IETF Logo Mail Archive

Re: [v6ops] NAT64 in RA, draft-ietf-6man-ra-pref64

Mark Andrews <marka@isc.org> Tue, 09 July 2019 23:27 UTC

Return-Path: <marka@isc.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00A2012030D; Tue, 9 Jul 2019 16:27:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id meuCYNKBkjm8; Tue, 9 Jul 2019 16:27:44 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 553CE120233; Tue, 9 Jul 2019 16:27:41 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 911EB3AB002; Tue, 9 Jul 2019 23:27:40 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 7A8F2160048; Tue, 9 Jul 2019 23:27:40 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 34846160079; Tue, 9 Jul 2019 23:27:40 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id kuRFzLfvEECR; Tue, 9 Jul 2019 23:27:40 +0000 (UTC)
Received: from [172.30.42.67] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 8FF5E160048; Tue, 9 Jul 2019 23:27:38 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Subject: Re: [v6ops] NAT64 in RA, draft-ietf-6man-ra-pref64
From: Mark Andrews <marka@isc.org>
In-Reply-To: <FD775C6C-4D8B-4EA5-A128-BDB6281C85EB@consulintel.es>
Date: Wed, 10 Jul 2019 09:27:35 +1000
Cc: "Mudric, Dusan (Dusan)" <dmudric@avaya.com>, IPv6 Operations <v6ops@ietf.org>, 6man <6man@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0B1E408F-E7E9-4D53-B634-ADB1425B3BD8@isc.org>
References: <DM6PR15MB2506C03D1D88F2785B5016C1BBFB0@DM6PR15MB2506.namprd15.prod.outlook.com> <675D1F10-02FF-4AB4-88E3-5A0D95A34ABF@gmail.com> <DM6PR15MB250640D3141DCB2C64789B95BBFA0@DM6PR15MB2506.namprd15.prod.outlook.com> <CAFU7BAROif-44uFy1+oiutsQLiFOa09jM1Ve_8qaqpr1TPLGyQ@mail.gmail.com> <DM6PR15MB2506ABCBD8457003114E60EBBBF50@DM6PR15MB2506.namprd15.prod.outlook.com> <d4d2f637b80544708def95dd77af4d81@boeing.com> <DM6PR15MB2506F92308CA8DA8921BA0A5BBF60@DM6PR15MB2506.namprd15.prod.outlook.com> <CAN-Dau1UvGX+aqGn0ajZN7n1ky-Wvkbd5qb2Y==Em_=fRZeZjg@mail.gmail.com> <6A99AEFF-02D6-4F24-9484-B72745126D70@consulintel.es> <DM6PR15MB2506C6CC4E3853915F6AD1DEBBF10@DM6PR15MB2506.namprd15.prod.outlook.com> <FD775C6C-4D8B-4EA5-A128-BDB6281C85EB@consulintel.es>
To: JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/imWFZYxNg_5rwxzt4ctksBiIaS4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 23:27:52 -0000

And the answer to this “problem” is stop buying IPv4-only garbage and deploy IPv6.

Go talk to your legislators about banning the sale of IPv4-only equipment.  This is where this should be addressed.  Not in the IETF.  IPv6 aware products don’t cost more to produce.

Having lived through a metrification process, banning the sale of imperial only equipment really helped.  It was illegal to sell new cars without kph on the speedometer.  It was illegal to sell new rulers and tape measures which where imperial only.  It was illegal to sell new scales that where imperial only.  All packaging had to be labeled in metric units.  Sometimes governments need to step in and ban products for the greater good.

> On 10 Jul 2019, at 6:24 am, JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org> wrote:
> 
> Hi Dusan,
>  
> The problem is that the IPv6-only “remote server” don’t have IPv4 connectivity. Also, it doesn’t have an IPv4 address. Let’s suppose this is a streaming server.
>  
> The “local” IPv4-only host (let’s suppose is an IPv4-only SmartTV), is connected to a CLAT (this is in the CPE, and the CPE is connected via IPv6-only) to the service provider.
>  
> The optimization that we are suggesting is using EAM (explicit mapping) to avoid the IPv4 flow from the smartTV to be converted back to IPv4, because the CLAT already converted it to IPv6.
>  
> If we create a “fake” A record in the streaming server, the CLAT will create an EAMT, so because it believes the streaming service is reachable with IPv4 (which is not), but the “optimized CLAT” will then use the AAAA.
>  
> So, the flow is:
> IPv4 from the smartTV to the CLAT
> IPv6 from the CLAT to the streaming service
>  
> In normal conditions, if the streaming service is really dual-stack and we don’t have optimization (the “actual” 464XLAT protocol), it will be:
>  
> IPv4 from the smartTV to the CLAT
> IPv6 from the CLAT to the NAT64
> IPv4 from the NAT64 to the streaming service
>  
> If the streaming service is IPv6 only, with the actual 464XLAT protocol, this connectivity is not possible.
>  
> You see the point?
>  
> Please take a look at the document, I think is well described, otherwise provide suggestions about what you believe is not clear enough and we will make sure to improve the text and drawings!
>  
> By the way, I’m talking here about “approach 2”, which I think is the best solution.
>  
> Regards,
> Jordi
> 
> @jordipalet
> 
>  
>  
>  
> El 9/7/19 22:05, "v6ops en nombre de Mudric, Dusan (Dusan)" <v6ops-bounces@ietf.org en nombre de dmudric@avaya.com> escribió:
>  
> Hi Jordi,
>  
> Are you saying your draft  “464XLAT Optimization” will provide IPv4only app to IPv6only app communication like this?
>  
>  
>                   +-------+     .-----.                   
>                   | IPv6  |    /       \                
>       .-----.     |  CE   |   /  IPv6-  \     .-----.    
>      / IPv4- \    |  or   +--(   only    )---( NAT64 )
>     /  only   \   |  UE   |   \  Access /\    `-----'     
>    (  SmartTV  )--+       |    \       /  \             
>     \   STB   /   | with  |     `--+--'    \   .-----.      
>      \ VoIP  /    | NAT46 |        |        \ /       \
>       `-----'     | CLAT  |    +---+----+    /  IPv6   \      .--+--.
>                   |       |    |  DNS/  |   (  Internet )IPv6/ IPv6- \
>                   +-------+    |  DNS64 |    \         /----/  only   \
>                                +--------+     \       /    (           )
>                                                `-----'      \  APP    /
>                                                              \       /
>                                                               `-----'
>    <------------------------ IPv4 to IPv6 flow ------------------------>
>  
> What did not work so far and what had to be added in your draft to make this flow work?
>  
> How can IPv6-only APP get the IPV4 public address, used by NAT_translator, when sending a packet from IPv6-ony APP to IPv4-only APP? This IPv4 address is the same destination IPv4 address to which IPv4-only APP sends a packet towards IPv6-only APP ( 192.0.2.2. address in Jen’s example).
>  
> Thanks,
> Dusan.
>  
> From: v6ops <v6ops-bounces@ietf.org> On Behalf Of JORDI PALET MARTINEZ
> Sent: Monday, July 8, 2019 5:40 PM
> To: IPv6 Operations <v6ops@ietf.org>
> Cc: 6man <6man@ietf.org>
> Subject: Re: [v6ops] NAT64 in RA, draft-ietf-6man-ra-pref64
>  
> I think there are several possible solutions, but the simpler one seems to be the dual-stack SIP proxies. Another one is draft-ietf-tram-turnbis, which I didn’t knew, until today, is already in the IESG for approval this Thrusday.
> 
> Also it can be done with EAM and also as I mention in a previous email via the optimization for 464XLAT. Just uploaded the new version:
> 
>  
> https://datatracker.ietf.org/doc/draft-palet-v6ops-464xlat-opt-cdn-caches/?include_text=1
>  
> 
>  
> 
>  
> 
>  
>  
> El 8/7/19 19:01, "v6ops en nombre de David Farmer" <v6ops-bounces@ietf.org en nombre de farmer@umn.edu> escribió:
>  
>  
>  
> On Mon, Jul 8, 2019 at 10:49 AM Mudric, Dusan (Dusan) <dmudric@avaya.com> wrote:
>> > -----Original Message-----
>> > From: Manfredi (US), Albert E <albert.e.manfredi@boeing.com>
>> > 
>> > -----Original Message-----
>> > From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of Mudric, Dusan (Dusan)
>> > 
>> > > - How can DNS64 tell IPv6 only client the IP of IPv4 only client, and vice
>> > versa?
>> > 
>> > IPv6 to IPv4 should be straightforward, because it's a one-to-one
>> > relationship. The other way around would normally not work, 
>> [Dusan] There is no solution for IPv4only client to reach IPv6only client? 
>  
> I mostly say, so what! It is an unfortunate reality of today's Internet, because of NAT44 and/or stateful firewall default deny inbound policy, many times clients can't speak to other clients, be they IPv4 only, IPv6 only, or even dual stack. Sometimes firewall traversal technologies can work around this, also depending on the firewall traversal solution used sometimes IPv4 only and IPv6 only clients will be able to talk to each other.  My guess is that IPv4 only to IPv6 only firewall traversal would be less effective than NAT44 client to NAT44 client firewall traversal, but it is should still be possible in some cases. 
>  
>> > but everyone
>> > has been accustomed to that with IPv4 NAPT already. 
>> [Dusan] How IPv4 only users (e.g. Avaya IPv4 only phones) can be accustomed not to be able to call IPv6only users (like Apple IPv6 only phones)?
>  
> They may not be able to talk peer to peer. However, through a dual-stack SIP or other proxies/session border controller, they could probably complete a call. 
>  
>> >The client behind the
>> > NAPT initiates.
>> > 
>> > > Is DNS64 server returning IPv4ony client address to IPv6only client, using
>> > the A RR?
>> > 
>> > The DNS synthesizes the IPv6 address, which has the IPv4 address
>> > embedded in it.
>> > 
>> > > - How can IPv4only client get the address of IPv6only client (or, it is
>> > impossible for IPv4only client to get IPv6 address of IPv6only client)?
>> > 
>> > That's clearly more difficult, which is why the normal course of action is for
>> > the IPv6 client to initiate the session..
>> [Dusan] What if IPv4only client needs to initiate the session to IPv6only client? What is the solution for that use case?
>  
> Many firewall traversal solutions should work in this case, but IPv4 only client to client isn't guaranteed to work in all cases either. 
>  
>> > 
>> > > - Do these IPv4 and IPv6 client addresses need to be pre-configured on the
>> > translator and/or DNS64?
>> > 
>> > For IPv4 to IPv6, if you must allow the IPv4 client to initiate the session, you'd
>> > have to have preconfigure something.
>> [Dusan] Where and how is this configuration done?
>> 
>> > 
>> > Bert
>> 
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
> 
>  
> -- 
> ===============================================
> David Farmer               Email:farmer@umn.edu
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota   
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> =============================================== 
> _______________________________________________ v6ops mailing list v6ops@ietf.orghttps://www.ietf.org/mailman/listinfo/v6ops
> 
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
> 
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
> 
> _______________________________________________ v6ops mailing list v6ops@ietf.orghttps://www.ietf.org/mailman/listinfo/v6ops
> 
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
> 
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email