IETF Logo Mail Archive

Re: [Softwires] IPv4 Residual Deployment - Unified-standard proposal 4rd

Maoke <fibrib@gmail.com> Tue, 13 March 2012 11:02 UTC

Return-Path: <fibrib@gmail.com>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C23E021F87FB for <softwires@ietfa.amsl.com>; Tue, 13 Mar 2012 04:02:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.188
X-Spam-Level:
X-Spam-Status: No, score=-3.188 tagged_above=-999 required=5 tests=[AWL=0.110, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id giOk+rwAWvft for <softwires@ietfa.amsl.com>; Tue, 13 Mar 2012 04:02:37 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 06BDE21F87EE for <softwires@ietf.org>; Tue, 13 Mar 2012 04:02:36 -0700 (PDT)
Received: by ghbg16 with SMTP id g16so453062ghb.31 for <softwires@ietf.org>; Tue, 13 Mar 2012 04:02:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=qjy6/gP+mHMnZ3tR9uoH2Jocpv5EZpQ7ooK+lRNbm5s=; b=XxatMq7TxR4JIlotSaGgDKOLlZ75mVkMqOjhN6EJTVlFTDGsKuHr/18HnOMAV2EVSf JEOwnxLMpfrpvlN4uVjNzTNsbmgdp67YTQwLDH/qGmTXAmImy/gbXP6Vy8Vswx9bvpYM 582UfcyVN8Y+7h1ix+mwnUnTDGkRQihGJdS6s0pjHULMR7HEO6J8+th6gUTsfTh3/gw/ LTR6pJ3Zp072jnQvLFHYZAxUqRAK+Ncgdn9Lg2KBw0f5CjBeQY2+C5uMxbBR5VFMwxZC VwLd94eByR0GEC/b3XXPJoao6sIFzibEK4qeWM8KNRfn22me+W7qa80trBrMUioX89XY iFPQ==
MIME-Version: 1.0
Received: by 10.224.101.130 with SMTP id c2mr9932289qao.47.1331636556584; Tue, 13 Mar 2012 04:02:36 -0700 (PDT)
Received: by 10.229.98.21 with HTTP; Tue, 13 Mar 2012 04:02:36 -0700 (PDT)
In-Reply-To: <A4A7C9E3-DBA9-4AA5-A60B-E3D3A187BD7F@laposte.net>
References: <B509CB1C-4A0A-408B-9B4A-C0F847169431@juniper.net> <2AB8570A-644F-4792-8C56-44AD80A79234@laposte.net> <D6428903-FBA0-419C-A37F-A00874F28118@laposte.net> <CAM+vMERsVz7cuC1C52gw12wySaEgw8=44JjS8AUygj0vJ899Cg@mail.gmail.com> <DDD20574-4ECD-4285-BB15-548628FB0425@laposte.net> <CAM+vMETahum9rB+fr=OHAmVobDZSzRRy9mUwkjryhqRvaJWe-Q@mail.gmail.com> <35065EB3-D4D6-451B-ACED-67BB94C77F18@laposte.net> <CAAuHL_D68nkd36ifLzEeVR67Q124VH-pMhM1pkEE_PcLbGxBrw@mail.gmail.com> <14D90642-0478-4AB9-91AA-A3E0310197F2@laposte.net> <CAFUBMqX9dj8MSeZdJTic5iOT=Jjg4oihWs30FWVAca08v_3=7g@mail.gmail.com> <D476AFD2-3B6B-48A0-971D-C65CC2CFA46B@laposte.net> <CAFUBMqU1wtP5prSaLG8hDSuv-EGWP5Diqoj6WEMHb_q8hNVDdQ@mail.gmail.com> <4BA560D3-5D48-4911-BDCB-D9CB490FBBA1@laposte.net> <CAFUBMqVzbtZ7JxunHv7m1zgWjRa2sh7zZS+91aURAy8-xTZW8g@mail.gmail.com> <CAFUBMqXPAA7RjCzgvbuq0WqbKijXwuFebnmrL-zDx_XoZh=Xkg@mail.gmail.com> <FED38071-241D-480C-9A8A-CFA7A55A4F3B@laposte.net> <CAFUBMqUqoEnNouOJzc2Z3iziQsCvqXDNjA9NtN94kGQnsay0LA@mail.gmail.com> <1A6C1DA5-A352-4BF7-8553-453327902619@laposte.net> <CAFUBMqWv2V2PnZg5iTSuT6Jdbtredzj-4GPuS4VHqpDG+aP4dA@mail.gmail.com> <A4A7C9E3-DBA9-4AA5-A60B-E3D3A187BD7F@laposte.net>
Date: Tue, 13 Mar 2012 11:02:36 +0000
Message-ID: <CAFUBMqVT=E=GqBG_-q458GCpYKLk66vuvE-cx81=eTdgyUbj7A@mail.gmail.com>
From: Maoke <fibrib@gmail.com>
To: Rémi Després <despres.remi@laposte.net>
Content-Type: multipart/alternative; boundary="20cf3074b794ecd61e04bb1dcb98"
Cc: Softwires WG <softwires@ietf.org>, Yong Cui <cuiyong@tsinghua.edu.cn>
Subject: Re: [Softwires] IPv4 Residual Deployment - Unified-standard proposal 4rd
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/softwires>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2012 11:02:38 -0000

2012/3/13 Rémi Després <despres.remi@laposte.net>

>
> Le 2012-03-13 à 03:18, Maoke a écrit :
>
> 2012/3/12 Rémi Després <despres.remi@laposte.net>
>
>> Le 2012-03-12 à 10:21, Maoke a écrit :
>>
>> hi Remi,
>>
>> 2012/3/12 Rémi Després <despres.remi@laposte.net>
>>
>>>
>>> 2012-03-12 04:09, Maoke:
>>> ...
>>> > btw, BR also depends upon NAT44 to deal with the unknown protocol,
>>> right? if so, may i say your statement "BR will support them without
>>> needing an update" is a proposition actually not existing? because NAT44
>>> won't support them without any update. right?
>>>
>>> Not right. Only CEs that need to support a new protocol are concerned:
>>> - If a shared address server supports a new protocol, it can be reached
>>> via an unchanged BR.
>>> - If a client using a new protocol tries to reach a shared-address CE
>>> that doesn't support this protocol, the client will be returned an error
>>> message by the destination NAT44.
>>>
>>
>> thanks a lot for the clarification! take an example:
>>
>>  A --- NAT44/CE ---(IPv6 backbone of 4rd domain)--- BR ---(IPv4
>> Internet)--- B
>>
>> now A and B are supposed to use a new protocol other than known
>> TCP/UDP/etc. my understanding:
>> B --> A
>> 1. BR just passes the new protocol without any concern.
>> 2. CE's NAT44 module would say "this is not supported and a 'destination
>> unreachable with port unknown' ICMP message is returned to B.
>>
>>
>> As now documented in 4rd-u-05 in the NOTE of 4.4 (3), the error message
>> should be, more precisely, "protocol unreachable".
>>
>
> thanks for the precise description.
>
>
>> Everything OK.
>>
>>
>>
>>  A --> B
>> 1. CE's NAT44 module directly say "destination unreachable with port
>> unknown" ICMP message to A.
>>
>>
>> Presumably also "protocol unreachable", but this remains a NAT44 matter.
>> 4rd isn't involved.
>>
>> is the above what you mean? when NAT44 module DOESN'T support the new
>> protocol, things are working while we have no the problem about the
>> "change" at all for the time being.
>>
>> then let's consider the case where the NAT44 module has been updated to
>> support the new protocol. i understand BR passing all protocols can be
>> survived if and only if the new protocol follows the TCP-layout for the
>> destination port and the TCP-checksum, right?
>>
>>
>> The 4rd mechanism is for protocols that have ports at their usual place
>> (all existing protocols that have ports have them at the same place, even
>> if using another checksum algorithm like SCTP).
>>
> may you have a check on the statement of "all existing protocols" again? i
noticed RFC908/RFC1151. sorry if that are not a transport protocol over IP.

- maoke

>
>>
>> then you made a limitation (#1) to the NAT44 module of the CE: even if
>> the NAT44 has supported a new protocol not following TCP layout/checksum,
>> this support MUST be disabled in the 4rd-U environment; otherwise, BR may
>> behave wrong when making the mapped IPv6 addresses while the NAT44 would
>> still try to translate with the new protocol rather than dropping an error
>> message because it has known it. right?
>>
>>
>> To me this looks like a far fetched theoretical problem, with no
>> consequence in practice.
>>
>
> I said far fetched because:
> - For shared-address CEs, only protocols that use ports at their usual
> place and the TCP checksum algorithm are in scope (H6 of comparison
> tables). With them, there is never anything to "disable".
> - For non-shared address CEs, MAP-T needs updates for all newly supported
> protocols (including an existing one such as UDP Lite). Like MAP-E, 4rd
> works for all layer-4 protocols, never needing any update.
>
> to me, new protocols following TCP-layout and checksum are a far fetched
> theoretical problem too, with no consequen in today's practice. i mean, it
> is unfair when you state the 4rd-U pros you emphasize that BR needs no
> change with some new protocols, but when we say some other new protocols
> you say that's far fetched theoretical problem!
>
>
>> OTOH, the fact that RFC6145 doesn't tell you whether you MUST translate
>> DCCP or not is a real problem, and so is the fact that it doesn't support
>> UDP Lite, another already existing protocol.
>>
>
> i understand RFC6145 said OPTIONAL supporting DCCP just because it was
> considered less critical at that point of writing (may the authors give an
> explanation?). UDP-Lite was not mentioned in RFC6145 then, i think, with
> the same reason. implementation and operation can follow the RFC6145 logic
> to deal with any L4 protocols.
>
>
> Non-documented reasons were what they were, but consequences should not
> depend on them.
>
>
> on the other hand, it is easy to update RFC6145 or just making a
> suggestion anywhere, like a FYI on double-translation behavior of RFC6145,
> with clarifying DCCP *optional* support should be consistent throughout the
> domain and clarifying other unmentioned L4 protocol processing should
> follow the protocol's checksum logic that is specified.
>
> i don't see it is necessary to enforcing the address-level checksum
> neutrality rather than such a simple update or implementation/deployment
> guidance.
>
>
> Different view on practical consequences of the TBD "update
> or implementation/deployment guidance" you propose.
> Accepting an NIH feature that solves the problem without this TBD would
> IMHO be a step forward.
>
>
> it is surely fine technically that we enforce that. no problem. but if it
> is so necessary? here i have a point regarding the
> implementation/deployment: if the address mapping and header processing are
> decoupled, the things would be happier than a solution making them tightly
> coupled. MAP is made in such a fashion, where header processing could
> follow either encapsulation standard or translation standard. RFC6145 is
> made in such a way, where addresses could follow stateless mapping in
> RFC6052 or processed with state as in RFC6146, and now it is also fine with
> MAP. such a decoupling property makes implementation modularized and the
> operators may have better flexibility of choice.
>
>
>
> in the term of decoupling, surely we have two choices:
> 1) making address format checksum-neutral, suitable for either with L4
> recalculation or without.
> 2) making L4 recalculation, suitable for either addresses are
> checksum-neutral or aren't.
>
> RFC6052 explains why the authors gave up the CNP in the address and choose
> 2). i also have an understanding that 2) is a solution in implementation,
> once distributed, not easy to modify; while 1) is a solution in deployment,
> easy to change at any time. for example, if our equipment is made with
> RFC6145, the same equipment can be used in either RFC6052, or MAP, or 4rd-U
> address-mapping environment, but if our equipment is made with 4rd-U, we
> must only use it in 4rd-U environment. once we find we need to try
> something others, we have to buy new equipment, which means cost.
>
>
> In RFC6052, checksum neutrality was abandoned "because it would not help with stateful translation and because checksum neutrality can also be achieved by an appropriate choice of the Network-Specific Prefix, i.e., selecting a prefix whose one's complement checksum equals either 0 or 0xffff."
> - Stateful translation is off scope
> - MAP-T cannot select for each CE "a prefix whose one's complement checksum equals either 0 or 0xffff".
>
>
> further (#2), what if the packets don't pass through the NAT44 module at
>> all (in the case of non-shared IPv4 addresses)?
>>
>>
>> In case of non shared addresses, neither BRs nor CEs look at any port
>> field (there in no PSID to be found).
>>
>
> thanks. then (#2) is not a limitation. my mis.
>
> then the behavior of a new protocol (of the far fetched theoretical case,
> where non-tcp-layout/checksum is applied) would be very tricky:
> #2.1 address shared while NAT doesn't support the new protocol => dropped
> at NAT44,
>
>
> possibly not the correct NAT44 though;
>
>
> ???
>
> #2.2 address shared while NAT does support the new protocol => not dropped
> but it is possible to be incorrectly delivered because BR may take wrong
> value for the port;
>
>
> As stated many times, 4rd only deals, for shared-address CEs, with
> protocols, existing or future, that have ports their usual place and the
> TCP checksum algorithm.
> With these, no problem.
>
> Since this seems to be misunderstood, H6 of the comparison tables ca
> clarify, in a next version, that future protocols that are considered are
> supposed to have ports at their usual place (that of all existing
> port-based protocols, be they or not with the TCP checksum algorithm).
>
> #2.3 address not shared => passes to the end systems.
>
> correct understanding?
>
>
> See just above.
>
> Cheers,
> RD
>
>
>
>
>
>
>>
>> please clarify if the limitation of (#1) and (#2) are true or false.
>>
>>
>> Answered above.
>>
>>
>> i believe with requiring L4 modification, either MAP or RFC6145 has no
>> such two limitations: enforcing the checksum update at L4, their framework
>> is safe for either TCP-layout/checksum or alien-layout/checksum, either
>> shared or exclusive IPv4 addresses.
>>
>>
>> This remains AFAIK a belief that ignores DCCP and UDP Lite limitations of
>> RFC6145.
>>
>>
> see above.
>
> cheers,
> maoke
>
>
>>
>> i worry the CNP is making a situation of "cutting feet to fit the shoes".
>>
>>
>> Hopefully, you will see that no such worry is justified.
>>
>>
>> Cheers,
>> RD
>>
>>
>>
>>
>>
>> - maoke
>>
>>
>>>
>>> RD
>>>
>>>
>>>
>>
>>
>
>

v2.23.0 | Report a Bug | By Email