Re: [BEHAVE] New I-D: IPv4/IPv6 Translator for IPv4-Only Networks
Ed Jankiewicz <edward.jankiewicz@sri.com> Thu, 30 October 2008 22:47 UTC
Return-Path: <behave-bounces@ietf.org>
X-Original-To: behave-archive@optimus.ietf.org
Delivered-To: ietfarch-behave-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CBC863A6B53; Thu, 30 Oct 2008 15:47:19 -0700 (PDT)
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 923A83A6B9E for <behave@core3.amsl.com>; Thu, 30 Oct 2008 15:47:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.046
X-Spam-Level:
X-Spam-Status: No, score=-6.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NkDXiQPDAzXV for <behave@core3.amsl.com>; Thu, 30 Oct 2008 15:47:17 -0700 (PDT)
Received: from mailgate-internal3.sri.com (mailgate-internal3.SRI.COM [128.18.84.113]) by core3.amsl.com (Postfix) with SMTP id AAC3C3A6BD7 for <behave@ietf.org>; Thu, 30 Oct 2008 15:46:34 -0700 (PDT)
Received: from smssmtp-internal1.sri.com (128.18.84.115) by mailgate-internal3.sri.com with SMTP; 30 Oct 2008 22:46:32 -0000
X-AuditID: 80125473-a94debb000000a55-ab-490a3948ca3b
Received: from srimail1.sri.com (srimail1.SRI.COM [128.18.30.11]) by smssmtp-internal1.sri.com (Symantec Mail Security) with ESMTP id C0F1421AF31 for <behave@ietf.org>; Thu, 30 Oct 2008 15:46:32 -0700 (PDT)
Received: from [192.168.2.101] (static-72-90-189-2.nwrknj.east.verizon.net [72.90.189.2]) by mail.sri.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPSA id <0K9K004ULPXJXI00@mail.sri.com> for behave@ietf.org; Thu, 30 Oct 2008 15:46:32 -0700 (PDT)
Date: Thu, 30 Oct 2008 18:46:28 -0400
From: Ed Jankiewicz <edward.jankiewicz@sri.com>
In-reply-to: <DB2AE4C3-DF3C-40CD-BDB1-EEC03695B80C@nomadiclab.com>
To: Christian Vogt <christian.vogt@nomadiclab.com>
Message-id: <490A3944.90502@sri.com>
MIME-version: 1.0
References: <DB2AE4C3-DF3C-40CD-BDB1-EEC03695B80C@nomadiclab.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
X-Brightmail-Tracker: AAAAAA==
Cc: Alain Durand <alain_durand@cable.comcast.com>, 46Translation <46translation@employees.org>, Behave Mailing List <behave@ietf.org>
Subject: Re: [BEHAVE] New I-D: IPv4/IPv6 Translator for IPv4-Only Networks
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: behave-bounces@ietf.org
Errors-To: behave-bounces@ietf.org
Good start on the topic. comments:
abstract:
"Communication initiated into the latter direction..." this sentence
is confusing - if you mean "Communication initiated from the IPv4
network..." just say that. Also, it is not clear in the abstract
whether communication could be initiated from the IPv6 side, and if so
how. That becomes clear in the body. Suggest rewording the abstract:
This document proposes Virtual IPv6 Connectivity, a method for
deployment in IPv4-only networks to enable communications with the
IPv6 Internet. Virtual IPv6 Connectivity uses IP protocol
translation to support both incoming traffic from IPv6 to IPv4, and
outgoing traffic from IPv4 to IPv6. Communication initiated from the IPv4 network
is facilitated through a DNS or DNSSEC proxy to obtain a virtual IPv4 address.
Communication initiated from the IPv6 Internet relies on virtual IPv6 addresses stored in the authoritative DNS server.
Unlike existing IPv4/IPv6 interworking techniques, which are designed
for deployment in IPv6 networks, Virtual IPv6 Connectivity does not
require extra, globally unique IPv4 addresses.
introduction:
s/inavertable/inevitable
add to the justification for IPv4 based translation: "...The
responsibility and cost for maintaining IPv4 interoperability shifts to
those who desire to maintain the IPv4 network when IPv6 predominates."
after the DNS proxy statement, add the same statement in the abstract
for the IPv6 initiated case. Maybe subtle, but I just think it is
important to establish and reinforce that a proxy is needed ONLY for
IPv4 initiated communication and that IPv6 initiated communication
relies solely on "normal" DNS (with properly provisioned virtual
addresses...)
conceptual overview:
make it clear that the prefixes and addresses used are examples - you
have not introduced the virtual addresses yet, and the reader should not
conclude that only 2001:DB8 or net-10 work.
There is some implication that DNS servers (recursive and authoritative)
are maintaining virtual address mappings. Is that true? It looks like
(reading ahead) the "recursive name server" in the v4 initiated case is
actually the DNS Proxy. Also the "authoritative DNS Server in the IPv4
network" is an unmodified DNS server with the virtual addresses
configured. Maybe go back and clean up the conceptual overview to make
it obvious which components have new/unmodified logic. I believe you have:
1. a new box, the translator
2. a new/modified box, the DNS proxy or recursive name server (or
"virtual IPv6 connectivity name server")
3. unmodified DNS server code with provision of virtual addresses
1 and 2 determine/maintain the virtual address mappings and send name
resolutions to 3, or maybe 3 requires manual configuration of virtual
addresses?
Anyway, you don't want too much detail in the conceptual overview - use
it as an outline for the sections that follow, and in fact refer forward
to them, e.g. "Virtual addresses (section 3.0)..." I suggest reversing
the first two bullets in the components to parallel the following
sections. It is always hard to discuss interlocked sub-topics that
refer forward/backward to each other, but I would also recommend
reversing sections 4 and 5 to more logically flow - define the
addressing architecture (section 3), define the
mapping/provisioning/discovery process (previously section 5), finally
the flow of translation (previously section 4). Just a suggestion.
Virtual IPv6 Connectivity consists of three components, which
together enable hosts in an IPv4-only network to communicate with
remote IPv6 correspondent hosts:
o Virtual IP Addresses (Section 3), which represent, respectively,
the IPv6 addresses of remote correspondent hosts to local IPv4
hosts, and the IPv4 addresses of local hosts to remote IPv6
correspondent hosts.
o IP protocol translation (Section 4), which are placed on border links of the
IPv4-only network to translate packets exchanged with IPv6
correspondent hosts.
o Provisioning and Discovery of virtual IP addresses (Section 5).
Section 4:
p. 9 "For communications initiated by a remote IPv6..." s/actaully/actually
figure 3 and 4 sort of illustrate why I think it would be better to
explain address discovery before the translation. in the figure 3
example it is a natural question - how would the IPv6 correspondent know
the virtual IPv6 address for the IPv4 host?
Section 5:
change the title to Provision and Discovery as it discusses both
creation and retrieval of the mappings.
5.1: not clear how the virtual address 2001:DB8:ABC::a.b.c.d gets
created in the auth name server. it almost sounds like it maintains the
mapping. It should be made clear who creates the mapping (the
translator) and how it gets provisioned in the auth name server. In
addition to the text changes, put this flow in fig 4.
5.2: it seems you are discussing a modified recursive name server, i.e.
one that has part of the code required to build "virtual IPv6
connectivity". identify this name server explicitly as a "virtual IPv6
connectivity name server" which combines normal recursive name server
plus this mapping function.
There is a big hand wave here - "The recursive DNS name server maps each
of the correspondent host's regular IPv6 addresses onto a separate
virtual IPv4 address in coordination with the IP protocol translator to
which these virtual IPv4 addresses route." That coordination is the key
to the mapping working, especially if there is not a 1-to-1 coupling
between protocol translator and name server, e.g. the name server could
serve multiple translators. Even with 1-to-1 how does the name server
know whether/not a virtual address is available? does the translator
give it a range that it manages? if an address was used in a previous
mapping, when is it safe to recycle (i.e. the IPv4 host is no longer
counting on it)? The translator I worked on had an internal DNS ALG
that did this, and restricted certain address ranges for inbound and
outbound mappings, and knew when they timed out.
A performance nicety: both A and AAAA queries could be sent
simultaneously; if an A record is returned, do IPv4 pass-through; if an
AAAA record is, create the mapping. In the event of both, prefer IPv4.
Speaking of IPv4 pass-through - since the IPv4 host likely does not have
a global IPv4 address, is the protocol translator or modified name
server also doing a NAT44 for that case? By the way, is the protocol
translator the DHCP server for the IPv4 hosts? Otherwise, how do the
IPv4 hosts get their addresses? Or is that irrelevant?
Since there could be multiple IPv4 hosts which could initiate
communication with the same IPv6 correspondent, the discussion should be
expanded to describe what happens when there is already a mapping in the
name server for host.v6.net, i.e. if/when it is safe to use a previous
mapping? if the same mapping is used for multiple flows, how do you
know when it is "no longer in use?" is least recently used OK to
recycle? the pool of virtual IPv4 addresses is finite.
Ed J.
Christian Vogt wrote:
> Folks,
>
> at the IPv4/IPv6 co-existence interim, Alain and I had sketched a
> translation-based IPv4/IPv6 interworking method that, unlike other
> translation-based solution proposals, is for deployment in IPv4
> networks. Here is now a more detailed specification of this method,
> which we call "Virtual IPv6 Connectivity for IPv4-only networks":
>
> http://tools.ietf.org/html/draft-vogt-durand-virtual-ip6-connectivity
>
> Recall from the interim: The main advantage of Virtual IPv6
> Connectivity is that it does not require extra global IPv4 addresses.
> We hence believe that the method will be of advantage when (a) the pool
> of unallocated IPv4 addresses is exhausted, and (b) there is sufficient
> IPv6 deployment to make it worthwhile for IPv4 networks to invest into
> IPv4/IPv6 interworking. Consequently, Virtual IPv6 Connectivity is not
> intended to replace any other solution proposal. It is instead intended
> to complement other solution proposals in a future where the impetus to
> invest into IPv4/IPv6 interworking has shifted from the IPv6 side to the
> IPv4 side.
>
> Furthermore, Virtual IPv6 Connectivity can already today solve some of
> the key problem scenarios, namely those involving IPv6 clients and IPv4
> servers in the absence of a unique global IPv4 addresses for each
> server. An example is scenario (4) in Mark's and Jari's analysis [1].
>
> Finally, we would like to request a presentation slot for Virtual IPv6
> Connectivity at IETF 73. Dan and Dave, I am assuming this would be in
> the BEHAVE session, right?
>
> Thanks everybody.
>
> - Christian, for Alain and Christian
>
>
> [1] http://tools.ietf.org/html/draft-arkko-townsley-coexistence
>
>
>
> _______________________________________________
> Behave mailing list
> Behave@ietf.org
> https://www.ietf.org/mailman/listinfo/behave
>
_______________________________________________
Behave mailing list
Behave@ietf.org
https://www.ietf.org/mailman/listinfo/behave
- [BEHAVE] New I-D: IPv4/IPv6 Translator for IPv4-O… Christian Vogt
- Re: [BEHAVE] New I-D: IPv4/IPv6 Translator for IP… Ed Jankiewicz
- Re: [BEHAVE] New I-D: IPv4/IPv6 Translator for IP… Christian Vogt