Re: [v6ops] NAT64 in RA, draft-ietf-6man-ra-pref64

> On 10 Jul 2019, at 4:43 pm, JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org> wrote:
> 
> We could also suggest governments to apply that law: "your 10 years old device must be updated or you will get a fine". Do you think that's realistic?

Actually yes.  It was clear 10 years ago that IPv4 was dead and IPv6 was the replacement.  The manufacture gambled and lost.

Think about the recent GPS epoch.  Vendors put out updates for otherwise eol’d products to avoid fines for
shipping non fit for purpose equipment.  They all knew or should have known that a GPS epoch would happen in
the life of the product.

The same applies to shipping IPv4 only equipment.

> How the Spanish government apply a fine to a Chinese company? How about devices that were NOT designed to have any kind of firmware update?

I you are in Australia the seller is the one that is primarily responsible.  How they deal with their supply chain is up to them. 

Devices that where not designed to have a firmware update you throw in the bin.  That said, for most of them, the machines they want to contact have IPv4 addresses.

> May vendors or app developers doesn't exist. How you resolve the problem for those? Or governments should pay the renewal of all those devices and apps?

You throw those in the bin as well. 

> Really, I don't think is that easy/feasible!
> 
> Regards,
> Jordi
> @jordipalet
> 
> 
> 
> El 10/7/19 3:54, "v6ops en nombre de Mark Andrews" <v6ops-bounces@ietf.org en nombre de marka@isc.org> escribió:
> 
>    Do we really need to provide a solution?  The manufactures of the devices can update their firmware.  What internet connected device in the house isn’t upgradable?  All the games consoles are.  Printers are.  TV’s are.  Fridges are.  The list goes on.
> 
>    Again this is where governments can force manufactures to do the right thing by their existing customers.
> 
>    Mark
> 
>> On 10 Jul 2019, at 10:28 am, JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org> wrote:
>> 
>> HI Mark,
>> 
>> I will agree with that, and I've actually recommended it to several governments: "ban imports and manufacturing of non-IPv6-ready devices in 12 months, ban sales of older stocks 6 months after that". Same we have done with DTV, for example. It is a basic consumer protection measure.
>> 
>> However, nobody is going to pay for replacement of existing IPv4-only equipment and apps in homes and enterprises, so we still need to provide solutions for those.
>> 
>> Regards,
>> Jordi
>> @jordipalet
>> 
>> 
>> 
>> El 10/7/19 1:27, "Mark Andrews" <marka@isc.org> escribió:
>> 
>>   And the answer to this “problem” is stop buying IPv4-only garbage and deploy IPv6.
>> 
>>   Go talk to your legislators about banning the sale of IPv4-only equipment.  This is where this should be addressed.  Not in the IETF.  IPv6 aware products don’t cost more to produce.
>> 
>>   Having lived through a metrification process, banning the sale of imperial only equipment really helped. It was illegal to sell new cars without kph on the speedometer.  It was illegal to sell new rulers and tape measures which where imperial only.  It was illegal to sell new scales that where imperial only.  All packaging had to be labeled in metric units.  Sometimes governments need to step in and ban products for the greater good.
>> 
>>> On 10 Jul 2019, at 6:24 am, JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org> wrote:
>>> 
>>> Hi Dusan,
>>> 
>>> The problem is that the IPv6-only “remote server” don’t have IPv4 connectivity. Also, it doesn’t have an IPv4 address. Let’s suppose this is a streaming server.
>>> 
>>> The “local” IPv4-only host (let’s suppose is an IPv4-only SmartTV), is connected to a CLAT (this is in the CPE, and the CPE is connected via IPv6-only) to the service provider.
>>> 
>>> The optimization that we are suggesting is using EAM (explicit mapping) to avoid the IPv4 flow from the smartTV to be converted back to IPv4, because the CLAT already converted it to IPv6.
>>> 
>>> If we create a “fake” A record in the streaming server, the CLAT will create an EAMT, so because it believes the streaming service is reachable with IPv4 (which is not), but the “optimized CLAT” will then use the AAAA.
>>> 
>>> So, the flow is:
>>> IPv4 from the smartTV to the CLAT
>>> IPv6 from the CLAT to the streaming service
>>> 
>>> In normal conditions, if the streaming service is really dual-stack and we don’t have optimization (the “actual” 464XLAT protocol), it will be:
>>> 
>>> IPv4 from the smartTV to the CLAT
>>> IPv6 from the CLAT to the NAT64
>>> IPv4 from the NAT64 to the streaming service
>>> 
>>> If the streaming service is IPv6 only, with the actual 464XLAT protocol, this connectivity is not possible.
>>> 
>>> You see the point?
>>> 
>>> Please take a look at the document, I think is well described, otherwise provide suggestions about what you believe is not clear enough and we will make sure to improve the text and drawings!
>>> 
>>> By the way, I’m talking here about “approach 2”, which I think is the best solution.
>>> 
>>> Regards,
>>> Jordi
>>> 
>>> @jordipalet
>>> 
>>> 
>>> 
>>> 
>>> El 9/7/19 22:05, "v6ops en nombre de Mudric, Dusan (Dusan)" <v6ops-bounces@ietf.org en nombre de dmudric@avaya.com> escribió:
>>> 
>>> Hi Jordi,
>>> 
>>> Are you saying your draft  “464XLAT Optimization” will provide IPv4only app to IPv6only app communication like this?
>>> 
>>> 
>>>                 +-------+     .-----.                   
>>>                 | IPv6  |    /       \                
>>>     .-----.     |  CE   |   /  IPv6-  \     .-----.    
>>>    / IPv4- \    |  or   +--(   only    )---( NAT64 )
>>>   /  only   \   |  UE   |   \  Access /\    `-----'     
>>>  (  SmartTV  )--+       |    \       /  \             
>>>   \   STB   /   | with  |     `--+--'    \   .-----.      
>>>    \ VoIP  /    | NAT46 |        |        \ /       \
>>>     `-----'     | CLAT  |    +---+----+    /  IPv6   \      .--+--.
>>>                 |       |    |  DNS/  |   (  Internet )IPv6/ IPv6- \
>>>                 +-------+    |  DNS64 |    \         /----/  only   \
>>>                              +--------+     \       /    (           )
>>>                                              `-----'      \  APP    /
>>>                                                            \       /
>>>                                                             `-----'
>>>  <------------------------ IPv4 to IPv6 flow ------------------------>
>>> 
>>> What did not work so far and what had to be added in your draft to make this flow work?
>>> 
>>> How can IPv6-only APP get the IPV4 public address, used by NAT_translator, when sending a packet from IPv6-ony APP to IPv4-only APP? This IPv4 address is the same destination IPv4 address to which IPv4-only APP sends a packet towards IPv6-only APP ( 192.0.2.2. address in Jen’s example).
>>> 
>>> Thanks,
>>> Dusan.
>>> 
>>> From: v6ops <v6ops-bounces@ietf.org> On Behalf Of JORDI PALET MARTINEZ
>>> Sent: Monday, July 8, 2019 5:40 PM
>>> To: IPv6 Operations <v6ops@ietf.org>
>>> Cc: 6man <6man@ietf.org>
>>> Subject: Re: [v6ops] NAT64 in RA, draft-ietf-6man-ra-pref64
>>> 
>>> I think there are several possible solutions, but the simpler one seems to be the dual-stack SIP proxies. Another one is draft-ietf-tram-turnbis, which I didn’t knew, until today, is already in the IESG for approval this Thrusday.
>>> 
>>> Also it can be done with EAM and also as I mention in a previous email via the optimization for 464XLAT. Just uploaded the new version:
>>> 
>>> 
>>> https://datatracker.ietf.org/doc/draft-palet-v6ops-464xlat-opt-cdn-caches/?include_text=1
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> El 8/7/19 19:01, "v6ops en nombre de David Farmer" <v6ops-bounces@ietf.org en nombre de farmer@umn.edu> escribió:
>>> 
>>> 
>>> 
>>> On Mon, Jul 8, 2019 at 10:49 AM Mudric, Dusan (Dusan) <dmudric@avaya.com> wrote:
>>>>> -----Original Message-----
>>>>> From: Manfredi (US), Albert E <albert.e.manfredi@boeing.com>
>>>>> 
>>>>> -----Original Message-----
>>>>> From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of Mudric, Dusan (Dusan)
>>>>> 
>>>>>> - How can DNS64 tell IPv6 only client the IP of IPv4 only client, and vice
>>>>> versa?
>>>>> 
>>>>> IPv6 to IPv4 should be straightforward, because it's a one-to-one
>>>>> relationship. The other way around would normally not work, 
>>>> [Dusan] There is no solution for IPv4only client to reach IPv6only client? 
>>> 
>>> I mostly say, so what! It is an unfortunate reality of today's Internet, because of NAT44 and/or stateful firewall default deny inbound policy, many times clients can't speak to other clients, be they IPv4 only, IPv6 only, or even dual stack. Sometimes firewall traversal technologies can work around this, also depending on the firewall traversal solution used sometimes IPv4 only and IPv6 only clients will be able to talk to each other.  My guess is that IPv4 only to IPv6 only firewall traversal would be less effective than NAT44 client to NAT44 client firewall traversal, but it is should still be possible in some cases. 
>>> 
>>>>> but everyone
>>>>> has been accustomed to that with IPv4 NAPT already. 
>>>> [Dusan] How IPv4 only users (e.g. Avaya IPv4 only phones) can be accustomed not to be able to call IPv6only users (like Apple IPv6 only phones)?
>>> 
>>> They may not be able to talk peer to peer. However, through a dual-stack SIP or other proxies/session border controller, they could probably complete a call. 
>>> 
>>>>> The client behind the
>>>>> NAPT initiates.
>>>>> 
>>>>>> Is DNS64 server returning IPv4ony client address to IPv6only client, using
>>>>> the A RR?
>>>>> 
>>>>> The DNS synthesizes the IPv6 address, which has the IPv4 address
>>>>> embedded in it.
>>>>> 
>>>>>> - How can IPv4only client get the address of IPv6only client (or, it is
>>>>> impossible for IPv4only client to get IPv6 address of IPv6only client)?
>>>>> 
>>>>> That's clearly more difficult, which is why the normal course of action is for
>>>>> the IPv6 client to initiate the session..
>>>> [Dusan] What if IPv4only client needs to initiate the session to IPv6only client? What is the solution for that use case?
>>> 
>>> Many firewall traversal solutions should work in this case, but IPv4 only client to client isn't guaranteed to work in all cases either. 
>>> 
>>>>> 
>>>>>> - Do these IPv4 and IPv6 client addresses need to be pre-configured on the
>>>>> translator and/or DNS64?
>>>>> 
>>>>> For IPv4 to IPv6, if you must allow the IPv4 client to initiate the session, you'd
>>>>> have to have preconfigure something.
>>>> [Dusan] Where and how is this configuration done?
>>>> 
>>>>> 
>>>>> Bert
>>>> 
>>>> --------------------------------------------------------------------
>>>> IETF IPv6 working group mailing list
>>>> ipv6@ietf.org
>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>> --------------------------------------------------------------------
>>> 
>>> 
>>> -- 
>>> ===============================================
>>> David Farmer               Email:farmer@umn.edu
>>> Networking & Telecommunication Services
>>> Office of Information Technology
>>> University of Minnesota   
>>> 2218 University Ave SE        Phone: 612-626-0815
>>> Minneapolis, MN 55414-3029   Cell: 612-812-9952
>>> =============================================== 
>>> _______________________________________________ v6ops mailing list v6ops@ietf.orghttps://www.ietf.org/mailman/listinfo/v6ops
>>> 
>>> **********************************************
>>> IPv4 is over
>>> Are you ready for the new Internet ?
>>> http://www.theipv6company.com
>>> The IPv6 Company
>>> 
>>> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
>>> 
>>> _______________________________________________ v6ops mailing list v6ops@ietf.orghttps://www.ietf.org/mailman/listinfo/v6ops
>>> 
>>> **********************************************
>>> IPv4 is over
>>> Are you ready for the new Internet ?
>>> http://www.theipv6company.com
>>> The IPv6 Company
>>> 
>>> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
>>> 
>>> _______________________________________________
>>> v6ops mailing list
>>> v6ops@ietf.org
>>> https://www.ietf.org/mailman/listinfo/v6ops
>> 
>>   -- 
>>   Mark Andrews, ISC
>>   1 Seymour St., Dundas Valley, NSW 2117, Australia
>>   PHONE: +61 2 9871 4742              INTERNET: marka@isc.org
>> 
>> 
>> 
>> 
>> 
>> **********************************************
>> IPv4 is over
>> Are you ready for the new Internet ?
>> http://www.theipv6company.com
>> The IPv6 Company
>> 
>> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
>> 
>> 
>> 
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org
>> https://www.ietf.org/mailman/listinfo/v6ops
> 
>    -- 
>    Mark Andrews, ISC
>    1 Seymour St., Dundas Valley, NSW 2117, Australia
>    PHONE: +61 2 9871 4742              INTERNET: marka@isc.org
> 
>    _______________________________________________
>    v6ops mailing list
>    v6ops@ietf.org
>    https://www.ietf.org/mailman/listinfo/v6ops
> 
> 
> 
> 
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
> 
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
> 
> 
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org