Re: IPv6 only host NAT64 requirements?

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 22 November 2017 00:01 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 511BB129BF5 for <ipv6@ietfa.amsl.com>; Tue, 21 Nov 2017 16:01:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vPLLcQFiKKU4 for <ipv6@ietfa.amsl.com>; Tue, 21 Nov 2017 16:01:45 -0800 (PST)
Received: from mail-pg0-x235.google.com (mail-pg0-x235.google.com [IPv6:2607:f8b0:400e:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFD27129BF3 for <ipv6@ietf.org>; Tue, 21 Nov 2017 16:01:44 -0800 (PST)
Received: by mail-pg0-x235.google.com with SMTP id z184so11488044pgd.13 for <ipv6@ietf.org>; Tue, 21 Nov 2017 16:01:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=WGLVQDX8rVCEpzYV6R7ftZJkrD9jLjWlwKR1VW1xuQ4=; b=AdnrdjU4zNDMLUEqhahJWJFeX/6tXoZ0TOnqhihacpqVJDqhZ9UnWalrA2WazplGqC c0jmk5Rk4+rGj1OHAF809RTpN2I5DiWM7TYHKG5aNFjTq9pp3bu4BFH2RO2S/fV+aHwe SgpI78hEyEV6M+se+Du1l3ejVUsfzI9F5xx2lOsW1NsaxBOlidAWoOB7kQc63ZUodjm9 TzqPyIyVq9cNQn8cpmGl/swC3Kd+94MxQeefd5V6ZoqnqyBGNR9UExatvLZFORtkxOOH aeHRl6XnPrO7WnRrTtpVXDgcRwAOt8qQIGlFV0/goAoCR4juPRqCmBUuMt49CJDHassP 8qkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=WGLVQDX8rVCEpzYV6R7ftZJkrD9jLjWlwKR1VW1xuQ4=; b=KKs0jH2ST67Hvyrr2sBk/JE/wNgeVlf5vUFiY2GYMWXrx1zDC861epkCp/IvJhQuvK aS3Ep9vVQ2pkNDBvLHZbsNbejgII8YqTCSbqZCEZc9/sM6pN+/vZndQ0bujnR6lCaMFB MZCbWJvoecE7/x2X2VHapD/s4mpgixaiFYqIHfCvRD7q6Vr/xfmapUO47mZTUA62kgca DuPlD4xBqbDOfpyTtQE3Jpjk/O9gagYqZfQeMYMFT20N6gUgKCZSRkLE2gH9I4IJjtzZ +jGISw4jTwRuP5eorOX/W2dgTBJhRGEgk7D+MqSVMQp/i2UIBbMY3QjdMiCE9w0G8Ii/ joGg==
X-Gm-Message-State: AJaThX7J5+7S0+RO6hfrVFjUdYUqduA9VpQT+O7Rd85fZUU7Mu7QhpmH 6GCx48cfJ9BQKl6ZZwekeWPziz5+
X-Google-Smtp-Source: AGs4zMYDyiwamSDE9LFZBDbi2cWbXUFYqvwYr/nvgCxZdgn+qXAFiLdq7WCJE/9ffQKtVl83/1wtbQ==
X-Received: by 10.99.163.25 with SMTP id s25mr18911865pge.310.1511308904032; Tue, 21 Nov 2017 16:01:44 -0800 (PST)
Received: from ?IPv6:2406:e007:6f17:1:28cc:dc4c:9703:6781? ([2406:e007:6f17:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id a78sm26659314pfl.155.2017.11.21.16.01.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Nov 2017 16:01:42 -0800 (PST)
Subject: Re: IPv6 only host NAT64 requirements?
To: Ola Thoresen <ola@nlogic.no>, ipv6@ietf.org
References: <m1eEGbJ-0000EhC@stereo.hq.phicoh.net> <D42D8D7A-6D19-4862-9BB3-4913058A83B6@employees.org> <CAFU7BARCLq9eznccEtkdnKPAtKNT7Mf1bW0uZByPvxtiSrv6EQ@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93300A07AD68@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <CAFU7BARoXgodiTJfTGc1dUfQ8-ER_r8UOE1c3h-+G0KTeCgBew@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93300A07C625@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <7EE41034-132E-45F0-8F76-6BA6AFE3E916@employees.org> <787AE7BB302AE849A7480A190F8B93300A07D481@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <0C83562D-859B-438C-9A90-2480BB166737@employees.org> <787AE7BB302AE849A7480A190F8B93300A07D534@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <26A31D20-46C2-473E-9565-59E5BA85ED8B@employees.org> <787AE7BB302AE849A7480A190F8B93300A07D63D@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <F9E3BD88-38E0-4329-A4BF-22083A023268@employees.org> <f673d6c7-570e-b2b8-e8aa-15d73ea8ba3f@gmail.com> <46365c7f-f9e9-0559-9f09-d6b565ff7f99@nlogic.no>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <0a13ea07-6b60-9ae6-659e-c054acdc156d@gmail.com>
Date: Wed, 22 Nov 2017 13:01:44 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <46365c7f-f9e9-0559-9f09-d6b565ff7f99@nlogic.no>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/J9QGFmpNfYagt5dzHv-Xl0R0jns>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 00:01:46 -0000

in line...

On 21/11/2017 22:40, Ola Thoresen wrote:
> On 20. nov. 2017 20:37, Brian E Carpenter wrote:
> 
>> On 21/11/2017 02:36, Ole Troan wrote:
>> ...>> [Med] These are generic statements, Ole. We are talking about the IETF case.
>>>> * The IETF has no control on the hosts that connect to the IETF network,
>>>> * IETF attendees who are using corporate devices, have no control on these hosts
>>>>
>>>> So, how forcing devices to use "IPv6+nat64" will help here?
>>> Eat own dogfood. Many IETF people are developers or work for companies having applications not working.
>>> As I said there were a minimum of applications that didn't work. Corporate VPNs largely did. Jen has the final numbers.
>> However, as long as even one application, such as one VPN, or one
>> literal IPv4 address, fails, that represents millions of failure cases
>> if we consider the whole world (e.g. imagine every hotel network in
>> the world running IPv6+NAT64 only). That simply isn't viable. Dual
>> stack in every hotel room in the world is viable, from the hotel guests'
>> point of view. Operators might not like it, but users wouldn't care.
> 
> In hotel rooms and other "public" or "guest" networks, there are so many 
> things that fail already, due to NAT, misconfigured firewalls, 
> unmaintained blocklists, SSL-proxies and whatnot, so you can hardly 
> expect any services other than basic web-surfing without https to work.
> Not that this is an ideal situation today, but i do not believe that "if 
> even one VPN or one liter IPv4 address fails" should be a showstopper 
> for introducing this.

Hotels won't make that choice, but the providers of hotel networks will,
entirely based on their perception of the number of help desk calls
they will have to handle for any given change. Since they haven't even
made the move from IPv4 to dual stack, I think we'll wait a long time
before they attempt any form of IPv6-only. Sad but true.

> Possibly, or even probably, introducing IPv6 (-only and NAT64) will even 
> make the situation better for a lot of people, as you get rid of all the 
> horrible NAT solutions for services that are already dual stacked.

But those horrible NAT solutions are up and running today. For this
class of operator, any change is bad news, unfortunately. What is their
incentive to make such a change?

    Brian