Re: [v6ops] Operational Guidance for IPv6 Deployment inPredominantly IPv4 Sites - (pre-draft)
"Templin, Fred L" <Fred.L.Templin@boeing.com> Wed, 13 April 2011 00:07 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: v6ops@ietfc.amsl.com
Delivered-To: v6ops@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 4F555E0708 for <v6ops@ietfc.amsl.com>; Tue, 12 Apr 2011 17:07:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.485
X-Spam-Level:
X-Spam-Status: No, score=-6.485 tagged_above=-999 required=5 tests=[AWL=0.114, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tX-p1gce41W5 for <v6ops@ietfc.amsl.com>; Tue, 12 Apr 2011 17:07:05 -0700 (PDT)
Received: from blv-smtpout-01.boeing.com (blv-smtpout-01.boeing.com [130.76.32.69]) by ietfc.amsl.com (Postfix) with ESMTP id 581F3E096C for <v6ops@ietf.org>; Tue, 12 Apr 2011 17:07:02 -0700 (PDT)
Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by blv-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id p3D06qOU029982 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 12 Apr 2011 17:06:53 -0700 (PDT)
Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id p3D06q2X009332; Tue, 12 Apr 2011 17:06:52 -0700 (PDT)
Received: from XCH-NWHT-09.nw.nos.boeing.com (xch-nwht-09.nw.nos.boeing.com [130.247.25.115]) by slb-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id p3D06p79009321 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Tue, 12 Apr 2011 17:06:52 -0700 (PDT)
Received: from XCH-NW-01V.nw.nos.boeing.com ([130.247.64.120]) by XCH-NWHT-09.nw.nos.boeing.com ([130.247.25.115]) with mapi; Tue, 12 Apr 2011 17:06:51 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
Date: Tue, 12 Apr 2011 17:06:49 -0700
Thread-Topic: [v6ops] Operational Guidance for IPv6 Deployment inPredominantly IPv4 Sites - (pre-draft)
Thread-Index: Acv5ZZs8gsZF0yjcS9qrbW1HJxN2mgACBkUw
Message-ID: <E1829B60731D1740BB7A0626B4FAF0A65C699E77B5@XCH-NW-01V.nw.nos.boeing.com>
References: <7B64C6B4-23DB-44AE-8941-ACE9964A3578@cisco.com><E1829B60731D174 0BB7A0626B4FAF0A65C699E721E@XCH-NW-01V.nw.nos.boeing.com><20110413071247.2b efa661@opy.nosense.org><E1829B60731D1740BB7A0626B4FAF0A65C699E7756@XCH-NW-01V.nw.nos.boeing.com> <20110413083142.1400c381@opy.nosense.org>
In-Reply-To: <20110413083142.1400c381@opy.nosense.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Operational Guidance for IPv6 Deployment inPredominantly IPv4 Sites - (pre-draft)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Apr 2011 00:07:06 -0000
Hi Mark, It sounds like what you'd prefer would be DHCPv6 over ISATAP interfaces. In that case, the routing system matches up the (non-ISATAP) DHCPv6-delegated IPv6 addresses with an ISATAP link-local address of the host to which the address has been delegated. We talk about how to do exactly that in Section 3.2.4 of 'draft-ietf-v6ops-tunnel-loops'. So, this has come down to a DHCPv6 vs SLAAC bakeoff on ISATAP links, I guess? I was told by an employee of a major host implementation vendor that their ISATAP host implementation does not do DHCPv6. But, you list a number of reasons why DHCPv6 would be beneficial. This sounds like a recipe for a food-fight. Can I run off to catch that train with you?? Fred fred.l.templin@boeing.com > -----Original Message----- > From: Mark Smith > [mailto:ipng@69706e6720323030352d30312d31340a.nosense.org] > Sent: Tuesday, April 12, 2011 4:02 PM > To: Templin, Fred L > Cc: v6ops@ietf.org > Subject: Re: [v6ops] Operational Guidance for IPv6 Deployment > inPredominantly IPv4 Sites - (pre-draft) > > Hi Fred, > > On Tue, 12 Apr 2011 15:07:24 -0700 > "Templin, Fred L" <Fred.L.Templin@boeing.com> wrote: > > > Hi Mark, > > > > > -----Original Message----- > > > From: Mark Smith > > > [mailto:ipng@69706e6720323030352d30312d31340a.nosense.org] > > > Sent: Tuesday, April 12, 2011 2:43 PM > > > To: Templin, Fred L > > > Cc: v6ops@ietf.org > > > Subject: Re: [v6ops] Operational Guidance for IPv6 Deployment > > > inPredominantly IPv4 Sites - (pre-draft) > > > > > > Hi Fred, > > > > > > On Mon, 11 Apr 2011 11:18:14 -0700 > > > "Templin, Fred L" <Fred.L.Templin@boeing.com> wrote: > > > > > > > Hello, > > > > > > > > The following should not be construed as a draft, but > > > > rather just a set of ideas that might be considered > > > > for inclusion in a new or existing draft. Any > > > > comments or suggestions? > > > > > > > > > > I don't know if it has been though of before, however one > alternative > > > use of ISATAP I've thought of is to facilitate IPv6 topology > > > hiding. The underlying IPv4 addresses probably would expose > > > the network > > > typology, however if they're RFC1918 ones, they'd be unreachable > > > externally. > > > > There is probably a discussion point here, but I'll > > note that other IPv4-embedding mechanisms like 6to4 > > and 6rd are not shy about exposing IPv4 addresses > > externally. Especially with 6rd, the IPv4 addresses > > may be from the private internal IPv4 addressing realm > > of the ISP, so there would seem to be precendence for > > just letting the IPv4 addresses leak out. > > > > I think people who're using those sorts of mechanisms probably aren't > concerned about using topology hiding so much, or are aware that only > one or a small number of public IPv4 addresses are exposed. > > I'm imagining a conversation with people who like the topology > hiding that IPv4 NAPT provides, and think they need IPv6 NAPT for the > same reason. I think you could rebut that by saying that ISATAP could > be used to make all IPv6 hosts appear to be attached to a single /64, > also pointing out that ISATAP implementations are commonly available. > However, when they find out that underlying IPv4 addresses > are embedded > in the ISATAP addresses, they'll then say that thats still exposing > IPv4 topology information that isn't exposed with IPv4 NAPT, and > therefore ISATAP isn't adequate, and therefore they need IPv6 NAPT. > > So I think ISATAP is nearly capable of providing IPv6 and underlying > IPv4 topology hiding, as long as the exterior devices don't see the > underlying IPv4 addresses. It has just occurred to me that ISATAP + > stateful DHCPv6 addressing might achieve that. Do you know if that > would work or has been implemented anywhere? > > > > > Possibly this could be resolved by having only the ISATAP > > > domain link-local addresses use IPv4 addresses, and then have > > > global -> > > > link local IPv6 translation tables which are then used to > resolve a > > > global IPv6 ISATAP host address which doesn't include an > interior IPv4 > > > host address into a ISATAP link local and then interior IPv4 > > > address. As > > > external parties would only use externally visible IPv6 > addresses, the > > > IPv4 topology would then be hidden as well. > > > > I'm almost on-board with this, however I would not > > want to see the site number all of its ISATAP host > > interfaces with only link-local IPv6 addresses. Or, > > maybe that's not what you were saying? > > > > No, it was that the underlying IPv4 addresses were only > embedded in the > link local addresses used within the ISATAP domain, and the > global IPv6 > addresses used within the ISATAP domain were generic (non-IPv4 > embedded) IPv6 addresses (e.g. SLAAC using some other non-IPv4 IID, or > privacy addresses, or stateful DHCPv6 addresses). > > To resolve the underlying IPv4 address for inbound packets, with these > generic global IPv6 addresses, the look up mechanism would be - > > 1. Match up the global IPv6 address to an ISATAP domain link-local > address with the embedded IPv4 address. > 2. Extract the IPv4 address from the link local address and use that > for the encapsulating packet IPv4 destination. > > > What I *could* see happening is for the ISATAP > > router to maintain a translation table whereby > > it translates the IPv6 address 2001:db8::[ISATAP] > > coming from a host within the site to the IPv6 > > address 2001:db8::[EUI64] for communications with > > hosts outside the site. > > I think the drawback of that is that it is IPv6-to-IPv6 address > translation with all the related issues of NAT. > > > > > Even moreso, ISATAP hosts inside an enterprise > > network are likely to need to go through an > > enterprise-border proxy in order to talk to IPv6 > > servers out on the Internet, so the proxy itself > > could do the translation as I suspect many IPv4 > > proxies currently do today. > > > > Is that what you had in mind? > > > > Thanks - Fred > > fred.l.templin@boeing.com > > > > (got to rush off to catch my train!) > > Regards, > Mark. >
- [v6ops] WGLC draft-ietf-v6ops-ipv6-multihoming-wi… Fred Baker
- [v6ops] Operational Guidance for IPv6 Deployment … Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Gunter Van de Velde (gvandeve)
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Randy Bush
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Hemant Singh (shemant)
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6Deployme… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6Deployme… Hemant Singh (shemant)
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Ole Troan
- Re: [v6ops] Operational Guidance for IPv6Deployme… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Hemant Singh (shemant)
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Mark Smith
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Mark Smith
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- [v6ops] Simplified Automatic IPv6 Renumbering wit… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Lee Howard
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Philip Homburg
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Philip Homburg
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Philip Homburg
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L