IETF Logo Mail Archive

Re: [v6ops] NAT64 in RA, draft-ietf-6man-ra-pref64

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Tue, 09 July 2019 20:54 UTC

Return-Path: <prvs=1093b5d1d9=jordi.palet@consulintel.es>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0CBC120046; Tue, 9 Jul 2019 13:54:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sq_lTKNmMoeq; Tue, 9 Jul 2019 13:54:43 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [IPv6:2001:470:1f09:495::5]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B546E12000E; Tue, 9 Jul 2019 13:54:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1562705681; x=1563310481; i=jordi.palet@consulintel.es; q=dns/txt; h=User-Agent:Date: Subject:From:To:CC:Message-ID:Thread-Topic:References: In-Reply-To:Mime-version:Content-type; bh=UPaTpWMSytKzta+2rNyKya 61lUGI0ShRyQHp9rwJEXQ=; b=HZ72jAEbKeXpQroKBvqPZGU8IneEls2XaLkqME wg/BUFizqzFJQZH64gddIH8sTRNXU6FEpCV19sWjiCNrEKbKm4blBaIZb/bAu46k M3bt/cAScCZJL2FNUIiaeh7b/lTZGBOH71/+XvC1BS9BI8vhjlqdCtKJiNBp1WDw Z7FbM=
X-MDAV-Result: clean
X-MDAV-Processed: mail.consulintel.es, Tue, 09 Jul 2019 22:54:41 +0200
X-Spam-Processed: mail.consulintel.es, Tue, 09 Jul 2019 22:54:39 +0200
Received: from [10.10.10.130] by mail.consulintel.es (MDaemon PRO v16.5.2) with ESMTPA id md50006320735.msg; Tue, 09 Jul 2019 22:54:39 +0200
X-MDRemoteIP: 2001:470:1f09:495:e078:75ed:8505:ff6
X-MDHelo: [10.10.10.130]
X-MDArrival-Date: Tue, 09 Jul 2019 22:54:39 +0200
X-Authenticated-Sender: jordi.palet@consulintel.es
X-Return-Path: prvs=1093b5d1d9=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
User-Agent: Microsoft-MacOutlook/10.10.b.190609
Date: Tue, 09 Jul 2019 22:54:38 +0200
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: "Mudric, Dusan (Dusan)" <dmudric@avaya.com>, IPv6 Operations <v6ops@ietf.org>
CC: 6man <6man@ietf.org>
Message-ID: <B0B525FD-7A84-44BD-8F77-EEFF0C2B10F6@consulintel.es>
Thread-Topic: [v6ops] NAT64 in RA, draft-ietf-6man-ra-pref64
References: <DM6PR15MB2506C03D1D88F2785B5016C1BBFB0@DM6PR15MB2506.namprd15.prod.outlook.com> <675D1F10-02FF-4AB4-88E3-5A0D95A34ABF@gmail.com> <DM6PR15MB250640D3141DCB2C64789B95BBFA0@DM6PR15MB2506.namprd15.prod.outlook.com> <CAFU7BAROif-44uFy1+oiutsQLiFOa09jM1Ve_8qaqpr1TPLGyQ@mail.gmail.com> <DM6PR15MB2506ABCBD8457003114E60EBBBF50@DM6PR15MB2506.namprd15.prod.outlook.com> <d4d2f637b80544708def95dd77af4d81@boeing.com> <DM6PR15MB2506F92308CA8DA8921BA0A5BBF60@DM6PR15MB2506.namprd15.prod.outlook.com> <CAN-Dau1UvGX+aqGn0ajZN7n1ky-Wvkbd5qb2Y==Em_=fRZeZjg@mail.gmail.com> <6A99AEFF-02D6-4F24-9484-B72745126D70@consulintel.es> <DM6PR15MB2506C6CC4E3853915F6AD1DEBBF10@DM6PR15MB2506.namprd15.prod.outlook.com> <FD775C6C-4D8B-4EA5-A128-BDB6281C85EB@consulintel.es>
In-Reply-To: <FD775C6C-4D8B-4EA5-A128-BDB6281C85EB@consulintel.es>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3645557679_564410298"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/JtjsFQCBPbiCQRqz_EBjlwAFt5Q>
Subject: Re: [v6ops] NAT64 in RA, draft-ietf-6man-ra-pref64
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 20:54:48 -0000

By the way, the difference between this and using SIIT-DC, is that in SIIT-DC the flow will be:

 

IPv4 from the smartTV to the CLAT

IPv6 from the CLAT to the NAT64

IPv4 from the NAT64 to the SIIT-DC BR

IPv6 from the SIIT-DC BR to the streaming service

 

Note that our main goal with this work, was not to make “a new SIIT-DC”, but to make sure that IPv4-only devices behind a CLAT don’t need to use the NAT64 if the services (such as CDNs, caches, etc.) are already IPv6-enabled.

 

Regards,

Jordi

@jordipalet

 

 

 

El 9/7/19 22:25, "ipv6 en nombre de JORDI PALET MARTINEZ" <ipv6-bounces@ietf.org en nombre de jordi.palet=40consulintel.es@dmarc.ietf.org> escribió:

 

Hi Dusan,

 

The problem is that the IPv6-only “remote server” don’t have IPv4 connectivity. Also, it doesn’t have an IPv4 address. Let’s suppose this is a streaming server.

 

The “local” IPv4-only host (let’s suppose is an IPv4-only SmartTV), is connected to a CLAT (this is in the CPE, and the CPE is connected via IPv6-only) to the service provider.

 

The optimization that we are suggesting is using EAM (explicit mapping) to avoid the IPv4 flow from the smartTV to be converted back to IPv4, because the CLAT already converted it to IPv6.

 

If we create a “fake” A record in the streaming server, the CLAT will create an EAMT, so because it believes the streaming service is reachable with IPv4 (which is not), but the “optimized CLAT” will then use the AAAA.

 

So, the flow is:

IPv4 from the smartTV to the CLAT

IPv6 from the CLAT to the streaming service

 

In normal conditions, if the streaming service is really dual-stack and we don’t have optimization (the “actual” 464XLAT protocol), it will be:

 

IPv4 from the smartTV to the CLAT

IPv6 from the CLAT to the NAT64

IPv4 from the NAT64 to the streaming service

 

If the streaming service is IPv6 only, with the actual 464XLAT protocol, this connectivity is not possible.

 

You see the point?

 

Please take a look at the document, I think is well described, otherwise provide suggestions about what you believe is not clear enough and we will make sure to improve the text and drawings!

 

By the way, I’m talking here about “approach 2”, which I think is the best solution.

 

Regards,

Jordi

@jordipalet

 

 

 

El 9/7/19 22:05, "v6ops en nombre de Mudric, Dusan (Dusan)" <v6ops-bounces@ietf.org en nombre de dmudric@avaya.com> escribió:

 

Hi Jordi,

 

Are you saying your draft  “464XLAT Optimization” will provide IPv4only app to IPv6only app communication like this?

 

 

                  +-------+     .-----.                   

                  | IPv6  |    /       \                

      .-----.     |  CE   |   /  IPv6-  \     .-----.    

     / IPv4- \    |  or   +--(   only    )---( NAT64 )

    /  only   \   |  UE   |   \  Access /\    `-----'     

   (  SmartTV  )--+       |    \       /  \             

    \   STB   /   | with  |     `--+--'    \   .-----.      

     \ VoIP  /    | NAT46 |        |        \ /       \

      `-----'     | CLAT  |    +---+----+    /  IPv6   \      .--+--.

                  |       |    |  DNS/  |   (  Internet )IPv6/ IPv6- \

                  +-------+    |  DNS64 |    \         /----/  only   \

                               +--------+     \       /    (           )

                                               `-----'      \  APP    /

                                                             \       /

                                                              `-----'

   <------------------------ IPv4 to IPv6 flow ------------------------>

 

What did not work so far and what had to be added in your draft to make this flow work?

 

How can IPv6-only APP get the IPV4 public address, used by NAT_translator, when sending a packet from IPv6-ony APP to IPv4-only APP? This IPv4 address is the same destination IPv4 address to which IPv4-only APP sends a packet towards IPv6-only APP ( 192.0.2.2. address in Jen’s example).

 

Thanks,

Dusan.

 

From: v6ops <v6ops-bounces@ietf.org> On Behalf Of JORDI PALET MARTINEZ
Sent: Monday, July 8, 2019 5:40 PM
To: IPv6 Operations <v6ops@ietf.org>
Cc: 6man <6man@ietf.org>
Subject: Re: [v6ops] NAT64 in RA, draft-ietf-6man-ra-pref64

 

I think there are several possible solutions, but the simpler one seems to be the dual-stack SIP proxies. Another one is draft-ietf-tram-turnbis, which I didn’t knew, until today, is already in the IESG for approval this Thrusday.

Also it can be done with EAM and also as I mention in a previous email via the optimization for 464XLAT. Just uploaded the new version:

 

https://datatracker.ietf.org/doc/draft-palet-v6ops-464xlat-opt-cdn-caches/?include_text=1

 

 

 

 

 

El 8/7/19 19:01, "v6ops en nombre de David Farmer" <v6ops-bounces@ietf.org en nombre de farmer@umn.edu> escribió:

 

 

 

On Mon, Jul 8, 2019 at 10:49 AM Mudric, Dusan (Dusan) <dmudric@avaya.com> wrote:

> -----Original Message-----
> From: Manfredi (US), Albert E <albert.e.manfredi@boeing.com>
> 
> -----Original Message-----
> From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of Mudric, Dusan (Dusan)
> 
> > - How can DNS64 tell IPv6 only client the IP of IPv4 only client, and vice
> versa?
> 
> IPv6 to IPv4 should be straightforward, because it's a one-to-one
> relationship. The other way around would normally not work, 
[Dusan] There is no solution for IPv4only client to reach IPv6only client? 

 

I mostly say, so what! It is an unfortunate reality of today's Internet, because of NAT44 and/or stateful firewall default deny inbound policy, many times clients can't speak to other clients, be they IPv4 only, IPv6 only, or even dual stack. Sometimes firewall traversal technologies can work around this, also depending on the firewall traversal solution used sometimes IPv4 only and IPv6 only clients will be able to talk to each other.  My guess is that IPv4 only to IPv6 only firewall traversal would be less effective than NAT44 client to NAT44 client firewall traversal, but it is should still be possible in some cases. 

 

> but everyone
> has been accustomed to that with IPv4 NAPT already. 
[Dusan] How IPv4 only users (e.g. Avaya IPv4 only phones) can be accustomed not to be able to call IPv6only users (like Apple IPv6 only phones)?

 

They may not be able to talk peer to peer. However, through a dual-stack SIP or other proxies/session border controller, they could probably complete a call. 

 

>The client behind the
> NAPT initiates.
> 
> > Is DNS64 server returning IPv4ony client address to IPv6only client, using
> the A RR?
> 
> The DNS synthesizes the IPv6 address, which has the IPv4 address
> embedded in it.
> 
> > - How can IPv4only client get the address of IPv6only client (or, it is
> impossible for IPv4only client to get IPv6 address of IPv6only client)?
> 
> That's clearly more difficult, which is why the normal course of action is for
> the IPv6 client to initiate the session..
[Dusan] What if IPv4only client needs to initiate the session to IPv6only client? What is the solution for that use case?

 

Many firewall traversal solutions should work in this case, but IPv4 only client to client isn't guaranteed to work in all cases either. 

 

> 
> > - Do these IPv4 and IPv6 client addresses need to be pre-configured on the
> translator and/or DNS64?
> 
> For IPv4 to IPv6, if you must allow the IPv4 client to initiate the session, you'd
> have to have preconfigure something.
[Dusan] Where and how is this configuration done?

> 
> Bert

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------


 

-- 

===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota   
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
=============================================== 

_______________________________________________ v6ops mailing list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops 


**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

_______________________________________________ v6ops mailing list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops 


**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 -------------------------------------------------------------------- 



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

v2.23.0 | Report a Bug | By Email