80 likes | 91 Views
This document explores two approaches for NAT traversal in GIST: transparent and non-transparent. The non-transparent approach includes a GIST NAT Traversal object, while the transparent approach requires translation of flow and address information. Legacy NAT traversal for GIST is also discussed.
E N D
A. Pashalidis; H. Tschofenig GIST NAT traversal andLegacy NAT traversal for GISThttp://www.ietf.org/internet-drafts/draft-pashalidis-nsis-gimps-nattraversal-03.txtAND http://www.ietf.org/internet-drafts/draft-pashalidis-nsis-legacy-nattraversal-03.txt
NAT Traversal • Previous document split in two. • GIST NAT Traversal • NAT is GIST-aware • Legacy NAT traversal for GIST. • NAT does not know anything about NSIS • Online, but not submitted to IETF yet • Reason for splitting: material in one document does not affect material in the other.
GIST NAT Traversal • Document (still) covers two approaches: “transparent” and “non-transparent”. • Both approaches are compatible with GIST main spec. • However, only non-transparent approach makes use of GIST “NAT Traversal” object.
Transparent Approach 2. TRANSLATE FLOW ID (MRI) according to NAT binding; put NAT IP address in NLI.IA field • NAT translates IP header, transport layer header, and GIST header of signalling traffic (D-mode and C-mode) in a manner consistent with the data flow NAT binding. • NAT does not install a separate “NAT binding” for signalling traffic (translation above suffices) • Approach hides internal addresses from public Internet. • Approach does not work if IPsec/TLS is used! 3. GIST QUERY (translated) 1. GIST QUERY NAT GIST peer 1 GIST peer 2 4. GIST RESPONSE (sent to NLI.IA) 6. GIST RESPONSE (translated) 5. TRANSLATE MRI and NLI.IA back to original values
Non-transparent Approach 2. Add NAT Traversal Object • Message 3 contains translated and original MRI, thus peer 2 can map subsequent signalling messages (with untranslated MRI) to data flow. • NAT installs “NAT binding” for signalling traffic after RESPONSE is received. • NAT does not modify any GIST messages, except QUERY, RESPONSE. • Internal addresses exposed on public Internet. 3. GIST QUERY (with NTO) 1. GIST QUERY NAT GIST peer 1 GIST peer 2 4. GIST RESPONSE (with NTO) 6. GIST RESPONSE (without NTO) 5. Remove NTO
Legacy NAT Traversal for GIST • Extension to GIST • For now, no changes in message formats required. • Just new behaviour at GIST nodes.
Legacy NAT traversal: NI-side NAT detected! NAT GIST peer 2 2. GIST QUERY 1. GIST QUERY GIST peer 1 3. GIST RESPONSE 4. GIST RESPONSE • Peer 2 detects the NAT and proposes a UDP tunnel • Peer 1 detects the NAT and sets up the UDP tunnel • Both data traffic and signalling traffic is sent over the tunnel. data UDP TUNNEL sig NAT detected! Do the NAT work…
Legacy NAT traversal: NR-side Work in progress…