Internet Engineering Task Force                                  G. Chen
Internet-Draft                                                   H. Deng
Intended status: Informational                              China Mobile
Expires: April 21, 2011                                 October 18, 2010


        NAT64-CPE Mode Operation for Opening Residential Service
                     draft-chen-v6ops-nat64-cpe-00

Abstract

   The document has proposed an approach of NAT64-CPE mode, which would
   give residential service opportunities to be accessed by remote
   subscribers going through IPv6 networks.  The document captures the
   fundamental NAT64 functionalities with special cares to fit into CPE
   scenarios and don't need cooperate with DNS64 any more.  It will
   compatible with legacy residential servers and no further updates
   requirements to DNS.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 21, 2011.

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of



Chen & Deng              Expires April 21, 2011                 [Page 1]


Internet-Draft                  NAT64-CPE                   October 2010


   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  NAT64-CPE Mode Scenario Overviews . . . . . . . . . . . . . . . 3
   3.  NAT64-CPE Mode Operation  . . . . . . . . . . . . . . . . . . . 4
     3.1.  CPE Functionalites Description  . . . . . . . . . . . . . . 4
     3.2.  DNS Configuration Consideration . . . . . . . . . . . . . . 5
     3.3.  NAT64-CPE Mode Operation Example  . . . . . . . . . . . . . 5
   4.  NAT64-CPE Approach Discussion . . . . . . . . . . . . . . . . . 6
   5.  Security Considerations . . . . . . . . . . . . . . . . . . . . 6
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
   7.  Informative References  . . . . . . . . . . . . . . . . . . . . 7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 7






















Chen & Deng              Expires April 21, 2011                 [Page 2]


Internet-Draft                  NAT64-CPE                   October 2010


1.  Introduction

   The document is aimed at proposing an approach of NAT64-CPE mode,
   which would give residential service opportunities to be accessed by
   remote subscribers going through IPv6 networks.  The document
   captures the fundamental NAT64[NAT64] functionalities with special
   cares to fit into CPE scenarios.  In these scenarios, the NAT64-CPE
   don't need cooperate with DNS64[DNS64] any more, whereby this
   mechanism allows an IPv6-only client (i.e. either a host with only
   IPv6 stack, or a host with both IPv4 and IPv6 stack, but only with
   IPv6 connectivity or a host running an IPv6 only application) to
   initiate communications to an IPv4-only residential service server.

   Recently,IPv6 transition is fairly prevalent due to the depletion of
   IPv4 soon enough.  However, the large number of installed CPE is
   IPv4-only based and likely to remain for several years.  Considering
   the existing deployment approaches, majority of ISP assigned private
   IPv4 address to their customers, including residential servers.  The
   nature of private IPv4 would block the end-to-end bi-directional
   communications.  On the other hand, the goal of Internet services is
   to offer users ubiquitous experiences.  User will be certainly
   supposed to able to enjoy such conveniences regardless of where we
   are.  Therefore, ISP would take advantage of the accessibilities of
   residential services to provide plenty of services.  Fortunately,
   IPv6 will get ISP end-to-end benefits.  During IPv6 migration period,
   NAT64-CPE mode could overcome the obstacles to achieve final goals.

   The document is structured as follows.  Section 2 describes
   appropriate scenario the NAT64-CPE mode fit to.  Section 3 enumerates
   various functional parts for NAT64-CPE operation.  Section 4 focus on
   the benefits the NAT64-CPE could bring.  Section 5 is further
   securities consideration.


2.  NAT64-CPE Mode Scenario Overviews

   Figure 1 illustrates a possible network scenario where an IPv6-only
   client attached to a dual-stack network, but the destination server
   is running on a private site where there is NAT64-CPE numbered with
   public IPv6 addresses and private IPv4 addresses.  DNS is located in
   dual stack Internet for naming-resolving.










Chen & Deng              Expires April 21, 2011                 [Page 3]


Internet-Draft                  NAT64-CPE                   October 2010


        +----------------------+  +------------------------------+
        | Dual Stack Internet  |  | IPv4 Private site (Net 10)   |
        |                      |  |                              |
        |                      |  |                              |
        |                      |  |                 +----------+ |
        |  +----+           +---------+             |          | |
        |  | H1 |-----------|NAT64-CPE|-------------|  Server  | |
        |  +----+           +---------+             |          | |
        | v6 only          /   |  |                 +----------+ |
        | Host            /    |  |                  IPv4-only   |
        |            +-----+   |  |                etc. 10.1.1.1 |
        |            | DNS |   |  |                              |
        |            +-----+   |  |                              |
        +----------------------+  +------------------------------+


                  Figure 1: NAT64-CPE Network Scenario

   This scenario appears in ISP network quite popular.  As the
   instances, visitors go through distant network to take care of family
   affairs, like monitoring house security via residential camera,
   manipulating household appliances remotely prior to comeback home.


3.  NAT64-CPE Mode Operation

   The whole process of NAT64-CPE operation involves CPE, DNS and
   addressing mechanism.  This section illustrates different parts of
   functionalities.

3.1.  CPE Functionalities Description

   Two kinds of functions the NAT64-CPE would take on.  First, it will
   perform the functionalities that normal CPE does except NAT44
   forwarding, like assigning private IPv4 address to their attached
   residential servers.  Additionally, CPE will allocate private IPv4
   address to the servers depending on the server MAC address.
   Therefore, the server could always get constant private IPv4 address.

   Second, CPE should carry NAT64 capable mode without integrating
   DNS64.  According to normative handing, NAT64-CPE translates in-
   coming IPv6 destination address by striping NAT64 IPv6-prefix and
   maintains a IPv4 pool for translating IPv6 sources address.  Therein,
   the NAT64 IPv6 prefix will be NSP specified in IPv6 Addressing of
   IPv4/IPv6 Translators [IPv6 Addressing of IPv4/IPv6 Translators].
   And, ISP will reserve distinct NSP for each CPE.

   The prerequisite here is that NAT64-CPE should maintain address



Chen & Deng              Expires April 21, 2011                 [Page 4]


Internet-Draft                  NAT64-CPE                   October 2010


   mapping between inner IP address and outer IP address.  PCP [PCP]
   could handle such problems.  But that goes beyond the scope of this
   draft.  Also, NAT64-CPE would install ALG, but it is optional.

3.2.  DNS Configuration Consideration

   Each residential services should be represented by FQDN format so as
   to users could easily remember and understand.  The corresponding
   naming resource record should be stored as AAAA.  The record's IPv6
   address is synthesized by NAT64 prefix and private IPv4 address.  The
   IPv6 format is compliant with assembling IPv6 address in DNS64.

   The deployed DNS just follow regular DNS handling.  There is no
   demands for performing DNS64 process.

3.3.  NAT64-CPE Mode Operation Example

   Figure 2 demonstrates the NAT64-CPE Mode operation flow, in which IPv6
   host initiate service interaction with residential server remotely.
   The detailed actions that different entities performed was described
   afterwards.


            IPv6-only
      Host           DNS       NAT64-CPE        Server
       |             |            |IPv4 assigning  |
   (1) |             |            |<- - - - - - - >|
       |AAAA query:  |            |                |
       |household.cam|            |                |
   (2) |============>|            |                |
       |AAAA response|            |                |
       |2001::a01:101|            |                |
   (3) |<============|            |                |
       |      IPv6 traffic        |                |
   (4) |------------------------->|                |
       |             |      +-----------+ IPv4     |
   (5) |             |      | NAT64-CPE |--------->|
       |    IPv6 traffic    |translation| IPv4     |
   (6) |<-------------------|           |<---------|
       |             |      +-----------+          |


              Figure 2: NAT64-CPE Mode Operation Example

   (1) NAT64-CPE should be configured with NAT64 prefix, which is
   allocated by ISP.  In that case, the NAT64 prefix is 2001::/64.
   NAT64-CPE assign private IPv4 address to the servers depending on the
   server MAC address.  And, NAT64-CPE already has maintained the



Chen & Deng              Expires April 21, 2011                 [Page 5]


Internet-Draft                  NAT64-CPE                   October 2010


   mapping between inner IP address and outer IP address.

   (2)IPv6-only host initiates AAAA query for resolving service name,
   for example, that is household.cam.

   (3)DNS response AAAA record to the previous query.  The IPv6 address
   of this service is synthesized by NAT64 prefix and assigned private
   IPv4 address.  That is 2001::a01:101

   (4)IPv6-only host send IPv6 traffic targeting to 2001::a01:101.  The
   IPv6 traffic is routed to CPE.

   (5)NAT64-CPE detects incoming IPv6 packets and algorithmically
   translated to IPv4 addresses by using the algorithm defined in
   [I-D.ietf-behave-address-format].  The translated IPv4 traffic is
   headed to IPv4-only residential server and perform somehow process.

   (6)The residential IPv4 server responses these requests by IPv4
   traffic, which will be sent to CPE.  CPE performs reversed algorithm
   to translate IPv4 to IPv6 based on the maintained mapping
   information.  And then, CPE generate IPv6 traffic and transmit to
   IPv6-only Host.


4.  NAT64-CPE Approach Discussion

   Considering above description, NAT64-CPE has following specific
   features.

   o  NAT64-CPE is capable of making residential server to be accessed,
      by means of which users could visit the IPv4-only server remotely.

   o  NAT64-CPE is a solely NAT64 deployed solution in CPE environment.
      It will compatible with legacy residential servers and no further
      updates requirements to DNS.  Therefore, it's liable to be
      deployed.


5.  Security Considerations

   Essentially, there are strong demands to have thorough security
   mechanism to prevent privacy invasion in CPE scenario.  The detailed
   considerations need to be further identified.


6.  IANA Considerations

   This memo includes no request to IANA.



Chen & Deng              Expires April 21, 2011                 [Page 6]


Internet-Draft                  NAT64-CPE                   October 2010


7.  Informative References

   [DNS64]    Bagnulo, M., "DNS64: DNS extensions for Network Address
              Translation from IPv6 Clients to IPv4 Servers", IETF
              Internet-draft  draft-ietf-behave-dns64-10.txt, July 2010.

   [IPv6 Addressing of IPv4/IPv6 Translators]
              Bao, C., "IPv6 Addressing of IPv4/IPv6 Translators",
              draft-ietf-behave-address-format-10.txt (work in
              progress), August 2010.

   [NAT64]    Bagnulo, M., "Stateful NAT64: Network Address and Protocol
              Translation from IPv6 Clients to IPv4 Servers",
              draft-ietf-behave-v6v4-xlate-stateful-12.txt (work in
              progress), July 2010.

   [PCP]      Wing, D., "Pinhole Control Protocol (PCP)",
              draft-wing-softwire-port-control-protocol-02.txt (work in
              progress), July 2010.


Authors' Addresses

   Gang Chen
   China Mobile
   53A,Xibianmennei Ave.,
   Xuanwu District,
   Beijing  100053
   China

   Email: phdgang@gmail.com


   Hui Deng
   China Mobile
   53A,Xibianmennei Ave.
   Beijing  100053
   P.R.China

   Phone: +86-13910750201
   Email: denghui02@gmail.com










Chen & Deng              Expires April 21, 2011                 [Page 7]