IETF Logo Mail Archive

Re: NAT64 in RA, draft-ietf-6man-ra-pref64

Mark Andrews <marka@isc.org> Mon, 27 May 2019 20:38 UTC

Return-Path: <marka@isc.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBEF412001A for <ipv6@ietfa.amsl.com>; Mon, 27 May 2019 13:38:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZhMJyTmK8Xpj for <ipv6@ietfa.amsl.com>; Mon, 27 May 2019 13:38:32 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2CD6120157 for <6man@ietf.org>; Mon, 27 May 2019 13:38:31 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id B23FF3AB03F; Mon, 27 May 2019 20:38:31 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id A725716006C; Mon, 27 May 2019 20:38:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 8C7C2160064; Mon, 27 May 2019 20:38:31 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id g8sttMVRDAey; Mon, 27 May 2019 20:38:31 +0000 (UTC)
Received: from [172.30.42.88] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 3633E160052; Mon, 27 May 2019 20:38:31 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
Subject: Re: NAT64 in RA, draft-ietf-6man-ra-pref64
From: Mark Andrews <marka@isc.org>
X-Mailer: iPhone Mail (16F156)
In-Reply-To: <D3C7EB41-02E8-48D6-9335-26A041FD64C2@isc.org>
Date: Tue, 28 May 2019 06:38:28 +1000
Cc: 6man@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <00C00FE5-C7CD-4B99-A2C9-CCBFCB1E4850@isc.org>
References: <12187.1558972629@localhost> <D3C7EB41-02E8-48D6-9335-26A041FD64C2@isc.org>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/tNIULzplQ9MqBLRTf8sG-kcdFOo>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 May 2019 20:38:34 -0000

The RA optionally includes the name of the APL record.  Inclusion is signalled by the option length. 

  It could also be published at ipv4only.arpa as well. The RA wins if both exist and are different. 

-- 
Mark Andrews

> On 28 May 2019, at 06:29, Mark Andrews <marka@isc.org> wrote:
> 
> You use  an APL record to define which addresses are mapped/excluded  (the difference is where the negations goes and whether you include the /0 entries at the end normally) on a first match basis. 
> 
> e.g.
> 
> APL !1:10.0.0.0/8 1:0.0.0.0/0
> 
> Not net 10 but everything else. 
> 
> TYPE42 \#9 00 01 08 81 0a 00 01 00 00
> 
> The above is a mapping list not a exclude list. 
> 
> You can also encode the IPv6 prefixes you want to ignore when determining if you are doing.  This is useful for when you want to be IPv6 internally but don’t have external connectivity  or you only have partial IPv6 connectivity or for ignoring the results of a seperate DNS64 mapping. 
> 
> Both lists can be encoded in a single APL record. Also it is easy enough to encode the record in unknown record format by hand as the encoding is not hard to do.  See above. 
> 
> -- 
> Mark Andrews
> 
>> On 28 May 2019, at 01:57, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
>> 
>> 
>> I just watched the 6man recording on draft-ietf-6man-ra-pref64.
>> I am very enthusiastic about having this progress, because it enables DNSSEC
>> resolution to be done on the host.
>> (We just have to find a way in CAPPORT to shame
>> 
>> The document says:
>> 
>>  In a network that provides both IPv4 and NAT64, it may be desirable
>>  for certain IPv4 addresses not to be translated.  An example might be
>>  private address ranges that are local to the network and should not
>>  be reached through the NAT64.  This type of configuration cannot be
>>  conveyed to hosts using this option, or through other NAT64 prefix
>>  provisioning mechanisms such as [RFC7050] or [RFC7225].  This problem
>>  does not apply in IPv6-only networks, because in such networks, the
>>  host does not have an IPv4 address and cannot reach any IPv4
>>  destinations without the NAT64.
>> 
>> And I guess I disagree with this in a subtle way, which Section 7
>> (multihoming) tries to deal with.   Maybe you could write:
>> 
>>  In a provisioning domain that provides both IPv4 and NAT64, it may be desirable
>>  for certain IPv4 addresses not to be translated.  An example might be
>>  private address ranges that are local to the provisioning domain and should not
>>  be reached through the NAT64.  This type of configuration cannot be
>>  conveyed to hosts using this option, or through other NAT64 prefix
>>  provisioning mechanisms such as [RFC7050] or [RFC7225].  This problem
>>  does not apply to hosts that are provisioned in IPv6-only networks,
>>  because in such networks, the host does not have an IPv4 address and
>>  cannot reach any IPv4 destinations without the NAT64.
>>  Section 7 deals with the multihoming sitution more.
>> 
>> ----
>> 
>> The slides had some optional stuff which I think is gone from the document.
>> Mark Andrews made some suggestions, which I did not understand what happened.
>> 
>> --
>> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>> -= IPv6 IoT consulting =-
>> 
>> 
>> 
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email