[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Making private IPv4 addresses public
Cross posting this to v6OPs as the whole NAT issue is under discussion that
as part of draft-ietf-v6ops-nap-02.txt
From: "Manfredi, Albert E"
Not sure if this is the right wg for this idea, or for that matter if
I'm suggesting anything new.
A comment yesterday made me wonder why private IPv4 addresses can't be
used more effectively, with an updated version of the NAT.
RFC 3022 explains that you can have "Basic NAT" or "NAPT." Basic NAT is
very easy to use, because all you do is map one unique global address
into one unique private address. No messing around with Port IDs at all.
NAPT is used to map one public IP address to multiple private IP
addresses behind the box (the common use of NAT). NAPT is great for
expanding the usefuless of the 32-bit IPv4 address, but for the most
part, it depends on applications from behind the NAT initiating
sessions, and it has to change the value of TCP or UDP Port IDs. So this
is not so great.
Wouldn't it be nice if we could have NAPT without the TCP/UDP Port ID
trick?
What if the private IP addresses behind the NAT became explicitly
visible from the WAN side of the NAPT box? Packets addressed to hosts
behind the NAT would carry both the global IP address of the NAT and,
appended, the private IP address of the host. The DNS would also carry
that information.
To enable this, one could assign an option in the IP header,
conceptually similar to the source routing option. So at the end of the
standard IP header would be appended the source and destination private
IP addresses from behind the NAT. Dynamic DNS can be augmented to
include this information. And note that the private IP addresses behind
any given NAT can be reused by other NATs at will, just as they are now.
DHCP would also work just as it does now in NAPT.
When the packet arrives at the NAT, with the additional IP header
option, the NAT routes directly to the explicitly identified host,
without having to use the Port ID bits for this purpose.
In principle, this creates a 64-bit address space for IPv4 (and possibly
you could even concatenate the scheme to increase this further).
The address notation might look something like
138.194.35.33:192.168.1.5
where the : separates the global from the private addresses.
No reason why such a scheme can't be introduced gracefully, without
precluding operating the old fashioned way at the same time.
As we are working to remove NAT from the general world of IPv6 I am
concerned to see ideas about extending IPv4 NAT in to IPv6. NATPT is a
limited use area and as I understand it should not be extropolated to the
general rules for IPv6.