Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stateless Deterministic NAT (SD-NAT) draft-penno-softwire-sdnat-01 Reinaldo Penno Olivier Vautrin

Published byJulius Alexander Modified over 9 years ago

Similar presentations

Presentation on theme: "Stateless Deterministic NAT (SD-NAT) draft-penno-softwire-sdnat-01 Reinaldo Penno Olivier Vautrin"— Presentation transcript:

1 Stateless Deterministic NAT (SD-NAT) draft-penno-softwire-sdnat-01 Reinaldo Penno (rpenno@juniper.net)rpenno@juniper.net Olivier Vautrin (olivier@juniper.net)olivier@juniper.net Alain Durand (adurand@juniper.net)adurand@juniper.net November 2011

2 Motivation Issues with current Stateless solutions: – Those mapping approach requires an IPv6 access network and an IPv6 capable CPE. – Tying IPv6 and IPv4 address reduce flexibility in managing IPv4 pool: add/deletion of IPv4 resources require IPv6 renumbering. – Require an important CPE modification. Recent History has shown that it is the most difficult part.

3 Time Crunch Time is the enemy of Stateless solutions: – Once CGNs are deployed, no reason to move away from them (CPE investment, Ipv6 access) – Ratio Users/IP increasing, Stateless will become less attractive CGN Smooth upgrade to SD-NAT: – No CPE upgrade – No Ipv6/Re-addressing needed – Easy Mixed of CGN/SD-NAT

4 SP accessCustomer Premises Port mapping on SD-CPE 102465535 Host 1 Host 2 Host 3 Host n 102465535 Internal Hosts SD-CPE

5 Port mapping on SD-CGN or SD-AFTR 102465535 IPv4 address 1 IPv4 address 2 IPv4 address 3 IPv4 address n IPv4 address n+1 102465535 SD-CPE x SD-CGN or SD-AFTR 102465535 SD-CPE y SD-CGN or SD- AFTR is stateless. A simple formula maps inside and outside ports. SP coreSP access

6 CPE Modification Example on Linux based CPE (DD-WRT, …) /lib/firewall/uci_firewall.sh OLD: $IPTABLES -I zone_${zone}_nat 1 -t nat -o "$ifname" -j MASQUERADE NEW: $IPTABLES -I zone_${zone}_nat 1 -t nat -o "$ifname" -j MASQUERADE -p tcp -- to-ports 1024-2023

7 SD-NAT in a nutshell Stateless operation on CGN – No Logs, No State, Easy Redundancy, Low delay Minimal CPE modification – CPE chooses outgoing SRC ports to fit into a well-known range [1024-MaxPort] CPE can been configured with MaxPort (eg TR69) Alternatively, the CPE can dynamically discover MaxPort. – That’s it! No IPv6 requirements, no complex IPv4/IPv6 mapping. Flexibility – Easily add/remove IPv4 global addresses from NAT pool without renumbering the access network. – Access Network can be IPv4. – Can work with an IPv6 access network (Very similar to DS-Lite).

8 Time Crunch Time is the enemy of Stateless solutions: – Once CGNs are deployed, no reason to move away from them (CPE investment, Ipv6 access) – Ratio Users/IP increasing, Stateless will become less attractive CGN Smooth upgrade to SD-NAT: – No CPE upgrade – No Ipv6/Re-addressing needed – Easy Mixed of CGN/SD-NAT

9 Thank you Questions?

Download ppt "Stateless Deterministic NAT (SD-NAT) draft-penno-softwire-sdnat-01 Reinaldo Penno Olivier Vautrin"

Similar presentations

Stateless IPv4-IPv6 Interconnection for DS-lite and A+P Flexible IPv6 Migration Scenarios in the Context of IPv4 Address Shortage I-D.boucadair-behave-ipv6-portrange.

Stateless IPv4-IPv6 Interconnection for DS-lite and A+P Flexible IPv6 Migration Scenarios in the Context of IPv4 Address Shortage I-D.boucadair-behave-ipv6-portrange.
IETF 80 th Problem Statement for Operational IPv6/IPv4 Co-existence 3/31/2011 Chongfeng Xie Qiong Sun

IETF 80 th Problem Statement for Operational IPv6/IPv4 Co-existence 3/31/2011 Chongfeng Xie Qiong Sun
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.

IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.
Getting over the hump: Strategies for IPv4/IPv6 co-existence Andrei Robachevsky.

Getting over the hump: Strategies for IPv4/IPv6 co-existence Andrei Robachevsky.
For IPv4 Provisioning in IPv6 Network 1 Yong Cui, Jianping Wu, Peng Wu. Tsinghua Univ. (CERNET) Chris Metz. Cisco Systems Olivier Vautrin, Alain Durand.

For IPv4 Provisioning in IPv6 Network 1 Yong Cui, Jianping Wu, Peng Wu. Tsinghua Univ. (CERNET) Chris Metz. Cisco Systems Olivier Vautrin, Alain Durand.
Deployment Considerations for Dual-stack Lite draft-lee-softwire-dslite-deployment-00 Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed.

Deployment Considerations for Dual-stack Lite draft-lee-softwire-dslite-deployment-00 Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed.
ISP SP Network Egress Points Ingress Point Protocol-Specific Egress Decision IP Header Payload Transit Header IP Header Payload IP Header Payload.

ISP SP Network Egress Points Ingress Point Protocol-Specific Egress Decision IP Header Payload Transit Header IP Header Payload IP Header Payload.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Sybex CCNA 640-802 Chapter 11: Network Address Translation Instructor & Todd Lammle.

Sybex CCNA Chapter 11: Network Address Translation Instructor & Todd Lammle.
.::Network Address Translation::. (NAT) By Tim Kaddoura (CS158B // Dr. Stamp)

.::Network Address Translation::. (NAT) By Tim Kaddoura (CS158B // Dr. Stamp)
Y. Cui, J. Wu, P. Wu Tsinghua Univ. C. Metz Cisco Systems O. Vautrin Juniper Networks Y. Lee Comcast Public IPv4 over Access IPv6 Network draft-cui-softwire-host-4over6-04.

Y. Cui, J. Wu, P. Wu Tsinghua Univ. C. Metz Cisco Systems O. Vautrin Juniper Networks Y. Lee Comcast Public IPv4 over Access IPv6 Network draft-cui-softwire-host-4over6-04.
IETF 81 draft-murakami-softwire-4rd-00 (Satoru Matsushima / Tetsuya Murakami / Ole Trøan) 4rd A+P6rd DS- lite.

IETF 81 draft-murakami-softwire-4rd-00 (Satoru Matsushima / Tetsuya Murakami / Ole Trøan) 4rd A+P6rd DS- lite.
DS-Lite for Point-to- Point Access Network IETF 78 Maastricht 2010 July 30.

DS-Lite for Point-to- Point Access Network IETF 78 Maastricht 2010 July 30.
For IPv6 host connecting IPv4 Internet 1 Yong Cui, Jianping Wu Tsinghua Univ. (CERNET) Contact:

For IPv6 host connecting IPv4 Internet 1 Yong Cui, Jianping Wu Tsinghua Univ. (CERNET) Contact:
Christopher Bednarz Justin Jones Prof. Xiang ECE 4986 Fall 2011 Department of Electrical and Computer Engineering University.

Christopher Bednarz Justin Jones Prof. Xiang ECE 4986 Fall Department of Electrical and Computer Engineering University.
4V6 – aka stateless 4Via6 stateless-4v6-00 W. Dec 1.

4V6 – aka stateless 4Via6 stateless-4v6-00 W. Dec 1.
Network Address Translation

Network Address Translation

Similar presentations

Ads by Google