IETF Logo Mail Archive

Re: [v6ops] draft-troan-v6ops-extending-network-reqs

"Delong.com" <owen@delong.com> Wed, 11 October 2023 19:11 UTC

Return-Path: <owen@delong.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C44BBC14CE2C for <v6ops@ietfa.amsl.com>; Wed, 11 Oct 2023 12:11:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=delong.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pGMKaPMnTeyu for <v6ops@ietfa.amsl.com>; Wed, 11 Oct 2023 12:11:15 -0700 (PDT)
Received: from owen.delong.com (owen.delong.com [IPv6:2620:0:930::200:2]) by ietfa.amsl.com (Postfix) with ESMTP id 7EB86C1516E9 for <v6ops@ietf.org>; Wed, 11 Oct 2023 12:11:15 -0700 (PDT)
Received: from smtpclient.apple (75-10-5-143.lightspeed.sntcca.sbcglobal.net [75.10.5.143]) (authenticated bits=0) by owen.delong.com (8.17.1/8.15.2) with ESMTPSA id 39BJAwwb3682996 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 11 Oct 2023 19:10:59 GMT
DKIM-Filter: OpenDKIM Filter v2.11.0 owen.delong.com 39BJAwwb3682996
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delong.com; s=mail; t=1697051459; bh=FFFGi5scZ0+XJ9/LRO6EPerabORTumjuPUE/EjyVLlI=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=wf2NVnO7LQ7UrwZ9EH7uiWObMwK8QKml44NLZXrdqaftQw7la/F9gqlMY4RwXWz7Y D0glWpP7LCmr3PvqPvoHX1VWpoBNYeB/cojjCS13ftWSaTcpAmwz0Nt4fsvMylcbnf vWJb7jx4k5RbX1rCjBk3Boib8uIM5lVFGUGnB8ic=
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: "Delong.com" <owen@delong.com>
In-Reply-To: <6A0CE502-38F1-4FB1-AA7F-207D6719A306@employees.org>
Date: Wed, 11 Oct 2023 12:10:48 -0700
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, Lorenzo Colitti <lorenzo@google.com>, "v6ops@ietf.org list" <v6ops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0CF25BD2-9B77-479E-81A7-54E044A5F7BF@delong.com>
References: <E22E8DF1-2CDD-4937-B887-9D4C240313B6@employees.org> <CAKD1Yr1icNF=5j2sebUJFyGV=Mjuh=scLPJ05rL9Mjp_8oFcaA@mail.gmail.com> <2AAD988F-9F6C-414A-9905-024638BEF018@employees.org> <38943642-82ab-64cf-12d3-51066fb5fc44@gmail.com> <6E609BA6-894B-43D7-87F5-5B90763834A7@delong.com> <6A0CE502-38F1-4FB1-AA7F-207D6719A306@employees.org>
To: Ole Troan <otroan@employees.org>
X-Mailer: Apple Mail (2.3731.600.7)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.4 (owen.delong.com [192.159.10.2]); Wed, 11 Oct 2023 19:10:59 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/6nwetyAlenRFTiiByFHa3lI3Shg>
Subject: Re: [v6ops] draft-troan-v6ops-extending-network-reqs
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Oct 2023 19:11:19 -0000

Yes… NPT is definitely the least bad of the bunch, I agree with your NPTv6>NAT66>NAPT66 expression.

However, NPT is “better” in the same sense that Syphilis is better than AIDS. Generally best to avoid both if at all possible.

Owen


> On Oct 11, 2023, at 03:34, Ole Troan <otroan@employees.org> wrote:
> 
> Owen,
> 
>> Yes please, ideally with a comment to the effect that “Any of the mechanisms which do not provide complete end-to-end address transparency and connectivity should be considered sub-standard and implemented only in circumstances where no better alternative exists.”
> 
> Yes, agree. While none of the NATs preserve end-to-end address transparency, NPTv6 preserves end-to-end reachability. Let me try to put together some text that includes that nuance.
> 
> Best regards,
> Ole
> 
> 
>> 
>> Owen
>> 
>> 
>>> On Oct 10, 2023, at 13:45, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>> 
>>> Ole,
>>> 
>>> To avoid a polemic here, maybe the draft should draw a clear line between solutions that do preserve e2e addresses and those that don't, with a note that the latter bring with them some or all of the documented issues with NAT. The topic is nicely described at https://www.rfc-editor.org/rfc/rfc6296.html#section-5 and of course in RFC 2993.
>>> 
>>> Regards
>>> Brian Carpenter
>>> 
>>> On 10-Oct-23 19:00, Ole Troan wrote:
>>>>> The draft completely ignores IPv6's ability to provide global end-to-end connectivity.
>>>> The document tries to describe how an extending node can achieve (some level) of connectivity “no matter what”. The intention is to provide an ordered list of mechanisms. Where of course NAPT66 is quite close to the bottom.
>>>>> 
>>>>> It does not cite it as a goal or, AFACIT, even mention it at all. This is a major problem I think. As an example, this line of thinking leads to the statement that the only mechanism that is guaranteed to work is NAPT66 because it's self-similar, and provides infinite extension. I wouldn't agree that it "works". Yes, it provides infinite extension. But it only provides infinite extension of partial connectivity. There's no advantage to doing that. We might as well provide the extended devices only with IPv4 connectivity. At least IPv4 stacks and applications are used to having to work around NAT, unlike IPv6 applications.
>>>> IPv6 applications also need to deal with NAT. That unfortunately happened with NAT64. And there are other use cases in IPv6 where some sort of identifier / locator split is required.
>>>> For some use cases NAPT66 is an acceptable tradeoff. It’s an operational choice.
>>>> It certainly gives good enough connectivity to set up a tunnel which a more transparent service can be provided over.
>>>>> I don't think we should publish anything about mechanisms that don't provide end-to-end connectivity, except maybe to discourage their use. They are great from a network operator perspective, but very painful for application developers.
>>>> I’d much rather we described it so we have some hope of deterministic behaviour from extending hosts.
>>>>> The draft tries to separate the mechanisms to extend the network from the mechanisms used to assign addresses. But I suspect that once we factor in the need (or even just the desire) to factor in end-to-end connectivity, those two can no longer be separated. For example: does DHCPv6 prefix delegation provide end to end connectivity? There is no way to answer that without knowing how addresses are assigned downstream. Delegating a /126 to a device that wants to share connectivity with two other devices does. Delegating it to a device that wants to share connectivity with 8 devices doesn't.
>>>>> 
>>>> Yes, we may not quite have found the right way of representing the various dimensions.
>>>> Which mechanism is used upstream is to independent of which mechanism is used to assign addresses, and also independent of how the networks is further extended.
>>>> That said, if we take a DHCPv6 PD network. There are some benefits of flat delegation. In that each level of extension asks for the individual links it needs numbered from a central DHCPv6 server, instead of a hierarchal delegation. When the flat model “stops”, some of these other mechanisms will have to come into play though.
>>>> Cheers,
>>>> Ole
>>>> _______________________________________________
>>>> v6ops mailing list
>>>> v6ops@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/v6ops
>>> _______________________________________________
>>> v6ops mailing list
>>> v6ops@ietf.org
>>> https://www.ietf.org/mailman/listinfo/v6ops
>> 
>> 
> 
>

v2.46.0 | Report a Bug | By Email | System Status