Re: IPv6 only host NAT64 requirements?

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Wed, 15 November 2017 08:06 UTC

Return-Path: <prvs=1492ded23e=jordi.palet@consulintel.es>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD24C1270A0 for <ipv6@ietfa.amsl.com>; Wed, 15 Nov 2017 00:06:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es; domainkeys=pass (1024-bit key) header.from=jordi.palet@consulintel.es header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vTf3i2jrCmvH for <ipv6@ietfa.amsl.com>; Wed, 15 Nov 2017 00:06:27 -0800 (PST)
Received: from mail.consulintel.es (mail.consulintel.es [217.126.185.215]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F078124BE8 for <ipv6@ietf.org>; Wed, 15 Nov 2017 00:06:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1510733184; x=1511337984; q=dns/txt; h=DomainKey-Signature: Received:User-Agent:Date:Subject:From:To:Message-ID:Thread-Topic: References:In-Reply-To:Mime-version:Content-type: Content-transfer-encoding:Reply-To; bh=/okV2CCz8mSYo9v97boKPVQf3 KpKoswzwKAb4T5DVFA=; b=N/Ba0SsQ/knmAxNkqz4b4A1t6B9dHlB8uSdJpNHhI ajs1RojL4FYfAQCtXI1hgUc/h9QVxa0nywxP6rKSUPEFtJRbToH8low9PEflrcVP Aev6XzND+ExxsLKcynHG1yICnyf8N+PdLXuNb2VSYGGR4Tu1VsdF2z8LJyPzJwjl cI=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=consulintel.es; c=simple; q=dns; h=from:message-id; b=bq3PXjGMW21SLmGmP10XUQKu3Wi9VI9E9CToU5VepKuuCdrbHHS8aeuhjUu4 120xGRDIdM8awiOl6v7MUG+qxRIUM1eZVy9t8vhvc47kSc51DSMkLM0Z8 s57e6DkhPVqlkBdxeinK67ZDcYbgpHE8+BgNdKF0tuJb8BDYbjydyg=;
X-MDAV-Processed: mail.consulintel.es, Wed, 15 Nov 2017 09:06:24 +0100
X-Spam-Processed: mail.consulintel.es, Wed, 15 Nov 2017 09:06:23 +0100
Received: from [31.133.140.255] by mail.consulintel.es (MDaemon PRO v11.0.3) with ESMTP id md50005624254.msg for <ipv6@ietf.org>; Wed, 15 Nov 2017 09:06:22 +0100
X-MDOP-RefID: re=0.000,fgs=0 (_st=1 _vt=0 _iwf=0)
X-Authenticated-Sender: jordi.palet@consulintel.es
X-HashCash: 1:20:171115:md50005624254::P9XojiyqWCh7IaTm:00003DNz
X-Return-Path: prvs=1492ded23e=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: ipv6@ietf.org
User-Agent: Microsoft-MacOutlook/f.27.0.171010
Date: Wed, 15 Nov 2017 16:06:06 +0800
Subject: Re: IPv6 only host NAT64 requirements?
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: <ipv6@ietf.org>
Message-ID: <71004332-84A3-4175-93C0-AE69D777F04D@consulintel.es>
Thread-Topic: IPv6 only host NAT64 requirements?
References: <m1eEGbJ-0000EhC@stereo.hq.phicoh.net> <D43E103C-27B8-48CF-B801-ACCF9B42533E@employees.org> <m1eEHPS-0000FyC@stereo.hq.phicoh.net> <59B0BEC0-D791-4D75-906C-84C5E423291B@employees.org> <m1eEIGX-0000FjC@stereo.hq.phicoh.net> <73231F8D-498E-4C77-8DA8-044365368FC9@isc.org>
In-Reply-To: <73231F8D-498E-4C77-8DA8-044365368FC9@isc.org>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Reply-To: jordi.palet@consulintel.es
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/iOGXokYAGSNegM-oE80cCoMh7p4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 08:06:29 -0000

Is there any reason to run DNS64 at all these days?  ipv4only.arpa can be a preconfigured
    zone which allows CLAT to get its mapping.  All the phones have CLAT support.  Can we just
    make DNS64 historic and let the phones run all IPv4 connections through CLAT rather than
    having to stuff up DNSSEC and have IPv6 connections terminate in IPv4 servers without
    the application knowing?

[Jordi] Mark, this will not work: You need to consider that even if the phone is dual stack, there may be IPv4-only devices behind the phone (tethering), that NEED a DNS64. If the IPv4 device is validating, then is broken. If the IPv4 devices is not validating, then because the phone act as DHCP server for it, and provides the DNS, the phone acts as the DNS64 and even validator, then we are set … but phones today don’t do DNSSEC.


    
    Mark
    
    > On 14 Nov 2017, at 4:11 am, Philip Homburg <pch-ipv6-ietf-4@u-1.phicoh.com>; wrote:
    > 
    >>> (c) Every ICMPv6 error message (type < 128) MUST include as much of
    >>>   the IPv6 offending (invoking) packet (the packet that caused the
    >>>   error) as possible without making the error message packet exceed
    >>>   the minimum IPv6 MTU
    >> 
    >> Right. But when is that an actual issue for applications?
    > 
    > First, I naively put this in my TCP implementation. Technically that's
    > not an application, though user land TCP does occur.
    > 
    > It also breaks my traceroute implementation.
    > 
    >> Then we are stuck with dual stack.
    >> What Randy and Jen set out to try in the IETF experiment was to figure 
    >> out if it would be possible to do IPv6 only + NAT64. Identify what was 
    >> broken and then get that fixed. If we're stuck with dual stack (or IPv4 
    >> only), then we're not moving towards the end-goal, are we?
    > 
    >> From a host point of view, I very much want to be dual stack. No magic.
    > What goes over the wire is what the application sees. IPv6 is complex enough
    > on its own. Adding DNS64/NAT64 make it less likely that people can actually
    > understand what is going on. 
    > 
    > Hosts being dual stack doesn't say anything about backbone networks. You
    > can do 464xlat on access routers or any other kind of IPv4 tunneling
    > technology. By tunneling on access routers you can even preserve a 1500 octet
    > MTU for IPv4.
    > 
    > In my view, the way we move to the end goal is when some networks really don't
    > have any IPv4 anymore. 
    > 
    > When IPv6-only eyeball networks appear that don't offer any kind of IPv4
    > connectivity, content providers either add support for IPv6 or they lose that
    > group of potential customers.
    > 
    > After a while, cheap consumer networks just drop IPv4 because it too expensive
    > to maintain. 
    > 
    > That's when IPv4 becomes truly legacy: you may have IPv4 connectivity at work,
    > but possible not at home. Not at a random place that offers wifi, not in
    > your hotel.
    > 
    > In corporate environments, assuming that all legacy applications can get
    > rewritten to support IPv6, the next step is to install proxies that offer
    > access to the few essential external services that are still IPv4 only.
    > Though possibly, those services start installing reverse proxies to offer
    > IPv6.
    > 
    > The only thing offering NAT64 to hosts does is making access networks IPv6-only
    > while introducing a lot of complexity without increasing end-to-end IPv6
    > connectivity.
    > 
    > 
    > --------------------------------------------------------------------
    > IETF IPv6 working group mailing list
    > ipv6@ietf.org
    > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
    > --------------------------------------------------------------------
    
    -- 
    Mark Andrews, ISC
    1 Seymour St., Dundas Valley, NSW 2117, Australia
    PHONE: +61 2 9871 4742              INTERNET: marka@isc.org
    
    --------------------------------------------------------------------
    IETF IPv6 working group mailing list
    ipv6@ietf.org
    Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
    --------------------------------------------------------------------
    
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.