[Softwires] DS-Lite vs. 4rd

Edward Lopez <elopez@fortinet.com> Wed, 21 October 2015 12:29 UTC

Return-Path: <elopez@fortinet.com>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 455D61A1F04 for <softwires@ietfa.amsl.com>; Wed, 21 Oct 2015 05:29:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.312
X-Spam-Level:
X-Spam-Status: No, score=-4.312 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q8TCqv3YUIT1 for <softwires@ietfa.amsl.com>; Wed, 21 Oct 2015 05:29:28 -0700 (PDT)
Received: from smtp.fortinet.com (smtp.fortinet.com [208.91.113.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13AB81A212D for <softwires@ietf.org>; Wed, 21 Oct 2015 05:29:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=fortinet.com; s=20131225; c=relaxed/relaxed; h=from:to:subject:thread-topic:thread-index:date:message-id:accept-language:content-language:x-ms-has-attach:x-ms-tnef-correlator:x-originating-ip:content-type:content-id:content-transfer-encoding:mime-version:x-feas-system-wl; bh=50F+i2hQ47aZgzcNYl6MJHavKkTyh947XNDqhyOc8/k=; b=awkPqI5SN8aQgT17s+244RS6vOZcgf+mL6cpDt6DVzh7/LscQlC01uBn2HDypUh2mEYJiPpjCPxnnp9E8QbU2P+ctCN4YOXqg5EXaGPIYhqngAnKuKx+EMGMFcNSWqO6Y9qfm4mn/BNB606/i2yAiEdgWb8JIKuxt3BhavOKvBqc4c22/CTdeXYyFl48ycPI6fbR5B41ZBaN0JM03cSBtytwHt1J4t1twNWuMEGWeHSOVAhtfucpxvZz+kE7b71AxMA6Bo57TosFZiWICVQk8mDdLIBVol14ZC+Vv7ghtdL64Ntf9uzJCET2D+PMlK7riz/oMMUtPkfzkgck1AYMWA==
Received: from mail.fortinet.com ([192.168.221.214]) by smtp.fortinet.com with ESMTP id t9LCTQZ7018584-t9LCTQZ9018584 (version=TLSv1.0 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=FAIL) for <softwires@ietf.org>; Wed, 21 Oct 2015 05:29:26 -0700
Received: from FGT-EXCH-MBX231.fortinet-us.com ([fe80::19c4:ecbe:45fd:f552]) by FGT-EXCH-CAS214.fortinet-us.com ([192.168.221.214]) with mapi id 14.03.0224.002; Wed, 21 Oct 2015 05:29:26 -0700
From: Edward Lopez <elopez@fortinet.com>
To: "softwires@ietf.org" <softwires@ietf.org>
Thread-Topic: DS-Lite vs. 4rd
Thread-Index: AQHRC/wf3wccd7lEXEyzxdxbtMt96g==
Date: Wed, 21 Oct 2015 12:29:26 +0000
Message-ID: <93713E75-257C-4967-B76D-75D1E29774B7@fortinet.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [75.104.69.141]
Content-Type: text/plain; charset="utf-8"
Content-ID: <5D9DF92BDCAD0142BE9C8F645E48910D@fortinet-us.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-FEAS-SYSTEM-WL: 192.168.221.214
Archived-At: <http://mailarchive.ietf.org/arch/msg/softwires/uRz_2TVMgCD7qm2k5I9AavSDc1w>
Subject: [Softwires] DS-Lite vs. 4rd
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/softwires/>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2015 12:29:29 -0000

I apologize if this has been thrashed out in the past.  In looking as implementing DS-Lite support, it appears that the need to include an additional tuple of information on the IPv6 B4 address of the CPE is cumbersome to NAT performance and tunnel capacitance, as many HW accelerated NAT engines exist without this extra tuple.  It would appear that by splitting the AFTR into two functions, 4in6 encapsulation & NAT(CGN), we can overcome scaling and performance issues of DS-Lite.

However, the issue of overlapping endpoint subnets supported internally by the CPE leads to the issue potentially supporting NAT44 on the CPE, to support stateless encapsulation of returning IPv4 packets into IPv6 by the AFTR.  Section 4.2 of RFC-6333 states that CPE devices ‘should not’ perform NAT44, but that’s not the same as a ‘must not’

But as you craft this solution out, you begin to realize that you are re-creating the majority of 4rd, RFC-7600.  However, 4rd is currently an experimental standard.

My questions:

-	Has anyone implemented or considered implementing DS-Lite with CPEs performing NAT44?
-	Are their plans for this WG to move 4rd into standards track?
-	Are their any known implementations of 4rd out there for CPE devices (like OpenWRT)?

Thanks!
Ed Lopez
***  Please note that this message and any attachments may contain confidential 
and proprietary material and information and are intended only for the use of 
the intended recipient(s). If you are not the intended recipient, you are hereby 
notified that any review, use, disclosure, dissemination, distribution or copying 
of this message and any attachments is strictly prohibited. If you have received 
this email in error, please immediately notify the sender and destroy this e-mail 
and any attachments and all copies, whether electronic or printed.
Please also note that any views, opinions, conclusions or commitments expressed 
in this message are those of the individual sender and do not necessarily reflect 
the views of Fortinet, Inc., its affiliates, and emails are not binding on 
Fortinet and only a writing manually signed by Fortinet's General Counsel can be 
a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. **