IETF Logo Mail Archive

Re: NAT64 in RA, draft-ietf-6man-ra-pref64

Mark Andrews <marka@isc.org> Sat, 29 June 2019 21:50 UTC

Return-Path: <marka@isc.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B22F4120026 for <ipv6@ietfa.amsl.com>; Sat, 29 Jun 2019 14:50:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.898
X-Spam-Level:
X-Spam-Status: No, score=-6.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ru3GLhZdxaDy for <ipv6@ietfa.amsl.com>; Sat, 29 Jun 2019 14:50:43 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6098120025 for <6man@ietf.org>; Sat, 29 Jun 2019 14:50:43 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id EB68A3AB007; Sat, 29 Jun 2019 21:50:42 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id D5E4D160070; Sat, 29 Jun 2019 21:50:42 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id B4B1E16006F; Sat, 29 Jun 2019 21:50:42 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id QA9oqoaOaWXc; Sat, 29 Jun 2019 21:50:42 +0000 (UTC)
Received: from [172.30.42.88] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 16CFA160043; Sat, 29 Jun 2019 21:50:42 +0000 (UTC)
Content-Type: multipart/alternative; boundary="Apple-Mail-4DD20C28-FE6A-4BD1-AF2B-D0721E7D4960"
Mime-Version: 1.0 (1.0)
Subject: Re: NAT64 in RA, draft-ietf-6man-ra-pref64
From: Mark Andrews <marka@isc.org>
X-Mailer: iPhone Mail (16F203)
In-Reply-To: <CAKD1Yr0sKOc-yhWosq6LCHRoufOeTWyKEge9w8WeQabQYsfgyA@mail.gmail.com>
Date: Sun, 30 Jun 2019 07:50:37 +1000
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, Jen Linkova <furry13@gmail.com>, 6man <6man@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <F01178F0-724F-4E74-A959-2B1C77B2AC09@isc.org>
References: <12187.1558972629@localhost> <D3C7EB41-02E8-48D6-9335-26A041FD64C2@isc.org> <00C00FE5-C7CD-4B99-A2C9-CCBFCB1E4850@isc.org> <CAFU7BASfJ4YS6xBzK8hNJRSMnFZmdn3VE5A=sPCC3JqRa8SQEQ@mail.gmail.com> <EC63A89D-26CD-4093-8814-4461B6D3D327@isc.org> <CAFU7BASsAwitEc==Zj6qT4izy-tFosg23DHXFVVzOixidEfMFA@mail.gmail.com> <CAKD1Yr3jDTS25ERGZYDDM9yRRTxEfY4Ltcd-QgFNor6ze2G7xA@mail.gmail.com> <6053.1561748461@localhost> <CAKD1Yr0sKOc-yhWosq6LCHRoufOeTWyKEge9w8WeQabQYsfgyA@mail.gmail.com>
To: Lorenzo Colitti <lorenzo@google.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Qqgpi8CRq1QtNwMSDkKlM1NXPeo>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Jun 2019 21:50:46 -0000

Well the information in needed the moment you use the DNS64 prefix anywhere else than in the setup for a virtual interface.  The only reason you can get away with it in that scenario is that the routing table acts as a filter and only then if you have the node learning the routes and it is not relying on default to reach the rest of the internal subnets. 

Adding it in a second option also increases the RA overhead. Your main objection it that it increases the size of the RA option but you want to add the overhead of a second RA option.

Go try and set up a validating DNS64 server on a tethered host and see if you can.  Note everything you need to guess when you configure it.  Include some local printers in the DNS and try to print to them. Point the clients on this node at this DNS64 server. Now consider that you need to automate that. 

This is today. This is what the DNS64 RFC expects clients to do. 
-- 
Mark Andrews

> On 29 Jun 2019, at 10:38, Lorenzo Colitti <lorenzo@google.com> wrote:
> 
>> On Sat, 29 Jun 2019, 04:01 Michael Richardson, <mcr+ietf@sandelman.ca> wrote:
>>     > As a co-author, I don't see a real operational need for this at the moment.
>>     > Why is this not something that we can define later on in its own draft,
>>     > once we get more support for it and consensus that it is a useful thing to
>>     > do?
>> 
>> I'm not okay with this: I'd really like to be able to specify this in an RFP.
>> I'm okay with the mechanism being optional to support.
> 
> 
> That was not my point. My point was: why does this functionality need to be in this option? Why does it need to be in this draft? For example - why can't you and Mark submit a separate draft - at your earliest convenience - defining a new RA option to do this?
> 
> Particularly given that you're saying this would be optional to implement, it seems natural to have two different options.
>

v2.23.0 | Report a Bug | By Email