MAP (Mapping of Address and Port)

Theory

MAP is an evolution of DS Lite. The idea behind MAP is that the NAT44 function moves to the CPE. Using algorithmic mapping of IPv4 into IPv6 (MAP-T), or encapsulation of IPv4 into IPv6 (MAP-E), the NATed IPv4 traffic is tunneled in an IPv6-only network to the BR (border relay). The BR knows the algorithm that is being used, so the BR is now stateless.

Both DS Lite and MAP allow a service provider to phase out IPv4 in their internal network, or deploy greenfield IPv6-only networks. Customers using IPv4 must still traverse the IPv6-only network during the transition period. DS Lite and MAP transport the customer IPv4 traffic over an IPv6-only service provider access network.

MAP with Encapsulation mode. This is very similar to DS Lite, except the NAT44 function moves from the BR to the CPE. The BR forwards statelessly.

MAP-T (Translation)

In this transport mode, the IPv4 traffic is translated into IPv6 in a similar manner to 6RD. It is an algorithmic translation so that the BR can statelessly translate from IPv6 to the IPv4 address and vice versa on return traffic. This adds 20 bytes to the packet (IPv6 header is 40 bytes and IPv4 is 20 bytes. By translating the IPv4 header into IPv6 you add 20 bytes).

MAP-E (Encapsulation)

In this transport mode, the IPv4 traffic is encapsulated in an IPv6 header. This adds 40 bytes to the packet. The BR extracts the original IPv4 packet and forwards it natively. For return traffic, the BR algorithmically determines the IPv6 destination and tunnels the packet back to the CPE.

Stateless Nature

The beauty of MAP is its stateless nature. DS Lite requires a CGNAT device that has to hold a lot of state for all the translations it performs. In contrast, the BR in MAP simply does stateless translation. Due to the algorithmic nature of the mapping between IPv4 and IPv6 there is no state for the BR to hold. This is similar to 6to4 and 6RD.

Shared IPv4 Addresses

How do multiple separate CPEs preform NAT using a single shared IPv4 address?

The answer is that each CPE only uses a defined set of source ports. 50 different CPEs can share a single public IPv4 address as long as each one only uses a unique range of source ports when source NATing customer traffic.

The port range each CPE uses are also algorithmically determined in order to keep everything stateless. The port range is called the PSID (port set indentifier) which we will see in more detail soon.

Customer IPv6 traffic

Just like in DS Lite, customer IPv6 traffic flows natively.

How it works

Let’s dive into how this algorithmic stateless mapping actually works. In order to keep everything stateless, there are “rules” that the CPE and BR use to base everything off of algorithmic calculation instead of keeping state.

MAP Domain

Each deployment needs a MAP domain. A MAP domain includes the following parameters. These are learned by the CPE via DHCPv6.

Rule IPv6 Prefix
- This is the overall IPv6 block that is used to assign end user prefixes.
Rule IPv4 Prefix
- This is the pool of public IPv4 addresses that will be shared among the CPEs. This is essentially just the IPv4 source NAT pool.
EA (Embedded Address)
- This is used in the algorithm to determine the mapping of the address and the ports. This is just a value representing the number of bits to use in the algorithm. This is how the CPE determines what public IPv4 address to use out of the pool, and which source ports to use for NAT.
BR Address or Prefix
- For MAP-E, this is the BR address. IPv4 traffic is encapsulated in IPv6 with the BR as the destination.
- For MAP-T, this is the BR prefix. This is very similar to the prefix used for translation in 6RD. In 6to4 it is the well-known prefix of 2002::/16. The IPv4 destination address is embedded into an IPv6 address using the BR prefix.

Port range calculation:

This is done using the PSID (Port Set ID). The PSID is determined algorithmically based on the IPv6 prefix delegation which we will see below. This is not advertised in DHCPv6. The PSID is used in a formula to determine which ports are available to the CPE for source NAT.

Example CPE scenario

IPv6 prefix delegation (via DHCPv6) = 2001:db8:819::/48
Rule IPv6 Prefix = 2001:db8::/32
Rule IPv4 Prefix = 192.0.2.0/24
EA length = 16

Notice that the PD is a /48 and the rule IPv6 prefix is a /32. There are 16 extra bits in the PB compared to the rule prefix. This is our EA. The 16 extra bits of the PD (0x819) are used to calculate the public IPv4 index and the PSID value.

Because the IPv4 prefix is a /24, which leaves us with 8 host bits, the first 8 bits of the “extra bits” in the PD is the index of the IPv4 address. The remaining bits are the PSID value.

819 in binary is 0000 0011 0011 0011
0000 0011 = 3, the CPE calculates that the IPv4 address is 192.0.2.3 (192.0.2.0/24 with an index of 3)
0011 0011 = 51 which is the PSID value

The PSID value is then used to determine the available source ports to use. The math behind this is a little more complicated and not really worth going into, but the RFCs do detail this if you’d like to see.

Conclusion

MAP uses somewhat complex formulas to algorithmically map between IPv4 and IPv6. MAP moves the NAT44 function off the BR (as it is in DS Lite) and onto the CPE.

Multiple CPEs share a single public IPv4 address, so each CPE receives a port mapping of available source ports they can use for NAT.

The BR is aware of the formula to determine the port mapping, and can therefore do stateless translation between IPv4 and IPv6.

This topic was quite complex for me. I had to spend 2-3 days reading the RFCs and watching Jordan Gottlieb’s presentations. I highly recommend multiple readings and viewings to really understand how this works.