IETF Logo Mail Archive

[v6ops] Re: Fwd: New Version Notification for draft-link-v6ops-claton-03.txt

Jen Linkova <furry13@gmail.com> Fri, 07 June 2024 07:35 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 883DDC180B5B for <v6ops@ietfa.amsl.com>; Fri, 7 Jun 2024 00:35:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.845
X-Spam-Level:
X-Spam-Status: No, score=-1.845 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qSDmTd4TSPAh for <v6ops@ietfa.amsl.com>; Fri, 7 Jun 2024 00:35:13 -0700 (PDT)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA684C16943E for <v6ops@ietf.org>; Fri, 7 Jun 2024 00:35:13 -0700 (PDT)
Received: by mail-lj1-x234.google.com with SMTP id 38308e7fff4ca-2eab0bc74caso16048031fa.0 for <v6ops@ietf.org>; Fri, 07 Jun 2024 00:35:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717745711; x=1718350511; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=aQH01q1LeAmzSHI+V2LBz1IY8s67sLOFliGJWmBA3R0=; b=ie3RT2VeP3Bbfi2AAKfmlaaS1qGS2R5oHOKtnFom4Lwmz2GMWShCsZLBtMYfvYyIOO r7AWhgSLbL9o9v3Y8B6kGh78+XW8Q2nPOj4Lod4s+skrezIbDVix8WU7vR2JVEhyzXWq qZu49xv0eEDW1V3LyNcTbW59LaK1+Gs/5bKMwbvUVikMEfi/KA+bEZCWLrBzYMsbzwqS CwqnfJ4kyVV7GSXcrvxi9dnQWBleynKYSis7cn4H/Z4g6QzAihOsE6205TTU5eZm4ERP xoT0dbSRrw0yX2yHeaqd7KNh0bkDX4eeHRt1D1oK4bYnfI/EoPtGjsKrTZwfGrnMIC8U xc8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717745711; x=1718350511; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aQH01q1LeAmzSHI+V2LBz1IY8s67sLOFliGJWmBA3R0=; b=g8VX2uv2Al8DMOQEPMVMuHsX4QsMm11hwiJ9XNd1onQQc3Q6qf1TM+Vox7S9rjfvwe lAvA/PRSG1M8SYLzjzXOrG6XAya9TfdHStz9nbGPC5ZGnIo7g9hR+7TwqFW5UR8ZEWwA mUJmIzAd6wohvMfauSwsiLhJZr9F7CgLAqVtmV1AeZRwNJJFxAXz9snQOOMhSuqfvTsS nUZNbcbM66JT3fx4+xob/lruOB4IsJDpxwvy5ywZ5fpsgidypUEvVV8cuSWb6O//weMN rhOdPUNPF2Y9LQJrb0KVWzYk8uRc8g9MkVKLIm3gJ/MruWn7rQwhOj4GbFsRTU3o8TKR Js+w==
X-Gm-Message-State: AOJu0YybCCC5ZVppbYoWMnlFrbNrcyngucfbZG3kq3x4buOd+F8s3Jse eJZ/YgOMgCk9X+ofBA9DzAcHaOjocO2oYby36i6WyejNNNP+PPuPjfvEdqBvcWrk2j/i6Qd3nOZ COn11P9rmvUTQHsTXOhXW8HdTC6k=
X-Google-Smtp-Source: AGHT+IET/RVyOpVb9K1rl4iw3d1fx/pXIusI/qGO7q2hBG1ip0ZNZsqw1R9uskOU/VWrFVz5vuJWqvMZoHn4GBKOmOU=
X-Received: by 2002:a05:651c:a0d:b0:2ea:9038:3018 with SMTP id 38308e7fff4ca-2eadce3fb9emr6136951fa.14.1717745711224; Fri, 07 Jun 2024 00:35:11 -0700 (PDT)
MIME-Version: 1.0
References: <171656605305.48682.1088678194134276372@ietfa.amsl.com> <CAFU7BAQGyuEJ1iLSEyKQE__kmihV_TgEOmPyepdt08yEFTuh1Q@mail.gmail.com> <CAKr6gn3Zcsw_mX2OrTszBHCgCpJQGFYVckBeMN-YPUG-H2T1kQ@mail.gmail.com>
In-Reply-To: <CAKr6gn3Zcsw_mX2OrTszBHCgCpJQGFYVckBeMN-YPUG-H2T1kQ@mail.gmail.com>
From: Jen Linkova <furry13@gmail.com>
Date: Fri, 07 Jun 2024 17:35:00 +1000
Message-ID: <CAFU7BAQBkiM5CZMLFdYZDjUwzarj55rv6j6Zp4xT-mAeCZjFug@mail.gmail.com>
To: George Michaelson <ggm@algebras.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: PXWCFAFBPLQJD6HPIM2ZMMIFUDAM7IOF
X-Message-ID-Hash: PXWCFAFBPLQJD6HPIM2ZMMIFUDAM7IOF
X-MailFrom: furry13@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-v6ops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: V6 Ops List <v6ops@ietf.org>, Tommy Jensen <Jensen.Thomas@microsoft.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [v6ops] Re: Fwd: New Version Notification for draft-link-v6ops-claton-03.txt
List-Id: v6ops discussion list <v6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/GJ_LLX46L81t2JHVZAnvjsrgQ8E>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Owner: <mailto:v6ops-owner@ietf.org>
List-Post: <mailto:v6ops@ietf.org>
List-Subscribe: <mailto:v6ops-join@ietf.org>
List-Unsubscribe: <mailto:v6ops-leave@ietf.org>

Hi George,

Sorry for the delayed response, catching up with emails post-vacation..

On Sat, May 25, 2024 at 9:15 AM George Michaelson <ggm@algebras.org> wrote:
> In practice what does "disabling CLAT" look like. Is it different to a classic DHCP renegotiate with address change? Or a v6 privacy address change?

I'm not sure how much should be specified in this doc, and how much
should be left to implementations to decide.
How about we update the text to say that the node should remove the
clat IPv4 address and the corresponding default route?

> What happens to active bound associations through the CLAT basically. "Stop" can be sudden or graceful but graceful incurs timer and tail cost.

The main reason to disable CLAT immediately upon obtaining native IPv4
connectivity is to mitigate an attack.
Practically it means that if the node has CLAT running and then IPv4
appears, there is a pretty good chance that existing CLAT flows are
affected by either MitM or DoS. Therefore it would make sense to tear
them down anyway and let them re-establish over native IPv4.
Would you like this to be explicitly clarified in the text?

> "While disabling CLAT is impactful for all applications and traffic flows already utilizing CLAT, it is recommended not only from performance perspective, but also from security point of view."
>
> I think a little more is needed. Active TCP connections will fail in flight. Quic and other address agile session models will be robust but other applications and protocols may not be. Cached rtt and other structural state will no longer apply and path selection through the upstream which shards on the 5 tuple will change.

So would you like to elaborate on details of the impact? I'm just not
sure how much value it would add to the draft but happy to add more
text there.

> On Sat, 25 May 2024, 2:13 am Jen Linkova, <furry13@gmail.com> wrote:
>>
>> Hello,
>>
>> Here is the updated version of the CLAT recommendations draft.
>> The key changes:
>> - some sections are reordered to improve readability
>> - the draft now recommends disabling CLAT as soon as IPv4 connectivity
>> becomes available (not doing so would have not just performance
>> implications but security ones as well)
>> - a (simplified) diagram is added to illustrate the logic of enabling
>> and disabling CLAT.
>>
>> Comments are appreciated.
>>
>>
>>
>> ---------- Forwarded message ---------
>> From: <internet-drafts@ietf.org>
>> Date: Sat, May 25, 2024 at 1:54 AM
>> Subject: New Version Notification for draft-link-v6ops-claton-03.txt
>> To: Jen Linkova <furry13@gmail.com>, Tommy Jensen <tojens@microsoft.com>
>>
>>
>> A new version of Internet-Draft draft-link-v6ops-claton-03.txt has been
>> successfully submitted by Jen Linkova and posted to the
>> IETF repository.
>>
>> Name:     draft-link-v6ops-claton
>> Revision: 03
>> Title:    464 Customer-side Translator (CLAT): Node Recommendations
>> Date:     2024-05-24
>> Group:    Individual Submission
>> Pages:    14
>> URL:      https://www.ietf.org/archive/id/draft-link-v6ops-claton-03.txt
>> Status:   https://datatracker.ietf.org/doc/draft-link-v6ops-claton/
>> HTML:     https://www.ietf.org/archive/id/draft-link-v6ops-claton-03.html
>> HTMLized: https://datatracker.ietf.org/doc/html/draft-link-v6ops-claton
>> Diff:     https://author-tools.ietf.org/iddiff?url2=draft-link-v6ops-claton-03
>>
>> Abstract:
>>
>>    464XLAT ([RFC6877]) defines an architecture for providing IPv4
>>    connectivity across an IPv6-only network.  The solution contains two
>>    key elements: provider-side translator (PLAT) and customer-side
>>    translator (CLAT).  This document provides recommendations on when a
>>    node shall enable or disable CLAT.
>>
>>
>>
>> The IETF Secretariat
>>
>>
>>
>>
>> --
>> Cheers, Jen Linkova
>>
>> _______________________________________________
>> v6ops mailing list -- v6ops@ietf.org
>> To unsubscribe send an email to v6ops-leave@ietf.org



-- 
Cheers, Jen Linkova

v2.39.1 | Report a Bug | By Email | System Status