1 / 8

GIST NAT Traversal: Transparent and Non-transparent Approaches

This document explores two approaches for NAT traversal in GIST: transparent and non-transparent. The non-transparent approach includes a GIST NAT Traversal object, while the transparent approach requires translation of flow and address information. Legacy NAT traversal for GIST is also discussed.

tfusco
Download Presentation

GIST NAT Traversal: Transparent and Non-transparent Approaches

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A. Pashalidis; H. Tschofenig GIST NAT traversal andLegacy NAT traversal for GISThttp://www.ietf.org/internet-drafts/draft-pashalidis-nsis-gimps-nattraversal-03.txtAND http://www.ietf.org/internet-drafts/draft-pashalidis-nsis-legacy-nattraversal-03.txt

  2. NAT Traversal • Previous document split in two. • GIST NAT Traversal • NAT is GIST-aware • Legacy NAT traversal for GIST. • NAT does not know anything about NSIS • Online, but not submitted to IETF yet • Reason for splitting: material in one document does not affect material in the other.

  3. GIST NAT Traversal • Document (still) covers two approaches: “transparent” and “non-transparent”. • Both approaches are compatible with GIST main spec. • However, only non-transparent approach makes use of GIST “NAT Traversal” object.

  4. Transparent Approach 2. TRANSLATE FLOW ID (MRI) according to NAT binding; put NAT IP address in NLI.IA field • NAT translates IP header, transport layer header, and GIST header of signalling traffic (D-mode and C-mode) in a manner consistent with the data flow NAT binding. • NAT does not install a separate “NAT binding” for signalling traffic (translation above suffices) • Approach hides internal addresses from public Internet. • Approach does not work if IPsec/TLS is used! 3. GIST QUERY (translated) 1. GIST QUERY NAT GIST peer 1 GIST peer 2 4. GIST RESPONSE (sent to NLI.IA) 6. GIST RESPONSE (translated) 5. TRANSLATE MRI and NLI.IA back to original values

  5. Non-transparent Approach 2. Add NAT Traversal Object • Message 3 contains translated and original MRI, thus peer 2 can map subsequent signalling messages (with untranslated MRI) to data flow. • NAT installs “NAT binding” for signalling traffic after RESPONSE is received. • NAT does not modify any GIST messages, except QUERY, RESPONSE. • Internal addresses exposed on public Internet. 3. GIST QUERY (with NTO) 1. GIST QUERY NAT GIST peer 1 GIST peer 2 4. GIST RESPONSE (with NTO) 6. GIST RESPONSE (without NTO) 5. Remove NTO

  6. Legacy NAT Traversal for GIST • Extension to GIST • For now, no changes in message formats required. • Just new behaviour at GIST nodes.

  7. Legacy NAT traversal: NI-side NAT detected! NAT GIST peer 2 2. GIST QUERY 1. GIST QUERY GIST peer 1 3. GIST RESPONSE 4. GIST RESPONSE • Peer 2 detects the NAT and proposes a UDP tunnel • Peer 1 detects the NAT and sets up the UDP tunnel • Both data traffic and signalling traffic is sent over the tunnel. data UDP TUNNEL sig NAT detected! Do the NAT work…

  8. Legacy NAT traversal: NR-side Work in progress…

More Related