Re: [Idr] Using BGP to advertise SD-WAN tunnels end point's private IPv6 addresses. (was registering tunnel types

"Henderickx, Wim (Nokia - BE/Antwerp)" <wim.henderickx@nokia.com> Tue, 06 November 2018 08:22 UTC

Return-Path: <wim.henderickx@nokia.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40D93130F3C; Tue, 6 Nov 2018 00:22:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.37
X-Spam-Level:
X-Spam-Status: No, score=-2.37 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ufR0rdCQRVFs; Tue, 6 Nov 2018 00:22:52 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0113.outbound.protection.outlook.com [104.47.0.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3397130E86; Tue, 6 Nov 2018 00:22:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gORENhim7VHXGAH3WOYyThI0s0Hjxn9cFaNmyYJJLqs=; b=Ueq7TRCHBQ+zP8BmeX1NY6UGBdeIiBJusrjwD/GexpaQIGahWNMSXfXb+z4cCd8Ajrv2fGcn0tsH/bJ0R3yJsxVwkWIDWJgsmVy1UhPljn2IwtZxNRIkUB4+0fvgqzTUzuLOfHanC9VN6WNp+ZPtYETJoku3eePiVqxCKbnFMWU=
Received: from DB6PR07MB3477.eurprd07.prod.outlook.com (10.175.234.32) by DB6PR07MB4278.eurprd07.prod.outlook.com (10.168.23.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.8; Tue, 6 Nov 2018 08:22:49 +0000
Received: from DB6PR07MB3477.eurprd07.prod.outlook.com ([fe80::5d66:3910:60c:6686]) by DB6PR07MB3477.eurprd07.prod.outlook.com ([fe80::5d66:3910:60c:6686%2]) with mapi id 15.20.1294.034; Tue, 6 Nov 2018 08:22:49 +0000
From: "Henderickx, Wim (Nokia - BE/Antwerp)" <wim.henderickx@nokia.com>
To: Gert Doering <gert@space.net>
CC: Linda Dunbar <linda.dunbar@huawei.com>, "idr@ietf.org" <idr@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>, Fred Baker <fredbaker.ietf@gmail.com>
Thread-Topic: [Idr] Using BGP to advertise SD-WAN tunnels end point's private IPv6 addresses. (was registering tunnel types
Thread-Index: AQHUdPQP+ZmmSSJuak+m74M0Ps0ZxKVBaBCAgACYwgCAAGC+gIAAfaWA
Date: Tue, 06 Nov 2018 08:22:49 +0000
Message-ID: <58297F7F-5B02-495B-9E2C-87871342E317@nokia.com>
References: <4A95BA014132FF49AE685FAB4B9F17F66B18249E@sjceml521-mbs.china.huawei.com> <6E397847-407E-4F69-AD31-E87D0001F603@gmail.com> <4A95BA014132FF49AE685FAB4B9F17F66B182B93@sjceml521-mbs.china.huawei.com> <20181105165959.GB11393@Space.Net> <4B2F3673-5106-4914-B79F-F3C44013ED06@nokia.com> <20181106075259.GM11393@Space.Net>
In-Reply-To: <20181106075259.GM11393@Space.Net>
Accept-Language: nl-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.13.0.181104
x-originating-ip: [131.228.32.172]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB6PR07MB4278; 6:VrqW9G36NWbvVDxMU7mYI8SIh9OrZT53qIIPjqHXOjkwOfyTy7xXUnyNF/goQ98qCz27tvIi53bRGWRzOWpH9Qm7AOYt1fw3nrfTXPGAhHvwaitrpGsj7iFkl3sdItrxg3Gpw9VK8ZOcoa1mDNWG75dr1jVqsWQOOc/rmfLQPEw3SAV1sdypTX17sEJumkaN0kVrMbOKHBKsxWJIuhT331qsXChT7JltJJj2D8pudbotweCZtY3JQ8+h6QvjamZfpvE6PKozlmFPtQYQAyqUNgHnhM7AyrHll8NbOFHAw3LrQTEsz8yVW8mvlKFyJTrZhemB1D+evel/zT9fLPesxjdPOrMj01A36ut28UFonZn+L4aFiC1JMtyrkC41X9XihY3PAjAp8zGLf26GaLYah9QmbSesVfEHbYKyY8ewtBgmFee+OiYRWOhJ74wMB/vaz8kLigNvZ9NIluO53SF8UQ==; 5:kCdRNnAb40v8bZE1c/iRr6iaSl2LKSCGQIunuvMpcLMrHiY9qpru69H0oX1DigzLd1QK0p6H7ug83GJZVG34k2I8rHdm/WpivyH5Pzj/tOCz5t+4UzCvvGqIQdv65J2y1D55BIlu4h3iks2vBQUUlXuJKHua6/5r3pzZUj9v9nY=; 7:1i9dXGscajXuUmMCriKKKYpAsqIrjP4Dc5lDa0OqbUeVufZprWh8qk4m2LfzsdiQXKfjhMdbGU46PeHIe9420gfdRMKFnTDSEac2NZ8lM2XhSQi5dGlvitsx8TyWclvY553IpfV/v6r2QbdvDVOm2w==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 189948cf-af00-48c1-c3a5-08d643c109d0
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(5600074)(711020)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:DB6PR07MB4278;
x-ms-traffictypediagnostic: DB6PR07MB4278:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=wim.henderickx@nokia.com;
x-microsoft-antispam-prvs: <DB6PR07MB4278B8B6A63A9A9D9E2F068D83CB0@DB6PR07MB4278.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(3231382)(11241501184)(806099)(944501410)(52105095)(10201501046)(93006095)(93001095)(6055026)(148016)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(20161123562045)(20161123564045)(201708071742011)(7699051)(76991095); SRVR:DB6PR07MB4278; BCL:0; PCL:0; RULEID:; SRVR:DB6PR07MB4278;
x-forefront-prvs: 0848C1A6AA
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(39860400002)(396003)(376002)(346002)(366004)(189003)(199004)(186003)(478600001)(2906002)(83716004)(86362001)(33656002)(76176011)(68736007)(5660300001)(2900100001)(26005)(102836004)(6506007)(36756003)(2616005)(11346002)(446003)(486006)(476003)(256004)(14444005)(99286004)(81156014)(54906003)(81166006)(6512007)(6436002)(25786009)(8676002)(97736004)(93886005)(82746002)(316002)(53936002)(58126008)(8936002)(6246003)(71190400001)(71200400001)(105586002)(229853002)(106356001)(3846002)(7736002)(305945005)(66066001)(6116002)(4326008)(39060400002)(6916009)(14454004)(6486002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB6PR07MB4278; H:DB6PR07MB3477.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: J0pgAvZw1Ae7qJKVvoBWJi69IFe33v53Lbcv9SqKrPxswVok9y45gKyfbuQgZlOE27pi5GIxC+RwCI4cwCiaC8T/13Xhvn3aXyW+wGlgCDyNkn7BJEGFRPhFjy3Q3WqQW+3zDdKJdGZhXPMexvxwW5pTYaaUmiVVcgbizTbmASlNro3h91vpKPaDaSnwuP4RMUrqfEoGBaQYFemMJRZE/DIH04JhRk+e1OeUElM0cF2wvsZhdLX7ZV9+FDK3ld0PSXwMTRSqWZC9Tj2Ta6VydGfILVTQfn1+qC8SuP3AAh3UaHi4Mfb4Qisq4Ng09k0gvfU8bpRycKFKjEyEzYnOU+lC2C+6g6d83NgVGwynOZU=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <888C83479F2C40408305E78E2D297F3F@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 189948cf-af00-48c1-c3a5-08d643c109d0
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2018 08:22:49.0298 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR07MB4278
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/4CpXvN7h5OFQRe7TvgM8hm7--AI>
Subject: Re: [Idr] Using BGP to advertise SD-WAN tunnels end point's private IPv6 addresses. (was registering tunnel types
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2018 08:23:00 -0000

We don’t perform any NAT operation. Let's first discuss the encapsulation:
In SD-WAN there is an IP tunneling of some sort (there are several options but not relevant here). So we have an inner payload which can be v4 or v6 and goes end to end, the inner payload is encapsulated in an outer IP tunnel.

So what happens is the following. I make abstraction of inner payload

SD-WAN CPE2 (v4)
SD-WAN CPE1 (v4) <----------- v4 ---------> GW <-----------------v6 ------------- > SD-WAN CPE3(v6).

Upstream traffic from SD-WAN CPE1
src-ip v4: A1, dst-IP v4 B1 ---------------> mapping < src-Ip v6: C1, dst-ip v6 D1 -----> 

Upstream traffic from SD-WAN CPE2
src-ip v4: A2, dst-IP v4 B1 ---------------> mapping < src-Ip v6: C1, dst-ip v6 D1 ----->

So irrespective of which src-CPE 1 or 2 is sending to the v6 SD-WAN CPE3 will use the same src/dst v6 address

With NAT64 even stateless the src-IP or src-port will be different to ensure you can map the reverse.
This is also used to map private IPv4 to public Ipv4, etc and many other operations.


On 06/11/2018, 14:53, "Gert Doering" <gert@space.net> wrote:

    Hi,
    
    On Tue, Nov 06, 2018 at 01:06:52AM +0000, Henderickx, Wim (Nokia - BE/Antwerp) wrote:
    > Even a NAT64 is not needed. What we do now is we go to a GW (lets call it like this for now) and the GW rewrites the outer header of the tunnel srcIP and dstIP from v4 to v6 or vice versa. It is kind of decap/encap operation on the outer header as if you terminate the tunnel and reinitiate the tunnel. No NAT64 required.
    > 
    
    So how exactly is this different from a NAT64?
    
    "You take off the IPv4 header, put on an IPv6 header, and remember where
    the response packets needs to be sent to"
    
    If you preconfigure the mapping, it's still a NAT64 :-)
    
    Gert Doering
            -- NetMaster
    -- 
    have you enabled IPv6 on something today...?
    
    SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael Emmer
    Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
    D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
    Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279