1 / 15

Framework for interfacing with NAT

Framework for interfacing with NAT . <draft-ietf-nat-interface-framework-02.txt> Pyda Srisuresh. Objective. Identify the functions of a middlebox device Identify NAT service specific resources. Illustrate resource interface mechanism for NAT service through an API.

nevin
Download Presentation

Framework for interfacing with NAT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Framework for interfacing with NAT <draft-ietf-nat-interface-framework-02.txt> Pyda Srisuresh Pyda Srisuresh - Jasmine Networks

  2. Objective • Identify the functions of a middlebox device • Identify NAT service specific resources. • Illustrate resource interface mechanism for NAT service through an API. • Provide a framework for the development of a protocol by which NAT MIDCOM agents can interface with NAT. Pyda Srisuresh - Jasmine Networks

  3. Middlebox Devices • Network Address Translator devices (NAT) • Firewalls • Security Gateways • Server-load Balancers • QOS enforcement devices • Intrusion Detection Devices • etc. Pyda Srisuresh - Jasmine Networks

  4. Internet traffic Private network traffic Private Network Boundary Data flow across NATs NAT-Midcom Agent NAT End-to-End Session Client Server Pyda Srisuresh - Jasmine Networks

  5. Server’s view of Session Proxy Exchange Proxy traffic across NAT Device Proxy server NAT Router User’s view of Session Proxy-client Aplication Target server Pyda Srisuresh - Jasmine Networks

  6. Trusted Network Boundary NAT device also terminating a tunnel NAT-Midcom Agent Internet NAT Router T u n n e l Trusted Network Boundary End-to-End Session Server Client Pyda Srisuresh - Jasmine Networks

  7. NAT Elements • NAT Descriptor • ID, Nat-Type, Address map and Type specific parameters. • BIND Descriptor • ID, Bind-Type, specific addresses (ports) bound, Lease time, Controlling Midcom-agent ID etc. • SESSion Descriptor • ID, Session Direction, Original and Translated session tuples, Application Tag, Controlling BIND-ID, Termination heuristic, Controlling agent ID etc. Pyda Srisuresh - Jasmine Networks

  8. NAT-Midcom Agents • In-Path Application Level Gateways (ALGs) • In-Path Application proxies • Out-of-path Application Level Gateway • Backup-NAT devices • RSIP clients. • End-Hosts Pyda Srisuresh - Jasmine Networks

  9. Nat-Midcom Agent Descriptor • Agent ID • Agent Type • Agent Call-back Requirements • Agent Call-back functions • Agent Accessibility Information Pyda Srisuresh - Jasmine Networks

  10. Interface to Nat-Midcom agents • Session-oriented, Service-neutral interface • Functions applicable to any type of stateful IP service on an intermediate device - NAT, firewall, Server-load balancers, Security Gateways etc. • Resource interface based on session identities. • Asynchronous Call-back from device to ext. agents. • NAT specific interface • Functions manipulating NAT specific resources. • Address BINDs • NAT specific session parameters. Pyda Srisuresh - Jasmine Networks

  11. Midcom interface • Query the functions of a middlebox • service_enquire_Identity(service_type, &service_info) • Register a Midcom agent with NAT • service_register_agent(service_id, &agent_info) • Session oriented settings and queries • service_set_sess(), service_free_sess(), service_enquire_sess_range() etc. • Asynchronous call-back to MIDCOM agents • agent_callback_event(event_type, &event_info) • agent_callback_periodic(info_type, length, &info) • agent_callback_packet(sess_id, pkt_direction, packet) Pyda Srisuresh - Jasmine Networks

  12. NAT specific Midcom interface • NAT service Identity • NAT service type (Basic NAT, NAPT, RSIP etc.) • Address Maps, RSIP tunnel-type supported etc. • NAT specific session parameters • Translated session tuples, BIND ID, Pkt-mod funcs • NAT BIND settings and Queries • nat_set_bind(), nat_free_bind(), nat_enquire_address_bind() • Asynchronous Callback Interface • Packet redirection to Midcom agents • BIND notification, NAT statistics notification Pyda Srisuresh - Jasmine Networks

  13. Nat-Midcom agent Registration process service_enquire_Identity() OK. Return an agent-ID. service_register_agent(nat_id, &ftp_alg_descriptor) Nat-Midcom Agent(FTP) NAT OK. Return NAT Descriptor that includes nat-id. Pyda Srisuresh - Jasmine Networks

  14. Nat-Midcom agent at run-time ftp_alg_pkt_notify(nat_id, agent_id, sess_id, pkt_direction, pkt) service_enquire_sess_info(nat_id, agent_id, &sess_info) nat_enquire_address_bind(nat_id, agent_id, &bind_info) nat_set_bind(nat_id, agent_id, &bind_info) service_set_sess(nat_id, agent_id, &sess_info) NAT Nat-Midcom Agent (FTP) Pyda Srisuresh - Jasmine Networks

  15. Session termination notification ftp_alg_notify(nat-id, agent-id, SESSION-TERMINATED, sess-id) service_free_sess_bundle(nat_id, agent-id, sess-id) Nat-Midcom Agent (FTP) NAT Pyda Srisuresh - Jasmine Networks

More Related