Loose End Message Routing Method for NATFW NSLP

1
Loose End Message Routing Method for NATFW NSLP

• IETF 61- November 2004
• draft-stiemerling-nsis-natfw-mrm-00.txt
• Martin Stiemerling
• stiemerling_at_netlab.nec.de

2
Background

• Data receiver behind a NAT
• Must learn its public reachable IP address/port
  number
• A NAT must be found somewhere upstream

3
NATFW NSLP 1/2

• Create a NSLP REA message
• Create a NTLP message with
• Direction downstream
• Source DR
• Destination DS or DS
• DS is often not known in advance
• SIP
• Must use DS (Opportunistic Address)
• Any address outside your network
• Or a proxy address
• Send message like a CREATE message

4
NATFW NSLP 2/2
DS
5
Pros and Cons

• Easy solution from the first days
• Creates not needed states at Firewalls
• Security associations created where not needed
• Somehow a hack regarding the NTLP
• Message sent wrong way
• Flow parameters are not the real onces

6
Loose End MRM
DS
7
Pros and Cons

• Semantically clean solution
• Creates only state at NATs
• Security association must only be done between
  NATs
• NTLP should get an extension
• A signal-to address for DS
• Indicates that this not the real NI address

8
Thank you! Questions?