Saturday 21 September 2013

Intricacies in Simplicity

                                              
How does it work?....Week 1


Charitha - I thought stateful implementation of TAYGA was going to be easy..!
Ankur - I know, when i looked at the number of files in the source code, it seemed so less. But nevertheless, this is an important project considering the fast depletion of IPv4 addresses. Hopefully it will be useful to people.


Charitha - That is true. The current version of TAYGA, which currently supports stateless NAT64 implementation uses TUN driver to exchange packets with the kernel. TAYGA maps IPv6 address to IPv4 address. But this mapping is 1:1. All we need to do it make this mapping N:1.
Ankur - You mean N number of IPv6 addresses have a single IPv4 address associated with it?
Charitha - Yes. By the way how did you install and see its working?
Ankur - Aha..! I downloaded the source from the website and did a normal installation as specified in the ReadMe. Initially I wasn't sure about the mapping is actually made. But it turned out to be quite simple.
TAYGA first creates a NAT64 network interface.
sudo tayga --mktun
It directs set of IPv6 addresses to the network interface(NAT64). Lets say 2001:db8:1:ffff::/96(prefix). Also it has a pool of IPv4 addresses(192.168.255.0/24). So this is how it works.


If I ping to an address assigned to any network interface in the system, say 192.168.0.1, I need to ping from an IPv6 source to address 2001:db8:1:ffff::192.168.0.1 . TAYGA translates this packet to an IPv4 packet. It picks an IPv4 address from its pool(192.168.255.0/24) dynamically, unless specified statically in the config file and records this mapping.
Source IPv6 client  to 2001:db8:1:ffff::192.168.0.1
192.168.255.x to 192.168.0.1
Reverse order is used when sending packet back from IPv4 address to IPv6 address.
Look at this for instance.
The mapping done in TAYGA for the ping request : ping6 2001:db8:1:ffff::192.168.0.1
Charitha - Oh..! Does this mean that first and IPv6 client has to initiate the connection? And how did you see the functioning you just described?
Ankur - Yes, thats true. I used wireshark. The information was pretty detailed.
Ankur - But how do we plan to make it stateful?
Charitha - As you said, currently what TAYGA is doing is when you get a new hit from IPv6 network side it assigns a new IPv4 address from pool of IPv4 address .
The response from IPv4 network side is attached with the NAT64 IPv6 prefix to get a valid IPv6 address and this packet is sent IPv6 destination.
In brief How we could change this is when we get new request from IPv6
generate a port number attach IPv4 to it.The IPv6 packets from same source will go to same mapping.In case a new IPv6 request is encountered  a new port number is generated and same IPv4 is attached to it. We'll maintain this table in TAYGA. It is like multiplexing many IPv6 devices into a single IPv4 address.

Ankur - Time to dive into the code..!
Posted by at 1 comment:

Stateful implementation of NAT64


The Beginning....Week 0

What is NAT64? Why NAT64?

Lets answer why first! As we know IPv4 is 32 bits long address and it has an address range of 232 which is a total of 4,294,967,296 addresses. Due to expansion of network, setting up of huge data centers etc., IPv4 address will soon exhaust. Internet Assigned Numbers Authority (IANA) has given lot of thought on the current scenario and hence concept of migration to IPv6 has come into picture.

 Well, where does NAT64 come in all this discussion going on? If you didn't realize most of our network is attached to IPv4 address space. With emerging of new network of IPv6 , intercommunication with older IPv4 systems will be a potential problem. Both IPv6 and IPv4 have entire different architecture  plus the translation isn't symmetric, i.e., IPv6 address space is a lot larger than IPv4 address space [read more]. This is where NAT64 comes to the rescue.

So What exactly is NAT64? NAT64 is address translation mechanism that facilitates IPv6 network to communicate with IPv4 network and vice-versa. TAYGA implements NAT64.
TAYGA! Now what's this?

 TAYGA is stateless implementation of NAT64. It is a daemon that performs translation of packets between IPv4 and IPv6. TAYGA is coded in C language .

What is our role in this ?

 As we know, TAYGA is a stateless implementation. What we plan to do as a part of our project is to make it stateful.

 Ahh! Now what is the difference between TAYGA stateless and TAYGA stateful?

 In brief, currently TAYGA is implemented in such a way that it performs transparent mapping ,that is 1 to 1 mapping. For every IPv6 it assigns an IPv4 address. To make it  Stateful, we are going to make N:1 mapping by maintaining the state via port number and IP address combination. Follow our blog to keep yourself posted.

 Want to enhance further understanding, to dive in deeeeeeeeep refer to.
Want to try it out  practically ?
Download TAYGA source code from here.

Posted by at No comments:
Subscribe to: Posts (Atom)