Re: [v6ops] draft-palet-v6ops-464xlat-opt-cdn-caches
Fred Baker <fredbaker.ietf@gmail.com> Fri, 28 June 2019 13:54 UTC
Return-Path: <fredbaker.ietf@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31EF512004A for <v6ops@ietfa.amsl.com>; Fri, 28 Jun 2019 06:54:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0RWowMJdYIZu for <v6ops@ietfa.amsl.com>; Fri, 28 Jun 2019 06:54:49 -0700 (PDT)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF1141200B5 for <v6ops@ietf.org>; Fri, 28 Jun 2019 06:54:48 -0700 (PDT)
Received: by mail-wr1-x42e.google.com with SMTP id f15so6429568wrp.2 for <v6ops@ietf.org>; Fri, 28 Jun 2019 06:54:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:date:subject:message-id :references:in-reply-to:to; bh=bNbiq0lflAObp/QwRana86ZeymZVNpobNnr9nLT1Tao=; b=lzLxQbZWR3PVCmE5B4CCpMa4qWnUQtr8yNJwMhJe1dfh5jSqsxrMqMO4F13rdDdbbO +1Vjjp6qfA2Hu8ZOPoA107S5xyvzuwMoS4ZkNoeetYB7nupBLzoQo9xGzgswuTuOHxJA HvXG5hjF9bsHRrev7rol3hmFkBVXbs5dccOl+M3itqTnMtcDY7Q8EwJfBpkmbOjqmoMv 0/C4bMEwV4e4pYaN94zMIC8mTswIoltmPYvDS4yZ+TBNL6KOW76zdoGP+v2qKehuUeNW /8z3Lv025usxG/DmBAi24StHpU4Qqq2wi2mrt2alTd64bZzzJF2fZZzeF/vzQzi1AfCE A8Iw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version:date :subject:message-id:references:in-reply-to:to; bh=bNbiq0lflAObp/QwRana86ZeymZVNpobNnr9nLT1Tao=; b=HhJvUtWmrerqNeQRCP3jhsNXmWrDxkkfhXbolC8YDHahhqn7IRmk684T/th3nzG2T+ FPpb/T8HUKzVXtJtYO17cT68BQAXddtt5pBzKYbg1oXz+nlCrEH73gFlk75GpN8iD0rh ywURjROxfy0QggeW0EpU698xYU4WlrP+aNb9ozQSmGjWOvmy9g6Q7Zj9/qobgF9e2ETg cJnKhqsH+L+E1AevEZJtpaPmbvxpBvbDbrLzbJlA2IRyeA+hEVmzMeUtBdJen0GdaqZM EKdyFrOVszv1blCmEoqWr3X4YrNM+wb75bRB31WVAjHPvKr3KkK9riyYXH5BWr1lgpuE aMYQ==
X-Gm-Message-State: APjAAAXYtaziStPiRHeUJLGb9mekgNaYR0FrN1Lr/hmJyB5WJVgNDbmI 2uBjpJBz6GnY98aO+8ML9JeqBJkl+/4=
X-Google-Smtp-Source: APXvYqyupdgqstdiqGOLMWWVSLm+RH/sqA1YygirfAz250jSvFZjBQju8OueV9vv0SzUU+blNPrdng==
X-Received: by 2002:adf:f951:: with SMTP id q17mr7855259wrr.173.1561730086766; Fri, 28 Jun 2019 06:54:46 -0700 (PDT)
Received: from [10.137.140.201] ([104.244.9.242]) by smtp.gmail.com with ESMTPSA id f204sm2986808wme.18.2019.06.28.06.54.45 for <v6ops@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 28 Jun 2019 06:54:45 -0700 (PDT)
From: Fred Baker <fredbaker.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-955DD965-E372-447D-9816-3439A1B0779E"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
Date: Fri, 28 Jun 2019 14:54:44 +0100
Message-Id: <D4014EF2-7CD5-4A8E-8DBB-3BA02B663F6C@gmail.com>
References: <291EE30B-D299-4EA1-8C8B-53F4BE6A9B07@gmail.com>
In-Reply-To: <291EE30B-D299-4EA1-8C8B-53F4BE6A9B07@gmail.com>
To: v6ops@ietf.org
X-Mailer: iPad Mail (16G5046d)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/62jrHBpeugm2zH8q_GTXLAeX7cE>
Subject: Re: [v6ops] draft-palet-v6ops-464xlat-opt-cdn-caches
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2019 13:54:51 -0000
I’m reading through this draft, and feel some comments are in order on the issues marked “TBD”. In this case, I’m writing as an individual. In the general problem and proposed solutions, I agree that the problem statement makes sense (it is comparable to the problem statement in SIIT-DC), and section 4.2 (also comparable to SIIT-DC) seems to present the solution with the least impact on the network and its surrounding devices. A few thoughts: > The information in the EAMT MUST be kept timely-synchronized with the > AAAA records TTL's. In order to achieve that, each EAMT entry MUST > update with each A query, the TTL of the relevant AAAA record. > Update of RFC7757 ? TBD. I don’t view this as changing 6145/7915’s algorithm. I need to understand how this changes 7757 to agree that it updates it. > SIIT already has a SHOULD for EAM support. TBD. 464XLAT may be > updated by this document so the CLAT has a MUST for EAM support. THe fact that you want it for this use case doesn’t mean that it is required by all use cases. I’d want to hear that argument before agreeing to “MUST”. And in any event, what is the argument for 2119 language in an informational document? This is beginning to sound more like a Proposed Standard... > TBD. Should we recommend having A "null" records for IPv6-only > services in Internet? A web page IPv4-only hosted by IETF(?) showing > "sorry this web page/service is only available from IPv6 enabled > operators"? I’m very concerned about requiring something that is not going to be DNSSEC-compatible, which it seems such a “null” record has to be. I’m also concerned about something that forces a change to DNS implementations, as a change to the interpretation of an A resource record seems likely to do. An A resource record advertises an IPv4 address that one can expect to work under some set of conditions, and a “null” record seems to advertise an address whose set of conditions for validity would be null. So this is something I would be concerned to find, and would expect to require dnsop support for before I was willing to accept it. > TBD. Other risks to consider ? If a CE is misconfigured, even a > small percentage of broken CEs may bring the content providers to > switch back to IPv4-only. So possible failure cases need to be > carefully considered for every possible solution approach. > > TBD. Should a way to manually exclude EAMT entries be considered? > May be a manual config in the CPE and by means of operator config. > This is way-out to ensure nothing is broken by surprise and is not > solvable. I’m not an operator. I would expect any operator reading this to say “heavens no, no manual or specific configurations. Make this just fall out of normal operations.” Operators, please feel free to agree or disagree, and say why. > This document does not have any new specific security considerations. The question about “broken CEs” seems to point to a security consideration. In what way might they be misconfigured, and what would the effect be?
- [v6ops] draft-palet-v6ops-464xlat-opt-cdn-caches Ron Bonica
- Re: [v6ops] draft-palet-v6ops-464xlat-opt-cdn-cac… Fred Baker
- Re: [v6ops] draft-palet-v6ops-464xlat-opt-cdn-cac… JORDI PALET MARTINEZ
- Re: [v6ops] draft-palet-v6ops-464xlat-opt-cdn-cac… JORDI PALET MARTINEZ
- Re: [v6ops] draft-palet-v6ops-464xlat-opt-cdn-cac… Mudric, Dusan (Dusan)
- Re: [v6ops] draft-palet-v6ops-464xlat-opt-cdn-cac… JORDI PALET MARTINEZ
- Re: [v6ops] draft-palet-v6ops-464xlat-opt-cdn-cac… Martin Hunek
- Re: [v6ops] draft-palet-v6ops-464xlat-opt-cdn-cac… JORDI PALET MARTINEZ