IETF Logo Mail Archive

Re: [v6ops] Are we competitive?

Vasilenko Eduard <vasilenko.eduard@huawei.com> Fri, 12 August 2022 08:00 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB431C13C505 for <v6ops@ietfa.amsl.com>; Fri, 12 Aug 2022 01:00:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x0O-A8U9L-Vh for <v6ops@ietfa.amsl.com>; Fri, 12 Aug 2022 00:59:56 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C481C13CCED for <v6ops@ietf.org>; Fri, 12 Aug 2022 00:59:56 -0700 (PDT)
Received: from fraeml736-chm.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4M3wxW22Tnz67yBh; Fri, 12 Aug 2022 15:57:03 +0800 (CST)
Received: from mscpeml100001.china.huawei.com (7.188.26.227) by fraeml736-chm.china.huawei.com (10.206.15.217) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Fri, 12 Aug 2022 09:59:53 +0200
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by mscpeml100001.china.huawei.com (7.188.26.227) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Fri, 12 Aug 2022 10:59:52 +0300
Received: from mscpeml500001.china.huawei.com ([7.188.26.142]) by mscpeml500001.china.huawei.com ([7.188.26.142]) with mapi id 15.01.2375.024; Fri, 12 Aug 2022 10:59:52 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: David Farmer <farmer=40umn.edu@dmarc.ietf.org>
CC: Fernando Gont <fernando@gont.com.ar>, IPv6 Operations <v6ops@ietf.org>, "buraglio@es.net" <buraglio@es.net>
Thread-Topic: [v6ops] Are we competitive?
Thread-Index: AQHYoi0ZEjRK7z4aJ0mo31PReLBUu62TUvkAgACe0QCAACL2AIAADSQAgAACUYCAAEx0gIAA9pUAgBAq/YCAAQhUgIABXaZAgAAxMgCAAT4qYP//38aAgABDyZD///HBAIABfReg
Date: Fri, 12 Aug 2022 07:59:52 +0000
Message-ID: <b9f33aa499b043bb90ff926731db9739@huawei.com>
References: <e4a35f0c-757a-aefa-c211-05b6015a4215@gmail.com> <YuJXbruluDmzF3RD@Space.Net> <ec68b29c62034d3e98adec9c5da45ff3@huawei.com> <25e4f9e4-e055-241c-7047-97dca8b09cc8@gmail.com> <3c35a91af90d4b82af724e7ce98378d3@huawei.com> <CAE=N4xcPq3CB5DDjPOk3oAqBfpJRebhXsFExSEAX_Yr3_XsSUg@mail.gmail.com> <97662d43-7daa-191c-792b-49a626fb9769@gmail.com> <CAM5+tA_w9n2=cXc=mgsr8iOx2rndAWgPhnoNBs4UQnJd3gJxNA@mail.gmail.com> <CADzU5g4mSqqVXE9ppe1U=dMM59GUPviArL_5tiQe0yxm-YZrgw@mail.gmail.com> <CAM5+tA9tOGuy8scXStxOTzWOwG_zvDHx4Hi5CwkGiYmzNLOvqw@mail.gmail.com> <9687af1f59a6492f8353ade4d920fa95@huawei.com> <CAM5+tA8UF-3ZHkE0npZ0r5sDQ+FudTSPhpWns1BsPCk=NecX+Q@mail.gmail.com> <7e4606c4534c49a593863bda870b6e63@huawei.com> <3f138b03-940a-e83a-6c6e-6039506b6e4b@gont.com.ar> <10f89b7cbe784881bd22b4af81577aa6@huawei.com> <CAN-Dau0nz0TouDnz5pei0MCmTzSbP8q+gHLx1m0sxX0hsuPX3w@mail.gmail.com>
In-Reply-To: <CAN-Dau0nz0TouDnz5pei0MCmTzSbP8q+gHLx1m0sxX0hsuPX3w@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.45.146.215]
Content-Type: multipart/alternative; boundary="_000_b9f33aa499b043bb90ff926731db9739huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/5thFPF4C27vP-7hWeUQPW4I4dKA>
Subject: Re: [v6ops] Are we competitive?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2022 08:00:01 -0000

It is possible every time people talk about NAT to say
“Yes for NAT, but the NPT flavor of NAT is better. It preserves ports and IID, hence it does not need logging and fewer interrupt applications. It is stateless, hence cheaper and scalable.”

It is still possible that some extremely conservative person would insist on stateful translation.
I hope the majority would agree to NPT. Then even conservative people would choose NPT because of the more popular solution.

IMHO: it is doable to move the market to NPT.
IMHO: it is NOT doable to cancel NAT completely.
Ed/
From: David Farmer [mailto:farmer=40umn.edu@dmarc.ietf.org]
Sent: Thursday, August 11, 2022 2:59 PM
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
Cc: Fernando Gont <fernando@gont.com.ar>; IPv6 Operations <v6ops@ietf.org>; buraglio@es.net
Subject: Re: [v6ops] Are we competitive?

It may be evident to you and me, but it’s not necessary evident to everyone. Furthermore, you need to discuss NAT66, if you have any hope of showing that NPT is a superior solution to NAT66. The idea that NAT66 will go away if we just don’t talk about it, is utterly false.

The point that I and others are trying to make is that NAT66 exists and it needs to be talked about. Do you, I, and most others in this conversation think there are better solutions in almost all cases, sure, but you don’t convince anyone else of that fact without discussing NAT66.

Thanks.

On Thu, Aug 11, 2022 at 04:54 Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org<mailto:40huawei.com@dmarc.ietf.org>> wrote:
Hi Fernnado,
You are right that people are not always logical.
But for the "NAT66 against NPT" the choice is evident.
IMHO: It is possible to prove by logic.
Let's try.
If NAT is inevitable then let it better be NPT.
Eduard
-----Original Message-----
From: Fernando Gont [mailto:fernando@gont.com.ar<mailto:fernando@gont.com.ar>]
Sent: Thursday, August 11, 2022 11:48 AM
To: Vasilenko Eduard <vasilenko.eduard@huawei.com<mailto:vasilenko.eduard@huawei.com>>; buraglio@es.net<mailto:buraglio@es.net>
Cc: IPv6 Operations <v6ops@ietf.org<mailto:v6ops@ietf.org>>; Xipengxiao <xipengxiao@huawei.com<mailto:xipengxiao@huawei.com>>
Subject: Re: [v6ops] Are we competitive?

Hi, Eduard,

On 11/8/22 04:46, Vasilenko Eduard wrote:
> Hi Nick,
>
> If no use case for NAT66 specifically
>
> Then I propose never mentioning it again.
>
> For a few NAT cases that I have in mind (like MHMP environment)
>
> NPT is much better.

Comparing NPT with NAT66 is a bit like comparing a steak with a burger.
  People probably don't eat burgers over stakes because they are better, but rather because there are other properties that seem attractive -- e.g. "you know what you are getting", "tastes the same everywhere", "you're used to it", "it's fast", "you can probably buy it nearby", or the like (not necessarily prioritizing the same properties that other people might prioritize)

In this case, any folk that can get his/her problem solved by solving it with what he/she already knows, with well understood properties, will probably do it that way.

Example: I ran into a VPN deployment (access corporate stuff) where IPv4 connectivity was RFC1918/NAT as expected, and where the v6 part was ULA/NAT66.

* Did it solve the problem that it was meant to solve? - Yes

* How would we have changed such deployment if NAT66 was removed? -- Probably global IPv6 + a stateful (diode-like) firewall.

The setup felt familiar to the network folks, and at the end of the day was acceptable for the security folk (me) -- "win"-"win"... so let's spend our time on a problem we actually had, or things that warranted more attention.

Going back to the beef analogy: If you are into the meat business, you probably want folks to be able to pick among burgers and stakes, as opposed to go for, say, vegetables, because they can't get their quick-and-tasty burger. :-)

P.S.: Apologies for the (possibly questionable) analogies ;-)

Thanks,
--
Fernando Gont
e-mail: fernando@gont.com.ar<mailto:fernando@gont.com.ar>
PGP Fingerprint: 7F7F 686D 8AC9 3319 EEAD C1C8 D1D5 4B94 E301 6F01
_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops
--
===============================================
David Farmer               Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu>
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email