Feature #11901
closed
Add MAP-E port set (PSID) support to manual outbound NAT rules
Added by Kent Morwath about 5 years ago.
Updated 25 days ago.
Description
The depletion of IPv4 addresses is forcing many ISPs, especially new ones, to migrate to IPv6 networks while supporting IPv4 using transition mechanism built on IPv6 (IPv4aaS - IPv4 as a Service), like MAP-T, MAP-E, 464XLAT and others (see RFC8585). Fibre and FTTH-GPON deployments are accelerating this changes, as new ISPs are entering the market but can't source IPv4 blocks large enough, and IPv6 based transition technologies are more appealing than IPv4-based ones like a dual stack with CG-NAT.
In Europe, Sky Italia (Comcast owned) will switch from a dual stack implementation used till now to a IPv6 + MAP-T network from August 2021. Others may follow, especially local ISPs offering specific services for the SMB market. Italy is a country where users have a right to use their own CPEs regardless of what the ISP provides - but the CPE must be able to comply with common standards used by the ISP network. Without MAP-T support, pfSense won't be able to obtain a IPv4 address and access IPv4-only destinations.
Please add MAP-T and other transitional technologies support as soon as possible.
- Status changed from New to Needs Patch
Unlikely this would come to pfSense since AFAIK there isn't any implementation of MAP for FreeBSD/pf. If someone wants to create one, then perhaps it could be considered.
TNSR supports MAP, however it can only act as a BR and not a CE.
I fully understand the lack of upstream support. Right now MAP- CPE support is very rare - one of the very few implementations I'm aware of is from the OpenWRT project. Don't know if it could be ported to pfSense, and with what effort. Another Linux implementation is Jool (https://github.com/NICMx/Jool)
As I had many people asking about pfSense support, at least this entry will track the status inside the pfSense project - thank you.
- Assignee set to Christian McDonald
- Status changed from Needs Patch to In Progress
- Project changed from pfSense to pfSense Plus
- Category changed from Interfaces to Rules / NAT
- Status changed from In Progress to Pull Request Review
- Target version set to 26.07
Initial (experimental) support for MAP-E is ready for review and testing. This first pass is a barebones implementation that just exposes the underlying pf `map-e-portset` NAT option through the Web Interface. A more complete implementation likely wants an entirely new IPv4 interface type that can handle automatically creating the GIF tunnel, firewall/NAT rules, and routing.
https://gitlab.netgate.com/pfSense/factory/-/merge_requests/192
- Subject changed from Add MAP-T/MAP-E support to pfSense to Add MAP-E port set (PSID) support to manual outbound NAT rules
- Status changed from Pull Request Review to Feedback
- Target version changed from 26.07 to 26.03.1
This will land as experimental in 26.03.1
- Status changed from Feedback to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by