IETF Logo Mail Archive

Re: [v4v6interim] [BEHAVE] [46translation] Proposal for new BEHAVE charter

Cullen Jennings <fluffy@cisco.com> Thu, 23 October 2008 16:05 UTC

Return-Path: <v4v6interim-bounces@ietf.org>
X-Original-To: v4v6interim-archive@ietf.org
Delivered-To: ietfarch-v4v6interim-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C616C3A69CE; Thu, 23 Oct 2008 09:05:43 -0700 (PDT)
X-Original-To: v4v6interim@core3.amsl.com
Delivered-To: v4v6interim@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 443143A698E; Thu, 23 Oct 2008 09:05:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.258
X-Spam-Level:
X-Spam-Status: No, score=-106.258 tagged_above=-999 required=5 tests=[AWL=-0.259, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id blxdB3uQuFXX; Thu, 23 Oct 2008 09:05:41 -0700 (PDT)
Received: from sj-iport-1.cisco.com (sj-iport-1.cisco.com [171.71.176.70]) by core3.amsl.com (Postfix) with ESMTP id 6B1453A6A7E; Thu, 23 Oct 2008 09:05:41 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.33,471,1220227200"; d="scan'208";a="95174443"
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-1.cisco.com with ESMTP; 23 Oct 2008 16:07:01 +0000
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id m9NG6xAD023296; Thu, 23 Oct 2008 09:06:59 -0700
Received: from [192.168.4.177] (rcdn-fluffy-8711.cisco.com [10.99.9.18]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id m9NG6vu2027698; Thu, 23 Oct 2008 16:06:58 GMT
From: Cullen Jennings <fluffy@cisco.com>
To: Mark Townsley <townsley@cisco.com>
In-Reply-To: <49009C8B.80707@cisco.com>
Impp: xmpp:cullenfluffyjennings@jabber.org
References: <48F8539D.90608@ericsson.com> <48FB9C5E.8070402@gmail.com> <3E041E8D-8539-4A16-9188-86A1DCEEE62B@muada.com> <200810201358.29295.remi.denis-courmont@nokia.com> <8E5328A8-4937-41A8-A650-204795E074D1@muada.com> <5B78195C-1318-4325-8F98-BC19F59E1532@cisco.com> <01462145-8E18-465A-8989-D1C98D421DED@muada.com> <B5A2E7E1-7FAE-48B6-85E2-B1300DF1458D@cisco.com> <9E0384AB-A20B-44E7-8575-9275101FF920@muada.com> <49008B8E.9080408@ericsson.com> <49008F1E.3010804@cisco.com> <FABF6711-4591-4182-A1B4-002BC5F18B9D@cisco.com> <49009C8B.80707@cisco.com>
Message-Id: <A1BB57A1-8B5F-44FF-85BE-C533D0FAE85D@cisco.com>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Thu, 23 Oct 2008 10:06:52 -0600
X-Mailer: Apple Mail (2.929.2)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2473; t=1224778019; x=1225642019; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=fluffy@cisco.com; z=From:=20Cullen=20Jennings=20<fluffy@cisco.com> |Subject:=20Re=3A=20[v4v6interim]=20[BEHAVE]=20[46translati on]=20Proposal=20for=20new=20BEHAVE=20charter |Sender:=20; bh=7pqdRnzOHZ6GTa/RFByBc6atTfURGuocIqdpQ0F2U2s=; b=A0WPTV9pU7Vd7JKQDX0//06FON98vFhTn9x0HWJFdFdelp5lUfq8PCaceg XqYrBY/jmlfAAfZNWGWP8JHqCTl6u2cS6YW4kFccDmYJaI0yk+vy7N0mvhCz Os+rVf8KhL7IWulVmYNfTx9i2mmDUtfWwWP4E8kr/YwHd2WNjIwog=;
Authentication-Results: sj-dkim-1; header.From=fluffy@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Cc: v4v6interim@ietf.org, 46Translation <46translation@employees.org>, Behave WG <behave@ietf.org>
Subject: Re: [v4v6interim] [BEHAVE] [46translation] Proposal for new BEHAVE charter
X-BeenThere: v4v6interim@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of coexistence topics for the 01-Oct-2008 v4-v6 coexistence interim meeting <v4v6interim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/v4v6interim>, <mailto:v4v6interim-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/v4v6interim>
List-Post: <mailto:v4v6interim@ietf.org>
List-Help: <mailto:v4v6interim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v4v6interim>, <mailto:v4v6interim-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: v4v6interim-bounces@ietf.org
Errors-To: v4v6interim-bounces@ietf.org

On Oct 23, 2008, at 9:47 AM, Mark Townsley wrote:

>
>
> Cullen Jennings wrote:
>>
>> I'm not worked up one way or the other about if we should specify  
>> NAT66 or not - however, if we do specify it, I am very concerned  
>> about how we do that. I see one good reason not to specify NAT66  
>> and two good reasons to.
>
> Since saying nothing and hoping folks will abstain doesn't work very  
> well in practice, I'd rather we go in and describe safe NAT66 the  
> best we can. I agree that we have to be careful to do a good job, as  
> teaching bad NAT66 could be worse than not teaching it at all.
>
>>
>> Reasons not to do NAT 66:
>> 1) All the reasons explained in RFC 4864
>>
>> Reason to do it:
>> 1) Limitations of RFC 4864 as explained in 4864
>> 2) Large vendors are building nat66 today and they are doing it in  
>> a way that breaks applications and leaves the application designers  
>> with no idea about what they can count on working and what they  
>> can't count on.
>>
>> If #2 does not remind you of how we got into so much trouble nat44,  
>> well it should. Because of the impact on NAT66 on applications, if  
>> IETF does decide to do NAT66 specifications, I think it is very  
>> important that the specification is developed not only in the  
>> context of v6ops people but is also developed with input of folks  
>> from applications that need to use it. Today that would roughly  
>> mean behave.
> I think that something that operates only at the IP layer could stay  
> in the int-area.

If the mapping was purely and 1:1 mapping between internal and  
external IPs I would agree with you but unfortunately, I worry that  
meeting the requirement that drive section 4.4 of 4864 (privacy and  
topology hiding) really complicate trying to do it with 1:1 mapping at  
IP level.

If you want to be able hide that two uncorrelated sessions are  
actually coming from the same internal host, well, I'm not sure I see  
how to do this with 1:1 mappings. One might argue that one should  
ignore these requirements but this is one of key areas where some  
people feel that 4864 has limitations that drive the deployment of  
NAT66. Two solutions I have seen for this are a) different external IP  
for every internal flow b) doing port address translation similar to  
NAPT in NAT44. Either of these choices has some pretty substantial  
impacts on how to make applications like VoIP work.





_______________________________________________
v4v6interim mailing list
v4v6interim@ietf.org
https://www.ietf.org/mailman/listinfo/v4v6interim

v2.23.0 | Report a Bug | By Email