Mobility Extensions for IPv6 W. Haddad
(mext) Ericsson
Internet-Draft C. Perkins
Intended status: Informational WiChorus Inc.
Expires: April 14, 2010 October 11, 2009
A Note on NAT64 Interaction with Mobile IPv6
draft-haddad-mext-nat64-mobility-harmful-00
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 14, 2010.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Haddad & Perkins Expires April 14, 2010 [Page 1]
Internet-Draft NAT64 Mobility October 2009
Abstract
This memo discusses potential NAT64 technology repercussions for
mobile nodes using Mobile IPv6. An ambiguity is identified related
to the use of DNS during bootstrapping, which is likely to inhibit
proper signaling between mobile node and home agent.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions used in this document . . . . . . . . . . . . . . 4
3. NAT64 Incompatibility with Mobile IPv6 . . . . . . . . . . . . 5
4. Security Considerations . . . . . . . . . . . . . . . . . . . 7
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
6.1. Normative References . . . . . . . . . . . . . . . . . . . 9
6.2. Informative References . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10
Haddad & Perkins Expires April 14, 2010 [Page 2]
Internet-Draft NAT64 Mobility October 2009
1. Introduction
NAT64 technology, as described in
[I-D.ietf-behave-v6v4-xlate-stateful], enables faster IPv4 network
conversion to IPv6-only operation while maintaining contact with the
remaining global IPv4 Internet. In this document, we are concerned
with IPv6-only nodes attached to a network for which NAT64 provides
connectivity with IPv4 networks.
This document aims to highlight potential NAT64 repercussions for
mobile nodes using Mobile IPv6 ([I-D.ietf-mext-rfc3775bis]) and
attached to a network behind a NAT64.
Haddad & Perkins Expires April 14, 2010 [Page 3]
Internet-Draft NAT64 Mobility October 2009
2. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Haddad & Perkins Expires April 14, 2010 [Page 4]
Internet-Draft NAT64 Mobility October 2009
3. NAT64 Incompatibility with Mobile IPv6
NAT technologies have from the very beginning exhibited numerous
incompatibities with the Internet. Hence, the new incompatibility
described in this document should not come as a surprise!
The NAT64 mechanism considered here complies with the DNS64
technology described in [I-D.ietf-behave-dns64] to provide the
querying host with a synthetic DNS response in which, the queried
FQDN is locally translated to an IPv6 address using the v6 prefix
assigned to the NAT64 v6 interface. By inserting the translated IPv6
address in the synthetic DNS response, the querying node acts as if
the destination is also using an IPv6 stack. This, in turn, enables
the two nodes to establish a session during which, all exchanged
packets are routed through the querying node's local NAT64 in order
to reach their destinations.
As NAT64 technology is likely to be widely deployed, we consider its
behavior in relationship to Mobile IPv6. For this purpose, suppose
that a mobile node (MN) configured with an IPv6 home address (HoA)
leaves its NAT64-serviced home network and attaches to a foreign
network also serviced by NAT64, and configures a new IPv6 address,
i.e., a care-of address (CoA). We analyze two scenarios which
require using MIPv6 either to maintain a session, or to establish an
optimal path to exchange the data packets, using MIPv6 route
optimization (RO).
In the first scenario, suppose that before detaching from its home
network, the MN has established a session with a corresponding node
(CN) which is attached to an IPv4 network. Due to the NAT64 presence
in the home network, the MN acts as if it were communicating with an
IPv6-enabled CN. Hence, the MN decides upon attaching to the new
NAT64-serviced foreign network, to run the MIPv6 return routability
procedure with the CN by sending first a home test init (HoTI)
message via its home agent. Such messages will be discarded either
by the CN or by a more intelligent NAT64 -- in which case it would
likely be followed by an ICMP message sent to the MN. In both cases,
the MN can detect that the RR procedure is failing. Consequently,
there is little harm to the MN's communications and no data packet
loss since the MN will keep using MIPv6 bidirectional tunneling (BT)
mode.
However, the situation worsens when we consider another scenario in
which the MN decides to establish a session with the same CN from the
foreign NAT64-serviced network. In such case, the MN will first
obtain a synthetic DNS reply which presents the CN as being an IPv6-
enabled node. Based on that, the MN may try to create a binding at
the CN. The MN might first run the RR procedure which will
Haddad & Perkins Expires April 14, 2010 [Page 5]
Internet-Draft NAT64 Mobility October 2009
ultimately fail (for the same reasons as in the first scenario).
More likely, the MN will initiate the session with the CN by using
the BT mode then switching to the RO mode. In this case, the MN
first tunnels its data packets to its HA without having them being
intercepted by the foreign NAT64. However, after reaching the HA,
the data packets will most likely be dropped at some point. This is
due to the presence of the foreign NAT64 IPv6 prefix in the CN's IPv6
address.
Haddad & Perkins Expires April 14, 2010 [Page 6]
Internet-Draft NAT64 Mobility October 2009
4. Security Considerations
This document describes scenarios where a NAT64, using DNS64, can
disrupt communications to a mobile node visiting the associated
network. It does not introduce any new security vulnerabilities,
provide any guidance about how to improve security, or describe any
effects on existing security practices.
Haddad & Perkins Expires April 14, 2010 [Page 7]
Internet-Draft NAT64 Mobility October 2009
5. Acknowledgements
Thanks to Francis Dupont and Joel Halpern for reviewing the document
at an early stage.
Haddad & Perkins Expires April 14, 2010 [Page 8]
Internet-Draft NAT64 Mobility October 2009
6. References
6.1. Normative References
[I-D.ietf-mext-rfc3775bis]
Johnson, D., Perkins, C., and J. Arkko, "Mobility Support
in IPv6", draft-ietf-mext-rfc3775bis-04 (work in
progress), July 2009.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
6.2. Informative References
[I-D.ietf-behave-dns64]
Bagnulo, M., Sullivan, A., Matthews, P., and I. Beijnum,
"DNS64: DNS extensions for Network Address Translation
from IPv6 Clients to IPv4 Servers",
draft-ietf-behave-dns64-00 (work in progress), July 2009.
[I-D.ietf-behave-v6v4-xlate-stateful]
Bagnulo, M., Matthews, P., and I. Beijnum, "NAT64: Network
Address and Protocol Translation from IPv6 Clients to IPv4
Servers", draft-ietf-behave-v6v4-xlate-stateful-01 (work
in progress), July 2009.
Haddad & Perkins Expires April 14, 2010 [Page 9]
Internet-Draft NAT64 Mobility October 2009
Authors' Addresses
Wassim Haddad
Ericsson
6210 Spine Road
Boulder, CO 80301
US
Phone: +303 473 6963
Email: Wassim.Haddad@ericsson.com
Charles E. Perkins
WiChorus Inc.
3590 North, 1st Street, Suite 300
San Jose, CA 95134
US
Email: Charliep@computer.org
Haddad & Perkins Expires April 14, 2010 [Page 10]