IETF Logo Mail Archive

Re: [v6ops] IPv6 mostly for DS-Lite

Brian Candler <brian@nsrc.org> Wed, 20 March 2024 10:40 UTC

Return-Path: <brian@nsrc.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53AE4C14F693 for <v6ops@ietfa.amsl.com>; Wed, 20 Mar 2024 03:40:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.805
X-Spam-Level:
X-Spam-Status: No, score=-2.805 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nsrc.org header.b="F7oKPIyE"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="GTBqZSHb"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id INmTw1hktsX2 for <v6ops@ietfa.amsl.com>; Wed, 20 Mar 2024 03:39:55 -0700 (PDT)
Received: from fout8-smtp.messagingengine.com (fout8-smtp.messagingengine.com [103.168.172.151]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5124C14F6B5 for <v6ops@ietf.org>; Wed, 20 Mar 2024 03:39:55 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailfout.nyi.internal (Postfix) with ESMTP id 911D113800E7; Wed, 20 Mar 2024 06:39:54 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Wed, 20 Mar 2024 06:39:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nsrc.org; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1710931194; x=1711017594; bh=y8AxbYnnJ9 WQftSsFbrL+lxJK2ipE9sIqI4XXpHyX3c=; b=F7oKPIyEwgqv1GFvDLjhyUePN3 fVIUH/8eQu+GTsRKgwRImAJoYh2fK8fB0T/52n/DYl6btSgVr1USWkrZrogUom0t 7ZQhXEEyKEbSNPdLJdvvE+OWtrXSby9NG97gGgX8L0kX9vJ1GxlgPbuuEJeq2G+M u56QNThVPSzqG2YIL6F6bCHUh/XuFl4TPr03OtLmRc9TMH20SDDPMzAoBiodrZ22 Vek1uP31J/c5vZZakT5Pm+E7F1eD3XS5H422SJ9Mx4vjIw4BA9w5Mc1ls6jHEqWq +V/jZL+gYInlEDz9c+1JUqFZ/gBNu4eJ3i8SG2010CsGWF+fvcmWZOPWyG2Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1710931194; x=1711017594; bh=y8AxbYnnJ9WQftSsFbrL+lxJK2ip E9sIqI4XXpHyX3c=; b=GTBqZSHbu79t1vmWXk/aEtB2JC1vxDb8fkeh/Vp5hDos 34bex4q+AIJP6p2hWvbWFjYjCRWmy1U/U0anbqwUjKnI8MQ1LVQvLBuUO7X18vKw ILF8ynUCbmpATAB6SsrGyxsqso3C6ZmdS7DwC3nenSwK/waHAt9BZZx4Dwn6wzBK 5I8xkKH5jVFxDLBnzAe8WZDqNq+EKXKMmv8XTwl4iHYWvzq7i2poJ7FOr+hkneGG wtVWZxVvMroPksnvOaZhG2m5lK1SnY86PjhR6YERRGCQEm2eDl3o+lgZE6yzAKFP 5sptf8MmoYeqpZP2G3Sr1stMpMaHFgrm0BwtYyIvmw==
X-ME-Sender: <xms:-bz6ZYksuOveOTVTIMWhbMeKwy87GMOi-cKZXEix7iMri92KAkiy1w> <xme:-bz6ZX0osPn-5vMNPtbHxZHkbZ2gkRB-ae0cfTlNYW4NoqpkYE4pD-k2mODybROrG TZ-HDUzqbTj47LCPAs>
X-ME-Received: <xmr:-bz6ZWrj_URJ0URUtFrzJx0wXoai01d-yQ2VRytHxVJbaL6yaLwfx7BIVyC0KJU>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrleeggddulecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpegtkfffgggfuffvvehfhfgjsegrtderredtvdejnecuhfhrohhmpeeurhhirghn ucevrghnughlvghruceosghrihgrnhesnhhsrhgtrdhorhhgqeenucggtffrrghtthgvrh hnpeeftdekhfevffeihfeghfelieeliedtgffgffevveejhfetueduieefteeuueeffeen ucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegsrhhirg hnsehnshhrtgdrohhrgh
X-ME-Proxy: <xmx:-bz6ZUl8BlHoho9eyi96XNEK0HmSLxvK90m3BWnJVXYFAjDSpXjqcw> <xmx:-bz6ZW1F_HAWenT58k-_ngqyUVp2nkITCj99uUDM6nLAnCeEyywEtg> <xmx:-bz6ZbsZLMn71rVIrS1liBJOaxpBJsjFT5bVhIy_DVutF3890JSFqw> <xmx:-bz6ZSWI5pvrbZ7Jwy-PWJSCqdIOeFbyCSO5X39f8duBIAASlGtWrA> <xmx:-rz6ZS-LyOg6uvbUZHdrelzrmI1KiIXLcN2hbGKVG9DhoWWACgQ7AQ>
Feedback-ID: i8f09498f:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 20 Mar 2024 06:39:53 -0400 (EDT)
Content-Type: multipart/alternative; boundary="------------r3UOcC2t6HqMKKXjZ9BMipsC"
Message-ID: <c12ef77f-e28a-4b1b-b50c-478daad97aff@nsrc.org>
Date: Wed, 20 Mar 2024 10:39:50 +0000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
To: Mark Andrews <marka@isc.org>, Gert Doering <gert@space.net>
Cc: v6ops <v6ops@ietf.org>
References: <Zfqag8pqi3in3G5p@Space.Net> <2AA6E4EF-01CA-4CE5-AF73-9BCA4B0586B0@isc.org>
From: Brian Candler <brian@nsrc.org>
In-Reply-To: <2AA6E4EF-01CA-4CE5-AF73-9BCA4B0586B0@isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/KA976Jr_rIe-T_g973_cBJEDwHA>
Subject: Re: [v6ops] IPv6 mostly for DS-Lite
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2024 10:40:45 -0000

On 20/03/2024 10:04, Mark Andrews wrote:
> So ISPs have to back out DS-lite and deploy NAT64 just so people can deploy IPv6 mostly.

Speaking pragmatically, if you've built a CGNAT which can do AFTR for 
DS-Lite then the same box can probably also act as the PLAT for 464XLAT, 
and vice versa. So it's not so much a question of "backing out" but 
rather running something in parallel.

If I understand correctly, DS-lite is normally deployed on the CPE 
router. From the CPE's B4 interface to the provider's AFTR, IPv4 is 
encapsulated in IPv6.  However as far as the end-user is concerned, they 
see regular dual-stack, and the IPv4 leg is the only way they can access 
the IPv4 Internet.

Going "IPv6 mostly" on the end-user network with DS-Lite would mean that 
the client itself implements the B4 interface. Is that what you're 
proposing: that clients should have built-in B4 interfaces *in addition 
to* the ISP-supplied CPE having a B4 interface? Can you provide any 
examples of clients which have this functionality already?

RFC6333 certainly allows for that possibility in section 4.3, although 
in the context of a direct connection to a broadband network rather than 
behind a CPE, and section 5.6 also mentions it in passing ("The B4 
element can be implemented in a host and CPE"). Presumably such clients 
would have to notice the DHCPv6 option for DS-Lite (RFC 6334) and 
configure themselves that way.

RFC8925 ("IPv6-only preferred") does explicitly address the possibility 
of using transition technologies other than NAT64, in section 4. But it 
dismisses them: "it seems unlikely that any new transition technology 
would arise *and be widely adopted* [my emphasis] in the foreseeable future"

Again being pragmatic, I don't see any major advantage of DS-Lite over 
464XLAT: both use 192.0.0.2 as the source address, one rewrites an IPv4 
datagram as IPv6, one encapsulates an IPv4 datagram in IPv6. There are 
already far too many choices in IPv6 where there are two ways to achieve 
the same thing, and IMO it's about time we started to pick one.

Regards,

Brian.

v2.23.0 | Report a Bug | By Email