Internet DRAFT - draft-matsuhira-oht

draft-matsuhira-oht







Network Working Group                                       N. Matsuhira
Internet-Draft                                                   Neptela
Intended status: Informational                          26 February 2024
Expires: 29 August 2024


                        Outer Header Translator
                         draft-matsuhira-oht-01

Abstract

   Network address translation technology has a convenient aspect,
   however, it has the side effect of breaking end-to-end transparency.
   This document proposes a technology that achieves both network
   address translation and end-to-end transparency.  This technology may
   provide solutions for mobility, migration, multihoming, policy
   routing, etc.

Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 29 August 2024.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors.  All rights reserved.






Matsuhira                Expires 29 August 2024                 [Page 1]

Internet-Draft                     OHT                     February 2024


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Concept of Architecture . . . . . . . . . . . . . . . . . . .   3
   3.  Terminoligy . . . . . . . . . . . . . . . . . . . . . . . . .   4
   4.  Network Configuration . . . . . . . . . . . . . . . . . . . .   4
   5.  OHT Processing  . . . . . . . . . . . . . . . . . . . . . . .   4
     5.1.  Support IP protocol versions  . . . . . . . . . . . . . .   5
     5.2.  Encapsulation / Decapsulation . . . . . . . . . . . . . .   5
     5.3.  OHT Table . . . . . . . . . . . . . . . . . . . . . . . .   5
     5.4.  Address Type  . . . . . . . . . . . . . . . . . . . . . .   6
   6.  Possible Solutions  . . . . . . . . . . . . . . . . . . . . .   7
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   9.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   7
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     10.1.  Normative References . . . . . . . . . . . . . . . . . .   7
     10.2.  Informative References . . . . . . . . . . . . . . . . .   8
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   NAT [RFC1631] was devised as a short-term solution to the exhaustion
   of IPv4 addresses, and is placed at the boundary between a private
   network (Intranet) built using private addresses [RFC1597] and the
   Internet.  Communication closed to the intranet is made possible by
   using private addresses.  A global address is required only for hosts
   communicating with the Internet, and this is achieved by NAT
   performing address translation.This technology supported the
   expansion of the Intranets and the Internet.

   After that, technology was developed that allows multiple hosts to
   share a single global IPv4 address.  This technology is called NAPT
   (Network Address Port Translation).  This technology was primarily
   used in SOHO (small office/home office) networks and supported the
   expansion of SOHO networks and the Internet.






Matsuhira                Expires 29 August 2024                 [Page 2]

Internet-Draft                     OHT                     February 2024


   On the other hand, 8+8/GSE [I-D.ietf-ipngwg-gseaddr] was proposed in
   the early stages of the IPv6 discussion.  This proposal involves
   translating the prefix part of the IPv6 address.  Therefore, it has
   the side effects of NAT.  As a result, there was a lot of discussion.
   Note that this has nothing to do with IPv4 address exhaustion.

   Furthermore, as for the transition technology from IPv4 to IPv6,
   technologies that involve address translation such as NAT-PT
   [RFC2766] were considered, but this is also a technology similar to
   NAT and has a lot of discussion.

   Internet Transparency is summarized in RFC2775 [RFC2775].

2.  Concept of Architecture

   End-to-end transparency can be maintained by encapsulating packets
   generated by the host and subjecting only the encapsulated outer IP
   header to address translation.  That is, internal packets must not be
   translation.

   Figure 1 shows encapsulation.  IP Encapsulation within IP is
   described in RFC2003 [RFC2003].

                                          +-------------------------+
                                          |                         |
                                          |     Outer IP Header     |
                                          |                         |
        +-------------------------+       +-------------------------+
        |                         |       |                         |
        |        IP Header        |       |        IP Header        |
        |                         |       |                         |
        +-------------------------+ ====> +-------------------------+
        |                         |       |                         |
        |                         |       |                         |
        |        IP Payload       |       |        IP Payload       |
        |                         |       |                         |
        |                         |       |                         |
        +-------------------------+       +-------------------------+

                                  Figure 1

   Typically, the destination IP address in the outer header is the
   address of the tunnel endpoint.  However, in this concept, the outer
   header is a copy of the inner header.  If the outer header is not
   translated, the outer header remains the same as the internal header.
   After encapsulation, the outer header of the packet is subject to
   translate.




Matsuhira                Expires 29 August 2024                 [Page 3]

Internet-Draft                     OHT                     February 2024


3.  Terminoligy

   This section defines terminologies.

   Outer Header Translator
      Refers to the device or processing module that performs this
      processing.

   Outer Header Translation
      Show the method.

   Outer Header Translation Table
      Outer Header Translation Table

   Outer Header Translation Relay
      Indicates communication via one or more Outer Header Translators

   Outer Header Translation Domain
      Indicates a domain using OHT.

4.  Network Configuration

   This section describes network configuration with OHT.

   Figure 2 shows sample network configuration with OHT.

                 ~~~~~~~~~~                  ~~~~~~~~~
   +-------+    /   IP    /    +-------+    /   IP    /    +-------+
   |  OHT  |----/ Network /----|  OHT  |----/ Network /----|  OHT  |
   +----+--+    /         /    +-------+    /         /    +--+----+
        |       ~~~~~~~~~~~                 ~~~~~~~~~~        |
   ---+-+----                                             ----+-+---
      |                                                         |
   +--+---*                                                 +---+--*
   | HOST |                                                 | HOST |
   +------*                                                 +------*

                                  Figure 2

   Typically, OHT is implemented in a router.  Encapsulation and
   decoupling are also implemented in routers.  However, other
   implementations are possible.  For example, encapsulation and
   decapsulation may be implemented in the host.

5.  OHT Processing






Matsuhira                Expires 29 August 2024                 [Page 4]

Internet-Draft                     OHT                     February 2024


5.1.  Support IP protocol versions

   Figure 3 shows possible IP protocol versions, i.e. IPv4 [RFC791] and
   IPv6 [RFC8200]combinations.

     +---------------------------+----------------------------+
     |  Outer IP Header Version  | Inner IP Protocol Version  |
     +---------------------------+----------------------------+
     |                           |     IPv6                   |
     |           IPv6            +----------------------------+
     |                           |     IPv4                   |
     +---------------------------+----------------------------+
     |                           |     IPv6                   |
     |           IPv4            +----------------------------+
     |                           |     IPv4                   |
     +---------------------------+----------------------------+

                                  Figure 3

   There are four combinations, and dealing with all of them would be
   complicated.  Therefore, it would be good if the Outer IP Header
   could be limited to IPv6 only.

5.2.  Encapsulation / Decapsulation

   In this concept, the outer header is a copy of the inner header.

   In this concept, the outer header is essentially a copy of the inner
   header.  According to this, the possible combinations of IP protocol
   versions are IPv6 over IPv6 and IPv4 over IPv4.  If it is assumed
   that it will be applied to an IPv6 only backbone, accommodation of
   IPv4 will be possible with IPv6 over IPv6 over IPv4.  In this case,
   the IPv6 Addresses with Embedded IPv4 Addresses can be used as the
   IPv6 address in the internal IPv6 header.

   If support for IPv4 private addresses, M46A [I-D.matsuhira-m46a]
   might be useful.

5.3.  OHT Table

   Figure 4 shows the structure of OHT table.










Matsuhira                Expires 29 August 2024                 [Page 5]

Internet-Draft                     OHT                     February 2024


+------+------+------+------+------+------+------+------++------+------+
| Inner| Inner| Inner| Inner| Inner| Inner| Inner| Outer|| Next | Next |
| Src  | Src  | dst  | dst  | Next | src  | dst  | Src  || Outer| Outer|
| IP   | IP   | IP   | IP   | Hdr  | port | port | IP   || Src  | Dst  |
| addr | mask | addr | mask |      |      |      | addr || IP   | IP   |
|      |      |      |      |      |      |      |      || addr | addr |
+------+------+------+------+------+------+------+------++------+------+
|      |      |      |      |      |      |      |      ||      |      |
+------+------+------+------+------+------+------+------++------+------+
|      |      |      |      |      |      |      |      ||      |      |
+------+------+------+------+------+------+------+------++------+------+
|   :  |   :  |   :  |   :  |   :  |   :  |   :  |   :  ||   :  |   :  |
|   :  |   :  |   :  |   :  |   :  |   :  |   :  |   :  ||   :  |   :  |
+------+------+------+------+------+------+------+------++------+------+

                               Figure 4

   The table may contain Traffic Class and Flow Label.

5.4.  Address Type

   Figure 5 shows possible address type [RFC4291] combinations for outer
   header destination addresses and inner header destination addresses
   are shown.

   +------------------------------------------------------------+
   |  outer header              +---------+---------+-----------+
   |                            | unicast | anycast | multicast |
   |                            | address | address | Address   |
   |                            | Global  |         |           |
   +-+-----------+--------------+---------+---------+-----------+
   |i| unicast   | Global       |    o    |    o    |    ?      |
   |n| address   +--------------+---------+---------+-----------+
   |n|           | Embedded IPv4|    o    |    o    |    ?      |
   |e|           +--------------+---------+---------+-----------+
   |r|           | Link-Local   |    x    |    x    |    x      |
   | |           +--------------+---------+---------+-----------+
   |h|           | Unique Local |    o    |    o    |    ?      |
   |d+-----------+--------------+---------+---------+-----------+
   |r| anycast address          |    o    |    o    |    ?      |
   | +--------------------------+---------+---------+-----------+
   | | multicast address        |    o    |    o    |    o      |
   +-+--------------------------+---------+---------+-----------+

                                  Figure 5






Matsuhira                Expires 29 August 2024                 [Page 6]

Internet-Draft                     OHT                     February 2024


6.  Possible Solutions

   OHT provides solutions for mobility, migration, multi-homing, policy
   routing, service function chaining, etc.  More details will be
   provided in the future versions.

7.  IANA Considerations

   This document makes no request of IANA.

   Note to RFC Editor: this section may be removed on publication as an
   RFC.

8.  Security Considerations

   IPsec for internal packets works because internal packets are
   forwarded unchanged.

9.  Acknowledgements

   It may be listed in the future.

10.  References

10.1.  Normative References

   [I-D.matsuhira-m46a]
              Matsuhira, N., "Multiple IPv4 - IPv6 mapped IPv6 address
              (M46A)", Work in Progress, Internet-Draft, draft-
              matsuhira-m46a-15, 3 October 2023,
              <https://datatracker.ietf.org/doc/html/draft-matsuhira-
              m46a-15>.

   [RFC2003]  Perkins, C., "IP Encapsulation within IP", RFC 2003,
              DOI 10.17487/RFC2003, October 1996,
              <https://www.rfc-editor.org/info/rfc2003>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC4291]  Hinden, R. and S. Deering, "IP Version 6 Addressing
              Architecture", RFC 4291, DOI 10.17487/RFC4291, February
              2006, <https://www.rfc-editor.org/info/rfc4291>.






Matsuhira                Expires 29 August 2024                 [Page 7]

Internet-Draft                     OHT                     February 2024


   [RFC791]   Postel, J., "Internet Protocol", STD 5, RFC 791,
              DOI 10.17487/RFC0791, September 1981,
              <https://www.rfc-editor.org/info/rfc791>.

   [RFC8200]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", STD 86, RFC 8200,
              DOI 10.17487/RFC8200, July 2017,
              <https://www.rfc-editor.org/info/rfc8200>.

10.2.  Informative References

   [I-D.ietf-ipngwg-gseaddr]
              O'Dell, M. D., "GSE - An Alternate Addressing Architecture
              for IPv6", Work in Progress, Internet-Draft, draft-ietf-
              ipngwg-gseaddr-00, 24 February 1997,
              <https://datatracker.ietf.org/doc/html/draft-ietf-ipngwg-
              gseaddr-00>.

   [RFC1597]  Rekhter, Y., Moskowitz, B., Karrenberg, D., and G. de
              Groot, "Address Allocation for Private Internets",
              RFC 1597, DOI 10.17487/RFC1597, March 1994,
              <https://www.rfc-editor.org/info/rfc1597>.

   [RFC1631]  Egevang, K. and P. Francis, "The IP Network Address
              Translator (NAT)", RFC 1631, DOI 10.17487/RFC1631, May
              1994, <https://www.rfc-editor.org/info/rfc1631>.

   [RFC2766]  Tsirtsis, G. and P. Srisuresh, "Network Address
              Translation - Protocol Translation (NAT-PT)", RFC 2766,
              DOI 10.17487/RFC2766, February 2000,
              <https://www.rfc-editor.org/info/rfc2766>.

   [RFC2775]  Carpenter, B., "Internet Transparency", RFC 2775,
              DOI 10.17487/RFC2775, February 2000,
              <https://www.rfc-editor.org/info/rfc2775>.

Author's Address

   Naoki Matsuhira
   Neptela
   Japan
   Email: matsuhira.ietf@gmail.com









Matsuhira                Expires 29 August 2024                 [Page 8]