Fwd: icmp encapsulation

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/osmocom-net-gprs@lists.osmocom.org/.

Pau Espin Pedrol pespin at sysmocom.de
Thu Feb 1 13:46:33 UTC 2018 

> After the NAT two IP (IP1 and IP2) will be IPnat, but the NAT maps the 
> IP1 and IP2 to the port range. Since, there is no port in ICMP, both IP1 
> and IP2 will be go to uplink as IPg and but on the return there must be 
> problem for NAT machine to traverse the two different paths from IPnat 
> to IP1 and IPnat to IP2. I looked into the ICMP header and observed the 
> packets have different identifiers. So, NAT machine must be using the 
> identifies to reverse the packets.

That's indeed more like a generic ICMP NAT question than a GTP related 
one. I guess the NAT is going to be using the identifier and changing it 
to make sure they are unique on the outside world so it can match them 
when they come back. You can have a look at netfilter stack in the 
kernel to see what's it doing when NATing ICMP packets.

> Anyways, in my case the *IP1=IP2* (In my experimental architecture, the 
> GGSN will not be assigning distinct IP for each host. Instead, GGSN will 
> assign 1 IP address for 32 hosts (seems like NAT). My configuration is 
> probably out of standard architectures, but I need to understand how 
> would gtp handle matching these two pdp contexts. I have tried this 
> configuration, pinging from two different host with same IP and it was 
> successful!

Which GGSN implementation are you using? osmo-ggsn should not allow you 
to do that afaict. Why are you assigning the same IP to different hosts 
/ pdp ctx ? I'm not sure because I don't know GTP in detail, but from my 
current knowledge I'd say that this is not a correct setup.

If you plan to have several computers under a given pdp ctx, then use a 
NAT before sending them to the SGSN, this way the NAT will take care of 
maintaining correct fields for each ICMP packet coming from different hosts.


-- 
- Pau Espin Pedrol <pespin at sysmocom.de>         http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschaeftsfuehrer / Managing Director: Harald Welte

More information about the osmocom-net-gprs mailing list