Intended status: Standards Track A.Eromenko September 2016

Document Type Active Internet-Draft (individual)
Last updated 2016-09-29
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
"Internet Protocol Five Fields: Babysitter", 
Alexey Eromenko, 2016-09-29,
expiration date: 2017-03-29

Intended status: Standards Track
                                                          September 2016

            IP-FF Babysitter: Stateful Network Address Translation
             including Port, Protocol and Domain Name Translation
                      for Internet Protocol - Five Fields
                             Specification Draft


   Babysitter is a form of an advanced NAT, mostly for desktop clients.
   It gives mixed IP-FF and IPv4 clients access to IPv4-only Internet.
   It is somewhat resembling NAT64 + DNS64 combo, and will aid during
   transition period.

   Assumption: We work on IPv4-only Internet, but we want to implement
   both IP-FF and IPv4 hosts inside our organization, so nodes can work
   between themselves with, and take advantage of, IP-FF, but still 
   able to connect to the Internet.
   If/when this assumption is invalid, and end-to-end IP-FF becomes 
   commonplace, other forms of connection should be used, 
   and babysitter may be disabled.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents:

   1. IP-FF Babysitter components
   2. IP-FF Babysitter requirements
   3. Address mapping
   4. DHCP default settings
   5. DNS ALG translation: conceptual workflow
   6. NAT table: Logical construction and work flow
   7. Checksums
   8. Limitations
   9. Load-balancing multiple babysitters in parallel, for scalability
   10. Duplicate Address Detection proxy

1. IP-FF Babysitter components

   Stateful NAT and DHCP (client and server), Stateless DNS ALG and
   Address mapping.

2. IP-FF Babysitter requirements

   IP-FF babysitter, at a minimum, should support stateful ICMP echo, 
   as well as TCP and UDP protocols and DNS translation
   by ALG (Application-Level Gateway)

   Supporting other ICMP commands and transport protocols is a bonus,
   as are Application-Level Gateways (ALGs) for 
   poorly-behaving protocols.
   Port redirection is a bonus, too. (so that incoming sessions are made
   possible on specific ports)

   IP-FF Babysitter takes only one IPv4 address, either public or 
   private, and MUST work even beind CGN (Carrier-grade NAT),
   where a private IPv4 address is supplied via DHCP.

3. Address mapping

   Source IP addresses are translated in many-to-one fashion.
   Destination IP addresses are mapped as a simple one-to-one function.

     IPv4:    a.b.c.d


     IPFF: 10.a.b.c.d

   Visually similar !

   And if you need private addresses ?

   10.10.x.x.x/20 - all yours !

   When address is mapped, no DAD is performed, since multiple 
   Babysitters can exist on the same network segment.

4. DHCP default settings = Default Gateway (babysitter itself)
   Typically it should give it's DHCPv5 clients the range between

   DNS Server's IP may be mapped to whatever DNS address is provided 
   by your Internet Service Provider (ISP).
   i.e. if your ISP gives you DNS =
   Babysitter maps it as, and gives it to clients
   via DHCP reply.

   Alternatively, Babysitter MAY implement a full DNS proxy with 

   If IPFF-babysitter is a DHCP (v4) client itself, DHCP-FF address
Show full document text