IETF Logo Mail Archive

Re: [v6ops] question to the WG about draft-ietf-v6ops-transition-ipv4aas

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Thu, 24 January 2019 10:17 UTC

Return-Path: <prvs=1927a7aef1=jordi.palet@consulintel.es>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BD931310CB for <v6ops@ietfa.amsl.com>; Thu, 24 Jan 2019 02:17:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eK_sMN-1uSmH for <v6ops@ietfa.amsl.com>; Thu, 24 Jan 2019 02:17:38 -0800 (PST)
Received: from mail.consulintel.es (mail.consulintel.es [IPv6:2001:470:1f09:495::5]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD060130F11 for <v6ops@ietf.org>; Thu, 24 Jan 2019 02:17:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1548325056; x=1548929856; i=jordi.palet@consulintel.es; q=dns/txt; h=User-Agent:Date: Subject:From:To:Message-ID:Thread-Topic:Mime-version: Content-type:Content-transfer-encoding; bh=5FqOsPcdp+1xwx1aWgq/m 40D1bjUDNfOipP8SghAGMk=; b=F/wUq0BaTgW+PFAUX0OHhA3HwKq6aEWDknkdN cmK7yZbqKAMADhST/miFKsIlfoxwLoIuuvsIExKs052stysuwOXNKwAmwUGSlaf9 Etjd5Rd/B4HDsiA1tk6CVjinbh8V2f7Lj0PxXYLNkVHeDSdy+cmM31HR4QxwdflE MFkeoA=
X-MDAV-Result: clean
X-MDAV-Processed: mail.consulintel.es, Thu, 24 Jan 2019 11:17:35 +0100
X-Spam-Processed: mail.consulintel.es, Thu, 24 Jan 2019 11:17:35 +0100
Received: from [10.10.10.140] by mail.consulintel.es (MDaemon PRO v16.5.2) with ESMTPA id md50006123163.msg for <v6ops@ietf.org>; Thu, 24 Jan 2019 11:17:33 +0100
X-MDRemoteIP: 2001:470:1f09:495:4509:9d6:a781:b4c1
X-MDHelo: [10.10.10.140]
X-MDArrival-Date: Thu, 24 Jan 2019 11:17:33 +0100
X-Authenticated-Sender: jordi.palet@consulintel.es
X-Return-Path: prvs=1927a7aef1=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: v6ops@ietf.org
User-Agent: Microsoft-MacOutlook/10.10.6.190114
Date: Thu, 24 Jan 2019 11:17:32 +0100
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: "v6ops@ietf.org WG" <v6ops@ietf.org>
Message-ID: <9E2A936A-8AA1-48DC-AE1F-964FEE9478D0@consulintel.es>
Thread-Topic: [v6ops] question to the WG about draft-ietf-v6ops-transition-ipv4aas
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/OhrWfirO4lIUQF3OqjmkOMTlO80>
Subject: Re: [v6ops] question to the WG about draft-ietf-v6ops-transition-ipv4aas
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jan 2019 10:17:40 -0000

Hi Med,

The candidate list is built by the CE and matched against what the ISP is sending in the S46 option.

If the CE supports 464XLAT and has been able to configure a NAT64 prefix, then it can insert that in the list (after running the RFC8026 process).

The workaround presented by option A, makes that possible without needing a specific NAT64 DHCP option.

I think it is a matter of having a clear text in the document that tells how this works in both sides the CE and the ISP.

Regards,
Jordi
 
 

-----Mensaje original-----
De: v6ops <v6ops-bounces@ietf.org> en nombre de <mohamed.boucadair@orange.com>
Fecha: jueves, 24 de enero de 2019, 10:38
Para: JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org>, "v6ops@ietf.org WG" <v6ops@ietf.org>
Asunto: Re: [v6ops] question to the WG about draft-ietf-v6ops-transition-ipv4aas

    Hi Jordi, 
    
    The problem with option A is that the candidate list will be set by 8026 using DHCP options. So, even if you return 113 in the priority list, xlat won't be added to the candidate list because no DHCP option for xlat is actually returned. RFC8026 can be relaxed to allow for other sources to fed the candidate list, but that is another piece of work.
    
    One comment about options B and C: These options are not about "Exclude 464XLAT from the stateless "priority" setup that allows RFC8026", but about removing the IANA text asking to add 113 to the S46 priority list. xlat can be added to the priority list if a dhcp option is defined for it.
    
    My take is to pick option C (with the clarification made above) for the following reasons: 
    * If a dhcp option is defined in the future, the codepoint of that option will be included in the S46 priority list and normal 8026 processing will be followed.
    * If a (stale) method is still present in the network to retrieve the prefix by other means, the priority set by the provider in S46 priority list will be followed because the default priority of xlat as set by draft-ietf-v6ops-transition-ipv4aas won't win. 
    
    Cheers,
    Med
    
    > -----Message d'origine-----
    > De : v6ops [mailto:v6ops-bounces@ietf.org] De la part de JORDI PALET MARTINEZ
    > Envoyé : jeudi 24 janvier 2019 10:12
    > À : v6ops@ietf.org WG
    > Objet : [v6ops] question to the WG about draft-ietf-v6ops-transition-ipv4aas
    > 
    > Hi all,
    > 
    > Sorry the long email, but it needs to be explained in detail so v6ops folks
    > can understand it and provide inputs.
    > 
    > As part of the IESG telechat where this document was evaluated, it was raised
    > a discuss regarding using RFC8115 in a way that introduces a "trick" to
    > provide a DHCP option for a NAT64 prefix.
    > 
    > After hearing the comments in the list, we decided to remove it, but we still
    > need a way to make sure that 464XLAT/NAT64 can be prioritized as well as the
    > other mechanisms, so the ISP has control over it.
    > 
    > Our suggested approach was to keep using RFC8026 for all the mechanisms.
    > 
    > RFC8026 requires a *top-level Option Request* in order to respond with the
    > S46 option, which define the priority of the mechanisms. We didn't realize
    > about that before because it was "intrinsically there" while we had RFC8115.
    > 
    > Because we don't have an explicit DHCP option for configuring the NAT64, it
    > means the option code for NAT64/464XLAT (113, which was already defined for
    > an IPv6 /64 prefix, but we are asking IANA to include in the RFC8026 defined
    > table just for signaling the priority) will not be provided unless the CE ask
    > via DHCP for the configuration of other transition mechanisms.
    > 
    > In the opinion of the document co-authos, this is fine, because precisely we
    > expect that the CE supports several (hopefully all the 5).
    > 
    > So, in this case (let's call this OPTION A), the behavior will be:
    > 
    > 1) CE get the configuration parameters for all the mechanisms (including a
    > NAT64 prefix via PCP or RFC7050, and the other 4 by means of DHCP).
    > 
    > 2) As part of the request for DHCP configurable mechanism, the CE will ask
    > for S46 priority. If NAT64 is available in the ISP, the S46 will also contain
    > the 113.
    > 
    > 3) As a result, the CE can follow RFC8026 to decide which one match the ISP
    > preference with what the CE can "use".
    > 
    > What is the issue? If the CE only supports 464XLAT, then the CE must be
    > forced to anyway, ask for "another" DHCPv6 configurable mechanism and ignore
    > that information, but use the S46 response to check if the ISP supports
    > NAT64. Not an issue, in our opinion.
    > 
    > If the ISP only supports 464XLAT, then is forced to anyway, respond to the
    > DHCPv6 request for configuration options of all the other 4 mechanisms (so
    > this will work in any case despite "what" the CE is supporting), but in the
    > S46 response, will include only the 113, to signal that *only* supports
    > NAT64. Again, not an issue in our opinion.
    > 
    > It is just a matter of having some text in the document that explains this
    > workaround because of the lack of explicit DHCPv6 configuration option for
    > NAT64.
    > 
    > This workaround keeps the door open to a future possible DHCPv6 option for
    > NAT64 and we think is not contradicting RFC8026.
    > 
    > **** While we don't think it breaks anything, RFC8026 authors believe is
    > contradicting RFC8026 (we still don't see how or if it a minor detail in the
    > text, that could be updated with an errata or it requires an RFC8026-bis,
    > etc.).
    > 
    > So the question here. Do the WG believe this is fine? Or somebody can explain
    > if that will break anything/contradicting RFC8026?
    > 
    > OPTION B
    > Exclude 464XLAT from the stateless "priority" setup that allows RFC8026, by
    > setting it on "top of it" (higher priority). So, if the NAT64 prefix is
    > available (by means of PCP or RFC7050), the CE will just configure it,
    > because the ISP is telling him "I've a NAT64 for you, don't care about other
    > options".
    > 
    > This just works, but it forces an ISP to make sure that only the customers
    > that ISP wants to use the NAT64 are able to identify it (only in case, they
    > have different "customer" groups with different mechanisms). If, in the
    > future, we define a DHCP option for NAT64, it forces the ISP to not provide
    > the NAT64 by means of PCP neither RFC7050. A configuration mistake in the ISP
    > network regarding who is getting and what for S46, will still allow the
    > customers to use the NAT64.
    > 
    > OPTION C
    > Similar to b, but having the 464XLAT/NAT64 with the *lower* priority.
    > 
    > In this case, as well, it will work, but it forces the ISP to make sure that
    > for those customers that the ISP wants they use the NAT64, the S46 options
    > must not return anything, otherwise the CE will never use the 464XLAT. So a
    > mistake with the S46 may disallow customers using the NAT64. If, in the
    > future, we define a DHCPv6 option for NAT64, it will just work as well.
    > 
    > Of course, in all the 3 options, there may be other things to consider, but
    > we think it is not possible to predict all them. All them depend on "if we
    > define in the future a DHCPv6 option for NAT64, we will need to update the
    > firmware of the CEs to support that, so it is safe to assume that we may need
    > to revise at that point as well RFC8026 and possibly draft-ietf-v6ops-
    > transition-ipv4aas ...".
    > 
    > Co-authors take: Option A is fine, unless we can understand why it is
    > contradicting RFC8026, then option B, unless we agree to start the work to
    > update RFC8026 to support NAT64 someway (with or without a new DHCPv6
    > option), in which case, option C makes more sense.
    > 
    > Please, let us know what do you think, and specially if you see that the
    > procedure specified as OPTION A, is fine, in which case the issue is
    > resolved.
    > 
    > Thanks!
    > 
    > Regards,
    > Jordi
    > 
    > 
    > 
    > 
    > 
    > **********************************************
    > IPv4 is over
    > Are you ready for the new Internet ?
    > http://www.theipv6company.com
    > The IPv6 Company
    > 
    > This electronic message contains information which may be privileged or
    > confidential. The information is intended to be for the exclusive use of the
    > individual(s) named above and further non-explicilty authorized disclosure,
    > copying, distribution or use of the contents of this information, even if
    > partially, including attached files, is strictly prohibited and will be
    > considered a criminal offense. If you are not the intended recipient be aware
    > that any disclosure, copying, distribution or use of the contents of this
    > information, even if partially, including attached files, is strictly
    > prohibited, will be considered a criminal offense, so you must reply to the
    > original sender to inform about this communication and delete it.
    > 
    > 
    > 
    > _______________________________________________
    > v6ops mailing list
    > v6ops@ietf.org
    > https://www.ietf.org/mailman/listinfo/v6ops
    
    _______________________________________________
    v6ops mailing list
    v6ops@ietf.org
    https://www.ietf.org/mailman/listinfo/v6ops
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

v2.23.0 | Report a Bug | By Email