Re: NATLL6 [was Re: Forwarding Packets With Link Local Destination Addresses]

Fernando Gont <fgont@si6networks.com> Fri, 08 January 2021 20:25 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 771CC3A129E for <ipv6@ietfa.amsl.com>; Fri, 8 Jan 2021 12:25:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.15
X-Spam-Level:
X-Spam-Status: No, score=-2.15 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.262, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LuFmcKNNGqcj for <ipv6@ietfa.amsl.com>; Fri, 8 Jan 2021 12:25:20 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 351263A13C9 for <ipv6@ietf.org>; Fri, 8 Jan 2021 12:23:58 -0800 (PST)
Received: from [IPv6:2800:810:464:8164:3400:4349:e14e:69bc] (unknown [IPv6:2800:810:464:8164:3400:4349:e14e:69bc]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id C695C2846A9; Fri, 8 Jan 2021 20:23:54 +0000 (UTC)
Subject: Re: NATLL6 [was Re: Forwarding Packets With Link Local Destination Addresses]
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Alejandro Acosta <alejandroacostaalamo@gmail.com>, ipv6@ietf.org
References: <DM6PR05MB6348A18046C5DDC7CF2AED76AEAF0@DM6PR05MB6348.namprd05.prod.outlook.com> <561e3133-73c9-6ded-0311-838d5939dcd2@gmail.com> <605db208-e458-58ec-5872-932e0b9f9b38@gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <d850466d-d28b-c0b7-c797-b6c124949ec8@si6networks.com>
Date: Fri, 8 Jan 2021 16:51:12 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <605db208-e458-58ec-5872-932e0b9f9b38@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Btm4jE-_mNQ3aBdmD1LQZ2qDF-c>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jan 2021 20:25:24 -0000

On 8/1/21 16:37, Brian E Carpenter wrote:
[...]
>>>
>>> I interpret this statement to include packets that contain routing headers. For example, it forbids an SRv6 packet whose final segment has a locator that begins with FE80.
>>>
>>    In LACNIC we ran a project called Natmeter [1] for about 2 years, we obtained a lot of interesting data during this period [2].
>>
>>    The case is the following, we detected some end-user devices with only Link Local addresses (exactly, no GUA nor ULA) that were successfully natted and using the web.
>>
>>    Is it ok?, do you consider it as a forwarding of a packet? was it a crazy result? (we saw few samples of this)
> 
> NAT66 is not defined and not recommended, so there really isn't an answer to your questions. I can't think of a reason why such a hack wouldn't work, though. As long as the LL address is translated, it will not escape from the LAN.

I would expect that something else (other than IPv6 NAT) is going on. IN 
that sense, it would be interesting to know more details about the 
methodology they employ to measure the use of NATs.

Thanks!

Regards,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492