One document matched: draft-schoenw-behave-nat-mib-bis-00.txt
Internet Engineering Task Force J. Schoenwaelder
Internet-Draft Jacobs University Bremen
Intended status: Standards Track C. Zhou
Expires: January 5, 2012 Huawei Technologies
July 4, 2011
Extension of the NAT-MIB to support NAT64 and CGN (and DS-Lite)
draft-schoenw-behave-nat-mib-bis-00
Abstract
This document discusses the extensions of the NAT-MIB needed to
support newer Network Address Translator (NAT) variants such as
NAT64, Carried Grade NAT (CGN), or Dual-Stack Lite (DS-Lite).
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 5, 2012.
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Schoenwaelder & Zhou Expires January 5, 2012 [Page 1]
Internet-Draft Extension of the NAT-MIB July 2011
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Structure of the NAT-MIB . . . . . . . . . . . . . . . . . . . 3
3. Extensions of the NAT-MIB . . . . . . . . . . . . . . . . . . . 4
4. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 6
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6
8. Normative References . . . . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7
Schoenwaelder & Zhou Expires January 5, 2012 [Page 2]
Internet-Draft Extension of the NAT-MIB July 2011
1. Introduction
The NAT-MIB [RFC4008] defines a standards-track model for configuring
and monitoring Network Address Translators (NATs). Recently, a
number of new NAT variants have been proposed such as stateful NAT64
[RFC6146], Carried Grade NAT (CGN), and Dual-Stack Lite (DS-Lite)
[I-D.ietf-softwire-dual-stack-lite]. A number of new MIB modules
have been proposed to support these new variants of NATs. This
document provides an analysis and proposes to revise the NAT-MIB
itself instead of creating additional MIB modules.
2. Structure of the NAT-MIB
The NAT-MIB [RFC4008] consists of tables carrying configuration
information and tables indicating the currently active bindings and
NAT sessions as shown in the figure below.
+----------------------+ +-----------------+
+-----| natInterfaceTable |--------| natAddrMapTable |-+
| +----------------------+ +-----------------+ |-+
+---+ +-----------------+ |
| i | +-----------------+
| n |
| t | +----------------------+
| e |---| natAddrBindTable |-+
| r | +----------------------+ |-+
| f | +----------------------+ |
| a | +----------------------+
| c |
| e | +----------------------+
| |---| natAddrPortBindTable |-+
+---+ +----------------------+ |-+
| +----------------------+ |
| +----------------------+
|
|
| +----------------------+
+-----| natSessionTable |-+
+----------------------+ |-+
+----------------------+ |
+----------------------+
The NAT-MIB enables NAT functionality on a per interface basis. As a
consequence, the natInterfaceTable, is indexed by an ifIndex value.
The table describing address pools, the natAddrMapTable, is indexed
by an ifIndex value and a natAddrMapIndex. While it is possible to
have multiple address pools configured on a NAT function of an
Schoenwaelder & Zhou Expires January 5, 2012 [Page 3]
Internet-Draft Extension of the NAT-MIB July 2011
interface, NAT functions on different interfaces will have separate
address pools. The actual NAT bindings are reported in the
natAddrBindTable (in case of pure address translation) indexed by an
ifIndex value and the local private-realm network address and type or
the natAddrPortBindTable (in case of address and port translation)
indexed by an ifIndex value, the local private-realm network address
and type and the local port number and protocol. The natSessionTable
provide statistics about NAT sessions.
3. Extensions of the NAT-MIB
As a consequence of the design of the NAT-MIB, the address pools
configured in the natAddrMapTable are interface specific and cannot
be shared between multiple interfaces. In order to support NATs
where the goal is to share public IPv4 addresses or address pools of
public IPv4 addresses with multiple interfaces (multiple customers),
an extension of the NAT-MIB is required allowing to configure address
pools that can be shared between NAT interfaces. One way of
achieving this is to create a new natSharedAddrMapTable with a unique
index (natSharedAddrMapIndex) that is referenced from
natInterfaceTable entries. If the reference is not provided, a
suitable natAddrMapTable entry is expected to be used.
The NAT64 MIB proposal [I-D.jpdionne-behave-nat64-mib] suggests to
extend the natAddrMapTable so that a NAT64 prefix can be configured
in case the default is not used. It is not clear whether this
functionality is necessary to add since the NAT-MIB already allows to
configure address ranges. (And it is unclear how the new proposed
objects would interact with the existing objects). Other proposed
changes are clarifications of discard notifications, explainions of
terminology differences, and the support of NAT sessions for ICMP.
However, it is not clear whether adding the word 'icmp' to an
enumeration is sufficient (nor is it clear what to do about DCCP and
SCTP).
The CGN MIB proposal [I-D.jpdionne-behave-cgn-mib] suggests to add
objects to limit and/or throttle address and port allocations in
order to address requirements detailed in
[I-D.ietf-behave-lsn-requirements]. In addition, additional
notifications are proposed to indicate address or port exhaustion.
Finally, the authors suggest to add tables providing aggregated
statistics about the usage of NAT address pools.
The DS-Lite MIB proposal [I-D.fu-softwire-dslite-mib] suggests new
objects to represent the relationship between the objects
representing tunnels (as defined in the TUNNEL-MIB, [RFC4087]) and
the NAT-MIB. However, since a tunnel is identified by its unique
Schoenwaelder & Zhou Expires January 5, 2012 [Page 4]
Internet-Draft Extension of the NAT-MIB July 2011
ifIndex value and since the natInterfaceTable is also indexed by an
ifIndex value, it is unclear why this is needed. The proposal also
suggests to add additional counters, e.g., tunnel specific counters
for NAT bindings. Architecturally, it seems to be more desirable to
clearly separate the NAT functionality from the tunnel functionality.
In particular, the IPv4-in-IPv6 tunnel architecturally ends at the
tunnel interface and hence the NAT function only receives IPv4
packets arriving via a tunnel interface. However, it seems that
gateway initiated tunnels that use IPv6-Flow-Label bits as a context
identifier (CID) [I-D.ietf-softwire-gateway-init-ds-lite] require
further discussion.
4. Conclusions
Looking at the structure of the current NAT-MIB and the proposed
extensions, it seems the best way forward is to revise the NAT-MIB to
add a minimal number of additional objects and any clarifications
needed to cover NAT64, CGNs, and DS-Lite. This seems to be a better
approach than creating several independent extensions, in particular
since some extensions seem to be generally applicable.
In particular, the following items need to be worked on:
o Extend the NAT-MIB to support address pools shared between
interface specific NAT instances.
o Extend the NAT-MIB to support protocols other than UDP and TCP.
o Add support to limit and/or throttle binding allocations.
o Clarify existing notifications (e.g., natPacketDiscard) and add
any additional notifications that may be needed for binding limits
/ binding throttling.
In addition, it will be necessary to look at protocols like the Port
Control Protocol (PCP) [I-D.ietf-pcp-base] that can create time-
limited static entries.
To help readers and implementers, it might be desirable to include
(for example in an appendix) a description plus examples how the
revised NAT-MIB can be used by NAT64 implementations, CGNs, and DS-
Lite implementations.
To support DS-Lite (and related technologies such as 6RD), a revision
of the TUNNEL-MIB [RFC4087] may be needed as well or suitable tunnel
type specific extensions.
Schoenwaelder & Zhou Expires January 5, 2012 [Page 5]
Internet-Draft Extension of the NAT-MIB July 2011
For configuration objects, it might be desirable to also produce a
YANG data model (for use with the NETCONF protocol) that is
consistent with the design of the revised NAT-MIB.
5. IANA Considerations
This document has no IANA actions.
6. Security Considerations
This document has no impact on the security of the Internet.
7. Acknowledgements
The authors like to thank Jean-Philippe Dionne for comments on an
early version of this document.
8. Normative References
[I-D.fu-softwire-dslite-mib]
Fu, Y., Jiang, S., Cui, Y., and J. Dong, "DS-Lite
Management Information Base (MIB)",
draft-fu-softwire-dslite-mib-00 (work in progress),
May 2011.
[I-D.ietf-behave-lsn-requirements]
Perreault, S., Yamagata, I., Miyakawa, S., Nakagawa, A.,
and H. Ashida, "Common requirements for IP address sharing
schemes", draft-ietf-behave-lsn-requirements-01 (work in
progress), March 2011.
[I-D.ietf-pcp-base]
Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P.
Selkirk, "Port Control Protocol (PCP)",
draft-ietf-pcp-base-12 (work in progress), May 2011.
[I-D.ietf-softwire-dual-stack-lite]
Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
Stack Lite Broadband Deployments Following IPv4
Exhaustion", draft-ietf-softwire-dual-stack-lite-11 (work
in progress), May 2011.
[I-D.ietf-softwire-gateway-init-ds-lite]
Brockners, F., Gundavelli, S., Speicher, S., and D. Ward,
Schoenwaelder & Zhou Expires January 5, 2012 [Page 6]
Internet-Draft Extension of the NAT-MIB July 2011
"Gateway Initiated Dual-Stack Lite Deployment",
draft-ietf-softwire-gateway-init-ds-lite-04 (work in
progress), June 2011.
[I-D.jpdionne-behave-cgn-mib]
Dionne, J. and M. Blanchet, "CGN Management Information
Base (MIB)", draft-jpdionne-behave-cgn-mib-00 (work in
progress), July 2011.
[I-D.jpdionne-behave-nat64-mib]
Dionne, J. and M. Blanchet, "NAT64 Management Information
Base (MIB)", draft-jpdionne-behave-nat64-mib-00 (work in
progress), March 2011.
[RFC4008] Rohit, R., Srisuresh, P., Raghunarayan, R., Pai, N., and
C. Wang, "Definitions of Managed Objects for Network
Address Translators (NAT)", RFC 4008, March 2005.
[RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, June 2005.
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, April 2011.
Authors' Addresses
Juergen Schoenwaelder
Jacobs University Bremen
Campus Ring 1
Bremen 28759
Germany
Email: j.schoenwaelder@jacobs-university.de
Cathy Zhou
Huawei Technologies
Bantian, Longgang District
Shenzhen 518129
P.R. China
Email: cathyzhou@huawei.com
Schoenwaelder & Zhou Expires January 5, 2012 [Page 7]
| PAFTECH AB 2003-2026 | 2026-04-24 05:04:47 |