Re: [v6ops] draft-ietf-v6ops-enterprise-incremental-ipv6 WGLC

Lorenzo Colitti <lorenzo@google.com> Tue, 13 August 2013 04:07 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF27221E80A7 for <v6ops@ietfa.amsl.com>; Mon, 12 Aug 2013 21:07:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.622
X-Spam-Level:
X-Spam-Status: No, score=0.622 tagged_above=-999 required=5 tests=[FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DblpUnmQItT1 for <v6ops@ietfa.amsl.com>; Mon, 12 Aug 2013 21:07:35 -0700 (PDT)
Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id 1CFFC21E809E for <v6ops@ietf.org>; Mon, 12 Aug 2013 21:07:34 -0700 (PDT)
Received: by mail-ie0-f180.google.com with SMTP id aq17so9261333iec.25 for <v6ops@ietf.org>; Mon, 12 Aug 2013 21:07:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=7m3nqI/Hmxh9nATC+EjP/ssD8wxS3swxbfMU1mOrdkA=; b=ipR5zYfdtucICDkFDRsIVLwfeSLycHlZYiVhm9CO315FTWUO2QXEk/PTTJ/JWkNBkz nbrpQKVJjS3dSCpRPx7tD0keekuJ1qoFWeHWlnTPviea/YlBGFIbvnFLzQz2XsZ144kx C4zCz50b2CxEHt5wGjbSXqVYCiz3AeAR6kxRTtH2Th3p64f/kas8kwZHaXCigAH2Vu9T KrREGx14B5wsoi9a8WKzBh7K3/ZxVuiIWCPWv2eJ3BQ4uS547m+sr/oUGXp8/er1DDeR UW2uFDYf0+ngkF+dIMhJdVwqn7RBOiBqStgJUwBBESLMLcmDgBgL4JtUK33sCP/Ao8hh l+jg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=7m3nqI/Hmxh9nATC+EjP/ssD8wxS3swxbfMU1mOrdkA=; b=YvnYZybdMoNDl5gfCCgUM5vwZQHCdTHgzQjxyU9KLgOJU4CF6JoM7gNSqUGhYeJVp4 WV1cAg8VQFb9JAVCndInTZK4brXSOqiLqvnW0Yi6qTqH9qUpIdaZWKdLGRzijE5ybqN9 5H7exEDxXHTT8ratXoT/rCeeke0y44YUX2oZqNidrqCr9r9ugShyjg/K96dadFmlo4O1 2NvL88jSmFG8EYDCNEFTV+gpAtnhzrVfSJlULXZgE8udtFKMi1X2t55SN/Qv9r11mJ1s /6rWrpbt+3NFrcwiUcls3f200Tqzdztdq2x4ivhVKcGJag9FoTNvF9PPS+M0Yp2IF2Rk Nhcg==
X-Gm-Message-State: ALoCoQmgY6jvpBSwluVC4lFbrUWnpspmVNdqyot/CijB3ejkIr0WzB47OII17lH4tNdOeu4wPfU2fNBDdsnw3JDqLOHakcBGOTEDDQzLCo4EdA3bT7Cxe8F7Pu6Nb6us3eETNRApUcWMM19aiex7Xk+LR6z9RyLYwyUUtdhMdB9SDoSfX1o9r5ib6vpg3L5xOH9BCNAWfapU
X-Received: by 10.50.1.20 with SMTP id 20mr1308107igi.56.1376366854621; Mon, 12 Aug 2013 21:07:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.181.72 with HTTP; Mon, 12 Aug 2013 21:07:14 -0700 (PDT)
In-Reply-To: <CA6D42D0F8A41948AEB3864480C554F104AEB134@xmb-rcd-x10.cisco.com>
References: <201308041800.r74I03pC023049@irp-view13.cisco.com> <3374_1375690984_51FF60E8_3374_427_1_983A1D8DA0DA5F4EB747BF34CBEE5CD15C5041E1E5@PUEXCB1C.nanterre.francetelecom.fr> <8C48B86A895913448548E6D15DA7553B96E2C5@xmb-rcd-x09.cisco.com> <CAKD1Yr13GK_cuvkt2LpJ1qJo2NR8eUnY-xfwMF_zWfe0P1mm9g@mail.gmail.com> <8C48B86A895913448548E6D15DA7553B96EAE7@xmb-rcd-x09.cisco.com> <CAKD1Yr2_d=4uD1W4WcQ82rupjVJ4UmmQAQmtSY+aQgTXmscNUw@mail.gmail.com> <97EB7536A2B2C549846804BBF3FD47E113128FA2@xmb-aln-x02.cisco.com> <CA6D42D0F8A41948AEB3864480C554F104AE7A3F@xmb-rcd-x10.cisco.com> <CAKD1Yr2T4qhkwn+owX-VvfcgfxrCRZASHh6YeVZ+CjehhDMJVw@mail.gmail.com> <CA6D42D0F8A41948AEB3864480C554F104AEB134@xmb-rcd-x10.cisco.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Tue, 13 Aug 2013 13:07:14 +0900
Message-ID: <CAKD1Yr0pZw9QeAWXp9wb28CVkePHb63Qp8++cFB46dU2B+Mx9w@mail.gmail.com>
To: "Arie Vayner (avayner)" <avayner@cisco.com>
Content-Type: multipart/alternative; boundary=e89a8f64303473715504e3cc619a
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] draft-ietf-v6ops-enterprise-incremental-ipv6 WGLC
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2013 04:07:36 -0000

On Tue, Aug 13, 2013 at 2:34 AM, Arie Vayner (avayner) <avayner@cisco.com>wrote;wrote:

>  Actually, you can use NPTv6 to protect against it… ****
>
> If I have an external pool per site, traffic egressing that site would get
> a source routed back only to that site… Am I missing something?
>
As I said, NPTv6 by itself doesn't protect against this problem.

It only protect against this problem if each egress point is only reachable
using one prefix, and all the prefixes are different. To people used to
deploying NAT44 networks, this will likely be the only deployment model
that comes to mind, and thus it will appear to them that NPTv6 does solve
this problem.

But in fact, NPTv6 was supposed to be deployed statelessly. The very first
words of RFC6296 are "This document describes a stateless [...] function
[...] preserving end-to-end reachability at the network layer.". In the
introduction, it then goes on to say it "this specification provides a
mechanism that has fewer architectural problems than merely implementing a
traditional stateful NAT". If you were to deploy it statelessly, you would
have this problem.

The interesting point here, really, is that when the IETF says "NPTv6"
people hear "NAT66", when in fact they are supposed to be different. Out of
curiosity: Fred, as the co-author of RFC 6296, were you anticipating that
people would do this? Or was the belief actually that people would
understand the difference?