Charitha - I thought stateful implementation of TAYGA was going to be easy..!
Ankur - I know, when i looked at the number of files in the source code, it seemed so less. But nevertheless, this is an important project considering the fast depletion of IPv4 addresses. Hopefully it will be useful to people.
Charitha - That is true. The current version of TAYGA, which currently supports stateless NAT64 implementation uses TUN driver to exchange packets with the kernel. TAYGA maps IPv6 address to IPv4 address. But this mapping is 1:1. All we need to do it make this mapping N:1.
Ankur - You mean N number of IPv6 addresses have a single IPv4 address associated with it?
Charitha - Yes. By the way how did you install and see its working?
Ankur - Aha..! I downloaded the source from the website and did a normal installation as specified in the ReadMe. Initially I wasn't sure about the mapping is actually made. But it turned out to be quite simple.
TAYGA first creates a NAT64 network interface.
sudo tayga --mktun
It directs set of IPv6 addresses to the network interface(NAT64). Lets say 2001:db8:1:ffff::/96(prefix). Also it has a pool of IPv4 addresses(192.168.255.0/24). So this is how it works.
If I ping to an address assigned to any network interface in the system, say 192.168.0.1, I need to ping from an IPv6 source to address 2001:db8:1:ffff::192.168.0.1 . TAYGA translates this packet to an IPv4 packet. It picks an IPv4 address from its pool(192.168.255.0/24) dynamically, unless specified statically in the config file and records this mapping.
Source IPv6 client to 2001:db8:1:ffff::192.168.0.1
192.168.255.x to 192.168.0.1
Reverse order is used when sending packet back from IPv4 address to IPv6 address.
Look at this for instance.
Charitha - Oh..! Does this mean that first and IPv6 client has to initiate the connection? And how did you see the functioning you just described?
Ankur - Yes, thats true. I used wireshark. The information was pretty detailed.
Ankur - But how do we plan to make it stateful?
Charitha - As you said, currently what TAYGA is doing is when you get a new hit from IPv6 network side it assigns a new IPv4 address from pool of IPv4 address .
The response from IPv4 network side is attached with the NAT64 IPv6 prefix to get a valid IPv6 address and this packet is sent IPv6 destination.
In brief How we could change this is when we get new request from IPv6
generate a port number attach IPv4 to it.The IPv6 packets from same source will go to same mapping.In case a new IPv6 request is encountered a new port number is generated and same IPv4 is attached to it. We'll maintain this table in TAYGA. It is like multiplexing many IPv6 devices into a single IPv4 address.
Ankur - Time to dive into the code..!
It is not necessary that first connection should e started from IPv6 client. It can very well be started from IPv4 side. Also, the address mapping can be statically fixed or determined at runtime by picking up the addresses from the pool.
ReplyDeleteInteresting thing to understand is how it works when pool addresses are over. Further, how long an address will be considered allocated out from the pool even if it being not used at all.
Does it monitor any traffic to ensure that address taken from pool is being used or can it be assigned to other nodes.