Solution Model of Source Address Tracing for CGN

1. Solution Model of Source Address Tracing for CGN draft-zhang-v6ops-cgn-source-trace-00 Dong Zhang zhangdong_rh@huaweisymantec IETF 80, Prague

2. Derivation of the problem • Carrier-grade NAT (CGN) is the key function or device in the transition solutions, such as NAT444, DS-Lite and NAT64. • The NAT attribute of CGN is sharing the IPv4 public addresses between different subscribers. • draft-ietf-intarea-shared-addressing-issues

3. Why tracing the source address • Requirement-a • Application/service requirement • ISP provides some special and exclusive applications/services. They only serve for the subscribers. • When CGN is deployed, the server should be able to authenticate who is the right subscriber. (at this time, using the source address is infeasible) CPE-a 10.1.100.200 User-a 192.168.10.2 ISP CGN CPE-b 10.1.100.300 Internet User-b 192.168.20.2 Subscriber of X service Address pool 132.53.220.68 CPE-c 10.1.100.300 User-c 192.168.30.2 Server of X service

4. Why tracing the source address • Requirement-b • Policy and management requirement • ISP may set the policy and management based on user. For instance, value-added services charge only the users who subscribe the services depending on DPI. • But most of the DPI boxes working for value-added services can not support IPv6 well. Thus, it must be put outside CGN. User-a 2001:abcd:1234:1001::.2 ISP CGN/ NAT64 IPv4 Internet User-b 2001:abcd:1234:1002::.2 Subscriber of Y service Address pool 132.53.220.68 User-a 2001:abcd:1234:1003::.2 DPI device for Y service billing

5. Questions • Is this issue useful and valuable to work on? • Where should it go? • v6ops • Intarea • Behave

6. Thank you!