Saturday, December 1, 2012

[IEFT Draft]: Manage and Enforce Polices for Devices Behind NAT

A new IETF draft by Mohamed Boucadair, France Telecom and Tirumaleswar ReddyPrashanth Patil, and Dan Wing (pictured), Cisco aim to provide granular policy management and enforcement for multiple devices behind a single NAT address.

"This document describes how to use PCP to retrieve the identify of a host behind a NAT. Two use cases are discussed and the PCP applicability is analyzed. This document extends PCP with a new OpCode: QUERY. The proposed mechanism is valid for all NAT flavors including NAT44, NAT64 or NPTv6".

The PCP (Port Control Protocol) QUERY opcode "can be used to query PCP-aware NAT to retrieve the Internal IP Address and Internal Port of a given mapping"

PCP Mapping IPv6 and IPv4 (Source: Cisco)

See "Using PCP to Reveal a Host behind NAT" - here.

No comments:

Post a Comment