Network Working Group X. Li Internet-Draft C. Bao Intended status: Informational G. Han Expires: June 26, 2015 CERNET Center/Tsinghua University W. Dec Cisco Systems December 23, 2014 MAP Interoperability Testing Results draft-xli-softwire-map-testing-05 Abstract This document presents the testing results of a unified code accommodating encapsulation and translation modes of Mapping of Address and Port (MAP). Experiments show that the unified MAP CE is not only supporting MAP-E and MAP-T modes, but also backward compatible with AFTR of dual-stack lite and stateless/stateful NAT64. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on June 26, 2015. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must Li, et al. Expires June 26, 2015 [Page 1] Internet-Draft MAP Interoperability Testing Results December 2014 include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Testing Topology . . . . . . . . . . . . . . . . . . . . 2 2. MAP specifications . . . . . . . . . . . . . . . . . . . . . 3 2.1. Mapping Rules and the Address Formats . . . . . . . . . . 3 2.2. Port Mapping Algorithm . . . . . . . . . . . . . . . . . 4 2.3. Forwarding Modes . . . . . . . . . . . . . . . . . . . . 4 2.4. Implementation . . . . . . . . . . . . . . . . . . . . . 4 3. MAP Testing . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1. MAP-T . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.2. MAP-E . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.3. 1:1 mode MAP-T/MAP-E . . . . . . . . . . . . . . . . . . 6 3.4. Mixed MAP-T/MAP-E . . . . . . . . . . . . . . . . . . . . 7 4. Backward Compatibility Testing . . . . . . . . . . . . . . . 8 4.1. AFTR of dual-stack lite . . . . . . . . . . . . . . . . . 8 4.2. NAT64 with double translation . . . . . . . . . . . . . . 8 5. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 9 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 9. Normative References . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 1. Introduction Generic mechanism for mapping between an IPv4 prefix, address or parts of thereof, and transport layer ports and an IPv6 prefix or address with translation mode and encapsulation mode are specified in [I-D.ietf-softwire-map-t] [I-D.ietf-softwire-map]. This document presents testing results of a unified code containing translation and encapsulation modes of Mapping of Address and Port (MAP). The backward compatibility of MAP CE with AFTR of dual-stack lite and NAT64 of stateful translation are also presented. 1.1. Testing Topology The testing topology is shown in the following figure. Li, et al. Expires June 26, 2015 [Page 2] Internet-Draft MAP Interoperability Testing Results December 2014 ----- ------ .-| CE.0|---|Host.0| / ----- ------ ------ ----- | / The \ ----- / An \ | ----- ------ | IPv4 |--| BR |---| IPv6 |------| CE.1|---|Host.1| \Internet/ | | ^ \Network/ | ----- ------ ------ ----- | ----- | | \ ----- ------ tcpdump -| CE.K|---|Host.K| ----- ------ Figure 1: Generic testing topology Where, BR is the MAP Border Relay, CE is the MAP Customer Edge. Both BR and CE can be configured in translation mode (MAP-T) or encapsulation mode (MAP-E), independently. A tcpdump process is running between BR and CE to get the packet header information. 2. MAP specifications The code tested in this document follows the MAP specification defined in [I-D.ietf-softwire-map-t] [I-D.ietf-softwire-map], which contain the Mapping Rules, the Port Mapping Algorithm and the Forwarding Mode. The explicit address format and configuration parameters used for the code are presented in the following sections. 2.1. Mapping Rules and the Address Formats The address format of Basic Mapping Rule (BMR) and Forwarding Mapping Rule (FMR) are defined in the following figure. Also note that translation mode (MAP-T) and encapsulation mode (MAP-E) have the same address format of BMR/FMR. <-- n bits -->||<-m bits>|< 8>|<---- L>=32 ------>|<--56-L--> |0 63| 127| +-------------+--------+---------+----+--------------+----+---------+ | IPv6 prefix |EA bits |Subnet-id| u | IPv4 address |PSID| 0 | +-------------+--------+---------+----+--------------+----+---------+ | Figure 2: BMR/FMR in translation and encapsulation modes The address format of Default Mapping Rule is different for translation (MAP-T) and encapsulation (MAP-E), as shown in the following figures. Li, et al. Expires June 26, 2015 [Page 3] Internet-Draft MAP Interoperability Testing Results December 2014 |0 63| 127| +--------------------------------+----+--------------+--------------+ | BR prefix | u | IPv4 address | 0 | +--------------------------------+----+--------------+--------------+ Figure 3: DMR in translation mode |0 127| +-------------------------------------------------------------------+ | BR IPv6 address | +-------------------------------------------------------------------+ Figure 4: DMR in encapsulation mode The testing presented in this document is for the Hubs and Spokes scenario, and therefore, only BMR and DMR are required in each CE. 2.2. Port Mapping Algorithm The port mapping algorithm is called Generalized Modulus Algorithm (GMA), which contains the sharing ratio (R=2^k), the maximum number of contiguous ports (M=2^m) and the Port-Set Identifiers (PSID). 2.3. Forwarding Modes The MAP has two forwarding modes, the translation (MAP-T) and encapsulation (MAP-E). The header processing algorithms of the translation and the encapsulation modes are defined in [RFC6145] and [RFC2473], respectively. 2.4. Implementation The MAP specification is implemented in Linux environment under GPL [map-code]. The CE related configuration parameters are: -i specify the name of the Ethernet device connected to IPv4 world -I specify the name of the Ethernet device connected to IPv6 world -H specify in CE mode -a specify the IPv4 address and mask of the host behind the CE Li, et al. Expires June 26, 2015 [Page 4] Internet-Draft MAP Interoperability Testing Results December 2014 -P specify the IPv6 rule prefix and prefix length of the host behind the CE -R specify the associated IPv4 address sharing ratio R of the host behind the CE -M specify the associated M parameter of the host behind the CE device -o specify the PSID of the host behind the CE -N specify in NAT44 mode. The '-A' option is required. -A specify the public IPv4 address and mask which the host behind the CE device is mapped into. In this case, the '-a' option will specify the private IPv4 network and prefix length -X specify the IPv6 prefix is not containing EA-bits 3. MAP Testing The configuration examples and the testing results of the MAP's translation mode (MAP-T), the encapsulation mode (MAP-E), MAP-T/MAP-E 1:1 modes and the mixed MAP-T/MAP-E modes are shown in this section. The basic testing method is from an IPv4 host connected to CE to ping an IPv4 server (202.112.35.254) connected to BR. The tcpdump records the packet headers of the echo request and echo reply messages. 3.1. MAP-T The MAP CE in MAP-T mode is configured as: utils/ivictl -r -d -P 2001:da8:b4b6:ffff::/64 -T utils/ivictl -s -i eth1 -I eth0 -H -N -a 192.168.1.0/24 -A 202.38.117.1/24 -P 2001:da8:b4b6::/48 -R 16 -M 2 -o 0 -c 1440 -T The tcpdump data samples are: 09:42:16.526809 IP6 2001:da8:b4b6:100:ca:2675:100:0 > 2001:da8:b4b6:ffff:ca:7023:fe00:0: ICMP6, echo request, seq 18177, length 40 09:42:16.527448 IP6 2001:da8:b4b6:ffff:ca:7023:fe00:0 > 2001:da8:b4b6:100:ca:2675:100:0: ICMP6, echo reply, seq 18177, length 40 Li, et al. Expires June 26, 2015 [Page 5] Internet-Draft MAP Interoperability Testing Results December 2014 3.2. MAP-E The MAP CE in MAP-E mode is configured as: utils/ivictl -r -d -P 2001:da8:b4b6:ffff:1234::5678/128 -E utils/ivictl -s -i eth1 -I eth0 -H -N -a 192.168.1.0/24 -A 202.38.117.1/24 -P 2001:da8:b4b6::/48 -R 16 -M 2 -o 8 -c 1400 -E The tcpdump data samples are: 09:38:43.326429 IP6 2001:da8:b4b6:180:ca:2675:180:0 > 2001:da8:b4b6:ffff:1234::5678: IP 202.38.117.1 > 202.112.35.254: ICMP echo request, id 1040, seq 32512, length 40 09:38:43.327786 IP6 2001:da8:b4b6:ffff:1234::5678 > 2001:da8:b4b6:180:ca:2675:180:0: IP 202.112.35.254 > 202.38.117.1: ICMP echo reply, id 1040, seq 32512, length 40 3.3. 1:1 mode MAP-T/MAP-E The 1:1 mode MAP-T/MAP-E means that each CE has its own mapping rule with or without the IPv4 address sharing. The MAP CE in MAP-T 1:1 mode is configured as: utils/ivictl -r -d -P 2001:da8:b4b6:ffff::/64 -T utils/ivictl -s -i eth1 -I eth0 -H -X -N -a 192.168.1.0/24 -A 202.38.117.1/24 -P 2001:da8:b4b6:2700::/64 -R 16 -M 2 -o 8 -c 1440 -T The tcpdump data samples are: 22:53:30.977999 IP6 2001:da8:b4b6:2700:ca:2675:100:0 > 2001:da8:b4b6:ffff:ca:7023:fe00:0: ICMP6, echo request, seq 7113, length 40 22:53:30.978876 IP6 2001:da8:b4b6:ffff:ca:7023:fe00:0 > 2001:da8:b4b6:2700:ca:2675:100:0: ICMP6, echo reply, seq 7113, length 40 The MAP CE in MAP-E 1:1 mode is configured as: utils/ivictl -r -d -P 2001:da8:b4b6:ffff:1234::5678/128 -E Li, et al. Expires June 26, 2015 [Page 6] Internet-Draft MAP Interoperability Testing Results December 2014 utils/ivictl -s -i eth1 -I eth0 -H -X -N -a 192.168.1.0/24 -A 202.38.117.1/24 -P 2001:da8:b4b6:2700::/64 -R 16 -M 2 -o 8 -c 1400 -E The tcpdump data samples are: 22:56:29.661058 IP6 2001:da8:b4b6:2700:ca:2675:180:0 > 2001:da8:b4b6:ffff:1234::5678: IP 202.38.117.1 > 202.112.35.254: ICMP echo request, id 4113, seq 7276, length 40 22:56:29.661751 IP6 2001:da8:b4b6:ffff:1234::5678 > 2001:da8:b4b6:2700:ca:2675:180:0: IP 202.112.35.254 > 202.38.117.1: ICMP echo reply, id 4113, seq 7276, length 40 3.4. Mixed MAP-T/MAP-E The CE and BR can be configured in different modes, for example CE can be configured in translation mode and BR can be configured in encapsulation mode. The reason is that the forwarding mode is only required in the IPv4 to IPv6 direction, while it can be automatically identified by checking the value of the next header in the IPv6 packets in the IPv6 to IPv4 direction. This feature provides great flexibility to the users and operators to select desired forwarding mode without dropping a single packet in different forwarding mode. The following are two examples of BR and CE in different forwarding modes with the configurations shown in MAP-T and MAP-E sections. When BR is in T mode and CE is in E mode, the tcpdump data samples are: 09:39:48.829067 IP6 2001:da8:b4b6:180:ca:2675:180:0 > 2001:da8:b4b6:ffff:1234::5678: IP 202.38.117.1 > 202.112.35.254: ICMP echo request, id 1040, seq 47104, length 40 09:39:48.833054 IP6 2001:da8:b4b6:ffff:ca:7023:fe00:0 > 2001:da8:b4b6:180:ca:2675:180:0: ICMP6, echo reply, seq 47104, length 40 When BR is in E mode and CE is in T mode, the tcpdump data samples are: 09:44:11.692130 IP6 2001:da8:b4b6:100:ca:2675:100:0 > 2001:da8:b4b6:ffff:ca:7023:fe00:0: ICMP6, echo request, seq 41473, length 40 09:44:11.693044 IP6 2001:da8:b4b6:ffff:1234::5678 > 2001:da8:b4b6:100:ca:2675:100:0: IP 202.112.35.254 > 202.38.117.1: ICMP echo reply, id 1024, seq 41473, length 40 Li, et al. Expires June 26, 2015 [Page 7] Internet-Draft MAP Interoperability Testing Results December 2014 4. Backward Compatibility Testing The MAP CE is backward compatible to dual-stack lite in the E mode and to NAT64 in the T mode. 4.1. AFTR of dual-stack lite Dual-stack lite is a stateful encapsulation technology defined in [RFC6333]. For the testing, the MAP BR is replaced by dual-stack lite AFTR [dual-stack-lite-code]. The MAP CE is configured as: utils/ivictl -r -d -P 2001::1/128 utils/ivictl -s -i eth1 -I eth0 -H -N -X -a 192.168.1.0/24 -A 10.255.255.1/24 -P 2001:da8:b001:1009::/64 -R 16 -M 2 -o 0 -c 1400 -E The tcpdump data samples are: 22:48:42.536559 IP6 2001:da8:b001:1009:a:ffff:100:0 > 2001::1: IP 10.255.255.1 > 202.112.35.254: ICMP echo request, id 1024, seq 41473, length 40 22:48:42.539352 IP6 2001::1 > 2001:da8:b001:1009:a:ffff:100:0: IP 202.112.35.254 > 10.255.255.1: ICMP echo reply, id 1024, seq 41473, length 40 4.2. NAT64 with double translation NAT64 is a stateful translation technology defined in [RFC6146] and [RFC6145]. For the testing, the MAP BR is replaced by NAT64 [nat64-code]. The MAP CE is configured as: utils/ivictl -r -d -P 2001:da8:b4b6:1000::/64 -T utils/ivictl -s -i eth1 -I eth0 -H -N -X -a 192.168.1.0/24 -A 2.2.2.2/32 -P 2001:da8:b001:fff9::/64 -R 16 -M 2 -o 0 -c 1440 -T The tcpdump data samples are: 09:24:16.478385 IP6 2001:da8:b001:fff9:2:202:200:0 > 2001:da8:b4b6:1000:ca:7023:fe00:0: ICMP6, echo request, seq 25600, length 40 Li, et al. Expires June 26, 2015 [Page 8] Internet-Draft MAP Interoperability Testing Results December 2014 09:24:16.479638 IP6 2001:da8:b4b6:1000:ca:7023:fe00:0 > 2001:da8:b001:fff9:2:202:200:0: ICMP6, echo reply, seq 25600, length 40 Note that for this scenario, the CE defined in [RFC6877] can also achieve this goal. 5. Conclusions Although only the echo request/echo reply testing results with the corresponding MAP CE configuration examples are presented in this document, the TCP/UDP applications are also tested in CERNET/CERNET2 successfully. The concluding remarks are: o A unified MAP can support MAP-T, MAP-E, 1:1 mode MAP-T/MAP-E and even the mixed modes without introducing additional complexity. o A unified MAP CE can be configured to support MAP-T, MAP-E, 1:1 mode MAP-T/MAP-E, mixed MAP-T/MAP-E, and backward compatible with stateless NAT64, stateful NAT64 and dual-stack lite. 6. Security Considerations This document does not introduce any new security considerations. 7. IANA Considerations None. 8. Acknowledgments The authors would like to acknowledge the following contributors of this document: Weicai Wang, Wentao Shang and Rajiv Asati. 9. Normative References [I-D.ietf-softwire-map] Troan, O., Dec, W., Li, X., Bao, C., Matsushima, S., Murakami, T., and T. Taylor, "Mapping of Address and Port with Encapsulation (MAP)", draft-ietf-softwire-map-12 (work in progress), November 2014. [I-D.ietf-softwire-map-t] Li, X., Bao, C., Dec, W., Troan, O., Matsushima, S., and T. Murakami, "Mapping of Address and Port using Translation (MAP-T)", draft-ietf-softwire-map-t-08 (work in progress), December 2014. Li, et al. Expires June 26, 2015 [Page 9] Internet-Draft MAP Interoperability Testing Results December 2014 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in IPv6 Specification", RFC 2473, December 1998. [RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation Algorithm", RFC 6145, April 2011. [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers", RFC 6146, April 2011. [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- Stack Lite Broadband Deployments Following IPv4 Exhaustion", RFC 6333, August 2011. [RFC6877] Mawatari, M., Kawashima, M., and C. Byrne, "464XLAT: Combination of Stateful and Stateless Translation", RFC 6877, April 2013. [dual-stack-lite-code] "Dual-stack Lite Code: http://www.isc.org/software/aftr/11", . [map-code] "MAP Code: http://mapt.ivi2.org:8039/mapt.html", . [nat64-code] "NAT64 Code: http://ecdysis.viagenie.ca/download.html", . Authors' Addresses Xing Li CERNET Center/Tsinghua University Room 225, Main Building, Tsinghua University Beijing 100084 CN Phone: +86 10-62785983 Email: xing@cernet.edu.cn Congxiao Bao CERNET Center/Tsinghua University Room 225, Main Building, Tsinghua University Beijing 100084 CN Phone: +86 10-62785983 Email: congxiao@cernet.edu.cn Li, et al. Expires June 26, 2015 [Page 10] Internet-Draft MAP Interoperability Testing Results December 2014 Guoliang Han CERNET Center/Tsinghua University Room 225, Main Building, Tsinghua University Beijing 100084 CN Phone: +86 10-62785983 Email: bupthgl@gmail.com Wojciech Dec Cisco Systems Haarlerbergpark Haarlerbergweg 13-19 Amsterdam, NOORD-HOLLAND 1101 CH Netherlands Email: wdec@cisco.com Li, et al. Expires June 26, 2015 [Page 11]