Internet Engineering Task Force                         J. Schoenwaelder
Internet-Draft                                  Jacobs University Bremen
Intended status: Standards Track                                 C. Zhou
Expires: January 5, 2012                             Huawei Technologies
                                                            July 4, 2011


    Extension of the NAT-MIB to support NAT64 and CGN (and DS-Lite)
                  draft-schoenw-behave-nat-mib-bis-00

Abstract

   This document discusses the extensions of the NAT-MIB needed to
   support newer Network Address Translator (NAT) variants such as
   NAT64, Carried Grade NAT (CGN), or Dual-Stack Lite (DS-Lite).

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on January 5, 2012.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents



Schoenwaelder & Zhou     Expires January 5, 2012                [Page 1]


Internet-Draft          Extension of the NAT-MIB               July 2011


   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the BSD License.


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Structure of the NAT-MIB  . . . . . . . . . . . . . . . . . . . 3
   3.  Extensions of the NAT-MIB . . . . . . . . . . . . . . . . . . . 4
   4.  Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . 5
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
   6.  Security Considerations . . . . . . . . . . . . . . . . . . . . 6
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 6
   8.  Normative References  . . . . . . . . . . . . . . . . . . . . . 6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 7

































Schoenwaelder & Zhou     Expires January 5, 2012                [Page 2]


Internet-Draft          Extension of the NAT-MIB               July 2011


1.  Introduction

   The NAT-MIB [RFC4008] defines a standards-track model for configuring
   and monitoring Network Address Translators (NATs).  Recently, a
   number of new NAT variants have been proposed such as stateful NAT64
   [RFC6146], Carried Grade NAT (CGN), and Dual-Stack Lite (DS-Lite)
   [I-D.ietf-softwire-dual-stack-lite].  A number of new MIB modules
   have been proposed to support these new variants of NATs.  This
   document provides an analysis and proposes to revise the NAT-MIB
   itself instead of creating additional MIB modules.


2.  Structure of the NAT-MIB

   The NAT-MIB [RFC4008] consists of tables carrying configuration
   information and tables indicating the currently active bindings and
   NAT sessions as shown in the figure below.

            +----------------------+        +-----------------+
      +-----| natInterfaceTable    |--------| natAddrMapTable |-+
      |     +----------------------+        +-----------------+ |-+
    +---+                                     +-----------------+ |
    | i |                                       +-----------------+
    | n |
    | t |   +----------------------+
    | e |---| natAddrBindTable     |-+
    | r |   +----------------------+ |-+
    | f |     +----------------------+ |
    | a |       +----------------------+
    | c |
    | e |   +----------------------+
    |   |---| natAddrPortBindTable |-+
    +---+   +----------------------+ |-+
      |       +----------------------+ |
      |         +----------------------+
      |
      |
      |     +----------------------+
      +-----| natSessionTable      |-+
            +----------------------+ |-+
              +----------------------+ |
                +----------------------+

   The NAT-MIB enables NAT functionality on a per interface basis.  As a
   consequence, the natInterfaceTable, is indexed by an ifIndex value.
   The table describing address pools, the natAddrMapTable, is indexed
   by an ifIndex value and a natAddrMapIndex.  While it is possible to
   have multiple address pools configured on a NAT function of an



Schoenwaelder & Zhou     Expires January 5, 2012                [Page 3]


Internet-Draft          Extension of the NAT-MIB               July 2011


   interface, NAT functions on different interfaces will have separate
   address pools.  The actual NAT bindings are reported in the
   natAddrBindTable (in case of pure address translation) indexed by an
   ifIndex value and the local private-realm network address and type or
   the natAddrPortBindTable (in case of address and port translation)
   indexed by an ifIndex value, the local private-realm network address
   and type and the local port number and protocol.  The natSessionTable
   provide statistics about NAT sessions.


3.  Extensions of the NAT-MIB

   As a consequence of the design of the NAT-MIB, the address pools
   configured in the natAddrMapTable are interface specific and cannot
   be shared between multiple interfaces.  In order to support NATs
   where the goal is to share public IPv4 addresses or address pools of
   public IPv4 addresses with multiple interfaces (multiple customers),
   an extension of the NAT-MIB is required allowing to configure address
   pools that can be shared between NAT interfaces.  One way of
   achieving this is to create a new natSharedAddrMapTable with a unique
   index (natSharedAddrMapIndex) that is referenced from
   natInterfaceTable entries.  If the reference is not provided, a
   suitable natAddrMapTable entry is expected to be used.

   The NAT64 MIB proposal [I-D.jpdionne-behave-nat64-mib] suggests to
   extend the natAddrMapTable so that a NAT64 prefix can be configured
   in case the default is not used.  It is not clear whether this
   functionality is necessary to add since the NAT-MIB already allows to
   configure address ranges.  (And it is unclear how the new proposed
   objects would interact with the existing objects).  Other proposed
   changes are clarifications of discard notifications, explainions of
   terminology differences, and the support of NAT sessions for ICMP.
   However, it is not clear whether adding the word 'icmp' to an
   enumeration is sufficient (nor is it clear what to do about DCCP and
   SCTP).

   The CGN MIB proposal [I-D.jpdionne-behave-cgn-mib] suggests to add
   objects to limit and/or throttle address and port allocations in
   order to address requirements detailed in
   [I-D.ietf-behave-lsn-requirements].  In addition, additional
   notifications are proposed to indicate address or port exhaustion.
   Finally, the authors suggest to add tables providing aggregated
   statistics about the usage of NAT address pools.

   The DS-Lite MIB proposal [I-D.fu-softwire-dslite-mib] suggests new
   objects to represent the relationship between the objects
   representing tunnels (as defined in the TUNNEL-MIB, [RFC4087]) and
   the NAT-MIB.  However, since a tunnel is identified by its unique



Schoenwaelder & Zhou     Expires January 5, 2012                [Page 4]


Internet-Draft          Extension of the NAT-MIB               July 2011


   ifIndex value and since the natInterfaceTable is also indexed by an
   ifIndex value, it is unclear why this is needed.  The proposal also
   suggests to add additional counters, e.g., tunnel specific counters
   for NAT bindings.  Architecturally, it seems to be more desirable to
   clearly separate the NAT functionality from the tunnel functionality.
   In particular, the IPv4-in-IPv6 tunnel architecturally ends at the
   tunnel interface and hence the NAT function only receives IPv4
   packets arriving via a tunnel interface.  However, it seems that
   gateway initiated tunnels that use IPv6-Flow-Label bits as a context
   identifier (CID) [I-D.ietf-softwire-gateway-init-ds-lite] require
   further discussion.


4.  Conclusions

   Looking at the structure of the current NAT-MIB and the proposed
   extensions, it seems the best way forward is to revise the NAT-MIB to
   add a minimal number of additional objects and any clarifications
   needed to cover NAT64, CGNs, and DS-Lite.  This seems to be a better
   approach than creating several independent extensions, in particular
   since some extensions seem to be generally applicable.

   In particular, the following items need to be worked on:

   o  Extend the NAT-MIB to support address pools shared between
      interface specific NAT instances.

   o  Extend the NAT-MIB to support protocols other than UDP and TCP.

   o  Add support to limit and/or throttle binding allocations.

   o  Clarify existing notifications (e.g., natPacketDiscard) and add
      any additional notifications that may be needed for binding limits
      / binding throttling.

   In addition, it will be necessary to look at protocols like the Port
   Control Protocol (PCP) [I-D.ietf-pcp-base] that can create time-
   limited static entries.

   To help readers and implementers, it might be desirable to include
   (for example in an appendix) a description plus examples how the
   revised NAT-MIB can be used by NAT64 implementations, CGNs, and DS-
   Lite implementations.

   To support DS-Lite (and related technologies such as 6RD), a revision
   of the TUNNEL-MIB [RFC4087] may be needed as well or suitable tunnel
   type specific extensions.




Schoenwaelder & Zhou     Expires January 5, 2012                [Page 5]


Internet-Draft          Extension of the NAT-MIB               July 2011


   For configuration objects, it might be desirable to also produce a
   YANG data model (for use with the NETCONF protocol) that is
   consistent with the design of the revised NAT-MIB.


5.  IANA Considerations

   This document has no IANA actions.


6.  Security Considerations

   This document has no impact on the security of the Internet.


7.  Acknowledgements

   The authors like to thank Jean-Philippe Dionne for comments on an
   early version of this document.


8.  Normative References

   [I-D.fu-softwire-dslite-mib]
              Fu, Y., Jiang, S., Cui, Y., and J. Dong, "DS-Lite
              Management Information Base (MIB)",
              draft-fu-softwire-dslite-mib-00 (work in progress),
              May 2011.

   [I-D.ietf-behave-lsn-requirements]
              Perreault, S., Yamagata, I., Miyakawa, S., Nakagawa, A.,
              and H. Ashida, "Common requirements for IP address sharing
              schemes", draft-ietf-behave-lsn-requirements-01 (work in
              progress), March 2011.

   [I-D.ietf-pcp-base]
              Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P.
              Selkirk, "Port Control Protocol (PCP)",
              draft-ietf-pcp-base-12 (work in progress), May 2011.

   [I-D.ietf-softwire-dual-stack-lite]
              Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
              Stack Lite Broadband Deployments Following IPv4
              Exhaustion", draft-ietf-softwire-dual-stack-lite-11 (work
              in progress), May 2011.

   [I-D.ietf-softwire-gateway-init-ds-lite]
              Brockners, F., Gundavelli, S., Speicher, S., and D. Ward,



Schoenwaelder & Zhou     Expires January 5, 2012                [Page 6]


Internet-Draft          Extension of the NAT-MIB               July 2011


              "Gateway Initiated Dual-Stack Lite Deployment",
              draft-ietf-softwire-gateway-init-ds-lite-04 (work in
              progress), June 2011.

   [I-D.jpdionne-behave-cgn-mib]
              Dionne, J. and M. Blanchet, "CGN Management Information
              Base (MIB)", draft-jpdionne-behave-cgn-mib-00 (work in
              progress), July 2011.

   [I-D.jpdionne-behave-nat64-mib]
              Dionne, J. and M. Blanchet, "NAT64 Management Information
              Base (MIB)", draft-jpdionne-behave-nat64-mib-00 (work in
              progress), March 2011.

   [RFC4008]  Rohit, R., Srisuresh, P., Raghunarayan, R., Pai, N., and
              C. Wang, "Definitions of Managed Objects for Network
              Address Translators (NAT)", RFC 4008, March 2005.

   [RFC4087]  Thaler, D., "IP Tunnel MIB", RFC 4087, June 2005.

   [RFC6146]  Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
              NAT64: Network Address and Protocol Translation from IPv6
              Clients to IPv4 Servers", RFC 6146, April 2011.


Authors' Addresses

   Juergen Schoenwaelder
   Jacobs University Bremen
   Campus Ring 1
   Bremen  28759
   Germany

   Email: j.schoenwaelder@jacobs-university.de


   Cathy Zhou
   Huawei Technologies
   Bantian, Longgang District
   Shenzhen  518129
   P.R. China

   Email: cathyzhou@huawei.com








Schoenwaelder & Zhou     Expires January 5, 2012                [Page 7]