IETF Logo Mail Archive

Re: [BEHAVE] One comment on draft-korhonen-edns0-synthesis-flag-01

Rémi Després <remi.despres@free.fr> Tue, 05 October 2010 13:57 UTC

Return-Path: <remi.despres@free.fr>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BD0233A6F4E for <behave@core3.amsl.com>; Tue, 5 Oct 2010 06:57:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.442
X-Spam-Level:
X-Spam-Status: No, score=-1.442 tagged_above=-999 required=5 tests=[AWL=0.507, BAYES_00=-2.599, HELO_EQ_FR=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RCGSr3kMUPM9 for <behave@core3.amsl.com>; Tue, 5 Oct 2010 06:57:29 -0700 (PDT)
Received: from smtp21.services.sfr.fr (smtp21.services.sfr.fr [93.17.128.2]) by core3.amsl.com (Postfix) with ESMTP id 682DA3A6F88 for <behave@ietf.org>; Tue, 5 Oct 2010 06:57:28 -0700 (PDT)
Received: from filter.sfr.fr (localhost [127.0.0.1]) by msfrf2109.sfr.fr (SMTP Server) with ESMTP id 89A7070000BF; Tue, 5 Oct 2010 15:58:25 +0200 (CEST)
Received: from [192.168.0.20] (per92-10-88-166-221-144.fbx.proxad.net [88.166.221.144]) by msfrf2109.sfr.fr (SMTP Server) with ESMTP id E18D470000B7; Tue, 5 Oct 2010 15:58:24 +0200 (CEST)
X-SFR-UUID: 20101005135824923.E18D470000B7@msfrf2109.sfr.fr
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="iso-8859-1"
From: Rémi Després <remi.despres@free.fr>
In-Reply-To: <32742_1286280426_4CAB14EA_32742_16316_1_94C682931C08B048B7A8645303FDC9F327C0F6B2A5@PUEXCB1B.nanterre.francetelecom.fr>
Date: Tue, 05 Oct 2010 15:58:24 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <AAB49C95-7573-43E4-9693-3FE59E3CF393@free.fr>
References: <AANLkTims-Jo83uddVzb-fjiF12oLicY2rEMMDNNMKg4X@mail.gmail.com> <068001cb63f4$36347a50$a29d6ef0$@com> <EFC90BF77CDE8E4983351B6D9FCFD4DF03ED52@TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com> <18034D4D7FE9AE48BF19AB1B0EF2729F5F03ED089B@NOK-EUMSG-01.mgdnok.nokia.com> <883C56A8-6D8B-4600-B264-3B64236B6EE3@free.fr> <32742_1286280426_4CAB14EA_32742_16316_1_94C682931C08B048B7A8645303FDC9F327C0F6B2A5@PUEXCB1B.nanterre.francetelecom.fr>
To: mohamed.boucadair@orange-ftgroup.com
X-Mailer: Apple Mail (2.1081)
Cc: "behave@ietf.org" <behave@ietf.org>, "washam.fan@gmail.com" <washam.fan@gmail.com>, "dwing@cisco.com" <dwing@cisco.com>
Subject: Re: [BEHAVE] One comment on draft-korhonen-edns0-synthesis-flag-01
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Oct 2010 13:57:30 -0000

Hi Med,

Comment below.

Le 5 oct. 2010 à 14:07, <mohamed.boucadair@orange-ftgroup.com> a écrit :
> ...
> In hosts that access Internet via IPv6-only-routing networks, knowing the NAT64 prefix is indeed useful to synthesize IPv6 addresses of IPv4 referrals, as indicated in the draft. But it also permits hosts to recognize which incoming connections were originated by IPv4-only remote hosts. This permits to present them as IPv4 connections as the socket API. 
> 
> Med: This approach can be useful to avoid a NAT64 only if the NAT64 is located in the same domain as the IPv6 client.

Well, this approach isn't really to "avoid" NAT64, it is rather to improve IPv4 connectivity across them.
It doesn't concern scenarios where it is useful to know whether remote ISPs operate 64s or not.

The question at hand is only "If an ISP only routes IPv6 and supports NAT64/DNS64, what should it provide to its customers for IPv4 connectivity to be good enough." 


Different considerations apply to incoming and outgoing host connections.

An INCOMING connection via a NAT64 implies that the NAT64 maps some IPv4 address (or address + port prefix, or address + port) to the host IPv6 address. The mapping may be static or the result of some hole punching in the NAT, but it has to preexist. 
If the host knows the IPv6 prefix used in its local-ISP NAT64,  it can recognize which incoming connections come from IPv4-only hosts, and use that information. 

For an OUTGOING connection to an IPv4-only host:
- If its destination address is obtained from the DNS, the local DNS64 has synthesized the address. Knowing the NTA64 prefix of its local ISP, the host can determine that the destination is IPv4-only.
- If the destination address is NOT obtained from the DNS, it has, to be made in the same way to all hosts, to be an IPv4 referral. It can be locally translated to an IPv6 destination by prepending to it the NTA64 prefix of its local ISP (a point of draft-korhonen).

Are there other important NAT64 scenarios for the v4tov6transition?
Not in my understanding, but an explanation of what would be missing would of course be welcome.


Kind regards,
RD

> Please refer to http://tools.ietf.org/html/draft-xu-behave-hybrid-type-prefix-00#section-1.1 for more details. Note that referrals will fail if the synthesised IPv6 address does not belong to the same domain as the IPv6-only host.
> FWIW, a DHCPv6 option to provision an IPv6-enabled host with an IPv6 prefix and a format to use when synthesising an IPv4-Converted IPv6 address is described in http://tools.ietf.org/html/draft-boucadair-dhcpv6-shared-address-option-01#section-4 (this option has been defined for encapsulation schemes where we don't have the referral issue. New format type values can be defined according to the behave address format ID).
> 
> Point 3, is IMHO a simple approach to eliminate conflicts between NAT64s and IPv4-only or dual-stack applications.  
> 
> Regards,
> RD   
> 
> 
> 
> 
> Le 4 oct. 2010 à 22:41, <teemu.savolainen@nokia.com> <teemu.savolainen@nokia.com> a écrit :
>> ...
>> The idea behind this draft is to describe the lightest solution possible and one that does not require new elements on the network (to access networks or to the server side). I think this could be implemented e.g. in a browser that wishes to increase its chances of success when encountering IPv4 literals in IPv6-only networks, or e.g. by a DNS resolver service in an OS. Introducing STUN would require that someone would have to operate it and it would introduce additional protocol into play (e.g. support to browser/OS).
>> 
>> The DNS approach would probably also allow some level of caching (in a host or in a recursive DNS server) hence generating less traffic.
> 
>> The I-D is Informational (for now) as the lightweight solution should not require any standards work:)
> 
> (*)
> 
>> (If IANA would define a well-known name should it then be STD?) The other, more explicit and more reliable, proposals are then the ones that require something from the infrastructure (and are for STD).
>> 
>> Best regards,
>> 
>> Teemu
>> 
>>> -----Original Message-----
>>> From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] On
>>> Behalf Of ext Christian Huitema
>>> Sent: 04. lokakuuta 2010 22:36
>>> To: Dan Wing; 'Washam Fan'; behave@ietf.org
>>> Subject: Re: [BEHAVE] One comment on draft-korhonen-edns0-synthesis-
>>> flag-01
>>> 
>>> Dan,
>>> 
>>> I suppose your comment now applies to draft-savolainen-heuristic-nat64-
>>> discovery-00. The draft describes a heuristic for discovering the local
>>> NAT64, and the prefix used for address translation -- WKP or NSP. The
>>> draft does so by performing a "DNS query to a well-known IPv4 only
>>> domain name."
>>> 
>>> My main objection to this is the reliance on DNS for discovering
>>> network connectivity information. This will fail if the NAT64 does not
>>> operate a DNS64 translator, or if the local host gets its addresses
>>> from a different DNS server than the one tied to the NAT64, e.g.
>>> something like Open DNS.
>>> 
>>> Did the authors look at using STUN, or a variant of STUN, to perform
>>> this heuristic discovery?
>>> 
>>> -- Christian Huitema
>>> 
>>> 
>>> _______________________________________________
>>> Behave mailing list
>>> Behave@ietf.org
>>> https://www.ietf.org/mailman/listinfo/behave
>> _______________________________________________
>> Behave mailing list
>> Behave@ietf.org
>> https://www.ietf.org/mailman/listinfo/behave
> 
> 
> _______________________________________________
> Behave mailing list
> Behave@ietf.org
> https://www.ietf.org/mailman/listinfo/behave
> 
> *********************************
> This message and any attachments (the "message") are confidential and intended solely for the addressees. 
> Any unauthorised use or dissemination is prohibited.
> Messages are susceptible to alteration. 
> France Telecom Group shall not be liable for the message if altered, changed or falsified.
> If you are not the intended addressee of this message, please cancel it immediately and inform the sender.
> ********************************
>

v2.23.0 | Report a Bug | By Email