draft-ietf-softwire-map-12.txt   draft-ietf-softwire-map-13.txt 
Network Working Group O. Troan, Ed. Network Working Group O. Troan, Ed.
Internet-Draft W. Dec Internet-Draft W. Dec
Intended status: Standards Track Cisco Systems Intended status: Standards Track Cisco Systems
Expires: May 28, 2015 X. Li Expires: September 10, 2015 X. Li
C. Bao C. Bao
CERNET Center/Tsinghua University CERNET Center/Tsinghua University
S. Matsushima S. Matsushima
SoftBank Telecom SoftBank Telecom
T. Murakami T. Murakami
IP Infusion IP Infusion
T. Taylor, Ed. T. Taylor, Ed.
Huawei Technologies Huawei Technologies
November 24, 2014 March 09, 2015
Mapping of Address and Port with Encapsulation (MAP) Mapping of Address and Port with Encapsulation (MAP)
draft-ietf-softwire-map-12 draft-ietf-softwire-map-13
Abstract Abstract
This document describes a mechanism for transporting IPv4 packets This document describes a mechanism for transporting IPv4 packets
across an IPv6 network using IP encapsulation, and a generic across an IPv6 network using IP encapsulation, and a generic
mechanism for mapping between IPv6 addresses and IPv4 addresses and mechanism for mapping between IPv6 addresses and IPv4 addresses and
transport layer ports. transport layer ports.
Status of This Memo Status of This Memo
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 28, 2015. This Internet-Draft will expire on September 10, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 9, line 34 skipping to change at page 9, line 34
Figure 2: Structure of a port-restricted port field Figure 2: Structure of a port-restricted port field
a bits: The number of offset bits. 6 by default as this excludes the a bits: The number of offset bits. 6 by default as this excludes the
system ports (0-1023). To guarantee non-overlapping port sets, system ports (0-1023). To guarantee non-overlapping port sets,
the offset 'a' MUST be the same for every MAP CE sharing the same the offset 'a' MUST be the same for every MAP CE sharing the same
address. address.
A: Selects the range of the port number. For 'a' > 0, A MUST be A: Selects the range of the port number. For 'a' > 0, A MUST be
larger than 0. This ensures that the algorithm excludes the larger than 0. This ensures that the algorithm excludes the
system ports. For the default value of a (6), the system ports, system ports. For the default value of 'a' (6), the system ports,
are excluded by requiring that A be greater than 0. Smaller are excluded by requiring that A be greater than 0. Smaller
values of a excludes a larger initial range. E.g., a = 4, will values of 'a' excludes a larger initial range. E.g., 'a' = 4,
exclude ports 0 - 4095. The interval between initiaL port numbers will exclude ports 0 - 4095. The interval between initial port
of successive contiguous ranges assigned to the same user is numbers of successive contiguous ranges assigned to the same user
2^(16-a). is 2^(16-a).
k bits: The length in bits of the PSID field. To guarantee non- k bits: The length in bits of the PSID field. To guarantee non-
overlapping port sets, the length 'k' MUST be the same for every overlapping port sets, the length 'k' MUST be the same for every
MAP CE sharing the same address. The sharing ratio is 2^k. The MAP CE sharing the same address. The sharing ratio is 2^k. The
number of ports assigned to the user is 2^(16-k) - 2^m (excluded number of ports assigned to the user is 2^(16-k) - 2^m (excluded
ports) ports)
PSID: The Port-Set Identifier (PSID). Different PSID values PSID: The Port-Set Identifier (PSID). Different PSID values
guarantee non-overlapping port-sets thanks to the restrictions on guarantee non-overlapping port-sets thanks to the restrictions on
'a' and 'k' stated above, because the PSID always occupies the 'a' and 'k' stated above, because the PSID always occupies the
skipping to change at page 13, line 4 skipping to change at page 13, line 4
The Forwarding Mapping Rule is optional, and used in mesh mode to The Forwarding Mapping Rule is optional, and used in mesh mode to
enable direct CE to CE connectivity. enable direct CE to CE connectivity.
On adding an FMR rule, an IPv4 route is installed in the Rules table On adding an FMR rule, an IPv4 route is installed in the Rules table
for the Rule IPv4 prefix. for the Rule IPv4 prefix.
| 32 bits | | 16 bits | | 32 bits | | 16 bits |
+--------------------------+ +-------------------+ +--------------------------+ +-------------------+
| IPv4 destination address | | IPv4 dest port | | IPv4 destination address | | IPv4 dest port |
+--------------------------+ +-------------------+ +--------------------------+ +-------------------+
: : ___/ : : : ___/ :
| p bits | / q bits : | p bits | / q bits :
+----------+ +------------+ +-----------+ +------------+
|IPv4 sufx| |Port-Set ID | |IPv4 suffix| |Port-Set ID |
+----------+ +------------+ +-----------+ +------------+
\ / ____/ ________/ \ / ____/ ________/
\ : __/ _____/ \ : __/ _____/
\ : / / \ : / /
| n bits | o bits | s bits | 128-n-o-s bits | | n bits | o bits | s bits | 128-n-o-s bits |
+--------------------+-----------+---------+------------+----------+ +--------------------+-----------+---------+------------+----------+
| Rule IPv6 prefix | EA bits |subnet ID| interface ID | | Rule IPv6 prefix | EA bits |subnet ID| interface ID |
+--------------------+-----------+---------+-----------------------+ +--------------------+-----------+---------+-----------------------+
|<--- End-user IPv6 prefix --->| |<--- End-user IPv6 prefix --->|
Figure 7: Derivation of MAP IPv6 address Figure 7: Derivation of MAP IPv6 address
skipping to change at page 15, line 22 skipping to change at page 15, line 22
facing interface and more than one set of associated addresses facing interface and more than one set of associated addresses
assigned by DHCP. Each domain a given CE operates within would assigned by DHCP. Each domain a given CE operates within would
require its own set of MAP configuration elements and would generate require its own set of MAP configuration elements and would generate
its own IPv4 address. Each MAP domain requires a distinct End-user its own IPv4 address. Each MAP domain requires a distinct End-user
IPv6 prefix. IPv6 prefix.
The MAP DHCP option is specified in [I-D.ietf-softwire-map-dhcp]. The MAP DHCP option is specified in [I-D.ietf-softwire-map-dhcp].
7.2. MAP BR 7.2. MAP BR
The MAP BR MUST be configured with the same MAP elements as the MAP The MAP BR MUST be configured with corresponding mapping rules for
CEs operating within the same domain. each MAP domain which it is acting as BR for.
For increased reliability and load balancing, the BR IPv6 address MAY For increased reliability and load balancing, the BR IPv6 address MAY
be an anycast address shared across a given MAP domain. As MAP is be an anycast address shared across a given MAP domain. As MAP is
stateless, any BR may be used at any time. If the BR IPv6 address is stateless, any BR may be used at any time. If the BR IPv6 address is
anycast the relay MUST use this anycast IPv6 address as the source anycast the relay MUST use this anycast IPv6 address as the source
address in packets relayed to CEs. address in packets relayed to CEs.
Since MAP uses provider address space, no specific routes need to be Since MAP uses provider address space, no specific routes need to be
advertised externally for MAP to operate, neither in IPv6 nor IPv4 advertised externally for MAP to operate, neither in IPv6 nor IPv4
BGP. However, if anycast is used for the MAP IPv6 relays, the BGP. However, if anycast is used for the MAP IPv6 relays, the
skipping to change at page 16, line 22 skipping to change at page 16, line 22
destination address against the configured BR IPv6 address(es). The destination address against the configured BR IPv6 address(es). The
selected MAP rule allows the BR to determine the EA-bits from the selected MAP rule allows the BR to determine the EA-bits from the
source IPv6 address. source IPv6 address.
To prevent spoofing of IPv4 addresses, any MAP node (CE and BR) MUST To prevent spoofing of IPv4 addresses, any MAP node (CE and BR) MUST
perform the following validation upon reception of a packet. First, perform the following validation upon reception of a packet. First,
the embedded IPv4 address or prefix, as well as PSID (if any), are the embedded IPv4 address or prefix, as well as PSID (if any), are
extracted from the source IPv6 address using the matching MAP rule. extracted from the source IPv6 address using the matching MAP rule.
These represent the range of what is acceptable as source IPv4 These represent the range of what is acceptable as source IPv4
address and port. Secondly, the node extracts the source IPv4 address and port. Secondly, the node extracts the source IPv4
address and port from the IPv4 packet embedded inside the IPv6 address and port from the IPv4 packet encapsulated inside the IPv6
packet. If they are found to be outside the acceptable range, the packet. If they are found to be outside the acceptable range, the
packet MUST be silently discard and a counter incremented to indicate packet MUST be silently discard and a counter incremented to indicate
that a potential spoofing attack may be underway. The source that a potential spoofing attack may be underway. The source
validation checks just described are not done for packets whose validation checks just described are not done for packets whose
source IPv6 address is that of the BR (BR IPv6 address). source IPv6 address is that of the BR (BR IPv6 address).
By default, the CE router MUST drop packets received on the MAP By default, the CE router MUST drop packets received on the MAP
virtual interface (i.e., after decapsulation of IPv6) for IPv4 virtual interface (i.e., after decapsulation of IPv6) for IPv4
destinations not for its own IPv4 shared address, full IPv4 address destinations not for its own IPv4 shared address, full IPv4 address
or IPv4 prefix. or IPv4 prefix.
skipping to change at page 26, line 28 skipping to change at page 26, line 28
IPv4 prefix length (32) = 0 IPv4 prefix length (32) = 0
IPv4 address: 192.0.2.18 (0xc0000212) IPv4 address: 192.0.2.18 (0xc0000212)
PSID start: 0 PSID start: 0
PSID length: 0 PSID length: 0
PSID: null PSID: null
The BMR information allows a MAP CE also to determine (complete) The BMR information allows a MAP CE also to determine (complete)
its full IPv6 address by combining the IPv6 prefix with the MAP its full IPv6 address by combining the IPv6 prefix with the MAP
interface identifier (that embeds the IPv4 address). interface identifier (that embeds the IPv4 address).
IPv6 address of MAP CE: 2001:db8:0012:3400:0000:c000:0201:0000 IPv6 address of MAP CE: 2001:db8:0012:3400:0000:c000:0212:0000
Example 5 - Rule with no embedded address bits and address sharing Example 5 - Rule with no embedded address bits and address sharing
(sharing ratio 256) (sharing ratio 256)
End-User IPv6 prefix: 2001:db8:0012:3400::/56 End-User IPv6 prefix: 2001:db8:0012:3400::/56
Basic Mapping Rule: {2001:db8:0012:3400::/56 (Rule IPv6 prefix), Basic Mapping Rule: {2001:db8:0012:3400::/56 (Rule IPv6 prefix),
192.0.2.18/32 (Rule IPv4 prefix), 192.0.2.18/32 (Rule IPv4 prefix),
0 (Rule EA-bits length)} 0 (Rule EA-bits length)}
PSID length: 8. (From DHCP. Sharing ratio of 256) PSID length: 8. (From DHCP. Sharing ratio of 256)
PSID offset: 6 (Default) PSID offset: 6 (Default)
PSID : 0x34 (From DHCP.) PSID : 0x34 (From DHCP.)
 End of changes. 11 change blocks. 
19 lines changed or deleted 19 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/