Internet-Draft Kuniaki Kondo Expiration Date: September 2002 IIJ March 2002 Network Address Translation with Sub-Address(NATS) Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026 except that the right to produce derivative works is not granted. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. 1. Abstract Networks which are using IPv4 addresses are using the address translation technologies such as NAT[1] at end-networks for various reasons. However, those technologies sometimes prevent two-way transparently communications. This document will define a way to enhance address translation technologies such as NAT. This way will be able to communicate transparently by adding a sub-address to IPv4. This enhancement will be called 'NATS'(Network Address Translation with Sub-Address) in this document. Kuniaki NATS [Page 1] Internet-Draft November 2001 2. Overview This enhancement has the following two advantages: a) The use of NATS is limited to use for end-networks which are usually connected by NAT router. b) The use of NATS will be easier to implement for a router and a host. Implementation of the NATS needs minor changes for application softwares and network equipments including dial-up routers which are connected to end-networks. This enhancement adds 16 bits of sub-address space for each IPv4 address. This sub-address space is added to the IPv4 option header. The option header includes a source sub-address field and a destination sub-address field. When a host or a router which do not support the NATS receive a NATS supported packet, these packets will be ignored without supporting the NATS. In this way, when the NATS is implemented, the NATS supported equipments maintains interoperability with the NATS non-supported equipments. 3. The Range of Sub Address The sub-address has 16 bits of address space and it can use from 0 to 65535. However, the following sub-address is reserved. 0x0000: Unknown Sub Address(USA) 4. NATS Data Communication NATS data communication is done using a packet which is added NATS IP option header. The NATS packets will be identified by checking the IPv4 Option header. However, a backbone router which is connected by a high-bandwidth line don't care about the NATS option. In the following this document will define behavior of a router and a host, when they receive the NATS supported and non-supported packets. Following is the NATS IP Option Header Format Copied Flag : copied : 1 Option Class : Control : 0 Option Number : Not Defined : N/A Kuniaki NATS [Page 2] Internet-Draft November 2001 Option Length : Fixed : 8 Octets 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 100nnnn | 00001000 | N/C | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ N/C: Not Care: This field is filled out 0x00. 5. NATS Controling Information NATS defines a interface for communicating NATS controling information. It is used for exchanging a sub-address information between a NATS router and a host, and other information related to NATS. - NATS router interface NATS router MUST support the NATS controling interface. For communicating the infomation, It uses UDP packets. NATS router MUST wait UDP port NN for receiving these packets. - NATS client NATS clients such as PCs SHOUD NOT support the NATS controling interface. Following is the format for communicating NATS controling information. - NATS Control Port Encording 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Field: Type field is used for identifing what kind of data is included in data field. The detail of this field is desribed in a below section. Kuniaki NATS [Page 3] Internet-Draft November 2001 6. Function of NATS controling information The type field specifies the type number of the data field. The type number describes: 0: Reserve 1: Sub-Address Discovery This message is used for getting sub-address information from NATS router or binding information between sub-address and private IP address. This message is sent to NATS router by a host which is placed in local network. NATS router MUST NOT distinguish that sender host supports NATS protocol when the NATS router receive this message. The format of this message is below. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Error Num. | SA | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type number is 1. Error Numbers are below. 0x00 : No Error 0x01 : Unknown IP Address 0x02 : Unknown Sub-Address When NATS router received this massage, it MUST process following actions in accordance with information of SA field and IP address field. - SA = 0x00(USA) / IP Address = 0.0.0.0 NATS router searches local table for sub-address using source IP address of received packet. And, NATS router reply a packet which contains searched sub-address in SA field and source IP address in IP address field. If NATS router fail to search, NATS router reply a packet which contains 0x01(Unknown IP address) in Error Number field. Kuniaki NATS [Page 4] Internet-Draft November 2001 - SA != 0x00(USA) / IP Address = 0.0.0.0 NATS router searches local table for IP address using sub-address in SA field of received packet. And, NATS router reply a packet which contains IP address in IP Address field. If NATS router fail to search, NATS router reply a packet which contains 0x02(Unknown Sub-Address) in Error Number field. - SA = 0x00(USA) / IP Address != 0.0.0.0 NATS router searches local table for sub-address using IP address in IP address field of received packet. And, NATS router reply a packet which contains sub-address in SA field. If NATS router fail to search, NATS router reply a packet which contains 0x01(Unknown IP address) in Error Number field. Expire time for this request is optional. However, this time MAY set 30 seconds for default. 2: Sub-Address Response This message uses for getting IP address which is assigned to interface of NATS router. NATS router MUST NOT distinguish that sender host supports NATS protocol when the NATS router receive this message. This message mostly uses for getting IP address which is assigned to WAN interface. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | I/F Num. | Error Num. | N/C | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Number is 2. Both request and reply message use same format. In request message, error number and IP address field SHOULD be cleared by '0'(zero). I/F number field contains arbitrary interface number. Generally, this interface number is same as SNMP interface number. Reply message MUST be contained all fields appropriately. Error number field contains error number. When NATS router can not reply appropriate message, NATS router contains Kuniaki NATS [Page 5] Internet-Draft November 2001 following error numbers in this field. 0: No Error 1: I/F Not Available A interface which is specified by interface number field is not available. 2: I/F Not Enabled A interface which is specified by interface number field is not enabled because the interface is shutdowned. 3: I/F Not Active A interface which is specified by interface number field is not active because the interface does not connect by dial-up and does not assigned IP address. 4: System Error Other errors If error 1 to 4 causes, IP address field contains '0'(zero). 3: Reserve 7. Address Expression - Dynamically address expression !example.com will be described in decimal. For future reference: When the host doesn't support the NATS, to resolve the name by DNS, FQDN is used "!example.com". In this case, "!example.com" is registered to DNS 'A' record, the host can resolve the gateway IPv4 address which is used by the destination network. This is not a substantial improvement. However, from the making connection by best effort point of view, it is important. Therefore, the author suggests that the NATS host registers to DNS in this way. - By name expression Address resolution with the sub-address is done by normal DNS resolution. When the host resolve sub-address, it refers to the HINFO resource record. The HINFO resource record format is following: hostname HINFO "/SUBA:!/" "" Kuniaki NATS [Page 6] Internet-Draft November 2001 In this format, from '/SUBA:' to '/' describes the sub-address and IP Address. Excepting this format is ignored. This format should be identified and placed anywhere in the HINFO resource record. Actually, the HINFO resource record has two fields, 'CPU Information' and 'OS Information'. This format should be identified on either field. When there are two or more sub-address statements, the first statement will be identified. The host can resolve the sub-address to refer HINFO resource record of DNS by hostname. 8. Equipment behavior 8.1 Hosts When a host sends a request packet to make connection, if the following criterias are matched, then the host has to add the NATS option header. 1. An application specifies a destination sub-address using the way of described in section 7 except that the destination sub-address is USA. 2. An application specifies a destination sub-address using the dynamically address expression. A host has to reply using NATS packet when the host receives a NATS packet to make connection. However, if a NATS supported host is not assigned sub-address, then the host never send NATS packets. 8.2 Routers 8.2.1 Function of the NATS routers The NATS router have to keep a sub-address table. It records local IP addresses for sub-address. When SSA value of received a NATS supported packet from connected network is not match with the sub-address table in the router, the router processes the packets as the received packets is correct. 8.2.2 Mechanisms of DNS query hooking by NATS routers A NATS router SHOULD be implemented mechanism what the router hooks Kuniaki NATS [Page 7] Internet-Draft November 2001 DNS queries from local network. The purpose of this mechanism is when a NATS non-supported host is connected on local network, a NATS router helps that the NATS non-supported host can connect to a NATS supported host using NATS protocol. This mechanism is described in below. 1. A NATS supported router MUST hook DNS queries from local network. The host which is connected on local network may be configured that DNS is the NATS router ideally. If the host is not configured, then the NATS router should also hook DNS query. 2. When the NATS router receives DNS query to search A RR, its query MUST be hooked and send a query to actual DNS instead of the localhost. At this time, the NATS router requests to search both of A RR and HINFO RR. If the NATS router receives a DNS query that it requests to search direct sub-address expression as "!", then the NATS router do not search HINFO RR. However, the NATS router search only A RR, and the NATS router identifies that a destination host supports NATS protocol, and this process skips to 4 in below. 3. If the NATS router can get HINFO RR and IP address and sub-address describes in HINFO RR, the NATS router identifies the object of the query as the NATS supported host. 4. If the NATS router identifies the object of the query as the NATS supported host by the answer of DNS query, the NATS router assigns a virtual IP address which should be configured as NATS spool address in NATS router for the object, and store a pair of the real IP address, sub-address and virtual IP address. Next, the NATS router answers A RR and HINFO RR to local host. However, this A RR contains virtual IP address. 5. A NATS non-supported host will try to connect using virtual IP address, when the host communicates with a host which is connected global address network. When the NATS router receives those packets, it translates virtual IP address into global IP address to refer the table which is stored in the NATS router. And next, the NATS router sends the translated packet to global address network. Furthermore, the NATS router has to translate source IP address in a return packet from a destination host into the virtual IP address. Following pictures describe flows which was explained in this section. Kuniaki NATS [Page 8] Internet-Draft November 2001 Case 1: Normal Case NATS non-support host NATS Router DNS Host A (Local Network) | | | | |DNS Query:Host A |DNS Query: | | |---------------------->| 'A'/'HINFO' RR | | | |---------------------->| | | | | | | | DNS Answer | | | | HINFO = | | | | '/SUBA:100!10.0.0.1/'| | | |<----------------------| | | DNS Answer(Assigned) | | | | A = 172.0.0.1 | | | | HINFO = | | | | '/SUBA:100!10.0.0.1/'| | | |<----------------------| | | | | | |Dest = 172.0.0.1 | | |Src = 192.168.0.1 | | |---------------------->|Dest = 100!10.0.0.1 | | |Src = 50!192.168.100.1 | | |---------------------------->| | | | | |Dest = 50!192.168.100.1 | | |Src = 100!10.0.0.1 | | |<----------------------------| |Dest = 192.168.0.1 | | |Src = 172.0.0.1 | | |<----------------------| | | | | Kuniaki NATS [Page 9] Internet-Draft November 2001 Case 2: Pre-Specified Case NATS non-support host NATS Router DNS Host A (Local Network) | | | | |DNS Query:Host A | | | |(100!example.com) | | | |---------------------->|DNS Query: 'A' RR | | | |---------------------->| | | | | | | | DNS Answer | | | | A = 10.0.0.1 | | | |<----------------------| | | DNS Answer(Assigned) | | | | A = 172.0.0.1 | | | |<----------------------| | | | | | | |Dest = 172.0.0.1 | | |Src = 192.168.0.1 | | |---------------------->|Dest = 100!10.0.0.1 | | |Src = 50!192.168.100.1 | | |---------------------------->| | | | | |Dest = 50!192.168.100.1 | | |Src = 100!10.0.0.1 | | |<----------------------------| |Dest = 192.168.0.1 | | |Src = 172.0.0.1 | | |<----------------------| | | | | 8.2.3 Behavior of the NATS router - When the NATS router receives the NATS supported packet from the WAN interface, it refers to the internal sub-address table and the packet will be sent to appropriate host which is placed in the local network. When the NATS router transfers the packet, the NATS router MUST NOT change a contents of NATS option header. If destination host which is defined in the DSA field can not be found in the sub-address table, then it should send an ICMP_UNREACH/ICMP_UNREACH_HOST_UNKNOWN message to the source host. - When the NATS router receives the NATS non-supported packet from the WAN interface, the packet will be sent to a default host. When Kuniaki NATS [Page 10] Internet-Draft November 2001 the default host is not configured, the router send ICMP_UNREACH/ICMP_UNREACH_HOST_UNKNOWN message to the source host. - When the NATS router receives the NATS supported packet from the LAN interface, the packet will be sent to the destination host without changing the packet. At this time, the router has to change the IPv4 source address to the WAN interface IP address. - When the NATS router receives the NATS non-supported packet from the LAN interface, the router refers to the sub-address table and SSA change to referred sub-address and DSA change to USA and sent the packet. This SSA value has to reserved in the NATS router. If this reserve address do not configured, then the NATS router should send an ICMP_UNREACH/ICMP_UNREACH_HOST_UNKNOWN message to the source host. 9. Recommendations of implementation This protocol requires to implement to a gateway router between local network and global network and a host. However, to implement this protocol to those devices are difficult. Therefore, this section explains a way of light implementation. First, Following devices have to implement NATS. 1. Gateway routers that are placed between local network as assigned private addresses every host and global network as assigned global addresses. 2. Hosts that are placed on global network as assigned global addresses. Secondly, following functions which is described in this document don't have to implement. Those functions is recommended to implement. 1. Sub-Address Discovery 2. Get I/F Address 10. IANA Considerations The Type Field value 0 - 3 are assigned in this document. Type Field value 4 - 127 for extended-type are to be assigned by IANA, using the "First Come First Served" policy defined in RFC2434. Type values 128 - 255 for extended types are for vendor-specific types, and values in this range are not to be assigned by IANA. Kuniaki NATS [Page 11] Internet-Draft November 2001 11. Acknowledgements Thanks to Toshiya Asaba, Ikuo Nakagawa, Ryo Shimizu, Kiyoshi Ishida, Tomokazu Takizawa, Masahiko Tsuda, Junichi Watanabe and Susan Harris for their comments. REFERENCES [1] P. Srisuresh and M. Holdrege "IP Network Address Translator (NAT) Terminology and Considerations", RFC2663, August 1999 Authors' Address Kuniaki Kondo IIJ, Inc. 3-13 Kanda, Nishiki-Cho, Chiyoda-ku, Tokyo, Japan Email: kuniaki@iij.ad.jp Appendix 1: Implementations Current NATS implementations are below. - Linux NATS for RedHad Linux will be released in March for trial. This NATS function is NATS router and NATS host. - Products - IIJ/SEIL - SOHO Router (SCHEDULED) Appendix 2: Mainling Linst - Mailing list nats@nats-project.org - Web Page http://www.nats-project.org/ Kuniaki NATS [Page 12] Internet-Draft November 2001 Full Copyright Statement Copyright (C) The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Kuniaki NATS [Page 13] -- Kuniaki Kondo kuniaki@iij.ad.jp NATS Page : http://www.nats-project.org/