Re: IPv6 only host NAT64 requirements?

Mark Andrews <marka@isc.org> Mon, 13 November 2017 23:22 UTC

Return-Path: <marka@isc.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F181124E15 for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 15:22:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vwQ2DVKhcbtw for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 15:22:51 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C1B5124207 for <ipv6@ietf.org>; Mon, 13 Nov 2017 15:22:50 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 299C73B6C4B; Mon, 13 Nov 2017 23:22:48 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 18C6016008A; Mon, 13 Nov 2017 23:22:48 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 09D1F160087; Mon, 13 Nov 2017 23:22:48 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 4MOCvw9a5yHD; Mon, 13 Nov 2017 23:22:47 +0000 (UTC)
Received: from [172.30.42.89] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 69229160086; Mon, 13 Nov 2017 23:22:47 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: IPv6 only host NAT64 requirements?
From: Mark Andrews <marka@isc.org>
In-Reply-To: <m1eENq7-0000FkC@stereo.hq.phicoh.net>
Date: Tue, 14 Nov 2017 10:22:45 +1100
Cc: ipv6@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0DEA250E-0F49-4ACD-B31B-3F7E71181AFC@isc.org>
References: <m1eEGbJ-0000EhC@stereo.hq.phicoh.net> <D43E103C-27B8-48CF-B801-ACCF9B42533E@employees.org> <m1eEHPS-0000FyC@stereo.hq.phicoh.net> <59B0BEC0-D791-4D75-906C-84C5E423291B@employees.org> <m1eEIGX-0000FjC@stereo.hq.phicoh.net> <73231F8D-498E-4C77-8DA8-044365368FC9@isc.org> <m1eENq7-0000FkC@stereo.hq.phicoh.net>
To: Philip Homburg <pch-ipv6-ietf-4@u-1.phicoh.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ng-1mPQ0vrEpK9zStuTl7tFoPIQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 23:22:52 -0000

> On 14 Nov 2017, at 10:08 am, Philip Homburg <pch-ipv6-ietf-4@u-1.phicoh.com>; wrote:
> 
>> Is there any reason to
>> run DNS64 at all these days?  ipv4only.arpa can be a preconfigured
>> zone which allows CLAT to get its mapping.  All the phones have
>> CLAT support.  Can we just make DNS64 historic and let the phones
>> run all IPv4 connections through CLAT rather than having to stuff
>> up DNSSEC and have IPv6 connections terminate in IPv4 servers
>> without the application knowing?
> 
> If NAT64 was limited to 3GPP interfaces then not a lot of people would care.
> 
> The problem started when a vocal group tried to push NAT64 as a general
> purpose mechanism for providing IPv4 access.
> 
> In that context, there are lots of devices that do implement IPv6, but
> do not implement CLAT.
> 
> So without DNS64 those devices would lose access to the IPv4 internet.
> 
> If you are willing have a stateful NAT box in your network, and requiring
> host changes is acceptable, then ds lite is in interesting alternative. 
> One that avoids having a NAT function on the host.

I’m aware of the above.  I’m trying to workout if DN64 was turned off
today and replace with a preconfigured ipv4only.arpa zone on the recursive
servers would everything fail or would the devices just use the CLAT that
already exists?  Phones have CLAT for tethered devices.  Will they make the
A lookup with a IPv6-only ASN if the AAAA returns NOERROR/NODATA?

For wireline the routers are going to have to have CLAT support so there is
no needed to configure those routers with DNS64 servers.

While I think there are much better solutions than 464XLAT that is infinitely
better than DNS64/NAT64.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org