Internet DRAFT - draft-yujia-zhiyfang-divi-icmp-extension
draft-yujia-zhiyfang-divi-icmp-extension
Network Working Group K.Fang
Internet Draft Yu Jiang
Document: draft-yujia-zhiyfang-divi-icmp-extension-00.txt Nov 2011
Expires: May 2012 Cisco Systems
Extended ICMP to support 1:N NAT64
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at
any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May, 2012.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions
Relating to IETF Documents (http://trustee.ietf.org/license-info)
in effect on the date of publication of this document. Please
review these documents carefully, as they describe your rights and
restrictions with respect to this document.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC-2119].
K.Fang Y.Jiang Expires May 2012 [Page 1]
�
Internet-Draft Extended ICMP to support 1:N NAT64 Nov 2011
Abstract
This memo defines the ICMP mechanism for Dual-Stateless Ipv4/Ipv6
Translation(dIVI)
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . .3
1.1. Motivation. . . . . . . . . . . . . . . . . . . . . . . .3
2. Definition & implementation . . . . . . . . . . . . . . . . . .3
2.1. ICMP Identifier modification on CPE/Host. . . . . . . . .3
2.2. ICMP Identifier proccess on 1:N Translator . . . . . . . . .4
2.2. Detailed flow example . . . . . . . . . . . . . . . . . . .4
3. Security Considerations . . . . . . . . . . . . . . . . . . . .5
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . .5
5. Reference . . . . . . . . . . . . . . . . . . . . . . . . . . .5
K.Fang Y.Jiang Expires May 2012 [Page 2]
�
Internet-Draft Extended ICMP to support 1:N NAT64 Nov 2011
1. Introduction
This section explains the reasoning for ICMP extension to support
Dual-Stateless Ipv4/Ipv6 Translation(dIVI).
1.1. Motivation
Dual-Stateless Ipv4/Ipv6 Translation(dIVI) proposal to share Ipv4 ports
with multiple Ipv6 hosts which shown in the following figure.
---------------------------------
-----|IPv4-translatable.0#port-range.0 |
/ ---------------------------------
/ ---------------------------------
|--------|IPv4-translatable.1#port-range.1 |
| ---------------------------------
-------------------- | ---------------------------------
| IPv4-addr#any ports|-----------|IPv4-translatable.2#port-range.2 |
-------------------- | ---------------------------------
| ---------------------------------
|--------|IPv4-translatable.3#port-range.3 |
| ---------------------------------
\ ...
\ ---------------------------------
-----|IPv4-translatable.K#port-range.K |
---------------------------------
...
When an Ipv4 ICMP packet send to the translator, it need an identifier
to mapping to the Ipv6 hosts.
2. Definition & implementation
2.1 ICMP Identifier modification on CPE/Host
.-------|Host0| A1/(P%N)+0
/
------ ----- |
/ The \ ------ / An \ |
| IPv4 |--|1:N |---| IPv6 |------------|Host1| A1/(P%N)+1
\Internet/ |XLATE | \Network/ |
------ ------ ----- |
|\
| -------|Host2| A1/(P%N)+2
|
|
\
-------|HostK| A1/(P%N)+K
CPE/Host MUST only use the value in Port-Range as Identifier field. If
a CPE between Host and Xlate, CPE need dynamic allocate the Identifier
K.Fang Y.Jiang Expires May 2012 [Page 3]
�
Internet-Draft xtended ICMP to support 1:N NAT64 Nov 2011
in the Port-Range , and the CPE also request use stateful translation
table to maintain the Identifier mapping.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+-
2.2 ICMP Identifier proccess on 1:N Translator
1:N Translator Device need use this identifier mapping to the
Port-Set-id and distribute the ICMP message.
If an Host/CPE send ICMP message with wrong identifier the drop the
message and init a new type of ICMPv6 dIVI Error Port-Range
Correction Message which defined in draft <dIVI Port error handling
and range allocation[2].
2.3 Detailed flow example
+-+ IPv4 +---+ IPv6 Transit Core +--+ IPv4 +-+
|S|-->--//-->--|CPE|=====>=====/R2/=====>=====|R3|-->--//-->--|D|
+-+ +---+ +--+ +-+
IVI 1:1 xlate 1:N IVI xlate
--------------->
ICMP Echo
Identifier = 1234
* CPE get-ID in Port-range, allocate *
* Mapping Table, eg: 1234<--->129 *
------------------------------>
ICMP Echo
Identifier = 129
------------------>
ICMP Echo
Identifier = 129
<------------------
ICMP Echo Reply
Identifier = 129
* IVI Xlate does ICMP Identifier *
* Based Forward *
<------------------------------
ICMP Echo Reply
Identifier = 129
<--------------- * CPE Check Mapping table modify to 1234 *
ICMP Echo Reply
Identifier = 1234
K.Fang Y.Jiang Expires May 2012 [Page 4]
�
Internet-Draft Extended ICMP to support 1:N NAT64 Nov 2011
If multiple hosts behind CPE execution Ping in the same time , CPE
MUST use different Identifier mapping to different ICMP instance.
3. Security Considerations
It's same as general ICMPv6 security considerations, See RFC4443
Section 5.
4. IANA Considerations
This memo adds no new IANA considerations.
5. References
[1] C. Bao , X. Li, et.al "dIVI: Dual-Stateless IPv4/IPv6
Translation", draft-xli-behave-divi-03, July.2011
[2] K. Fang "dIVI Port error handling and range allocation"
draft-zhiyfang-divi-icmp-00.txt, Nov.2011
Authors' Addresses
Kevin Fang
Cisco Systems
EMail: zhiyfang@cisco.com
Yu Jiang
Cisco Systems
EMail: yujia@cisco.com
K.Fang Y.Jiang Expires May 2012 [Page 5]
