Re: IPv6 only host NAT64 requirements?

Ola Thoresen <> Tue, 21 November 2017 09:40 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 68AFD12944A for <>; Tue, 21 Nov 2017 01:40:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id pl1f6S8BCEA7 for <>; Tue, 21 Nov 2017 01:40:20 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AES256-SHA256 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8AEF3120227 for <>; Tue, 21 Nov 2017 01:40:19 -0800 (PST)
Received: from dware1044.doorway.loc ( by ( with Microsoft SMTP Server (TLS) id 15.0.1293.2; Tue, 21 Nov 2017 10:40:13 +0100
Received: from ( by dware1044.doorway.loc ( with Microsoft SMTP Server (TLS) id 15.0.1293.2; Tue, 21 Nov 2017 10:40:13 +0100
Subject: Re: IPv6 only host NAT64 requirements?
To: <>
References: <> <> <> <> <787AE7BB302AE849A7480A190F8B93300A07AD68@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B93300A07C625@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B93300A07D481@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B93300A07D534@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B93300A07D63D@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <> <>
From: Ola Thoresen <>
Message-ID: <>
Date: Tue, 21 Nov 2017 10:40:13 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Originating-IP: []
X-ClientProxiedBy: DWARE1041.doorway.loc ( To dware1044.doorway.loc (
Archived-At: <>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 21 Nov 2017 09:40:22 -0000

On 20. nov. 2017 20:37, Brian E Carpenter wrote:

> On 21/11/2017 02:36, Ole Troan wrote:
> ...>> [Med] These are generic statements, Ole. We are talking about the IETF case.
>>> * The IETF has no control on the hosts that connect to the IETF network,
>>> * IETF attendees who are using corporate devices, have no control on these hosts
>>> So, how forcing devices to use "IPv6+nat64" will help here?
>> Eat own dogfood. Many IETF people are developers or work for companies having applications not working.
>> As I said there were a minimum of applications that didn't work. Corporate VPNs largely did. Jen has the final numbers.
> However, as long as even one application, such as one VPN, or one
> literal IPv4 address, fails, that represents millions of failure cases
> if we consider the whole world (e.g. imagine every hotel network in
> the world running IPv6+NAT64 only). That simply isn't viable. Dual
> stack in every hotel room in the world is viable, from the hotel guests'
> point of view. Operators might not like it, but users wouldn't care.

In hotel rooms and other "public" or "guest" networks, there are so many 
things that fail already, due to NAT, misconfigured firewalls, 
unmaintained blocklists, SSL-proxies and whatnot, so you can hardly 
expect any services other than basic web-surfing without https to work.
Not that this is an ideal situation today, but i do not believe that "if 
even one VPN or one liter IPv4 address fails" should be a showstopper 
for introducing this.
Possibly, or even probably, introducing IPv6 (-only and NAT64) will even 
make the situation better for a lot of people, as you get rid of all the 
horrible NAT solutions for services that are already dual stacked.


Ola Thoresen