Network Working Group K.Fang Internet Draft Yu Jiang Document: draft-yujia-zhiyfang-divi-icmp-extension-00.txt Nov 2011 Expires: May 2012 Cisco Systems Extended ICMP to support 1:N NAT64 Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on May, 2012. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC-2119]. K.Fang Y.Jiang Expires May 2012 [Page 1] Internet-Draft Extended ICMP to support 1:N NAT64 Nov 2011 Abstract This memo defines the ICMP mechanism for Dual-Stateless Ipv4/Ipv6 Translation(dIVI) Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . .3 1.1. Motivation. . . . . . . . . . . . . . . . . . . . . . . .3 2. Definition & implementation . . . . . . . . . . . . . . . . . .3 2.1. ICMP Identifier modification on CPE/Host. . . . . . . . .3 2.2. ICMP Identifier proccess on 1:N Translator . . . . . . . . .4 2.2. Detailed flow example . . . . . . . . . . . . . . . . . . .4 3. Security Considerations . . . . . . . . . . . . . . . . . . . .5 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . .5 5. Reference . . . . . . . . . . . . . . . . . . . . . . . . . . .5 K.Fang Y.Jiang Expires May 2012 [Page 2] Internet-Draft Extended ICMP to support 1:N NAT64 Nov 2011 1. Introduction This section explains the reasoning for ICMP extension to support Dual-Stateless Ipv4/Ipv6 Translation(dIVI). 1.1. Motivation Dual-Stateless Ipv4/Ipv6 Translation(dIVI) proposal to share Ipv4 ports with multiple Ipv6 hosts which shown in the following figure. --------------------------------- -----|IPv4-translatable.0#port-range.0 | / --------------------------------- / --------------------------------- |--------|IPv4-translatable.1#port-range.1 | | --------------------------------- -------------------- | --------------------------------- | IPv4-addr#any ports|-----------|IPv4-translatable.2#port-range.2 | -------------------- | --------------------------------- | --------------------------------- |--------|IPv4-translatable.3#port-range.3 | | --------------------------------- \ ... \ --------------------------------- -----|IPv4-translatable.K#port-range.K | --------------------------------- ... When an Ipv4 ICMP packet send to the translator, it need an identifier to mapping to the Ipv6 hosts. 2. Definition & implementation 2.1 ICMP Identifier modification on CPE/Host .-------|Host0| A1/(P%N)+0 / ------ ----- | / The \ ------ / An \ | | IPv4 |--|1:N |---| IPv6 |------------|Host1| A1/(P%N)+1 \Internet/ |XLATE | \Network/ | ------ ------ ----- | |\ | -------|Host2| A1/(P%N)+2 | | \ -------|HostK| A1/(P%N)+K CPE/Host MUST only use the value in Port-Range as Identifier field. If a CPE between Host and Xlate, CPE need dynamic allocate the Identifier K.Fang Y.Jiang Expires May 2012 [Page 3] Internet-Draft xtended ICMP to support 1:N NAT64 Nov 2011 in the Port-Range , and the CPE also request use stateful translation table to maintain the Identifier mapping. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identifier | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data ... +-+-+-+-+- 2.2 ICMP Identifier proccess on 1:N Translator 1:N Translator Device need use this identifier mapping to the Port-Set-id and distribute the ICMP message. If an Host/CPE send ICMP message with wrong identifier the drop the message and init a new type of ICMPv6 dIVI Error Port-Range Correction Message which defined in draft --//-->--|CPE|=====>=====/R2/=====>=====|R3|-->--//-->--|D| +-+ +---+ +--+ +-+ IVI 1:1 xlate 1:N IVI xlate ---------------> ICMP Echo Identifier = 1234 * CPE get-ID in Port-range, allocate * * Mapping Table, eg: 1234<--->129 * ------------------------------> ICMP Echo Identifier = 129 ------------------> ICMP Echo Identifier = 129 <------------------ ICMP Echo Reply Identifier = 129 * IVI Xlate does ICMP Identifier * * Based Forward * <------------------------------ ICMP Echo Reply Identifier = 129 <--------------- * CPE Check Mapping table modify to 1234 * ICMP Echo Reply Identifier = 1234 K.Fang Y.Jiang Expires May 2012 [Page 4] Internet-Draft Extended ICMP to support 1:N NAT64 Nov 2011 If multiple hosts behind CPE execution Ping in the same time , CPE MUST use different Identifier mapping to different ICMP instance. 3. Security Considerations It's same as general ICMPv6 security considerations, See RFC4443 Section 5. 4. IANA Considerations This memo adds no new IANA considerations. 5. References [1] C. Bao , X. Li, et.al "dIVI: Dual-Stateless IPv4/IPv6 Translation", draft-xli-behave-divi-03, July.2011 [2] K. Fang "dIVI Port error handling and range allocation" draft-zhiyfang-divi-icmp-00.txt, Nov.2011 Authors' Addresses Kevin Fang Cisco Systems EMail: zhiyfang@cisco.com Yu Jiang Cisco Systems EMail: yujia@cisco.com K.Fang Y.Jiang Expires May 2012 [Page 5]