| draft-ietf-opsawg-nat-yang-02.txt | draft-ietf-opsawg-nat-yang-03.txt | |||
|---|---|---|---|---|
| Network Working Group M. Boucadair | Network Working Group M. Boucadair | |||
| Internet-Draft Orange | Internet-Draft Orange | |||
| Intended status: Standards Track S. Sivakumar | Intended status: Standards Track S. Sivakumar | |||
| Expires: February 24, 2018 Cisco Systems | Expires: March 22, 2018 Cisco Systems | |||
| C. Jacquenet | C. Jacquenet | |||
| Orange | Orange | |||
| S. Vinapamula | S. Vinapamula | |||
| Juniper Networks | Juniper Networks | |||
| Q. Wu | Q. Wu | |||
| Huawei | Huawei | |||
| August 23, 2017 | September 18, 2017 | |||
| A YANG Data Model for Network Address Translation (NAT) and Network | A YANG Data Model for Network Address Translation (NAT) and Network | |||
| Prefix Translation (NPT) | Prefix Translation (NPT) | |||
| draft-ietf-opsawg-nat-yang-02 | draft-ietf-opsawg-nat-yang-03 | |||
| Abstract | Abstract | |||
| For the sake of network automation and the need for programming | For the sake of network automation and the need for programming | |||
| Network Address Translation (NAT) function in particular, a data | Network Address Translation (NAT) function in particular, a data | |||
| model for configuring and managing the NAT is essential. This | model for configuring and managing the NAT is essential. This | |||
| document defines a YANG data model for the NAT function. | document defines a YANG data model for the NAT function. | |||
| NAT44, Network Address and Protocol Translation from IPv6 Clients to | NAT44, Network Address and Protocol Translation from IPv6 Clients to | |||
| IPv4 Servers (NAT64), Customer-side transLATor (CLAT), Explicit | IPv4 Servers (NAT64), Customer-side transLATor (CLAT), Explicit | |||
| Address Mappings for Stateless IP/ICMP Translation (SIIT EIM), and | Address Mappings for Stateless IP/ICMP Translation (SIIT EAM), and | |||
| IPv6 Network Prefix Translation (NPTv6) are covered in this document. | IPv6 Network Prefix Translation (NPTv6) are covered in this document. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on February 24, 2018. | This Internet-Draft will expire on March 22, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| skipping to change at page 2, line 38 ¶ | skipping to change at page 2, line 38 ¶ | |||
| 2.3. TCP, UDP and ICMP NAT Behavioral Requirements . . . . . . 6 | 2.3. TCP, UDP and ICMP NAT Behavioral Requirements . . . . . . 6 | |||
| 2.4. Other Transport Protocols . . . . . . . . . . . . . . . . 6 | 2.4. Other Transport Protocols . . . . . . . . . . . . . . . . 6 | |||
| 2.5. IP Addresses Used for Translation . . . . . . . . . . . . 6 | 2.5. IP Addresses Used for Translation . . . . . . . . . . . . 6 | |||
| 2.6. Port Set Assignment . . . . . . . . . . . . . . . . . . . 6 | 2.6. Port Set Assignment . . . . . . . . . . . . . . . . . . . 6 | |||
| 2.7. Port-Restricted IP Addresses . . . . . . . . . . . . . . 7 | 2.7. Port-Restricted IP Addresses . . . . . . . . . . . . . . 7 | |||
| 2.8. NAT Mapping Entries . . . . . . . . . . . . . . . . . . . 7 | 2.8. NAT Mapping Entries . . . . . . . . . . . . . . . . . . . 7 | |||
| 2.9. Resource Limits . . . . . . . . . . . . . . . . . . . . . 9 | 2.9. Resource Limits . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 2.10. Binding the NAT Function to an Interface . . . . . . . . 10 | 2.10. Binding the NAT Function to an Interface . . . . . . . . 10 | |||
| 2.11. Tree Structure . . . . . . . . . . . . . . . . . . . . . 10 | 2.11. Tree Structure . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 3. NAT YANG Module . . . . . . . . . . . . . . . . . . . . . . . 14 | 3. NAT YANG Module . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 54 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 55 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 54 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 55 | |||
| 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 55 | 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 55 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 55 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 56 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 55 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 56 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 56 | 7.2. Informative References . . . . . . . . . . . . . . . . . 57 | |||
| Appendix A. Sample Examples . . . . . . . . . . . . . . . . . . 58 | Appendix A. Sample Examples . . . . . . . . . . . . . . . . . . 59 | |||
| A.1. Traditional NAT44 . . . . . . . . . . . . . . . . . . . . 59 | A.1. Traditional NAT44 . . . . . . . . . . . . . . . . . . . . 59 | |||
| A.2. CGN . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 | A.2. CGN . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 | |||
| A.3. CGN Pass-Through . . . . . . . . . . . . . . . . . . . . 63 | A.3. CGN Pass-Through . . . . . . . . . . . . . . . . . . . . 64 | |||
| A.4. NAT64 . . . . . . . . . . . . . . . . . . . . . . . . . . 64 | A.4. NAT64 . . . . . . . . . . . . . . . . . . . . . . . . . . 65 | |||
| A.5. Explicit Address Mappings for Stateless IP/ICMP | A.5. Explicit Address Mappings for Stateless IP/ICMP | |||
| Translation . . . . . . . . . . . . . . . . . . . . . . . 64 | Translation . . . . . . . . . . . . . . . . . . . . . . . 65 | |||
| A.6. Static Mappings with Port Ranges . . . . . . . . . . . . 68 | A.6. Static Mappings with Port Ranges . . . . . . . . . . . . 69 | |||
| A.7. Static Mappings with IP Prefixes . . . . . . . . . . . . 68 | A.7. Static Mappings with IP Prefixes . . . . . . . . . . . . 69 | |||
| A.8. Destination NAT . . . . . . . . . . . . . . . . . . . . . 69 | A.8. Destination NAT . . . . . . . . . . . . . . . . . . . . . 70 | |||
| A.9. CLAT . . . . . . . . . . . . . . . . . . . . . . . . . . 72 | A.9. CLAT . . . . . . . . . . . . . . . . . . . . . . . . . . 73 | |||
| A.10. NPTv6 . . . . . . . . . . . . . . . . . . . . . . . . . . 72 | A.10. NPTv6 . . . . . . . . . . . . . . . . . . . . . . . . . . 73 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 74 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 75 | |||
| 1. Introduction | 1. Introduction | |||
| This document defines a data model for Network Address Translation | This document defines a data model for Network Address Translation | |||
| (NAT) and Network Prefix Translation (NPT) capabilities using the | (NAT) and Network Prefix Translation (NPT) capabilities using the | |||
| YANG data modeling language [RFC6020]. | YANG data modeling language [RFC6020]. | |||
| Traditional NAT is defined in [RFC2663], while Carrier Grade NAT | Traditional NAT is defined in [RFC2663], while Carrier Grade NAT | |||
| (CGN) is defined in [RFC6888]. Unlike traditional NAT, the CGN is | (CGN) is defined in [RFC6888]. Unlike traditional NAT, the CGN is | |||
| used to optimize the usage of global IP address space at the scale of | used to optimize the usage of global IP address space at the scale of | |||
| skipping to change at page 10, line 29 ¶ | skipping to change at page 10, line 29 ¶ | |||
| The tree structure of the NAT data model is provided below: | The tree structure of the NAT data model is provided below: | |||
| module: ietf-nat | module: ietf-nat | |||
| +--rw nat-module | +--rw nat-module | |||
| +--rw nat-instances | +--rw nat-instances | |||
| +--rw nat-instance* [id] | +--rw nat-instance* [id] | |||
| +--rw id uint32 | +--rw id uint32 | |||
| +--rw name? string | +--rw name? string | |||
| +--rw enable? boolean | +--rw enable? boolean | |||
| +--ro nat-capabilities | +--rw nat-capabilities | |||
| | +--ro nat-flavor* identityref | | +--rw nat-flavor* identityref | |||
| | +--ro nat44-flavor* identityref | | +--rw nat44-flavor* identityref | |||
| | +--ro restricted-port-support? boolean | | +--rw restricted-port-support? boolean | |||
| | +--ro static-mapping-support? boolean | | +--rw static-mapping-support? boolean | |||
| | +--ro port-randomization-support? boolean | | +--rw port-randomization-support? boolean | |||
| | +--ro port-range-allocation-support? boolean | | +--rw port-range-allocation-support? boolean | |||
| | +--ro port-preservation-suport? boolean | | +--rw port-preservation-suport? boolean | |||
| | +--ro port-parity-preservation-support? boolean | | +--rw port-parity-preservation-support? boolean | |||
| | +--ro address-roundrobin-support? boolean | | +--rw address-roundrobin-support? boolean | |||
| | +--ro paired-address-pooling-support? boolean | | +--rw paired-address-pooling-support? boolean | |||
| | +--ro endpoint-independent-mapping-support? boolean | | +--rw endpoint-independent-mapping-support? boolean | |||
| | +--ro address-dependent-mapping-support? boolean | | +--rw address-dependent-mapping-support? boolean | |||
| | +--ro address-and-port-dependent-mapping-support? boolean | | +--rw address-and-port-dependent-mapping-support? boolean | |||
| | +--ro endpoint-independent-filtering-support? boolean | | +--rw endpoint-independent-filtering-support? boolean | |||
| | +--ro address-dependent-filtering? boolean | | +--rw address-dependent-filtering? boolean | |||
| | +--ro address-and-port-dependent-filtering? boolean | | +--rw address-and-port-dependent-filtering? boolean | |||
| +--rw internal-interfaces* [internal-interface] | +--rw internal-interfaces* [internal-interface] | |||
| | +--rw internal-interface if:interface-ref | | +--rw internal-interface if:interface-ref | |||
| +--rw external-interfaces* [external-interface] | +--rw external-interfaces* [external-interface] | |||
| | +--rw external-interface if:interface-ref | | +--rw external-interface if:interface-ref | |||
| +--rw external-ip-address-pool* [pool-id] | +--rw external-ip-address-pool* [pool-id] | |||
| | +--rw pool-id uint32 | | +--rw pool-id uint32 | |||
| | +--rw external-ip-pool? inet:ipv4-prefix | | +--rw external-ip-pool? inet:ipv4-prefix | |||
| +--rw port-set-restrict | +--rw port-set-restrict | |||
| | +--rw (port-type)? | | +--rw (port-type)? | |||
| | +--:(port-range) | | +--:(port-range) | |||
| skipping to change at page 11, line 31 ¶ | skipping to change at page 11, line 31 ¶ | |||
| | +--rw destination-ipv4-prefix* [ipv4-prefix] | | +--rw destination-ipv4-prefix* [ipv4-prefix] | |||
| | +--rw ipv4-prefix inet:ipv4-prefix | | +--rw ipv4-prefix inet:ipv4-prefix | |||
| +--rw clat-ipv6-prefixes* [clat-ipv6-prefix] | +--rw clat-ipv6-prefixes* [clat-ipv6-prefix] | |||
| | +--rw clat-ipv6-prefix inet:ipv6-prefix | | +--rw clat-ipv6-prefix inet:ipv6-prefix | |||
| +--rw clat-ipv4-prefixes* [clat-ipv4-prefix] | +--rw clat-ipv4-prefixes* [clat-ipv4-prefix] | |||
| | +--rw clat-ipv4-prefix inet:ipv4-prefix | | +--rw clat-ipv4-prefix inet:ipv4-prefix | |||
| +--rw nptv6-prefixes* [translation-id] | +--rw nptv6-prefixes* [translation-id] | |||
| | +--rw translation-id uint32 | | +--rw translation-id uint32 | |||
| | +--rw internal-ipv6-prefix? inet:ipv6-prefix | | +--rw internal-ipv6-prefix? inet:ipv6-prefix | |||
| | +--rw external-ipv6-prefix? inet:ipv6-prefix | | +--rw external-ipv6-prefix? inet:ipv6-prefix | |||
| +--rw eam* [eam-ipv4-prefix] | ||||
| | +--rw eam-ipv4-prefix inet:ipv4-prefix | ||||
| | +--rw eam-ipv6-prefix? inet:ipv6-prefix | ||||
| +--rw supported-transport-protocols* [transport-protocol-id] | +--rw supported-transport-protocols* [transport-protocol-id] | |||
| | +--rw transport-protocol-id uint8 | | +--rw transport-protocol-id uint8 | |||
| | +--rw transport-protocol-name? string | | +--rw transport-protocol-name? string | |||
| +--rw subscriber-mask-v6? uint8 | +--rw subscriber-mask-v6? uint8 | |||
| +--rw subscriber-match* [sub-match-id] | +--rw subscriber-match* [sub-match-id] | |||
| | +--rw sub-match-id uint32 | | +--rw sub-match-id uint32 | |||
| | +--rw sub-mask inet:ip-prefix | | +--rw sub-mask inet:ip-prefix | |||
| +--rw nat-pass-through* [nat-pass-through-id] | +--rw nat-pass-through* [nat-pass-through-id] | |||
| | +--rw nat-pass-through-id uint32 | | +--rw nat-pass-through-id uint32 | |||
| | +--rw nat-pass-through-pref? inet:ip-prefix | | +--rw nat-pass-through-pref? inet:ip-prefix | |||
| skipping to change at page 14, line 24 ¶ | skipping to change at page 14, line 27 ¶ | |||
| +--ro ports-allocated? uint32 | +--ro ports-allocated? uint32 | |||
| +--ro ports-free? uint32 | +--ro ports-free? uint32 | |||
| notifications: | notifications: | |||
| +---n nat-event | +---n nat-event | |||
| +--ro id? -> /nat-module/nat-instances/nat-instance/id | +--ro id? -> /nat-module/nat-instances/nat-instance/id | |||
| +--ro notify-pool-threshold percent | +--ro notify-pool-threshold percent | |||
| 3. NAT YANG Module | 3. NAT YANG Module | |||
| <CODE BEGINS> file "ietf-nat@2017-08-23.yang" | <CODE BEGINS> file "ietf-nat@2017-09-18.yang" | |||
| module ietf-nat { | module ietf-nat { | |||
| namespace "urn:ietf:params:xml:ns:yang:ietf-nat"; | namespace "urn:ietf:params:xml:ns:yang:ietf-nat"; | |||
| //namespace to be assigned by IANA | //namespace to be assigned by IANA | |||
| prefix "nat"; | prefix "nat"; | |||
| import ietf-inet-types { prefix inet; } | import ietf-inet-types { prefix inet; } | |||
| import ietf-yang-types { prefix yang; } | import ietf-yang-types { prefix yang; } | |||
| skipping to change at page 15, line 18 ¶ | skipping to change at page 15, line 19 ¶ | |||
| Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
| without modification, is permitted pursuant to, and subject | without modification, is permitted pursuant to, and subject | |||
| to the license terms contained in, the Simplified BSD License | to the license terms contained in, the Simplified BSD License | |||
| set forth in Section 4.c of the IETF Trust's Legal Provisions | set forth in Section 4.c of the IETF Trust's Legal Provisions | |||
| Relating to IETF Documents | Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info). | (http://trustee.ietf.org/license-info). | |||
| This version of this YANG module is part of RFC XXXX; see | This version of this YANG module is part of RFC XXXX; see | |||
| the RFC itself for full legal notices."; | the RFC itself for full legal notices."; | |||
| revision 2017-09-18 { | ||||
| description "Comments from Tore Anderson about EAM-SIIT."; | ||||
| reference "-ietf-03"; | ||||
| } | ||||
| revision 2017-08-23 { | revision 2017-08-23 { | |||
| description "Comments from F. Baker about NPTv6."; | description "Comments from F. Baker about NPTv6."; | |||
| reference "-ietf-02"; | reference "-ietf-02"; | |||
| } | } | |||
| revision 2017-08-21 { | revision 2017-08-21 { | |||
| description " Includes CLAT (Lee/Jordi)."; | description " Includes CLAT (Lee/Jordi)."; | |||
| reference "-ietf-01"; | reference "-ietf-01"; | |||
| } | } | |||
| skipping to change at page 32, line 30 ¶ | skipping to change at page 32, line 39 ¶ | |||
| description | description | |||
| "An IPv6 prefix used by the external interface | "An IPv6 prefix used by the external interface | |||
| of NPTv6."; | of NPTv6."; | |||
| reference | reference | |||
| "RFC 6296."; | "RFC 6296."; | |||
| } | } | |||
| } | } | |||
| list eam { | ||||
| when "../nat-capabilities/nat-flavor = 'eam' "; | ||||
| key eam-ipv4-prefix; | ||||
| description | ||||
| "The Explicit Address Mapping Table, a conceptual | ||||
| table in which each row represents an EAM. | ||||
| Each EAM describes a mapping between IPv4 and IPv6 | ||||
| prefixes/addresses."; | ||||
| reference "Section 3.1 of RFC 7757."; | ||||
| leaf eam-ipv4-prefix { | ||||
| type inet:ipv4-prefix; | ||||
| description | ||||
| "The IPv4 prefix of an EAM."; | ||||
| reference | ||||
| "Section 3.2 of RFC 7757."; | ||||
| } | ||||
| leaf eam-ipv6-prefix { | ||||
| type inet:ipv6-prefix; | ||||
| description | ||||
| "The IPv6 prefix of an EAM."; | ||||
| reference | ||||
| "Section 3.2 of RFC 7757."; | ||||
| } | ||||
| } | ||||
| list supported-transport-protocols { | list supported-transport-protocols { | |||
| key transport-protocol-id; | key transport-protocol-id; | |||
| description | description | |||
| "Supported transport protocols. | "Supported transport protocols. | |||
| TCP and UDP are supported by default."; | TCP and UDP are supported by default."; | |||
| leaf transport-protocol-id { | leaf transport-protocol-id { | |||
| type uint8; | type uint8; | |||
| skipping to change at page 45, line 41 ¶ | skipping to change at page 46, line 34 ¶ | |||
| description | description | |||
| "A NAT instance."; | "A NAT instance."; | |||
| leaf id { | leaf id { | |||
| type uint32; | type uint32; | |||
| description | description | |||
| "NAT instance identifier."; | "NAT instance identifier."; | |||
| reference | reference | |||
| "RFC 7659."; | "RFC7659."; | |||
| } | } | |||
| leaf name { | leaf name { | |||
| type string; | type string; | |||
| description | description | |||
| "A name associated with the NAT instance."; | "A name associated with the NAT instance."; | |||
| } | } | |||
| leaf enable { | leaf enable { | |||
| type boolean; | type boolean; | |||
| description | description | |||
| "Status of the the NAT instance."; | "Status of the the NAT instance."; | |||
| } | } | |||
| container nat-capabilities { | container nat-capabilities { | |||
| config false; | // config false; | |||
| description | description | |||
| "NAT capabilities"; | "NAT capabilities"; | |||
| leaf-list nat-flavor { | leaf-list nat-flavor { | |||
| type identityref { | type identityref { | |||
| base nat-type; | base nat-type; | |||
| } | } | |||
| description | description | |||
| "Type of NAT."; | "Type of NAT."; | |||
| skipping to change at page 50, line 5 ¶ | skipping to change at page 50, line 43 ¶ | |||
| "'nat44' or "+ | "'nat44' or "+ | |||
| "../nat-capabilities/nat-flavor = "+ | "../nat-capabilities/nat-flavor = "+ | |||
| "'nat64'or "+ | "'nat64'or "+ | |||
| "../nat-capabilities/nat-flavor = "+ | "../nat-capabilities/nat-flavor = "+ | |||
| "'clat'or "+ | "'clat'or "+ | |||
| "../nat-capabilities/nat-flavor = 'dst-nat'"; | "../nat-capabilities/nat-flavor = 'dst-nat'"; | |||
| description | description | |||
| "NAT mapping table. Applicable for functions | "NAT mapping table. Applicable for functions | |||
| which maintains static and/or dynamic mappings, | which maintains static and/or dynamic mappings, | |||
| such as NAT44, Destination NAT, NAT64, CLAT, | such as NAT44, Destination NAT, NAT64, or CLAT."; | |||
| or EAM."; | ||||
| list mapping-entry { | list mapping-entry { | |||
| key "index"; | key "index"; | |||
| description | description | |||
| "NAT mapping entry."; | "NAT mapping entry."; | |||
| uses mapping-entry; | uses mapping-entry; | |||
| } | } | |||
| } | } | |||
| skipping to change at page 55, line 17 ¶ | skipping to change at page 56, line 8 ¶ | |||
| prefix: nat | prefix: nat | |||
| reference: RFC XXXX | reference: RFC XXXX | |||
| 6. Acknowledgements | 6. Acknowledgements | |||
| Many thanks to Dan Wing and Tianran Zhou for the review. | Many thanks to Dan Wing and Tianran Zhou for the review. | |||
| Thanks to Juergen Schoenwaelder for the comments on the YANG | Thanks to Juergen Schoenwaelder for the comments on the YANG | |||
| structure and the suggestion to use NMDA. | structure and the suggestion to use NMDA. | |||
| Thanks to Lee Howard and Jordi Palet for the CLAT comments and to | Thanks to Lee Howard and Jordi Palet for the CLAT comments, Fred | |||
| Fred Baker for the NPTv6 comments. | Baker for the NPTv6 comments, and Tore Anderson for EAM SIIT review. | |||
| Special thanks to Maros Marsalek and Marek Gradzki for sharing their | Special thanks to Maros Marsalek and Marek Gradzki for sharing their | |||
| comments based on the FD.io implementation. | comments based on the FD.io implementation. | |||
| 7. References | 7. References | |||
| 7.1. Normative References | 7.1. Normative References | |||
| [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, | [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, | |||
| DOI 10.17487/RFC3688, January 2004, <https://www.rfc- | DOI 10.17487/RFC3688, January 2004, | |||
| editor.org/info/rfc3688>. | <https://www.rfc-editor.org/info/rfc3688>. | |||
| [RFC4787] Audet, F., Ed. and C. Jennings, "Network Address | [RFC4787] Audet, F., Ed. and C. Jennings, "Network Address | |||
| Translation (NAT) Behavioral Requirements for Unicast | Translation (NAT) Behavioral Requirements for Unicast | |||
| UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January | UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January | |||
| 2007, <https://www.rfc-editor.org/info/rfc4787>. | 2007, <https://www.rfc-editor.org/info/rfc4787>. | |||
| [RFC5382] Guha, S., Ed., Biswas, K., Ford, B., Sivakumar, S., and P. | [RFC5382] Guha, S., Ed., Biswas, K., Ford, B., Sivakumar, S., and P. | |||
| Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142, | Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142, | |||
| RFC 5382, DOI 10.17487/RFC5382, October 2008, | RFC 5382, DOI 10.17487/RFC5382, October 2008, | |||
| <https://www.rfc-editor.org/info/rfc5382>. | <https://www.rfc-editor.org/info/rfc5382>. | |||
| [RFC5508] Srisuresh, P., Ford, B., Sivakumar, S., and S. Guha, "NAT | [RFC5508] Srisuresh, P., Ford, B., Sivakumar, S., and S. Guha, "NAT | |||
| Behavioral Requirements for ICMP", BCP 148, RFC 5508, | Behavioral Requirements for ICMP", BCP 148, RFC 5508, | |||
| DOI 10.17487/RFC5508, April 2009, <https://www.rfc- | DOI 10.17487/RFC5508, April 2009, | |||
| editor.org/info/rfc5508>. | <https://www.rfc-editor.org/info/rfc5508>. | |||
| [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for | [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for | |||
| the Network Configuration Protocol (NETCONF)", RFC 6020, | the Network Configuration Protocol (NETCONF)", RFC 6020, | |||
| DOI 10.17487/RFC6020, October 2010, <https://www.rfc- | DOI 10.17487/RFC6020, October 2010, | |||
| editor.org/info/rfc6020>. | <https://www.rfc-editor.org/info/rfc6020>. | |||
| [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful | [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful | |||
| NAT64: Network Address and Protocol Translation from IPv6 | NAT64: Network Address and Protocol Translation from IPv6 | |||
| Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146, | Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146, | |||
| April 2011, <https://www.rfc-editor.org/info/rfc6146>. | April 2011, <https://www.rfc-editor.org/info/rfc6146>. | |||
| [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., | [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., | |||
| and A. Bierman, Ed., "Network Configuration Protocol | and A. Bierman, Ed., "Network Configuration Protocol | |||
| (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, | (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, | |||
| <https://www.rfc-editor.org/info/rfc6241>. | <https://www.rfc-editor.org/info/rfc6241>. | |||
| [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure | [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure | |||
| Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, | Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, | |||
| <https://www.rfc-editor.org/info/rfc6242>. | <https://www.rfc-editor.org/info/rfc6242>. | |||
| [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration | [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration | |||
| Protocol (NETCONF) Access Control Model", RFC 6536, | Protocol (NETCONF) Access Control Model", RFC 6536, | |||
| DOI 10.17487/RFC6536, March 2012, <https://www.rfc- | DOI 10.17487/RFC6536, March 2012, | |||
| editor.org/info/rfc6536>. | <https://www.rfc-editor.org/info/rfc6536>. | |||
| [RFC6877] Mawatari, M., Kawashima, M., and C. Byrne, "464XLAT: | [RFC6877] Mawatari, M., Kawashima, M., and C. Byrne, "464XLAT: | |||
| Combination of Stateful and Stateless Translation", | Combination of Stateful and Stateless Translation", | |||
| RFC 6877, DOI 10.17487/RFC6877, April 2013, | RFC 6877, DOI 10.17487/RFC6877, April 2013, | |||
| <https://www.rfc-editor.org/info/rfc6877>. | <https://www.rfc-editor.org/info/rfc6877>. | |||
| [RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa, | [RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa, | |||
| A., and H. Ashida, "Common Requirements for Carrier-Grade | A., and H. Ashida, "Common Requirements for Carrier-Grade | |||
| NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888, | NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888, | |||
| April 2013, <https://www.rfc-editor.org/info/rfc6888>. | April 2013, <https://www.rfc-editor.org/info/rfc6888>. | |||
| [RFC7757] Anderson, T. and A. Leiva Popper, "Explicit Address | [RFC7757] Anderson, T. and A. Leiva Popper, "Explicit Address | |||
| Mappings for Stateless IP/ICMP Translation", RFC 7757, | Mappings for Stateless IP/ICMP Translation", RFC 7757, | |||
| DOI 10.17487/RFC7757, February 2016, <https://www.rfc- | DOI 10.17487/RFC7757, February 2016, | |||
| editor.org/info/rfc7757>. | <https://www.rfc-editor.org/info/rfc7757>. | |||
| [RFC7857] Penno, R., Perreault, S., Boucadair, M., Ed., Sivakumar, | [RFC7857] Penno, R., Perreault, S., Boucadair, M., Ed., Sivakumar, | |||
| S., and K. Naito, "Updates to Network Address Translation | S., and K. Naito, "Updates to Network Address Translation | |||
| (NAT) Behavioral Requirements", BCP 127, RFC 7857, | (NAT) Behavioral Requirements", BCP 127, RFC 7857, | |||
| DOI 10.17487/RFC7857, April 2016, <https://www.rfc- | DOI 10.17487/RFC7857, April 2016, | |||
| editor.org/info/rfc7857>. | <https://www.rfc-editor.org/info/rfc7857>. | |||
| 7.2. Informative References | 7.2. Informative References | |||
| [I-D.boucadair-pcp-yang] | [I-D.boucadair-pcp-yang] | |||
| Boucadair, M., Jacquenet, C., Sivakumar, S., and S. | Boucadair, M., Jacquenet, C., Sivakumar, S., and S. | |||
| Vinapamula, "YANG Data Models for the Port Control | Vinapamula, "YANG Data Models for the Port Control | |||
| Protocol (PCP)", draft-boucadair-pcp-yang-04 (work in | Protocol (PCP)", draft-boucadair-pcp-yang-04 (work in | |||
| progress), May 2017. | progress), May 2017. | |||
| [I-D.ietf-behave-ipfix-nat-logging] | [I-D.ietf-behave-ipfix-nat-logging] | |||
| skipping to change at page 57, line 28 ¶ | skipping to change at page 58, line 18 ¶ | |||
| Support", draft-ietf-tsvwg-natsupp-11 (work in progress), | Support", draft-ietf-tsvwg-natsupp-11 (work in progress), | |||
| July 2017. | July 2017. | |||
| [RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address | [RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address | |||
| Translator (NAT) Terminology and Considerations", | Translator (NAT) Terminology and Considerations", | |||
| RFC 2663, DOI 10.17487/RFC2663, August 1999, | RFC 2663, DOI 10.17487/RFC2663, August 1999, | |||
| <https://www.rfc-editor.org/info/rfc2663>. | <https://www.rfc-editor.org/info/rfc2663>. | |||
| [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network | [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network | |||
| Address Translator (Traditional NAT)", RFC 3022, | Address Translator (Traditional NAT)", RFC 3022, | |||
| DOI 10.17487/RFC3022, January 2001, <https://www.rfc- | DOI 10.17487/RFC3022, January 2001, | |||
| editor.org/info/rfc3022>. | <https://www.rfc-editor.org/info/rfc3022>. | |||
| [RFC5597] Denis-Courmont, R., "Network Address Translation (NAT) | [RFC5597] Denis-Courmont, R., "Network Address Translation (NAT) | |||
| Behavioral Requirements for the Datagram Congestion | Behavioral Requirements for the Datagram Congestion | |||
| Control Protocol", BCP 150, RFC 5597, | Control Protocol", BCP 150, RFC 5597, | |||
| DOI 10.17487/RFC5597, September 2009, <https://www.rfc- | DOI 10.17487/RFC5597, September 2009, | |||
| editor.org/info/rfc5597>. | <https://www.rfc-editor.org/info/rfc5597>. | |||
| [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. | [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. | |||
| Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, | Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, | |||
| DOI 10.17487/RFC6052, October 2010, <https://www.rfc- | DOI 10.17487/RFC6052, October 2010, | |||
| editor.org/info/rfc6052>. | <https://www.rfc-editor.org/info/rfc6052>. | |||
| [RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix | [RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix | |||
| Translation", RFC 6296, DOI 10.17487/RFC6296, June 2011, | Translation", RFC 6296, DOI 10.17487/RFC6296, June 2011, | |||
| <https://www.rfc-editor.org/info/rfc6296>. | <https://www.rfc-editor.org/info/rfc6296>. | |||
| [RFC6302] Durand, A., Gashinsky, I., Lee, D., and S. Sheppard, | [RFC6302] Durand, A., Gashinsky, I., Lee, D., and S. Sheppard, | |||
| "Logging Recommendations for Internet-Facing Servers", | "Logging Recommendations for Internet-Facing Servers", | |||
| BCP 162, RFC 6302, DOI 10.17487/RFC6302, June 2011, | BCP 162, RFC 6302, DOI 10.17487/RFC6302, June 2011, | |||
| <https://www.rfc-editor.org/info/rfc6302>. | <https://www.rfc-editor.org/info/rfc6302>. | |||
| [RFC6736] Brockners, F., Bhandari, S., Singh, V., and V. Fajardo, | [RFC6736] Brockners, F., Bhandari, S., Singh, V., and V. Fajardo, | |||
| "Diameter Network Address and Port Translation Control | "Diameter Network Address and Port Translation Control | |||
| Application", RFC 6736, DOI 10.17487/RFC6736, October | Application", RFC 6736, DOI 10.17487/RFC6736, October | |||
| 2012, <https://www.rfc-editor.org/info/rfc6736>. | 2012, <https://www.rfc-editor.org/info/rfc6736>. | |||
| [RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and | [RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and | |||
| P. Selkirk, "Port Control Protocol (PCP)", RFC 6887, | P. Selkirk, "Port Control Protocol (PCP)", RFC 6887, | |||
| DOI 10.17487/RFC6887, April 2013, <https://www.rfc- | DOI 10.17487/RFC6887, April 2013, | |||
| editor.org/info/rfc6887>. | <https://www.rfc-editor.org/info/rfc6887>. | |||
| [RFC7335] Byrne, C., "IPv4 Service Continuity Prefix", RFC 7335, | [RFC7335] Byrne, C., "IPv4 Service Continuity Prefix", RFC 7335, | |||
| DOI 10.17487/RFC7335, August 2014, <https://www.rfc- | DOI 10.17487/RFC7335, August 2014, | |||
| editor.org/info/rfc7335>. | <https://www.rfc-editor.org/info/rfc7335>. | |||
| [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. | [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. | |||
| Farrer, "Lightweight 4over6: An Extension to the Dual- | Farrer, "Lightweight 4over6: An Extension to the Dual- | |||
| Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, | Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, | |||
| July 2015, <https://www.rfc-editor.org/info/rfc7596>. | July 2015, <https://www.rfc-editor.org/info/rfc7596>. | |||
| [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., | [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., | |||
| Murakami, T., and T. Taylor, Ed., "Mapping of Address and | Murakami, T., and T. Taylor, Ed., "Mapping of Address and | |||
| Port with Encapsulation (MAP-E)", RFC 7597, | Port with Encapsulation (MAP-E)", RFC 7597, | |||
| DOI 10.17487/RFC7597, July 2015, <https://www.rfc- | DOI 10.17487/RFC7597, July 2015, | |||
| editor.org/info/rfc7597>. | <https://www.rfc-editor.org/info/rfc7597>. | |||
| [RFC7659] Perreault, S., Tsou, T., Sivakumar, S., and T. Taylor, | [RFC7659] Perreault, S., Tsou, T., Sivakumar, S., and T. Taylor, | |||
| "Definitions of Managed Objects for Network Address | "Definitions of Managed Objects for Network Address | |||
| Translators (NATs)", RFC 7659, DOI 10.17487/RFC7659, | Translators (NATs)", RFC 7659, DOI 10.17487/RFC7659, | |||
| October 2015, <https://www.rfc-editor.org/info/rfc7659>. | October 2015, <https://www.rfc-editor.org/info/rfc7659>. | |||
| [RFC7753] Sun, Q., Boucadair, M., Sivakumar, S., Zhou, C., Tsou, T., | [RFC7753] Sun, Q., Boucadair, M., Sivakumar, S., Zhou, C., Tsou, T., | |||
| and S. Perreault, "Port Control Protocol (PCP) Extension | and S. Perreault, "Port Control Protocol (PCP) Extension | |||
| for Port-Set Allocation", RFC 7753, DOI 10.17487/RFC7753, | for Port-Set Allocation", RFC 7753, DOI 10.17487/RFC7753, | |||
| February 2016, <https://www.rfc-editor.org/info/rfc7753>. | February 2016, <https://www.rfc-editor.org/info/rfc7753>. | |||
| skipping to change at page 65, line 21 ¶ | skipping to change at page 67, line 5 ¶ | |||
| | 4 | 192.0.2.128/26 | 2001:db8:dddd::/64 | | | 4 | 192.0.2.128/26 | 2001:db8:dddd::/64 | | |||
| | 5 | 192.0.2.192/29 | 2001:db8:eeee:8::/62 | | | 5 | 192.0.2.192/29 | 2001:db8:eeee:8::/62 | | |||
| | 6 | 192.0.2.224/31 | 64:ff9b::/127 | | | 6 | 192.0.2.224/31 | 64:ff9b::/127 | | |||
| +---+----------------+----------------------+ | +---+----------------+----------------------+ | |||
| Figure 2: EAM Examples (RFC7757) | Figure 2: EAM Examples (RFC7757) | |||
| The following XML excerpt illustrates how these EAMs can be | The following XML excerpt illustrates how these EAMs can be | |||
| configured using the YANG NAT module: | configured using the YANG NAT module: | |||
| <mapping-table> | <eam> | |||
| <mapping-entry> | <eam-ipv4-prefix> | |||
| <index>1</index> | ||||
| <type>static</type> | ||||
| <internal-dst-address> | ||||
| 192.0.2.1 | 192.0.2.1 | |||
| </internal-dst-address> | </eam-ipv4-prefix> | |||
| <external-dst-address> | <eam-ipv6-prefix> | |||
| 2001:db8:aaaa:: | 2001:db8:aaaa:: | |||
| </external-dst-address> | </eam-ipv6-prefix> | |||
| </mapping-entry> | </eam> | |||
| <mapping-entry> | <eam> | |||
| <index>2</index> | <eam-ipv4-prefix> | |||
| <type>static</type> | ||||
| <internal-dst-address> | ||||
| 192.0.2.2/32 | 192.0.2.2/32 | |||
| </internal-dst-address> | </eam-ipv4-prefix> | |||
| <external-dst-address> | <eam-ipv6-prefix> | |||
| 2001:db8:bbbb::b/128 | 2001:db8:bbbb::b/128 | |||
| </external-dst-address> | </eam-ipv6-prefix> | |||
| </mapping-entry> | </eam> | |||
| <mapping-entry> | <eam> | |||
| <index>3</index> | <eam-ipv4-prefix> | |||
| <type>static</type> | ||||
| <internal-dst-address> | ||||
| 192.0.2.16/28 | 192.0.2.16/28 | |||
| </internal-dst-address> | </eam-ipv4-prefix> | |||
| <external-dst-address> | <eam-ipv6-prefix> | |||
| 2001:db8:cccc::/124 | 2001:db8:cccc::/124 | |||
| </external-dst-address> | </eam-ipv6-prefix> | |||
| </mapping-entry> | </eam> | |||
| <mapping-entry> | <eam> | |||
| <index>4</index> | <eam-ipv4-prefix> | |||
| <type>static</type> | ||||
| <internal-dst-address> | ||||
| 192.0.2.128/26 | 192.0.2.128/26 | |||
| </internal-dst-address> | </eam-ipv4-prefix> | |||
| <external-dst-address> | <eam-ipv6-prefix> | |||
| 2001:db8:dddd::/64 | 2001:db8:dddd::/64 | |||
| </external-dst-address> | </eam-ipv6-prefix> | |||
| </mapping-entry> | </eam> | |||
| <mapping-entry> | <eam> | |||
| <index>5</index> | <eam-ipv4-prefix> | |||
| <type>static</type> | ||||
| <internal-dst-address> | ||||
| 192.0.2.192/29 | 192.0.2.192/29 | |||
| </internal-dst-address> | </eam-ipv4-prefix> | |||
| <external-dst-address> | <eam-ipv6-prefix> | |||
| 2001:db8:eeee:8::/62 | 2001:db8:eeee:8::/62 | |||
| </external-dst-address> | </eam-ipv6-prefix> | |||
| </mapping-entry> | </eam> | |||
| <mapping-entry> | <eam> | |||
| <index>6</index> | <eam-ipv4-prefix> | |||
| <type>static</type> | ||||
| <internal-dst-address> | ||||
| 192.0.2.224/31 | 192.0.2.224/31 | |||
| </internal-dst-address> | </eam-ipv4-prefix> | |||
| <external-dst-address> | <eam-ipv6-prefix> | |||
| 64:ff9b::/127 | 64:ff9b::/127 | |||
| </external-dst-address> | </eam-ipv6-prefix> | |||
| </mapping-entry> | </eam> | |||
| </mapping-table> | ||||
| EAMs may be enabled jointly with statefull NAT64. This example shows | EAMs may be enabled jointly with statefull NAT64. This example shows | |||
| a NAT64 fucntion that supports static mappings: | a NAT64 fucntion that supports static mappings: | |||
| <nat-capabilities | <nat-capabilities | |||
| <nat-flavor> | <nat-flavor> | |||
| nat64 | nat64 | |||
| </nat44-flavor> | </nat44-flavor> | |||
| <static-mapping-support> | <static-mapping-support> | |||
| true | true | |||
| </static-mapping-support> | </static-mapping-support> | |||
| End of changes. 45 change blocks. | ||||
| 122 lines changed or deleted | 149 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||