[Jool-list] RFC: Limiting EAM algorithm to specific header fields
Tore Anderson
tore at fud.no
Fri Apr 17 02:02:57 CDT 2015
* Alberto Leiva <ydahhrk at gmail.com>
> in the 6 -> 4 direction,
>
> if packet is ICMP error
> tuple.src = outgoing (IPv4) packet's inner dst address
> tuple.dst = outgoing (IPv4) packet's inner src address
> else (ie. packet is TCP, UDP, ICMP info or unknown)
> tuple.src = outgoing (IPv4) packet's outer src address
> tuple.dst = outgoing (IPv4) packet's outer dst address
>
> if tuple.src was not translated using the 6052 prefix,
> tuple.dst was translated using the 6052 prefix,
> AND tuple.dst is part of the EAM,
> then hairpin the packet manually.
> -> the outgoing IPv4 packet becomes the incoming packet.
> -> the packet is translated "recursively".
> -> In this 2nd translation, EAM is disabled for tuple.src.
>
> This is looking more and more like Stateful NAT64's solution.
Hehe, indeed, it is getting a bit complicated, but I think it'll work.
I think that in siit-eam I'll describe both the above heuristic, as
well as the possiblity to let the let the operator configure the EAM
algorithm as disabled for specific address fields. But I'll keep them
as a MAY (so an compliant implemention would not have to implement
both). Sounds OK?
> The outer source address could be improved. Strictly speaking,
> 2001:db8:6::9 = 64:ff9b::198.51.100.9, which is fine, but I don't know
> if implementations can handle this when the error code is something
> like port unreachable.
> ("Why did somebody else answered port unreachable!?!?!?!?").
> Guess it won't be a problem if we add "EAM is disabled for the outer
> source address too" to the heuristic, not sure if it's worthwhile.
I think it is worthwhile. It should be simple to handle: if hairpin is
detected, disable the EAM algorithm for ipv4.src + icmpv4.dst (if
applicable) for the second translation (instead of disabling it for
tuple.src).
Tore
More information about the Jool-list
mailing list