Internet Engineering Task Force Y. Shirasaki, Ed.
Internet-Draft I. Yamagata
Intended status: Informational NTT Communications
Expires: April 22, 2010 A. Nakagawa
KDDI CORPORATION
J. Yamaguchi
IIJ
H. Ashida
iTSCOM
October 19, 2009
NAT444
draft-shirasaki-nat444-00
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 22, 2010.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Shirasaki, et al. Expires April 22, 2010 [Page 1]
Internet-Draft NAT444 October 2009
Abstract
This document describes one of the network models that are designed
for smooth transition to IPv6. It is called NAT444 model. NAT444
model is composed of IPv6, and IPv4 with Large Scale NAT (LSN).
NAT444 is the only scheme not to require replacing Customer Premises
Equipment (CPE) even if IPv4 address exhausted. But it must be noted
that NAT444 has serious restrictions i.e. it limits the number of
sessions per CPE so that rich applications such as AJAX and RSS feed
cannot work well.
Therefore, IPv6 which is free from such a difficulty has to be
introduced into the network at the same time. In other words, NAT444
is just a tool to make IPv6 transition easy to be swallowed. It is
designed for the days IPv4 and IPv6 co-existence.
Shirasaki, et al. Expires April 22, 2010 [Page 2]
Internet-Draft NAT444 October 2009
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Definition of NAT444 Model . . . . . . . . . . . . . . . . . . 4
3. Behavior of NAT444 Model . . . . . . . . . . . . . . . . . . . 5
4. Pros and Cons of NAT444 Model . . . . . . . . . . . . . . . . 6
4.1. Pros of NAT444 Model . . . . . . . . . . . . . . . . . . . 6
4.2. Cons of NAT444 Model . . . . . . . . . . . . . . . . . . . 6
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
8.1. Normative References . . . . . . . . . . . . . . . . . . . 7
8.2. Informative References . . . . . . . . . . . . . . . . . . 8
Appendix A. Example IPv6 Transition Scenario . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10
Shirasaki, et al. Expires April 22, 2010 [Page 3]
Internet-Draft NAT444 October 2009
1. Introduction
The only permanent solution of the IPv4 address exhaustion is to
deploy IPv6. Now, just before the exhaustion, it's time to make a
transition to IPv6.
After the exhaustion, unless ISP takes any action, end users will not
be able to get IPv4 address.
The servers that have only IPv4 address will continue to exist on the
Internet after the IPv4 address exhaustion. In this situation, IPv6
only hosts cannot reach IPv4 only hosts.
This document explains NAT444 model that bridges the gap between the
coming IPv6 Internet and the present IPv4 Internet.
2. Definition of NAT444 Model
NAT444 Model is a network model that uses two Network Address and
Port Translators (NAPTs) with three types of IPv4 address blocks.
The first NAPT is in CPE, and the second NAPT is in Large Scale NAT
(LSN) [I-D.nishitani-cgn]. LSN is supposed to be installed in the
ISP's network.
The first IPv4 address block is Private Address [RFC1918] inside CPE.
The second one is an IPv4 Address block between CPEs and LSN. The
third one is IPv4 Global Addresses that is outside LSN. The ISPs
using NAT444 provide IPv6 connectivity by dual stack model.
(The IPv4 Internet) (The IPv6 Internet)
| |
+---------+ |
IPv4 Global Address | |
+--------+--------+ |
| LSN | |
+--------+--------+ |
IPv4 | | IPv6
+-------------+
Dual Stack |
+---------------+----------------+
| IPv4 NAT/IPv6 Dual Stack CPE |
+---------------+----------------+
IPv4 Private Address / |
IPv6 Dual Stack |
+-----------+-------------+
|IPv4/IPv6 Dual Stack host|
Shirasaki, et al. Expires April 22, 2010 [Page 4]
Internet-Draft NAT444 October 2009
+-------------------------+
3. Behavior of NAT444 Model
The IPv6 packets from the host reach the IPv6 Internet without using
NAT functionality.
The following figure shows the behavior of the IPv4 packet from the
host to the IPv4 server via two NATs. The first NAT in CPE
overwrites the Source IP Address and Source Port from 10.0.0.2:tt to
w.w.w.w:uu. Then the second NAT in LSN overwrites them from
w.w.w.w:uu to y.y.y.y:vv. Destination IP Address and Port are not
overwritten.
+-------------+
(Port=80) | IPv4 Server | ^
x.x.x.x-> +------+------+ :
| :
IPv4 Global Address | :
| :
(The IPv4 Internet):(Dst=x.x.x.x:80/Src=y.y.y.y:vv)
| :
IPv4 Global Address | :
| :
y.y.y.y-> +----+----+ :
(Port=vv) | LSN | ^
z.z.z.z-> +----+----+ :
| :
IPv4 Address | :(Dst=x.x.x.x:80/Src=w.w.w.w:uu)
| :
w.w.w.w-> +-------+-------+ :
(Port=uu) | IPv4 NAT CPE | ^
10.0.0.1-> +-------+-------+ :
| :
IPv4 Private Address| :
| :
10.0.0.2-> +----+----+ :(Dst=x.x.x.x:80/Src=10.0.0.2:tt)
(Port=tt) |IPv4 Host|
+---------+
The following figure explains the behavior of returning IPv4 packet
via two NATs. The first NAT in LSN overwrites the Destination IP
Address and Port Number from y.y.y.y:vv to w.w.w.w:uu. Then the
second NAT in CPE overwrites them from w.w.w.w:u to 10.0.0.2:tt.
Shirasaki, et al. Expires April 22, 2010 [Page 5]
Internet-Draft NAT444 October 2009
+-------------+
(Port=80) | IPv4 Server | :
x.x.x.x-> +------+------+ :
| :
IPv4 Global Address | :
| :
(The IPv4 Internet):(Dst=y.y.y.y:vv/Src=x.x.x.x:80)
| :
IPv4 Global Address | :
| :
y.y.y.y-> +----+----+ :
(Port=vv) | LSN | v
z.z.z.z-> +----+----+ :
| :
IPv4 Address | :(Dst=w.w.w.w:uu/Src=x.x.x.x:80)
| :
w.w.w.w-> +-------+-------+ :
(Port=uu) | IPv4 NAT CPE | v
10.0.0.1-> +-------+-------+ :
| :
IPv4 Private Address | :(Dst=10.0.0.2:tt/Src=x.x.x.x:80)
| :
10.0.0.2-> +----+----+ :
(Port=tt) |IPv4 Host| v
+---------+
4. Pros and Cons of NAT444 Model
4.1. Pros of NAT444 Model
This network model has following advantages.
- This is the only network model that doesn't require replacing CPEs
those are owned by customers.
- This network model is composed of the present technology.
- This network model doesn't require address family translation.
- This network model doesn't require DNS rewriting.
- This network model doesn't require additional fragment for the
packets because it doesn't use tunneling technology.
4.2. Cons of NAT444 Model
This network model has some technical restrictions.
- Some application such as SIP requires special treatment, because IP
address is written in the payload of the packet. Special treatment
means application itself aware double NAPT or both of two NAPTs
Shirasaki, et al. Expires April 22, 2010 [Page 6]
Internet-Draft NAT444 October 2009
support inspecting and rewriting the packets.
- Because both IPv4 route and IPv6 route exist, it doubles the number
of IGP route inside the LSN.
- UPnP doesn't work with double NAPTs.
5. Acknowledgements
Thanks for the input and review by Shin Miyakawa, Shirou Niinobe,
Takeshi Tomochika, Tomohiro Fujisaki, Dai Nishino, JP address
community members, AP address community members and JPNIC members.
6. IANA Considerations
There are no IANA considerations.
7. Security Considerations
Each customer inside a LSN looks using the same Global Address from
outside an ISP. In case of incidents, the ISP must have the function
to trace back the record of each customer's access without using only
IP address.
If a Global Address of the LSN is listed on the blacklist, other
customers who share the same address could be affected.
8. References
8.1. Normative References
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, February 1996.
[RFC4925] Li, X., Dawkins, S., Ward, D., and A. Durand, "Softwire
Problem Statement", RFC 4925, July 2007.
[I-D.shirasaki-isp-shared-addr]
Shirasaki, Y., Miyakawa, S., Nakagawa, A., Yamaguchi, J.,
and H. Ashida, "ISP Shared Address",
draft-shirasaki-isp-shared-addr-03 (work in progress),
September 2009.
[I-D.nishitani-cgn]
Nishitani, T., Miyakawa, S., Nakagawa, A., and H. Ashida,
Shirasaki, et al. Expires April 22, 2010 [Page 7]
Internet-Draft NAT444 October 2009
"Common Functions of Large Scale NAT (LSN)",
draft-nishitani-cgn-02 (work in progress), June 2009.
8.2. Informative References
[PROP58] Niinobe, S., Tomochika, T., Yamaguchi, J., Nishino, D.,
Ashida, H., Nakagawa, A., and T. Hosaka, "Proposal to
create IPv4 shared use address space among LIRs", 2008,
<http://www.apnic.net/policy/proposals/
prop-058-v001.html>.
Appendix A. Example IPv6 Transition Scenario
The steps of IPv6 transition are as follows.
Step 1: Enabling softwire client in host
ISP provides IPv6 connectivity to customers with softwire [RFC4925].
ISP installs LSN and softwire concentrator in its network. A
softwire client in host connects to the IPv6 internet via ISP's
concentrator. ISP can use existing IPv4 equipments. Customers can
just use existing CPE.
(The IPv4 Internet) (The IPv6 Internet)
| | IPv6
| +-----------+-----------+
| | Softwire Concentrator |
| +-----------+-----------+
+---------+----------+ ^
IPv4 Global Address | :
+----------+----------+ :
| LSN | :
+----------+----------+ :
Any IPv4 Address | : IPv6 over IPv4 Softwire
(ISP Network) | : (e.g. IPv6 over IPv4 L2TP)
+----------+----------+ :
| IPv4 NAT only CPE | :
+----------+----------+ :
IPv4 Private Address | v
+---------------+-----------------+
|IPv4/IPv6 Softwire Client in host|
+---------------------------------+
Step 2: Enabling softwire client in CPE
A customer enables softwire client in CPE. A softwire client in CPE
connects to the IPv6 internet via ISP's concentrator. A Customer's
Shirasaki, et al. Expires April 22, 2010 [Page 8]
Internet-Draft NAT444 October 2009
network is now dual stack.
(The IPv4 Internet) (The IPv6 Internet)
| | IPv6
| +----------+------------+
| | Softwire Concentrator |
| +----------+------------+
+---------+------------+ ^
IPv4 Global Address | :
+----------+------------+ :
| LSN | : IPv6 over IPv4 Softwire
+----------+------------+ : (e.g. IPv6 over IPv4 L2TP)
Any IPv4 Address | :
(ISP Network) | v
+---------------+--------------------+
|IPv4 NAT/IPv6 Softwire client in CPE|
+---------------+--------------------+
IPv4 Private Address / |
IPv6 Dual Stack |
+-----------+-------------+
|IPv4/IPv6 Dual Stack host|
+-------------------------+
Step 3: Moving on to dual stack
ISP provides dual stack access to CPE. A CPE uplink is now dual
stack.
(The IPv4 Internet) (The IPv6 Internet)
| |
+---------+ |
IPv4 Global Address | |
+--------+--------+ |
| LSN | | IPv6
+--------+--------+ |
Any IPv4 Address / | |
IPv6 Dual Stack +-------------+
(ISP Network) |
+---------------+----------------+
| IPv4 NAT/IPv6 Dual Stack CPE |
+---------------+----------------+
IPv4 Private Address / |
IPv6 Dual Stack |
+-----------+-------------+
|IPv4/IPv6 Dual Stack host|
+-------------------------+
Step 4: Moving on to pure IPv6
Shirasaki, et al. Expires April 22, 2010 [Page 9]
Internet-Draft NAT444 October 2009
IPv6 transition completes.
(The IPv6 Internet)
|
IPv6 |
+--------+----------+
| IPv6 CPE |
+--------+----------+
IPv6 |
+--------+----------+
| IPv6 host |
+-------------------+
Authors' Addresses
Yasuhiro Shirasaki (editor)
NTT Communications Corporation
NTT Hibiya Bldg. 7F, 1-1-6 Uchisaiwai-cho, Chiyoda-ku
Tokyo 100-8019
Japan
Phone: +81 3 6700 8530
Email: yasuhiro@nttv6.jp
Ikuhei Yamagata
NTT Communications Corporation
Granpark Tower 17F, 3-4-1 Shibaura, Minato-ku
Tokyo 108-8118
Japan
Phone: +81 3 6733 8671
Email: ikuhei@nttv6.jp
Akira Nakagawa
KDDI CORPORATION
GARDEN AIR TOWER, 3-10-10, Iidabashi, Chiyoda-ku
Tokyo 102-8460
Japan
Email: ai-nakagawa@kddi.com
Shirasaki, et al. Expires April 22, 2010 [Page 10]
Internet-Draft NAT444 October 2009
Jiro Yamaguchi
Internet Initiative Japan Inc.
Jinbocho Mitsui Bldg., 1-105 Kanda Jinbo-cho, Chiyoda-ku
Tokyo 101-0051
Japan
Phone: +81 3 5205 6500
Email: jiro-y@iij.ad.jp
Hiroyuki Ashida
its communications Inc.
3-5-7 Hisamoto Takatsu-ku Kawasaki-shi
Kanagawa 213-0011
Japan
Email: ashida@itscom.ad.jp
Shirasaki, et al. Expires April 22, 2010 [Page 11]