Internet DRAFT - draft-meng-behave-napgt
draft-meng-behave-napgt
behave WG W. Meng
Internet-Draft ZTE Corporation
Intended status: Standards Track July 15, 2013
Expires: January 16, 2014
Network Address Port Group Translator
draft-meng-behave-napgt-01
Abstract
Currently, if an internal server and hosts are behind NAT, they
cannot share a global IP address except adding lots of static NAPT
rule configuration. Because if a server wants to provide a service
by constant port(i.e. HTTP and FTP) , the destination port of packet
sent by an external client should not be changed when it crosses NAT.
This document specifies a new method to assign NAPT global address
and port, aiming to solve the problem that internal servers and hosts
cannot share less global IP addresses.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 16, 2014.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Meng Expires January 16, 2014 [Page 1]
�
Internet-Draft Network Address Port Group Translator July 2013
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Convention and Terminology . . . . . . . . . . . . . . . . . 3
3. Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Configuration . . . . . . . . . . . . . . . . . . . . . . . . 3
5. Mapping Item . . . . . . . . . . . . . . . . . . . . . . . . 3
6. Security Considerations . . . . . . . . . . . . . . . . . . . 4
7. Normative References . . . . . . . . . . . . . . . . . . . . 4
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 4
1. Introduction
With the depletion of IPv4 addresses, many operators have begun to
deploy NAPT in their network. However, the use of NAPT has many
shortcomings. For example, a server is placed in an internal
network, this may happen when an external client attempts to access a
server in the internal network through HTTP. Dynamic NAPT cannot be
used for translation except for NAT, because the translation MUST
keep the consistency of the internal port and external port (PORT:80
should not be changed). This may be causing a public IP address
being occupied to a server, but not for other users to access,
resulting in a misuse of resources.
It appears that STATIC NAPT is a near-perfect solution to deal with
this issue. However, However, if there are a lot of services or
servers in the internal network, it may not be useful to configure a
huge number of STATIC NAPT rules. This will increase the complexity
of configuration without a corresponding increase in functionality.
The current existing solution works by changing the configuration due
to user complaints. A user does not know whether his/her IP address
is global or local. During the use of a global IP address, he/she
can access the server placed in his home from external. Until one
day, he/she cannot do that because he/she gets a local IP address.
He/She is not satisfied and complains to the operator. Operator has
to assign global IP address for him/her and still assign local IP
address for others. Operator distinguishes him/her from others by
embedding tags into the subscriber backend database.
Now, through the variant of traditional NAPT translation, we can
achieve sharing a global IP address among a server and hosts placed
in the same internal network. It is called NAPGT (Network Address
Port Group Translator).
Meng Expires January 16, 2014 [Page 2]
�
Internet-Draft Network Address Port Group Translator July 2013
2. Convention and Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Scenarios
There can be a typical scenario if NAT is involved.
In this scenario, a server and several hosts are behind NAT. NAT has
only a global IP address. NAT needs to let client access to server
without affecting any hosts accessing to the internet.
Address Pool:
{202.1.1.1 }
+----------+ +-----+ +--------+
+--------+ | | | | |HTTP/FTP|
| Client |----+ Internet + ----+ NAT +----+ Server +
+--------+ | | | | | | |
+----------+ +-----+ | +--------+
| +--------+
|--+ host +
| +--------+
| +--------+
|--+ host +
| +--------+
| +--------+
|--+ host +
+--------+
Figure 1: Server and Hosts Behind NAT
4. Configuration
The NAPGT needs to be configured in a NAT device. Port-ranges MUST
be specified in NAT pool, such as '1-1024','7000-7100'. It means
that a collection of ports MUST be utilized for binding. The rest of
ports can be assigned to hosts.
Static or dynamic rules MUST be configured for server. Rules for
hosts has no special requirement.
5. Mapping Item
Meng Expires January 16, 2014 [Page 3]
�
Internet-Draft Network Address Port Group Translator July 2013
To achieve client accessing server behind NAT by HTTP or FTP, mapping
item MUST be generated in advance.
NAT(config)#show nat translations all
===============================================================================
Protocol Type Local Add:Port global Add:Port Destination Add:Port
===============================================================================
--- NAPGT 192.168.0.1:<1-1024> 202.1.1.1:<1-1024> 211.1.1.1:*
-------------------------------------------------------------------------------
UDP STATIC 192.168.0.2:1024 202.1.1.1:1025 222.1.1.1
-------------------------------------------------------------------------------
TCP DYNAMIC 192.168.0.3:2565 202.1.1.1:1030 ---
-------------------------------------------------------------------------------
Figure 2: Mapping Item in NAT(Example)
6. Security Considerations
To be added later on as-needed basis.
7. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
Author's Address
Wei Meng
ZTE Corporation
No.50 Software Avenue, Yuhuatai District
Nanjing
China
Email: meng.wei2@zte.com.cn, vally.meng@gmail.com
Meng Expires January 16, 2014 [Page 4]
