[v4v6interim] "IPv4->IPv6 is hard"
Fred Baker <fred@cisco.com> Wed, 01 October 2008 16:13 UTC
Return-Path: <v4v6interim-bounces@ietf.org>
X-Original-To: v4v6interim-archive@ietf.org
Delivered-To: ietfarch-v4v6interim-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BADFC3A6A4E; Wed, 1 Oct 2008 09:13:00 -0700 (PDT)
X-Original-To: v4v6interim@core3.amsl.com
Delivered-To: v4v6interim@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8682C3A6837 for <v4v6interim@core3.amsl.com>; Wed, 1 Oct 2008 09:12:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.179
X-Spam-Level:
X-Spam-Status: No, score=-106.179 tagged_above=-999 required=5 tests=[AWL=-0.180, BAYES_00=-2.599, J_CHICKENPOX_74=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ChfrmPxaPW4D for <v4v6interim@core3.amsl.com>; Wed, 1 Oct 2008 09:12:58 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 4E85C3A67A7 for <v4v6interim@ietf.org>; Wed, 1 Oct 2008 09:12:58 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.33,344,1220227200"; d="scan'208";a="166698581"
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-6.cisco.com with ESMTP; 01 Oct 2008 16:13:05 +0000
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m91GD5e9008055 for <v4v6interim@ietf.org>; Wed, 1 Oct 2008 09:13:05 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id m91GD5CC028612 for <v4v6interim@ietf.org>; Wed, 1 Oct 2008 16:13:05 GMT
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 1 Oct 2008 09:13:05 -0700
Received: from [192.168.3.103] ([10.21.89.125]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 1 Oct 2008 09:13:04 -0700
Message-Id: <B4A9FAB9-F39D-42AA-BE3B-AF6A3C48CC93@cisco.com>
From: Fred Baker <fred@cisco.com>
To: v4v6interim@ietf.org
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Wed, 01 Oct 2008 12:13:03 -0400
X-Mailer: Apple Mail (2.929.2)
X-OriginalArrivalTime: 01 Oct 2008 16:13:05.0116 (UTC) FILETIME=[95E3F1C0:01C923E0]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=5236; t=1222877585; x=1223741585; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=fred@cisco.com; z=From:=20Fred=20Baker=20<fred@cisco.com> |Subject:=20=22IPv4->IPv6=20is=20hard=22 |Sender:=20; bh=myVKPAtWZGXX/UBg/fHfmVPedkV6auP+aQWFynPkRvk=; b=Zm6tZaPnKRsfxSRSjxwp/s6Qmq6HxbSA23veJQXJa7xRi1FQIB1wWAJJem yys7f2AlqTBTew+lPJDbB+A7qYjUz9RY2QtVOcmPPcXRWY1we1VSFjnKgEAp 8hip0zq5ch;
Authentication-Results: sj-dkim-2; header.From=fred@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Subject: [v4v6interim] "IPv4->IPv6 is hard"
X-BeenThere: v4v6interim@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of coexistence topics for the 01-Oct-2008 v4-v6 coexistence interim meeting <v4v6interim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/v4v6interim>, <mailto:v4v6interim-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/v4v6interim>
List-Post: <mailto:v4v6interim@ietf.org>
List-Help: <mailto:v4v6interim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v4v6interim>, <mailto:v4v6interim-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: v4v6interim-bounces@ietf.org
Errors-To: v4v6interim-bounces@ietf.org
I'm fairly disturbed by Mark's dismissal of IPv4->IPv6 translation as "hard". I'll take this note to say why. I am obviously a proponent of a particular class of solution, IVI, which is specifically targeted at solving this problem, so let me declare bias up front. But I do not consider the issue hard if correctly analyzed and approached. In this analysis, I am going to leave out the dual stack case, which I frankly consider the strongly preferable deployment model. Wherever it is used, matters get simplified. I am expressly looking at the more difficult IPv4-only/IPv6-only case. Mark's dismissal - I call it that because he spent an hour talking about CGN solutions and then spent less than a minute charging through two slides that discussed actually deploying IPv6 and declaring them both "hard" and therefore not worthy of consideration - is based on the observation that mapping 2^128 addresses into 2^32 bits is hard. I will agree with him that making it possible for every IPv6 address to be mapped into IPv4 in a scalable manner has issues. The question that I will ask is: is that the real requirement? I don't think it is. While the addressing issue resolves to hosts, the connectivity problem is about applications. I think that today's applications can largely be broken down into two broad categories, and speakers in those applications into three. These are: the clients of client/server applications, the servers in client/server applications, and the peer in peer-to-peer applications. In an IPv4-only/IPv6-only gateway, we have actually only our session initiation problems to solve: IPv6 client->IPv4 server IPv4 client->IPv6 server IPv6 peer -> IPv4 peer IPv4 peer -> IPv6 peer Once a session is initiated, we can obviously continue the conversation. IPv6 client->IPv4 server is pretty simple. The DNS ALG advertises IPv4 addresses as mapped IPv6 addresses, and the gateway keeps 1:n overlaid mappings in a manner not all that different from current IPv4/IPv4 NATs. On the IPv6 side of the gateway, we simply use the mapped address; on the IPv4 side, we use IPv4 address+port overlay as we do in IPv4/IPv4 NATs. An IPv4 client accessing an IPv6 server is equally simple given a 1:1 mapping such as NAT64 or IVI describes. One maps the headers and the addresses. IPv6 peer->IPv4 peer is simple enough; it is essentially the same problem as IPv6 client->IPv4 server, and is solved the same way. Initiating a session from an IPv4 peer to an IPv6 peer with an unmapped address is "hard"; that winds up calling for complex machinery like NAT-PT proposes. However, it is unnecessary to solve the case. p2p technologies open TCP connections between systems, leave them open long periods of time, and use them to transport data. They are in effect overlay networks. If one IPv6 peer opens a session to an IPv4 peer, connectivity is established between IPv4-only and IPv6-only p2p networks and the problem is solved. So to my mind, the requirement is that the gateway provide three services: - a DNS algorithm that maps IPv4 addresses to a subset of IPv6 addresses. - a 1:1 NAT algorithm that statelessly supports the common case of IPv4 clients accessing IPv6 servers, which will be used by a relatively small set of hosts in the IPv6-only domain. - 1 1:n NAT algorithm that statefully maps general IPv6 to IPv4 address plus port, which might be used by an arbitrarily large number of hosts in the IPv6-only domain, but unlikely to be all at the same time and diminishing as IPv6 deployment grows. None of those models is "hard" in light of our present experience with SIIT and IPv4/IPv4 NAT. Now, here is my issue with NAT64/SIIT's addressing model, which we deployed and then deprecated in RFC 4291. There are two. First, it is a lot like a default route, and limits the network administration's options in route management; to fix that, we need to have a prefix appropriate to the gateway as opposed to a flat "must be zero" style prefix. Second, th addressing architecture is essentially that of CIDR and therefore allows routing prefixes to be as long or as short as needed, but we have given clear guidance that router vendors should think about host routes or prefixes of /64 or shorter, not normally prefixes in the 65..127 length range. If we believe that - and RFC 4291 clearly does - then enabling the gateway to support routing to multiple sites within the IPv6 domain using a single IPv4 prefix advertised in the IPv4 domain (as opposed to doing host routing to IPv4-mapped addresses in the IPv6-only domain) is important for scaling. IVI moves the address around to put IPv4-mapped prefixes within the /64 length rule. So the fundamental argument for IVI is that it works well with routing, and makes interchange of both p2p and client/server applications across the IPv4/IPv6 gateway simple. IPv4 access to the IPv6 network is most definitely *not* hard if the problem is correctly parsed and addressed. No pun intended. _______________________________________________ v4v6interim mailing list v4v6interim@ietf.org https://www.ietf.org/mailman/listinfo/v4v6interim
- [v4v6interim] "IPv4->IPv6 is hard" Fred Baker
- Re: [v4v6interim] "IPv4->IPv6 is hard" Mark Townsley
- Re: [v4v6interim] "IPv4->IPv6 is hard" Fred Baker
- Re: [v4v6interim] "IPv4->IPv6 is hard" Iljitsch van Beijnum
- Re: [v4v6interim] "IPv4->IPv6 is hard" Ed Jankiewicz
- Re: [v4v6interim] "IPv4->IPv6 is hard" Fred Baker
- Re: [v4v6interim] "IPv4->IPv6 is hard" Randy Bush
- Re: [v4v6interim] "IPv4->IPv6 is hard" Ed Jankiewicz
- Re: [v4v6interim] "IPv4->IPv6 is hard" Randy Bush
- Re: [v4v6interim] "IPv4->IPv6 is hard" Ed Jankiewicz
- Re: [v4v6interim] "IPv4->IPv6 is hard" Eric Vyncke (evyncke)
- Re: [v4v6interim] "IPv4->IPv6 is hard" Fred Baker
- Re: [v4v6interim] "IPv4->IPv6 is hard" Fred Baker
- Re: [v4v6interim] "IPv4->IPv6 is hard" Xing Li
- Re: [v4v6interim] "IPv4->IPv6 is hard" marcelo bagnulo braun
- Re: [v4v6interim] "IPv4->IPv6 is hard" Fred Baker
- Re: [v4v6interim] "IPv4->IPv6 is hard" Xing Li
- Re: [v4v6interim] "IPv4->IPv6 is hard" Xing Li
- Re: [v4v6interim] "IPv4->IPv6 is hard" marcelo bagnulo braun
- Re: [v4v6interim] "IPv4->IPv6 is hard" Mark Townsley
- Re: [v4v6interim] "IPv4->IPv6 is hard" Rémi Després
- Re: [v4v6interim] "IPv4->IPv6 is hard" Xing Li