IETF Logo Mail Archive

Re: [v4v6interim] [46translation] [BEHAVE] Proposal for new BEHAVE charter

Margaret Wasserman <mrw@lilacglade.org> Mon, 20 October 2008 15:15 UTC

Return-Path: <v4v6interim-bounces@ietf.org>
X-Original-To: v4v6interim-archive@ietf.org
Delivered-To: ietfarch-v4v6interim-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 880913A69FF; Mon, 20 Oct 2008 08:15:49 -0700 (PDT)
X-Original-To: v4v6interim@core3.amsl.com
Delivered-To: v4v6interim@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3D41E3A69FF for <v4v6interim@core3.amsl.com>; Mon, 20 Oct 2008 08:15:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.581
X-Spam-Level:
X-Spam-Status: No, score=-2.581 tagged_above=-999 required=5 tests=[AWL=0.018, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Gd8KrdhBA+9 for <v4v6interim@core3.amsl.com>; Mon, 20 Oct 2008 08:15:44 -0700 (PDT)
Received: from QMTA10.emeryville.ca.mail.comcast.net (qmta10.emeryville.ca.mail.comcast.net [76.96.30.17]) by core3.amsl.com (Postfix) with ESMTP id 7BA2F3A6984 for <v4v6interim@ietf.org>; Mon, 20 Oct 2008 08:15:44 -0700 (PDT)
Received: from OMTA04.emeryville.ca.mail.comcast.net ([76.96.30.35]) by QMTA10.emeryville.ca.mail.comcast.net with comcast id V0ls1a00H0lTkoCAA3GwAH; Mon, 20 Oct 2008 15:16:56 +0000
Received: from [10.2.1.63] ([69.33.111.74]) by OMTA04.emeryville.ca.mail.comcast.net with comcast id V3Ge1a0011cMU3H8Q3Gh6S; Mon, 20 Oct 2008 15:16:54 +0000
X-Authority-Analysis: v=1.0 c=1 a=VwO5Xa_HGqIA:10 a=hoJ3PnpNJsQA:10 a=1VSuPpdHM8vJtSXiC9AA:9 a=cNiumyp5JVoME6dUubgA:7 a=zBdX0H1qfpYVvRfNRCsZDaI3R9YA:4 a=3SmO1NJXDBsA:10
Message-Id: <546D29AA-286F-4184-ABA0-341915657FF5@lilacglade.org>
From: Margaret Wasserman <mrw@lilacglade.org>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <48FB9C5E.8070402@gmail.com>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Mon, 20 Oct 2008 11:16:37 -0400
References: <48F8539D.90608@ericsson.com> <E1CC009B-8272-4DE7-8D93-88DCB1EDA37C@lilacglade.org> <024001c930a9$a5d00710$c3f0200a@cisco.com> <48FB9C5E.8070402@gmail.com>
X-Mailer: Apple Mail (2.929.2)
Cc: v4v6interim@ietf.org, '46Translation' <46translation@employees.org>, 'Behave WG' <behave@ietf.org>
Subject: Re: [v4v6interim] [46translation] [BEHAVE] Proposal for new BEHAVE charter
X-BeenThere: v4v6interim@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of coexistence topics for the 01-Oct-2008 v4-v6 coexistence interim meeting <v4v6interim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/v4v6interim>, <mailto:v4v6interim-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/v4v6interim>
List-Post: <mailto:v4v6interim@ietf.org>
List-Help: <mailto:v4v6interim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v4v6interim>, <mailto:v4v6interim-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: v4v6interim-bounces@ietf.org
Errors-To: v4v6interim-bounces@ietf.org

Hi Brian,

On Oct 19, 2008, at 4:45 PM, Brian E Carpenter wrote:
>> NAT66 is still a third rail.  I don't want to go there.
>
> Yep. As Margaret well knows, RFC4864 was written to try to avoid
> stepping on that rail, and includes a gap analysis of what's
> needed to avoid it. I'd rather the IETF put effort into those
> gaps.

As I said in my last message, I don't _want_ people to deploy NAT66.   
I would be extremely pleased if we could find an architecturally  
cleaner solution to meet the provider-independence requirements  
described in RFC 4864 and get people to actually deploy that solution...

However, I've talked to many enterprise network administrators who are  
very happy with their NAT-based network architectures.  The IETF has  
yet to offer a more effective or easier-to-deploy solution for  
provider independence, and I haven't seen anything that would  
incentivize network administrators to move away from their current NAT- 
based architecture as they move from IPv4 to IPv6.  So, I believe that  
there will be widespread deployment of NAT66.  I wish it were  
otherwise, but wishing doesn't make it so.

So, I believe that it is important that we encourage people who plan  
to implement and deploy NAT66 to do it in ways that will be far less  
damaging to the IPv6 Internet than a direct port of their IPv4 NATs to  
IPv6.  Using 1:1 NAT, we should be able to eliminate the port mapping  
mess.  Also, by advocating the option of algorithmic mapping (of ISP / 
48s straight into ULA /48s, for example), we can help people to avoid  
the need for per-connection state, thus eliminating the brittleness  
that NAT introduces into the network.  We could try to get people to  
separate the concept of a NAT and a stateful firewall, making it  
easier for administrators to enable peer-to-peer applications if/when  
their business needs require such applications.  Even little things,  
like encouraging NAT vendors to build NATs that will generate a random  
ULA prefix for the customer if configured to so, may help to avoid  
some of the pitfalls we've suffered with NAT44 and redundant net 10  
addressing.

I understand that you might not be interested in working on a NAT66  
document, instead choosing to focus on developing better solutions to  
the problems described in RFC 4864.  But, don't you think there is  
some good that we could do with a NAT66 document in the meantime?

Margaret
_______________________________________________
v4v6interim mailing list
v4v6interim@ietf.org
https://www.ietf.org/mailman/listinfo/v4v6interim

v2.23.0 | Report a Bug | By Email