Re: [BEHAVE] [v6ops] protocols without need for ALG ?

[Toerless Eckert <eckert@cisco.com>]

On Fri, Jul 31, 2015 at 10:17:16PM +0200, Tore Anderson wrote:
> Yep, but be aware that with SIIT you will need to identify all
> the IPv6 endpoints you want the IPv4-only NOC folks to be able to
> access. These endpoints need either to be provisioned with an
> IPv4-translatable IPv6 address (traditional SIIT), or get an IPv4
> mapping provisioned on the protocol translator (SIIT-DC style
> deployment with EAMs).

The autonomic addressing plan proposed so far is that we'd have
very few eg; /112 prefixes (eg: one per so-called registrar),
and then eg: 16 bit of serial number. So you can see how easy this
would map with siit-eam. 

> You could also use Stateful NAT64 (RFC6146)
> with statically configured BIB entries to accomplish pretty much the
> same thing as the SIIT-DC approach, but you do get a lot of superfluous
> baggage that way (all the stateful connection/session tracking stuff).

Is there a Yang model for 4146 so i can beter understand what the
intended operator experience is ? ;-))

Yes, it does mention "static configured mapping" in three places in the
text, and i see in Cisco IOS implementation also the ability to
configure 1:1 IPv4<->IPv6 mappings, and i therefore guess that these
are the "static configured mappings" of 4146, but what i can't find
is any explanation why the operations of such entries would have
to be stateful at all. What would those 4146 entries do different than
stateless siit-eam /32 <-> /128 entries, and whats the "benefit" ? 

But obviously, in a network with 50,000 IPv6 nodes with ULAs,
i wouldn't want to set up an orchestration to configure 50,000
1:1 entries, even stateless, but rather a single /16 <-> /112
(or a few similar slightly longer prefixes). 

> BTW you asked about traceroute, and I don't think anyone answered, so:
> ICMPv6 packets originated by IPv6 hops behind the translator (that are
> not provisioned with an IPv4-translatable IPv6 address) will appear as
> originating from a "random" IPv4 address (which could repeat multiple
> times in the path).

Thanks.

> That could possibly be confusing to NOC staff, so
> I'd suggest giving the RFC6791 addresses descriptive PTR records in DNS
> ("this-apparent-ipv4-hop-really-represents-an-ipv6-router-in-the-autonomic-network-see-rfc6791.example.com").

Yepp. Haven't gotten around to all DNS recommendations, but given how
i am trying to see that full stateless mapping will suffice i hopefully
won't run intot hese problems.

> Let me know if you want some help or pointers on how to set up a
> stateless translator for testing purposes. Or you could use one of
> mine, as it works just as well over the public internet too (as long as
> the IPv6 endpoints you want to manage are numbered with globally
> reachable addresses). I'd be happy to assist.

Sure, please send me pointers offline, i'll take a look! 

Cheers
    Toerless