| draft-arkko-dual-stack-extra-lite-03.txt | draft-arkko-dual-stack-extra-lite.txt | |||
|---|---|---|---|---|
| Network Working Group J. Arkko | Network Working Group J. Arkko | |||
| Internet-Draft Ericsson | Internet-Draft Ericsson | |||
| Intended status: Standards Track L. Eggert | Intended status: Standards Track L. Eggert | |||
| Expires: April 28, 2011 Nokia | Expires: August 5, 2011 Nokia | |||
| October 25, 2010 | M. Townsley | |||
| Cisco | ||||
| February 2011 | ||||
| Scalable Operation of Address Translators with Per-Interface Bindings | Scalable Operation of Address Translators with Per-Interface Bindings | |||
| draft-arkko-dual-stack-extra-lite-03 | draft-arkko-dual-stack-extra-lite-05 | |||
| Abstract | Abstract | |||
| This document explains how to employ address translation in networks | This document explains how to employ address translation in networks | |||
| that serve a large number of individual customers without requiring a | that serve a large number of individual customers without requiring a | |||
| correspondingly large amount of private IPv4 address space. | correspondingly large amount of private IPv4 address space. | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| skipping to change at page 1, line 33 | skipping to change at page 1, line 35 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 28, 2011. | This Internet-Draft will expire on August 5, 2011. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2010 IETF Trust and the persons identified as the | Copyright (c) 2011 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 3, line 21 | skipping to change at page 3, line 21 | |||
| A Network Address Translator (NAT) is typically configured to connect | A Network Address Translator (NAT) is typically configured to connect | |||
| a network domain that uses private IPv4 addresses to the public | a network domain that uses private IPv4 addresses to the public | |||
| Internet. The NAT device - which is configured with a public IPv4 | Internet. The NAT device - which is configured with a public IPv4 | |||
| address - creates and maintains a mapping for each communication | address - creates and maintains a mapping for each communication | |||
| session from a device inside the domain it serves to devices in the | session from a device inside the domain it serves to devices in the | |||
| public Internet. It does that by translating the packet flow of each | public Internet. It does that by translating the packet flow of each | |||
| session such that the externally visible traffic uses only public | session such that the externally visible traffic uses only public | |||
| addresses. | addresses. | |||
| In most NAT deployments, the network domain connected by the NAT to | In many NAT deployments, the network domain connected by the NAT to | |||
| the public Internet is a broadcast network sharing the same media, | the public Internet is a broadcast network sharing the same media, | |||
| where each individual device must have a unique IPv4 address. In | where each individual device must have a private IPv4 address that is | |||
| such deployments it is natural to also implement the NAT | unique within this network. In such deployments it is natural to | |||
| functionality such that it uses this unique IPv4 address when looking | also implement the NAT functionality such that it uses the private | |||
| up which mapping should be used to translate a given communication | IPv4 address when looking up which mapping should be used to | |||
| session. | translate a given communication session. | |||
| It is important to note, however, that this is not an inherent | It is important to note, however, that this is not an inherent | |||
| requirement. When other methods of identifying the correct mapping | requirement. When other methods of identifying the correct mapping | |||
| are available, and the NAT is not connecting a shared-media broadcast | are available, and the NAT is not connecting a shared-media broadcast | |||
| network to the Internet, there is no need to assign each device in | network to the Internet, there is no need to assign each device in | |||
| the domain a unique IPv4 address. | the domain a unique IPv4 address. | |||
| This is the case, for example, when the NAT connects devices to the | This is the case, for example, when the NAT connects devices to the | |||
| Internet that connect to it with individual point-to-point links. In | Internet that connect to it with individual point-to-point links. In | |||
| this case, it becomes possible to use the same private addresses many | this case, it becomes possible to use the same private addresses many | |||
| skipping to change at page 5, line 26 | skipping to change at page 5, line 26 | |||
| small measure, which may aid NAT scalability. For other deployments, | small measure, which may aid NAT scalability. For other deployments, | |||
| it is likely necessary to store both the user device IPv4 address and | it is likely necessary to store both the user device IPv4 address and | |||
| the internal interface identifier, which slightly increases the size | the internal interface identifier, which slightly increases the size | |||
| of the mapping entry. | of the mapping entry. | |||
| This mode of operation is only suitable in deployments where user | This mode of operation is only suitable in deployments where user | |||
| devices connect to the NAT over point-to-point links. If supported, | devices connect to the NAT over point-to-point links. If supported, | |||
| this mode of operation SHOULD be configurable, and it should be | this mode of operation SHOULD be configurable, and it should be | |||
| disabled by default in general-purpose NAT devices. | disabled by default in general-purpose NAT devices. | |||
| All address translators make it hard to address devices behind them. | ||||
| The same is true of the particular NAT variant described in this | ||||
| document. An additional constraint is caused by the use of the same | ||||
| address space for different devices behind the NAT, which prevents | ||||
| the use of unique private addresses for communication between devices | ||||
| behind the same NAT. | ||||
| 5. IPv6 Considerations | 5. IPv6 Considerations | |||
| Private address space conservation is important even during the | Private address space conservation is important even during the | |||
| migration to IPv6, because it will be necessary to communicate with | migration to IPv6, because it will be necessary to communicate with | |||
| the IPv4 Internet for a long time. This document specifies two | the IPv4 Internet for a long time. This document specifies two | |||
| recommended deployment models for IPv6. In the first deployment | recommended deployment models for IPv6. In the first deployment | |||
| model the mechanisms specified in this document are useful. In the | model the mechanisms specified in this document are useful. In the | |||
| second deployment model no additional mechanisms are needed, because | second deployment model no additional mechanisms are needed, because | |||
| IPv6 addresses are already sufficient to distinguish mappings from | IPv6 addresses are already sufficient to distinguish mappings from | |||
| each other. | each other. | |||
| skipping to change at page 6, line 11 | skipping to change at page 6, line 18 | |||
| [I-D.ietf-behave-v6v4-xlate-stateful]. In this deployment model | [I-D.ietf-behave-v6v4-xlate-stateful]. In this deployment model | |||
| there is no IPv4 in the internal network at all. This model is | there is no IPv4 in the internal network at all. This model is | |||
| applicable only in situations where all relevant devices and | applicable only in situations where all relevant devices and | |||
| applications are IPv6-capable. In this situation, per-interface | applications are IPv6-capable. In this situation, per-interface | |||
| mappings could be employed as specified above, but they are generally | mappings could be employed as specified above, but they are generally | |||
| unnecessary as the IPv6 address space is large enough to provide a | unnecessary as the IPv6 address space is large enough to provide a | |||
| sufficient number of mappings. | sufficient number of mappings. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| This practices outlined in this document do not affect the security | The practices outlined in this document do not affect the security | |||
| properties of address translation. | properties of address translation. The binding method specified in | |||
| this document is not observable to a device that is on the outside of | ||||
| the NAT; i.e., a regular NAT and a NAT specified here cannot be | ||||
| distinguished. However, the use of point-to-point links implies | ||||
| naturally that the devices behind the NAT cannot communicate with | ||||
| each other directly without going through the NAT (or a router). The | ||||
| use of same address space for different devices implies in addition | ||||
| that a NAT operation must occur between two devices in order for them | ||||
| to communicate. | ||||
| The security implications of address translation in general have been | ||||
| discussed in many previous documents, including [RFC2663] [RFC2993] | ||||
| [RFC4787], and [RFC5382]. | ||||
| 7. IANA Considerations | 7. IANA Considerations | |||
| This document has no IANA implications. | This document has no IANA implications. | |||
| 8. References | 8. References | |||
| 8.1. Normative References | 8.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| skipping to change at page 6, line 42 | skipping to change at page 7, line 17 | |||
| BCP 5, RFC 1918, February 1996. | BCP 5, RFC 1918, February 1996. | |||
| [RFC2516] Mamakos, L., Lidl, K., Evarts, J., Carrel, D., Simone, D., | [RFC2516] Mamakos, L., Lidl, K., Evarts, J., Carrel, D., Simone, D., | |||
| and R. Wheeler, "A Method for Transmitting PPP Over | and R. Wheeler, "A Method for Transmitting PPP Over | |||
| Ethernet (PPPoE)", RFC 2516, February 1999. | Ethernet (PPPoE)", RFC 2516, February 1999. | |||
| [RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address | [RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address | |||
| Translator (NAT) Terminology and Considerations", | Translator (NAT) Terminology and Considerations", | |||
| RFC 2663, August 1999. | RFC 2663, August 1999. | |||
| [RFC2993] Hain, T., "Architectural Implications of NAT", RFC 2993, | ||||
| November 2000. | ||||
| [RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms | [RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms | |||
| for IPv6 Hosts and Routers", RFC 4213, October 2005. | for IPv6 Hosts and Routers", RFC 4213, October 2005. | |||
| [RFC4787] Audet, F. and C. Jennings, "Network Address Translation | [RFC4787] Audet, F. and C. Jennings, "Network Address Translation | |||
| (NAT) Behavioral Requirements for Unicast UDP", BCP 127, | (NAT) Behavioral Requirements for Unicast UDP", BCP 127, | |||
| RFC 4787, January 2007. | RFC 4787, January 2007. | |||
| [RFC5382] Guha, S., Biswas, K., Ford, B., Sivakumar, S., and P. | [RFC5382] Guha, S., Biswas, K., Ford, B., Sivakumar, S., and P. | |||
| Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142, | Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142, | |||
| RFC 5382, October 2008. | RFC 5382, October 2008. | |||
| skipping to change at page 7, line 43 | skipping to change at page 8, line 16 | |||
| Appendix A. Contributors | Appendix A. Contributors | |||
| The ideas in this draft were first presented in | The ideas in this draft were first presented in | |||
| [I-D.ietf-softwire-dual-stack-lite]. This document also in debt to | [I-D.ietf-softwire-dual-stack-lite]. This document also in debt to | |||
| [I-D.arkko-townsley-coexistence] and [I-D.miles-behave-l2nat]. | [I-D.arkko-townsley-coexistence] and [I-D.miles-behave-l2nat]. | |||
| However, all of these documents focused on additional components, | However, all of these documents focused on additional components, | |||
| such as tunneling protocols or the allocation of special IP address | such as tunneling protocols or the allocation of special IP address | |||
| ranges. We wanted to publish a specification that just focuses on | ranges. We wanted to publish a specification that just focuses on | |||
| the core functionality of a per-interface NAT mappings. However, | the core functionality of a per-interface NAT mappings. However, | |||
| Mark Townsley, David Miles, and Alain Durand should be credited with | David Miles, and Alain Durand should be credited with coming up with | |||
| coming up with the ideas discussed in this memo. | the ideas discussed in this memo. | |||
| Appendix B. Acknowledgments | Appendix B. Acknowledgments | |||
| The authors would also like to thank Randy Bush, Fredrik Garneij, Dan | The authors would also like to thank Randy Bush, Fredrik Garneij, Dan | |||
| Wing, Christian Vogt, Marcelo Braun, Joel Halpern, Wassim Haddad, | Wing, Christian Vogt, Marcelo Braun, Joel Halpern, Wassim Haddad, | |||
| Alan Kavanaugh and others for interesting discussions in this problem | Alan Kavanaugh and others for interesting discussions in this problem | |||
| space. | space. | |||
| Lars Eggert is partly funded by the Trilogy Project [TRILOGY], a | Lars Eggert is partly funded by the Trilogy Project [TRILOGY], a | |||
| research project supported by the European Commission under its | research project supported by the European Commission under its | |||
| skipping to change at line 351 | skipping to change at page 9, line 4 | |||
| Lars Eggert | Lars Eggert | |||
| Nokia Research Center | Nokia Research Center | |||
| P.O. Box 407 | P.O. Box 407 | |||
| Nokia Group 00045 | Nokia Group 00045 | |||
| Finland | Finland | |||
| Phone: +358 50 48 24461 | Phone: +358 50 48 24461 | |||
| Email: lars.eggert@nokia.com | Email: lars.eggert@nokia.com | |||
| URI: http://research.nokia.com/people/lars_eggert/ | URI: http://research.nokia.com/people/lars_eggert/ | |||
| Mark Townsley | ||||
| Cisco | ||||
| Paris 75006 | ||||
| France | ||||
| Email: townsley@cisco.com | ||||
| End of changes. 11 change blocks. | ||||
| 15 lines changed or deleted | 39 lines changed or added | |||
This html diff was produced by rfcdiff 1.32. The latest version is available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||