Internet Engineering Task Force Y. Shirasaki, Ed.
Internet-Draft S. Miyakawa
Intended status: Informational NTT Communications
Expires: March 11, 2010 A. Nakagawa
KDDI CORPORATION
J. Yamaguchi
IIJ
H. Ashida
iTSCOM
September 7, 2009
NAT444 with ISP Shared Address
draft-shirasaki-nat444-isp-shared-addr-02
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on March 11, 2010.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Shirasaki, et al. Expires March 11, 2010 [Page 1]
Internet-Draft NAT444 with ISP Shared Address September 2009
Abstract
This document describes one of the network models that are designed
for smooth transition to IPv6. It is called NAT444 model. NAT444
model is composed of IPv6, and IPv4 with Large Scale NAT (LSN).
NAT444 is the only scheme not to require replacing Customer Premises
Equipment (CPE) even if IPv4 address exhausted. But it must be noted
that NAT444 has serious restrictions i.e. it limits the number of
sessions per CPE so that rich applications such as AJAX and RSS feed
cannot work well.
Therefore, IPv6 which is free from such a difficulty has to be
introduced into the network at the same time. In other words, NAT444
is just a tool to make IPv6 transition easy to be swallowed. It is
designed for the days IPv4 and IPv6 co-existence.
Shirasaki, et al. Expires March 11, 2010 [Page 2]
Internet-Draft NAT444 with ISP Shared Address September 2009
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Definition of NAT444 Model . . . . . . . . . . . . . . . . . . 4
3. Behavior of NAT444 Model . . . . . . . . . . . . . . . . . . . 5
4. Pros and Cons of NAT444 Model . . . . . . . . . . . . . . . . 7
4.1. Pros of NAT444 Model . . . . . . . . . . . . . . . . . . . 7
4.2. Cons of NAT444 Model . . . . . . . . . . . . . . . . . . . 7
5. Address Block of ISP's Network . . . . . . . . . . . . . . . . 8
5.1. Global Address . . . . . . . . . . . . . . . . . . . . . . 8
5.2. Private Address . . . . . . . . . . . . . . . . . . . . . 8
5.2.1. Policy Based Routing Issue . . . . . . . . . . . . . . 8
5.2.2. Address Block Duplication Issue . . . . . . . . . . . 8
5.3. Class-E Address (240/4) . . . . . . . . . . . . . . . . . 8
5.4. ISP Shared Address . . . . . . . . . . . . . . . . . . . . 9
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
8. Security Considerations . . . . . . . . . . . . . . . . . . . 9
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
9.1. Normative References . . . . . . . . . . . . . . . . . . . 9
9.2. Informative References . . . . . . . . . . . . . . . . . . 10
Appendix A. Example IPv6 Transition Scenario . . . . . . . . . . 10
Appendix B. Example Architectures . . . . . . . . . . . . . . . . 12
B.1. Direct Routing inside LSN . . . . . . . . . . . . . . . . 12
B.2. LSN Bypassing . . . . . . . . . . . . . . . . . . . . . . 13
B.3. Global Address Customers inside LSN . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15
Shirasaki, et al. Expires March 11, 2010 [Page 3]
Internet-Draft NAT444 with ISP Shared Address September 2009
1. Introduction
The only permanent solution of the IPv4 address exhaustion is to
deploy IPv6. Now, just before the exhaustion, it's time to make a
transition to IPv6.
After the exhaustion, unless ISP takes any action, end users will not
be able to get IPv4 address.
The servers that have only IPv4 address will continue to exist on the
Internet after the IPv4 address exhaustion. In this situation, IPv6
only hosts cannot reach IPv4 only hosts.
This document explains NAT444 model that bridges the gap between the
coming IPv6 Internet and the present IPv4 Internet.
2. Definition of NAT444 Model
NAT444 Model is a network model that uses two Network Address and
Port Translators (NAPTs) with three types of IPv4 address blocks.
The first NAPT is in CPE, and the second NAPT is in Large Scale NAT
(LSN) [I-D.nishitani-cgn]. LSN is supposed to be installed in the
ISP's network.
The first IPv4 address block is Private Address [RFC1918] inside CPE.
The second one is an IPv4 Address block between CPEs and LSN. It
could be Global Address, Private Address (10/8), Class-E (240/4), or
(newly defined) ISP Shared Address. The third one is IPv4 Global
Addresses that is outside LSN. The ISPs using NAT444 provide IPv6
connectivity by dual stack model.
Shirasaki, et al. Expires March 11, 2010 [Page 4]
Internet-Draft NAT444 with ISP Shared Address September 2009
(The IPv4 Internet) (The IPv6 Internet)
| |
+---------+ |
IPv4 Global Address | |
+--------+--------+ |
| LSN | |
+--------+--------+ |
IPv4 | | IPv6
+-------------+
Dual Stack |
+---------------+----------------+
| IPv4 NAT/IPv6 Dual Stack CPE |
+---------------+----------------+
IPv4 Private Address / |
IPv6 Dual Stack |
+-----------+-------------+
|IPv4/IPv6 Dual Stack host|
+-------------------------+
3. Behavior of NAT444 Model
The IPv6 packets from the host reach the IPv6 Internet without using
NAT functionality.
The following figure shows the behavior of the IPv4 packet from the
host to the IPv4 server via two NATs. The first NAT in CPE
overwrites the Source IP Address and Source Port from 10.0.0.2:tt to
w.w.w.w:uu. Then the second NAT in LSN overwrites them from
w.w.w.w:uu to y.y.y.y:vv. Destination IP Address and Port are not
overwritten.
Shirasaki, et al. Expires March 11, 2010 [Page 5]
Internet-Draft NAT444 with ISP Shared Address September 2009
+-------------+
(Port=80) | IPv4 Server | ^
x.x.x.x-> +------+------+ :
| :
IPv4 Global Address | :
| :
(The IPv4 Internet):(Dst=x.x.x.x:80/Src=y.y.y.y:vv)
| :
IPv4 Global Address | :
| :
y.y.y.y-> +----+----+ :
(Port=vv) | LSN | ^
z.z.z.z-> +----+----+ :
| :
IPv4 Address | :(Dst=x.x.x.x:80/Src=w.w.w.w:uu)
| :
w.w.w.w-> +-------+-------+ :
(Port=uu) | IPv4 NAT CPE | ^
10.0.0.1-> +-------+-------+ :
| :
IPv4 Private Address| :
| :
10.0.0.2-> +----+----+ :(Dst=x.x.x.x:80/Src=10.0.0.2:tt)
(Port=tt) |IPv4 Host|
+---------+
The following figure explains the behavior of returning IPv4 packet
via two NATs. The first NAT in LSN overwrites the Destination IP
Address and Port Number from y.y.y.y:vv to w.w.w.w:uu. Then the
second NAT in CPE overwrites them from w.w.w.w:u to 10.0.0.2:tt.
Shirasaki, et al. Expires March 11, 2010 [Page 6]
Internet-Draft NAT444 with ISP Shared Address September 2009
+-------------+
(Port=80) | IPv4 Server | :
x.x.x.x-> +------+------+ :
| :
IPv4 Global Address | :
| :
(The IPv4 Internet):(Dst=y.y.y.y:vv/Src=x.x.x.x:80)
| :
IPv4 Global Address | :
| :
y.y.y.y-> +----+----+ :
(Port=vv) | LSN | v
z.z.z.z-> +----+----+ :
| :
IPv4 Address | :(Dst=w.w.w.w:uu/Src=x.x.x.x:80)
| :
w.w.w.w-> +-------+-------+ :
(Port=uu) | IPv4 NAT CPE | v
10.0.0.1-> +-------+-------+ :
| :
IPv4 Private Address | :(Dst=10.0.0.2:tt/Src=x.x.x.x:80)
| :
10.0.0.2-> +----+----+ :
(Port=tt) |IPv4 Host| v
+---------+
4. Pros and Cons of NAT444 Model
4.1. Pros of NAT444 Model
This network model has following advantages.
- This is the only network model that doesn't require replacing CPEs
those are owned by customers.
- This network model is composed of the present technology.
- This network model doesn't require address family translation.
- This network model doesn't require DNS rewriting.
- This network model doesn't require additional fragment for the
packets because it doesn't use tunneling technology.
4.2. Cons of NAT444 Model
This network model has some technical restrictions.
- Some application such as SIP requires special treatment, because IP
address is written in the payload of the packet. Special treatment
means application itself aware double NAPT or both of two NAPTs
Shirasaki, et al. Expires March 11, 2010 [Page 7]
Internet-Draft NAT444 with ISP Shared Address September 2009
support inspecting and rewriting the packets.
- Because both IPv4 route and IPv6 route exist, it doubles the number
of IGP route inside the LSN.
- UPnP doesn't work with double NAPTs.
5. Address Block of ISP's Network
The address block mentioned in this section is the one between CPE
and LSN. The best address block is "ISP Shared Address" which is
defined in [I-D.shirasaki-isp-shared-addr] and briefly described in
this section.
5.1. Global Address
ISP cannot assign IPv4 Global Address any more after the exhaustion.
5.2. Private Address
It has two major problems.
5.2.1. Policy Based Routing Issue
If both source and destination address of the packet are inside LSN,
it has to go through LSN. The reason is that some servers reject
receiving packets when the source address of receiving packet is
Private Address. Therefore packets have to go through the LSN for
rewriting the source address from Private Address to Global Address.
Additionally, if Private Address and Global Address co-exist inside
LSN, the ISP has to use Policy Based Routing (PBR).
5.2.2. Address Block Duplication Issue
The Private Address in ISP's network could conflict with its
customer's network address. Many CPEs between customer's network and
ISP's network cannot route the packet under this situation. To avoid
this, ISP has to negotiate with its all customers not to use the
reserved Private Address block.
5.3. Class-E Address (240/4)
It is known that some equipment such as routers and servers reject
packets from or to this address block. So, to use this address block
in ISP's network, ISP has to request its customers to replace their
equipment. In addition to that, ISP might have to replace their
equipment when it doesn't handle Class-E address packets properly.
Shirasaki, et al. Expires March 11, 2010 [Page 8]
Internet-Draft NAT444 with ISP Shared Address September 2009
5.4. ISP Shared Address
ISP Shared Address is the newly defined IPv4 address block that is to
be allocated from IANA free pool. It doesn't have any problem.
Spending some blocks from the exhausting IANA free pool could be
regarded as a problem, but from long view, this problem is much
smaller than its great merit. ISP Shared Address is defined in
[I-D.shirasaki-isp-shared-addr]
6. Acknowledgements
Thanks for the input and review by Shirou Niinobe, Takeshi Tomochika,
Tomohiro Fujisaki, Dai Nishino, JP address community members, AP
address community members and JPNIC members.
7. IANA Considerations
IANA is to allocate a certain size of address block from IANA free
pool. The size of it is described in [I-D.shirasaki-isp-shared-addr]
8. Security Considerations
Each customer inside a LSN looks using the same Global Address. from
outside an ISP. In case of incidents, the ISP must have the function
to trace back the record of each customer's access without using only
IP address.
If a Global Address of the LSN is listed on the blacklist, other
customers who share the same address could be affected.
9. References
9.1. Normative References
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, February 1996.
[RFC4925] Li, X., Dawkins, S., Ward, D., and A. Durand, "Softwire
Problem Statement", RFC 4925, July 2007.
[I-D.shirasaki-isp-shared-addr]
Shirasaki, Y., Miyakawa, S., Nakagawa, A., Yamaguchi, J.,
and H. Ashida, "ISP Shared Address",
Shirasaki, et al. Expires March 11, 2010 [Page 9]
Internet-Draft NAT444 with ISP Shared Address September 2009
draft-shirasaki-isp-shared-addr-02 (work in progress),
March 2009.
[I-D.nishitani-cgn]
Nishitani, T., Miyakawa, S., Nakagawa, A., and H. Ashida,
"Common Functions of Large Scale NAT (LSN)",
draft-nishitani-cgn-02 (work in progress), June 2009.
9.2. Informative References
[PROP58] Niinobe, S., Tomochika, T., Yamaguchi, J., Nishino, D.,
Ashida, H., Nakagawa, A., and T. Hosaka, "Proposal to
create IPv4 shared use address space among LIRs", 2008,
<http://www.apnic.net/policy/proposals/
prop-058-v001.html>.
Appendix A. Example IPv6 Transition Scenario
The steps of IPv6 transition are as follows.
Step 1: Enabling softwire client in host
ISP provides IPv6 connectivity to customers with softwire [RFC4925].
ISP installs LSN and softwire concentrator in its network. A
softwire client in host connects to the IPv6 internet via ISP's
concentrator. ISP can use existing IPv4 equipments. Customers can
just use existing CPE.
(The IPv4 Internet) (The IPv6 Internet)
| | IPv6
| +-----------+-----------+
| | Softwire Concentrator |
| +-----------+-----------+
+---------+----------+ ^
IPv4 Global Address | :
+----------+----------+ :
| LSN | :
+----------+----------+ :
Any IPv4 Address | : IPv6 over IPv4 Softwire
(ISP Network) | : (e.g. IPv6 over IPv4 L2TP)
+----------+----------+ :
| IPv4 NAT only CPE | :
+----------+----------+ :
IPv4 Private Address | v
+---------------+-----------------+
|IPv4/IPv6 Softwire Client in host|
+---------------------------------+
Shirasaki, et al. Expires March 11, 2010 [Page 10]
Internet-Draft NAT444 with ISP Shared Address September 2009
Step 2: Enabling softwire client in CPE
A customer enables softwire client in CPE. A softwire client in CPE
connects to the IPv6 internet via ISP's concentrator. A Customer's
network is now dual stack.
(The IPv4 Internet) (The IPv6 Internet)
| | IPv6
| +----------+------------+
| | Softwire Concentrator |
| +----------+------------+
+---------+------------+ ^
IPv4 Global Address | :
+----------+------------+ :
| LSN | : IPv6 over IPv4 Softwire
+----------+------------+ : (e.g. IPv6 over IPv4 L2TP)
Any IPv4 Address | :
(ISP Network) | v
+---------------+--------------------+
|IPv4 NAT/IPv6 Softwire client in CPE|
+---------------+--------------------+
IPv4 Private Address / |
IPv6 Dual Stack |
+-----------+-------------+
|IPv4/IPv6 Dual Stack host|
+-------------------------+
Step 3: Moving on to dual stack
ISP provides dual stack access to CPE. A CPE uplink is now dual
stack.
Shirasaki, et al. Expires March 11, 2010 [Page 11]
Internet-Draft NAT444 with ISP Shared Address September 2009
(The IPv4 Internet) (The IPv6 Internet)
| |
+---------+ |
IPv4 Global Address | |
+--------+--------+ |
| LSN | | IPv6
+--------+--------+ |
Any IPv4 Address / | |
IPv6 Dual Stack +-------------+
(ISP Network) |
+---------------+----------------+
| IPv4 NAT/IPv6 Dual Stack CPE |
+---------------+----------------+
IPv4 Private Address / |
IPv6 Dual Stack |
+-----------+-------------+
|IPv4/IPv6 Dual Stack host|
+-------------------------+
Step 4: Moving on to pure IPv6
IPv6 transition completes.
(The IPv6 Internet)
|
IPv6 |
+--------+----------+
| IPv6 CPE |
+--------+----------+
IPv6 |
+--------+----------+
| IPv6 host |
+-------------------+
Appendix B. Example Architectures
This section explains example architectures how to design NAT444 with
ISP Shared Address.
B.1. Direct Routing inside LSN
This architecture enables direct communication between customers
inside same LSN. It has the following advantages.
- The packets don't go through LSN. (No hairpining)
- The customers inside LSN can use bidirectional applications (e.g.
TV Conference, VPN).
Shirasaki, et al. Expires March 11, 2010 [Page 12]
Internet-Draft NAT444 with ISP Shared Address September 2009
- No need to use Policy Based Routing.
(The IPv4 Internet)
| Global Address
+----+----+
| LSN |
+----+----+
|
ISP Shared +-----------+----------+ ISP Shared
Address | .......... | Address
+----+----+ : : +----+----+
| CPE NAT | : : | CPE NAT |
+----+----+ : : +----+----+
Private | : : | Private
Address | v v | Address
+----+----+ +----+----+
|IPv4 Host| |IPv4 Host|
+---------+ +---------+
B.2. LSN Bypassing
This architecture is bypassing the NAT function of LSN. It has the
following advantage.
- The customers inside an ISP can use bidirectional applications
(e.g. TV Conference, VPN).
-Any communication in single ISP doesn't consume LSN external port.
-ISP's servers outside LSN can access CPE. (e.g. ICMP echo, SNMP,
remote access)
-ISP's servers outside LSN can distinguish which customer's
connection it receives. (e.g. DNS, Mail)
Shirasaki, et al. Expires March 11, 2010 [Page 13]
Internet-Draft NAT444 with ISP Shared Address September 2009
(The IPv4 Internet)
|
| +--------+ Network Monitor
| | Server | (ICMP echo, SNMP)
| +----+---+ DNS, Mail, Web, etc
Global | | ^
Address +----------------------+ :
| ....................
| . : |
+----+----+ : : +----+----+ bypass NAT:
| LSN | : bypass : | LSN | Dst=ISP's Global Address
+----+----+ : NAT : +----+----+ or ISP Shared Address
ISP Shared | : : |
Address | : : | ISP Shared Address
+----+----+ : : +----+----+
| CPE NAT | : : | CPE NAT |
+----+----+ : : +----+----+
Private | : : | Private
Address | v v | Address
+----+----+ +----+----+
|IPv4 Host| |IPv4 Host|
+---------+ +---------+
B.3. Global Address Customers inside LSN
This architecture enables co-existing Global Address and ISP Shared
Address inside LSN.
It enables direct communications from ISP Shared Address customer to
Global Address customer inside same LSN. It has the following
advantage.
- The ISP can put ISP Shared Address customer and Global Address
customer in the same concentrator.
- The packets don't go through LSN. (No hairpining)
- The customers inside LSN can use bidirectional applications (e.g.
TV Conference, VPN).
- No need to use Policy Based Routing.
Shirasaki, et al. Expires March 11, 2010 [Page 14]
Internet-Draft NAT444 with ISP Shared Address September 2009
(The IPv4 Internet)
|
| Global Address
+----+----+
| LSN | bypass NAT: Src/Dst=Global Address
+----+----+
| Global Address and ISP Shared Address co-existing
+----------------------+
| ......... |
+----+----+ : : +----+----+
| Firewall| : : | CPE NAT |
+----+----+ : : +----+----+
Global | : : | Private
Address | v : | Address
+-----+-----+ +----+----+
|IPv4 Server| |IPv4 Host|
+-----------+ +---------+
Authors' Addresses
Yasuhiro Shirasaki (editor)
NTT Communications Corporation
NTT Hibiya Bldg. 7F, 1-1-6 Uchisaiwai-cho, Chiyoda-ku
Tokyo 100-8019
Japan
Phone: +81 3 6700 8530
Email: yasuhiro@nttv6.jp
Shin Miyakawa
NTT Communications Corporation
Granpark Tower 17F, 3-4-1 Shibaura, Minato-ku
Tokyo 108-8118
Japan
Phone: +81 3 6733 8671
Email: miyakawa@nttv6.jp
Shirasaki, et al. Expires March 11, 2010 [Page 15]
Internet-Draft NAT444 with ISP Shared Address September 2009
Akira Nakagawa
KDDI CORPORATION
GARDEN AIR TOWER, 3-10-10, Iidabashi, Chiyoda-ku
Tokyo 102-8460
Japan
Email: ai-nakagawa@kddi.com
Jiro Yamaguchi
Internet Initiative Japan Inc.
Jinbocho Mitsui Bldg., 1-105 Kanda Jinbo-cho, Chiyoda-ku
Tokyo 101-0051
Japan
Phone: +81 3 5205 6500
Email: jiro-y@iij.ad.jp
Hiroyuki Ashida
its communications Inc.
3-5-7 Hisamoto Takatsu-ku Kawasaki-shi
Kanagawa 213-0011
Japan
Email: ashida@itscom.ad.jp
Shirasaki, et al. Expires March 11, 2010 [Page 16]