IETF Logo Mail Archive

Re: [Gen-art] Gen-art LC review of draft-ietf-v6ops-nat64-experience-09

GangChen <phdgang@gmail.com> Fri, 21 February 2014 09:59 UTC

Return-Path: <phdgang@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92A5C1A043D; Fri, 21 Feb 2014 01:59:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZC-pSc6MMMKw; Fri, 21 Feb 2014 01:59:19 -0800 (PST)
Received: from mail-qg0-x22e.google.com (mail-qg0-x22e.google.com [IPv6:2607:f8b0:400d:c04::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 3FF8C1A0436; Fri, 21 Feb 2014 01:59:19 -0800 (PST)
Received: by mail-qg0-f46.google.com with SMTP id e89so7052469qgf.5 for <multiple recipients>; Fri, 21 Feb 2014 01:59:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=LDoOuW78Kk98ovZDh1TU3WH6kdmuroCQPFttSGejBXs=; b=UJ+jhiVPc4pmzNp7jyeMC9dmpV3K66lhubWWlrR5AEy4In+kBWZ1GgmOfLpdqTx3Xa 6MDiLHTJZSTTincXGp6cNdPwGcnFDoEFq0ZS+v5a3FB+cXW5fkmPDRk0FhY6VFAail8M Z7U4IYh1euPh9wuysM9mbvtS5ucf5qRSU8Mu8kFrAApa4I7IvVPss4PW4NGKf8dYpoau HPY6A2RLXjI5FDQbKF6qa8Km9AJkY9821arv9DpM919I+9A+Pkris214wPtPcz6m66rC l/nnRSIFvRadKRKUgAnmI+kSwY/VhYkpaNWXwlgTiqOEO5ZC5XZuddFDGeXhu2olaiV4 6ZIA==
MIME-Version: 1.0
X-Received: by 10.229.172.4 with SMTP id j4mr8445548qcz.6.1392976755281; Fri, 21 Feb 2014 01:59:15 -0800 (PST)
Received: by 10.224.51.137 with HTTP; Fri, 21 Feb 2014 01:59:15 -0800 (PST)
In-Reply-To: <A0D801AD-CD5A-4259-8BF5-85A105207217@piuha.net>
References: <52E83C75.7030909@dial.pipex.com> <0D2A7761-2C8D-41C7-8BC7-B4F175187F95@piuha.net> <A0D801AD-CD5A-4259-8BF5-85A105207217@piuha.net>
Date: Fri, 21 Feb 2014 17:59:15 +0800
Message-ID: <CAM+vMEQh_Mgjhp3u07CxFAOyR3wkTf+8hepx14ubWOf+bjEqgA@mail.gmail.com>
From: GangChen <phdgang@gmail.com>
To: Jari Arkko <jari.arkko@piuha.net>
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: http://mailarchive.ietf.org/arch/msg/gen-art/ANpkLezh1_rVjX3FkfQ-6k6wPGM
X-Mailman-Approved-At: Fri, 21 Feb 2014 05:39:18 -0800
Cc: General Area Review Team <gen-art@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-v6ops-nat64-experience.all@tools.ietf.org
Subject: Re: [Gen-art] Gen-art LC review of draft-ietf-v6ops-nat64-experience-09
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Feb 2014 09:59:22 -0000

Hello Jari,

Thank you for the comments. Please see my reply inline.


2014-02-21 0:56 GMT+08:00, Jari Arkko <jari.arkko@piuha.net>:
> FWIW, I have now done my own review. I think there are language issues, but
> they do not prevent going forward. Language itself will be fixed by the RFC
> Editor. I'm more interested in cases where there might be an semantics
> unclarity issue.
>
> I think it would be beneficial to go through each of the comments before
> final approval of the document.
>
> With that in mind, going through some of my own and Elwyn's comments:
>
>>    o  Operators who adopt NAT64-FE may leverage the application layer
>>       proxies, e.g. X-Forwarded-For (XFF)
>>       [
>> I-D.ietf-appsawg-http-forwarded
>> ], to convey the IPv6 source
>>       address in HTTP headers.
>
> I'd say ... may leverage application layer proxies, and those may use
> additional attributes such as X-Forwarded-For ...

>
>> Those messages would be passed on to
>>       web-servers.  The log parsing tools are required to be able to
>>       support IPv6 and may lookup Radius servers for the target
>>       subscribers based on IPv6 addresses included in XFF HTTP headers.
>>       XFF is the de facto standard which has been integrated in most
>>       Load Balancers.  Therefore, it may be superior to use in a NAT-FE
>>       environment.  In the downsides, XFF is specific to HTTP.  It
>>       restricts the usages so that the solution can't be applied to
>>       requests made over HTTPs.  This makes geo-location problematic for
>>       HTTPs based services.
>>
>
> Not sure we should call something a de facto standard while pointing to a
> draft. I'd just say "... has been implemented in many ..."

thank you for the suggestion. We will make following changes:

==NEW

   o  Operators who adopt NAT64-FE may leverage the application layer
      proxies. Those may use additional attributes such as X-Forwarded-For (XFF)
      [I-D.ietf-appsawg-http-forwarded] to convey the IPv6 source
      address in HTTP headers.  Those messages would be passed on to
      web-servers.  The log parsing tools are required to be able to
      support IPv6 and may lookup Radius servers for the target
      subscribers based on IPv6 addresses included in XFF HTTP headers.
      XFF has been implemented in most Load Balancers.  Therefore,
      it may be superior to use in a NAT-FE
      environment.  In the downsides, XFF is specific to HTTP.  It
      restricts the usages so that the solution can't be applied to
      requests made over HTTPs.  This makes geo-location problematic for
      HTTPs based services.



>> The experiences of some
>>    applications are still align with [
>> RFC6586].
>
>
> Not sure what this means.

Several applications don't work properly as described in the RFC6585.

>
>
>> |  SIP-VoIP      |Fail, due to the lack of NAT64 traversal            |
>>
>
> Did you mean ALG? Not sure what this would mean otherwise.

I mean ICE is recommended to be supported in order to avoid SIP-ALG.
After the discussion with Dan Wing, resorting to SIP-ALG for
supporting IPv4-IPv6 inter-working is not preferred.

BRs

Gang

>
>>> Minor issues:
>>> Title:  The title is rather misleading since it the document actually
>>> documents two suggested ways of deploying NAT64 as well as experience of
>>> deploying these solutions. Maybe 'NAT64 Deployment Options and
>>> Experience'.
>
> I think that is a reasonable suggestion.
>
>>>
>>> s1: A reference to explain what PDP context etc means in an LTE
>>> environment would be useful.
>>>
>>> s3.1.3: It is stated that placing the NAT64 (middlebox) in a centralized
>>> location would 'reduce the diversity of  log format'.  I guess what is
>>> possibly being said that is that the network should preferentially use
>>> just one NAT64 box centrally placed rather than several (smaller) boxes
>>> at various edge locations.  I think this needs to be explained more
>>> clearly (assuming I have it right).  OTOH I would rather expect that most
>>> network owners would go for a single species of NAT64 box so the
>>> diversity of log formats is really a side issue.
>>>
>>> s5.2: The problem here is not specifically geo-location - and since we
>>> normally don't have any mapping between topology and location this seems
>>> inappropriate - but doing host identification (which is what RFC 6967 is
>>> about.  Shouldn't this section just be about host identification?
>>>
>>> s8, para 2:
>>>> We configure ULAs as NAT64 prefixes on a NAT64-CGN.
>>> So.. is this a mandatory requirement or just a possibility?
>>>
>>> Nits/editorial comments:
>>>
>>> s1, para 1: s/Internet/the Internet/
>>>
>>> s1, para 2: s/simplify networks provisioning/simplify the provisioning of
>>> networks/, s/confers some benefits to/confers some benefits on/, s/such
>>> mobile/such a mobile/, s/if Long Term/if a Long Term/
>>>
>>> s3.1.1: s/can be seen with better transparency features/can offer
>>> improved transparency to <state who or what is offered the improved
>>> transparency> /
>>>
>>> s3.1.1: Expand A+P abbreviation.
>>>
>>> s3.3.1: s/IPv4 shortage/IPv4 address shortage/
>>>
>>> ss3.1.2, 3.1.3 and 3.1.4: These are very long paragraphs.  It would be
>>> good to separate the various discussion points into separate paragraphs.
>>>
>>> s3.1.2: "..to enable access of IPv4 only applications" Presumably this is
>>> access to applications running on the IPv4 side from applications on the
>>> IPV6 side... Suggest
>>> "to allow applications running on the IPv6 network to interact with
>>> applications that can only use IPv4 communications or IPv6 applications
>>> that need to communicate using literal IPv4 addresses."
>>>
>>> s3.1.2: s/discover NAT64 prefix/discover the NAT64 prefix/
>>>
>>> s3.1.2: need a reference for BIND.
>>>
>>> s3.1.2: s/...(BIND) software supports the function./The ... (BIND)
>>> implementation of NAT64 supports this discovery function./
>>>
>>> s3.1.2:s/Operators should not/Users should not/ perhaps.
>>>
>>> s3.1.2: s/going to IPv4-only service/going to IPv4-only services/
>>>
>>> s3.1.2: s/restrains NAT uses/restrains NAT usage/
>>>
>>> s3.1.2: s/all traffic flows have to be traversed and translated./all
>>> traffic flows have to traverse the NAT44 middlebox and be translated
>>> there./
>>>
>>> s3.1.2: s/may serve a double roles, i.e. a translator and IPv6
>>> forwarder./may serve a dual role acting as both translator and IPv6
>>> forwarder./
>>>
>>> s3.1.2: s/Therefore, both IPv6 and IPv6
>>>
>>> s3.1.2:
>>> OLD:
>>> In some sense, it encourages IPv6 transmission and restrains NAT uses
>>> compared to NAT44(if used), on which all traffic flows have to be
>>> traversed and translated. In some cases, NAT64-CGN may serve double
>>> roles, i.e. a translator and IPv6 forwarder. In mobile networks, NAT64 is
>>> likely deployed as the default gateway serving for all the IPv6 traffic.
>>> The traffic heading to a dual-stack server is only forwarded on the
>>> NAT64. Therefore, both IPv6 and IPv4 are suggested to be configured on
>>> the Internet faced interfaces of NAT64. We tested on Top100 websites
>>> (referring to [Alexa] statistics). 43% of websites are connected and
>>> forwarded on the NAT64 since those websites have both AAAA and A records.
>>> With expansion of IPv6 supports, the translation process on NAT64 will
>>> likely be faded. In addition, it should be noted the DNS64-DNSSEC
>>> Interaction[RFC6147] may impact the DNS64 process. For example, DNS64
>>> will not work with the case, where there is a DNS query with the "DNSSEC
>>> OK" (DO) bit set and the "Checking Disabled" (CD) bit set received.
>>> NEW:
>>> In some sense, it encourages IPv6 transmission and restrains NAT usage
>>> compared to system using NAT44 (if used), on which all traffic flows have
>>> to traverse the NAT44 middlebox and be translated in passing. In some
>>> cases, NAT64-CGN may serve a dual role as both translator and IPv6
>>> forwarder. In mobile networks, NAT64 is likely deployed as the default
>>> gateway serving all the IPv6 traffic. The traffic heading to a dual-stack
>>> server is only forwarded via the NAT64. Therefore, it is suggested [or
>>> may be RECOMMENDED] that both IPv6 and IPv4 are configured on the
>>> Internet facing interfaces of NAT64 middleboxes.  We tested the
>>> configuration of the Top100 websites (as identified in the [Alexa]
>>> statistics).  43% of websites are [Should this be "would be"] connected
>>> and forwarded via NAT64 since those websites have both AAAA and A
>>> records. With the expansion of IPv6 support, the need for the translation
>>> process on NAT64 middleboxes will likely diminish. In addition, it should
>>> be noted that the interaction of DNS64 and DNSSEC [RFC6147] may impact
>>> the DNS64 process. For example, DNS64 will not work in the case where a
>>> DNS query is received that has the "DNSSEC OK" (DO) bit set and the
>>> "Checking Disabled" (CD) bit set.
>>>
>>>
>>> s3.1.3: s/is problematic from multiple-vendor's equipment due to
>>> inconsistent formats of log records./obtained from equipment supplied by
>>> multiple vendors may be problematic due to inconsistent log formats./
>>>
>>> s3.1.3: This gave me a bit of a laugh...  So having got over my unstable
>>> user experience (probably due to excessive consumption of beer..)
>>> OLD:
>>>  Since the topology on each
>>>  path is different, it may cause unstable user experiences and some
>>>  degradation of Quality of Experience (QoE) when fallback to the other
>>>  protocol is not powerful enough.
>>> NEW:
>>>  Since the routes taken by the two traffic sets may be different, user
>>> experiences
>>>  may be inconsistent and there may be some
>>>  degradation of Quality of Experience (QoE) when fallback to the other
>>>  protocol is not sufficiently rapid. [or does this mean that the
>>> alternative route
>>>  doesn't have enough capacity]
>
> Yes, that would be better.
>
>>>
>>> Please clarify.
>>>
>>> [I gave up on language corrections at this point as it essentially needs
>>> a serious rewrite.]
>>>
>>> s4.1, last para: Specifying 91.21% of traffic seems inappropriately
>>> exact.
>>>
>>> s6.1:  It may well be that NAT64-CGN have an FTP ALG .. given the general
>>> view that FTP shouldn't be used it seems peculiar that this is the only
>>> default implementation!
>>> Perhaps a comment about this (and maybe even TURNING OFF the FTP ALG)
>>> seems like an option.
>
>
> Jari
>
>

v2.23.0 | Report a Bug | By Email