Re: [v6ops] IPv6 mostly for DS-Lite
Brian Candler <brian@nsrc.org> Wed, 20 March 2024 10:40 UTC
Return-Path: <brian@nsrc.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53AE4C14F693 for <v6ops@ietfa.amsl.com>; Wed, 20 Mar 2024 03:40:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.805
X-Spam-Level:
X-Spam-Status: No, score=-2.805 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nsrc.org header.b="F7oKPIyE"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="GTBqZSHb"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id INmTw1hktsX2 for <v6ops@ietfa.amsl.com>; Wed, 20 Mar 2024 03:39:55 -0700 (PDT)
Received: from fout8-smtp.messagingengine.com (fout8-smtp.messagingengine.com [103.168.172.151]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5124C14F6B5 for <v6ops@ietf.org>; Wed, 20 Mar 2024 03:39:55 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailfout.nyi.internal (Postfix) with ESMTP id 911D113800E7; Wed, 20 Mar 2024 06:39:54 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Wed, 20 Mar 2024 06:39:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nsrc.org; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1710931194; x=1711017594; bh=y8AxbYnnJ9 WQftSsFbrL+lxJK2ipE9sIqI4XXpHyX3c=; b=F7oKPIyEwgqv1GFvDLjhyUePN3 fVIUH/8eQu+GTsRKgwRImAJoYh2fK8fB0T/52n/DYl6btSgVr1USWkrZrogUom0t 7ZQhXEEyKEbSNPdLJdvvE+OWtrXSby9NG97gGgX8L0kX9vJ1GxlgPbuuEJeq2G+M u56QNThVPSzqG2YIL6F6bCHUh/XuFl4TPr03OtLmRc9TMH20SDDPMzAoBiodrZ22 Vek1uP31J/c5vZZakT5Pm+E7F1eD3XS5H422SJ9Mx4vjIw4BA9w5Mc1ls6jHEqWq +V/jZL+gYInlEDz9c+1JUqFZ/gBNu4eJ3i8SG2010CsGWF+fvcmWZOPWyG2Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1710931194; x=1711017594; bh=y8AxbYnnJ9WQftSsFbrL+lxJK2ip E9sIqI4XXpHyX3c=; b=GTBqZSHbu79t1vmWXk/aEtB2JC1vxDb8fkeh/Vp5hDos 34bex4q+AIJP6p2hWvbWFjYjCRWmy1U/U0anbqwUjKnI8MQ1LVQvLBuUO7X18vKw ILF8ynUCbmpATAB6SsrGyxsqso3C6ZmdS7DwC3nenSwK/waHAt9BZZx4Dwn6wzBK 5I8xkKH5jVFxDLBnzAe8WZDqNq+EKXKMmv8XTwl4iHYWvzq7i2poJ7FOr+hkneGG wtVWZxVvMroPksnvOaZhG2m5lK1SnY86PjhR6YERRGCQEm2eDl3o+lgZE6yzAKFP 5sptf8MmoYeqpZP2G3Sr1stMpMaHFgrm0BwtYyIvmw==
X-ME-Sender: <xms:-bz6ZYksuOveOTVTIMWhbMeKwy87GMOi-cKZXEix7iMri92KAkiy1w> <xme:-bz6ZX0osPn-5vMNPtbHxZHkbZ2gkRB-ae0cfTlNYW4NoqpkYE4pD-k2mODybROrG TZ-HDUzqbTj47LCPAs>
X-ME-Received: <xmr:-bz6ZWrj_URJ0URUtFrzJx0wXoai01d-yQ2VRytHxVJbaL6yaLwfx7BIVyC0KJU>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrleeggddulecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpegtkfffgggfuffvvehfhfgjsegrtderredtvdejnecuhfhrohhmpeeurhhirghn ucevrghnughlvghruceosghrihgrnhesnhhsrhgtrdhorhhgqeenucggtffrrghtthgvrh hnpeeftdekhfevffeihfeghfelieeliedtgffgffevveejhfetueduieefteeuueeffeen ucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegsrhhirg hnsehnshhrtgdrohhrgh
X-ME-Proxy: <xmx:-bz6ZUl8BlHoho9eyi96XNEK0HmSLxvK90m3BWnJVXYFAjDSpXjqcw> <xmx:-bz6ZW1F_HAWenT58k-_ngqyUVp2nkITCj99uUDM6nLAnCeEyywEtg> <xmx:-bz6ZbsZLMn71rVIrS1liBJOaxpBJsjFT5bVhIy_DVutF3890JSFqw> <xmx:-bz6ZSWI5pvrbZ7Jwy-PWJSCqdIOeFbyCSO5X39f8duBIAASlGtWrA> <xmx:-rz6ZS-LyOg6uvbUZHdrelzrmI1KiIXLcN2hbGKVG9DhoWWACgQ7AQ>
Feedback-ID: i8f09498f:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 20 Mar 2024 06:39:53 -0400 (EDT)
Content-Type: multipart/alternative; boundary="------------r3UOcC2t6HqMKKXjZ9BMipsC"
Message-ID: <c12ef77f-e28a-4b1b-b50c-478daad97aff@nsrc.org>
Date: Wed, 20 Mar 2024 10:39:50 +0000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
To: Mark Andrews <marka@isc.org>, Gert Doering <gert@space.net>
Cc: v6ops <v6ops@ietf.org>
References: <Zfqag8pqi3in3G5p@Space.Net> <2AA6E4EF-01CA-4CE5-AF73-9BCA4B0586B0@isc.org>
From: Brian Candler <brian@nsrc.org>
In-Reply-To: <2AA6E4EF-01CA-4CE5-AF73-9BCA4B0586B0@isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/KA976Jr_rIe-T_g973_cBJEDwHA>
Subject: Re: [v6ops] IPv6 mostly for DS-Lite
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2024 10:40:45 -0000
On 20/03/2024 10:04, Mark Andrews wrote: > So ISPs have to back out DS-lite and deploy NAT64 just so people can deploy IPv6 mostly. Speaking pragmatically, if you've built a CGNAT which can do AFTR for DS-Lite then the same box can probably also act as the PLAT for 464XLAT, and vice versa. So it's not so much a question of "backing out" but rather running something in parallel. If I understand correctly, DS-lite is normally deployed on the CPE router. From the CPE's B4 interface to the provider's AFTR, IPv4 is encapsulated in IPv6. However as far as the end-user is concerned, they see regular dual-stack, and the IPv4 leg is the only way they can access the IPv4 Internet. Going "IPv6 mostly" on the end-user network with DS-Lite would mean that the client itself implements the B4 interface. Is that what you're proposing: that clients should have built-in B4 interfaces *in addition to* the ISP-supplied CPE having a B4 interface? Can you provide any examples of clients which have this functionality already? RFC6333 certainly allows for that possibility in section 4.3, although in the context of a direct connection to a broadband network rather than behind a CPE, and section 5.6 also mentions it in passing ("The B4 element can be implemented in a host and CPE"). Presumably such clients would have to notice the DHCPv6 option for DS-Lite (RFC 6334) and configure themselves that way. RFC8925 ("IPv6-only preferred") does explicitly address the possibility of using transition technologies other than NAT64, in section 4. But it dismisses them: "it seems unlikely that any new transition technology would arise *and be widely adopted* [my emphasis] in the foreseeable future" Again being pragmatic, I don't see any major advantage of DS-Lite over 464XLAT: both use 192.0.0.2 as the source address, one rewrites an IPv4 datagram as IPv6, one encapsulates an IPv4 datagram in IPv6. There are already far too many choices in IPv6 where there are two ways to achieve the same thing, and IMO it's about time we started to pick one. Regards, Brian.
- [v6ops] IPv6 mostly for DS-Lite Mark Andrews
- Re: [v6ops] IPv6 mostly for DS-Lite Lorenzo Colitti
- Re: [v6ops] IPv6 mostly for DS-Lite Mark Andrews
- Re: [v6ops] IPv6 mostly for DS-Lite Ole Troan
- Re: [v6ops] IPv6 mostly for DS-Lite Gert Doering
- Re: [v6ops] IPv6 mostly for DS-Lite Brian E Carpenter
- Re: [v6ops] IPv6 mostly for DS-Lite Mark Andrews
- Re: [v6ops] IPv6 mostly for DS-Lite Tim Chown
- Re: [v6ops] IPv6 mostly for DS-Lite Ole Troan
- Re: [v6ops] IPv6 mostly for DS-Lite Mark Andrews
- Re: [v6ops] IPv6 mostly for DS-Lite Brian Candler
- Re: [v6ops] IPv6 mostly for DS-Lite Gert Doering
- Re: [v6ops] IPv6 mostly for DS-Lite Brian Candler
- Re: [v6ops] IPv6 mostly for DS-Lite Brian E Carpenter
- Re: [v6ops] IPv6 mostly for DS-Lite Mark Andrews
- Re: [v6ops] IPv6 mostly for DS-Lite Ted Lemon
- Re: [v6ops] IPv6 mostly for DS-Lite Ondřej Caletka
- Re: [v6ops] IPv6 mostly for DS-Lite Brian E Carpenter
- Re: [v6ops] IPv6 mostly for DS-Lite Gabor LENCSE
- Re: [v6ops] IPv6 mostly for DS-Lite Mark Andrews
- Re: [v6ops] IPv6 mostly for DS-Lite Gert Doering
- Re: [v6ops] IPv6 mostly for DS-Lite Brian E Carpenter
- Re: [v6ops] IPv6 mostly for DS-Lite Ole Troan
- Re: [v6ops] IPv6 mostly for DS-Lite Kawashima Masanobu(川島 正伸)
- Re: [v6ops] IPv6 mostly for DS-Lite Ole Troan
- Re: [v6ops] IPv6 mostly for DS-Lite Ole Troan
- Re: [v6ops] IPv6 mostly for DS-Lite Kawashima Masanobu(川島 正伸)