IETF Logo Mail Archive

Re: [BEHAVE] Comments on draft-bagnulo-behave-nat64-00

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 23 July 2008 23:22 UTC

Return-Path: <behave-bounces@ietf.org>
X-Original-To: behave-archive@optimus.ietf.org
Delivered-To: ietfarch-behave-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3FF033A6ADE; Wed, 23 Jul 2008 16:22:23 -0700 (PDT)
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 702103A6A95 for <behave@core3.amsl.com>; Wed, 23 Jul 2008 16:22:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YFwyZs9z2E-9 for <behave@core3.amsl.com>; Wed, 23 Jul 2008 16:22:18 -0700 (PDT)
Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.28]) by core3.amsl.com (Postfix) with ESMTP id A53A33A6A99 for <behave@ietf.org>; Wed, 23 Jul 2008 16:22:17 -0700 (PDT)
Received: by yx-out-2324.google.com with SMTP id 8so471489yxg.49 for <behave@ietf.org>; Wed, 23 Jul 2008 16:23:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :organization:user-agent:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=0Yiaw7zUipfWDcWiPCRbY4MhbfbaZKxBtzkzpDyv2eg=; b=wXuXwisBjaiuJ2ladAsP4AinyC+jWLcf80BsLaQkeYpxqmq/oNzlo7wLLn4ROyRn0J LDu0B8uKBje0LdbTZStrHXNynGHQnnS2QqqlfzCKXoxQ25b/VLSyaXEAn8XdU1a6SPx9 olUXQdbGzhAbs7RYV6DMCfYho1mEPhqJP7rAA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=UKwJMbg66NdWmgazcQD81EzCiXYYdcWlkJv8HxOS5r9+ks2SYPWKo9kt/XqfT0fORg I/ML8cQ9DNTGVJG+u39JdP4+4S7p6L2326Jm6w2NYe7zmzZcpgNt4pq31ZVmqFUr56hR YrpTl+WnwhIn+GOJbY1uZIDuXiLMbjf3DJqrU=
Received: by 10.150.124.2 with SMTP id w2mr379181ybc.170.1216855380384; Wed, 23 Jul 2008 16:23:00 -0700 (PDT)
Received: from ?130.216.38.124? ( [72.14.241.153]) by mx.google.com with ESMTPS id f24sm9384911pyh.21.2008.07.23.16.22.56 (version=SSLv3 cipher=RC4-MD5); Wed, 23 Jul 2008 16:22:59 -0700 (PDT)
Message-ID: <4887BD55.8060204@gmail.com>
Date: Thu, 24 Jul 2008 11:23:01 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: marcelo bagnulo braun <marcelo@it.uc3m.es>
References: <48839533.90507@piuha.net> <85756727-1F7B-483B-9244-72E315F16F45@muada.com> <4883A129.1030101@it.uc3m.es> <4883E223.50306@gmail.com> <48842F40.6080307@it.uc3m.es> <48852072.6080307@gmail.com> <488735A5.6050200@it.uc3m.es>
In-Reply-To: <488735A5.6050200@it.uc3m.es>
Cc: Jari Arkko <jari.arkko@piuha.net>, behave@ietf.org, Dave Thaler <dthaler@windows.microsoft.com>
Subject: Re: [BEHAVE] Comments on draft-bagnulo-behave-nat64-00
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: behave-bounces@ietf.org
Errors-To: behave-bounces@ietf.org

In line (sorry about the growth in message size...)

On 2008-07-24 01:44, marcelo bagnulo braun wrote:
> Brian E Carpenter escribió:
>> Hi Marcelo,
>>
>> On 2008-07-21 18:40, marcelo bagnulo braun wrote:
>>  
>>> Brian E Carpenter escribió:
>>>    
>>>> On 2008-07-21 08:33, marcelo bagnulo braun wrote:
>>>>  
>>>>      
>>>>> Iljitsch van Beijnum escribió:
>>>>>           
>>>>>> On 20 jul 2008, at 21:42, Jari Arkko wrote:
>>>>>>
>>>>>>               
>>>>>>> However, I'd be interested in learning more about what Iljitsch
>>>>>>> mentioned about current devices not allowing v4-mapped addresses on
>>>>>>> the wire. As Dave mentioned, RFC 2765 uses them, and a quick test on
>>>>>>> the Linux box that I'm writing this e-mail on shows that I can use
>>>>>>> these addresses on the wire. Can you be more specific about what
>>>>>>> problems you expect, and where, Iljitsch?
>>>>>>>                     
>>>>>> IIRC, Itojun was _extremely_ vocal about not allowing these on the
>>>>>> wire, and I think he got some traction in this area from at least
>>>>>> some
>>>>>> of the *BSD people.
>>>>>>
>>>>>> Also, stacks implement special case logic for these addresses as they
>>>>>> must result in IPv4 packets when the host is dual stack, I don't know
>>>>>> if this logic is still applied if the host is running IPv6-only, or
>>>>>> normal IPv6 packets are generated.
>>>>>>
>>>>>>                 
>>>>> see http://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
>>>>>             
>>>> Exactly. This prefix has implied semantics, and worse, it has
>>>> *ambiguous* implied semantics: one version for NAT[-PT|64]
>>>> and another for the dual-stack socket API.
>>>>
>>>> For NAT64, I think we're reducing topological flexibility by using this
>>>> prefix, as well as ignoring the ambiguity. If an arbitrary prefix is
>>>> allowed, the NAT64 doesn't have to be in the same administrative domain
>>>> as the host.
>>>>         
>>> why would it have to be in the same domain as the host if we use the
>>> v4-mapped prefix?
>>>     
>>
>> Well, it's really a rather strange sort of anycast prefix, and I can't
>> see ISPs being willing to carry explicit routes for it from other ISPs.
>> Obviously it's technically possible, but I don't see it as likely
>> to happen.
>>   
> 
> ah, i understand your point now
> i was thinking that it is perfectly possible for an ISP to announce the
> prefix to its customers, and i didn't see any problem with that, even
> though they are different admin domains (do you see a problem with that?)

No, I think this is OK, but of course that won't help customers of an
ISP that doesn't choose to offer NAT64 service.

> 
> i do understand that it is unlikely that an isp would announce the v4
> mapped prefix to another isp in a peering relationship (it would be
> possible in a transit relationship i think even between isps)  (it would
> be similar to announce the default prefix between isps)

Exactly (unless there was an explicit agreement that ISP A would provide
NAT64 service for ISP B's customers).

> 
> But, in that perspective, i think this also applies to any prefix we
> use. I mean, what seems strange to me is that an isp announces a prefix
> that sinks packet to all the v4 internet to a peer. Actually using the
> pref64 as part of the ISP prefx would end up with the need to perform
> proper filtering, cause a peer isps could send packets with destiantion
> addres containing pref64, that would result in transti to the v4
> internet, which would violate the peering arrangements. So, in a
> different words, i think the argument you raise is more problematic if
> we use the pref64 local that if we use the v4 mapped prefix

Yes, it would be an "interesting" case if the NAT64's prefix was
included in a shorter prefix that was announced to the DFZ. Good point.

>>  
>>>> I suggest therefore having a default prefix plus the option to discover
>>>> or configure an alternative.
>>>>
>>>>         
>>> but if we use other prefix than the v4-mapped prefix, it is not in the
>>> default policy table and then we loose the capability mentioned by Dave
>>> of automatically preffering native connectivity in dual stack hosts,
>>> which i find very attractive
>>>     
>>
>> Agreed, unless there is a non-default policy in place.
>>   
> but you need to configure that and this is more expensive than using the
> default one
> 
> it is possible and doesn't require software update, but it is more
> expensive

Definitely. But despite the above issue, it does allow for more
flexibility. It is a MAY of course.
> 
>>  
>>> OTOH, an additional fear that i have using a single globa prefix for
>>> respresenting the whole v4 address space is that we may end up needing
>>> to use more specifics, if we want to reach different parts of the v4
>>> internet through different routes, hence importing the v4 routing table
>>> to v6, but i don't know if you think there is any ground for this
>>> concern...?
>>>     
>>
>> Well, we had exactly that concern when designing 6to4, which is why
>> nothing more specific than 2002::/16 is supposed to be advertised.
>> You can always write a MUST NOT and hope people obey it ;-)
>>
>>   
> ok
> 
>> But 6to4 breaks when the IPv4 network fragments into IPv4 islands.
>> I'm not sure that we want NAT64 to break then.
>>
>>   
> i am not sure i understand this point (not sure i understand what do you
> mean for 6to4 and not sure how it would apply to nat64, sorry, could you
> expand?

Easiest is to look at http://tools.ietf.org/html/rfc3056#section-5.5
The scenario that fails for 6to4 is the second one, where IPv4
connectivity is assumed to have fragmented in a late stage of transition
to IPv6. I guess this deosn't map directly to NAT64, so this is probably
a false problem, sorry.

(We could consider a scenario where IPv4 has fragmented and we use
double-NAT64 to interconnect IPv4 islands, but that sounds too bizarre.)

    Brian

_______________________________________________
Behave mailing list
Behave@ietf.org
https://www.ietf.org/mailman/listinfo/behave

v2.23.0 | Report a Bug | By Email