Re: [BEHAVE] NAT64 for Mobile IPv6 - Extension header translation ICMP error issue
"Dan Wing" <dwing@cisco.com> Thu, 08 July 2010 21:54 UTC
Return-Path: <dwing@cisco.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 084A83A68B5 for <behave@core3.amsl.com>; Thu, 8 Jul 2010 14:54:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t5iPVlPkH2Pq for <behave@core3.amsl.com>; Thu, 8 Jul 2010 14:54:42 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 1A14E3A681F for <behave@ietf.org>; Thu, 8 Jul 2010 14:54:42 -0700 (PDT)
Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhwFAE/mNUyrRN+J/2dsb2JhbACTRIFGiyhxpwCabYUlBIN5
X-IronPort-AV: E=Sophos;i="4.53,560,1272844800"; d="scan'208";a="556268332"
Received: from sj-core-3.cisco.com ([171.68.223.137]) by sj-iport-6.cisco.com with ESMTP; 08 Jul 2010 21:54:46 +0000
Received: from dwingWS ([10.21.73.141]) by sj-core-3.cisco.com (8.13.8/8.14.3) with ESMTP id o68Lskbv023060; Thu, 8 Jul 2010 21:54:46 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Behcet Sarikaya' <sarikaya@ieee.org>, behave@ietf.org
References: <141248.37234.qm@web111414.mail.gq1.yahoo.com> <500163.11796.qm@web111409.mail.gq1.yahoo.com>
In-Reply-To: <500163.11796.qm@web111409.mail.gq1.yahoo.com>
Date: Thu, 08 Jul 2010 14:54:46 -0700
Message-ID: <04df01cb1ee8$2e15aed0$8a410c70$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Acse5PC1zFMwOFX5Tp+KRdEn6txLQAAAljmA
Content-Language: en-us
Cc: 'Charlie Perkins' <charliep@computer.org>, 'Wassim Haddad' <wassim.haddad@ericsson.com>
Subject: Re: [BEHAVE] NAT64 for Mobile IPv6 - Extension header translation ICMP error issue
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jul 2010 21:54:43 -0000
> >Dan Wing wrote: > >By the way, I see that both draft-sarikaya-behave-mext-nat64-dsmip-00 > and > >draft-haddad-mext-nat64-mobility-harmful-01 state that IPv6 extension > >headers are not translated and will cause the NAT64 to generate an > ICMP > >error. However, according to draft-ietf-behave-v6v4-xlate an ICMP > error is > >not generated in that case - draft-ietf-behave-v6v4-xlate says the > extension > >header is simply skipped and the IPv6 packet is translated to an IPv4 > >packet. > > > In order to start route optimization, MN sends Home Test Init (HoTI) > message to > IPv4-only server by tunneling it to HA. HA removes the tunnel header > and the resulting packet goes through NAT64 packet translation. As Dan > says > above, the extension headers are simply skipped but this packet has no > payload, > I think that is the reason for HA generating an ICMP error and sending > it to MN. Oops, I had missed that "NAT64" in draft-haddad-mext-nat64-mobility-harmful and in draft-haddad-mext-nat64-mobility-harmful refers to stateful translation. I had thought it was referring to stateless translation. If it's a stateful NAT64, and the HoTI isn't run over UDP or TCP, the stateful NAT64 will generate an error. Text from draft-ietf-behave-v6v4-xlate-stateful-11: If the incoming packet is an IPv6 packet that contains a protocol other than TCP, UDP or ICMPv6 in the last Next Header, then the packet SHOULD be discarded and, if the security policy permits, the NAT64 SHOULD send an ICMPv6 Destination Unreachable error message with Code 3 (Destination Unreachable) to the source address of the received packet. My mistake. Sorry about that. -d > > Regards, > > Behcet > > > ----- Original Message ---- > > From: Behcet Sarikaya <behcetsarikaya@yahoo.com> > > To: behave@ietf.org > > Cc: mext@ietf.org > > Sent: Tue, July 6, 2010 3:34:22 PM > > Subject: [BEHAVE] NAT64 for Mobile IPv6 > > > > Hi, > > We submitted a draft entitled NAT64 for Dual Stack Mobile IPv6 > which is > at: > > http://tools.ietf.org/id/draft-sarikaya-behave-mext-nat64-dsmip- > 00.txt > > > > This draft develops a solution to the problems described in > >draft-haddad-mext-nat64-mobility-harmful by integrating NAT64 > operation with the > >home agent and binding cache. > > > > We go one step ahead of NAT64 and provide multicast support as well. > > > > Regards, > > > > Behcet > > > > > > > > _______________________________________________ > > Behave mailing list > > Behave@ietf.org > > https://www.ietf.org/mailman/listinfo/behave > > > > >
- [BEHAVE] NAT64 for Mobile IPv6 Behcet Sarikaya
- [BEHAVE] NAT64 for Mobile IPv6 - Extension header… Behcet Sarikaya
- Re: [BEHAVE] NAT64 for Mobile IPv6 - Extension he… Dan Wing