Re: Comments on the NAT66 draft
james woodyatt <jhw@apple.com> Mon, 10 November 2008 22:28 UTC
Return-Path: <owner-v6ops@ops.ietf.org>
X-Original-To: ietfarch-v6ops-archive@core3.amsl.com
Delivered-To: ietfarch-v6ops-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B035B3A6849 for <ietfarch-v6ops-archive@core3.amsl.com>; Mon, 10 Nov 2008 14:28:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.472
X-Spam-Level:
X-Spam-Status: No, score=-105.472 tagged_above=-999 required=5 tests=[AWL=-0.977, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K0ffFAOPk-us for <ietfarch-v6ops-archive@core3.amsl.com>; Mon, 10 Nov 2008 14:28:34 -0800 (PST)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id C979A3A6893 for <v6ops-archive@lists.ietf.org>; Mon, 10 Nov 2008 14:28:33 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-v6ops@ops.ietf.org>) id 1KzfBK-000NS2-Le for v6ops-data@psg.com; Mon, 10 Nov 2008 22:24:26 +0000
Received: from [17.254.13.22] (helo=mail-out3.apple.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <jhw@apple.com>) id 1KzfBF-000NRa-54 for v6ops@ops.ietf.org; Mon, 10 Nov 2008 22:24:23 +0000
Received: from relay13.apple.com (relay13.apple.com [17.128.113.29]) by mail-out3.apple.com (Postfix) with ESMTP id C91894444643; Mon, 10 Nov 2008 14:24:20 -0800 (PST)
Received: from relay13.apple.com (unknown [127.0.0.1]) by relay13.apple.com (Symantec Mail Security) with ESMTP id AE9C7280D8; Mon, 10 Nov 2008 14:24:20 -0800 (PST)
X-AuditID: 1180711d-a8108bb000000ede-0f-4918b494afd9
Received: from il0602b-dhcp210.apple.com (il0602b-dhcp210.apple.com [17.206.24.210]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay13.apple.com (Apple SCV relay) with ESMTP id 7828A2811A; Mon, 10 Nov 2008 14:24:20 -0800 (PST)
Cc: Behave WG <behave@ietf.org>
Message-Id: <1568D893-1DC9-48CF-A04A-F2B55F31E416@apple.com>
From: james woodyatt <jhw@apple.com>
To: Eric Klein <EricLKlein@softhome.net>, IPv6 Operations <v6ops@ops.ietf.org>
In-Reply-To: <courier.491852A1.000070E6@softhome.net>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v929.2)
Subject: Re: Comments on the NAT66 draft
Date: Mon, 10 Nov 2008 14:24:20 -0800
References: <4911B9E7.8090108@free.fr> <BB56240F3A190F469C52A57138047A03014762B5@xmb-rtp-211.amer.cisco.com> <courier.4912CE09.00003CB8@softhome.net> <BB56240F3A190F469C52A57138047A03014765AF@xmb-rtp-211.amer.cisco.com> <6BB0BB30-7AA4-4821-B9EB-4703794F3C87@muada.com> <courier.4914868B.00003F53@softhome.net> <9937716B-A667-4FB6-8337-9596AD356901@muada.com> <courier.4917F518.00002B4D@softhome.net> <20081110143243.GI89033@Space.Net> <courier.491852A1.000070E6@softhome.net>
X-Mailer: Apple Mail (2.929.2)
X-Brightmail-Tracker: AAAAAA==
Sender: owner-v6ops@ops.ietf.org
Precedence: bulk
List-ID: <v6ops.ops.ietf.org>
On Nov 10, 2008, at 07:26, EricLKlein@softhome.net wrote: > > [...] Now people are trying to revive the patch known as NAT into v6 > when it is still not clear why they are needed beyond "that is how > we always did it" solutions. If RFC 3879 and RFC 4864 are not > detailed enough as to why local only addresses are not part of v6 > lets do a proper need and gap analysis and then design a solution to > what is really needed. As I have periodically tried to remind everyone, there is a usage scenario for NAT in IPv4 that is not addressed by RFC 3879 or RFC 4864, and it remains in my view the one compelling reason for specifying how NAT66 should work. That scenario is the one where stateful packet filtering for application flows is transparently inserted on paths into and out from enterprise networks using an address translation to redirect flows at border routers to the application-filtering middleboxes. You can imagine doing that without address translation, i.e. with tunnels and redirects, but that raises practical issues with path MTU, and it just moves the address translation from the insertion point to the application helper. You've still got the translation and the potential for transparency loss that comes with it. It's important to remember that people deploying systems like this tend to view end-to- end integrity as a bug rather than a feature, and the introduction of potential for transparency loss is the whole point of the exercise. If doing it with NAT66 instead of tunnels and redirects makes practical sense to enterprise network operators, and I think it does, then I assure you... that's how it will be done. As much as I would like to believe that enterprises will stop feeling the need to deploy this kind of nonsense, I'm very skeptical that IETF will be able to change their minds. If we're going to have middleboxes that intercept and process IPv6 application flows, then I don't see how NAT66 or something like it can be avoided. That said, I'm not impressed by the arguments put forward by the opponents of RFC 4864 local network protection who, in my view, are greatly exaggerating the seriousness of the network renumbering problem. My response to that concern is that any organization too small to win a PI allocation and too poor to bear the almost negligible expense of renumbering an IPv6 network [much smaller than renumbering an IPv4 network] is an organization with more serious problems than its difficulty in changing its Internet service provider. I don't see why such organizations should have much standing here, and I think we should ignore them while we have more important problems to solve, e.g. IPv4-IPv6 coexistence matters. -- james woodyatt <jhw@apple.com> member of technical staff, communications engineering
- RE: Comments on the NAT66 draft Wes Beebee (wbeebee)
- RE: [BEHAVE] Comments on the NAT66 draft Wes Beebee (wbeebee)
- Re: Comments on the NAT66 draft EricLKlein
- Re: [BEHAVE] Comments on the NAT66 draft Iljitsch van Beijnum
- RE: [BEHAVE] Comments on the NAT66 draft Wes Beebee (wbeebee)
- Re: Comments on the NAT66 draft Rémi Després
- Re: [BEHAVE] Comments on the NAT66 draft Brian E Carpenter
- Re: [BEHAVE] Comments on the NAT66 draft Margaret Wasserman
- Re: [BEHAVE] Comments on the NAT66 draft Rémi Després
- Re: [BEHAVE] Comments on the NAT66 draft Rémi Després
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft Gert Doering
- Re: Comments on the NAT66 draft Rémi Denis-Courmont
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft Gert Doering
- Re: [BEHAVE] Comments on the NAT66 draft Rémi Després
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft Iljitsch van Beijnum
- Re: Comments on the NAT66 draft EricLKlein
- RE: Comments on the NAT66 draft Gunter Van de Velde (gvandeve)
- Re: Comments on the NAT66 draft Tim Chown
- Re: Comments on the NAT66 draft Margaret Wasserman
- Re: Comments on the NAT66 draft Gert Doering
- Re: Comments on the NAT66 draft Gert Doering
- Re: Comments on the NAT66 draft Gert Doering
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft Gert Doering
- Re: [BEHAVE] Comments on the NAT66 draft Rémi Després
- Re: Comments on the NAT66 draft james woodyatt
- Re: Comments on the NAT66 draft Gert Doering
- Re: Comments on the NAT66 draft ericlklein
- Re: Comments on the NAT66 draft Gert Doering
- The renumbering problem [Re: [BEHAVE] Comments on… Brian E Carpenter
- Re: The renumbering problem [Re: [BEHAVE] Comment… james woodyatt
- Re: The renumbering problem [Re: [BEHAVE] Comment… Gert Doering
- Re: The renumbering problem [Re: [BEHAVE] Comment… james woodyatt
- Re: The renumbering problem [Re: [BEHAVE] Comment… Gert Doering
- Re: The renumbering problem [Re: [BEHAVE] Comment… james woodyatt
- Re: [BEHAVE] The renumbering problem [Re: Comment… Iljitsch van Beijnum