IETF Logo Mail Archive

Re: Is NAT66 a help in migration to IPv6?

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Tue, 01 December 2020 15:47 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C9E63A13C6 for <ipv6@ietfa.amsl.com>; Tue, 1 Dec 2020 07:47:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.601
X-Spam-Level:
X-Spam-Status: No, score=-9.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=IAiVHzRu; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=IEqhW3+S
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K5FMgzxhmHra for <ipv6@ietfa.amsl.com>; Tue, 1 Dec 2020 07:47:08 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 738F93A14B2 for <ipv6@ietf.org>; Tue, 1 Dec 2020 07:46:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6290; q=dns/txt; s=iport; t=1606837567; x=1608047167; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=vgQBfdm/a863GNuzUSJrIsPotBwjK0T6udAQdCCJfaU=; b=IAiVHzRu31tBNPhgySrWpUH8wQ9C8UcMws2jgaBNZpvFnSN150ofiexK MqdDNtcHlrAaUZVGDg17uu6VbOv2W0r8s2h0L5SIwhEXx7JBvzYz57asz UL2ZRJl9f4no6wCn57wtpVafusCZuvQUYOBAe7VYpS0k8ZVv4DFx0l4vn I=;
X-IPAS-Result: A0BBAQA4ZMZffYkNJK1iHAEBAQEBAQcBARIBAQQEAQFAgT4EAQELAYFRUXxaLy6EPINJA40yJ4oWjnCBQoERA1QLAQEBDQEBGAsKAgQBAYRKAheBfAIlNwYOAgMBAQEDAgMBAQEBBQEBAQIBBgQUAQGGPAyFcgEBAQECAQEBEBEEDQwBASUHCwELBAIBCBEDAQEBAwImAgICHwYLFQgIAQEEAQ0FGweDBAGCVQMOIAEOoU4CgTyIaXZ/M4MEAQEFhQ8NC4IQAwaBDioBgnKDdoJEgnWBHhuBQT8maycMEIInLj6CG0IBAYEhCQERAgEgBzECgl0zgiyQMAgcgymkHlcKgnCWFYUXAx+DIIodlF+Tao17knYCBAIEBQIOAQEFgWwiaXBwFTsqAYI+UBcCDY4hDBeDToUUhUR0AjUCBgEJAQEDCXyOaQEB
IronPort-PHdr: 9a23:GGE4ZxDO2lwvGBEvn8MrUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qw00A3DVo/A7rRPjO+F+6zjWGlV55GHvThCdZFXTBYKhI0QmBBoG8+KD0D3bZuIJyw3FchPThlpqne8N0UGEs30fFiUqXq3vnYeHxzlPl9zIeL4UofZk8Ww0bW0/JveKwVFjTawe/V8NhKz+A7QrcIRx4BlL/U8
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.78,384,1599523200"; d="scan'208";a="627599495"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 01 Dec 2020 15:46:06 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 0B1Fk6g9021229 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 1 Dec 2020 15:46:06 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 1 Dec 2020 09:46:05 -0600
Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 1 Dec 2020 10:46:04 -0500
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 1 Dec 2020 09:46:04 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LIM5lyshyv0JVSfqjqthUt0fQI4GlfDBI7ClnzZVFfufZsWXKgoyFBqOJmJIYjrTeWqi0KhJY4ljLlDrtIwESnFPlbxX9ddYgsgFNANPu03UNxIZHsPVm12TCzpskl0H+tH3x+L1LjGCwFxgKVPlxn2PyV81QbYvah1yyhy0tV9Odk5DXVgpnYfEr4CPIG+zTM10tg1e4WCwOxJtg9O5UPrL0ti/fLiRMs6vTT6UoDOEU16YFSCFuBZz/QEvCiK1Q0JH1HQuzxCW4kEyJdHKQaqeQy1e1+oElmarpTv91xEuq14ZH8RMzRT4ylzXrhIMUQz+F76jgr7JVB/GLKCwFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vgQBfdm/a863GNuzUSJrIsPotBwjK0T6udAQdCCJfaU=; b=LCONDCM0SRFbUUBnhkDdn0HrLqWo0eCPX4whKa1ZaXlG4N5Gg/+buu/Itb4MdTpbAmNa6rDpgS/9//ebs9R997kqyld002wUIdVPImi+qbG/F4v14Mbd/WYqorBcgAlDUgN1dN8sUdXGWb2lATiYrDFtqcosB4gNx8tpug4m2Yq+5U/mjcrs0kg244OMUx6waK4/dO69XGW4W533i/Ee8HByIle8iOyVR1EyMf04ZMf45VGBZJGgyNlNmBjNG4W32SNevNwA3XuBSIePVUBlEqFAXvMYJednsA4JA33tOWvXJi6Fe1pF+KtosSESb5yWLpf6C6xaiIVC/0HM0fbCYw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vgQBfdm/a863GNuzUSJrIsPotBwjK0T6udAQdCCJfaU=; b=IEqhW3+SVxLiDjHB1KrgiSSc1tBKnwIb2cqIIyoUngwUNlumpkShlRAslkd++TOrEfwpMX8XooW+EjVMbJkgtRjMXMR9TvWmm6WqxE9Cl89WpIt4lweg+bmMpUMrAavwJlP0XWeCnL14iDpLEUq32/5QeN1x8Jdny+lQw4bBOWo=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB5128.namprd11.prod.outlook.com (2603:10b6:510:39::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Tue, 1 Dec 2020 15:46:03 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::453b:b2f5:ec29:410d]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::453b:b2f5:ec29:410d%7]) with mapi id 15.20.3611.025; Tue, 1 Dec 2020 15:46:03 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "Ackermann, Michael" <MAckermann@bcbsm.com>, "otroan@employees.org" <otroan@employees.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
CC: 6man WG <ipv6@ietf.org>
Subject: Re: Is NAT66 a help in migration to IPv6?
Thread-Topic: Is NAT66 a help in migration to IPv6?
Thread-Index: AdbG/FnHwsKbAOh9QKKbKxoijh3awAAVebgAAAb7iwAAHpyFAAADciHwAALCogA=
Date: Tue, 01 Dec 2020 15:46:03 +0000
Message-ID: <039BC0E9-BFB2-4729-8B2D-53AFB117C3F1@cisco.com>
References: <8a37e3ea48b0451bb9a84ce4658bc8bb@huawei.com> <5bc4ca5e-03e4-fce1-4d80-b8e10e4a3b75@gmail.com> <AC6854A4-1569-4DC1-AA74-312B993976BC@employees.org> <D99424CC-401B-4DB1-9B5B-463F4BBCA304@cisco.com> <DM6PR14MB31780980FD2485A5D6BD8010D7F40@DM6PR14MB3178.namprd14.prod.outlook.com>
In-Reply-To: <DM6PR14MB31780980FD2485A5D6BD8010D7F40@DM6PR14MB3178.namprd14.prod.outlook.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.43.20110804
authentication-results: bcbsm.com; dkim=none (message not signed) header.d=none;bcbsm.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:c5a2:8fb:e443:c1ef]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ab137462-4d4b-45ce-6e8b-08d89610357b
x-ms-traffictypediagnostic: PH0PR11MB5128:
x-microsoft-antispam-prvs: <PH0PR11MB512876B3D4350A7E3EDC1717A9F40@PH0PR11MB5128.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wo7SoTMdlnIUa4mDi16epDV8VdpiQ18wwf2S3Mfj7ZIUNkTcnxo++fuJbiT+w/i4hNbIdLSeNV9R4s4CAQDhyV6c/tG8OuJJC2Nx7Z6xcWTmZBw9ly9hcp4n2K4QXLkMWcnEwJUQk7xkZ7LAbe1sD58WitgXtlzRuTclj07XF75Zvsg5Zr/zZ2QGHuwjpmKgyi32Jt0C8yzhY/m4mwnOlyMNu/qRTWIyp7hvXI1AWAR3Dy8hzOCFy4y82nSryh1cpxgNKtuMyeLYOecM4sXh1/G6m7+ZhRTRfYhnDPD5Hz8XlK+gVtwdmsvJW3L38qvNrk4ArEdFwUzq68LVtBUKSbyrnlno+VsArHodl20VrVCWDHnY0ifJhihRLW5I2K8xCtkuUAtt1P1aY0NjWyxV7g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(39860400002)(346002)(136003)(366004)(376002)(53546011)(33656002)(71200400001)(6506007)(8676002)(8936002)(66946007)(2616005)(91956017)(36756003)(66446008)(2906002)(478600001)(66476007)(64756008)(66556008)(5660300002)(316002)(110136005)(76116006)(186003)(296002)(6486002)(6512007)(83380400001)(86362001)(4326008)(966005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: RMsNAYgl1t0xwLDtLrYPAFIHSlnGBVtDjcDm902qGwLtU8hhbIJ/R27L0A10T6ZvR6+d9oh4TujuAFnqfhW0/Gu+4WwYcrWjNvxVPXe9s4po4aEAzfVH5XI/8W0nURgeQw7ccfHDaj8TNm6zbFpqJd4OvI6T0aNlYa+FxaL2TzOZw3ORWvvATrQQklKfxvK0nJIVsmgTYM5OEwGxpctbQSrQpWS3bKfQnpwiuPlX6jbu34yE7YTwoZ+xpYsHKVZO8JrLXI29sM33Nzda58Mrc98tPp30GgoZkZFy2HQ+FdpEj0RGTVlaIE+7bVU70nGIuukiUqaWGwImqx24YxTC0hcHNuST8bY0y1jCHde3VXNWiUl73VXWVsJf0UR+gE5HcRUrPUHPNyru4XpqiPdvLldUXc2vjKO0QVmmLEW2EWE9duuiQpCSxk2gCuM0Zd2j7EtP/TerypQxDt6KJq9K9YxzgOC3mU6ZlZN66yj3mQ9KHYMrttbLIEgwuBJq05kePmj97ztT6EDHDif9bmaL68Nw0mTGyUdZtHG45dNgGolZFYZgB+Wb6s5GsN6jaBiQJuIrUasYn84VPZdcPqxzK06MphP1+cepJwUvRCmPmLln2msDJPCrnaFXWLdqVby9uV4eIWftnNVbGaaMb+1gQziWmtIx361ZkQyffVV1Uuz77Fp7HZiOXEcAVdGQLeKzCC67AnWI8kD4y4iVLUGaX6TSlA9dNkCr+Nh5WMzZmQfQOWz61zQLD8R2OXOQR00GbtHE9yLPE+JmbnWsYStmlkeMptukUxLSedyE4pD7KzD7IjHNtaq+YZd1wG7MGyGq+CVl9/HiQ9eN9w0BzASg6Ku+HWI0SAEvWlGTGXefFaQgXQuOWTzAYde02PSzWzWLS++4CjJa0HZUh/E4Mf85GgDFz/aq1P448X3jbZb/twlts65PI7PAuJ2jDl20gaSkMeQQ65QY+WpxHEZExplAJUZuVUffFIoycEWXloSMUssRD39ucuhUpqtiT4GYJMg4AMUCs6Z6uBwsVsD0sLK9ZcSaVZGOFFLgtmScc/mNCIk3EEWlrttPW8MJvw4wMYHb
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <F6C8DA5E36B1B6428B3C1529312DCA38@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ab137462-4d4b-45ce-6e8b-08d89610357b
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Dec 2020 15:46:03.3043 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: VpVTpm1j8GIg/D4de3x6s7nILsjfOvSuekx2Yt+z0xGmJw2N63YpbgyIOP5EgsEMlYX0d7AiVy7rnwGEuLZ1qQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5128
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/uP-Lf-3her4CUe9W2sWzGbrZSf4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 15:47:11 -0000

Michael

Of course, IPv4 host have a single IPv4 address (most of the time) but the network operator has to manage TWO IPv4 addresses per host: one for packets 'inside' and one for packets 'outside' and the NAT log is used to do the mapping... So, it is painful as well (this was my point expressed in a 2nd degree way -- sorry)

-éric


-----Original Message-----
From: "Ackermann, Michael" <MAckermann@bcbsm.com>
Date: Tuesday, 1 December 2020 at 16:30
To: Eric Vyncke <evyncke@cisco.com>, "otroan@employees.org" <otroan@employees.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: 6man WG <ipv6@ietf.org>
Subject: RE: Is NAT66 a help in migration to IPv6?

    FYI
    This may just be my interpretation of the comment below, but .......
    It is not common at most enterprises that we have two IPv4 addresses per host.    Rather a single 1918 address internally and then NAT to a registered public address for external traffic. 
    Thanks
    Mike

    -----Original Message-----
    From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of Eric Vyncke (evyncke)
    Sent: Tuesday, December 1, 2020 7:48 AM
    To: otroan@employees.org; Brian E Carpenter <brian.e.carpenter@gmail.com>
    Cc: 6man WG <ipv6@ietf.org>
    Subject: Re: Is NAT66 a help in migration to IPv6?

    [External email]


    Ole,

    You nailed it... I was (and still am) fan of RFC 8028 and SADR (draft-ietf-rtgwg-dst-src-routing) but there is a lot of inertia in "enterprise" networks where the catch22 game is still there: little mid-size networks deployed hence manufacturers do not implement :-( Little IPv4 addressing shortage pressure for those mid-size network

    BTW, enterprises already have 2 IPv4 addresses per host and it is a pain: the RFC 1918 one and the shared public one... ;-)

    -éric

    -----Original Message-----
    From: ipv6 <ipv6-bounces@ietf.org> on behalf of "otroan@employees.org" <otroan@employees.org>
    Date: Tuesday, 1 December 2020 at 00:12
    To: Brian E Carpenter <brian.e.carpenter@gmail.com>
    Cc: 6man WG <ipv6@ietf.org>
    Subject: Re: Is NAT66 a help in migration to IPv6?

        > Answering the question in the subject field: No [RFC2993] [RFC4864] [RFC6296].
        >
        >> IMHO: no NAT66 -> no progress for IPv6 in Enterprises. Because redundant connectivity to Carriers is needed very often.
        >
        > It is, and that's why the failure of SHIM6 is very sad. But the real failure is the reluctance of enterprise operators to do what comes naturally in IPv6: if you have two providers, run two prefixes everywhere [RFC8028]. That's why there is still, sadly enough, a case for [RFC6296]. Sadly, because [RFC2993] explains why NAT or NPT is a problem, and [RFC4864] explains how to avoid them (and needs [RFC8028], which came very late, sorry).


        The failure of SHIM6 or ILNP or even 8+8 is indeed sad.
        MPMH hasn't exactly taken off. I ran it for a while but gave up. 8028 isn't enough, SADR is a big change.
        Enterprises don't want to depend on host behaviour for exit selection.
        Ref, the slaac-renum discussion I'd imagine Enterprises also wants a level of isolation from ISP/global addressing.
        Keeping track of 4++ addresses per-host isn't a favourite with Enterprise network operators either.
        And we can't exactly say that host implementations and applications have caught up with MPMH either.

        PI or LISP MH are available solutions.
        Multi-homing with NAT66 wouldn't work nearly as well (and you could argue stick with v4 then, which I guess is what they do).

        Ole

    --------------------------------------------------------------------
    IETF IPv6 working group mailing list
    ipv6@ietf.org
    Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
    --------------------------------------------------------------------


    The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.

     Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.

v2.23.0 | Report a Bug | By Email