NAT64 Operational Considerations draft-chen-v6ops-nat64-cpe-03.txt IETF 82- Taipei, Nov 2011 Gang Chen (chengang@chinamobile.com) Qibo Niu(niu.qibo@zte.com.cn)
Changes since IETF#81 (-02 to -03) • Added different deployment considerations regarding the different positions of NAT64, which is focusing “An IPv6 Network to the IPv4 Internet: NAT64-CGN” and “The IPv6 Internet to an IPv4 Network: NAT64-CE” • Aligned with RFC6144
Considerations for NAT64-CGN deployment PC DNS DNS64 HG ONU/SW OLT/SW BRAS NAT64 IPv4 Server PPPoEv6/IPoEv6 SLAAC/DHCPv6 DNS query(AAAA) DNS query(AAAA/A) DNS Response(synthesized AAAA) DNS Response (A) IPv6 Network IPv4 Internet n Implementation: Standalone CGN VS Embedded CGN (BNG, Aggregation Router or PGW) n CGN location: centralized deployment VS distributed deployment; n Performance: Traffic throughout, concurrent sessions and session rate of IDC CGN and Internet CGN is related with WEB traffic and Subscriber scale respectively, n Reliability: NAT64 session + Filter/Mapping mode should be synchronized between Master and backup CGN n Service Richness: FTP, SIP, DNS64, RSTP, H.323, SCCP, PPTP and so on; n Security: Lawful interception (ETSI CC IIF) and user traceability for Legal Entity; TCP tracking, uRPF, blacklist and Mapping/Filter mode for CGN security; n Other requirements: Load Balancer, PCP server and subscriber policy (similar to BNG)
Considerations for NAT64-CE deployment NAT64-CE PC IPv6 Internet The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again. PC Residential Network Enterprise Network NAT64-CE IPv4 Network IPv6 Internet n n DNS resolving: static AAAA records can be added directly in authoritative DNS n Service Richness: VPN, P2P, Web (Office automation), FTP n Reliability: Standalone NAT64 deployment n Service Richness: VPN, P2P, Web (Office automation), FTP Security: IPsec VPN may need to be deployed to prevent privacy invasion n Reliability: Standalone NAT64 deployment Other requirements: PCP proxy functionalities n Security: IPsec VPN may need to be deployed to prevent privacy invasion n Other requirements: PCP proxy functionalities
Next steps • Future works – Add justification for NAT64 deployment considerations – Make detailed comparison for different cases • Adopt?
Recommend
More recommend