IETF Logo Mail Archive

Re: IPv6 only host NAT64 requirements?

"Rajiv Asati (rajiva)" <rajiva@cisco.com> Mon, 13 November 2017 13:27 UTC

Return-Path: <rajiva@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8D80129445 for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 05:27:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.519
X-Spam-Level:
X-Spam-Status: No, score=-14.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YdJz_MJRVl51 for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 05:27:12 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A86ED1243F3 for <ipv6@ietf.org>; Mon, 13 Nov 2017 05:27:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10023; q=dns/txt; s=iport; t=1510579632; x=1511789232; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=pgzNiH8LwYoNdFYIjF8LpE6Fqpdl/uqW6BqsiAkjz0Q=; b=en7owTnSk8eWkUixAfbMj43fRGrSiLmJwrzDaIMKg/QhArXBYIhYzfB8 AuaJJ917lSOXhkf2C3Hm63u5D4bavbaAfcpTeWErvmJhfx5QqZqZG7acg rnO/ebFF/WLrKapH8M9bIRvg1O/Wz6jtFlSM2qkHyrxvYFpX7H2zdY11t 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CdAADInAla/4gNJK1bDgsBAQEBAQEBAQEBAQEHAQEBAQGDNWRuJ4N+ih+PKZMFhUiCEQoYAQqFGAIahEA/GAEBAQEBAQEBAWsohR8CAQMBASFLCxACAQg/AwICAiULFBECBA4FiT5kEKtkgieLBgEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgzAEggeBVYISgwGILDGCMgWKLZd9AodpjRmTQoxoiQ8CERkBgTgBHzhCgTB6FUktAYI2hCA/d4YiLIIWAQEB
X-IronPort-AV: E=Sophos;i="5.44,389,1505779200"; d="scan'208,217";a="323597088"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 13 Nov 2017 13:27:11 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id vADDRBfK024364 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 13 Nov 2017 13:27:11 GMT
Received: from xch-aln-005.cisco.com (173.36.7.15) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 13 Nov 2017 07:27:11 -0600
Received: from xch-aln-005.cisco.com ([173.36.7.15]) by XCH-ALN-005.cisco.com ([173.36.7.15]) with mapi id 15.00.1320.000; Mon, 13 Nov 2017 07:27:11 -0600
From: "Rajiv Asati (rajiva)" <rajiva@cisco.com>
To: Tim Chown <Tim.Chown@jisc.ac.uk>
CC: Ole Troan <otroan@employees.org>, Timothy Winters <twinters@iol.unh.edu>, 6man WG <ipv6@ietf.org>
Subject: Re: IPv6 only host NAT64 requirements?
Thread-Topic: IPv6 only host NAT64 requirements?
Thread-Index: AQHTXCpRAMcG+a5XKUyB+nmCuhf8DKMSrSsA//+guII=
Date: Mon, 13 Nov 2017 13:27:10 +0000
Message-ID: <48E76543-3DD4-43E8-9B50-5CC4D9D76A2F@cisco.com>
References: <6755862C-AA12-45B4-98B8-EF6D9F90898B@employees.org>, <6445323B-FFE4-4A3E-9EFB-9F4D05BED0D5@jisc.ac.uk>
In-Reply-To: <6445323B-FFE4-4A3E-9EFB-9F4D05BED0D5@jisc.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_48E765433DD443E89B505CC4D9D76A2Fciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/hE7ZyluPybtvvna-55_zEXScgkk>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 13:27:15 -0000

@Ole, I agree. Just swap the RFC#.

- Must be able to do NAT64 prefix discovery (RFC6052)
- Synthesise IPv6 address from an IPv4 literal (RFC7050)


@Tim,

If someone wishes to propose text in a new section 10.2 on “IPv6-only” operation, we could include that if the WG agrees.  This

It might be useful to have some text in section 14 (v6 router) to accommodate v4 hosts/apps in case of v6-only uplink/ WAN.

Cheers,
Rajiv


On Nov 13, 2017, at 8:08 AM, Tim Chown <Tim.Chown@jisc.ac.uk<mailto:Tim.Chown@jisc.ac.uk>> wrote:

Hi,

On 13 Nov 2017, at 02:50, Ole Troan <otroan@employees.org<mailto:otroan@employees.org>> wrote:

At the hackathon there was quite a bit of testing of IPv6 only hosts with access to the IPv4 network via a NAT64.

While many applications work well on a classic IPv6 only host, there are a few things required to make all applications work.

- Must be able to do NAT64 prefix discovery (RFC6052)
- Synthesise IPv6 address from an IPv4 literal (RFC7050)

This is to be able to deal with IPv4 address literals. Which are common in protocols like SIP/ICE/STUN.
These can be implemented directly in applications, or it can be implemented in the host stack (although application might still have to change).

- Should do local DNS64 to support DNSSEC (RFC6147)
(if you do validation).

A DNS64 service in the network looks like a man in the middle attack, so to support DNSSEC, validation should happen before synthesizing, and must be done on the host itself.

If this is the direction we want to go. Encourage IPv6 only host deployments (as opposed to dual stack hosts), are these requirements we'd like to add to the IPv6 node requirements document? Somewhere else?

draft-ietf-6man-rfc6434-bis-02 includes a (very short) Section 10 on transition, see https://tools.ietf.org/html/draft-ietf-6man-rfc6434-bis-02#section-10

If someone wishes to propose text in a new section 10.2 on “IPv6-only” operation, we could include that if the WG agrees.  This could be something for TimW to add as a question when the draft is presented in 6man.

Tim
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email