IETF Logo Mail Archive

Re: [v4v6interim] [46translation] [BEHAVE] Proposal for new BEHAVE charter

Iljitsch van Beijnum <iljitsch@muada.com> Tue, 21 October 2008 07:53 UTC

Return-Path: <v4v6interim-bounces@ietf.org>
X-Original-To: v4v6interim-archive@ietf.org
Delivered-To: ietfarch-v4v6interim-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9EF7428C0FF; Tue, 21 Oct 2008 00:53:48 -0700 (PDT)
X-Original-To: v4v6interim@core3.amsl.com
Delivered-To: v4v6interim@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B90E43A6AC1; Tue, 21 Oct 2008 00:53:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.59
X-Spam-Level:
X-Spam-Status: No, score=-2.59 tagged_above=-999 required=5 tests=[AWL=0.009, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t9hRjrBzMwPc; Tue, 21 Oct 2008 00:53:45 -0700 (PDT)
Received: from sequoia.muada.com (unknown [IPv6:2001:1af8:2:5::2]) by core3.amsl.com (Postfix) with ESMTP id 8B8673A6B11; Tue, 21 Oct 2008 00:53:45 -0700 (PDT)
Received: from nirrti.it.uc3m.es (nirrti.it.uc3m.es [163.117.139.68]) (authenticated bits=0) by sequoia.muada.com (8.13.3/8.13.3) with ESMTP id m9L7sPh1011176 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 21 Oct 2008 09:54:26 +0200 (CEST) (envelope-from iljitsch@muada.com)
Message-Id: <01462145-8E18-465A-8989-D1C98D421DED@muada.com>
From: Iljitsch van Beijnum <iljitsch@muada.com>
To: Fred Baker <fred@cisco.com>
In-Reply-To: <5B78195C-1318-4325-8F98-BC19F59E1532@cisco.com>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Tue, 21 Oct 2008 09:54:43 +0200
References: <48F8539D.90608@ericsson.com> <48FB9C5E.8070402@gmail.com> <3E041E8D-8539-4A16-9188-86A1DCEEE62B@muada.com> <200810201358.29295.remi.denis-courmont@nokia.com> <8E5328A8-4937-41A8-A650-204795E074D1@muada.com> <5B78195C-1318-4325-8F98-BC19F59E1532@cisco.com>
X-Mailer: Apple Mail (2.929.2)
Cc: Behave WG <behave@ietf.org>, v4v6interim@ietf.org, 46Translation <46translation@employees.org>, iab@iab.org
Subject: Re: [v4v6interim] [46translation] [BEHAVE] Proposal for new BEHAVE charter
X-BeenThere: v4v6interim@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of coexistence topics for the 01-Oct-2008 v4-v6 coexistence interim meeting <v4v6interim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/v4v6interim>, <mailto:v4v6interim-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/v4v6interim>
List-Post: <mailto:v4v6interim@ietf.org>
List-Help: <mailto:v4v6interim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v4v6interim>, <mailto:v4v6interim-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: v4v6interim-bounces@ietf.org
Errors-To: v4v6interim-bounces@ietf.org

On 20 okt 2008, at 23:41, Fred Baker wrote:

> On Oct 20, 2008, at 7:21 PM, Iljitsch van Beijnum wrote:

>> Of course the IETF could also come out and say that it will not  
>> accommodate any type of IPv6 NAT.

> That will travel about one meter and nose-dive. Remember the IETF  
> being deluded into thinking that if it didn't work on lawful  
> intercept the problem would go away?

Didn't it? This is now "solved" outside the IETF AFAIK.

> Good solutions help, like what RFC 4864 tries to be. Delusional  
> thinking and rants about what we don't like don't help.

Please read carefully. What I said that the IETF could decide that it  
wouldn't _accommodate_ any type of IPv6 NAT. In the past, the IETF has  
come up with numerous protocols that can't work through NAT. These  
days, working through NAT is always a consideration for end-to-end  
protocols that run on top of IPv4. This is often a hard problem, and  
there are many backward compatibility issues with older protocols.

Although we won't be able to make a completely clean break with IPv6,  
we do have the ability to do better than we've done in the past with  
IPv4. I basically see three options for IPv6:

1. We come to the conclusion that port overloading NAT is now part of  
the IP architecture so if at all possible, all protocols must work  
that type of NAT.

2. Since there are alternative mechanisms to reach the same goals in  
IPv6 that people use NAT for in IPv4, the IETF will not address NAT in  
protocols that run on top of IPv6. If end-users implement NAT66  
anyway, they are solely responsible for implementing the workarounds  
necessary to make this work.

3. Because we expect NAT66 to happen anyway, but because the port  
overloading is the most harmful part that we can possibly avoid, we  
specify a stateless, transport-agnostic 1-to-1 NAT66 and make sure  
protocols that run on top of IPv6 can work through that. In case  
people decide to run a port overloading NAT66, see 2.

Also note that the ship has already sailed on unrestricted end-to-end  
connectivity in IPv6, not only in practice but also by IETF mandate  
when the recommendation to use a stateful firewall between IPv6 nodes  
and the internet reached rough consensus. So some level of middlebox  
awareness is already a requirement for IPv6. (And the NAT64 efforts  
add to this to some degree.) The only question is if we want to extend  
this or not.

In my opinion, it would be good if the IETF or IAB (I'll CC them just  
in case they're looking for work) could come to some kind of  
conclusion regarding the above so that we can formulate  
recommendations for transport and application protocol developers.
_______________________________________________
v4v6interim mailing list
v4v6interim@ietf.org
https://www.ietf.org/mailman/listinfo/v4v6interim

v2.23.0 | Report a Bug | By Email