Re: [lisp] LISP NAT Traversal
Dino Farinacci <farinacci@gmail.com> Tue, 03 November 2015 13:59 UTC
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 202291A0062 for <lisp@ietfa.amsl.com>; Tue, 3 Nov 2015 05:59:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g2VniwOhMcpf for <lisp@ietfa.amsl.com>; Tue, 3 Nov 2015 05:59:51 -0800 (PST)
Received: from mail-pa0-x22a.google.com (mail-pa0-x22a.google.com [IPv6:2607:f8b0:400e:c03::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F4311A00B4 for <lisp@ietf.org>; Tue, 3 Nov 2015 05:59:51 -0800 (PST)
Received: by padhx2 with SMTP id hx2so11623282pad.1 for <lisp@ietf.org>; Tue, 03 Nov 2015 05:59:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=etHtHkQRHj9fvExzIxhEGaxJUR2PF1HVWRZzHQ2zfD4=; b=c70lQHEwXXlrifEnD+CzzemmiEy8dWpYVJPg3fGY7Js931CkIybd+BnSGs1yi8JaU8 +pSCP7tR1uX3o8Qni8k/ESjUS9oGwocV0Sh5UPVPTUq4qpQN1m4drM94jTX5+2pUzx7C 19MrYlGgAiSKmeHj7tAnP7rZOfyVr0Npac69cOYL2+hPli/cxCwl98HRjKXWjweGxhE8 sdptNKGsghNzhWjO8WCBWVVC4MFXVj1F8dlxzSPzIdQRqPnF3vZd0l4NKoUVl/+TAU9m UYrZgTMF6sYkrIAH6m55xZcaH9q9zLTDQ8QAin1l2Y9GCDiYB/krx3PAPGd6sv9IJ3EG eQGA==
X-Received: by 10.68.248.6 with SMTP id yi6mr34199293pbc.158.1446559191109; Tue, 03 Nov 2015 05:59:51 -0800 (PST)
Received: from t20010c40000030807939b9355523c50e.v6.meeting.ietf94.jp (t20010c40000030807939b9355523c50e.v6.meeting.ietf94.jp. [2001:c40:0:3080:7939:b935:5523:c50e]) by smtp.gmail.com with ESMTPSA id bz1sm29869069pab.20.2015.11.03.05.59.49 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 03 Nov 2015 05:59:50 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <f02960a2f1234e9cba653318dcf0be44@XCH-ALN-006.cisco.com>
Date: Tue, 03 Nov 2015 05:59:48 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <754E7621-099C-4A75-95D8-EA41F4A512C0@gmail.com>
References: <f02960a2f1234e9cba653318dcf0be44@XCH-ALN-006.cisco.com>
To: "Amjad Inamdar (amjads)" <amjads@cisco.com>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/lisp/5hGYpFtxXnvIhzu9OrsBNIVwM0o>
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] LISP NAT Traversal
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2015 13:59:53 -0000
> Hi, > > It will be useful if LISP NAT traversal draft (draft-ermagan-lisp-nat-traversal) can elaborate on the following See comments inline. Thanks for having a look at the draft. > 1) Why LISP NAT traversal cannot be accomplished without RTR (another network entity) which has implications on deployability, complexity and latency. There are other protocols (e.g IKE/IPsec) that achieve NAT-D and NAT-T without the need for additional network entity. There are 2 important scalability reasons: (1) You want to keep the number of cache entries in the NAT to a minimum. By using an RTR to encapsulate packets to, there is only a single NAT entry. (2) When the xTR moves, you want its new locator to be advertised to the fewest number of places in the network. So if the RTR is the only one encapsulating to the xTR then it only has to be updated. > 2) Some more details on RTR deployment > - location of RTR in the LISP deployment like there are recommendations on PITR/PETR deployments The location of the RTR is desiraable to be close to the current location of the xTR so we can minimize packet stretch. Hence when an xTR moves, the Map-Server (which is fixed and doesn’t need to be close to the moving xTR since it is a control-plane function), tells the xTR of a new set of RTRs that is close to it, in the xTRs new location. This is mostly policy information in the mapping system. > - is RTR shared across LISP sites behind NAT or each site needs a dedicated RTR Yes, we envision that millions of xTRs can use the same set of RTRs (i.e. a pair of RTRs that are topologically close to each other and the xTRs that are using them). > - what if RTR is behind another NAT (SP-NAT) By protocol specification, it should be in public space. But I have an implementation where NAT-traversal works when both the xTR and RTR are behind NATs (different NATs). > 3) How is multiple-NAT handled (e.g. enterprise and SP NAT) If you have an xTR that is multi-homed to 2 NATs, then Info-Requests are sent each way to both the map-server and to RTRs that map-server has advertised. In the registration, one can decide which RTR is used by remote ITRs encapsulating toward the EIDs behind the xTR. And the xTR can load-split traffic (outgoing traffic) across the RTRs in the list the map-server provided. Thanks, Dino > > Thanks, > -Amjad Inamdar CISSP, CCNP R&S, CCNP Security, CCDP, CCSK > Senior Technical Leader > CSG PI Services Security - India > > _______________________________________________ > lisp mailing list > lisp@ietf.org > https://www.ietf.org/mailman/listinfo/lisp
- [lisp] LISP NAT Traversal Amjad Inamdar (amjads)
- Re: [lisp] LISP NAT Traversal Dino Farinacci
- Re: [lisp] LISP NAT Traversal Sharon
- Re: [lisp] LISP NAT Traversal Darrel Lewis (darlewis)