1. Introduction
As IPv4 addresses are pretty much consumed and the lazy ones have not even yet started their transition process to IPv6 we need to make sure that we have all the tools available to make the most with the remaining addresses without breaking the Internet even more than we did with NAT.Carrier Grade NAT (CGN) or Large Scale NAT (LSN) proposes to run NAT at the Service Provider rather than or in addition to the Customer Premises Equipment (CPE).
There are many solutions based on LSN such as NAT444, NAT464 or DS-Lite. These solutions have many issues including severe scalability issues and sometimes also some network design issues (NAT444). LSN is a single point of failure as it must keep a big amount of states and should any LSN device reboot, many users will see their sessions restarted and will experiment some problems with their applications. It is a severe concern when more and more people use the Internet for Real Time applications like VoIP, WebEx or Video.
With LSN, it becomes also impossible to track a user with its IP address; a user cannot configure some static NAT translations to run some inside servers and if an Application Layer Gateway (ALG) must be installed to support a new application, the Service Provider must install it.
2. An alternative to LSN/CGN: A+P
A+P (Experimental rfc6346) gives another solution for sharing IPv4 addresses among users without LSN and all its known issues.This solution uses some bits of the source port to share an IPv4 address among multiple users.
A+P has many benefits:
- It does not have the scalability issue of LSN.
- It does not break the end-to-end model of the Internet in most cases.
- It does not require keeping much states in the SP network.
- Users can be tracked with their IP address and source port.
- It does not bias the users from migrating to IPv6 as NAT444 does.
A+P Features
For successful implementation, A+P requires the following features:Tunneling:
A+P can run on all hosts and routers in the network. If this is not the case, some routers called Port Range Routers will be responsible to establish tunnels through existing devices. These tunnels can be Ipv6, IPv4 or Layer 2.Translation:
If hosts are not upgraded to support A+P, they will still think that they have all the source ports available for a given address and the CPE will have to do some kind of translation to make sure that only the ports allocated to a site will be used.Signaling:
A+P requires some signaling to discover which ports are available for an address.3. A+P Limitations
A+P also comes with some limitations but it does not share the scalability issue and should require keeping fewer states not to be such a hot single point of failure than LSN.The A+P limitations are:
- ICMP will need a particular processing, as it does not have any port available.
- Fragmentation will need reassembly as A+P needs the port information in each packet.
- An application that may require a particular port may not have it available, as only a port range will be allocated to each CPE.
4. Conclusion
A+P is an alternate choice to LSN transition tools but not an alternate choice to IPv6 that is still the only solution for the Internet.It does not have most of the LSN/CGN issues.
On the other hand, it will not be of any help for enterprises that will require IP addresses without any port restrictions.
Most of the signaling protocols are still “Work In Progress” but the developers are confident to deliver it in time. So it is still mostly in development but could be ready in a bout 5 months from now.
For some early testing, there is an Open Source implementation available from Orange FT Labs:
http://opensourceaplusp.weebly.com/
Also find this blog:
http://www.fastlaneus.com/blog/2011/10/17/ap-an-interesting-alternative-to-large-scale-nat-lsn-or-carrier-grade-nat-cgn/
Aucun commentaire:
Enregistrer un commentaire