Re: [v6ops] 464xlat case study (was reclassify 464XLAT as standard instead of info)

"Heatley,N,Nick,TQB R" <nick.heatley@bt.com> Tue, 26 September 2017 21:14 UTC

Return-Path: <nick.heatley@bt.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A80CE13445F for <v6ops@ietfa.amsl.com>; Tue, 26 Sep 2017 14:14:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btgroupcloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16Cg_zrVGx-U for <v6ops@ietfa.amsl.com>; Tue, 26 Sep 2017 14:14:48 -0700 (PDT)
Received: from smtpe1.intersmtp.com (smtpe1.intersmtp.com [62.239.224.236]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3966133083 for <v6ops@ietf.org>; Tue, 26 Sep 2017 14:14:47 -0700 (PDT)
Received: from EVMHT63-UKRD.domain1.systemhost.net (10.36.3.100) by RDW083A007ED63.bt.com (10.187.98.12) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 26 Sep 2017 22:15:10 +0100
Received: from smtpe1.intersmtp.com (10.187.98.11) by EVMHT63-UKRD.domain1.systemhost.net (10.36.3.100) with Microsoft SMTP Server (TLS) id 8.3.342.0; Tue, 26 Sep 2017 22:14:44 +0100
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (213.199.154.213) by smtpe1.intersmtp.com (62.239.224.235) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 26 Sep 2017 22:14:44 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=BTGroupCloud.onmicrosoft.com; s=selector1-bt-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=wrfc5r28t31GYFy95lBtz/y8AfdmUUnZWTkUBacn9jQ=; b=Ay4K4VgW/sNVJN59q3EMA5TjjNB6feX5YFN/ToT3VJPMBhj0/0u20njy16QSsiuCWijbYyaQHwvJ8ZnRztkT6inevFm2aqm4JNSgh6bluO3uyF51ZXMQ6X/kES+rHCXu3ZJfXBTTPdIRW9D8MxJtOpm+7OW9mP6ieXgyrGojF0s=
Received: from LO1P123MB0116.GBRP123.PROD.OUTLOOK.COM (10.167.24.147) by LO1P123MB0882.GBRP123.PROD.OUTLOOK.COM (10.167.25.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Tue, 26 Sep 2017 21:14:42 +0000
Received: from LO1P123MB0116.GBRP123.PROD.OUTLOOK.COM ([10.167.24.147]) by LO1P123MB0116.GBRP123.PROD.OUTLOOK.COM ([10.167.24.147]) with mapi id 15.20.0077.011; Tue, 26 Sep 2017 21:14:41 +0000
From: "Heatley,N,Nick,TQB R" <nick.heatley@bt.com>
To: Mark Andrews <marka@isc.org>
CC: IPv6 Ops WG <v6ops@ietf.org>
Thread-Topic: [v6ops] 464xlat case study (was reclassify 464XLAT as standard instead of info)
Thread-Index: AdM16ZBiVXxOrrPASdi8hSWu5DH/5gAZyZY1AC5K0hA=
Date: Tue, 26 Sep 2017 21:14:41 +0000
Message-ID: <LO1P123MB0116A19599D13DB643BBB3E3EA7B0@LO1P123MB0116.GBRP123.PROD.OUTLOOK.COM>
References: <LO1P123MB01168388285206BB7C26F029EA7A0@LO1P123MB0116.GBRP123.PROD.OUTLOOK.COM> <20170925225028.DABE487DE1F6@rock.dv.isc.org>
In-Reply-To: <20170925225028.DABE487DE1F6@rock.dv.isc.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=nick.heatley@bt.com;
x-originating-ip: [77.97.239.204]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; LO1P123MB0882; 6:02g6V9L1B8jA3D+JwLBdN2oBBByXEjXFknO8D90uVxP+utejJ9q6gdQWfggpCVW8Bi1PXkhJkuTDjDJRqN1FLptEuz+vPdutf2n3KLY098q+271LreLU3UUtExbt59Lkwk7pt+j573DTdT2NsiCy7A/X1CmB5RQi+o/blazRE9aGnx1aK7Znw5ixK04/nTDz/tjBiIqj4M4k5fHxKHAJMmD+3feirKWSDDw8gHkuvEqgO8cP3ITML+paYz6UQxxry+D8ZXESgpoPC78rdZ7C6bT3QyyGerdULwm9kFOCPLjvC6cf1UieLfG2X4zdbE9JD6ghjEDxm2VD3AbnBB26Gg==; 5:iWikBzHirllC2Rd9+KRXPfL8+S75FXYGTwVGk2h01kDR9MitKMwSfImCZJ5NIRs7xoBTC/6ZYRlk+npFcs+IN2Y73kXdEWbVXuW2tc25vEa1QUzPo1yK/qU0WNUhTMXb7YhbWU0TvbWSpu/bJtNDpA==; 24:X3/JXHVxsqTQxICRQbiRhzLKX9mu2fH8HODNgXUsjGPe9nTcVjWQnACWTeCUyaS9cKUYueA398F3duJj5VhaZW97vKdWm91f79WIEmGxNWc=; 7:gBy4JLFmkp+Rym6RKpl736F4HF39FJ8lNDNaBnLNdfW1YRlZapmcGxOcIUCnS9nIX5IZVsAHdzTOCz7G8OoXF6k6pGa+Z/TlOSM77Lxeo49dHRkAmDmE2YdixopcDvYwJT1l7V8QHHQa9PG9nR/DbleKWMsA/dsfsYQ12blFYxeSpSzJNEbZ+IYHgwAAKpfDxkAZPuCoRQonLrzb9ex5+4ej45AgkKkdda8ROkxgLqc=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: c70a856a-04a4-420d-edd1-08d505239aa7
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:LO1P123MB0882;
x-ms-traffictypediagnostic: LO1P123MB0882:
x-antispam-2: 1
x-exchange-antispam-report-test: UriScan:(146908506813832)(190756311086443)(189930954265078)(175275609761927);
x-microsoft-antispam-prvs: <LO1P123MB088240E098058D5C6D4B70A7EA7B0@LO1P123MB0882.GBRP123.PROD.OUTLOOK.COM>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(10201501046)(3002001)(93006095)(93001095)(6041248)(20161123564025)(20161123562025)(20161123555025)(20161123560025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:LO1P123MB0882; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:LO1P123MB0882;
x-forefront-prvs: 0442E569BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(189002)(13464003)(199003)(66066001)(6506006)(4326008)(81156014)(6116002)(3846002)(74316002)(102836003)(25786009)(97736004)(189998001)(86362001)(9686003)(68736007)(53936002)(2900100001)(81166006)(478600001)(305945005)(7736002)(2950100002)(54356999)(5660300001)(3280700002)(76176999)(33656002)(6916009)(7696004)(101416001)(229853002)(53546010)(316002)(8676002)(106356001)(6436002)(77096006)(55016002)(3660700001)(105586002)(14454004)(2906002)(6246003)(50986999)(8936002); DIR:OUT; SFP:1101; SCL:1; SRVR:LO1P123MB0882; H:LO1P123MB0116.GBRP123.PROD.OUTLOOK.COM; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: bt.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Sep 2017 21:14:41.8234 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a7f35688-9c00-4d5e-ba41-29f146377ab0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO1P123MB0882
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/29INPBfVJPF2tVqEUVQbdDJQjN8>
Subject: Re: [v6ops] 464xlat case study (was reclassify 464XLAT as standard instead of info)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Sep 2017 21:14:51 -0000

Mark, What is this encapsulation solution? 
There is no running code for this on client devices, as far as I know - regardless of whether we set various vendors' "junior developers" on various parts of 3GPP core stack😊.

The alternative for an operator concerned with exhaustion of private addressing, is to start running overlapping copies of the private address ranges; for different customer segments or data centres or regions of the network.
I am deadly serious about this, this is what operators have done. This comes with or without IPv6, because if you have to run v4 why add in a second address family?
I guess you will be happy with this outcome because you believe NAT44 CGN is superior to NAT64 CGN. But I think you are missing the point.
As others have stated, your perceived issues are all problems tied to IPv4. I have a way that drives IPv6-only in my network.


-----Original Message-----
From: Mark Andrews [mailto:marka@isc.org] 
Sent: 25 September 2017 23:50
To: Heatley,N,Nick,TQB R <nick.heatley@bt.com>
Cc: IPv6 Ops WG <v6ops@ietf.org>
Subject: Re: [v6ops] 464xlat case study (was reclassify 464XLAT as standard instead of info)


In message <LO1P123MB01168388285206BB7C26F029EA7A0@LO1P123MB0116.GBRP123.PROD.OUTLOOK.COM>OM>, "Heatley,N,Nick,TQB R" writes:
> There are no arguments about architecture, there are only arguments 
> about requirements.
>
> Here is my case study on NAT64/DNS64/464xlat.
> My requirements:
>
>   *   A solution for multi-million numbers of consumer nodes (smartphones)
>   *   Mitigate IPv4 private and public address exhaustion
>   *   Encapsulation is not compatible with the core of 3GPP mobile
> networks  only translation is Core & Service-LAN friendly.
>   *   Keep the provider network simple  the overhead of two address
> families per customer in the mobile core is undesirable (as it doubles 
> the control plane signalling)
>   *   2 consumer usecases (on the same Internet APN) to consider
> on-device apps (smartphone+apps), tethering (smartphone+wifi-tethered 
> device of an unknown OS)

The problem with those requirement is that miss the most important one.

	Don't do damage.

DNS64 does damage to the DNS.
NAT64 does damage to IPv6.

DNS64/NAT64 and 464XLAT externalise the cost of not upgrading the billing software to unwrap the encapsulation.

> Thanks to esteemed Android developers putting 464xlat into Android, 
> otherwise this wouldnt have happened.
> DNS64/NAT64 did not get put into production until 464xlat appeared on 
> Android.
> I had zero IPv6 clients until 464xlat, IPv6 was insufficient without it.
> Prefix-share + 464xlat gave the tethering use-case support.
> The result has been rapid deployment, meeting all the requirements, we 
> currently observe something like 70% of an IPv6-only devices traffic 
> is
> IPv6-IPv6 based (and NAT-free).

Just running the dual stack and a regular CGN rather than a NAT64 also achieves that as IPv6 nodes prefer IPv6 over IPv4 as the transport.

> I have a good amount of internal mobile core traffic that is IPv6-only 
> (the combination of IPv6-only IMS APN for VoWifi and VoLTE, and this 
> internet APN).
>
> So this is my opinion: 464xlat is the currently the adopted approach when:
> - IPv4 addresses are (near) exhausted for the mass-market,
> - AND the provider network demands a translation technology (i.e.
> incompatible with encaps.)
> - AND at the client end,  apps are not purged of IPv4 literals OR 
> tethering to an unknown OS is required

AND you are willing to be selfish and ignore the costs you are externalising on everyone else.

No network DEMANDS translation technology.  You could have spent a little bit of developer time and upgraded the billing software to understand about encapsulation.  Its a very simple concept.  Even the most junior of developers could have done this.

> What is the point of seeking BCP for 464xlat? I am not entirely sure.
> It should not be to try to select Apple vs Android approaches, I want 
> to see both approaches successful.
> Maybe it is to keep IETF relevant to the real world requirements and 
> specific usecases. Id like to see IETF do more on usecases/solution 
> context, BCPs can set the context, right?
> Maybe I can use it to help drive an IPv6-only 5G?
> Nick

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org