idnits 2.17.1 draft-gloesener-nat-ext-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-23) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 2) being 109 lines == It seems as if not all pages are separated by form feeds - found 0 form feeds but 2 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Abstract section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 6 instances of too long lines in the document, the longest one being 4 characters in excess of 72. ** There is 1 instance of lines with control characters in the document. == There is 9 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There is 1 instance of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The "Author's Address" (or "Authors' Addresses") section title is misspelled. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 1996) is 9991 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '1' is defined on line 144, but no explicit reference was found in the text ** Obsolete normative reference: RFC 1631 (ref. '1') (Obsoleted by RFC 3022) Summary: 12 errors (**), 0 flaws (~~), 7 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group G. Gloesener 2 INTERNET-DRAFT Digital Equipment 3 Expire in six months December 1996 5 NAT extension for existing "external" networks 6 8 Status of this Memo 10 This document is an Internet-Draft. Internet-Drafts are 11 working documents of the Internet Engineering Task Force 12 (IETF), its areas, and its working groups. Note that other 13 groups may also distribute working documents as Internet- 14 Drafts. 16 Internet-Drafts are draft documents valid for a maximum of six 17 months. Internet-Drafts may be updated, replaced, or obsoleted 18 by other documents at any time. It is not appropriate to use 19 Internet-Drafts as reference material or to cite them other 20 than as a "working draft" or "work in progress". 22 To learn the current status of any Internet-Draft, please 23 check the 1id-abstracts.txt listing contained in the 24 Internet-Drafts Shadow Directories on ds.internic.net (US East 25 Coast), nic.nordu.net (Europe), ftp.isi.edu (US West Coast), 26 or munnari.oz.au (Pacific Rim). 28 1. Introduction 30 The main use of NAT is to connect an existing internal network via an 31 ISP to the Internet. The current NAT RFC1631 supposes that the network 32 number used for the translation is not existing physically on any 33 network. This does not work in some circumstances where the router 34 connected to the ISP line is not under control of the user. 35 This implies that the network where the NAT router is connected to, 36 has the same network number than the one used by NAT. 38 Such a configuration is shown in Figure 1, where the ISP provides a 39 lass C network to his customer. Router R1 is remote and R2 local to 40 the customer. Both routrs have to be accepted as-is from the ISP (i.e. 41 no changes to the config can be done). 43 The class C network 198.56.12. is provided. In this example we have 44 a PC (PC1) connected directly to the internet network as provided by 45 R2. For the internal usage NAT is used, but since the only one 46 CLASS C address is provided, NAT and the external network have the 47 same network number. Subnetting in this case is not a valid approach 48 since at least half of the addresses are then on the external network 49 where usually only a few are needed. 51 Further to this R3 will provide filtering for the internal network, 52 using PC1 as public server. 54 This configuration is not valid as of RFC1631. 56 Figure 1: Extended NAT configuration 58 ____________________________________________________ 153.15.34.29 59 / \ +---+ 60 | Internet |---|PC3| 61 \____________________________________________________/ +---+ 62 | 63 | 64 +---+ 65 | R1| 66 +---+ 67 | 68 |/| Unnumbered 69 | 70 +---+ 71 | R2| 72 +---+ 73 | 198.56.12.1 74 | 75 |----+--------------+-------+---------| 76 |198.56.12.10 |198.56.12.2 /NAT addresses 77 +---+ +---+ |198.56.12.100 78 |PC1| | R3| =========| to 79 +---+ +---+ \198.56.12.200 80 |192.168.1.1 81 |-------------------+-----------+-------------| 82 |192.168.1.10 83 +---+ 84 |PC2| 85 +---+ 87 2. Overview of this extension 89 The extension of NAT discussed in this memo is intended to solve the 90 above situation by extending NAT without interfering with the "basic" 91 NAT implementation according to RFC1631. 93 The way to implement this is to split the NAT network into a physical 94 and a logical part. The logical part being the one used by NAT 95 (198.56.12.100 to 198.56.12.200 in the example above) 97 When this is done one of the interfaces of the router may have one 98 of the physical addresses of the same network number (above it is 99 198.56.12.2). Other routers or hosts connected physically to that 100 network may also use some of the physical addresses. 102 Note that a second router on the same network may use some of R3s 103 physical addresses (i.e. addresses not used by NAT) for another NAT 104 translation table thus one network number can be used for multiple 105 internal networks. 107 The NAT router (R3) should reply to ARP requests for his physical 108 address and the logical addresses used by NAT (i.e. 198.56.12.100 to 109 198.56.12.200) on the interface which belongs to the same network 110 number than NAT does, providing its hardware address as destination. 111 For logical (NAT) address assignements the router may not respond 112 or reply with a destination unreachable ICMP packet 113 (Host unreachable) for addresses that are currently not assigned to 114 any "internal" host. 116 PC2 which want to address PC3 will have the source address of his 117 packet modified in router R3 to 198.56.12.110 (for example) and then 118 it will be forwarded to R2 according to the routing protocol used. 119 Once PC3 replies to 198.56.12.100 and the packet comes to R2, R2 will 120 do an ARP request for this address. R3 replying to this request with 121 his hardware address will receive the packet apply the NAT 122 modifications and forward it to PC2 with his address being the new 123 destination address of the IP packet. 125 Looking at the special case where PC2 want to talk to PC1 being 126 virtualy on the same network number (i.e. 198.56.12.0 ). This 127 represents no problem since the node PC2 is physically on another net 128 (i.e. 192.168.1.0), so that it will use its routing table finding R3 129 being the appropriate router. R3 can determine that the destination 130 is not one of its assigned NAT addresses (logical) so that it will 131 use ARP to find the physical destination which is PC1. The reply of 132 PC1 works like in the previous example for the communication between 133 R2 and R3. 135 The configuration of the ARP replies for the router R3 may be 136 implemented to be done manually or even better and less error 137 generating) automatically. When configuring NAT the router finds out 138 that the NAT network number is used by one of its interfaces and it 139 can now setup this interface to reply to ARP requests for the 140 configured NAT address range(s) (logical addresses). 142 References 144 [1] Egevang K., Francis P., "The IP Network Address Translator (NAT) 145 RFC1631, Cray Communications, NTT, May 1994 147 Security Considerations 149 Security issues are not covered by this memo 151 Authors Addresses 153 Gast Gloesener 154 Digital Equipment Luxembourg 155 7a, rue Robert Stumper 156 L-2557 Luxembourg 157 Luxembourg 159 Relation to other RFCs 161 UPDATES RFC1631