Re: IPv6 only host NAT64 requirements?

Tim Chown <Tim.Chown@jisc.ac.uk> Mon, 13 November 2017 13:08 UTC

Return-Path: <tim.chown@jisc.ac.uk>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A104E129422 for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 05:08:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.32
X-Spam-Level:
X-Spam-Status: No, score=-4.32 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jisc.ac.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CVd2-nAffy3E for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 05:08:17 -0800 (PST)
Received: from eu-smtp-delivery-189.mimecast.com (eu-smtp-delivery-189.mimecast.com [207.82.80.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EB7D129418 for <ipv6@ietf.org>; Mon, 13 Nov 2017 05:08:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jisc.ac.uk; s=mimecast20170213; t=1510578495; h=from:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:in-reply-to:references; bh=4/wHorB2pGF+VbO9TR/U9bpCWfeNvjMzDoqOdQjzHcc=; b=bwxD40x1EJC5t4t8HNzJQstepkWiD22JViQlO38oe1AcVjdtw/GTMIDu8tEB/T9nHDejU6LQDfdXoJlTb7rmJimkdEopgcYcuBRXWkRYC0KxyL95KHgNnjZyUKXsQyCbmJ1uDBCtY9uKuY1skNIwt8YNQiFviQv18ovYGATZPOA=
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01lp0215.outbound.protection.outlook.com [213.199.154.215]) (Using TLS) by eu-smtp-1.mimecast.com with ESMTP id uk-mta-56-yEvg0xbAMoeB2Pelo6pHSQ-1; Mon, 13 Nov 2017 13:08:13 +0000
Received: from AM3PR07MB1140.eurprd07.prod.outlook.com (10.163.188.14) by AM3PR07MB1137.eurprd07.prod.outlook.com (10.163.188.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.239.4; Mon, 13 Nov 2017 13:08:12 +0000
Received: from AM3PR07MB1140.eurprd07.prod.outlook.com ([fe80::d9b7:5aa5:5084:74c2]) by AM3PR07MB1140.eurprd07.prod.outlook.com ([fe80::d9b7:5aa5:5084:74c2%13]) with mapi id 15.20.0239.005; Mon, 13 Nov 2017 13:08:12 +0000
From: Tim Chown <Tim.Chown@jisc.ac.uk>
To: Ole Troan <otroan@employees.org>, Timothy Winters <twinters@iol.unh.edu>
CC: 6man WG <ipv6@ietf.org>
Subject: Re: IPv6 only host NAT64 requirements?
Thread-Topic: IPv6 only host NAT64 requirements?
Thread-Index: AQHTXCpXJ0TGvGV100ygbRReFshDs6MSSJWA
Date: Mon, 13 Nov 2017 13:08:12 +0000
Message-ID: <6445323B-FFE4-4A3E-9EFB-9F4D05BED0D5@jisc.ac.uk>
References: <6755862C-AA12-45B4-98B8-EF6D9F90898B@employees.org>
In-Reply-To: <6755862C-AA12-45B4-98B8-EF6D9F90898B@employees.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.4.7)
x-originating-ip: [2001:a88:d510:1101:e565:a751:53f4:fd9a]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM3PR07MB1137; 20:rv5kydpUoikaXe5lMzEWRBg4/KCIEO7PEtuTlO0SwVoG9NzcTGK9QBDIuyWKnbH6LfxaFxuvUu9c+AUJ2zMQuXbYjVDEoKvslp8TUo/xXWlPVNJ6TwTA+rksoI3N5XSwGJKqzkOUuAenPbRPjCSW4o3doEdWiol5uk2Y5CbA9Is=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: c20e2412-6668-4847-d2e5-08d52a979836
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:AM3PR07MB1137;
x-ms-traffictypediagnostic: AM3PR07MB1137:
x-microsoft-antispam-prvs: <AM3PR07MB11376BC49D33F177CBAE7C69D62B0@AM3PR07MB1137.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(278428928389397);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(3002001)(3231022)(6041248)(20161123564025)(20161123562025)(201703131423075)(201702281529075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM3PR07MB1137; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM3PR07MB1137;
x-forefront-prvs: 0490BBA1F0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(199003)(189002)(24454002)(53546010)(966005)(81156014)(81166006)(72206003)(76176999)(36756003)(786003)(478600001)(6486002)(99286004)(7736002)(86362001)(4326008)(82746002)(106356001)(316002)(8936002)(5660300001)(83716003)(33656002)(101416001)(25786009)(105586002)(14454004)(189998001)(50986999)(8676002)(2171002)(6506006)(6246003)(3660700001)(3280700002)(6436002)(2906002)(5250100002)(110136005)(74482002)(2900100001)(229853002)(2950100002)(6116002)(68736007)(102836003)(97736004)(6512007)(6306002)(305945005)(42882006)(53936002)(50226002)(57306001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM3PR07MB1137; H:AM3PR07MB1140.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-ID: <250D07244AC2BE4191E6920EF0556412@eurprd07.prod.outlook.com>
MIME-Version: 1.0
X-OriginatorOrg: jisc.ac.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: c20e2412-6668-4847-d2e5-08d52a979836
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2017 13:08:12.4326 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 48f9394d-8a14-4d27-82a6-f35f12361205
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR07MB1137
X-MC-Unique: yEvg0xbAMoeB2Pelo6pHSQ-1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/QoHx_O2vCYRQXSbMe4rfxCXgO1E>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 13:08:25 -0000

Hi,

> On 13 Nov 2017, at 02:50, Ole Troan <otroan@employees.org>; wrote:
> 
> At the hackathon there was quite a bit of testing of IPv6 only hosts with access to the IPv4 network via a NAT64.
> 
> While many applications work well on a classic IPv6 only host, there are a few things required to make all applications work.
> 
> - Must be able to do NAT64 prefix discovery (RFC6052)
> - Synthesise IPv6 address from an IPv4 literal (RFC7050)
> 
> This is to be able to deal with IPv4 address literals. Which are common in protocols like SIP/ICE/STUN.
> These can be implemented directly in applications, or it can be implemented in the host stack (although application might still have to change).
> 
> - Should do local DNS64 to support DNSSEC (RFC6147)
> (if you do validation).
> 
> A DNS64 service in the network looks like a man in the middle attack, so to support DNSSEC, validation should happen before synthesizing, and must be done on the host itself.
> 
> If this is the direction we want to go. Encourage IPv6 only host deployments (as opposed to dual stack hosts), are these requirements we'd like to add to the IPv6 node requirements document? Somewhere else?

draft-ietf-6man-rfc6434-bis-02 includes a (very short) Section 10 on transition, see https://tools.ietf.org/html/draft-ietf-6man-rfc6434-bis-02#section-10

If someone wishes to propose text in a new section 10.2 on “IPv6-only” operation, we could include that if the WG agrees.  This could be something for TimW to add as a question when the draft is presented in 6man.

Tim