IETF Logo Mail Archive

Re: [v6ops] Operational Consensus on deployment

Tore Anderson <tore@fud.no> Mon, 11 August 2014 07:30 UTC

Return-Path: <tore@fud.no>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14A041A035A for <v6ops@ietfa.amsl.com>; Mon, 11 Aug 2014 00:30:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level:
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V5GfHt2wb6Mn for <v6ops@ietfa.amsl.com>; Mon, 11 Aug 2014 00:30:44 -0700 (PDT)
Received: from greed.fud.no (greed.fud.no [IPv6:2a02:c0:1001:100::145]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 986A41A0359 for <v6ops@ietf.org>; Mon, 11 Aug 2014 00:30:44 -0700 (PDT)
Received: from [2a02:c0:2:1:1194:17:0:1000] (port=54917 helo=echo.ms.redpill-linpro.com) by greed.fud.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <tore@fud.no>) id 1XGk3x-0006Oa-Tb; Mon, 11 Aug 2014 09:30:37 +0200
Message-ID: <53E870CB.9030803@fud.no>
Date: Mon, 11 Aug 2014 09:29:15 +0200
From: Tore Anderson <tore@fud.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.7.0
MIME-Version: 1.0
To: "Fred Baker (fred)" <fred@cisco.com>, Ross Chandler <ross@eircom.net>
References: <256EAE0B-5C11-42C7-BCA1-CEC7EE6713A7@cisco.com> <53DFD634.4020304@fud.no> <53E0C548.9050706@fud.no> <5C9FC57A-0DA5-4D36-84AE-CF1D6D17FB44@eircom.net> <53E1C587.4000506@fud.no> <3EC4EB99-F877-478D-BFE6-959F58127579@eircom.net> <53E35B3D.3080903@fud.no> <3A1BBD31-FEE7-4656-8C5F-041A959BA0A6@eircom.net> <AA73E6E8-EE99-4E19-B73B-AAE4C449C521@cisco.com>
In-Reply-To: <AA73E6E8-EE99-4E19-B73B-AAE4C449C521@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/Ad-hcXa9UyHLp1gA3efh9CsmuBE
Cc: IPv6 Ops WG <v6ops@ietf.org>
Subject: Re: [v6ops] Operational Consensus on deployment
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Aug 2014 07:30:46 -0000

* Fred Baker (fred)

> On Aug 9, 2014, at 12:07 PM, Ross Chandler <ross@eircom.net> wrote:
> 
>> How about the case of an IPv6-only DC network with multiple
>> separate SIIT-DC translation prefixes (mentioned in Sec 3.4). Which
>> translation prefix will be used in the case where DNS64 (Sec 3.3)
>> is also being used? It seems like DNS64 might only work easily with
>> a single translation prefix.
> 
> RFC 6147 is designed for one translation prefix. One could imagine a
> translation prefix per tenant, and you would (at least in concept)
> need a DNS64 per tenant. That is unless you got smart and looked at
> the source address of the packet to see which tenant it came from.

I'm thinking that multiple instances is an advanced topic that would be
better documented in a separate draft. I'd preferably like to keep this
draft concise and to the point, thus making it easy to read and understand.

In any case, multiple SIIT instances should be relatively
straightforward. If the applications in questions are server-style ones
that are merely responding to client traffic (think HTTP) then it's
really a no-brainer, as the inbound client traffic will already have a
source IPv6 address within the appropriate SIIT instance's translation
prefix, to which the server will respond accordingly automatically.

If on the other hand it's the IPv6 application that is responsible for
initiating traffic to IPv4 destinations, then it would need to choose
the appropriate translation prefix for synthesising the IPv4-mapped IPv6
address to initiate communication to. It would have to do that even if
there is only one SIIT instance, too.)

If the application is using DNS, then DNS64 could be used for this
purpose, which could be deployed in a number of ways (locally on the
server itself, dedicated DNS64 servers per SIIT instance, one DNS64
server but with multiple views per SIIT instance, ...).

Other options would be for the application to synthesise the IPv4-mapped
addresses itself according to RFC6052, in which case the choice of
translation prefix (and thus the SIIT instance) would be a configuration
options; or finally, you could use the host agent approach, in which
case the translation prefix (and thus the SIIT instance) becomes part of
the host agent's configuration instead.

Tore

v2.23.0 | Report a Bug | By Email