Re: [OPSAWG] CLAT (was TR: New Version Notification for draft-ietf-opsawg-nat-yang-00.txt)
JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Fri, 18 August 2017 15:18 UTC
Return-Path: <prvs=140398b0bb=jordi.palet@consulintel.es>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8946E13295C for <opsawg@ietfa.amsl.com>; Fri, 18 Aug 2017 08:18:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es; domainkeys=pass (1024-bit key) header.from=jordi.palet@consulintel.es header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qva6FVbK-MXD for <opsawg@ietfa.amsl.com>; Fri, 18 Aug 2017 08:18:25 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [217.126.185.215]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F01D613219B for <opsawg@ietf.org>; Fri, 18 Aug 2017 08:18:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1503069502; x=1503674302; q=dns/txt; h=DomainKey-Signature: Received:User-Agent:Date:Subject:From:To:CC:Message-ID: Thread-Topic:In-Reply-To:Mime-version:Content-type: Content-transfer-encoding:Reply-To; bh=q6pbLqO8tR6BqvtG9CQT8z+G1 cjejj9CM8rRSAC/s+Q=; b=c6RD7+DCuMUujtKQyKIN6b65kq8joWjQIIkY+h5W6 JhJbi16VZ+FPZSL0yq1o3gZ1FgbMuUV+yWBQTD2hHTOKcjMXhepcbVCfTKSszs8j 1DFzhzE73iQfL6YicWoY5wTGMWfKSMGfIblnTjtf1pkf2epyefo7ldDoHE6EcUQU y8=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=consulintel.es; c=simple; q=dns; h=from:message-id; b=roZU8ICXV3RiUAPD8AW3YOSI6b/BVGfUSQfO1mML3ZSegg3mf8NJhNZPD4+n L4sVcJVRNtKKs7Wus1DYez3vEWDoSsXN31uMZWj9bHHhSq5tBZoq3LMad AcHPaWvWkn4JcECO3FSHaLU0D3GfJXv7XVzgZkFCl3Qg9iIdJf3rIg=;
X-MDAV-Processed: mail.consulintel.es, Fri, 18 Aug 2017 17:18:22 +0200
X-Spam-Processed: mail.consulintel.es, Fri, 18 Aug 2017 17:18:21 +0200
Received: from [10.10.10.134] by mail.consulintel.es (MDaemon PRO v11.0.3) with ESMTP id md50005510404.msg for <opsawg@ietf.org>; Fri, 18 Aug 2017 17:18:20 +0200
X-MDOP-RefID: re=0.000,fgs=0 (_st=1 _vt=0 _iwf=0)
X-Authenticated-Sender: jordi.palet@consulintel.es
X-HashCash: 1:20:170818:md50005510404::K5RmAIrKGtHnQ1vI:00009gLs
X-Return-Path: prvs=140398b0bb=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: opsawg@ietf.org
User-Agent: Microsoft-MacOutlook/f.25.0.170815
Date: Fri, 18 Aug 2017 17:18:18 +0200
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: mohamed.boucadair@orange.com, Lee Howard <lee@asgard.org>
CC: opsawg@ietf.org, JACQUENET Christian IMT/OLN <christian.jacquenet@orange.com>, "Senthil Sivakumar (ssenthil)" <ssenthil@cisco.com>, Qin Wu <bill.wu@huawei.com>, "sureshk@juniper.net" <sureshk@juniper.net>
Message-ID: <292AA9DC-F011-4585-8424-C6323F2FC769@consulintel.es>
Thread-Topic: CLAT (was TR: New Version Notification for draft-ietf-opsawg-nat-yang-00.txt)
In-Reply-To: <7e5cb648-16a8-43c9-8ac9-d869c170447c@OPEXCLILMA2.corporate.adroot.infra.ftgroup>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Reply-To: jordi.palet@consulintel.es
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/hu9nuzglvEINLSrzaJtAs1B6d20>
Subject: Re: [OPSAWG] CLAT (was TR: New Version Notification for draft-ietf-opsawg-nat-yang-00.txt)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Aug 2017 15:18:27 -0000
Hi Med,
Looks good to me, and I think it covers all the possible options, which one exception:
+--rw clat-ipv4-address? inet:ipv4-address
You may want to use a prefix, not an address. If you have a CLAT serving a “big” network, instead of a small CE, you may need to use a pool of several IP addresses. For example, in a recent testing, I used for the stateless CLAT (NAT46) the following EAMT (Explicit Address Mappings Table, RFC7757):
Pool IPv4/NAT46: 100.64.0.0/10
Pool IPv6: 2001:470:68ee:30::/106
(I was a bit exaggerated here, with so big pool, but is only an example)
So may be something like:
+--rw clat-ipv4-address? inet:ipv4-address
+--rw clat-ipv4-mask? inet:ipv4-mask
Note that I’m NOT expert in YANG, but I just read thru all your ID and looks ok.
Some other details that you may want to consider:
1) Say something about CLAT/NAT46/464XLAT in the abstract.
2) Same for the intro.
3) Same in section 2.2.
4) You may need to add also something in 2.8, at paragraph:
In order to cover both NAT64 and NAT44 flavors in particular, the NAT
mapping structure allows to include an IPv4 or an IPv6 address as an
internal IP address. Remaining fields are common to both NAT
schemes.
5) Also I think in 2.8 “Note that a mapping table is maintained only for stateless NAT” you actually mean stateful NAT ?
6) You could also rewrite (2.8) “Obviously, no mapping table is maintained for NPTv6 given that it is stateless and transport-agnostic” as “Obviously, no mapping table is maintained for any stateless NAT (such as NAT46), neither for NPTv6 given that it is stateless and transport-agnostic”
7) Instead of +--rw subscriber-mask-v6?, should mask be prefix-length?
8) In section 3, I see you have some “code” for each NAT type, so you may need also for NAT46?
9) And of course, you may want to add a CLAT example at the appendix ;-)
Hope it helps!
Saludos,
Jordi
-----Mensaje original-----
De: <mohamed.boucadair@orange.com>
Responder a: <mohamed.boucadair@orange.com>
Fecha: viernes, 18 de agosto de 2017, 16:19
Para: Lee Howard <lee@asgard.org>, "jordi.palet@consulintel.es" <jordi.palet@consulintel.es>
CC: "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, JACQUENET Christian IMT/OLN <christian.jacquenet@orange.com>, "Senthil Sivakumar (ssenthil)" <ssenthil@cisco.com>, Qin Wu <bill.wu@huawei.com>, "sureshk@juniper.net" <sureshk@juniper.net>
Asunto: CLAT (was TR: New Version Notification for draft-ietf-opsawg-nat-yang-00.txt)
Hi Lee,
(I'm adding Jordi to the discussion since he is familiar with CLAT in a CPE)
You suggested in Prague to add CLAT to the NAT YANG module.
Please find below how we are planning to cover it in the next iteration of the draft:
(1) If a dedicated prefix is configured for CLAT, then only a stateless XLAT will be required. That is, no mapping table will be maintained at all. Since the module already includes NAT64 prefix(es), the CLAT IPv6 prefix will be missing. The tree structure can be updated as follows:
OLD:
+--rw nat64-prefixes* [nat64-prefix]
| +--rw nat64-prefix inet:ipv6-prefix
| +--rw destination-ipv4-prefix* [ipv4-prefix]
| +--rw ipv4-prefix inet:ipv4-prefix
NEW:
+--rw nat64-prefixes* [nat64-prefix]
| +--rw nat64-prefix inet:ipv6-prefix
| +--rw destination-ipv4-prefix* [ipv4-prefix]
| +--rw ipv4-prefix inet:ipv4-prefix
+--rw clat-ipv6-prefix? inet:ipv6-prefix
(2) If no dedicated /64 prefix is provided, a NAT44 will be required. A stateless XLAT will be then applied on NATed packets. This case is natively supported by the current YANG model.
A CLAT module can automatically select an IPv4 address from 192.0.0.0/29 (RFC7335). This address can also be set. To do so, the tree structure can be updated with:
NEW:
...
+--rw clat-ipv4-address? inet:ipv4-address
...
The CLAT IPv4 address will be taken by default from 192.0.0.0/29. Other addresses can be used.
Lee/Jordi, are there any other required changes?
Thank you.
Cheers,
Med
> -----Message d'origine-----
> De : OPSAWG [mailto:opsawg-bounces@ietf.org] De la part de
> mohamed.boucadair@orange.com
> Envoyé : vendredi 18 août 2017 15:46
> À : opsawg@ietf.org
> Cc : sureshk@juniper.net; JACQUENET Christian IMT/OLN
> Objet : [OPSAWG] TR: New Version Notification for draft-ietf-opsawg-nat-
> yang-00.txt
>
> Dear all,
>
> The -00 version integrates the comments received during the Call for
> Adoption:
>
> - Clarify how Destination NAT is covered (Tianran)
> - Follow the NMDA guidelines (Juergen and Qin)
> - Include a generic structure for ALGs instead of listing supported ones
> (Juergen)
> - Include a discussion about how other transport protocols are/can be
> supported (Juergen)
> - Include a comprehensive list of examples (Juergen)
> - Move the example to an appendix (Juergen)
>
> We do still have one pending comment that was raised by Lee Howard when I
> presented in Prague: add CLAT to the list.
>
> Comments are more than welcome. Please review.
>
> Cheers,
> Med
>
> > -----Message d'origine-----
> > De : internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
> > Envoyé : vendredi 18 août 2017 15:31
> > À : BOUCADAIR Mohamed IMT/OLN; Senthil Sivakumar; JACQUENET Christian
> > IMT/OLN; opsawg-chairs@ietf.org; Qin Wu
> > Objet : New Version Notification for draft-ietf-opsawg-nat-yang-00.txt
> >
> >
> > A new version of I-D, draft-ietf-opsawg-nat-yang-00.txt
> > has been successfully submitted by Mohamed Boucadair and posted to the
> > IETF repository.
> >
> > Name: draft-ietf-opsawg-nat-yang
> > Revision: 00
> > Title: A YANG Data Model for Network Address Translation (NAT) and
> > Network Prefix Translation (NPT)
> > Document date: 2017-08-18
> > Group: opsawg
> > Pages: 67
> > URL: https://www.ietf.org/internet-drafts/draft-ietf-opsawg-
> > nat-yang-00.txt
> > Status: https://datatracker.ietf.org/doc/draft-ietf-opsawg-nat-
> > yang/
> > Htmlized: https://tools.ietf.org/html/draft-ietf-opsawg-nat-yang-
> 00
> > Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-
> > nat-yang-00
> >
> >
> > Abstract:
> > For the sake of network automation and the need for programming
> > Network Address Translation (NAT) function in particular, a data
> > model for configuring and managing the NAT is essential. This
> > document defines a YANG data model for the NAT function. NAT44,
> > NAT64, and NPTv6 are covered in this document.
> >
> >
> >
> >
> > Please note that it may take a couple of minutes from the time of
> > submission
> > until the htmlized version and diff are available at tools.ietf.org.
> >
> > The IETF Secretariat
>
> _______________________________________________
> OPSAWG mailing list
> OPSAWG@ietf.org
> https://www.ietf.org/mailman/listinfo/opsawg
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
- Re: [OPSAWG] CLAT (was TR: New Version Notificati… mohamed.boucadair
- Re: [OPSAWG] CLAT (was TR: New Version Notificati… JORDI PALET MARTINEZ
- Re: [OPSAWG] CLAT (was TR: New Version Notificati… Lee Howard
- Re: [OPSAWG] CLAT (was TR: New Version Notificati… mohamed.boucadair