Re: IPv6 only host NAT64 requirements?

Ca By <cb.list6@gmail.com> Wed, 22 November 2017 13:53 UTC

Return-Path: <cb.list6@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 497BF129449 for <ipv6@ietfa.amsl.com>; Wed, 22 Nov 2017 05:53:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Level:
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17tK3KEADzRM for <ipv6@ietfa.amsl.com>; Wed, 22 Nov 2017 05:53:03 -0800 (PST)
Received: from mail-yb0-x22a.google.com (mail-yb0-x22a.google.com [IPv6:2607:f8b0:4002:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C18212944E for <ipv6@ietf.org>; Wed, 22 Nov 2017 05:52:56 -0800 (PST)
Received: by mail-yb0-x22a.google.com with SMTP id n185so5649723yba.6 for <ipv6@ietf.org>; Wed, 22 Nov 2017 05:52:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9oYMlepPONEfSFWlP4xXDRMz6SREAjadRkXOFWz1iBI=; b=FfrPraUe3C9wUK4f4LWgfzuskj6FxwILqnkNkgVrAnt5qn2VFFZjP5e7xFTtsDwQKk mztst3ka4V+whDLkDrNxK7RX86a9W/XoVq31aWarBrtKB5hV1JvU2iZjmOvrlCXKJCNe ygz9ROL6ZDvFIHTgBSk9aTMoCoTv7iDHunJYCIs0Jiwqexc6Xl+DBO0vdHBQGbkLOLZg bZ68CPKwITeASDtysDbMed+gkA/YcTAm03ze8kXf/lMi/lAN58WzC5JT0XHMnC5c0yW9 8R/vPbU2RRRvchGRbwZWZkmHYb5AbtKJ7ZVO/8UJAKUsxksr/WLnMchDhYZSb2EOP4/X iidw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9oYMlepPONEfSFWlP4xXDRMz6SREAjadRkXOFWz1iBI=; b=Jaqx0DMjqiqKaNkqoQnOZHJBbGGl9bevwcvPeUkV3fOor7GkH3fQiaV5mbKe1IFcm5 XBE9kmjLPvBoEzMGKD44WiQLPwR+HQSCK47MyfL2DkAHO1djueDF9+TSIhSycDll0TPH WIN1DPHjh8wU5irugkrxVTlr1xqG9YENcP3IGpCfXewXNMXAAtkS58GJapHNpKnNcT1J VL+bOdLReMs+zXaE8FTL63Gp5o8QgJ2rL4B9Tf40NtWcIDPudfMm7FX0KShL2dxkgACl wvZVhrEnlQFlweQEOWzOd77LD8494/1tZ04BBIvyXoaBmJDdS7YoG+jX4Bk+J1nmh9Nj E68w==
X-Gm-Message-State: AJaThX4RSJd4cTOK6tsQghTqPq+p08eJ1aWzlZ2Mc8vWhgkNUVDQvNjn N4sLnVr6dThMd3+2Q6aPNr76qtSsrELa+kb30qLwsg==
X-Google-Smtp-Source: AGs4zMa9j6F5P6HUjeA62y/D98p6BpbUxUM2kGuD1QGDFTR9vV0atY0Ut4w7C64oxgdcODgPhvHmW1YWOwMUOVDlR6Q=
X-Received: by 10.37.179.66 with SMTP id k2mr12787826ybg.53.1511358775699; Wed, 22 Nov 2017 05:52:55 -0800 (PST)
MIME-Version: 1.0
References: <m1eEGbJ-0000EhC@stereo.hq.phicoh.net> <CAFU7BARCLq9eznccEtkdnKPAtKNT7Mf1bW0uZByPvxtiSrv6EQ@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93300A07AD68@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <CAFU7BARoXgodiTJfTGc1dUfQ8-ER_r8UOE1c3h-+G0KTeCgBew@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93300A07C625@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <7EE41034-132E-45F0-8F76-6BA6AFE3E916@employees.org> <787AE7BB302AE849A7480A190F8B93300A07D481@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <0C83562D-859B-438C-9A90-2480BB166737@employees.org> <787AE7BB302AE849A7480A190F8B93300A07D534@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <26A31D20-46C2-473E-9565-59E5BA85ED8B@employees.org> <787AE7BB302AE849A7480A190F8B93300A07D63D@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <F9E3BD88-38E0-4329-A4BF-22083A023268@employees.org> <f673d6c7-570e-b2b8-e8aa-15d73ea8ba3f@gmail.com> <46365c7f-f9e9-0559-9f09-d6b565ff7f99@nlogic.no> <0a13ea07-6b60-9ae6-659e-c054acdc156d@gmail.com> <2bbae231-d57e-4ba7-8ac5-65dbba9a9da2@gmail.com>
In-Reply-To: <2bbae231-d57e-4ba7-8ac5-65dbba9a9da2@gmail.com>
From: Ca By <cb.list6@gmail.com>
Date: Wed, 22 Nov 2017 13:52:44 +0000
Message-ID: <CAD6AjGR=g4M-=ndPugaLcGPrGCne284fY60kfO5MBaWoU1y4NA@mail.gmail.com>
Subject: Re: IPv6 only host NAT64 requirements?
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Cc: ipv6@ietf.org
Content-Type: multipart/alternative; boundary="f403045e317af43103055e92a284"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/tWu35YtvkmBUhTv6AKjKnWgOUhI>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 13:53:05 -0000

On Wed, Nov 22, 2017 at 12:05 AM Alexandre Petrescu <
alexandre.petrescu@gmail.com>; wrote:

>
>
> Le 22/11/2017 à 01:01, Brian E Carpenter a écrit :
> > in line...
> >
> > On 21/11/2017 22:40, Ola Thoresen wrote:
> >> On 20. nov. 2017 20:37, Brian E Carpenter wrote:
> >>
> >>> On 21/11/2017 02:36, Ole Troan wrote:
> >>> ...>> [Med] These are generic statements, Ole. We are talking about
> the IETF case.
> >>>>> * The IETF has no control on the hosts that connect to the IETF
> network,
> >>>>> * IETF attendees who are using corporate devices, have no control on
> these hosts
> >>>>>
> >>>>> So, how forcing devices to use "IPv6+nat64" will help here?
> >>>> Eat own dogfood. Many IETF people are developers or work for
> companies having applications not working.
> >>>> As I said there were a minimum of applications that didn't work.
> Corporate VPNs largely did. Jen has the final numbers.
> >>> However, as long as even one application, such as one VPN, or one
> >>> literal IPv4 address, fails, that represents millions of failure cases
> >>> if we consider the whole world (e.g. imagine every hotel network in
> >>> the world running IPv6+NAT64 only). That simply isn't viable. Dual
> >>> stack in every hotel room in the world is viable, from the hotel
> guests'
> >>> point of view. Operators might not like it, but users wouldn't care.
> >>
> >> In hotel rooms and other "public" or "guest" networks, there are so many
> >> things that fail already, due to NAT, misconfigured firewalls,
> >> unmaintained blocklists, SSL-proxies and whatnot, so you can hardly
> >> expect any services other than basic web-surfing without https to work.
> >> Not that this is an ideal situation today, but i do not believe that "if
> >> even one VPN or one liter IPv4 address fails" should be a showstopper
> >> for introducing this.
> >
> > Hotels won't make that choice, but the providers of hotel networks will,
> > entirely based on their perception of the number of help desk calls
> > they will have to handle for any given change. Since they haven't even
> > made the move from IPv4 to dual stack, I think we'll wait a long time
> > before they attempt any form of IPv6-only. Sad but true.
> >
> >> Possibly, or even probably, introducing IPv6 (-only and NAT64) will even
> >> make the situation better for a lot of people, as you get rid of all the
> >> horrible NAT solutions for services that are already dual stacked.
> >
> > But those horrible NAT solutions are up and running today.
>
> It will be noticed that on NAT64 ESSID the experience is worse than on
> IPv4, at least for VPN sessions.
>


How would the vpn service be improved? If the VPN server / peer was ipv6
enabled then it would just be e2e v6, no?

I like to refer back to Occam’s Razor e2e v6 rather than transition Rube
Goldberg


> Alex
>
>   For this
> > class of operator, any change is bad news, unfortunately. What is their
> > incentive to make such a change?
> >
> >      Brian
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
> >
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>