IETF Logo Mail Archive

RE: [NAT] Re: the future of the NAT working group

"Ed Van Horne" <evh@cisco.com> Fri, 19 October 2001 18:36 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA27403; Fri, 19 Oct 2001 14:36:19 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA04109; Fri, 19 Oct 2001 14:26:37 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id OAA04086 for <nat@ns.ietf.org>; Fri, 19 Oct 2001 14:26:35 -0400 (EDT)
Received: from sj-msg-core-1.cisco.com (sj-msg-core-1.cisco.com [171.71.163.11]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA27062 for <nat@ietf.org>; Fri, 19 Oct 2001 14:26:32 -0400 (EDT)
Received: from sd2-mail1.cisco.com (sd2-mail1.cisco.com [171.69.200.83]) by sj-msg-core-1.cisco.com (8.11.3/8.9.1) with ESMTP id f9JIQ7U10150; Fri, 19 Oct 2001 11:26:07 -0700 (PDT)
Received: from evhw2k1 (dhcp-171-69-203-11.cisco.com [171.69.203.11]) by sd2-mail1.cisco.com (Mirapoint) with SMTP id ABP04486; Fri, 19 Oct 2001 11:26:02 -0700 (PDT)
From: Ed Van Horne <evh@cisco.com>
To: rrajiv@cisco.com, Matt Holdrege <matt.holdrege@verizon.net>
Cc: Scott Bradner <sob@harvard.edu>, nat@ietf.org, srisuresh@yahoo.com
Subject: RE: [NAT] Re: the future of the NAT working group
Date: Fri, 19 Oct 2001 11:27:49 -0700
Message-ID: <OOEOLEGAOBLEBAAJAODKEEOICDAA.evh@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
In-Reply-To: <3BD03A81.28CD669@cisco.com>
Content-Transfer-Encoding: 7bit
Sender: nat-admin@ietf.org
Errors-To: nat-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Network Address Translation <nat.ietf.org>
X-BeenThere: nat@ietf.org
Content-Transfer-Encoding: 7bit

Rajiv,

I have raised another issue concerning how the tables are indexed. As
currently designed, one can only look up a binding using the local
addresses/ports. Is there a plan to provide tables indexed by the outside
addresses/ports? My previous comments are included in-line.

Ed Van Horne
Building Broadband Solutions Unit - San Diego
Cisco Systems
6195 Lusk Blvd
San Diego, CA 92121
858.526.1152

<Comments follow>

We have application where we want to map the inside global address and port
of a computer connected to the inside interface of a NAT router to that
computer's MAC address. We see this as a two step process, with two
variations, depending on whether NAT or NAPT is involved:

NAT:

Step 1: IG (A)   ->
natAddrBindTable.natAddrBindEntry.natAddrBindLocalAddr -> IL (A)
Step 2: IL (A)   ->
ipNetToMediaTable.natAddrBindLocalAddr.natAddrBindLocalAddr -> MAC address

NAPT:

Step 1: IG (A,P) ->
natAddrPortBindTable.natAddrPortBindEntry.natAddrPortBindLocalAddr -> IL (A)
Step 2: IL (A)   ->
ipNetToMediaTable.natAddrBindLocalAddr.natAddrBindLocalAddr -> MAC address

Step 2 works fine because ipNetToMediaTable is indexed by {
ipNetToMediaIfIndex, ipNetToMediaNetAddress }, where I assume that
ipNetToMediaNetAddress == IL (A) and ipNetToMediaIfIndex is the IfIndex of
the NAT router's inside interface. This means that a single SNMP query
obtains the computer MAC address, once we have the inside local address.

Unfortunately, as the NAT MIB is currently structured, Step 1 requires us to
walk either the natAddrBindTable or natAddrPortBindTable since these tables
are indexed on { natAddrBindLocalAddr } and { natAddrPortBindLocalAddr,
natAddrPortBindLocalPort, natAddrPortBindProtocol }, respectively.

For our application tables like natAddrBindTable or natAddrPortBindTable but
indexed by { natAddrBindGlobalAddr } and { natAddrPortBindGlobalAddr,
natAddrPortBindGlobalPort, natAddrPortBindProtocol }, respectively, are
necessary. A MIB walk is not a viable solution due to scalability issues.

<End Comments>

-----Original Message-----
From: nat-admin@ietf.org [mailto:nat-admin@ietf.org]On Behalf Of Rajiv
Raghunarayan
Sent: Friday, October 19, 2001 7:37 AM
To: Matt Holdrege
Cc: Scott Bradner; nat@ietf.org; srisuresh@yahoo.com
Subject: Re: [NAT] Re: the future of the NAT working group


Matt/Scott,

There were two main concerns with the NAT MIB, brought up on this
alias:

1. Conditional NAT, as in use bind #1 when going to Src #1 to Dest #1,
   and bind #2 when going from Src #1 to Dest #2. (This was brought
   up by Cliff)

2. Extensibility of NAT MIB - specifically the Config Table, such
   that support for other protocols (TCP, UCP are the currently
   supported ones) can be added later w/o modifications to the
   NAT MIB (this one was brought up by Randy Turner).

Both these are being currently addressed, and should reflect in the
next revision of the MIB. Further, we would be moving over to using
InetAddressType and InetAddress (as mandated by RFC 2851).

-Rajiv.

Matt Holdrege wrote:
>
> At 03:01 PM 10/18/2001, Scott  Bradner wrote:
> >We would actually like to close the WG now.
>
> If I'm the only one objecting, then go ahead and close it.
>
> >The MIB may take quite a while since some rather basic thinking
> >needs to be done on what a NAT MIB should do.  We do not see
> >that there has been enough going on relative to that in the WG
> >to warrant keeping the WG open.
>
> This is the first I've heard of any basic issues with the NAT MIB. Have
> there been any issues brought up on the list that I might have missed? I
> thought the NAT MIB was pretty much done.
>
> _______________________________________________
> nat mailing list
> nat@ietf.org
> http://www1.ietf.org/mailman/listinfo/nat

_______________________________________________
nat mailing list
nat@ietf.org
http://www1.ietf.org/mailman/listinfo/nat


_______________________________________________
nat mailing list
nat@ietf.org
http://www1.ietf.org/mailman/listinfo/nat

v2.23.0 | Report a Bug | By Email