IETF Logo Mail Archive

Re: [v6ops] Supporting IPv6-only Networks with NAT64 and DNS64 section of draft-ietf-v6ops-rfc6555bis-01

Mark Andrews <marka@isc.org> Thu, 29 June 2017 05:52 UTC

Return-Path: <marka@isc.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A622127867 for <v6ops@ietfa.amsl.com>; Wed, 28 Jun 2017 22:52:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rfb_Yry-pvUL for <v6ops@ietfa.amsl.com>; Wed, 28 Jun 2017 22:52:55 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 198201275C5 for <v6ops@ietf.org>; Wed, 28 Jun 2017 22:52:55 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 236193493BB; Thu, 29 Jun 2017 05:52:52 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 0F0D5160047; Thu, 29 Jun 2017 05:52:52 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id F13E2160070; Thu, 29 Jun 2017 05:52:51 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id HGrnDm_L3-ns; Thu, 29 Jun 2017 05:52:51 +0000 (UTC)
Received: from [172.30.42.89] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 24126160047; Thu, 29 Jun 2017 05:52:50 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <E2E6CC85-D408-447B-9AD9-CD4CE9A8F196@gmail.com>
Date: Thu, 29 Jun 2017 15:52:48 +1000
Cc: Erik Kline <ek@google.com>, IPv6 Ops WG <v6ops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <DEBD4FE0-8A99-40A1-8FF1-113B7EEAD737@isc.org>
References: <149670589074.3841.10812713591494006570@ietfa.amsl.com> <C22244D7-ABF6-430B-8155-8D4C1C1382DF@apple.com> <FA0D06E7-47F9-4029-81D4-2D96BFDD5576@consulintel.es> <65F3C8F4-6533-4C15-83F9-64AFC0EFFA79@apple.com> <4AC6726C-142E-48E5-95CF-2C3AD3331441@consulintel.es> <738488839.469942.1498664001646@mail.yahoo.com> <20170628220025.4FA447CB2073@rock.dv.isc.org> <280023835.899017.1498705302254@mail.yahoo.com> <47F7A2D8-9516-4E25-A673-40D6293B7CE7@isc.org> <CAAedzxpk_TTvT1n_NtCFp94Hdha1mHaSJDR0u3Fqx14q7-ha_w@mail.gmail.com> <20170629051741.38EB67D005C0@rock.dv.isc.org> <E2E6CC85-D408-447B-9AD9-CD4CE9A8F196@gmail.com>
To: Fred Baker <fredbaker.ietf@gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/CBPb2hOqDrHZA8hMnS8Gk_qDUwQ>
Subject: Re: [v6ops] Supporting IPv6-only Networks with NAT64 and DNS64 section of draft-ietf-v6ops-rfc6555bis-01
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jun 2017 05:52:56 -0000

> On 29 Jun 2017, at 3:30 pm, Fred Baker <fredbaker.ietf@gmail.com> wrote:
> 
> 
> On Jun 29, 2017, at 7:17 AM, Mark Andrews <marka@isc.org> wrote:
>> The real problem is the choice to promote DNS64/NAT64.  Just because
>> it works "well enough" in the cellular envionment *where there is
>> little to no DNSSEC being used (read as epsilon)*, that is not a
>> reason to promote it as a *general* solution for IPv6-only networks.
>> Doing that will come back to bite us in the future.
> 
> I'm not sure I disagree, in the sense that the preferred approach would be to move the application to IPv6. That said, isn't the point that it hasn't yet been moved but the network is? The only option other than "translate" is "don't turn off IPv4". I think that will be a common solution. But when the network is turning off IPv4 and an IPv6-capable option isn't available for an application, I think they're not going to ask your opinion. They're going to do something that works for them.

There are other mechanisms to reach IPv4 machines from IPv6-only
networks.  DS-Lite in host mode is one such mechanism.  That works
with IPv4 literals and it works with DNSSEC.  It does require that the
host listen for the DHCPv6 option and establish a tunnel based on the
data in that option.  The host can preference IPv6 over IPv4 when sorting
the addresses to try.  It provides a fallback when the AAAA records are
broken or the service is only available over IPv4.

DS-Lite host mode shouldn’t have TCP PMTU issues as the MSS size
advertised should be accounting for reduced size.  For NAT64 you need
to do mss fixup hacks to avoid this.  NAT64 and DS-Lite have the same
PMTU limitations with UDP (just the effective MTU is a touch higher with
NAT64).

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email