Re: IPv6 only host NAT64 requirements?

Ole Troan <otroan@employees.org> Mon, 20 November 2017 14:27 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5E66129AA3 for <ipv6@ietfa.amsl.com>; Mon, 20 Nov 2017 06:27:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vM-lETvXio1o for <ipv6@ietfa.amsl.com>; Mon, 20 Nov 2017 06:27:50 -0800 (PST)
Received: from accordion.employees.org (accordion.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0B48129A9C for <ipv6@ietf.org>; Mon, 20 Nov 2017 06:27:50 -0800 (PST)
Received: from h.hanazo.no (unknown [173.38.220.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by accordion.employees.org (Postfix) with ESMTPSA id 6AE842D513A; Mon, 20 Nov 2017 14:27:50 +0000 (UTC)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by h.hanazo.no (Postfix) with ESMTP id DF4A0200CB3166; Mon, 20 Nov 2017 15:27:44 +0100 (CET)
From: Ole Troan <otroan@employees.org>
Message-Id: <653854F1-4F76-42AD-B476-FBA0C7858D9C@employees.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_34CD0AE9-2BDB-446B-A521-CF37FF8FAC66"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\))
Subject: Re: IPv6 only host NAT64 requirements?
Date: Mon, 20 Nov 2017 15:27:43 +0100
In-Reply-To: <29312.1511186682@obiwan.sandelman.ca>
Cc: 6man WG <ipv6@ietf.org>
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <m1eEGbJ-0000EhC@stereo.hq.phicoh.net> <D43E103C-27B8-48CF-B801-ACCF9B42533E@employees.org> <m1eEHPS-0000FyC@stereo.hq.phicoh.net> <59B0BEC0-D791-4D75-906C-84C5E423291B@employees.org> <m1eEIGX-0000FjC@stereo.hq.phicoh.net> <73231F8D-498E-4C77-8DA8-044365368FC9@isc.org> <CAKD1Yr1aFwF_qZVp5HbRbKzcOGqn==MRe_ewaA8Qc8t3+CVu_Q@mail.gmail.com> <44A862B7-7182-4B3A-B46E-73065FC4D852@isc.org> <D42D8D7A-6D19-4862-9BB3-4913058A83B6@employees.org> <CAFU7BARCLq9eznccEtkdnKPAtKNT7Mf1bW0uZByPvxtiSrv6EQ@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93300A07AD68@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <CAFU7BARoXgodiTJfTGc1dUfQ8-ER_r8UOE1c3h-+G0KTeCgBew@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93300A07C625@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <7EE41034-132E-45F0-8F76-6BA6AFE3E916@employees.org> <787AE7BB302AE849A7480A190F8B93300A07D481@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <0C83562D-859B-438C-9A90-2480BB166737@employees.org> <29312.1511186682@obiwan.sandelman.ca>
X-Mailer: Apple Mail (2.3445.4.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/YT1cO0Qrmc25t5m35OrEjNPDM6k>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Nov 2017 14:27:53 -0000

Michael,

At the risk of making the 6man list into behave...

>>> NAT64 "A" ----- IPv4-only servers in a data center
>>> /
>>> IPv6-only node---<
>>> \
>>> NAT64 "B" ----- IPv4 Internet
> 
>> Firstly this seems like it is over engineered. Has anyone actually
>> deployed NAT64 this way?
> 
> Yes, it's a really good way to deal with overlapping RFC1918 ranges (used for
> managing devices) in different data centers. (The boot server is always at
> 192.168.1.2, the serial console is always at 192.168.1.3, etc.)
> 
> I've done this as far back as 2008 (with "NAT64" being implemented by a TCP
> proxy terminating the entire IPv6/32)
> 
> I didn't have to pick the right source address, but I can see how this might
> be an issue.

Right, but how would a host know which NAT64 prefix to combine 192.168.1.2 with?

Cheers,
Ole