Re: (ngtrans) Next steps
changwen <changwen@attbi.com> Mon, 25 March 2002 07:20 UTC
Received: from patan.sun.com (patan.Sun.COM [192.18.98.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA04703 for <ngtrans-archive@odin.ietf.org>; Mon, 25 Mar 2002 02:20:04 -0500 (EST)
Received: from engmail4.Eng.Sun.COM ([129.144.134.6]) by patan.sun.com (8.9.3+Sun/8.9.3) with ESMTP id AAA15412; Mon, 25 Mar 2002 00:16:30 -0700 (MST)
Received: from sunroof.eng.sun.com (sunroof.Eng.Sun.COM [129.146.168.88]) by engmail4.Eng.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id XAA05777; Sun, 24 Mar 2002 23:16:13 -0800 (PST)
Received: from sunroof.eng.sun.com (localhost [127.0.0.1]) by sunroof.eng.sun.com (8.12.2+Sun/8.12.2) with ESMTP id g2P7FkKL004221 for <ngtrans-dist@sunroof.eng.sun.com>; Sun, 24 Mar 2002 23:15:46 -0800 (PST)
Received: (from majordomo@localhost) by sunroof.eng.sun.com (8.12.2+Sun/8.12.2/Submit) id g2P7FkYj004220 for ngtrans-dist; Sun, 24 Mar 2002 23:15:46 -0800 (PST)
X-Authentication-Warning: sunroof.eng.sun.com: majordomo set sender to owner-ngtrans@sunroof.eng.sun.com using -f
Received: from engmail4.Eng.Sun.COM (engmail4 [129.144.134.6]) by sunroof.eng.sun.com (8.12.2+Sun/8.12.2) with ESMTP id g2P7FdKL004213 for <ngtrans@sunroof.eng.sun.com>; Sun, 24 Mar 2002 23:15:39 -0800 (PST)
Received: from nwkea-mail-1.sun.com ([192.18.42.13]) by engmail4.Eng.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL, v2.1p1) with ESMTP id XAA05714 for <ngtrans@sunroof.eng.sun.com>; Sun, 24 Mar 2002 23:15:30 -0800 (PST)
Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by nwkea-mail-1.sun.com (8.9.3+Sun/8.9.3) with ESMTP id XAA22178 for <ngtrans@sunroof.eng.sun.com>; Sun, 24 Mar 2002 23:15:27 -0800 (PST)
Received: from cwliu ([12.224.36.222]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020325071522.RQCM2951.rwcrmhc53.attbi.com@cwliu>; Mon, 25 Mar 2002 07:15:22 +0000
Message-ID: <002901c2bc34$771ff6e0$070a0a0a@attbi.com>
From: changwen <changwen@attbi.com>
To: "Shiao-Li Tsao (Charles)" <sltsao@itri.org.tw>
Cc: Pekka Savola <pekkas@netcore.fi>, ngtrans@sunroof.eng.sun.com
References: <Pine.LNX.4.44.0203231438020.28022-100000@netcore.fi> <00c601c1d28c$5ae1b3c0$f0e13b3d@K400.CCL.ITRI.ORG.TW> <003201c2bb70$27f9aa80$070a0a0a@attbi.com> <00cb01c1d3a8$78a46250$0b68608c@K400.CCL.ITRI.ORG.TW>
Subject: Re: (ngtrans) Next steps
Date: Tue, 14 Jan 2003 17:21:43 -0800
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0026_01C2BBF1.688738C0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-ngtrans@sunroof.eng.sun.com
Precedence: bulk
Reply-To: changwen <changwen@attbi.com>
Basically the assumption of MIPv6 HA having IPv4 address differentiates mine from yours. Your draft <MOVING> has that assumption while my draft doesn't. My draft doesn't assume MIPv6 HA having any IPv4 addresses. Only MNv6 has nominal IPv4 home address used for routing IPv6 packets only. So I think I can still stand by my claim that the scenario covered in my draft is not covered in the draft <MOVING>. For the question on why MIPv4 is involved, the answer in short is packet routing requirement and security benefit provided by MIPv4. 1. Imagine the scenario that MNv6 gets a FA care-of address (IPv4 address, of course) in the visited IPv4 domain. This will be a typical case for mobility support in IPv4 domain if one thinks of current IPv4 address depletion issue (the major driving force for IPv6 deployment). The FA acts as the first router for MNv6 and routes all the packets to/from MNv6. Obviously one cannot assume the FA understands IPv6. In other words, the FA may not be able to deliver any IPv6 packets for MNv6. So encapsulating IPv6 packets with MNv6's care-of address won't work in this scenario. 2. The MIPv4 registration provides the authentication to the 6to4 border router for MNv6's v4 binding and hence the 6to4 border router can securely 'redirect' received packets to/from MNv4. The redirect attack from malicious nodes won't work. Let's me know if I miss any of your points or questions. Thanks. changwen ----- Original Message ----- From: Shiao-Li Tsao (Charles) To: changwen Cc: Pekka Savola ; ngtrans@sunroof.eng.sun.com ; Shiao-Li Tsao (Charles) Sent: Sunday, March 24, 2002 6:55 PM Subject: Re: (ngtrans) Next steps The scenario is covered by <MOVING>. The situation you mentioned is basically a dual stack mobile node using IPv6 (DS MNv6) moves to IPv4-only network. I agree this scenario is useful. I think the only difference is that you apply different assumption on HA which has no IPv4 address (or has no permanent IPv4 address). However, I don't think MIPv4 should be involved in your situation. If MN has a pre-configured 6to4 border router and it can obtain a CoA in the visited network (these are your assumptions), why not to send a MIPv6 BU destinated to HA (encapsulated in IPv4) to a border router ? The border router can be seen as a tunneling end point, decapsulates IPv4 packets and forwards MIPv6 BU to HA. Please correct me if anything I miss. Charles ----- Original Message ----- From: changwen To: Shiao-Li Tsao (Charles) Cc: ngtrans@sunroof.eng.sun.com ; 'Tony Hain' ; Margaret Wasserman ; Alain Durand ; Bob Fink ; Randy Bush ; Pekka Savola Sent: Tuesday, January 14, 2003 9:56 AM Subject: Re: (ngtrans) Next steps > Personally, I think mobility in transition network should be investigated. > However, the preliminary study <MOVING> shows that most of the mobility in > v4v6 transition is either trivial or the solutions are straightforward. > Maybe some other situations need to be discussed if we can show the specific > scenarios are pratical or they attract global interestings. Well, one important scenario that is not covered by <MOVING> is the case that dual stack capable MNv6 whose MIPv6 home agent has no IPv4 address roams into IPv4 domain. A common belief is that IPv6 will be first deployed in the edge network site by site (e.g. enterprises) while the core network/Internet still runs IPv4. So it will be common to see a lot of isolated IPv6 only sites connected by IPv4 infrastructure. Needless to say that the 6to4 protocol is a good candidate to run these IPv6 only sites. Two critical facts are that usually only the border routers at these sites have IPv4 addresses due to IPv4 address space depletion and many of these sites will be more than just one single IPv6 subnet, e.g. An enterprise IPv6 site may only have one IPv4 address in its border router and have however multple IPv6 subnets. In other words, it is common that the home agents of MNv6s in these sites have no IPv4 addresses. As time goes by, these sites may also get native IPv6 connections in addition to the IPv4 connections and hence the sites may have both native IPv6 prefixes as well as 6to4 prefixes. However no new IPv4 addresses to the site and the home agents of MNv6s in these sites remain to have no IPv4 addresses. A real issue is then the MNv6s from these sites will very likely roam into IPv4 only domains and keep moving in the IPv4 domains. > Otherwise, I don't see any new ngtrans tool needs be introduced at the > current stage. > > Charles Tsao I believe the above described scenario should attract global interestings and a tool is needed for resolving this issue. changwen > > > > ----- Original Message ----- > From: "Pekka Savola" <pekkas@netcore.fi> > To: "Liu, Changwen" <changwen.liu@intel.com> > Cc: "'Tony Hain'" <tony@tndh.net>; <ngtrans@sunroof.eng.sun.com>; "Margaret > Wasserman" <mrw@windriver.com>; "Alain Durand" <Alain.Durand@Sun.COM>; "Bob > Fink" <fink@es.net>; "Randy Bush" <randy@psg.com> > Sent: Saturday, March 23, 2002 8:39 PM > Subject: RE: (ngtrans) Next steps > > > > On Fri, 22 Mar 2002, Liu, Changwen wrote: > > > > > Tony, > > > I believe Mobility should also be one important item in the "Areas > > > to cover". In the listed environments, you may have scenarios of v6 > nodes > > > roaming into v6 domain and v4 nodes roaming into v4 domain. Mobility > will be > > > more than just mixed mode operation and should be addressed separately. > > > > I disagree. > > > > Mobility will be more or less trivial in IPv6 operation, and without it > > it's just a very rare special case. > > > > So it's either usually trivial or irrelevant from the global perspective. > > > > > -----Original Message----- > > > From: Tony Hain [mailto:tony@tndh.net] > > > Sent: Friday, March 22, 2002 3:54 PM > > > To: ngtrans@sunroof.eng.sun.com > > > Cc: Margaret Wasserman; Alain Durand; Bob Fink; Randy Bush > > > Subject: (ngtrans) Next steps > > > > > > > > > The discussion in the wg meeting on Monday focused on the charter > > > update, and the need to clearly identify viable operational environments > > > at different phases of the transition to IPv6. To accomplish that the wg > > > will need to establish concise descriptions of each target environment, > > > then show how at least one set of tools can be applied to accomplish a > > > transition. In addition, if there are specific combinations of tools > > > which create security or other problems for a given environment, the wg > > > will need to highlight those issues. > > > > > > To get this effort started and provide a discussion framework, the > > > co-chairs developed the following bullet points. > > > > > > Vision of deployment and related issues in a small set of defined > > > environments. > > > Goals: > > > provide network managers with at least one viable framework and > > > complete tool set for deploying IPv6. > > > expose any mismatch between the requirements of a target environment > > > and the ngtrans tool set. > > > > > > These goals should be self explanatory, but in case there is confusion, > > > we are not looking for all possible environments, or approaches to > > > deploy IPv6 in an environment. Since we will be describing common > > > generic cases, the approach chosen may not even necessarily the best > > > approach for any particular network. Rather the goal is to identify > > > consistent characteristics of the most common environments. > > > > > > > > > Environments: > > > Unmanaged Network (SOHO lan) > > > Managed Network (Enterprise lan & vpn) > > > ISP service models > > > Dial : HFC : DSL : FtoH : 3G > > > Services > > > www, smtp, IM, ... > > > > > > This is not intended to be an exhaustive list, rather an example of ways > > > to break down the 'network environment' into manageable size pieces. If > > > there are additional environments with wide applicability please raise > > > them to the list. > > > > > > These documents need to describe existing operational environments with > > > their unique characteristics, independent of the IPv6 transition > > > approaches that might be applied. To the extent that major sections of > > > the descriptions are common, the result should be a single document, > > > while those cases where some parts are common, but the architectural > > > approaches vary widely, there should be multiple documents. > > > > > > For example, deploying IPv6 in an HFC environment will probably be a > > > single document, even though some cable modems act as a bridge while > > > others act as routers. Outside of this difference, most of the > > > associated infrastructure is common across the majority of service > > > providers globally. On the other hand, we expect a 3G cell environment > > > will probably be described separately from a Dial environment. While > > > they may share a common authentication system, it is likely they have > > > little else in common. > > > > > > > > > Areas to cover: > > > How to get started > > > Mixed mode operation > > > Viability & path of removing IPv4 > > > Manageability > > > Security concerns > > > Applications and their infrastructure > > > Broad common issues may be in separate docs > > > ISP architecture issues include > > > aaa, prefix allocation, dns registration, tunnel services, . > > > > > > Once the environment is well described, independent of transition > > > technologies, there will need to be one or more documents describing the > > > possible application of a set of transition tools, and any issues that > > > arise over time. In particular the periods of initial IPv6 use, a 50% > > > mixed mode, and phasing out of IPv4 will need to be explicitly > > > addressed. If there are other notable combinations for any given > > > environment, those are expected to be highlighted as well. In addition > > > to the basic description of how a set of tools might be used, there will > > > need to be a discussion of manageability, security issues, application > > > impact, and any services expectations at each of the phases. > > > > > > > > > > > > Until those documents are available, the IESG has no context to evaluate > > > the tools against. For this reason, there will be a hold placed on all > > > other ngtrans projects at least until IETF-54 in Yokohama. This means > > > that there will be no existing project work forwarded to the IESG, and > > > no new projects accepted. This does not mean that authors and wg > > > participants should stop work on these work items, rather that they will > > > be reviewed for appropriateness within the updated ngtrans charter. > > > > > > The current proposed charter is: > > > > > > The goals of the NGtrans working group is: > > > Document operational requirements and recommended practices for major > > > pieces of the Internet infrastructure in a mixed world of IPv4 only, > > > IPv6 only and dual stack nodes. Those pieces include, but are not > > > limited to: Routing, DNS, Mail, Network monitoring, Web, Multicast, > > > VoIP,... This work is to be done in cooperation with the relevant > > > experts and/or the relevant working groups when applicable. > > > > > > Any further work items to be evaluated between now and July > > > > > > Please send comments about this charter to the list. > > > > > > > > > To get the necessary documents started, we first need to agree on the > > > breakdown of the environments. Please keep in mind we are looking for > > > the high-level environment, so with or without IPv4 nat should be a > > > subset of each environment. Send comments to the list, and we will last > > > call the set when it appears the discussion is converging. > > > > > > After the breakdown is agreed upon, we will be looking for volunteers to > > > take the lead on specific documents. The target is to have some > > > draft-*-00 versions available for comment before the July submission > > > cut-off. After the WG agrees that the document adaquately describes a > > > generic target environment, work will begin on the description of how a > > > set of the ngtrans tools might apply. > > > > > > > > > The NGtrans co-chairs > > > Alain, Margaret, & Tony > > > > > > > > > > -- > > Pekka Savola "Tell me of difficulties surmounted, > > Netcore Oy not those you stumble over and fall" > > Systems. Networks. Security. -- Robert Jordan: A Crown of Swords > > >
- Re: (ngtrans) Next steps changwen
- Re: (ngtrans) Next steps changwen
- Re: (ngtrans) Next steps changwen
- Re: (ngtrans) Next steps Pekka Savola
- RE: (ngtrans) Next steps Marc Blanchet
- Re: (ngtrans) Next steps Shiao-Li Tsao (Charles)
- Re: (ngtrans) Next steps Pekka Savola
- Re: (ngtrans) Next steps changwen