Network Working Group X. Li
Internet-Draft C. Bao
Intended status: Informational CERNET Center/Tsinghua University
Expires: September 8, 2010 C. Metz
Cisco Systems, Inc.
March 7, 2010
Stateless/Partial-state 1:N Network Address and Protocol Translation
between IPv4 and IPv6 nodes
draft-xli-behave-xlate-partial-state-01
Abstract
This document presents concepts and implementations of stateless/
partial-state 1:N network address and protocol translation between
IPv4 and IPv6 nodes.
Stateless 1:N translation keeps the features of stateless, end-to-end
address transparency and bidirectional-initiated communications of
the original stateless translation (1:1 IVI), in addition it can
utilize the IPv4 addresses more effectively. However, it requires
the modification of the IPv6 end systems or deploying home gateways.
By introducing "partial state" in the translator, this requirement is
not necessary.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 8, 2010.
Li, et al. Expires September 8, 2010 [Page 1]
Internet-Draft 1:N Translation March 2010
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminologies . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Stateless 1:N Translation . . . . . . . . . . . . . . . . . . 4
3.1. Address-sharing algorithm . . . . . . . . . . . . . . . . 4
3.2. Extended address format . . . . . . . . . . . . . . . . . 5
3.3. Transport address mapping algorithm . . . . . . . . . . . 7
3.4. Protocol translation . . . . . . . . . . . . . . . . . . . 8
3.5. IPv6 end system requirements . . . . . . . . . . . . . . . 8
4. Partial-state 1:N Translation . . . . . . . . . . . . . . . . 8
4.1. Session tables . . . . . . . . . . . . . . . . . . . . . . 8
4.2. Port number mapping algorithm . . . . . . . . . . . . . . 9
5. Operation considerations . . . . . . . . . . . . . . . . . . . 10
5.1. Routing . . . . . . . . . . . . . . . . . . . . . . . . . 10
5.2. DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
5.3. ALG . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
6. Deployment Considerations . . . . . . . . . . . . . . . . . . 10
6.1. Using Modified IPv6 Hosts in an IPv6 Network . . . . . . . 10
6.2. Using Unmodified IPv6 Hosts in an IPv6 Network . . . . . . 11
6.3. Mixed Environment in an IPv6 Network . . . . . . . . . . . 11
7. Security Considerations . . . . . . . . . . . . . . . . . . . 12
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
10.1. Normative References . . . . . . . . . . . . . . . . . . . 12
10.2. Informative References . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14
Li, et al. Expires September 8, 2010 [Page 2]
Internet-Draft 1:N Translation March 2010
1. Introduction
The experiences for the IPv6 deployment in the past 10 years strongly
indicate that for a successful transition, the communication between
IPv4 and IPv6 address families should be supported.
Recently, the stateless and stateful IPv4/IPv6 translation methods
are developed and becoming the IETF standards
[I-D.ietf-behave-v6v4-framework], [I-D.ietf-behave-v6v4-xlate],
[I-D.ietf-behave-v6v4-xlate-stateful]. The original stateless IPv4/
IPv6 translation (stateless 1:1 IVI) is scalable, maintains the end-
to-end address transparency and support both IPv6 initiated and IPv4
initiated communications [I-D.ietf-behave-v6v4-framework],
[I-D.ietf-behave-v6v4-xlate]. But it can not use the IPv4 addresses
effectively. The IPv4 address depletion problem makes the deployment
of the stateless 1:1 IVI challenging, in particular as the number of
IPv6 hosts increases. The stateful IPv4/IPv6 translation can share
the IPv4 addresses among IPv6 hosts, but it only supports IPv6
initiated communication [I-D.ietf-behave-v6v4-framework],
[I-D.ietf-behave-v6v4-xlate-stateful]. Rely on session initiated
states, the stateful translation cannot support the end-to-end
address transparency and costs more compared with the stateless
translation.
We then try to find a translation scheme which keeps end-to-end
address transparency can utilize IPv4 address effectively. This
turns into stateless and partial-state translators. Stateless 1:N
translation is an extensions of the stateless translation, which
keeps stateless, end-to-end address transparency and bidirectional-
initiated communications. By limiting useable port range for
different IPv6 addresses, several IPv6 hosts can share a single IPv4
address using limited port range. The partial-state 1:N translator
is an further extensions of the stateless 1:N translation. It tracks
and maps port range of IPv6 hosts using a simplified scheme of
stateful translation. Therefore, the modification of IPv6 hosts is
not required. In addition, the partial-state 1:N translation has the
following features:
1. Less state and complexity than full-blown stateful.
2. Supports IPv4-initiated connectivity.
3. Require less work to log translation bindings.
The stateless/partial-state 1:N translation are solutions for the
following scenarios [I-D.ietf-behave-v6v4-framework].
Li, et al. Expires September 8, 2010 [Page 3]
Internet-Draft 1:N Translation March 2010
o Scenario 1: An IPv6 network to the IPv4 Internet.
o Scenario 2: The IPv4 Internet to an IPv6 network.
o Scenario 5: An IPv6 network to an IPv4 network.
o Scenario 6: An IPv4 network to an IPv6 network.
2. Terminologies
This document uses the terminologies defined in
[I-D.ietf-behave-v6v4-framework],
[I-D.ietf-behave-v6v4-xlate-stateful],
[I-D.ietf-behave-address-format].
The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in [RFC2119].
3. Stateless 1:N Translation
In order to provide IPv4 connectivity for multiple IPv6 hosts sharing
a single IPv4 address, the port number multiplexing technique is
used. This is to say that a single IPv4 address can be shared for
multiple IPv6 hosts under the condition that these individual hosts
can only use a subset of the 65,536 port numbers when communicating
with the IPv4 Internet. For example, if the port multiplexing ratio
is 128, each host with IPv4- translatable address can use 512
concurrent port numbers when communicating with IPv4 Internet. Note
that there is no port number restriction when these IPv6 hosts
communicate with the IPv6 Internet.
3.1. Address-sharing algorithm
The stateless 1:N translation is shown in the following figure.
Li, et al. Expires September 8, 2010 [Page 4]
Internet-Draft 1:N Translation March 2010
.-------|Host0| A1/(P%N)+0
/
------ ----- |
/ The \ ------ / An \ |
| IPv4 |--|1:N |---| IPv6 |------------|Host1| A1/(P%N)+1
\Internet/ |XLATE | \Network/ |
------ ------ ----- |
|\
| -------|Host2| A1/(P%N)+2
|
|
\
-------|HostK| A1/(P%N)+K
Figure 1: Stateless 1:N translation
In the above figure, the Host0, Host1, Host2, ..., HostK are sharing
the same IPv4 address A1, but port number range for different hosts
are not overlapped. Therefore, when these IPv6 hosts communicate
with the IPv4 Internet via the translator, it looks like a single
host with IPv4 address A1 communicating with the IPv4 Internet.
We use the Modulus Operator to define the port number range. If the
multiplexing ratio is N, then:
o For host K, the allowed port number (P) are P=j*N + K (j=0, 1,
..., N-1).
o For the destination port number (P), the packets will be sent to
host K=(P%N) (% is the Modulus Operator).
For example: If N=256, then host K=5 is only allowed to use port
numbers 5, 261, 517, 773, ..., 65,285 as the source port, while the
packets with these port numbers as the destination port number will
be send to host K=5.
3.2. Extended address format
In order to perform the stateless translation between the IPv4 and
IPv6, both IPv4-converted and IPv4-translatable address are required
[I-D.ietf-behave-v6v4-framework], [I-D.ietf-behave-address-format].
The IPv4-converted addresses are used to represent IPv4 addresses in
IPv6, as shown in the following figure.
Li, et al. Expires September 8, 2010 [Page 5]
Internet-Draft 1:N Translation March 2010
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|PL| 0-------------32--40--48--56--64--72--80--88--96--104-112-120-|
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|32| prefix |v4(32) | u | zero |
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|40| prefix |v4(24) | u |(8)| zero |
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|48| prefix |v4(16) | u | (16) | zero |
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|56| prefix |(8)| u | v4(24) | zero |
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|64| prefix | u | v4(32) | zero |
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
Figure 2: IPv4-converted address format
There is no port number coding required for the IPv4-converted
address.
The IPv4-translatable addresses are used to represent IPv6 addresses
in IPv4, We use 16-bit suffix to encode the range of the port number
as shown in the following figure.
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|PL| 0-------------32--40--48--56--64--72--80--88--96--104-112-120-|
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|32| prefix |v4(32) | u |Coding | zero |
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|40| prefix |v4(24) | u |(8)|Coding | zero |
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|48| prefix |v4(16) | u | (16) |Coding | zero |
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|56| prefix |(8)| u | v4(24) |Coding | zero |
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|64| prefix | u | v4(32) |Coding | 0 |
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
Figure 3: Extended IPv4-translatable address format
Where, we use reserved 16-bits (Coding) to encode the port number
range based on the Modulus Operator.
The most significant 4 bits define the multiplexing ratio and the
least significant 12 bits define the index of the host, as shown in
the following figure.
Li, et al. Expires September 8, 2010 [Page 6]
Internet-Draft 1:N Translation March 2010
(4 bits) | Index Range(12 bits) | Multx ratio | # of Ports
-----------------------------------------------------------------
0 000-000 1 65,536
1 000-001 2 32,768
2 000-003 4 16,384
3 000-007 8 8,192
4 000-00f 16 4,096
5 000-01f 32 2,048
6 000-03f 64 1,024
7 000-07f 128 512
8 000-0ff 256 256
9 000-1ff 512 128
A 000-3ff 1,024 64
B 000-7ff 2,048 32
C 000-fff 4,096 16
-----------------------------------------------------------------
Figure 4: Transport layer port number coding
3.3. Transport address mapping algorithm
For the stateless 1:N translation, the IPv6 end systems are required
to follow the port number range defined by the extended IPv4-
translatable address format when communicating with the IPv4
Internet. The port number handling algorithm is:
o If the packets are from IPv4 to IPv6, the IPv4 source addresses
are translated to the IPv4-converted addresses and the source port
numbers are unchanged; the IPv4 destination addresses are
translated to the extended IPv4-translatable addresses based on
the destination port number and the destination port numbers are
unchanged.
o If the packets are from IPv6 to IPv4, the IPv6 source addresses
and the source port numbers are checked, if the source port number
matches the port number range defined by the extended IPv4-
translatable address format, the IPv6 source addresses (which are
the IPv4-translatable addresses) are translated to the IPv4
addresses and the source port numbers are unchanged; the
destination IPv6 addresses (which are the IPv4-converted
addresses) are translated to the IPv4 destination addresses and
the destination port numbers are unchanged. However, if the
source port numbers do not match the port number range defined by
the extended IPv4-translatable address format, the packets will be
dropped.
Li, et al. Expires September 8, 2010 [Page 7]
Internet-Draft 1:N Translation March 2010
3.4. Protocol translation
The protocol translation is defined in [I-D.ietf-behave-v6v4-xlate],
except the address translation, which is defined in sections 3.2 and
4.2 of this document.
3.5. IPv6 end system requirements
The IPv6 end systems MUST follow the port number range defined by the
extended IPv4-translatable addresses. The behavior of the IPv6 end
system when communicating with the IPv4 Internet are:
o If the IPv6 end system is used as a server, different well-known
ports will be served by different IPv6 hosts.
o If the IPv6 end system is used as a client, the end system must
generate the source port numbers in the range defined by the
extended IPv4-translatable address format. This can be done by
the modification of IPv6 end systems.
4. Partial-state 1:N Translation
Stateless 1:N translation requires that IPv6 end system generate
source port number in the range defined by the extended IPv4-
translatable address. Then we introduce partial-state 1:N
translation, which consists of session table and port number mapping
algorithm in translator without the modification of IPv6 end systems.
4.1. Session tables
A partial-state translator has three session tables: one for TCP
sessions, one for UDP sessions, and one for ICMP Query sessions. For
TCP and UDP, the session table contains address and port number. For
ICMP Query, the session table contains address and identifier. Each
entry in the session tables keeps information on the state of the
corresponding session.
o UDP session is initiated based on port number mapping algorithm
defined in section 4.2 and a timer that tracks the remaining
lifetime of the UDP session. When the timer expires, the UDP
session is deleted.
o TCP Session is based on port number mapping algorithm defined in
section 4.2 and TCP state machine. When the state machine reaches
the termination state, the TCP session is deleted.
Li, et al. Expires September 8, 2010 [Page 8]
Internet-Draft 1:N Translation March 2010
o ICMP query session is initiated based on port number mapping
algorithm defined in section 4.2 and a timer that tracks the
remaining lifetime of the ICMP Query session. When the timer
expires, the session is deleted.
4.2. Port number mapping algorithm
For source port number of the packet from IPv6 to IPv4:
o If source port number is not in the range defined by the extended
IPv4-translatable address, the translator will check if there is
an entry in the session table.
* If the entry exists, the translator will use that entry to map
source port to the one in the session table.
* If the entry does not exist, the translator will create an
entry in the session table to map the source port to an allowed
range.
o If source port number is in the range defined by the extended
IPv4-translatable address, the translator will not create an entry
in the session table.
For destination port number of the packet from IPv4 to IPv6:
o If the mapping entry exists in the session table, map the
destination port number to the one in the session table.
o If the mapping entry does not exist in the session table, keep the
original destination port number.
For destination port number of the packet from IPv6 to IPv4 and for
source port number of the packets from IPv4 to IPv6, no special
algorithm is required and there is no port number change.
The reason we call this partial-state is that:
1. The address mapping is fully algorithm based, as defined in
section 3.3. The states are used for port number mapping only,
as defined in section 4.2.
2. There will be no session table created if the the source port
number from IPv6 to IPv4 is in the range defined by the extended
IPv4-translatable address.
3. For the destination port number of the packet from the IPv4 to
IPv6, there will be no session table created
Li, et al. Expires September 8, 2010 [Page 9]
Internet-Draft 1:N Translation March 2010
5. Operation considerations
5.1. Routing
The routing follows the general IPv4/IPv6 routing principle, i.e.
"more specifics win", same as the original stateless 1:1 IVI.
[I-D.xli-behave-ivi].
5.2. DNS
The DNS handling is referring to DNS64 [I-D.ietf-behave-dns64] and
DNS46 [I-D.xli-behave-dns46-for-stateless].
5.3. ALG
The ALG related issue is discussed in
[I-D.ietf-behave-v6v4-framework].
6. Deployment Considerations
The stateless 1:N translation requires that the IPv6 hosts served by
the translator generate the port numbers in the range defined
extended IPv4-translatable addresses.
6.1. Using Modified IPv6 Hosts in an IPv6 Network
Stateless translation can be deployed using modified IPv6 hosts.
These IPv6 hosts are using extended IPv4-translatable addresses and
the IPv6 hosts will generate the source port number in the range
defined by extended IPv4-translatable addresses. In other words, the
end systems maintain the port-number mapping states.
Li, et al. Expires September 8, 2010 [Page 10]
Internet-Draft 1:N Translation March 2010
-----------
.-|Host0 (mdf)| A1/(P%N)+0
------ / -----------
------ |State-| ----- |
/ The \ |less | / An \ | -----------
| IPv4 |--|1:N |---| IPv6 |------|Host1 (mdf)| A1/(P%N)+1
\Internet/ |XLATE | \Network/ | -----------
------ ------ ----- |
|\ -----------
| -|Host2 (mdf)| A1/(P%N)+2
| -----------
|
\ -----------
-|HostK (mdf)| A1/(P%N)+K
-----------
Figure 5: Using Modified IPv6 Hosts
6.2. Using Unmodified IPv6 Hosts in an IPv6 Network
Partial-state translation can be deployed using unmodified IPv6
hosts. These IPv6 hosts are using extended IPv4-translatable
addresses and translator (XLATE) keeps the states for the port-number
mapping.
-----------
.-| Host0 | A1/(P%N)+0
------ / -----------
------ |Partia| ----- |
/ The \ |-state| / An \ | -----------
| IPv4 |--|1:N |---| IPv6 |------| Host1 | A1/(P%N)+1
\Internet/ |XLATE | \Network/ | -----------
------ ------ ----- |
|\ -----------
| -| Host2 | A1/(P%N)+2
| -----------
|
\ -----------
-| HostK | A1/(P%N)+K
-----------
Figure 6: Using Unmodified IPv6 Hosts
6.3. Mixed Environment in an IPv6 Network
In a mixed environment, partial-state translator can be deployed. If
the IPv6 packets contain the port numbers which are not in the range
defined by extended IPv4-translatable addresses, the states will be
Li, et al. Expires September 8, 2010 [Page 11]
Internet-Draft 1:N Translation March 2010
created in the translator. Otherwise, no states created and
maintained in the translator.
7. Security Considerations
There are no security considerations in this document.
8. IANA Considerations
This memo adds no new IANA considerations.
Note to RFC Editor: This section will have served its purpose if it
correctly tells IANA that no new assignments or registries are
required, or if those assignments or registries are created during
the RFC publication process. From the author's perspective, it may
therefore be removed upon publication as an RFC at the RFC Editor's
discretion.
9. Acknowledgments
The authors would like to acknowledge the following contributors in
the different phases of the address-sharing IVI and dIVI development:
Maoke Chen, Yu Zhai, Wentao Shang, Weifeng Jiang and Yuncehng Zhu.
The authors would like to acknowledge the following contributors who
provided helpful inputs: Dan Wing, Fred Baker, Dave Thaler, Randy
Bush and Kevin Yin.
10. References
10.1. Normative References
[I-D.ietf-behave-address-format]
Huitema, C., Bao, C., Bagnulo, M., Boucadair, M., and X.
Li, "IPv6 Addressing of IPv4/IPv6 Translators",
draft-ietf-behave-address-format-04 (work in progress),
January 2010.
[I-D.ietf-behave-dns64]
Bagnulo, M., Sullivan, A., Matthews, P., and I. Beijnum,
"DNS64: DNS extensions for Network Address Translation
from IPv6 Clients to IPv4 Servers",
draft-ietf-behave-dns64-07 (work in progress), March 2010.
Li, et al. Expires September 8, 2010 [Page 12]
Internet-Draft 1:N Translation March 2010
[I-D.ietf-behave-v6v4-framework]
Baker, F., Li, X., Bao, C., and K. Yin, "Framework for
IPv4/IPv6 Translation",
draft-ietf-behave-v6v4-framework-07 (work in progress),
February 2010.
[I-D.ietf-behave-v6v4-xlate]
Li, X., Bao, C., and F. Baker, "IP/ICMP Translation
Algorithm", draft-ietf-behave-v6v4-xlate-10 (work in
progress), February 2010.
[I-D.ietf-behave-v6v4-xlate-stateful]
Bagnulo, M., Matthews, P., and I. Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers",
draft-ietf-behave-v6v4-xlate-stateful-08 (work in
progress), January 2010.
[I-D.xli-behave-dns46-for-stateless]
Li, X. and C. Bao, "DNS46 for the IPv4/IPv6 Stateless
Translator", draft-xli-behave-dns46-for-stateless-02 (work
in progress), February 2010.
[RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
10.2. Informative References
[CERNET] "CERNET Homepage:
http://www.edu.cn/english_1369/index.shtml".
[CNGI-CERNET2]
"CNGI-CERNET2 Homepage:
http://www.cernet2.edu.cn/index_en.htm".
[I-D.xli-behave-ivi]
Li, X., Bao, C., Chen, M., Zhang, H., and J. Wu, "The
CERNET IVI Translation Design and Deployment for the IPv4/
IPv6 Coexistence and Transition", draft-xli-behave-ivi-07
(work in progress), January 2010.
[RFC3849] Huston, G., Lord, A., and P. Smith, "IPv6 Address Prefix
Reserved for Documentation", RFC 3849, July 2004.
[RFC5737] Arkko, J., Cotton, M., and L. Vegoda, "IPv4 Address Blocks
Li, et al. Expires September 8, 2010 [Page 13]
Internet-Draft 1:N Translation March 2010
Reserved for Documentation", RFC 5737, January 2010.
[dIVI] "Test homepage for the dIVI:
http://202.38.97.114:8056/test.html".
Authors' Addresses
Xing Li
CERNET Center/Tsinghua University
Room 225, Main Building, Tsinghua University
Beijing 100084
CN
Phone: +86 10-62785983
Email: xing@cernet.edu.cn
Congxiao Bao
CERNET Center/Tsinghua University
Room 225, Main Building, Tsinghua University
Beijing 100084
CN
Phone: +86 10-62785983
Email: congxiao@cernet.edu.cn
Chris Metz
Cisco Systems, Inc."
3700 Cisco Way
San Jose CA 95134
USA
Phone:
Email: chmetz@cisco.com
Li, et al. Expires September 8, 2010 [Page 14]