IETF Logo Mail Archive

Re: [v6ops] NAT64 in RA, draft-ietf-6man-ra-pref64

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Mon, 08 July 2019 21:40 UTC

Return-Path: <prvs=1092a35ad6=jordi.palet@consulintel.es>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0763612030A; Mon, 8 Jul 2019 14:40:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xwZjZE_Sbv8Q; Mon, 8 Jul 2019 14:40:03 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [IPv6:2001:470:1f09:495::5]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD5E612030D; Mon, 8 Jul 2019 14:40:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1562622000; x=1563226800; i=jordi.palet@consulintel.es; q=dns/txt; h=User-Agent:Date: Subject:From:To:CC:Message-ID:Thread-Topic:References: In-Reply-To:Mime-version:Content-type; bh=o5mTtc7GFztiu7H3ujiEIr MtFmMPlA+9bemOLSkfd94=; b=QYEW5xkQbl7nTodQ2AZ0aUas1cu9N6SzQ2pqAR mJX6vvMx3Q/Rhp4LLgHGnXu0QX8VhUTFJUWd/DfYQttCmhNnGV2ywbBY8P74SIVV yh8aSwlw2Fmrw2pyWEnEvnSWDH4i9b4yyCDoHJ35MtEFEdRQtye5XvvnCaSo3VuQ xE6Lc=
X-MDAV-Result: clean
X-MDAV-Processed: mail.consulintel.es, Mon, 08 Jul 2019 23:40:00 +0200
X-Spam-Processed: mail.consulintel.es, Mon, 08 Jul 2019 23:39:59 +0200
Received: from [10.10.10.130] by mail.consulintel.es (MDaemon PRO v16.5.2) with ESMTPA id md50006319620.msg; Mon, 08 Jul 2019 23:39:59 +0200
X-MDRemoteIP: 2001:470:1f09:495:61d7:174e:4fa1:2845
X-MDHelo: [10.10.10.130]
X-MDArrival-Date: Mon, 08 Jul 2019 23:39:59 +0200
X-Authenticated-Sender: jordi.palet@consulintel.es
X-Return-Path: prvs=1092a35ad6=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
User-Agent: Microsoft-MacOutlook/10.10.b.190609
Date: Mon, 08 Jul 2019 23:39:58 +0200
Subject: Re: [v6ops] NAT64 in RA, draft-ietf-6man-ra-pref64
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: IPv6 Operations <v6ops@ietf.org>
CC: 6man <6man@ietf.org>
Message-ID: <6A99AEFF-02D6-4F24-9484-B72745126D70@consulintel.es>
Thread-Topic: [v6ops] NAT64 in RA, draft-ietf-6man-ra-pref64
References: <DM6PR15MB2506C03D1D88F2785B5016C1BBFB0@DM6PR15MB2506.namprd15.prod.outlook.com> <675D1F10-02FF-4AB4-88E3-5A0D95A34ABF@gmail.com> <DM6PR15MB250640D3141DCB2C64789B95BBFA0@DM6PR15MB2506.namprd15.prod.outlook.com> <CAFU7BAROif-44uFy1+oiutsQLiFOa09jM1Ve_8qaqpr1TPLGyQ@mail.gmail.com> <DM6PR15MB2506ABCBD8457003114E60EBBBF50@DM6PR15MB2506.namprd15.prod.outlook.com> <d4d2f637b80544708def95dd77af4d81@boeing.com> <DM6PR15MB2506F92308CA8DA8921BA0A5BBF60@DM6PR15MB2506.namprd15.prod.outlook.com> <CAN-Dau1UvGX+aqGn0ajZN7n1ky-Wvkbd5qb2Y==Em_=fRZeZjg@mail.gmail.com>
In-Reply-To: <CAN-Dau1UvGX+aqGn0ajZN7n1ky-Wvkbd5qb2Y==Em_=fRZeZjg@mail.gmail.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3645473998_1710516189"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Um-35U79J6vYzNncR36L6to_ifQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 21:40:15 -0000

I think there are several possible solutions, but the simpler one seems to be the dual-stack SIP proxies. Another one is draft-ietf-tram-turnbis, which I didn’t knew, until today, is already in the IESG for approval this Thrusday.

Also it can be done with EAM and also as I mention in a previous email via the optimization for 464XLAT. Just uploaded the new version:

 

https://datatracker.ietf.org/doc/draft-palet-v6ops-464xlat-opt-cdn-caches/?include_text=1

 

 

 

 

 

El 8/7/19 19:01, "v6ops en nombre de David Farmer" <v6ops-bounces@ietf.org en nombre de farmer@umn.edu> escribió:

 

 

 

On Mon, Jul 8, 2019 at 10:49 AM Mudric, Dusan (Dusan) <dmudric@avaya.com> wrote:

> -----Original Message-----
> From: Manfredi (US), Albert E <albert.e.manfredi@boeing.com>
> 
> -----Original Message-----
> From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of Mudric, Dusan (Dusan)
> 
> > - How can DNS64 tell IPv6 only client the IP of IPv4 only client, and vice
> versa?
> 
> IPv6 to IPv4 should be straightforward, because it's a one-to-one
> relationship. The other way around would normally not work, 
[Dusan] There is no solution for IPv4only client to reach IPv6only client? 

 

I mostly say, so what! It is an unfortunate reality of today's Internet, because of NAT44 and/or stateful firewall default deny inbound policy, many times clients can't speak to other clients, be they IPv4 only, IPv6 only, or even dual stack. Sometimes firewall traversal technologies can work around this, also depending on the firewall traversal solution used sometimes IPv4 only and IPv6 only clients will be able to talk to each other.  My guess is that IPv4 only to IPv6 only firewall traversal would be less effective than NAT44 client to NAT44 client firewall traversal, but it is should still be possible in some cases. 

 

> but everyone
> has been accustomed to that with IPv4 NAPT already. 
[Dusan] How IPv4 only users (e.g. Avaya IPv4 only phones) can be accustomed not to be able to call IPv6only users (like Apple IPv6 only phones)?

 

They may not be able to talk peer to peer. However, through a dual-stack SIP or other proxies/session border controller, they could probably complete a call. 

 

>The client behind the
> NAPT initiates.
> 
> > Is DNS64 server returning IPv4ony client address to IPv6only client, using
> the A RR?
> 
> The DNS synthesizes the IPv6 address, which has the IPv4 address
> embedded in it.
> 
> > - How can IPv4only client get the address of IPv6only client (or, it is
> impossible for IPv4only client to get IPv6 address of IPv6only client)?
> 
> That's clearly more difficult, which is why the normal course of action is for
> the IPv6 client to initiate the session.
[Dusan] What if IPv4only client needs to initiate the session to IPv6only client? What is the solution for that use case?

 

Many firewall traversal solutions should work in this case, but IPv4 only client to client isn't guaranteed to work in all cases either. 

 

> 
> > - Do these IPv4 and IPv6 client addresses need to be pre-configured on the
> translator and/or DNS64?
> 
> For IPv4 to IPv6, if you must allow the IPv4 client to initiate the session, you'd
> have to have preconfigure something.
[Dusan] Where and how is this configuration done?

> 
> Bert

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------


 

-- 

===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota   
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
=============================================== 

_______________________________________________ v6ops mailing list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops 



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

v2.23.0 | Report a Bug | By Email