IETF Logo Mail Archive

Re: [BEHAVE] Comments on draft-bagnulo-behave-nat64-00

marcelo bagnulo braun <marcelo@it.uc3m.es> Wed, 23 July 2008 13:43 UTC

Return-Path: <behave-bounces@ietf.org>
X-Original-To: behave-archive@optimus.ietf.org
Delivered-To: ietfarch-behave-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8A6973A69F4; Wed, 23 Jul 2008 06:43:27 -0700 (PDT)
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 151D63A69FC for <behave@core3.amsl.com>; Wed, 23 Jul 2008 06:43:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.715
X-Spam-Level:
X-Spam-Status: No, score=-3.715 tagged_above=-999 required=5 tests=[AWL=0.047, BAYES_00=-2.599, RCVD_BAD_ID=2.837, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KXvnCsTPy3Po for <behave@core3.amsl.com>; Wed, 23 Jul 2008 06:43:25 -0700 (PDT)
Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.176.131]) by core3.amsl.com (Postfix) with ESMTP id A30353A69BA for <behave@ietf.org>; Wed, 23 Jul 2008 06:43:24 -0700 (PDT)
Received: from dummyhost25.it.uc3m.es (dummyhost14.it.uc3m.es [163.117.139.225])by smtp01.uc3m.es (Postfix) with ESMTP id D85EA7DA612;Wed, 23 Jul 2008 15:44:05 +0200 (CEST)
Message-ID: <488735A5.6050200@it.uc3m.es>
Date: Wed, 23 Jul 2008 15:44:05 +0200
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421)
MIME-Version: 1.0
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
References: <48839533.90507@piuha.net> <85756727-1F7B-483B-9244-72E315F16F45@muada.com> <4883A129.1030101@it.uc3m.es> <4883E223.50306@gmail.com> <48842F40.6080307@it.uc3m.es> <48852072.6080307@gmail.com>
In-Reply-To: <48852072.6080307@gmail.com>
X-imss-version: 2.051
X-imss-result: Passed
X-imss-scanInfo: M:B L:N SM:2
X-imss-tmaseResult: TT:1 TS:-35.1125 TC:1F TRN:77 TV:5.5.1026(16048.007)
X-imss-scores: Clean:100.00000 C:0 M:0 S:0 R:0
X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000)
Cc: Jari Arkko <jari.arkko@piuha.net>, behave@ietf.org, Dave Thaler <dthaler@windows.microsoft.com>
Subject: Re: [BEHAVE] Comments on draft-bagnulo-behave-nat64-00
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Sender: behave-bounces@ietf.org
Errors-To: behave-bounces@ietf.org

Brian E Carpenter escribió:
> Hi Marcelo,
>
> On 2008-07-21 18:40, marcelo bagnulo braun wrote:
>   
>> Brian E Carpenter escribió:
>>     
>>> On 2008-07-21 08:33, marcelo bagnulo braun wrote:
>>>  
>>>       
>>>> Iljitsch van Beijnum escribió:
>>>>    
>>>>         
>>>>> On 20 jul 2008, at 21:42, Jari Arkko wrote:
>>>>>
>>>>>      
>>>>>           
>>>>>> However, I'd be interested in learning more about what Iljitsch
>>>>>> mentioned about current devices not allowing v4-mapped addresses on
>>>>>> the wire. As Dave mentioned, RFC 2765 uses them, and a quick test on
>>>>>> the Linux box that I'm writing this e-mail on shows that I can use
>>>>>> these addresses on the wire. Can you be more specific about what
>>>>>> problems you expect, and where, Iljitsch?
>>>>>>         
>>>>>>             
>>>>> IIRC, Itojun was _extremely_ vocal about not allowing these on the
>>>>> wire, and I think he got some traction in this area from at least some
>>>>> of the *BSD people.
>>>>>
>>>>> Also, stacks implement special case logic for these addresses as they
>>>>> must result in IPv4 packets when the host is dual stack, I don't know
>>>>> if this logic is still applied if the host is running IPv6-only, or
>>>>> normal IPv6 packets are generated.
>>>>>
>>>>>       
>>>>>           
>>>> see http://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
>>>>     
>>>>         
>>> Exactly. This prefix has implied semantics, and worse, it has
>>> *ambiguous* implied semantics: one version for NAT[-PT|64]
>>> and another for the dual-stack socket API.
>>>
>>> For NAT64, I think we're reducing topological flexibility by using this
>>> prefix, as well as ignoring the ambiguity. If an arbitrary prefix is
>>> allowed, the NAT64 doesn't have to be in the same administrative domain
>>> as the host.
>>>   
>>>       
>> why would it have to be in the same domain as the host if we use the
>> v4-mapped prefix?
>>     
>
> Well, it's really a rather strange sort of anycast prefix, and I can't
> see ISPs being willing to carry explicit routes for it from other ISPs.
> Obviously it's technically possible, but I don't see it as likely
> to happen.
>   

ah, i understand your point now
i was thinking that it is perfectly possible for an ISP to announce the 
prefix to its customers, and i didn't see any problem with that, even 
though they are different admin domains (do you see a problem with that?)

i do understand that it is unlikely that an isp would announce the v4 
mapped prefix to another isp in a peering relationship (it would be 
possible in a transit relationship i think even between isps)  (it would 
be similar to announce the default prefix between isps)

But, in that perspective, i think this also applies to any prefix we 
use. I mean, what seems strange to me is that an isp announces a prefix 
that sinks packet to all the v4 internet to a peer. Actually using the 
pref64 as part of the ISP prefx would end up with the need to perform 
proper filtering, cause a peer isps could send packets with destiantion 
addres containing pref64, that would result in transti to the v4 
internet, which would violate the peering arrangements. So, in a 
different words, i think the argument you raise is more problematic if 
we use the pref64 local that if we use the v4 mapped prefix
>   
>>> I suggest therefore having a default prefix plus the option to discover
>>> or configure an alternative.
>>>
>>>   
>>>       
>> but if we use other prefix than the v4-mapped prefix, it is not in the
>> default policy table and then we loose the capability mentioned by Dave
>> of automatically preffering native connectivity in dual stack hosts,
>> which i find very attractive
>>     
>
> Agreed, unless there is a non-default policy in place.
>   
but you need to configure that and this is more expensive than using the 
default one

it is possible and doesn't require software update, but it is more expensive

>   
>> OTOH, an additional fear that i have using a single globa prefix for
>> respresenting the whole v4 address space is that we may end up needing
>> to use more specifics, if we want to reach different parts of the v4
>> internet through different routes, hence importing the v4 routing table
>> to v6, but i don't know if you think there is any ground for this
>> concern...?
>>     
>
> Well, we had exactly that concern when designing 6to4, which is why
> nothing more specific than 2002::/16 is supposed to be advertised.
> You can always write a MUST NOT and hope people obey it ;-)
>
>   
ok

> But 6to4 breaks when the IPv4 network fragments into IPv4 islands.
> I'm not sure that we want NAT64 to break then.
>
>   
i am not sure i understand this point (not sure i understand what do you 
mean for 6to4 and not sure how it would apply to nat64, sorry, could you 
expand?

thanks, marcelo


>    Brian
>
>
>   

_______________________________________________
Behave mailing list
Behave@ietf.org
https://www.ietf.org/mailman/listinfo/behave

v2.23.0 | Report a Bug | By Email