[v6ops] 464XLAT in Multi-interface environments (was: I-D Action: draft-ietf-v6ops-claton-02.txt)

Philipp Tiesel <philipp@tiesel.net> Wed, 30 October 2024 15:39 UTC

Return-Path: <philipp@tiesel.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B812FC14F71B for <v6ops@ietfa.amsl.com>; Wed, 30 Oct 2024 08:39:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eBgoarjrZ5-q for <v6ops@ietfa.amsl.com>; Wed, 30 Oct 2024 08:39:02 -0700 (PDT)
Received: from einhorn-mail-out.in-berlin.de (einhorn-mail.in-berlin.de [217.197.80.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AED75C14F619 for <v6ops@ietf.org>; Wed, 30 Oct 2024 08:38:59 -0700 (PDT)
X-Envelope-From: philipp@tiesel.net
X-Envelope-To: <v6ops@ietf.org>
Received: from x-berg.in-berlin.de ([IPv6:2a0a:4580:1018:0:5054:ff:feb2:aa6a]) by einhorn.in-berlin.de with ESMTPS id 49UFcvkx1059184 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for <v6ops@ietf.org>; Wed, 30 Oct 2024 16:38:57 +0100
Received: from x-berg.in-berlin.de ([217.197.86.42] helo=smtpclient.apple) by x-berg.in-berlin.de with esmtp (Exim 4.94.2) (envelope-from <philipp@tiesel.net>) id 1t6Ame-00066B-Pc for v6ops@ietf.org; Wed, 30 Oct 2024 16:38:56 +0100
From: Philipp Tiesel <philipp@tiesel.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.200.121\))
Date: Wed, 30 Oct 2024 16:38:46 +0100
References: <172954645439.2070596.1455805667911500824@dt-datatracker-78dc5ccf94-w8wgc>
To: v6ops@ietf.org
In-Reply-To: <172954645439.2070596.1455805667911500824@dt-datatracker-78dc5ccf94-w8wgc>
Message-Id: <5009F747-6459-4F9F-BF83-C1F3437B5CC4@tiesel.net>
X-Mailer: Apple Mail (2.3826.200.121)
Message-ID-Hash: NLJW4YI3SY5KJ4OGDMOJQ3MOAGQSLUUH
X-Message-ID-Hash: NLJW4YI3SY5KJ4OGDMOJQ3MOAGQSLUUH
X-MailFrom: philipp@tiesel.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-v6ops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [v6ops] 464XLAT in Multi-interface environments (was: I-D Action: draft-ietf-v6ops-claton-02.txt)
List-Id: v6ops discussion list <v6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/IaZvInomLPCSuaqmou1YYriW5sc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Owner: <mailto:v6ops-owner@ietf.org>
List-Post: <mailto:v6ops@ietf.org>
List-Subscribe: <mailto:v6ops-join@ietf.org>
List-Unsubscribe: <mailto:v6ops-leave@ietf.org>

Hi,

While reading draft-ietf-v6ops-claton-02, I spottet a little inconsistency that may need to some wider discussion:

> 5. Enabling CLAT
> 
> For performance and security reasons CLAT MUST NOT be enabled if the
> node has IPv4 native connectivity over the given interface.
> Therefore recommendations provided in this section are only
> applicable to an IPv6-only node (a node which does not have a native
> IPv4 default route configured).

There is a subtile difference between 
- a node that has no native IPv4 on a given interface and
- a node that has no a native IPv4 default route  

Let’s consider the following case: I have a node with a 3GPP interface that has a native IPv4 address and no IPv6, e.g., because of data roaming, and a Wifi interface that has no IPv4 address and can be configured for 464XLAT with a NAT64 prefix discovered by PRE64 RA option.

The former definition (no native IPv4 on a given interface) would allow the OS to use 464XLAT on the (most probably preferable) Wifi interface while the latter (no a native IPv4 default route on the node) would not. 

I would suggest either to remove the second sentence from section 5 or add some more detailed discussion on this case (happy to contribute text if requested).

AVE!
   Philipp