Re: [v4v6interim] Single namespace

james woodyatt <jhw@apple.com> Thu, 02 October 2008 19:37 UTC

Return-Path: <v4v6interim-bounces@ietf.org>
X-Original-To: v4v6interim-archive@ietf.org
Delivered-To: ietfarch-v4v6interim-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 33DC328C134; Thu, 2 Oct 2008 12:37:31 -0700 (PDT)
X-Original-To: v4v6interim@core3.amsl.com
Delivered-To: v4v6interim@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C7B8F28C0F6 for <v4v6interim@core3.amsl.com>; Thu, 2 Oct 2008 12:37:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y5WYm4BiU2n6 for <v4v6interim@core3.amsl.com>; Thu, 2 Oct 2008 12:37:29 -0700 (PDT)
Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by core3.amsl.com (Postfix) with ESMTP id CC9AA28C0F4 for <v4v6interim@ietf.org>; Thu, 2 Oct 2008 12:37:29 -0700 (PDT)
Received: from relay12.apple.com (relay12.apple.com [17.128.113.53]) by mail-out3.apple.com (Postfix) with ESMTP id 9E7A43E0C642 for <v4v6interim@ietf.org>; Thu, 2 Oct 2008 12:37:50 -0700 (PDT)
Received: from relay12.apple.com (unknown [127.0.0.1]) by relay12.apple.com (Symantec Mail Security) with ESMTP id 8BCD8464002 for <v4v6interim@ietf.org>; Thu, 2 Oct 2008 12:37:50 -0700 (PDT)
X-AuditID: 11807135-a897dbb000000d0e-ec-48e5230e2560
Received: from il0602f-dhcp175.apple.com (il0602f-dhcp175.apple.com [17.206.50.175]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay12.apple.com (Apple SCV relay) with ESMTP id 5291C420006 for <v4v6interim@ietf.org>; Thu, 2 Oct 2008 12:37:50 -0700 (PDT)
Message-Id: <31D693EF-453A-4120-A7E4-ADC86C0D42DE@apple.com>
From: james woodyatt <jhw@apple.com>
To: v4v6interim@ietf.org
In-Reply-To: <C50A477E.1B4C4%alain_durand@cable.comcast.com>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Thu, 02 Oct 2008 12:37:50 -0700
References: <C50A477E.1B4C4%alain_durand@cable.comcast.com>
X-Mailer: Apple Mail (2.929.2)
X-Brightmail-Tracker: AAAAAA==
Subject: Re: [v4v6interim] Single namespace
X-BeenThere: v4v6interim@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of coexistence topics for the 01-Oct-2008 v4-v6 coexistence interim meeting <v4v6interim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/v4v6interim>, <mailto:v4v6interim-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/v4v6interim>
List-Post: <mailto:v4v6interim@ietf.org>
List-Help: <mailto:v4v6interim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v4v6interim>, <mailto:v4v6interim-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="windows-1252"; Format="flowed"; DelSp="yes"
Sender: v4v6interim-bounces@ietf.org
Errors-To: v4v6interim-bounces@ietf.org

On Oct 2, 2008, at 06:40, Alain Durand wrote:
> On 10/1/08 5:20 PM, "Brian E Carpenter"  
> <brian.e.carpenter@gmail.com> wrote:
>>
>> Although DNS64 is even more offensive to the computer science
>> view, I can't see any realistic solution to the v4only/v6 only
>> interworking problem that doesn't *require* different views
>> of the namespace on the two sides, created dynamically to
>> match the translation state.
>
> In the case of v6->v4, there is actually a solution that  
> *does*not*require*
> creating different views of the namespace. The v6 host can use its  
> IPv4
> stack with Dual-stack lite, and the problem goes away entirely.

Except, the v6->v4 case is only half the picture.  The problem is  
entirely in the other half.  It does not go away.  You have simply  
chosen not to see it.

IPv6 hosts running DS-Lite can initiate flows to IPv4 endpoints, but  
they do not have public IPv4 addresses and they can't make their  
services available to IPv4-only hosts without help from the service  
provider.  From the perspective of IPv4-only clients, DS-Lite servers  
are in a walled garden.

Brief digression: if you want to make any kind of services available  
to IPv4-only clients, then you have two basic choices:

   + Make your services available over IPv4 at publicly assigned
     and routed addresses.  Advertise DNS content normally.

   + Make your services available through an IPv4 translator.
     Advertise DNS content with addresses translated into the
     public IPv4 realm.

In the second case, from the perspective of IPv4-only clients, it does  
not matter whether the server is in a private IPv4 realm or in the  
public IPv6 realm.  If you'd like your IPv6 services to be available  
to IPv4-only hosts, you have only two choices: A) run full dual-stack  
servers (not DS-Lite), or B) deploy a translator with a DNS gateway to  
the public IPv4 horizon.

As it happens, here at Apple, we have a service called Back To My Mac™  
(part of our MobileMe™) service that basically does option B) today,  
because our customers often don't full native IPv4 service, i.e. they  
have private networks.  (Interestingly, we avoided the whole IPv4  
address realm conflict problem by tunneling IPv6 over ESP/UDP/IPv4  
through NAT with NAT-PMP and using DNS-SD tricks to manage the  
equivalent problem to what is under discussion here, but that's a side- 
track for now.)

Please take note of the problem if you try to make Back To My Mac™  
work by tunneling inside ESP transport mode IPv6 in addition to ESP  
IPv4/NAT-T.  The additional mode would be a simplification of the  
current mode, actually, because NAT-PMP wouldn't be required (though,  
ALD might be, depending...).  However, it would only be good for IPv6- 
capable clients-- IPv4-only clients would still have no recourse if  
the SP NAT does not help with the IPv4 autotunnel.  You might imagine  
deploying something like IVI or NAT64, so that IPv6 servers register  
their tunnels in the DNS through a DNS64 gateway that knows about the  
NAT64 point where ESP/UDP/IPv4 is translated into ESP/IPv6, but that  
would be not-at-all anything like what you see in the DS-Lite draft.   
It *also* doesn't look like the current NAT6/NAT64/IVI/what-have-you  
proposals because nothing in those drafts talks much about DNS-SD (or  
its moral equivalent).  They seem to just hand-wave over that problem.

Summarizing, these are the sorts of problems that have me convinced  
that trying to make IPv6-only services reachable from IPv4-only  
clients is a losing game in the long run.  We should concentrate our  
coexistence effort on the following problems:

   A) Ensuring that *all* kinds of dual-stack clients see IPv6 servers,

   B) Ensuring that IPv4-only clients see dual-stack servers,

   ...and finally...

   C) Ensuring that dual-stack servers can register equivalently in  
the DNS for
      both IPv4-only clients and dual-stack clients,

   ...while...

   D) Bearing mind that Teredo hosts and nodes in 6to4 sites may be  
dual-stack,
      and they may be either/both clients and/or servers.  (No, I  
don't care
      about ISATAP today.  I'm not going to care until ISATAP  
deployments are
      numerous enough to matter.)

At this point, I view everything else as a dangerous distraction from  
our basic coexistence problem set, and it should be deferred until the  
happy eventuality that they become a more pressing problem than they  
are today.


--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering

_______________________________________________
v4v6interim mailing list
v4v6interim@ietf.org
https://www.ietf.org/mailman/listinfo/v4v6interim