IETF Logo Mail Archive

Re: there _is_ IPv6 NAT - just look for it

Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 16 March 2014 08:07 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EF401A004A for <ipv6@ietfa.amsl.com>; Sun, 16 Mar 2014 01:07:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2elcUtlrMYhT for <ipv6@ietfa.amsl.com>; Sun, 16 Mar 2014 01:07:36 -0700 (PDT)
Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) by ietfa.amsl.com (Postfix) with ESMTP id C93A91A0064 for <ipv6@ietf.org>; Sun, 16 Mar 2014 01:07:35 -0700 (PDT)
Received: by mail-wi0-f175.google.com with SMTP id cc10so1014782wib.8 for <ipv6@ietf.org>; Sun, 16 Mar 2014 01:07:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=8cZStdfFI0cZylRDqqPIuoSj5rR0yZMtNmCpkEaJqNA=; b=k+nQWe8MaZ8Io93HiHUtfJhGTAPx63Lo8Xr1eiOKYQrpd2JcZYCEXm0/i6zQj0jAjC ydzDr95BqLmYPLL0NB2chdBrKqFVo4E9dM9/aFsfoWhgpoNFfR/vRcxjlQlz5n7Z1j6U 5oEvaNoBYjndJwYiZ2y4BGgx81CkZnvcGoeuL+dTLBUH7Ugmfg6QDFvt8Mv+Oz/0KjHN 6Ty9ItaWjfIt9NXR5PFcG9Q90E/i+dfg3UqYNHf8rMsYMZZwZ0zlgpezEezbqHJChtC9 3Tcx8jWOpCm20p38hHa3CrBaUr4y7Y2I9/YDsMPo82njqGMntU683GAtT2+DtM2LVvVB BSgQ==
X-Received: by 10.194.243.68 with SMTP id ww4mr248759wjc.58.1394957247913; Sun, 16 Mar 2014 01:07:27 -0700 (PDT)
Received: from [192.168.0.6] (cpc8-mort6-2-0-cust102.croy.cable.virginm.net. [82.43.108.103]) by mx.google.com with ESMTPSA id ga20sm12621176wic.0.2014.03.16.01.07.26 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 16 Mar 2014 01:07:27 -0700 (PDT)
Message-ID: <53255BBD.2040801@gmail.com>
Date: Sun, 16 Mar 2014 21:07:25 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Jeroen Massar <jeroen@massar.ch>
Subject: Re: there _is_ IPv6 NAT - just look for it
References: <E2C06D73-99FF-42B5-A3BE-337C307BCB0E@gmail.com> <CAKD1Yr0fjSWfPDkvc9Z53xBKxMGzYcVGzH3tLUGbjCKmgR_Duw@mail.gmail.com> <532374CD.3040100@gmail.com> <532401CB.8000003@gmail.com> <53247CF9.2020009@massar.ch> <532481EC.6030505@gmail.com> <532484C7.60903@massar.ch>
In-Reply-To: <532484C7.60903@massar.ch>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/n04UUOT6sFaH8MvhXuMvXWR4K88
Cc: Alexandru Petrescu <alexandru.petrescu@gmail.com>, ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Mar 2014 08:07:37 -0000

On 16/03/2014 05:50, Jeroen Massar wrote:
> On 2014-03-15 09:38, Brian E Carpenter wrote:
> [..]
>>> Unnecessary for connection normal hosts, but let me admit, that I
>>> recently found a situation where it was actually useful to have Linux's
>>> NAT function for IPv6: forwarding connections in a proxy-style method.
>>>
>>> This way I was able to setup a load-balanced forwarding setup for
>>> various services without having to modify the backend systems to
>>> understand a special header (eg X-Forwarded-For) for proper tracking of
>>> too-many-connections and mere logging.
>> Try RFC 7098?
> 
> The flow-label would just add an extra tracking parameter in the NAT or
> maybe better said 'connection tracker/translator' table.
> 
> I thus see little gain in adding something like that.

You don't add it to NAT. You use it for load balancing with
native global addressing, so that you don't need NAT.

> Also I don't know of any device actually having support for that.

Yes, it's a relatively new RFC, but it was reviewed by load
balancer people.

   Brian

v2.23.0 | Report a Bug | By Email