Internet DRAFT - draft-yujia-zhiyfang-divi-icmp-extension

draft-yujia-zhiyfang-divi-icmp-extension



Network Working Group                                           K.Fang
Internet Draft                                                Yu Jiang
Document: draft-yujia-zhiyfang-divi-icmp-extension-00.txt     Nov 2011
Expires: May 2012                                        Cisco Systems

                  Extended ICMP to support 1:N NAT64

Status of this Memo

This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups.  Note that other
groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at
any time.  It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.

This Internet-Draft will expire on May, 2012.

Copyright Notice

Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions
Relating to IETF Documents (http://trustee.ietf.org/license-info)
in effect on the date of publication of this document.  Please
review these documents carefully, as they describe your rights and
restrictions with respect to this document.


Conventions used in this document

  The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
  "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
  document are to be interpreted as described in [RFC-2119].





  
  
  
K.Fang Y.Jiang           Expires May    2012                   [Page 1]

Internet-Draft    Extended ICMP to support 1:N NAT64           Nov 2011

Abstract

  This memo defines the ICMP mechanism for Dual-Stateless Ipv4/Ipv6 
  Translation(dIVI)


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . .3
       1.1.  Motivation. . . . . . . . . . . . . . . . . . . . . . . .3
   2.  Definition & implementation . . . . . . . . . . . . . . . . . .3
       2.1.  ICMP Identifier modification on CPE/Host. . . . . . . . .3
    2.2.  ICMP Identifier proccess on 1:N Translator . . . . . . . . .4
    2.2.  Detailed flow example  . . . . . . . . . . . . . . . . . . .4
   3.  Security Considerations . . . . . . . . . . . . . . . . . . . .5
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . .5
   5.  Reference . . . . . . . . . . . . . . . . . . . . . . . . . . .5


   
   











   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
  
K.Fang Y.Jiang           Expires May    2012                   [Page 2]

Internet-Draft    Extended ICMP to support 1:N NAT64           Nov 2011   
   
1.  Introduction

  This section explains the reasoning for ICMP extension to support
  Dual-Stateless Ipv4/Ipv6 Translation(dIVI).

1.1.  Motivation

  Dual-Stateless Ipv4/Ipv6 Translation(dIVI) proposal to share Ipv4 ports 
  with multiple Ipv6 hosts which shown in the following figure.
                                      ---------------------------------
                                -----|IPv4-translatable.0#port-range.0 |
                              /       ---------------------------------
                             /        ---------------------------------
                            |--------|IPv4-translatable.1#port-range.1 |
                            |         ---------------------------------
     --------------------   |         ---------------------------------
    | IPv4-addr#any ports|-----------|IPv4-translatable.2#port-range.2 |
     --------------------   |         ---------------------------------
                            |         ---------------------------------
                            |--------|IPv4-translatable.3#port-range.3 |
                            |         ---------------------------------
                             \                        ...
                              \       ---------------------------------
                                -----|IPv4-translatable.K#port-range.K |
                                      ---------------------------------
                                                      ...
   When an Ipv4 ICMP packet send to the translator, it need an identifier 
   to mapping to the Ipv6 hosts. 

2.  Definition & implementation

2.1 ICMP Identifier modification on CPE/Host

                                             .-------|Host0| A1/(P%N)+0
                                            /
        ------                   -----     |
      /  The   \    ------     /  An   \   |
     |  IPv4    |--|1:N   |---|  IPv6   |------------|Host1| A1/(P%N)+1
      \Internet/   |XLATE |    \Network/   |
        ------      ------       -----     |
                                           |\
                                           |  -------|Host2| A1/(P%N)+2
                                           |
                                           |
                                            \
                                              -------|HostK| A1/(P%N)+K
 
   CPE/Host MUST only use the value in Port-Range as Identifier field. If 
   a CPE between Host and Xlate, CPE need dynamic allocate the Identifier

K.Fang Y.Jiang           Expires May    2012                   [Page 3]

Internet-Draft     xtended ICMP to support 1:N NAT64           Nov 2011

   in the Port-Range , and the CPE also request use stateful translation
   table to maintain the Identifier mapping.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |     Code      |          Checksum             |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |           Identifier          |        Sequence Number        |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Data ...
      +-+-+-+-+-
    
2.2 ICMP Identifier proccess on 1:N Translator

   1:N Translator Device need use this identifier mapping to the 
   Port-Set-id and distribute the ICMP message.
   
   If an Host/CPE send ICMP message with wrong identifier the drop the 
   message and init a new type of ICMPv6 dIVI Error Port-Range 
   Correction Message which defined in draft <dIVI Port error handling
   and range allocation[2].

2.3 Detailed flow example
 
   +-+    IPv4    +---+   IPv6 Transit Core      +--+    IPv4    +-+
   |S|-->--//-->--|CPE|=====>=====/R2/=====>=====|R3|-->--//-->--|D|
   +-+            +---+                          +--+            +-+
                 IVI 1:1 xlate               1:N IVI xlate
    --------------->
    ICMP Echo
     Identifier = 1234
              * CPE get-ID in Port-range, allocate  *
              * Mapping Table, eg:  1234<--->129    * 
                    ------------------------------>
                    ICMP Echo 
                    Identifier = 129
                                                ------------------>
                                                ICMP Echo
                                                Identifier = 129            
                                                <------------------
                                                ICMP Echo Reply
                                                Identifier = 129
        * IVI Xlate does ICMP Identifier  *
        * Based Forward                   *
       <------------------------------             
        ICMP Echo Reply
        Identifier = 129      
 <--------------- * CPE Check Mapping table modify to 1234 *
    ICMP Echo Reply
    Identifier = 1234
K.Fang Y.Jiang           Expires May    2012                   [Page 4]

Internet-Draft         Extended ICMP to support 1:N NAT64      Nov 2011

    If multiple hosts behind CPE execution Ping in the same time , CPE
    MUST use different Identifier mapping to different ICMP instance.
 
3. Security Considerations

    It's same as general ICMPv6 security considerations, See RFC4443 
 Section 5.

4. IANA Considerations

   This memo adds no new IANA considerations.

5. References
 
    [1]  C. Bao , X. Li, et.al "dIVI: Dual-Stateless IPv4/IPv6 
         Translation", draft-xli-behave-divi-03, July.2011

    [2]  K. Fang "dIVI Port error handling and range allocation"
    draft-zhiyfang-divi-icmp-00.txt, Nov.2011
 
Authors' Addresses

   Kevin Fang
   Cisco Systems

   EMail: zhiyfang@cisco.com

   Yu Jiang
   Cisco Systems

   EMail: yujia@cisco.com

K.Fang Y.Jiang           Expires May    2012                   [Page 5]