
protocol that does require special handling by NAT or firewall
products will be more difficult to deploy than those that require no
special handling.
2. Discussion
Network Address Translation presents a challenge to some existing
applications. In many cases, it should be possible for developers of
new applications to avoid problems if they understand the issues.
This document aims to provide the application designer with
information on what things they can do and what to avoid when trying
to build applications that are able to function across NAT.
The proliferation of NAT, especially in homes and small offices
cannot be dismissed. The marketing of these technologies to homes
and small businesses is often focused on a single-computer
environment, and thus providers only give out a single IP address to
each user. NAT has become a popular choice for connecting more than
a single system per location.
Clearly the most common problem associated with NAT implementations
is the passing of addressing data between stations. Where possible,
applications should find alternatives to such schemes. Studying a
few existing protocols will serve to highlight the different
approaches possible.
Two common forms of Traditional NAT exist. With Basic NAT, only the
IP addresses of packets are altered by the NAT implementation. Many
applications will operate correctly with Basic NAT. The other common
form is Network Address Port Translation. With NAPT, both the IP
addresses and the source and destination ports (for TCP and UDP) are
potentially altered by the gateway. As such, applications passing
only port number information will work with Basic NAT, but not with
NAPT.
Application designers should strive for compatibility with NAPT, as
this form of NAT is the most widely deployed. This is also the form
of NAT that will likely see the greatest penetration in homes and
small offices. Not all applications lend themselves to the
architectural model imposed by NAPT.
Senie Informational