IETF Logo Mail Archive

Re: [IPv6] Adoption call for draft-bctb-6man-rfc6296-bis

Mark Smith <markzzzsmith@gmail.com> Thu, 28 March 2024 01:34 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30EDCC14F615 for <ipv6@ietfa.amsl.com>; Wed, 27 Mar 2024 18:34:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.601
X-Spam-Level:
X-Spam-Status: No, score=-1.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id drl3ywp7d4A7 for <ipv6@ietfa.amsl.com>; Wed, 27 Mar 2024 18:34:18 -0700 (PDT)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47E58C14F6B3 for <ipv6@ietf.org>; Wed, 27 Mar 2024 18:34:18 -0700 (PDT)
Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-a465ddc2c09so22778966b.2 for <ipv6@ietf.org>; Wed, 27 Mar 2024 18:34:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711589656; x=1712194456; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=HNO5BccmkpVDqrH/gUXJEICC5ZeHsCrfawP5Du25k6w=; b=K/EYWoKu8RZ6jIeErmQdwyovqULM83uWuAYBy/ddBLlGZ2E6gH8NBzsFGximUmXg6V yGnKejA9ZoiIqwMcjDQwT/tlL8+Q1ZC/w4b8mr4JibTdnftJoYrLwHMUJ9ydgCyqp57k FCfwo7Twjs6hqEjnoUqiMzHWcnREzeFFMRw5D93sOCOVK67+45Oj/19/ujXJJVXEEZl1 yWnU4jDxjdTzXk1So+zTWyp/XZlvV9Vq3eoW7SnedRl0ICXegm9U2CyoxSUWMKwubMVj wcrCjccgnfMDYcxcmH1eQ5ksd4IgHCLm40p6rRJtjURm4cKPllncTFJuaG6SFbC5jmXL BSyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711589656; x=1712194456; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=HNO5BccmkpVDqrH/gUXJEICC5ZeHsCrfawP5Du25k6w=; b=oxJIuXoNJ0BGJHrSiX/SKEVMliBZvWN84A7TJ1IQY8RTzU7STg/xkYSkTO6Mn4TXJX 5JTCosrcwSTSrqeySjIx5wuh9LYd1oDeES0oYezIVxLgtE1kxRTc0j0ggGHwprtd4maE d+a29F1jcrOAS7h5D+45hULudxFIEH5VtziR2Evma5WXiZDQHg2WRY+zDTLLQV7fJ5SE azG2tkzJr9ptm0tGVDsnIpIwZh2x6xihwVP5sWPKWmv1zjg44nrdA5fkilUXT1IZbntp FiVwHiwvpxDjzZY5L0wB/J4w1M/SYnOpo3XQ59TIsmMGUijo3b2LeDrRj38e7QYXHI4E E3dg==
X-Forwarded-Encrypted: i=1; AJvYcCUL1VdGcGPhk2MVzBiINbYSTXq3WiVgU7ktafW0rbrPgfVA2oJXf6qpRQSjIgefB3bPOOabEKmxg7Z1aCvr
X-Gm-Message-State: AOJu0YwuZEL0YJQKZQghJDTe3TK2IYShNDZkyIqgQisJeEodhIBUpXbc z1UHn2PKtVeM9mRSoXVgQo+PsjKStazPsINboehreH7RtKbQMPdfP7+HP1Q+gaUA7EYxM9PKSbs t/kg+cuo3a4hEFYGGQPrF9N0DOm4=
X-Google-Smtp-Source: AGHT+IEduJpa5RbRYYLZFpkhmcbgI2a0t1eceezSWKy5KI/F+mQIRec4kIncnROxryPNMJwPf/j0bS0ygNnjv6YXFrc=
X-Received: by 2002:a50:f697:0:b0:56b:a74e:d581 with SMTP id d23-20020a50f697000000b0056ba74ed581mr1450484edn.13.1711589655719; Wed, 27 Mar 2024 18:34:15 -0700 (PDT)
MIME-Version: 1.0
References: <CADmxuPF1AReQCSY13HjqXE+8Jofy_uoo1wmnzs8+whG7Tdc+UQ@mail.gmail.com> <836E3A12-FAAF-4C19-91A1-322203645AAA@employees.org> <CADmxuPEBXYeTPrJqfPEGaxmUM75iKQx6kfCcpHHjxyekZy0xuQ@mail.gmail.com> <2DB6E450-9EE4-438A-9D3B-78DDFF0CA78F@employees.org> <CAKD1Yr0+ArFfn7uZddMAGpxYroSxw-u=cpti4mwp_7-yRBSRSA@mail.gmail.com> <CACMsEX_Can2Uc4dEvC+9B_zG3OuP0YwQnGr=4uQyrFcjjgLHjA@mail.gmail.com>
In-Reply-To: <CACMsEX_Can2Uc4dEvC+9B_zG3OuP0YwQnGr=4uQyrFcjjgLHjA@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Thu, 28 Mar 2024 12:33:48 +1100
Message-ID: <CAO42Z2yghAZdk_ZO8nzufkJXsgsJMhUNi_Fm+SpUUQ1b7GLCuQ@mail.gmail.com>
To: Nick Buraglio <buraglio@forwardingplane.net>
Cc: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006e364f0614ae85ec"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/hqajtA-Omxs43hBCKLsNXyZ86YM>
Subject: Re: [IPv6] Adoption call for draft-bctb-6man-rfc6296-bis
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2024 01:34:22 -0000

On Thu, 28 Mar 2024, 02:50 Nick Buraglio, <buraglio@forwardingplane.net>
wrote:

>
>
> On Tue, Mar 26, 2024 at 8:31 PM Lorenzo Colitti <lorenzo=
> 40google.com@dmarc.ietf.org> wrote:
>
>> On Tue, Mar 26, 2024 at 6:33 PM Ole Troan <otroan@employees.org> wrote:
>>
>>> The benefit of NAT class mechanisms, is that cost and benefit are
>>> aligned. Only one side needs to deploy it.
>>>
>>
>> Actually, the benefit of NAT class mechanisms is that *one party deploys
>> them and another party incurs the costs*. NAT is great for the network
>> operator, because it moves a number of problems out of the network
>> operator's domain. But it doesn't do that by solving the problem, it does
>> so by making the application's job more difficult.
>>
>
> I don't think that is typically true.
>

For client/server applications, where the client is on the inside of the
NAT with a private address, and the server is on the outside with a public
address, that wouldn't be typically true.

However, for applications where the communications model is peer-to-peer,
or a mix of client/server and peer-to-peer, the application developer has
to implement RFC 8445 ICE using STUN and TURN for NAT traversal, incurring
additional development, debugging and testing costs.

Alternatively the application developer adopts a client/server
communications model for the application, even though a peer-to-peer model
would be more scalable and more robust against a centralised server failure
and server performance problems.

This is why I say that NAT (of any type) imposes a default client (inside
NAT) /server (outside NAT) communications model at the IPv4 or IPv6 network
layers, rather than the default peer-to-peer model that can then
accommodate both client/server and peer-to-peer applications communications
models.

NPTv6 may be stateless, however since hosts behind the NPTv6 will have to
discover their public addresses via ICE if they want to be peers, NPTv6
still imposes those ICE costs on application developers and the
applications' end-users.

Network engineers who deploy NATs aren't directly exposed to or pay any of
these additional application development costs (other than when they're the
application users), which is why it appears that NAT is a simple and low
impact technology to deploy.

Regards,
Mark.


> I will definitely say from experience that there is a significant
> operational cost to deploying any translation tool, and more so when there
> is active state tracking and overload involved. There are often (but not
> always) logging requirements to do these things at scale, and there are
> definitely operational costs in dealing with state table tracking and
> scaling. These don't exist at the same level for mechanisms that do not
> track state and that do not masquerade using port address translation. They
> may still incur application cost, or they may not, that is always going to
> be based on the application stack and is more likely in real time
> applications that don't use a third party intermediary, as you have stated.
>
There are similarities in the translation toolkits, yes, they all perform
> translation at some level. However, what is generally referred to as "NAT"
> in the general term is typically PAT or NAPT or Masquerading, depending on
> the nomenclature. That said, *because* it is significantly easier to deploy
> NAPT, I do not believe that it is an apples to apples comparison. They're
> all tools in the "translation" category, but they're definitely not all
> created equally. NPTv6 does a 1:1 translation, the NAT that folks seem to
> be referencing in the IPv4 world does not, and I do not believe it is a
> reasonable comparison.  It's a far better comparison to say that NPTv6 is
> like a traditional one-to-one NAT (which does still have notable, albeit
> significantly fewer considerations, which I believe are noted in the
> draft).
>
>
> nb
>
> --------------------------------------------------------------------
>
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email