GIST NAT traversal and Legacy NAT traversal for GIST http://www.ietf.org/internet-drafts/draft-pashalidis-nsis-gimps-nattraversal-03.txt AND http://www.ietf.org/internet-drafts/draft-pashalidis-nsis-legacy-nattraversal-03.txt - PowerPoint PPT Presentation
Title:
GIST NAT traversal and Legacy NAT traversal for GIST http://www.ietf.org/internet-drafts/draft-pashalidis-nsis-gimps-nattraversal-03.txt AND http://www.ietf.org/internet-drafts/draft-pashalidis-nsis-legacy-nattraversal-03.txt
Description:
... .org/internet-drafts/draft-pashalidis-nsis-legacy-nattraversal-03.txt ... {Andreas.Pashalidis, Hannes.Tschofenig} _at_siemens.com. Legacy NAT Traversal for GIST ... – PowerPoint PPT presentation
Number of Views:38
Avg rating:3.0/5.0
Title: GIST NAT traversal and Legacy NAT traversal for GIST http://www.ietf.org/internet-drafts/draft-pashalidis-nsis-gimps-nattraversal-03.txt AND http://www.ietf.org/internet-drafts/draft-pashalidis-nsis-legacy-nattraversal-03.txt
1
GIST NAT traversal andLegacy NAT traversal for
GISThttp//www.ietf.org/internet-drafts/draft-p
ashalidis-nsis-gimps-nattraversal-03.txtAND
http//www.ietf.org/internet-drafts/draft-pashali
dis-nsis-legacy-nattraversal-03.txt
- A. Pashalidis H. Tschofenig
2
NAT Traversal
- Previous document split in two.
- GIST NAT Traversal
- NAT is GIST-aware
- Legacy NAT traversal for GIST.
- NAT does not know anything about NSIS
- Online, but not submitted to IETF yet
- Reason for splitting material in one document
does not affect material in the other.
3
GIST NAT Traversal
- Document (still) covers two approaches
transparent and non-transparent. - Both approaches are compatible with GIST main
spec. - However, only non-transparent approach makes use
of GIST NAT Traversal object.
4
Transparent Approach
2. TRANSLATE FLOW ID (MRI) according to NAT
binding put NAT IP address in NLI.IA field
3. GIST QUERY (translated)
1. GIST QUERY
NAT
GIST peer 1
GIST peer 2
4. GIST RESPONSE (sent to NLI.IA)
6. GIST RESPONSE (translated)
5. TRANSLATE MRI and NLI.IA back to original
values
- NAT translates IP header, transport layer header,
and GIST header of signalling traffic (D-mode and
C-mode) in a manner consistent with the data flow
NAT binding. - NAT does not install a separate NAT binding for
signalling traffic (translation above suffices) - Approach hides internal addresses from public
Internet. - Approach does not work if IPsec/TLS is used!
5
Non-transparent Approach
2. Add NAT Traversal Object
3. GIST QUERY (with NTO)
1. GIST QUERY
NAT
GIST peer 1
GIST peer 2
4. GIST RESPONSE (with NTO)
6. GIST RESPONSE (without NTO)
5. Remove NTO
- Message 3 contains translated and original MRI,
thus peer 2 can map subsequent signalling
messages (with untranslated MRI) to data flow. - NAT installs NAT binding for signalling traffic
after RESPONSE is received. - NAT does not modify any GIST messages, except
QUERY, RESPONSE. - Internal addresses exposed on public Internet.
6
Legacy NAT Traversal for GIST
- Extension to GIST
- For now, no changes in message formats required.
- Just new behaviour at GIST nodes.
7
Legacy NAT traversal NI-side
NAT detected!
NAT
GIST peer 2
1. GIST QUERY
2. GIST QUERY
GIST peer 1
3. GIST RESPONSE
4. GIST RESPONSE
data
UDP TUNNEL
sig
NAT detected!
Do the NAT work
- Peer 2 detects the NAT and proposes a UDP tunnel
- Peer 1 detects the NAT and sets up the UDP tunnel
- Both data traffic and signalling traffic is sent
over the tunnel.
8
Legacy NAT traversal NR-side
Work in progress
Recommended
CrystalGraphics Presentations
