Re: [BEHAVE] Comments on draft-bagnulo-behave-nat64-00
Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 23 July 2008 23:22 UTC
Return-Path: <behave-bounces@ietf.org>
X-Original-To: behave-archive@optimus.ietf.org
Delivered-To: ietfarch-behave-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3FF033A6ADE; Wed, 23 Jul 2008 16:22:23 -0700 (PDT)
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 702103A6A95 for <behave@core3.amsl.com>; Wed, 23 Jul 2008 16:22:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YFwyZs9z2E-9 for <behave@core3.amsl.com>; Wed, 23 Jul 2008 16:22:18 -0700 (PDT)
Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.28]) by core3.amsl.com (Postfix) with ESMTP id A53A33A6A99 for <behave@ietf.org>; Wed, 23 Jul 2008 16:22:17 -0700 (PDT)
Received: by yx-out-2324.google.com with SMTP id 8so471489yxg.49 for <behave@ietf.org>; Wed, 23 Jul 2008 16:23:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :organization:user-agent:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=0Yiaw7zUipfWDcWiPCRbY4MhbfbaZKxBtzkzpDyv2eg=; b=wXuXwisBjaiuJ2ladAsP4AinyC+jWLcf80BsLaQkeYpxqmq/oNzlo7wLLn4ROyRn0J LDu0B8uKBje0LdbTZStrHXNynGHQnnS2QqqlfzCKXoxQ25b/VLSyaXEAn8XdU1a6SPx9 olUXQdbGzhAbs7RYV6DMCfYho1mEPhqJP7rAA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=UKwJMbg66NdWmgazcQD81EzCiXYYdcWlkJv8HxOS5r9+ks2SYPWKo9kt/XqfT0fORg I/ML8cQ9DNTGVJG+u39JdP4+4S7p6L2326Jm6w2NYe7zmzZcpgNt4pq31ZVmqFUr56hR YrpTl+WnwhIn+GOJbY1uZIDuXiLMbjf3DJqrU=
Received: by 10.150.124.2 with SMTP id w2mr379181ybc.170.1216855380384; Wed, 23 Jul 2008 16:23:00 -0700 (PDT)
Received: from ?130.216.38.124? ( [72.14.241.153]) by mx.google.com with ESMTPS id f24sm9384911pyh.21.2008.07.23.16.22.56 (version=SSLv3 cipher=RC4-MD5); Wed, 23 Jul 2008 16:22:59 -0700 (PDT)
Message-ID: <4887BD55.8060204@gmail.com>
Date: Thu, 24 Jul 2008 11:23:01 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: marcelo bagnulo braun <marcelo@it.uc3m.es>
References: <48839533.90507@piuha.net> <85756727-1F7B-483B-9244-72E315F16F45@muada.com> <4883A129.1030101@it.uc3m.es> <4883E223.50306@gmail.com> <48842F40.6080307@it.uc3m.es> <48852072.6080307@gmail.com> <488735A5.6050200@it.uc3m.es>
In-Reply-To: <488735A5.6050200@it.uc3m.es>
Cc: Jari Arkko <jari.arkko@piuha.net>, behave@ietf.org, Dave Thaler <dthaler@windows.microsoft.com>
Subject: Re: [BEHAVE] Comments on draft-bagnulo-behave-nat64-00
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: behave-bounces@ietf.org
Errors-To: behave-bounces@ietf.org
In line (sorry about the growth in message size...) On 2008-07-24 01:44, marcelo bagnulo braun wrote: > Brian E Carpenter escribió: >> Hi Marcelo, >> >> On 2008-07-21 18:40, marcelo bagnulo braun wrote: >> >>> Brian E Carpenter escribió: >>> >>>> On 2008-07-21 08:33, marcelo bagnulo braun wrote: >>>> >>>> >>>>> Iljitsch van Beijnum escribió: >>>>> >>>>>> On 20 jul 2008, at 21:42, Jari Arkko wrote: >>>>>> >>>>>> >>>>>>> However, I'd be interested in learning more about what Iljitsch >>>>>>> mentioned about current devices not allowing v4-mapped addresses on >>>>>>> the wire. As Dave mentioned, RFC 2765 uses them, and a quick test on >>>>>>> the Linux box that I'm writing this e-mail on shows that I can use >>>>>>> these addresses on the wire. Can you be more specific about what >>>>>>> problems you expect, and where, Iljitsch? >>>>>>> >>>>>> IIRC, Itojun was _extremely_ vocal about not allowing these on the >>>>>> wire, and I think he got some traction in this area from at least >>>>>> some >>>>>> of the *BSD people. >>>>>> >>>>>> Also, stacks implement special case logic for these addresses as they >>>>>> must result in IPv4 packets when the host is dual stack, I don't know >>>>>> if this logic is still applied if the host is running IPv6-only, or >>>>>> normal IPv6 packets are generated. >>>>>> >>>>>> >>>>> see http://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02 >>>>> >>>> Exactly. This prefix has implied semantics, and worse, it has >>>> *ambiguous* implied semantics: one version for NAT[-PT|64] >>>> and another for the dual-stack socket API. >>>> >>>> For NAT64, I think we're reducing topological flexibility by using this >>>> prefix, as well as ignoring the ambiguity. If an arbitrary prefix is >>>> allowed, the NAT64 doesn't have to be in the same administrative domain >>>> as the host. >>>> >>> why would it have to be in the same domain as the host if we use the >>> v4-mapped prefix? >>> >> >> Well, it's really a rather strange sort of anycast prefix, and I can't >> see ISPs being willing to carry explicit routes for it from other ISPs. >> Obviously it's technically possible, but I don't see it as likely >> to happen. >> > > ah, i understand your point now > i was thinking that it is perfectly possible for an ISP to announce the > prefix to its customers, and i didn't see any problem with that, even > though they are different admin domains (do you see a problem with that?) No, I think this is OK, but of course that won't help customers of an ISP that doesn't choose to offer NAT64 service. > > i do understand that it is unlikely that an isp would announce the v4 > mapped prefix to another isp in a peering relationship (it would be > possible in a transit relationship i think even between isps) (it would > be similar to announce the default prefix between isps) Exactly (unless there was an explicit agreement that ISP A would provide NAT64 service for ISP B's customers). > > But, in that perspective, i think this also applies to any prefix we > use. I mean, what seems strange to me is that an isp announces a prefix > that sinks packet to all the v4 internet to a peer. Actually using the > pref64 as part of the ISP prefx would end up with the need to perform > proper filtering, cause a peer isps could send packets with destiantion > addres containing pref64, that would result in transti to the v4 > internet, which would violate the peering arrangements. So, in a > different words, i think the argument you raise is more problematic if > we use the pref64 local that if we use the v4 mapped prefix Yes, it would be an "interesting" case if the NAT64's prefix was included in a shorter prefix that was announced to the DFZ. Good point. >> >>>> I suggest therefore having a default prefix plus the option to discover >>>> or configure an alternative. >>>> >>>> >>> but if we use other prefix than the v4-mapped prefix, it is not in the >>> default policy table and then we loose the capability mentioned by Dave >>> of automatically preffering native connectivity in dual stack hosts, >>> which i find very attractive >>> >> >> Agreed, unless there is a non-default policy in place. >> > but you need to configure that and this is more expensive than using the > default one > > it is possible and doesn't require software update, but it is more > expensive Definitely. But despite the above issue, it does allow for more flexibility. It is a MAY of course. > >> >>> OTOH, an additional fear that i have using a single globa prefix for >>> respresenting the whole v4 address space is that we may end up needing >>> to use more specifics, if we want to reach different parts of the v4 >>> internet through different routes, hence importing the v4 routing table >>> to v6, but i don't know if you think there is any ground for this >>> concern...? >>> >> >> Well, we had exactly that concern when designing 6to4, which is why >> nothing more specific than 2002::/16 is supposed to be advertised. >> You can always write a MUST NOT and hope people obey it ;-) >> >> > ok > >> But 6to4 breaks when the IPv4 network fragments into IPv4 islands. >> I'm not sure that we want NAT64 to break then. >> >> > i am not sure i understand this point (not sure i understand what do you > mean for 6to4 and not sure how it would apply to nat64, sorry, could you > expand? Easiest is to look at http://tools.ietf.org/html/rfc3056#section-5.5 The scenario that fails for 6to4 is the second one, where IPv4 connectivity is assumed to have fragmented in a late stage of transition to IPv6. I guess this deosn't map directly to NAT64, so this is probably a false problem, sorry. (We could consider a scenario where IPv4 has fragmented and we use double-NAT64 to interconnect IPv4 islands, but that sounds too bizarre.) Brian _______________________________________________ Behave mailing list Behave@ietf.org https://www.ietf.org/mailman/listinfo/behave
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… marcelo bagnulo braun
- [BEHAVE] Comments on draft-bagnulo-behave-nat64-00 Dave Thaler
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Dave Thaler
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… marcelo bagnulo braun
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Dave Thaler
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Iljitsch van Beijnum
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Iljitsch van Beijnum
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Jari Arkko
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Iljitsch van Beijnum
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… marcelo bagnulo braun
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Brian E Carpenter
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… marcelo bagnulo braun
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Brian E Carpenter
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Dave Thaler
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Dave Thaler
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Iljitsch van Beijnum
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… marcelo bagnulo braun
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Rémi Denis-Courmont
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… marcelo bagnulo braun
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… marcelo bagnulo braun
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… marcelo bagnulo braun
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Dave Thaler
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Brian E Carpenter
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Philip Matthews
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Dave Thaler
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Rémi Denis-Courmont
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Pekka Savola
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Iljitsch van Beijnum
- Re: [BEHAVE] Comments on draft-bagnulo-behave-nat… Dave Thaler