RE: What flexibility do 6to4 NAT have with address formats?
"Templin, Fred L" <Fred.L.Templin@boeing.com> Wed, 14 October 2009 17:44 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 012F43A67AB for <ipv6@core3.amsl.com>; Wed, 14 Oct 2009 10:44:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G8MPIjjqDnCj for <ipv6@core3.amsl.com>; Wed, 14 Oct 2009 10:44:26 -0700 (PDT)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by core3.amsl.com (Postfix) with ESMTP id AB09D3A672E for <ipv6@ietf.org>; Wed, 14 Oct 2009 10:44:26 -0700 (PDT)
Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by stl-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id n9EHhvBO013660 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 14 Oct 2009 12:43:57 -0500 (CDT)
Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id n9EHhu3B019403; Wed, 14 Oct 2009 10:43:56 -0700 (PDT)
Received: from XCH-NWHT-09.nw.nos.boeing.com (xch-nwht-09.nw.nos.boeing.com [130.247.25.115]) by blv-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id n9EHhuAY019360 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Wed, 14 Oct 2009 10:43:56 -0700 (PDT)
Received: from XCH-NW-15V.nw.nos.boeing.com ([130.247.25.104]) by XCH-NWHT-09.nw.nos.boeing.com ([130.247.25.115]) with mapi; Wed, 14 Oct 2009 10:43:56 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: "Dunn, Jeffrey H." <jdunn@mitre.org>, Ole Troan <otroan@employees.org>, "Perkins, Carroll G" <Carroll.Perkins@serco-na.com>
Date: Wed, 14 Oct 2009 10:43:55 -0700
Subject: RE: What flexibility do 6to4 NAT have with address formats?
Thread-Topic: What flexibility do 6to4 NAT have with address formats?
Thread-Index: AcpM3rRHRoN+6+XoSqmQVN1hsYfU6AAARbmAAAVX+rA=
Message-ID: <12F4112206976147A34FEC0277597CCF27A41650E1@XCH-NW-15V.nw.nos.boeing.com>
References: <6B55F0F93C3E9D45AF283313B8D342BA211A8C1D@TK5EX14MBXW651.wingrou p.windeploy.ntdev.microsoft.com>, <4AD51F5D.9070106@gmail.com><FE653BE0C4967 449B3B5081DA1D26CAEC003DF20BD@SNAMB01.serco-na.com><1A8C8C6D-27C1-4853-950D-256A43A3B8D5@employees.org> <3C6F21684E7C954193E6C7C4573B76270366C1CECF@IMCMBX1.MITRE.ORG>
In-Reply-To: <3C6F21684E7C954193E6C7C4573B76270366C1CECF@IMCMBX1.MITRE.ORG>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-tm-as-product-ver: SMEX-8.0.0.1181-5.600.1016-16946.003
x-tm-as-result: No--64.910400-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Christian Huitema <huitema@microsoft.com>, 6man 6man <ipv6@ietf.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Oct 2009 17:44:28 -0000
Jeffrey, > -----Original Message----- > From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf Of Dunn, Jeffrey H. > Sent: Wednesday, October 14, 2009 8:26 AM > To: Ole Troan; Perkins, Carroll G > Cc: Christian Huitema; 6man 6man; Brian E Carpenter > Subject: RE: What flexibility do 6to4 NAT have with address formats? > > Colleagues, > > In support of one our customers, we tested several Cisco implementations and found that they work > just fine with prefix lengths not equal to 64. That said, most operating systems we tested only > support a 64-bit prefix for address configuration, SLAAC or DHCPv6. Because of this, I suspect that > routers that support DHCPv6, e.g., home WiFi routers, will probably require the prefix to be 64 bits > on any premise-facing interface. This is not the case for "industrial strength" routers. > Specifically, Cisco shows a prefix delegation example with a /48 prefix and the prefix length must be > specified on the DHCPv6 server configurations. Prefix delegation with, e.g., /48 is standard operating procedure; what matters is how the prefix gets sub-delegated and how portions of the prefix get assigned interfaces. Do you see cases where a prefix other than /64 is assigned to an interface? Fred fred.l.templin@boeing.com > > Best Regards, > > Jeffrey Dunn > Info Systems Eng., Lead > MITRE Corporation. > (301) 448-6965 (mobile) > > > -----Original Message----- > From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf Of Ole Troan > Sent: Wednesday, October 14, 2009 10:58 AM > To: Perkins, Carroll G > Cc: Christian Huitema; 6man 6man; Brian E Carpenter > Subject: Re: What flexibility do 6to4 NAT have with address formats? > > > "routers should never treat /64 as special or as any kind of limit. > > It's just a convention that /64 is > > considered the longest normal subnet prefix, which happens to be > > compatible with SLAAC" > > not trying to speak for every platform or operating system that Cisco > has, but this is what's been done for the IPv6 implementations I'm > aware of, in particular IOS. > > the 64 bit boundary is policy. I have thought for a long time that we > should rather fix SLAAC to work with longer prefixes. > > cheers, > Ole > > > > > Not sure which vendor router implementations of IPv6 you are talking > > about, but the /64 division is almost universally used across so > > many router configuration panels, IPv6 address management > > applications, etc that ignoring or changing it basically kills any > > chance of having a proposed standard accepted by IETF. For example, > > read the manual on the D-Link DIR-615 Hardware ver C1 Firmware ver > > 3.11NA to see what I am talking about. The /64 BOUNDARY IS > > HARDCODED INTO THE FIRMWARE AND IS UNCHANGEABLE. > > > > One of the situations occurring with todays IPv6 adoption is that > > long-time IPv4 techies are looking for the variability that IPv4 > > embodies because of it's definition on the fly during the last 20 > > years. But IPv6 basically defines out as much variability as > > possible to keep IPv6 implementations compatible across vendors. > > Think like Japanese cars, they all have different names, but most of > > the underlying parts come from the same suppliers. So IPv4 techies > > knowledge base on protocol variabilities is basically factored out > > of IPv6 definitions to the greatest extent possible. Formal > > evidence of variabliity limitation is that NIST has set up > > standardized testing lab structures for IPv6 devices to be > > certified, process modeled after what Underwriter Labs has done for > > electrical appliances. By the end of 2010, all commercial IPv6 > > devices should be NIST lab certified against a given set of IETF > > standards or there will be no commercial market for them. But the > > best thought exper > > iment is: How many 47 cycle AC hairdryers have you seen at Wal-Mart > > lately? > > > > Above comments based on 2 years of IPv6 implementation experience. > > Carroll Perkins > > > > > > > > ________________________________________ > > From: ipv6-bounces@ietf.org [ipv6-bounces@ietf.org] On Behalf Of > > Brian E Carpenter [brian.e.carpenter@gmail.com] > > Sent: Tuesday, October 13, 2009 8:46 PM > > To: Christian Huitema > > Cc: 6man 6man > > Subject: Re: What flexibility do 6to4 NAT have with address formats? > > > > On 2009-10-14 03:38, Christian Huitema wrote: > > ... > >> > >> First, we wonder about the importance of the 64 bit boundary. > >> Addressing documents specify that the global address is > >> essentially formed of a 64 bit subnet prefix and a 64 bit > >> host identifier, with the host identifier compatible with > >> IEEE 802 identifiers. Does that mean that the "routing" > >> requirement of stateless translation can only be addressed if > >> the IPv4 bytes are entirely contained within the subnet > >> prefix? Different authors have different opinions, so WG > >> input would be beneficial. > > > > As I understand it, routers should never treat /64 as special > > or as any kind of limit. It's just a convention that /64 is > > considered the longest normal subnet prefix, which happens to > > be compatible with SLAAC. So I can't see any fundamental > > reason why the IPv4 address bits can't straddle the /64 > > boundary. However, they should clearly skip over the UG bits > > so the resulting 64-bit IID is consistent with the IID rules. > > That will break byte alignment. > > > >> > >> Second, we wonder about the constraints of host identifiers. > >> A first question is whether an all null identifier would be > >> legitimate and practical. There is some evidence that it > >> works with most stacks. But there is also a statement in the > >> addressing document that the all null address is reserved for > >> the subnet anycast address. Do stacks actually implement the > >> subnet anycast function? Should the specification be removed > >> from the addressing RFC? Can we just ignore it? If we cannot > >> ignore it, we will have to specify some value different from > >> zero for the suffix. A "checksum neutrality" field might do > >> that, but please consider the second question. > > > > If you do straddle the /64 boundary, you will not have a null > > IID so the issue goes away. If not, using null feels wrong to > > me. Firstly, it conflicts with the current (harmless and > > possibly implemented) spec. Secondly, specifying a value is no > > big deal as far as I can see. > > > >> > >> The second question regards the uniqueness of host > >> identifiers. Suppose we define the address used for stateless > >> translation as: 32 bit "provider" prefix, 32 bit IPv4 > >> address, and a constant identifier, either 0 or the "checksum > >> neutrality" value, which is only a function of the provider > >> prefix. Suppose now that for some reason there are two "IPv4 > >> addressed" hosts on the same link, e.g. because many servers > >> are located in the same server room. The two hosts will have > >> different addresses, in different 64 bit subnets, but they > >> will also have different host identifiers. Is that OK? > > > > Why wouldn't it be OK? I can't see why it's a question. > > The normal expectation is that different hosts have different > > IIDs so I am curious why this matters. > > > > Brian > > > >> > >> -- Christian Huitema > >> > >> -------------------------------------------------------------------- > >> IETF IPv6 working group mailing list ipv6@ietf.org > >> Administrative Requests: > >> https://www.ietf.org/mailman/listinfo/ipv6 > >> -------------------------------------------------------------------- > >> > >> > > -------------------------------------------------------------------- > > IETF IPv6 working group mailing list > > ipv6@ietf.org > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > > -------------------------------------------------------------------- > > -------------------------------------------------------------------- > > IETF IPv6 working group mailing list > > ipv6@ietf.org > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > > -------------------------------------------------------------------- > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > --------------------------------------------------------------------
- What flexibility do 6to4 NAT have with address fo… Christian Huitema
- Re: What flexibility do 6to4 NAT have with addres… Brian E Carpenter
- RE: What flexibility do 6to4 NAT have with addres… Christian Huitema
- Re: What flexibility do 6to4 NAT have with addres… Brian E Carpenter
- RE: What flexibility do 6to4 NAT have with addres… Perkins, Carroll G
- Re: What flexibility do 6to4 NAT have with addres… Ole Troan
- RE: What flexibility do 6to4 NAT have with addres… Dunn, Jeffrey H.
- RE: What flexibility do 6to4 NAT have with addres… Templin, Fred L
- RE: What flexibility do 6to4 NAT have with addres… Dunn, Jeffrey H.
- Re: What flexibility do 6to4 NAT have with addres… Brian E Carpenter
- Re: What flexibility do 6to4 NAT have with addres… Brian Haberman