draft-naito-nat-port-overlapping-00.txt   draft-naito-nat-port-overlapping-01.txt 
Network Working Group K. Naito Network Working Group K. Naito
Internet-Draft A. Matsumoto Internet-Draft A. Matsumoto
Intended status: Informational NTT Intended status: Informational NTT
Expires: January 10, 2013 July 9, 2012 Expires: January 18, 2013 July 17, 2012
NAT Port Overlapping NAT Port Overlapping
draft-naito-nat-port-overlapping-00 draft-naito-nat-port-overlapping-01
Abstract Abstract
When network address translation (NAT) is used in an address resource When network address translation (NAT) is used in an address resource
restricted environment, or when a lot of users are located under a restricted environment, or when a lot of users are located under a
NAT device, IP addresses and port resources may be eaten up, and this NAT device, IP addresses and port resources may be eaten up, and this
affects user experiences very negatively. This situation can be affects user experiences very negatively. This situation can be
greatly mitigated by tweaking mapping behavior and session timer greatly mitigated by tweaking mapping behavior and session timer
handling in NAT functions. This document proposes extension for handling in NAT functions. This document proposes extension for
optimizing NAT IP address and port resources in address resource optimizing NAT IP address and port resources in address resource
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 10, 2013. This Internet-Draft will expire on January 18, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 7 skipping to change at page 3, line 7
In a lot of NAT implementations, a port that is available in NAT In a lot of NAT implementations, a port that is available in NAT
is allocated for a transport session.That is, a NAT does not use a is allocated for a transport session.That is, a NAT does not use a
port for multiple sessions simultaneously. port for multiple sessions simultaneously.
We propose mechanisms to change the above behavior that make it We propose mechanisms to change the above behavior that make it
possible to save addresses and ports resources. possible to save addresses and ports resources.
2. NAT resource optimizing extension proposal 2. NAT resource optimizing extension proposal
2.1. Apply Port Overlapping mechanism 2.1. Apply port overlapping mechanism
If destination addresses and ports are different at the outgoing If destination addresses and ports are different at the outgoing
sessions started by local clients, NAT MAY assign the same external sessions started by local clients, NAT MAY assign the same external
port as the source ports at the sessions. Port overlapping mechanism port as the source ports at the sessions. Port overlapping mechanism
manages mappings between external packets and internal packets by manages mappings between external packets and internal packets by
looking at and storing the 5-tuple (protocol, source address, source looking at and storing the 5-tuple (protocol, source address, source
port, destination address, destination port) of them. Thus, enables port, destination address, destination port) of them. Thus, enables
concurrent use of single port for multiple transport sessions, which concurrent use of single port for multiple transport sessions, which
enables NAT to work correctly in IP address resource limited network. enables NAT to work correctly in IP address resource limited network.
Discussions: Discussions:
RFC4787 [RFC4787] and RFC5382 [RFC5382] requires "endpoint- RFC4787 [RFC4787] and RFC5382 [RFC5382] requires "endpoint-
independent mapping" at NAT, and port overlapping NAT cannot meet independent mapping" at NAT, and port overlapping NAT cannot meet the
therequirement. This mechanism can degrade the transparency of NAT requirement. This mechanism can degrade the transparency of NAT in
in that its mapping mechanism is endpoint-dependent and makes NAT that its mapping mechanism is endpoint-dependent and makes NAT
traversal harder. However, if a NAT adopts endpoint-independent traversal harder. However, if a NAT adopts endpoint-independent
mapping together with endpoint-dependent filtering, then the actual mapping together with endpoint-dependent filtering, then the actual
behavior of the NAT will be the same as port overlapping NAT. It behavior of the NAT will be the same as port overlapping NAT. It
should also be noted that a lot of existing NAT devices adopted this should also be noted that a lot of existing NAT devices(e.g., SEIL,
port overlapping mechanism. FITELnet Series) adopted this port overlapping mechanism. The
netfilter, which is a popular packet filtering mechanism for Linux,
also adopts port overlapping behavior.
3. Security Considerations 3. Security Considerations
Security issues are not discussed in this memo. Security issues are not discussed in this memo.
4. Normative References 4. Normative References
[RFC0793] Postel, J., "Transmission Control Protocol", STD 7, [RFC0793] Postel, J., "Transmission Control Protocol", STD 7,
RFC 793, September 1981. RFC 793, September 1981.
[RFC4787] Audet, F. and C. Jennings, "Network Address Translation [RFC4787] Audet, F. and C. Jennings, "Network Address Translation
(NAT) Behavioral Requirements for Unicast UDP", BCP 127, (NAT) Behavioral Requirements for Unicast UDP", BCP 127,
RFC 4787, January 2007. RFC 4787, January 2007.
[RFC5382] Guha, S., Biswas, K., Ford, B., Sivakumar, S., and P. [RFC5382] Guha, S., Biswas, K., Ford, B., Sivakumar, S., and P.
Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142, Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142,
RFC 5382, October 2008. RFC 5382, October 2008.
Appendix A. Revision History
'draft-naito-nat-resource-optimizing-extension-01' was divided into
two drafts after IETF83 meeting.
'draft-naito-nat-resource-optimizing-extension-01' containes two
mechanisms. One mechanism, port overlapping is written in this
draft, and the other is written in
'draft-naito-nat-time-wait-reduction-01'.
Authors' Addresses Authors' Addresses
Kengo Naito Kengo Naito
NTT NT Lab NTT NT Lab
3-9-11 Midori-Cho 3-9-11 Midori-Cho
Musashino-shi, Tokyo 180-8585 Musashino-shi, Tokyo 180-8585
Japan Japan
Phone: +81 422 59 4949 Phone: +81 422 59 4949
Email: naito.kengo@lab.ntt.co.jp Email: naito.kengo@lab.ntt.co.jp
 End of changes. 7 change blocks. 
9 lines changed or deleted 20 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/