Re: [v6ops] Fwd: I-D Action: draft-anderson-v6ops-siit-dc-01.txt
Ray Hunter <v6ops@globis.net> Wed, 08 October 2014 07:11 UTC
Return-Path: <v6ops@globis.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 408F41A0079 for <v6ops@ietfa.amsl.com>; Wed, 8 Oct 2014 00:11:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_34=0.6, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HTXWbFy91MIC for <v6ops@ietfa.amsl.com>; Wed, 8 Oct 2014 00:11:17 -0700 (PDT)
Received: from globis01.globis.net (mail.globis.net [IPv6:2001:470:1f15:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id A6A4A1A007C for <v6ops@ietf.org>; Wed, 8 Oct 2014 00:11:16 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id 82D4E871612; Wed, 8 Oct 2014 09:11:15 +0200 (CEST)
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nGUJjl9SSBB9; Wed, 8 Oct 2014 09:11:15 +0200 (CEST)
Received: from Rays-iMac.local (092-111-140-211.static.chello.nl [92.111.140.211]) (Authenticated sender: Ray.Hunter@globis.net) by globis01.globis.net (Postfix) with ESMTPSA id 5A738870067; Wed, 8 Oct 2014 09:11:15 +0200 (CEST)
Message-ID: <5434E36F.2060005@globis.net>
Date: Wed, 08 Oct 2014 09:10:39 +0200
From: Ray Hunter <v6ops@globis.net>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Tore Anderson <tore@fud.no>
References: <20141005185423.19533.71711.idtracker@ietfa.amsl.com> <5432344D.1010007@fud.no> <E0D15CA2-0608-4801-9F56-3BE27B054999@globis.net> <5434E044.3010108@fud.no>
In-Reply-To: <5434E044.3010108@fud.no>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/N0IQ0xHwRCV2dbJXHtS1kHAQCus
Cc: IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] Fwd: I-D Action: draft-anderson-v6ops-siit-dc-01.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Oct 2014 07:11:22 -0000
> Tore Anderson <mailto:tore@fud.no> > 8 October 2014 08:57 > Good morning, > >> Nice draft. >> >> Why do you restrict the architecture to a per host agent? >> >> Why do you restrict the IPv4 address binding to a virtual network >> interface? > > I'm assuming you're specifically talking about the -2xlat draft here? > The plain architecture doesn't include a host agent at all, the host > agent is intended to be used only in the case where the application > software does not support IPv4, and/or where the application protocol > doesn't support NAT. Correct. Subject line was just taken from a digest message. > > I don't mean to restrict the architecture to a per host agent at all. > The -2xlat draft simply seeks to document how the plain SIIT-DC > architecture can be extended to support IPv4-only application software > and/or application protocols which cannot work through NAT. It's a > specific use case with a specific solution. Doesn't mean you can't do > other fun stuff too. :-) >> Wouldn't this dual translation work equally well as a proxy device >> serving multiple legacy application servers, each with their own >> unique static address mapping? > > So if I understand you correctly an SIIT-DC topology that uses all > three modes (plain for NAT-friendly HTTP, host agent for NAT-unfriendly > FTP, proxy for a couple of IPv4-only machines) could look something like > this? > > (IPv4-only Internet) > | > +-+-[SIIT-DC Gateway]--------------------+ > | xlat prefix: 64:ff9b::/96 | > | v4,v6 map 1: 192.0.2.10, 2001:db8::1:1 | > | v4,v6 map 2: 192.0.2.15, 2001:db8::a:a | > | v4,v6 map 3: 192.0.2.20, 2001:db8::1:2 | > | v4,v6 map 4: 192.0.2.25, 2001:db8::f:f | > +-+--------------------------------------+ > | > (IPv6-only data centre network) > | > +-- 2001:db8:a:a HTTP server, IPv6-only, v4 service addr=192.0.2.15 > | > +-- 2001:db8:f:e FTP server, IPv6-only (native IPv6 service addr) > | 2001:db8:f:f FTP server via Host Agent, service addr=192.0.2.25 > | > +-+-[SIIT-DC Proxy]---------------------------+ > | xlat prefix: 64:ff9b::/96 | > | v4,v6 map 1: 192.0.2.10, 2001:db8::1:1 | > | static rt 1: 192.0.2.10 nexthop 169.254.0.2 | > | v4,v6 map 2: 192.0.2.20, 2001:db8::1:2 | > | static rt 2: 192.0.2.20 nexthop 169.254.0.3 | > +-+-------------------------------------------+ > | > (Proxy's IPv4-only private backend LAN - 169.254.0.0/16) > | > +-- 169.254.0.2 IPv4-only machine 1 (192.0.2.10 on loopback) > | > \-- 169.254.0.3 IPv4-only machine 2 (192.0.2.20 on loopback) > > I.e., that the proxy device essentially takes the role of a CE router > with an IPv4 LAN behind it (for which it's the default router), but > instead of terminating the 192.0.2.x addresses locally, it routes them > to endpoints in that IPv4 backend LAN using host routes? Correct. > (Or something > along those lines anyway, the IPv4 topology could of course be as > complex as you would like.) > > I don't see why this wouldn't work just fine. I guess I just never saw > the use case for myself (for me it would still be easier to just > provision a native IPv4-only VLAN for such a purpose, but I can see the > use case if you have an deep IPv6-only network topology and need to > support a couple of IPv4-only devices in the innermost parts of it. Indeed. Depends on the DC infra. If you have a multi-site DC connected via DWDM and/or dot1qinq and/or private MPLS, sure. If you have deep IPv6-only inter-connected DC sites, or a campus network, then that IPv4 VLAN could be expensive. > I'm > thinking that describing this SIIT-DC Proxy could be left to a future > draft, though, would you agree? Agreed. Although I'm not sure it's a whole lot of work to incorporate it into this draft. >> I'm thinking that true legacy machines are unlikely to be targets for >> implementations of this new technology. > > Definitively not. The current drafts are for greenfield deployments, or > mostly so. The servers must necessarily support IPv6. The application > software and application protocols as well, *unless* you're using a host > agent - in which case the server must implement the host agent (today, > that is equivalent to "the server must be running Linux" as far as I know). > >> Nit s/poining/pointing/ > > Thanks! > > Tore > ------------------------------------------------------------------------ -- Regards, RayH
- Re: [v6ops] I-D Action: draft-anderson-v6ops-siit… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-anderson-v6ops-siit… Tore Anderson
- [v6ops] Fwd: I-D Action: draft-anderson-v6ops-sii… Tore Anderson
- Re: [v6ops] Fwd: I-D Action: draft-anderson-v6ops… Andrew 👽 Yourtchenko
- Re: [v6ops] Fwd: I-D Action: draft-anderson-v6ops… Tore Anderson
- Re: [v6ops] Fwd: I-D Action: draft-anderson-v6ops… Andrew 👽 Yourtchenko
- Re: [v6ops] Fwd: I-D Action: draft-anderson-v6ops… V6ops
- Re: [v6ops] Fwd: I-D Action: draft-anderson-v6ops… Tore Anderson
- Re: [v6ops] Fwd: I-D Action: draft-anderson-v6ops… Ray Hunter