[support] Re: [Dsmip] NAT Traversal is not working as mentioned in DSMIPv6 draft

manish Jamwal manish.jamwal at gmail.com
Tue Mar 3 14:23:40 JST 2009 

Hi Nassim

Thanks for your reply. As per your previous mail, I added the Xfrm policy
and states to UDP encapsulate data packets, when MN moves to IPv4 FL. But
still the data packets are not getting udp encapsulated. For verification, I
am pinging egress interface of HA. The added Xfrm policy and state on MN
side is mentioned below. If I am adding wrong policy and state,
please correct me on this....


*Xfrm Policy on MN:*
src 192.168.4.249/32 dst 0.0.0.0/0 proto udp
        dir out priority 2
        tmpl    src 192.168.4.249 dst 0.0.0.0
                proto 166 spi 0x00000000 reqid 0 mode tunnel
                level use

*Xfrm State on MN:*
src 192.168.4.249 dst 0.0.0.0
        proto 166 spi 0x00000000 reqid 0 mode tunnel
        replay-window 0
        encap (not implemented yet!)
        sel src ::/0 dst ::/0

Regards
Manish Jamwal


On Sat, Feb 28, 2009 at 1:06 PM, Nassim Kobeissy
<nassim.kobeissy at gmail.com>wrote:

>
>
> On Sat, Feb 28, 2009 at 8:17 AM, manish Jamwal <manish.jamwal at gmail.com>wrote:
>
>> Hi Nassim/Kien
>> Thanks for your response. I called the below mentioned functions in ha.c
>> file for adding and deleting xfrm policy and states for UDP encapsulation of
>> BA packets. Now I am able to see UDP encapsulated BU/BA packets.
>>
>> For adding policy and state, called *udpencap_encap_out_traffic_**start()
>> * from *ha_recv_bu_worker()* routine inside the  *if (out.nat_info) {} *
>> condition.
>> For deleting policy and state, called *udpencap_encap_out_traffic_end()*from
>> * home_cleanup()* routine.
>>
>> Currently data packets are not getting UDP encapsulated in IPv4 network,
>> when NAT is detected. But it is mentioned in draft
>> (draft-ietf-mext-nemo-v4traversal-08.txt) that *if NAT device was in the
>> path and the NAT detection optionis included in the binding
>> acknowledgement.  The binding acknowledgement, and all future packets,
>> should then encapsulated in UDP and IPv4.*  I need some pointers on how
>> to UDP encapsulated data packets, when NAT is detected.
>>
>> Can we add xfrm policy/state for data packets? Currently according to my
>> understanding this is not looking feasible, as we do not know the dst
>> endpoints before hand to add policy/state.  At present I am not focusing on
>> multiple CoA addresses behind NAT device.
>>
>> Regards
>> Manish Jamwal
>>
>>
>> Hi Manish,
> I had the intention to implement complete NAT Traversal, however, i am no
> more working on the project. I had some ideas but they need to be tested and
> validated.
>
> You can/must add policies/states for data packets. you can specify the
> source address in the selector with any destination for outgoing packets on
> the MN for example. For packets send by the MN it self, this MUST be easy.
> For MNN packets, i am not sure... The MN ( MR in this case) receives the MNN
> packets then it sends them into the UDP "tunnel". If you solve this
> FORWARDING stuff, then, i imagine that next steps are easier.
> Same holds for HA. you set the source address to any and the destination to
> the MN/MR and the list of MNNs. (policy/state by dst address)
>
> Best regards
> Nassim
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ml.nautilus6.org/pipermail/support/attachments/20090303/e5594dc6/attachment-0001.htm

More information about the Support mailing list