Re: IPv6 only host NAT64 requirements?

I will even say that introducing NAT64+CLAT will solve more problems that if there is NAT+CGN or NAT+CGN+NAT64.

As you indicate, the support for IPv6 will resolve 99.99% of the issues for dual-stacked services and I think NAT64 will improve the % of failures vs CGN+NAT, and if the 464XLAT is properly configured, only a few % of remote IPv4-only-DNSSEC services will fail. 

Regards,
Jordi

-----Mensaje original-----
De: ipv6 <ipv6-bounces@ietf.org> en nombre de Ola Thoresen <ola@nlogic.no>
Responder a: <ola@nlogic.no>
Fecha: martes, 21 de noviembre de 2017, 10:40
Para: <ipv6@ietf.org>
Asunto: Re: IPv6 only host NAT64 requirements?

    On 20. nov. 2017 20:37, Brian E Carpenter wrote:

    > On 21/11/2017 02:36, Ole Troan wrote:
    > ...>> [Med] These are generic statements, Ole. We are talking about the IETF case.
    >>> * The IETF has no control on the hosts that connect to the IETF network,
    >>> * IETF attendees who are using corporate devices, have no control on these hosts
    >>>
    >>> So, how forcing devices to use "IPv6+nat64" will help here?
    >> Eat own dogfood. Many IETF people are developers or work for companies having applications not working.
    >> As I said there were a minimum of applications that didn't work. Corporate VPNs largely did. Jen has the final numbers.
    > However, as long as even one application, such as one VPN, or one
    > literal IPv4 address, fails, that represents millions of failure cases
    > if we consider the whole world (e.g. imagine every hotel network in
    > the world running IPv6+NAT64 only). That simply isn't viable. Dual
    > stack in every hotel room in the world is viable, from the hotel guests'
    > point of view. Operators might not like it, but users wouldn't care.

    In hotel rooms and other "public" or "guest" networks, there are so many 
    things that fail already, due to NAT, misconfigured firewalls, 
    unmaintained blocklists, SSL-proxies and whatnot, so you can hardly 
    expect any services other than basic web-surfing without https to work.
    Not that this is an ideal situation today, but i do not believe that "if 
    even one VPN or one liter IPv4 address fails" should be a showstopper 
    for introducing this.
    Possibly, or even probably, introducing IPv6 (-only and NAT64) will even 
    make the situation better for a lot of people, as you get rid of all the 
    horrible NAT solutions for services that are already dual stacked.

    Rgds.

    Ola Thoresen

    --------------------------------------------------------------------
    IETF IPv6 working group mailing list
    ipv6@ietf.org
    Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
    --------------------------------------------------------------------

**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.