IETF Logo Mail Archive

Re: What flexibility do 6to4 NAT have with address formats?

Ole Troan <otroan@employees.org> Wed, 14 October 2009 14:57 UTC

Return-Path: <ichiroumakino@gmail.com>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A348828C0F6 for <ipv6@core3.amsl.com>; Wed, 14 Oct 2009 07:57:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rju0bQMBCL6J for <ipv6@core3.amsl.com>; Wed, 14 Oct 2009 07:57:43 -0700 (PDT)
Received: from mail-ew0-f208.google.com (mail-ew0-f208.google.com [209.85.219.208]) by core3.amsl.com (Postfix) with ESMTP id ED7333A6959 for <ipv6@ietf.org>; Wed, 14 Oct 2009 07:57:42 -0700 (PDT)
Received: by ewy4 with SMTP id 4so4503723ewy.37 for <ipv6@ietf.org>; Wed, 14 Oct 2009 07:57:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:cc:message-id:from:to :in-reply-to:content-type:mime-version:subject:date:references :x-mailer; bh=Hx9h4PoICUgFZrzSFyMD+N64yB/jj12N/5Wikv25dCY=; b=a4bAiRbRqyOOJzyqtovbyqKNK5+wn+VKTriCeKcRpEGtCJTHY/MCOHDTPaSdDGgjyy 4XUfurAlnoOOp8s5K+yj5BB+H1Z7D9vbVDkFnqd4HPl+/2Lwjs75rmV5iLGADiVok9t1 rMj0dt9i4t3TsiywYwUuVrFUiNHuNnuKBgW/4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:cc:message-id:from:to:in-reply-to:content-type:mime-version :subject:date:references:x-mailer; b=d6zMitqZmhZhULKSJJsltOEEIQNE/YyJiHuv0LOT1Bw0x5imqr7tK5t8w4mJzHOmGd 1LDSrclK+lXMdRBFd2YK0BgE6v2mfWUVR5GLGwO+ciEuSQ4f9oD3j4ZA4c8FDdMugHQU TBEmo188Hh6W3ADoeXszj0BWHi7HgJsMQmKsQ=
Received: by 10.211.146.9 with SMTP id y9mr7472977ebn.94.1255532263192; Wed, 14 Oct 2009 07:57:43 -0700 (PDT)
Received: from ?192.168.10.107? (64-103-25-233.cisco.com [64.103.25.233]) by mx.google.com with ESMTPS id 10sm2352107eyz.8.2009.10.14.07.57.40 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 14 Oct 2009 07:57:41 -0700 (PDT)
Sender: Ole Troan <ichiroumakino@gmail.com>
Message-Id: <1A8C8C6D-27C1-4853-950D-256A43A3B8D5@employees.org>
From: Ole Troan <otroan@employees.org>
To: "Perkins, Carroll G" <Carroll.Perkins@serco-na.com>
In-Reply-To: <FE653BE0C4967449B3B5081DA1D26CAEC003DF20BD@SNAMB01.serco-na.com>
Content-Type: multipart/signed; boundary="Apple-Mail-20-199668450"; micalg="sha1"; protocol="application/pkcs7-signature"
Mime-Version: 1.0 (Apple Message framework v936)
Subject: Re: What flexibility do 6to4 NAT have with address formats?
Date: Wed, 14 Oct 2009 16:57:38 +0200
References: <6B55F0F93C3E9D45AF283313B8D342BA211A8C1D@TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com>, <4AD51F5D.9070106@gmail.com> <FE653BE0C4967449B3B5081DA1D26CAEC003DF20BD@SNAMB01.serco-na.com>
X-Mailer: Apple Mail (2.936)
Cc: Christian Huitema <huitema@microsoft.com>, 6man 6man <ipv6@ietf.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Oct 2009 14:57:44 -0000

> "routers should never treat /64 as special or as any kind of limit.  
> It's just a convention that /64 is
> considered the longest normal subnet prefix, which happens to be  
> compatible with SLAAC"

not trying to speak for every platform or operating system that Cisco  
has, but this is what's been done for the IPv6 implementations I'm  
aware of, in particular IOS.

the 64 bit boundary is policy. I have thought for a long time that we  
should rather fix SLAAC to work with longer prefixes.

cheers,
Ole

>
> Not sure which vendor router implementations of IPv6 you are talking  
> about, but the /64 division is almost universally used across so  
> many router configuration panels, IPv6 address management  
> applications, etc that ignoring or changing it basically kills any  
> chance of having a proposed standard accepted by IETF.  For example,  
> read the manual on the D-Link DIR-615 Hardware ver C1 Firmware ver  
> 3.11NA to see what I am talking about.  The /64 BOUNDARY IS  
> HARDCODED INTO THE FIRMWARE AND IS UNCHANGEABLE.
>
> One of the situations occurring with todays IPv6 adoption is that  
> long-time IPv4 techies are looking for the variability that IPv4  
> embodies because of it's definition on the fly during the last 20  
> years.  But IPv6 basically defines out as much variability as  
> possible to keep IPv6 implementations compatible across vendors.   
> Think like Japanese cars, they all have different names, but most of  
> the underlying parts come from the same suppliers.  So IPv4 techies  
> knowledge base on protocol variabilities is basically factored out  
> of IPv6 definitions to the greatest extent possible.  Formal  
> evidence of variabliity limitation is that NIST has set up  
> standardized testing lab structures for IPv6 devices to be  
> certified, process modeled after what Underwriter Labs has done for  
> electrical appliances.  By the end of 2010, all commercial IPv6  
> devices should be NIST lab certified against a given set of IETF  
> standards or there will be no commercial market for them.  But the  
> best thought exper
> iment is: How many 47 cycle AC hairdryers have you seen at Wal-Mart  
> lately?
>
> Above comments based on 2 years of IPv6 implementation experience.   
> Carroll Perkins
>
>
>
> ________________________________________
> From: ipv6-bounces@ietf.org [ipv6-bounces@ietf.org] On Behalf Of  
> Brian E Carpenter [brian.e.carpenter@gmail.com]
> Sent: Tuesday, October 13, 2009 8:46 PM
> To: Christian Huitema
> Cc: 6man 6man
> Subject: Re: What flexibility do 6to4 NAT have with address formats?
>
> On 2009-10-14 03:38, Christian Huitema wrote:
> ...
>>
>> First, we wonder about the importance of the 64 bit boundary.
>> Addressing documents specify that the global address is
>> essentially formed of a 64 bit subnet prefix and a 64 bit
>> host identifier, with the host identifier compatible with
>> IEEE 802 identifiers. Does that mean that the "routing"
>> requirement of stateless translation can only be addressed if
>> the IPv4 bytes are entirely contained within the subnet
>> prefix? Different authors have different opinions, so WG
>> input would be beneficial.
>
> As I understand it, routers should never treat /64 as special
> or as any kind of limit. It's just a convention that /64 is
> considered the longest normal subnet prefix, which happens to
> be compatible with SLAAC. So I can't see any fundamental
> reason why the IPv4 address bits can't straddle the /64
> boundary. However, they should clearly skip over the UG bits
> so the resulting 64-bit IID is consistent with the IID rules.
> That will break byte alignment.
>
>>
>> Second, we wonder about the constraints of host identifiers.
>> A first question is whether an all null identifier would be
>> legitimate and practical. There is some evidence that it
>> works with most stacks. But there is also a statement in the
>> addressing document that the all null address is reserved for
>> the subnet anycast address. Do stacks actually implement the
>> subnet anycast function? Should the specification be removed
>> from the addressing RFC? Can we just ignore it? If we cannot
>> ignore it, we will have to specify some value different from
>> zero for the suffix. A "checksum neutrality" field might do
>> that, but please consider the second question.
>
> If you do straddle the /64 boundary, you will not have a null
> IID so the issue goes away. If not, using null feels wrong to
> me. Firstly, it conflicts with the current (harmless and
> possibly implemented) spec. Secondly, specifying a value is no
> big deal as far as I can see.
>
>>
>> The second question regards the uniqueness of host
>> identifiers. Suppose we define the address used for stateless
>> translation as: 32 bit "provider" prefix, 32 bit IPv4
>> address, and a constant identifier, either 0 or the "checksum
>> neutrality" value, which is only a function of the provider
>> prefix. Suppose now that for some reason there are two "IPv4
>> addressed" hosts on the same link, e.g. because many servers
>> are located in the same server room. The two hosts will have
>> different addresses, in different 64 bit subnets, but they
>> will also have different host identifiers. Is that OK?
>
> Why wouldn't it be OK? I can't see why it's a question.
> The normal expectation is that different hosts have different
> IIDs so I am curious why this matters.
>
>   Brian
>
>>
>> -- Christian Huitema
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list ipv6@ietf.org
>> Administrative Requests:
>> https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
>>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email