Internet Engineering Task Force G. Chen Internet-Draft H. Deng Intended status: Informational China Mobile Expires: April 21, 2011 October 18, 2010 NAT64-CPE Mode Operation for Opening Residential Service draft-chen-v6ops-nat64-cpe-00 Abstract The document has proposed an approach of NAT64-CPE mode, which would give residential service opportunities to be accessed by remote subscribers going through IPv6 networks. The document captures the fundamental NAT64 functionalities with special cares to fit into CPE scenarios and don't need cooperate with DNS64 any more. It will compatible with legacy residential servers and no further updates requirements to DNS. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 21, 2011. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Chen & Deng Expires April 21, 2011 [Page 1]
Internet-Draft NAT64-CPE October 2010 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. NAT64-CPE Mode Scenario Overviews . . . . . . . . . . . . . . . 3 3. NAT64-CPE Mode Operation . . . . . . . . . . . . . . . . . . . 4 3.1. CPE Functionalites Description . . . . . . . . . . . . . . 4 3.2. DNS Configuration Consideration . . . . . . . . . . . . . . 5 3.3. NAT64-CPE Mode Operation Example . . . . . . . . . . . . . 5 4. NAT64-CPE Approach Discussion . . . . . . . . . . . . . . . . . 6 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 7. Informative References . . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 Chen & Deng Expires April 21, 2011 [Page 2]
Internet-Draft NAT64-CPE October 2010 1. Introduction The document is aimed at proposing an approach of NAT64-CPE mode, which would give residential service opportunities to be accessed by remote subscribers going through IPv6 networks. The document captures the fundamental NAT64[NAT64] functionalities with special cares to fit into CPE scenarios. In these scenarios, the NAT64-CPE don't need cooperate with DNS64[DNS64] any more, whereby this mechanism allows an IPv6-only client (i.e. either a host with only IPv6 stack, or a host with both IPv4 and IPv6 stack, but only with IPv6 connectivity or a host running an IPv6 only application) to initiate communications to an IPv4-only residential service server. Recently,IPv6 transition is fairly prevalent due to the depletion of IPv4 soon enough. However, the large number of installed CPE is IPv4-only based and likely to remain for several years. Considering the existing deployment approaches, majority of ISP assigned private IPv4 address to their customers, including residential servers. The nature of private IPv4 would block the end-to-end bi-directional communications. On the other hand, the goal of Internet services is to offer users ubiquitous experiences. User will be certainly supposed to able to enjoy such conveniences regardless of where we are. Therefore, ISP would take advantage of the accessibilities of residential services to provide plenty of services. Fortunately, IPv6 will get ISP end-to-end benefits. During IPv6 migration period, NAT64-CPE mode could overcome the obstacles to achieve final goals. The document is structured as follows. Section 2 describes appropriate scenario the NAT64-CPE mode fit to. Section 3 enumerates various functional parts for NAT64-CPE operation. Section 4 focus on the benefits the NAT64-CPE could bring. Section 5 is further securities consideration. 2. NAT64-CPE Mode Scenario Overviews Figure 1 illustrates a possible network scenario where an IPv6-only client attached to a dual-stack network, but the destination server is running on a private site where there is NAT64-CPE numbered with public IPv6 addresses and private IPv4 addresses. DNS is located in dual stack Internet for naming-resolving. Chen & Deng Expires April 21, 2011 [Page 3]
Internet-Draft NAT64-CPE October 2010 +----------------------+ +------------------------------+ | Dual Stack Internet | | IPv4 Private site (Net 10) | | | | | | | | | | | | +----------+ | | +----+ +---------+ | | | | | H1 |-----------|NAT64-CPE|-------------| Server | | | +----+ +---------+ | | | | v6 only / | | +----------+ | | Host / | | IPv4-only | | +-----+ | | etc. 10.1.1.1 | | | DNS | | | | | +-----+ | | | +----------------------+ +------------------------------+ Figure 1: NAT64-CPE Network Scenario This scenario appears in ISP network quite popular. As the instances, visitors go through distant network to take care of family affairs, like monitoring house security via residential camera, manipulating household appliances remotely prior to comeback home. 3. NAT64-CPE Mode Operation The whole process of NAT64-CPE operation involves CPE, DNS and addressing mechanism. This section illustrates different parts of functionalities. 3.1. CPE Functionalities Description Two kinds of functions the NAT64-CPE would take on. First, it will perform the functionalities that normal CPE does except NAT44 forwarding, like assigning private IPv4 address to their attached residential servers. Additionally, CPE will allocate private IPv4 address to the servers depending on the server MAC address. Therefore, the server could always get constant private IPv4 address. Second, CPE should carry NAT64 capable mode without integrating DNS64. According to normative handing, NAT64-CPE translates in- coming IPv6 destination address by striping NAT64 IPv6-prefix and maintains a IPv4 pool for translating IPv6 sources address. Therein, the NAT64 IPv6 prefix will be NSP specified in IPv6 Addressing of IPv4/IPv6 Translators [IPv6 Addressing of IPv4/IPv6 Translators]. And, ISP will reserve distinct NSP for each CPE. The prerequisite here is that NAT64-CPE should maintain address Chen & Deng Expires April 21, 2011 [Page 4]
Internet-Draft NAT64-CPE October 2010 mapping between inner IP address and outer IP address. PCP [PCP] could handle such problems. But that goes beyond the scope of this draft. Also, NAT64-CPE would install ALG, but it is optional. 3.2. DNS Configuration Consideration Each residential services should be represented by FQDN format so as to users could easily remember and understand. The corresponding naming resource record should be stored as AAAA. The record's IPv6 address is synthesized by NAT64 prefix and private IPv4 address. The IPv6 format is compliant with assembling IPv6 address in DNS64. The deployed DNS just follow regular DNS handling. There is no demands for performing DNS64 process. 3.3. NAT64-CPE Mode Operation Example Figure 2 demonstrates the NAT64-CPE Mode operation flow, in which IPv6 host initiate service interaction with residential server remotely. The detailed actions that different entities performed was described afterwards. IPv6-only Host DNS NAT64-CPE Server | | |IPv4 assigning | (1) | | |<- - - - - - - >| |AAAA query: | | | |household.cam| | | (2) |============>| | | |AAAA response| | | |2001::a01:101| | | (3) |<============| | | | IPv6 traffic | | (4) |------------------------->| | | | +-----------+ IPv4 | (5) | | | NAT64-CPE |--------->| | IPv6 traffic |translation| IPv4 | (6) |<-------------------| |<---------| | | +-----------+ | Figure 2: NAT64-CPE Mode Operation Example (1) NAT64-CPE should be configured with NAT64 prefix, which is allocated by ISP. In that case, the NAT64 prefix is 2001::/64. NAT64-CPE assign private IPv4 address to the servers depending on the server MAC address. And, NAT64-CPE already has maintained the Chen & Deng Expires April 21, 2011 [Page 5]
Internet-Draft NAT64-CPE October 2010 mapping between inner IP address and outer IP address. (2)IPv6-only host initiates AAAA query for resolving service name, for example, that is household.cam. (3)DNS response AAAA record to the previous query. The IPv6 address of this service is synthesized by NAT64 prefix and assigned private IPv4 address. That is 2001::a01:101 (4)IPv6-only host send IPv6 traffic targeting to 2001::a01:101. The IPv6 traffic is routed to CPE. (5)NAT64-CPE detects incoming IPv6 packets and algorithmically translated to IPv4 addresses by using the algorithm defined in [I-D.ietf-behave-address-format]. The translated IPv4 traffic is headed to IPv4-only residential server and perform somehow process. (6)The residential IPv4 server responses these requests by IPv4 traffic, which will be sent to CPE. CPE performs reversed algorithm to translate IPv4 to IPv6 based on the maintained mapping information. And then, CPE generate IPv6 traffic and transmit to IPv6-only Host. 4. NAT64-CPE Approach Discussion Considering above description, NAT64-CPE has following specific features. o NAT64-CPE is capable of making residential server to be accessed, by means of which users could visit the IPv4-only server remotely. o NAT64-CPE is a solely NAT64 deployed solution in CPE environment. It will compatible with legacy residential servers and no further updates requirements to DNS. Therefore, it's liable to be deployed. 5. Security Considerations Essentially, there are strong demands to have thorough security mechanism to prevent privacy invasion in CPE scenario. The detailed considerations need to be further identified. 6. IANA Considerations This memo includes no request to IANA. Chen & Deng Expires April 21, 2011 [Page 6]
Internet-Draft NAT64-CPE October 2010 7. Informative References [DNS64] Bagnulo, M., "DNS64: DNS extensions for Network Address Translation from IPv6 Clients to IPv4 Servers", IETF Internet-draft draft-ietf-behave-dns64-10.txt, July 2010. [IPv6 Addressing of IPv4/IPv6 Translators] Bao, C., "IPv6 Addressing of IPv4/IPv6 Translators", draft-ietf-behave-address-format-10.txt (work in progress), August 2010. [NAT64] Bagnulo, M., "Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers", draft-ietf-behave-v6v4-xlate-stateful-12.txt (work in progress), July 2010. [PCP] Wing, D., "Pinhole Control Protocol (PCP)", draft-wing-softwire-port-control-protocol-02.txt (work in progress), July 2010. Authors' Addresses Gang Chen China Mobile 53A,Xibianmennei Ave., Xuanwu District, Beijing 100053 China Email: phdgang@gmail.com Hui Deng China Mobile 53A,Xibianmennei Ave. Beijing 100053 P.R.China Phone: +86-13910750201 Email: denghui02@gmail.com Chen & Deng Expires April 21, 2011 [Page 7]