This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[address-policy-wg] Mandating NAT toward the final /8
- Previous message (by thread): [address-policy-wg] Mandating NAT toward the final /8
- Next message (by thread): [address-policy-wg] The final /8 policy proposals, part 2
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Masataka Ohta
mohta at necom830.hpcl.titech.ac.jp
Fri Jul 17 04:22:17 CEST 2009
Randy Bush wrote: Hi, I'm told you are doing similar thing and start reading A+P. > while i find the draft interesting, i fear it is a bit glib. > some comments from folk in our research community: > to quote Thank you very much. >>For dynamic E2ENAT, a NAT gateway and end hosts must somehow >>communicate, details of which is not discussed in this memo. > i.e. "magic happens here" I haven't specified the protocol yet, merely because we have not yet implemented dynamic E2ENAT. Static E2ENAT is enough for ISPs, thus, RIPE. But, the scenario will be as follows: 1) An end host receives GW's (private?) address and (UDP?) port number to be used for dynamic NAT maybe with a supported version numbers through DHCP, PPP, UPnP etc. if there are multiple GWs, all the addresses and the port numbers are given 2) The end host (from in_pcb.c) request a port to GW The request may be retried several times after exponential time out (0.1, 0.2, 0.4, 0.8 and 1.6 second with random perturbation?) Three way handshaking may be used here to prevent DoS with a private network. If there are multiple GWs, the end host get a port number from a GW and try to reserve it with other GWs. If it fails, new port number will be tried. 3) The end host periodically (every 5 seconds with small negative random perturbasion?) send GW update messages of set of port numbers being active (even if there is no packet currently flowing on the active port) 4) GW will cancel port assignment if no update is received for a long time (30 seconds?) 5) GW recover from crash listen for update messages before starting operation port assignment may contain cookie to secure update messages Where is the magic? Note that: Depending on how port numbers are shared, there are static and dynamic E2ENAT or combinations of them. That is, an end host requiring a static port will use static E2ENAT, while the host may use dynamic E2ENAT for other purposes. >>NAT gateways may be nested. That is, a public interface of an internal >>NAT gateway may be connected to a private network of an external NAT >>gateway. Port numbers allocated by the external NAT gateway to the >>internal NAT gateway will be further divided" > this is e2e? Yes. End hosts behind an inner GW still use the shared public address. A destination address of a packet to the shared public address will be translated as follows: 1) At the source, the shared public address 2) On outer GW, a private address of outer private network assigned to the inner GW 3) Upon entry to inner GW, the shared public address 4) Before exiting from inner GW, a private address of inner private network assigned to an end host. 5) On the end host, the shared public address Steps 3) and 4) may be merged for optimization. Note that outgoing packets are not translated, because they already have source address of the shared public address. Masataka Ohta PS For detailed discussions on E2ENAT, a mailing list is provided: e2enat-en at mobile-broadband.org To join, send e2enat-en-ctl at mobile-broadband.org subscribe Your-Last-Name Your-First-Name Or, redirect me to some other mailing list.
- Previous message (by thread): [address-policy-wg] Mandating NAT toward the final /8
- Next message (by thread): [address-policy-wg] The final /8 policy proposals, part 2
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]