IETF Logo Mail Archive

[lisp] LISP NAT Traversal

"Amjad Inamdar (amjads)" <amjads@cisco.com> Tue, 03 November 2015 07:03 UTC

Return-Path: <amjads@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A01451B2F01 for <lisp@ietfa.amsl.com>; Mon, 2 Nov 2015 23:03:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ko3oaPPADXWh for <lisp@ietfa.amsl.com>; Mon, 2 Nov 2015 23:03:56 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 234E41B2EDA for <lisp@ietf.org>; Mon, 2 Nov 2015 23:03:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4892; q=dns/txt; s=iport; t=1446534214; x=1447743814; h=from:to:subject:date:message-id:mime-version; bh=dmenljRTdVHI8Mdx9JtQ2uYsPZfdw2dJ9GRxnPW4Mwg=; b=Cr36+kv6Zlb2qU3j+U4dmbaGTa4wUOFwG50QgJcNTVPQEXHXPd7Cm+Lw 9Q922s0eTkkcjUf7Khgu5uo2+JELsNy8rg1Lo0a544kGW+n4PVyi6bpzA uyrlLxJAUiX5QJE0O1SzjsemiXRJK3mADpCYQHB09UPoXGWijPAfoNxqU I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D0AQD+WzhW/5RdJa1egm5NU3W7GoQhAQ2BWodLOBQBAQEBAQEBfwuEPC1eAYEAJgEEG4gooEageAEBAQEGAQEBAQEBHZU1BZZDAY0dnEEBHwEBQoQEhWmBBwEBAQ
X-IronPort-AV: E=Sophos;i="5.20,238,1444694400"; d="scan'208,217";a="203155800"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-2.cisco.com with ESMTP; 03 Nov 2015 07:03:30 +0000
Received: from XCH-ALN-008.cisco.com (xch-aln-008.cisco.com [173.36.7.18]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id tA373UvY007506 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for <lisp@ietf.org>; Tue, 3 Nov 2015 07:03:30 GMT
Received: from xch-aln-006.cisco.com (173.36.7.16) by XCH-ALN-008.cisco.com (173.36.7.18) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 3 Nov 2015 01:03:29 -0600
Received: from xch-aln-006.cisco.com ([173.36.7.16]) by XCH-ALN-006.cisco.com ([173.36.7.16]) with mapi id 15.00.1104.000; Tue, 3 Nov 2015 01:03:29 -0600
From: "Amjad Inamdar (amjads)" <amjads@cisco.com>
To: "lisp@ietf.org" <lisp@ietf.org>
Thread-Topic: LISP NAT Traversal
Thread-Index: AdEWBbvY2lYwQkWuSL61SKNwqJz5Qw==
Date: Tue, 03 Nov 2015 07:03:29 +0000
Message-ID: <f02960a2f1234e9cba653318dcf0be44@XCH-ALN-006.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.65.62.183]
Content-Type: multipart/alternative; boundary="_000_f02960a2f1234e9cba653318dcf0be44XCHALN006ciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/lisp/npRwGyV4Jv2I0EsOU04mPZe2HE0>
Subject: [lisp] LISP NAT Traversal
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2015 07:03:58 -0000

Hi,

It will be useful if LISP NAT traversal draft (draft-ermagan-lisp-nat-traversal) can elaborate on the following

1) Why LISP NAT traversal cannot be accomplished without RTR (another network entity) which has implications on deployability, complexity and latency. There are other protocols (e.g IKE/IPsec) that achieve NAT-D and NAT-T without the need for additional network entity.

2) Some more details on RTR deployment
- location of RTR in the LISP deployment like there are recommendations on PITR/PETR deployments
- is RTR shared across LISP sites behind NAT or each site needs a dedicated RTR
- what if RTR is behind another NAT (SP-NAT)

3) How is multiple-NAT handled (e.g. enterprise and SP NAT)

Thanks,
-Amjad Inamdar CISSP, CCNP R&S, CCNP Security, CCDP, CCSK
Senior Technical Leader
CSG PI Services Security - India

v2.23.0 | Report a Bug | By Email