Port Restricted IP Address Assignment - PowerPoint PPT Presentation

Port Restricted IP Address Assignment draft-bajko-v6ops-port-restricted-ipaddr-assign Gabor Bajko (Nokia) Teemu Savolainen (Nokia) Softwires WG meeting @ IETF#73 1

Intended usage scenarios � Managed and tightly controlled networks Generally for networks where host support for specific features can be � mandated – e.g. via requirements or certification Cellular networks in particular, where large number of hosts need simple � IPv4 connectivity for few applications and which are increasingly always-on IP connected � Intended to be mainly used on point-to-point Physical access links (L2) : e.g. 3GPP IPv4 EPS bearer, WMF IPv4 CS � IPv4-over-IPv6 tunneled access links (L3) : � � Over: IPv6 clouds, IPv6 PPP, IPv6 EPS bearer, etc. � Usage to be restricted to avoid interference with current internet connectivity practices � On demand allocation at DHCP request time 2

Physical point-to-point links with or w/o IPv6 DHCP server with pool of public IPv4 addresses for allocation as port restricted addresses. hosts Network pow full IPv4 addresses are always routed to Gateway (that then multiplexes to hosts) : net work large n core : a Border Rout er Gat eway Point-to-Point links where DHCP is used over L2 DS I nt ernet - IPv4-only - Native Dual-stack e.g. 1) 3GPP IPv4 or DS type of EPS bearer 3 2) WiMAX IPv4 CS or Ethernet CS

Tunneled point-to-point IPv4-over-IPv6 links DHCP server with pool of public IPv4 addresses for allocation as port restricted addresses. hosts Network pow full IPv4 net work addresses are always routed core to Gateway (that then multiplexes to hosts) : large n : a Tunnel Gat eway Border Rout er Endpoint Gat eway IPv4-over-IPv6 tunnels on IPv6-only DS I nt ernet point-to-point links, e.g. 3GPP IPv6 type of EPS bearer, or WiMAX IPv6 CS Transparent for Gateway 4

About gateway functionality � Gateway has a pool of public IPv4 addresses � Gateway can also act as a NAT for legacy hosts (CGN) � Gateway allocates port-restricted IPv4 addresses and multiplexes based on ports � Same stands for both first hop Gateway and Tunnel Endpoint Gateway � Gateway handles fragments (multiplexing needs the port information) 5

Gateway multiplexing tables � For physical link scenario Point-to-point link Public address + port range Link 1 129.0.0.1 / 5000-5999 Link 2 129.0.0.1 / 6000-6999 � For IPv4-over-IPv6 tunneled link scenario with DS-Lite Point-to-point tunnel Public address + port (range) Softwire 1/10.0.0.1/TCP 10000 129.0.0.1 / TCP 5000 Softwire 2 129.0.0.1 / 6000-6999 � The same table for both translation and tunnel multiplexing 6

CGN allocating port-restricted IPv4 addresses in DS-Lite environment 192.168.0.1 192.0.2.1 IPv6 address: v4v6 2002:1::1 anycast, provisioned, v4v6 via DHC Pv6 option, Legacy IPv4 device DS C GN DS RA… IPv6 IPv6 Tunneling C PE 192.168.0.1 Internet Internet IPv6 IPv6 v4- 2002:2::2 v4- Intranet NAT Intranet only only Legacy IPv4 device Tunneling C PE Tunnel IPv4 Endpoint IPv4 192.0.2.1:6000-6999 Internet Gatew ay 6 v P Internet - I r e v o - 4 P v I 2002:3::3 x � 1 4 Y � 2 Updated device connected directly Illustrative mappings on C GN: to Internet Internal External _ (2002:1::1 * 192.168.0.1:5555) � 192.0.2.1:1234 (2002:2::2 * 192.168.0.1:5555) � 192.0.2.1:1235 7 � 192.0.2.1:6000-6999 (2002:3::3)

Port-restricted IPv4 addresses and DS-Lite coexistence � DS-Lite CGN to support port-restricted IPv4 address allocation Enables benefits for modified hosts (NAT-less functionality) � Decreases CGN load � Enables more customer control if NAT is in host/CPE instead of CGN � � Port multiplexing efficiency as a configurable parameter: When 0 ports are configured available for static reservation by hosts => � CGN-only functionality When 64k ports configured available for static reservation => basically � dynamic IPv4-over-IPv6 tunneling solution � If the allocated port-range for hosts is very small, hosts could utilize port-restricted addresses and CGN in parallel: Class of applications would utilize CGN, e.g. HTTP applications with � significant but short-lived port usage Class of always-on applications could utilize port-restricted IP � addresses to avoid NAT keep-alives and for P2P communication (e.g. 8 VoIP)

NAT in a Host � Port-Restricted IP address can be hidden from the users/applications by implementing an internal NAT � Looks just the same as NAT in CPE or CGN � Provides a distributed NAT functionality, with the NAT functionality moved from the network to the end host + Allows of local optimizations for NAT traversal + Continued support for NAT control protocols 9

Host and Network behavior � Host includes new DHCP option ( OPTION-IPv4-RPR ) to indicate capability for port-restricted IP addresses � On reception of OPTION-IPv4-RPR DHCP server may offer OPTION-IPv4-OPR and set ‘yiaddr’ as ‘0.0.0.0’ to ensure client does not configure full IP address: � On absence of OPTION-IPv4-RPR server shall allocate full public/private IP address, or as last resort force OPTION-IPv4-OPR for client 10

Next steps � Analyze issues with protocols not using port numbers, such as certain ICMP messages � Some firewalls disallow ICMP passage already today, so what is the damage caused by not supporting messages such as ICMP echo as messages such as ICMP errors would continue to work? � Discuss topic on behave and softwires WGs � Seek synergies with other proposals such as Dual-Stack Lite 11