Re: [lisp] LISP NAT Traversal
Sharon <sbarkai@gmail.com> Tue, 03 November 2015 15:02 UTC
Return-Path: <sbarkai@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 641E91A1BA2 for <lisp@ietfa.amsl.com>; Tue, 3 Nov 2015 07:02:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qeoW9XcZZY6C for <lisp@ietfa.amsl.com>; Tue, 3 Nov 2015 07:02:27 -0800 (PST)
Received: from mail-pa0-x22c.google.com (mail-pa0-x22c.google.com [IPv6:2607:f8b0:400e:c03::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1660A1A1BDC for <lisp@ietf.org>; Tue, 3 Nov 2015 07:02:21 -0800 (PST)
Received: by pabfh17 with SMTP id fh17so20735348pab.0 for <lisp@ietf.org>; Tue, 03 Nov 2015 07:02:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=EdSwXm/0V5uNrPPXFvuiK6eZ8VRSu1M7yxrNo207GJg=; b=WU1uCJaE4WJWNST4KBQqp5b7MXxEqzQNYaeXCGHWa7XSKDBThUoQZsMyCMj+mN24Xu kdIX9X1YtbqZDcFI0skXv8Vg+BLNptl8Q+gh6r2oSXVcOhkj4/iFhP2g6sPI/Po5iZ3d 6ciz9DL4cHq86Zp7MzdtaU98gYZI4AQltmy+JrKHkNhbarBJz5VETlPzkUCP+JNTeqjy D0v5I+sXi1M6Z8OWpHKh6pAR1RdZc62Nypuz2S/Pq0XuKLRpdHa0w5kGUMtZrmwSJhHN 2l9tWLemwKcPO1Y4G0yzcmN0lqGbI0L9E3Ugnx/qwvbxGWEAJqrEf1lwxPY/f53/ZYPJ TT3Q==
X-Received: by 10.68.170.101 with SMTP id al5mr34596037pbc.38.1446562940504; Tue, 03 Nov 2015 07:02:20 -0800 (PST)
Received: from [10.0.0.16] (c-98-248-50-149.hsd1.ca.comcast.net. [98.248.50.149]) by smtp.gmail.com with ESMTPSA id ce3sm30031604pbb.35.2015.11.03.07.02.18 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 03 Nov 2015 07:02:18 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Sharon <sbarkai@gmail.com>
X-Mailer: iPhone Mail (13B143)
In-Reply-To: <754E7621-099C-4A75-95D8-EA41F4A512C0@gmail.com>
Date: Tue, 03 Nov 2015 07:02:17 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <711231F5-5A32-4382-8F5F-48FD088E5E25@gmail.com>
References: <f02960a2f1234e9cba653318dcf0be44@XCH-ALN-006.cisco.com> <754E7621-099C-4A75-95D8-EA41F4A512C0@gmail.com>
To: Dino Farinacci <farinacci@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/lisp/zSoB6vqdg46Ex2k4U1coFiJwFCI>
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] LISP NAT Traversal
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2015 15:02:33 -0000
Can also add a carrier use case - The RTRs are in POPs, racks of equipment or clusters of servers, stable underlay, very responsive low latency mapping. The XTRs are across the access, on or off the carrier footprint, (NAT wise) high latency lookup, potentially shaky conditions. The RTRs anchor the XTRs. The XTR can reach any of the RTRs (any cast) move, recover from a topology change, or access carrier change. The mapping Service & Resource Schema apropos yesterday discussion regarding easy mapping abstraction (Albert) for orchestrating NSH (Vina, Fabio) is made available to potentially millions of semi loose XTRs aggregating billions of very loose EIDs, using traversal anchoring without creating a global data consistency nightmare. --szb On Nov 3, 2015, at 5:59 AM, Dino Farinacci <farinacci@gmail.com> wrote: >> Hi, >> >> It will be useful if LISP NAT traversal draft (draft-ermagan-lisp-nat-traversal) can elaborate on the following > > See comments inline. Thanks for having a look at the draft. > >> 1) Why LISP NAT traversal cannot be accomplished without RTR (another network entity) which has implications on deployability, complexity and latency. There are other protocols (e.g IKE/IPsec) that achieve NAT-D and NAT-T without the need for additional network entity. > > There are 2 important scalability reasons: > > (1) You want to keep the number of cache entries in the NAT to a minimum. By using an RTR to encapsulate packets to, there is only a single NAT entry. > > (2) When the xTR moves, you want its new locator to be advertised to the fewest number of places in the network. So if the RTR is the only one encapsulating to the xTR then it only has to be updated. > >> 2) Some more details on RTR deployment >> - location of RTR in the LISP deployment like there are recommendations on PITR/PETR deployments > > The location of the RTR is desiraable to be close to the current location of the xTR so we can minimize packet stretch. Hence when an xTR moves, the Map-Server (which is fixed and doesn’t need to be close to the moving xTR since it is a control-plane function), tells the xTR of a new set of RTRs that is close to it, in the xTRs new location. > > This is mostly policy information in the mapping system. > >> - is RTR shared across LISP sites behind NAT or each site needs a dedicated RTR > > Yes, we envision that millions of xTRs can use the same set of RTRs (i.e. a pair of RTRs that are topologically close to each other and the xTRs that are using them). > >> - what if RTR is behind another NAT (SP-NAT) > > By protocol specification, it should be in public space. But I have an implementation where NAT-traversal works when both the xTR and RTR are behind NATs (different NATs). > >> 3) How is multiple-NAT handled (e.g. enterprise and SP NAT) > > If you have an xTR that is multi-homed to 2 NATs, then Info-Requests are sent each way to both the map-server and to RTRs that map-server has advertised. In the registration, one can decide which RTR is used by remote ITRs encapsulating toward the EIDs behind the xTR. And the xTR can load-split traffic (outgoing traffic) across the RTRs in the list the map-server provided. > > Thanks, > Dino > >> >> Thanks, >> -Amjad Inamdar CISSP, CCNP R&S, CCNP Security, CCDP, CCSK >> Senior Technical Leader >> CSG PI Services Security - India >> >> _______________________________________________ >> lisp mailing list >> lisp@ietf.org >> https://www.ietf.org/mailman/listinfo/lisp > > _______________________________________________ > lisp mailing list > lisp@ietf.org > https://www.ietf.org/mailman/listinfo/lisp
- [lisp] LISP NAT Traversal Amjad Inamdar (amjads)
- Re: [lisp] LISP NAT Traversal Dino Farinacci
- Re: [lisp] LISP NAT Traversal Sharon
- Re: [lisp] LISP NAT Traversal Darrel Lewis (darlewis)