IETF Logo Mail Archive

Re: [BEHAVE] [NAT64] Hairpinning loop

marcelo bagnulo braun <marcelo@it.uc3m.es> Sun, 22 November 2009 22:03 UTC

Return-Path: <marcelo@it.uc3m.es>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5C7C23A67DD for <behave@core3.amsl.com>; Sun, 22 Nov 2009 14:03:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.465
X-Spam-Level:
X-Spam-Status: No, score=-5.465 tagged_above=-999 required=5 tests=[AWL=-1.316, BAYES_00=-2.599, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MvMdyCo2ykCr for <behave@core3.amsl.com>; Sun, 22 Nov 2009 14:03:42 -0800 (PST)
Received: from smtp02.uc3m.es (smtp02.uc3m.es [163.117.176.132]) by core3.amsl.com (Postfix) with ESMTP id 737523A6882 for <behave@ietf.org>; Sun, 22 Nov 2009 14:03:42 -0800 (PST)
Received: from marcelo-bagnulos-macbook-pro.local (unknown [95.18.31.38]) by smtp02.uc3m.es (Postfix) with ESMTP id E7A1D6C37D7; Sun, 22 Nov 2009 23:03:36 +0100 (CET)
Message-ID: <4B09B52C.1070405@it.uc3m.es>
Date: Sun, 22 Nov 2009 23:03:24 +0100
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Dan Wing <dwing@cisco.com>
References: <4AF34349.40503@viagenie.ca> <087601ca5e77$f24381b0$c6f0200a@cisco.com> <4AF49505.4070805@gmail.com><4AF56E69.9010401@viagenie.ca> <4AF5FE43.5020500@gmail.com><4AF600C3.9070202@gmail.com> <4B066721.7000002@it.uc3m.es> <025f01ca6a02$e2493d90$c2f0200a@cisco.com> <4B06CC79.9030500@viagenie.ca><027e01ca6a05$a5e501b0$c2f0200a@cisco.com><4B078C5F.709@cernet.edu.cn> <026101ca6afc$e2af90e0$376d6b80@cisco.com><000001ca6b16$0cfb0370$c2f0200a@cisco.com> <4B08F23B.70707@it.uc3m.es> <009001ca6bb3$803eae70$c2f0200a@cisco.com>
In-Reply-To: <009001ca6bb3$803eae70$c2f0200a@cisco.com>
Content-Type: text/plain; charset="GB2312"
Content-Transfer-Encoding: 8bit
X-TM-AS-Product-Ver: IMSS-7.0.0.3116-6.0.0.1038-17026.002
Cc: 'Xing Li' <xing@cernet.edu.cn>, draft-ietf-behave-address-format@tools.ietf.org, 'Behave WG' <behave@ietf.org>
Subject: Re: [BEHAVE] [NAT64] Hairpinning loop
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Nov 2009 22:03:44 -0000

Dan Wing escribió:
>  
>
>   
>> -----Original Message-----
>> From: behave-bounces@ietf.org 
>> [mailto:behave-bounces@ietf.org] On Behalf Of marcelo bagnulo braun
>> Sent: Sunday, November 22, 2009 12:12 AM
>> To: Dan Wing
>> Cc: 'Behave WG'; 
>> draft-ietf-behave-address-format@tools.ietf.org; 'Xing Li'
>> Subject: Re: [BEHAVE] [NAT64] Hairpinning loop
>>
>> Dan Wing escribió:
>>     
>>>> -----Original Message-----
>>>> From: behave-bounces@ietf.org 
>>>> [mailto:behave-bounces@ietf.org] On Behalf Of Dan Wing
>>>> Sent: Saturday, November 21, 2009 2:49 PM
>>>> To: 'Xing Li'
>>>> Cc: draft-ietf-behave-address-format@tools.ietf.org; 'Behave WG'
>>>> Subject: Re: [BEHAVE] [NAT64] Hairpinning loop
>>>>
>>>>
>>>>  
>>>>
>>>>     
>>>>         
>>>>> -----Original Message-----
>>>>> From: behave-bounces@ietf.org 
>>>>> [mailto:behave-bounces@ietf.org] On Behalf Of Xing Li
>>>>> Sent: Friday, November 20, 2009 10:45 PM
>>>>> To: Dan Wing
>>>>> Cc: draft-ietf-behave-address-format@tools.ietf.org; 'Behave WG'
>>>>> Subject: Re: [BEHAVE] [NAT64] Hairpinning loop
>>>>>
>>>>> Dan Wing 写道:
>>>>>       
>>>>>           
>>>>>>> -----Original Message-----
>>>>>>> From: Simon Perreault [mailto:simon.perreault@viagenie.ca] 
>>>>>>> Sent: Friday, November 20, 2009 9:06 AM
>>>>>>> To: Dan Wing
>>>>>>> Cc: 'marcelo bagnulo braun'; 'Brian E Carpenter'; 'Behave 
>>>>>>> WG'; draft-ietf-behave-address-format@tools.ietf.org
>>>>>>> Subject: Re: [BEHAVE] [NAT64] Hairpinning loop
>>>>>>>
>>>>>>> Dan Wing wrote, on 2009-11-20 11:59:
>>>>>>>     
>>>>>>>           
>>>>>>>               
>>>>>>>>> mmm, afaiu, if we filter incoming packet containing 
>>>>>>>>>         
>>>>>>>>>               
>>>>>>>>>                   
>>>>>>> Pref64::/n in the 
>>>>>>>     
>>>>>>>           
>>>>>>>               
>>>>>>>>> source address, then we don't have a loop problem.
>>>>>>>>>         
>>>>>>>>>               
>>>>>>>>>                   
>>>>>>>> I guess you're thinking 'loop problem' is avoidable by dropping
>>>>>>>> packets?  My worry is that if we drop packets like 
>>>>>>>>             
>>>>>>>>                 
>>>> that, we could
>>>>     
>>>>         
>>>>>>>> break an application that has no other means to contact 
>>>>>>>>             
>>>>>>>>                 
>>>>> its intended
>>>>>       
>>>>>           
>>>>>>>> peer.  For example, an application that only knows one IP 
>>>>>>>>       
>>>>>>>>             
>>>>>>>>                 
>>>>>>> address for
>>>>>>>     
>>>>>>>           
>>>>>>>               
>>>>>>>> its peer, and that IP address is on the 'far' side of the same
>>>>>>>> translator that both of them are using.
>>>>>>>>       
>>>>>>>>             
>>>>>>>>                 
>>>>>>> I don't understand what you're saying. We drop packets using 
>>>>>>> Pref64::/n as source.
>>>>>>>     
>>>>>>>           
>>>>>>>               
>>>>>> For stateful, yes, that makes sense.
>>>>>>
>>>>>> For stateless, I had understood the prefix of the translator
>>>>>> and the prefix of the hosts is the same, per the last sentence I
>>>>>> am quoting from
>>>>>>
>>>>>>         
>>>>>>             
>>>>> http://tools.ietf.org/html/draft-ietf-behave-address-format-01
>>>>> #section-3.3
>>>>>       
>>>>>           
>>>>>>    Organizations deploying stateless translation SHOULD 
>>>>>>         
>>>>>>             
>>>>> assign a Network
>>>>>       
>>>>>           
>>>>>>    Specific Prefix to their translation service.  Both "IPv4
>>>>>>    translatable" and "IPv4 Embedded" MUST be constructed as 
>>>>>>         
>>>>>>             
>>>>> specified in
>>>>>       
>>>>>           
>>>>>>    section 2.  "IPv4 translatable" addresses MUST use 
>>>>>>             
>> the selected
>>     
>>>>>>    Network Specific Prefix.  Both types of addresses SHOULD 
>>>>>>         
>>>>>>             
>>>>> use the same
>>>>>       
>>>>>           
>>>>>>    prefix. 
>>>>>>
>>>>>>   
>>>>>>         
>>>>>>             
>>>>> Yes. If both types of addresses (IPv4-translatable and 
>>>>> IPv4-converted) 
>>>>> use the same prefix, then the hairpin function is NOT required.
>>>>>       
>>>>>           
>>>> I disagree.
>>>>
>>>> The peer's IPv6 address could have been originally communicated
>>>> in SIP, XMPP, or whatever, but could have been discarded by an
>>>> IPv4-only SIP proxy, IPv4-only SBC, IPv4-only SIP endpoint, 
>>>> IPv4-only XMPP endpoint, or whatever.  And when the IPv6-only
>>>> endpoint finally receives the referral, it contains only an
>>>> IPv4 address.
>>>>
>>>> Thus, the IPv6 host will only know its peer's IPv4 address -- 
>>>> and does not know its IPv4 address.  Because it doesn't know
>>>> of the IPv6 host's address, the packet has to be sent to the
>>>> translator, and the translator needs to hairpin the packet.
>>>>
>>>> If we constrain the problem by declaring something like "IPv4
>>>> applications should not be discard IPv6 addresses", then I 
>>>> agree we don't need hairpinning in the translator.
>>>>     
>>>>         
>>> Or is it, maybe, that when the peer's IPv6 prefix and the 
>>>       
>> translator's IPv6
>>     
>>> prefix are the same, the peer's IPv4 representation is the 
>>>       
>> same as the
>>     
>>> translator's.  I think that must be the situation.  This 
>>>       
>> should be better
>>     
>>> described in the address-format document; instead of just a 
>>>       
>> SHOULD, describe
>>     
>>> that it causes normal IPv6 packet routing to allow two IPv6 hosts to
>>> communicate directly without going through the translator, 
>>>       
>> because each IPv6
>>     
>>> host (behind the translator) are effectively doing the same 
>>>       
>> function as the
>>     
>>> translator
>>>       
>> but wouldn't this require some mechanism in the IPv6 host to do this?
>>     
>
> If using DNS, and having a DNS-based referral, the DNS64 will give 
> it such an address -- thus, no change in the application.  
>   
but if they are using dns64, the host will not have to create the
address itself, so i am not sure how this relates to the hairpinning
case we were mentioning before. I mean, afiau, the hairpinning case
happens when the host is epxosed to the address directly.
Whent he host receives the fqdn, this is just another normal
communication where no need of hairpinning... am i missing something?

> If not using DNS64 (as described in draft-wing-v6ops-v6app-v4server),
> the application (or the underlying OS) needs to build its own IPv6
> destination address.  For that to work, the application (or the 
> underlying OS) needs to know the 6/4 translator's prefix in order
> to build its own IPv6 destination address.
>
>   

right, this is what i had in mind.

Regards, marcelo

> -d
>
>
>
>   
>> Regards, marcelo
>>
>>
>>     
>>>  (namely, putting the translator's IPv6 prefix [which is also the
>>> IPv4 peer's IPv6 prefix] in front of the IPv4 address [using
>>> wing-behave-learn-prefix and a translator-aware 
>>>       
>> application, or using DNS64]).
>>     
>>> -d
>>>
>>>
>>>   
>>>       
>>>> -d
>>>>
>>>>
>>>>     
>>>>         
>>>>> xing
>>>>>
>>>>>
>>>>>       
>>>>>           
>>>>>> -d
>>>>>>
>>>>>>   
>>>>>>         
>>>>>>             
>>>>>>> The IP address on the far side will be an IPv4 
>>>>>>> address, which one can
>>>>>>> express using an IPv6 address in Pref64::/n, but that will be 
>>>>>>> the destination,
>>>>>>> not the source.
>>>>>>>
>>>>>>> Simon
>>>>>>> -- 
>>>>>>> DNS64 open-source   --> http://ecdysis.viagenie.ca
>>>>>>> STUN/TURN server    --> http://numb.viagenie.ca
>>>>>>> vCard 4.0           --> http://www.vcarddav.org
>>>>>>>     
>>>>>>>           
>>>>>>>               
>>>>>> _______________________________________________
>>>>>> Behave mailing list
>>>>>> Behave@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/behave
>>>>>>
>>>>>>
>>>>>>   
>>>>>>         
>>>>>>             
>>>>> _______________________________________________
>>>>> Behave mailing list
>>>>> Behave@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/behave
>>>>>
>>>>>       
>>>>>           
>>>> _______________________________________________
>>>> Behave mailing list
>>>> Behave@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/behave
>>>>     
>>>>         
>>> _______________________________________________
>>> Behave mailing list
>>> Behave@ietf.org
>>> https://www.ietf.org/mailman/listinfo/behave
>>>
>>>   
>>>       
>> _______________________________________________
>> Behave mailing list
>> Behave@ietf.org
>> https://www.ietf.org/mailman/listinfo/behave
>>
>>     
>
>
>

v2.23.0 | Report a Bug | By Email