Port Control Protocol for DS-Lite
Citrix ADC appliances now support Port Control Protocol (PCP) for large scale NAT (LSN). Many of an ISP’s subscriber applications must be accessible from Internet (for example, Internet of Things (IOT) devices, such as an IP camera that provides surveillance over the Internet). One way to meet this requirement is to create static large scale NAT (LSN) maps. But for a very large number of subscribers, creating static LSN NAT maps is not a feasible solution.
Port Control Protocol (PCP) enables a subscriber to request specific LSN NAT mappings for itself and/or for other 3rd party devices. The large scale NAT device creates an LSN map and sends it to the subscriber. The subscriber sends the remote devices on the Internet the NAT IP address:NAT port at which they can connect to the subscriber.
Applications usually send frequent keep-alive messages to the large scale NAT device so that their LSN mappings do not time out. PCP helps reduce the frequency of such keep-alive messages by enabling the applications to learn the timeout settings of the LSN mappings. This helps reduce bandwidth consumption on the ISP’s access network and battery consumption on mobile devices.
PCP is a client-server model and runs over the UDP transport protocol. A Citrix ADC appliance implements the PCP server component and is compliant with RFC 6887.
Perform the following tasks for configuring PCP:
- (Optional) Create a PCP profile. A PCP profile includes settings for PCP related parameters (for example, to listen for mapping and peer PCP requests). A PCP profile can be bound to a PCP server. A PCP profile bound to a PCP server applies all its settings to the PCP server. A PCP profile can be bound to multiple PCP servers. By default, one PCP profile with default parameters settings is bound to all PCP servers. A PCP profile that you bind to a PCP server overrides the default PCP profile settings for that server. A default PCP profile has the following parameter settings:
- Mapping: Enabled
- Peer: Enabled
- Minimum map life: 120 seconds
- Maximum max life: 86400 seconds
- Announce count: 10
- Third Party: Disabled
- Create a PCP server and bind a PCP profile to it. Create a PCP server on the Citrix ADC appliance to listen for PCP related requests and messages from the subscribers. A Subnet IP (SNIP) address must be assigned to a PCP server to access it. By default, a PCP server listens on port 5351.
- Bind the PCP server to an LSN group of an LSN configuration. Bind the created PCP server to an LSN group of an LSN configuration by setting the PCP Server parameter to specify the created PCP server. The created PCP server can be accessed only by the subscribers of this LSN group.
Note: A PCP server for a large scale NAT configuration does not serve requests from subscribers that are identified from ACL rules.
To create a PCP profile by using the CLI
At the command prompt, type:
add pcp profile <name> [-mapping ( ENABLED | DISABLED )] [-peer ( ENABLED | DISABLED )] [-minMapLife <secs>] [-maxMapLife <secs>] [-announceMultiCount <positive_integer>][-thirdParty ( ENABLED | DISABLED )] show pcp profile <name>
To create a PCP server by using the CLI
At the command prompt, type:
add pcp server <name> <IPAddress> [-port <portNum|*>] [-pcpProfile <string>] show pcp server <name>
Sample Configuration for DS-LITE
In the following sample configuration, PCP server PCP-SERVER-1, with PCP settings from PCP-DSLITE-PROFILE-1, is bound to LSN group LSN-DSLITE-GROUP-1. PCP-SERVER-9 serves PCP requests from IPv4 subscribers behind B4 devices from network 2001:DB8::3:0/100.
add pcp profile PCP-DSLITE-PROFILE-1 -minMapLife 300 Done add pcp server PCP-DSLITE-SERVER-1 22.214.171.124 -pcpProfile PCP-DSLITE-PROFILE-1 Done add lsn client LSN-DSLITE-CLIENT-1 Done bind lsn client LSN-DSLITE-CLIENT-1 -network6 2001:DB8::3:0/100 Done add lsn pool LSN-DSLITE-POOL-1 Done bind lsn pool LSN-DSLITE-POOL-1 203.0.113.61 - 203.0.113.70 Done add lsn ip6profile LSN-DSLITE-PROFILE-1 -type DS-Lite -network6 2001:DB8::5:6 Done add lsn group LSN-DSLITE-PROFILE-1 -clientname LSN-NAT64-CLIENT-1 -ip6profile LSN-NAT64-PROFILE-1 Done bind lsn group LSN-DSLITE-GROUP-1 -poolname LSN-NAT64-POOL-1 Done bind lsn group LSN-DSLITE-GROUP-1 -poolname PCP-NAT64-SERVER-1 Done