Re: IPv6 only host NAT64 requirements?

Ole Troan <> Mon, 13 November 2017 16:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2F824129B04 for <>; Mon, 13 Nov 2017 08:35:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZktG0EdUnr5a for <>; Mon, 13 Nov 2017 08:35:26 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A8934120454 for <>; Mon, 13 Nov 2017 08:35:26 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 183852D4F99; Mon, 13 Nov 2017 16:35:26 +0000 (UTC)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by (Postfix) with ESMTP id 8194F200C045C3; Tue, 14 Nov 2017 00:35:00 +0800 (+08)
From: Ole Troan <>
Message-Id: <>
Content-Type: multipart/signed; boundary="Apple-Mail=_74B9495F-C87E-42C2-9108-FEBC74B02368"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\))
Subject: Re: IPv6 only host NAT64 requirements?
Date: Tue, 14 Nov 2017 00:34:59 +0800
In-Reply-To: <>
Cc: 6man WG <>
To: Philip Homburg <>
References: <> <> <>
X-Mailer: Apple Mail (2.3445.4.7)
Archived-At: <>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 13 Nov 2017 16:35:28 -0000


>> Yes, that's certainly the bind we are in. Are we going to require all
>> IPv6 only nodes to be able to communicate with IPv4? And what does that
>> entail? Do you have examples of "all kinds of IPv4 issues"?
>> Apart from the requirement of NAT64 prefix discovery and IPv4
>> synthesising, is there anything you don't need to do anyway?
> One that really breaks my code, and is relevant to 6man is the guarantee in
> IPv6 error ICMPs:
> (c) Every ICMPv6 error message (type < 128) MUST include as much of
>    the IPv6 offending (invoking) packet (the packet that caused the
>    error) as possible without making the error message packet exceed
>    the minimum IPv6 MTU

Right. But when is that an actual issue for applications?
(Where I'm not going to reply with, well ICMPv6 errors a) either don't make it there b) are ignored by the host stack / application c) are heavily throttled d) suffered that faith anyway because of some MPLS link or whatnot...) :-)

>> While I'm also concerned about the consequences of carrying IPv4 debt in
>> all IPv6 implementations, the alternative seems to be that we are stuck
>> with Dual stack forever (for some definition of forever). This would at
>> least allow us to move to single stack IPv6. Which appears to me to be a
>> step forward. And we're very close to that already, and there are
>> millions of devices already implementing it.
> In new applications that are simple from a networking point of view, it should
> be possible to come up with a design that works well for both dual stack and
> NAT64.
> Operators who have lots of legacy devices are likely to run a dual stack
> network. So hosts that are expected to work in such an environment have to
> implement dual stack.
> I'm not sure how (outside 3GPP) anyone can transition to NAT64. You have to
> make sure that all devices that need to connect support NAT64. To do that,
> you probably want to run dual stack for a while to make sure everything
> supports IPv6 properly.
> But for host software there is a lot more incentive to support dual stack then
> to do the extra step for NAT64.
> The big problem I see for NAT64 is that for old IPv4-only applications you
> have to make two fundamental changes to the application. The first to
> make sure that the application handles IPv6 in every possible way. And a
> second pass that makes sure that every place where an IPv4 address literal
> is handled, works with NAT64.
> For an application writer it is better to try to avoid doing the second pass.

Then we are stuck with dual stack.
What Randy and Jen set out to try in the IETF experiment was to figure out if it would be possible to do IPv6 only + NAT64. Identify what was broken and then get that fixed. If we're stuck with dual stack (or IPv4 only), then we're not moving towards the end-goal, are we?