Re: [sunset4] [v6ops] The need for local-ipv4 socket transition solutions -- NAT64/DNS64 remains insufficient
"George, Wes" <wesley.george@twcable.com> Fri, 03 April 2015 14:08 UTC
Return-Path: <wesley.george@twcable.com>
X-Original-To: sunset4@ietfa.amsl.com
Delivered-To: sunset4@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 353C81AC3A0; Fri, 3 Apr 2015 07:08:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.365
X-Spam-Level: ****
X-Spam-Status: No, score=4.365 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FH_RELAY_NODNS=1.451, HELO_EQ_MODEMCABLE=0.768, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y2GbW4MSEbps; Fri, 3 Apr 2015 07:08:41 -0700 (PDT)
Received: from cdcipgw01.twcable.com (unknown [165.237.91.110]) by ietfa.amsl.com (Postfix) with ESMTP id CBE1C1AC39C; Fri, 3 Apr 2015 07:08:40 -0700 (PDT)
X-SENDER-IP: 10.136.163.13
X-SENDER-REPUTATION: None
X-IronPort-AV: E=Sophos;i="5.11,517,1422939600"; d="scan'208,217";a="279673582"
Received: from unknown (HELO PRVPEXHUB04.corp.twcable.com) ([10.136.163.13]) by cdcipgw01.twcable.com with ESMTP/TLS/RC4-MD5; 03 Apr 2015 10:01:02 -0400
Received: from PRVPEXVS10.corp.twcable.com ([10.136.163.40]) by PRVPEXHUB04.corp.twcable.com ([10.136.163.13]) with mapi; Fri, 3 Apr 2015 10:08:39 -0400
From: "George, Wes" <wesley.george@twcable.com>
To: Ca By <cb.list6@gmail.com>, IPv6 Ops WG <v6ops@ietf.org>
Date: Fri, 03 Apr 2015 10:08:38 -0400
Thread-Topic: [v6ops] The need for local-ipv4 socket transition solutions -- NAT64/DNS64 remains insufficient
Thread-Index: AdBuF644V3CcDbzaRjSAYhfCS60Dlg==
Message-ID: <D14414A1.4C161%wesley.george@twcable.com>
References: <CAD6AjGT-hG-uvRQvRosrZtfrf0Nb8ne9jy=tD9oh=5zNM42Xsg@mail.gmail.com>
In-Reply-To: <CAD6AjGT-hG-uvRQvRosrZtfrf0Nb8ne9jy=tD9oh=5zNM42Xsg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.8.150116
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_D14414A14C161wesleygeorgetwcablecom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/sunset4/uIOYWA_F5jc41Di6aNukv6m3pnI>
Cc: "sunset4@ietf.org" <sunset4@ietf.org>
Subject: Re: [sunset4] [v6ops] The need for local-ipv4 socket transition solutions -- NAT64/DNS64 remains insufficient
X-BeenThere: sunset4@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: sunset4 working group discussion list <sunset4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sunset4>, <mailto:sunset4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sunset4/>
List-Post: <mailto:sunset4@ietf.org>
List-Help: <mailto:sunset4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sunset4>, <mailto:sunset4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 14:08:44 -0000
Again +Sunset4. Cameron, perhaps you want to suggest text (or modify what you've written below) to bolster section 7 of https://tools.ietf.org/html/draft-ietf-sunset4-gapanalysis-06 including the addition of a recommendation around IPv6-only + IPv4 host socket support? I think that'd be a useful addition to the document, but am also open to a discussion in sunset4 about a standalone BCP document covering this specific issue that is simply referenced from the gap analysis. Thanks, Wes George, wearing his Sunset4 WG chair cowboy hat From: Ca By <cb.list6@gmail.com<mailto:cb.list6@gmail.com>> Date: Thursday, March 19, 2015 at 5:27 PM To: IPv6 Ops WG <v6ops@ietf.org<mailto:v6ops@ietf.org>> Subject: [v6ops] The need for local-ipv4 socket transition solutions -- NAT64/DNS64 remains insufficient Hi Folks, The point of this message is to discuss the use of IPv4 literals and how this use requires transition solutions such as MAP, DS-Lite, and 464XLAT -- all of which provide local IPv4 socket support to the host. If the primary operating environment of the host is the "internet", and the "web" is a highly valuable part of the that operating environment, then local IPv4 socket support is still required. Specifically, this note builds the case that NAT64/DNS64 alone is still (at this time) not a sufficient solution for consumer Internet access by creating an IPv6-only network as described in https://tools.ietf.org/html/rfc6144#section-2.1 Empirically, it is commonly know that IPv4 addresses are used on the Internet, despite the guidance in RFC1958 (https://tools.ietf.org/html/rfc1958#section-4). One common example is enterprise VPN services. Quantitatively, it is easy to generate information about how frequently IPv4 address literals are used on the web. Several years ago, draft-wing-behave-http-ip-address-literals-02 shared a simple method to gathering the data and reported that 2.38% of the top 1 million web pages have IPv4 literals in their homepage. I re-ran a similar test this week that yielded 1.39% of the top 1 million web pages having IPv4 literals. My test, like Dan's, only looks at the HTML on the home page and thus under-counts literals in deeper links or loaded via CSS, XML, or Javascript. Through other manual testing i have seen catastrophic failure in Amazon's video streaming service with them passing literals in XML. Facebook passes IPv4 literals in Javascript, but is not impacting the page load. I posted IPv4 literals found in the HTML homepage of these 2,220 of the top 100,000 Alexa domains here https://sites.google.com/site/tmoipv6/ipv4literals My conclusion is that it is not feasible for a network operator to deploy a purely IPv6-only socket solution. As has been previously explored, about 20% of the apps in the Google and Apple "app store" cannot function on IPv6-only + NAT64/DNS64. Even if these "app stores" were policed to force all applications to be Address Family agnostic, it is not possible to police the world wide web or enterprise VPN or SIP Phones. Any network operator that attempt to do this would have to accept at least 1.39% failure to the total web and perhaps accept failure to some major services (like Amazon streaming). I believe we are beyond the point of blaming the world for using IPv4 literals / referrals. We just need to be realistic that internet service requires IPv4 sockets, and thus RFC6144 #2.1 is not today a consumer grade service. A wild guess is that it this situation will not meaningfully improve (risk reduced to ~0) for 10+ years. Thoughts? CB ________________________________ This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.