IETF Logo Mail Archive

Re: [v6ops] AD review of draft-ietf-v6ops-v4v6-xlat-prefix

<mohamed.boucadair@orange.com> Tue, 09 May 2017 06:36 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C3D8129AEB; Mon, 8 May 2017 23:36:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oil-ADeIGEXc; Mon, 8 May 2017 23:36:18 -0700 (PDT)
Received: from relais-inet.orange.com (mta239.mail.business.static.orange.com [80.12.66.39]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73CE8129AFF; Mon, 8 May 2017 23:36:17 -0700 (PDT)
Received: from opfedar01.francetelecom.fr (unknown [xx.xx.xx.2]) by opfedar23.francetelecom.fr (ESMTP service) with ESMTP id D5CD51604E6; Tue, 9 May 2017 08:36:15 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.69]) by opfedar01.francetelecom.fr (ESMTP service) with ESMTP id B75FC16005E; Tue, 9 May 2017 08:36:15 +0200 (CEST)
Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILMA2.corporate.adroot.infra.ftgroup ([fe80::bc1c:ad2f:eda3:8c3d%18]) with mapi id 14.03.0339.000; Tue, 9 May 2017 08:36:15 +0200
From: mohamed.boucadair@orange.com
To: Warren Kumari <warren@kumari.net>, IPv6 Operations <v6ops@ietf.org>, "draft-ietf-v6ops-v4v6-xlat-prefix.all@ietf.org" <draft-ietf-v6ops-v4v6-xlat-prefix.all@ietf.org>, Joe Clarke <jclarke@cisco.com>
Thread-Topic: [v6ops] AD review of draft-ietf-v6ops-v4v6-xlat-prefix
Thread-Index: AQHSxbFPs712K9DuykCz43s9LaifGqHrjZsg
Date: Tue, 09 May 2017 06:36:14 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B933009E6C4E8@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <CAHw9_i+=ewtPR9qrmXR_CrSt57y=4RrE-JgZX8Mu-2sL+2cw-Q@mail.gmail.com>
In-Reply-To: <CAHw9_i+=ewtPR9qrmXR_CrSt57y=4RrE-JgZX8Mu-2sL+2cw-Q@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.5]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/KoGGna_7uvwBF9XxNdvbfOO7c1s>
Subject: Re: [v6ops] AD review of draft-ietf-v6ops-v4v6-xlat-prefix
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 May 2017 06:36:20 -0000

Hi Warren, all, 

Please see inline. 

Cheers,
Med

> -----Message d'origine-----
> De : v6ops [mailto:v6ops-bounces@ietf.org] De la part de Warren Kumari
> Envoyé : vendredi 5 mai 2017 17:06
> À : IPv6 Operations; draft-ietf-v6ops-v4v6-xlat-prefix.all@ietf.org; Joe
> Clarke
> Objet : [v6ops] AD review of draft-ietf-v6ops-v4v6-xlat-prefix
> 
> First off, thank you for a clear, well written document.
> I have completed my AD review, and had a few comments / suggestions.
> 
> I'd also like to thank Fred for requesting early review, and Joe Clarke
> for
> the helpful review. I agree with all of his comments, other than the xref
> in the
> abstract -- but, see below on the Updates bit.
> 
> I've annotated my comments with [C].
> 
> W
> 
> 
> Abstract
> 
>    This document reserves the IPv6 prefix 64:ff9b:1::/48 for local use
>    within domains that enable IPv4/IPv6 translation mechanisms.  This
>    document updates RFC6890.
> 
> [C]: This document updates RFC6890 by ... ? A very brief summary would be
> good.
> Actually, I'm not really sure *why* this updates 6890, from what I can see
> it
> simply reserves an additional prefix in the registry. If it really
> *does* update 6890 it should also have a section clearly explaining
> what changes it makes (including the "new" text). It's entirely
> possible that I've missed
> something really obvious here...
> 
> 
> 4.  Why 64:ff9b:1::/48?
> 
> [C]: I suspect that there may be some feedback during IESG review that
> this section is really long, and provides a lot of (once published)
> unnecessary justification -- however, I found it useful and
> interesting (and likely needed before publication) - just mentioning
> so you are prepared.
> 
> 5.  Deployment Considerations
> 
>    64:ff9b:1::/48 is intended as a technology-agnostic and generic
>    reservation.  A network operator may freely use it in combination
>    with any kind of IPv4/IPv6 translation mechanism deployed within his
>    network.
> 
> [C]: If editing anyway, may want to replace "his" with "their" -
> normally I wouldn't point this out, but apart from the gender issue,
> network operator could be plural / networks are often owned by
> multiple people / an org.
> 
> 
>    64:ff9b:1::/48 or any other more-specific prefix SHOULD NOT be
>    advertised in inter-domain routing, except by explicit agreement
>    between all involved parties.  Such prefixes MUST NOT be advertised
>    to the default-free zone.
> 
> [C]: ... but you *know* that they will leak - what happens when they
> do? Does this break anything? (probably not, *might* be worth
> mentioning though)

[Med] I wonder if a pointer to https://tools.ietf.org/html/rfc6052#section-3.2 would be sufficient here instead of having the full discussion. 

> 
> 
> 6.  Checksum Neutrality
> 
>    Use of 64:ff9b:1::/48 does not in itself guarantee checksum
>    neutrality, as many of the IPv4/IPv6 translation algorithms it can be
>    used with are fundamentally incompatible with checksum-neutral
>    address translations.
> 
> [C]: Er?! What is this checksum neutral thing of which you speak?! :-)
> (I think you need a reference here -- I *think* that RFC6296, Section
> 2.6 is the closest.)
> 

[Med] The text already cites a pointer that is relevant for IPv4/IPv6 address translation matters: 

   Section 4.1 of [RFC6052] contains further discussion about IPv4/IPv6
   translation and checksum neutrality.

> 
>    The Stateless IP/ICMP Translation algorithm [RFC7915] is one well-
>    known algorithm that can operate in a checksum-neutral manner, when
>    using the [RFC6052] algorithm for all of its address translations.
>    However, in order to attain checksum neutrality is imperative that
>    the translation prefix is chosen carefully.  Specifically, in order
>    for a 96-bit [RFC6052] prefix to be checksum neutral, all the six
>    16-bit words in the prefix must add up to a multiple of 0xffff.
> 
>    The following non-exhaustive list contains examples of translation
>    prefixes that are checksum neutral when used with the [RFC7915] and
>    [RFC6052] algorithms:
> 
>    o  64:ff9b:1:fffe::/96
> 
>    o  64:ff9b:1:fffd:1::/96
> 
>    o  64:ff9b:1:fffc:2::/96
> 
>    o  64:ff9b:1:abcd:0:5431::/96
> 
>    Section 4.1 of [RFC6052] contains further discussion about IPv4/IPv6
>    translation and checksum neutrality.
> 
> [C]: Oh! Here is the reference (I think 6296 Sec 2.6 is clearer.)

[Med] Citing RFC6052 is appropriate here because it discusses IPv4/IPv6 address translation matters while RFC6269 is about IPv6 prefix translation. RFC6052 is clear about the meaning: 

... one's complement checksum if both the IPv4-
   translatable and the IPv4-converted IPv6 addresses were constructed
   in a "checksum-neutral" manner, that is, if the IPv6 addresses would
   have the same one's complement checksum as the embedded IPv4 address.

> 
> 7.  IANA Considerations
> 
>    The IANA is requested to add the following entry to the IPv6 Special-
>    Purpose Address Registry:
> 
>               +----------------------+---------------------+
>               | Attribute            | Value               |
>               +----------------------+---------------------+
>               | Address Block        | 64:ff9b:1::/48      |
>               | Name                 | IPv4-IPv6 Translat. |
>               | RFC                  | (TBD)               |
>               | Allocation Date      | (TBD)               |
>               | Termination Date     | N/A                 |
>               | Source               | True                |
>               | Destination          | True                |
>               | Forwardable          | True                |
>               | Global               | False               |
>               | Reserved-by-Protocol | False               |
>               +----------------------+---------------------+
> 
>    The IANA is furthermore requested to add the following footnote to
>    the 0000::/8 entry of the Internet Protocol Version 6 Address Space
>    registry:
> 
>       64:ff9b:1::/48 reserved for Local-use IPv4/IPv6 Translation [TBD]
> 
> 8.  Security Considerations
> 
>    The reservation of 64:ff9b:1::/48 is not known to cause any new
>    security considerations beyond those documented in Section 5 of
>    [RFC6052].
> 
> 9.  References
> 
> 9.1.  Normative References
> 
>  [SNIP]
> 
> [C]: IMO it would be better to have the Acknowledgments section as a
> numbered section, not an Appendix (I'm not sure if this is actually
> required, but is, IMO, better form).
> 
> Appendix A.  Acknowledgments
> 
>    The author would like to thank Fred Baker, Mohamed Boucadair, Brian E
>    Carpenter, Pier Carlo Chiodi, David Farmer, Holger Metschulat and
>    David Schinazi for contributing to the creation of this document.
> 
> 
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
>    ---maf
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email