IETF Logo Mail Archive

Re: [Softwires] 4rd-u tunnels and stateful NAT64s

Rémi Després <despres.remi@laposte.net> Thu, 15 March 2012 15:30 UTC

Return-Path: <despres.remi@laposte.net>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9023521F872B for <softwires@ietfa.amsl.com>; Thu, 15 Mar 2012 08:30:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.232
X-Spam-Level:
X-Spam-Status: No, score=-2.232 tagged_above=-999 required=5 tests=[AWL=0.066, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xHy6fSSp9HsF for <softwires@ietfa.amsl.com>; Thu, 15 Mar 2012 08:30:46 -0700 (PDT)
Received: from smtpout.laposte.net (smtpout4.laposte.net [193.253.67.229]) by ietfa.amsl.com (Postfix) with ESMTP id 8C29C21F869E for <softwires@ietf.org>; Thu, 15 Mar 2012 08:30:44 -0700 (PDT)
Received: from [192.168.0.21] ([88.166.221.144]) by mwinf8508-out with ME id lrWh1i01F37Y3f403rWiV7; Thu, 15 Mar 2012 16:30:42 +0100
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: multipart/alternative; boundary="Apple-Mail-130--816559922"
From: Rémi Després <despres.remi@laposte.net>
In-Reply-To: <CAFUBMqV_0Bh1_uOitu+MQXSbuLm=NydQFg9j-J6S+SyXcG_6ww@mail.gmail.com>
Date: Thu, 15 Mar 2012 16:30:41 +0100
Message-Id: <429F424B-8C6F-4DED-B0F6-95D492A7B9F3@laposte.net>
References: <B509CB1C-4A0A-408B-9B4A-C0F847169431@juniper.net> <2AB8570A-644F-4792-8C56-44AD80A79234@laposte.net> <D6428903-FBA0-419C-A37F-A00874F28118@laposte.net> <CAM+vMERsVz7cuC1C52gw12wySaEgw8=44JjS8AUygj0vJ899Cg@mail.gmail.com> <DDD20574-4ECD-4285-BB15-548628FB0425@laposte.net> <CAM+vMETahum9rB+fr=OHAmVobDZSzRRy9mUwkjryhqRvaJWe-Q@mail.gmail.com> <35065EB3-D4D6-451B-ACED-67BB94C77F18@laposte.net> <CAAuHL_D68nkd36ifLzEeVR67Q124VH-pMhM1pkEE_PcLbGxBrw@mail.gmail.com> <14D90642-0478-4AB9-91AA-A3E0310197F2@laposte.net> <CAFUBMqX9dj8MSeZdJTic5iOT=Jjg4oihWs30FWVAca08v_3=7g@mail.gmail.com> <D476AFD2-3B6B-48A0-971D-C65CC2CFA46B@laposte.net> <CAFUBMqU1wtP5prSaLG8hDSuv-EGWP5Diqoj6WEMHb_q8hNVDdQ@mail.gmail.com> <4BA560D3-5D48-4911-BDCB-D9CB490FBBA1@laposte.net> <CAFUBMqVzbtZ7JxunHv7m1zgWjRa2sh7zZS+91aURAy8-xTZW8g@mail.gmail.com> <CAFUBMqXPAA7RjCzgvbuq0WqbKijXwuFebnmrL-zDx_XoZh=Xkg@mail.gmail.com> <FED38071-241D-480C-9A8A-CFA7A55A4F3B@laposte.net> <CAFUBMqWv2V2PnZg5iTSuT6Jdbtredzj-4G PuS4VHqpDG+aP4dA@mail.gmail.com> <A4A7C9E3-DBA9-4AA5-A60B-E3D3A187BD7F@laposte.net> <CAFUBMqVT=E=GqBG_-q458GCpYKLk66vuvE-cx81=eTdgyUbj7A@mail.gmail.com> <D1EF9447-336A-48B4-91F4-D514654AC93D@laposte.net> <CAFUBMqWTRb_pjV_VFEDpNof7H+AnOvRM_acQXZ4XRPzAG-865A@mail.gmail.com> <7DED1A34-7237-4F05-B0A4-75C04A09B8E1@laposte.net> <CAFUBMqUVme5Vmm0QuJT4rcZeWo-CZyZoGBkq6RLjO=DRYLKYSg@mail.gmail.com> <AD2E97A4-98FF-4F00-BC28-44AB430870FB@laposte.net> <CAFUBMqXi02DcrTkJ3zjt4fv8EvVJPfAv=CTkM7gesi95jNQSQQ@mail.gmail.com> <8A2DF2DD-C961-4A90-AD62-9C2F647E1A9F@laposte.net> <CAFUBMqXuvBt6DD8JpWt_5+JP33ETqTrz3KbSRm1Kp9ZQBjqs+w@mail.gmail.com> <F2C46FAE-30EF-4707-8680-F4CED8A3A7F9@free.fr> <CAFUBMqU_ggCiE1Jr=HEAY1a1sunNXQZu1Oi98Jaa7jfd_0puLg@mail.gmail.com> <11773427-F939-4F5D-8011-C24E4B7FF58C@laposte.net> <CAFUBMqU+Bv1L6b7BLOwYwACbma4nDhpq_5BziC_Y0qxvCGkJ_A@mail.gmail.com> <5B73A592-AEFC-4010-8960-FCF6012DDAA6@laposte.net> <A06E3FC4-5D3B-4027-9D38-B4E3397E9F99@laposte.net> <5A41CA6D-581B-453 A-8409-B499BD3582F7@laposte.net> <CAFUBMqXaja4XoGMCAcQbGOqKxkhbGEGWD9pgp26Btvub2RJWGA@mail.gmail.com> <533DDBBF-FE50-4BF9-8554-58C1340CCDC6@laposte.net> <CAFUBMqV_0Bh1_uOitu+MQXSbuLm=NydQFg9j-J6S+SyXcG_6ww@mail.gmail.com>
To: Maoke <fibrib@gmail.com>
X-Mailer: Apple Mail (2.1084)
Cc: Softwires WG <softwires@ietf.org>
Subject: Re: [Softwires] 4rd-u tunnels and stateful NAT64s
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/softwires>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Mar 2012 15:30:48 -0000

Le 2012-03-15 à 14:47, Maoke a écrit :

> 
> 
> 2012/3/15 Rémi Després <despres.remi@laposte.net>
> 
> Le 2012-03-15 à 11:45, Maoke a écrit :
> 
>> i understand NAT64 makes translation between arbitrary IPv6 address to arbitrary IPv4 address. i don't understand how you make CNP in any IPv6 address.
> 
> 
>> in other words, we cannot limit NAT64 stateful service only serve those IPv6 addresses with CNP.
> 
> That's no the case at all(!). 
> A NAT64+ is a *backward compatible* extension of NAT64 (everything that worked before still works completely unchanged).
> 
> The draft says:
> "NAT64+:  An ISP NAT64 of [RFC6146] that is upgraded to support 4rd tunneling when IPv6 addresses it deals with have the 4rd-IPv6-address format."
>  
>  
> this phrase is not understood yet. do you mean using 4rd-IPv6-address format for stateful translation service?

Yes (but, &s said, only for CE nodes that are 4rd capable (with the advantage of better IPv4 transparency between CEs and NAT64+ than between RFC6145 and NAT64).

> please draw an example of A <---> B communication as i did for clarification.

Here is an example scenario:

v4appli-BIH ----. => A>B NOK (because, according to RFC6535, BIH uses RFC6145) 
     A1         |     
                :----(v6net)----- NAT64+ ---(IPv4 Internet)--- Server
                |                UDP-lite                      UDP-lite
v4Appli-4rdCE --'                 capable                         B
     A2          => A-B OK



> Because 4rd IPv6 addresses of CEs are distinguishable from all other IPv6 addresses (due to the V octet), NAT64s are concerned with CNPs ONLY for addresses that actually are 4rd CE addresses.
>  
>  
> we need to make sure if the NAT64s make both src and dst addresses checksum-neutral.

Correct, iff the host address has the V octet.

> i cannot imagine what the use case is. please specify!

Hope the picture above helps.

RD



>  
> - maoke
>  
>  
> 
> RD 
> 
> 
>> - maoke 
>> 
>> 2012/3/15 Rémi Després <despres.remi@laposte.net>
>> 
>> Le 2012-03-15 à 10:59, Rémi Després a écrit :
>> 
>> > Maoke,
>> >
>> > Thanks for this question.
>> > This subject being new, I take it on a new thread.
>> >
>> > 2012-03-15 10:38, Maoke:
>> > ...
>> >> i didn't understand the how the stateful NAT64 benefits from CNP.
>> >
>> > The point is that if a NAT64 is upgraded to support 4rd-u tunnels (thus becoming a NAT64+) it can take IPv6 payloads as valid IPv4 payloads.
>> > Any protocol that this NAT64 supports is then supported e2e for 4rd-u CEs
>> > These CEs need not being dependent on which NAT64 supports which protocols.
>> >
>> > Note that the NAT64 doesn't need to have CNP code. It just happens that host IPv6 addresses it sees are checksum neutral. (Thus, IPv6 and IPv4 payloads are the same for all protocols that have ports at the same place as TCP/UDP/..., and the same checksum algorithm)
>> 
>> Oops.
>> This is only true for the IPv6 host address. To construct an IPv6 address when transmitting to  a 4rd-u CE, the NAT64 should compute a CNP. (This is to maintain the property that that middleboxes can treat tunnel packets as valid IPv6 packets. Not a big deal, but necessary).
>> Sorry for having hastily added this sentence.
>> 
>> RD
>> 
>> >
>> > RD
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > Softwires mailing list
>> > Softwires@ietf.org
>> > https://www.ietf.org/mailman/listinfo/softwires
>> 
>> 
> 
>

v2.23.0 | Report a Bug | By Email