IETF Logo Mail Archive

Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments

<nick.heatley@bt.com> Wed, 04 July 2018 08:13 UTC

Return-Path: <nick.heatley@bt.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8758130DC1 for <v6ops@ietfa.amsl.com>; Wed, 4 Jul 2018 01:13:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btgroupcloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F91BwJj745cf for <v6ops@ietfa.amsl.com>; Wed, 4 Jul 2018 01:13:49 -0700 (PDT)
Received: from smtpe1.intersmtp.com (smtpe1.intersmtp.com [62.239.224.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78046130DEC for <v6ops@ietf.org>; Wed, 4 Jul 2018 01:13:48 -0700 (PDT)
Received: from tpw09926dag09f.domain1.systemhost.net (10.9.202.40) by RDW083A005ED61.bt.com (10.187.98.10) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 4 Jul 2018 09:13:54 +0100
Received: from tpw09926dag03f.domain1.systemhost.net (10.9.202.22) by tpw09926dag09f.domain1.systemhost.net (10.9.202.40) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Wed, 4 Jul 2018 09:13:45 +0100
Received: from RDW083A007ED63.bt.com (10.187.98.12) by tpw09926dag03f.domain1.systemhost.net (10.9.202.22) with Microsoft SMTP Server (TLS) id 15.0.1293.2 via Frontend Transport; Wed, 4 Jul 2018 09:13:45 +0100
Received: from GBR01-LO2-obe.outbound.protection.outlook.com (23.103.134.180) by smtpe1.intersmtp.com (62.239.224.236) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 4 Jul 2018 09:14:00 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=BTGroupCloud.onmicrosoft.com; s=selector1-bt-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C6u5OPuGhvSneYHbMm9LacCjtjN8pC+xiOzCv3+jv0c=; b=SkgXdFYdFfhhyAhRCAdd+6LzvBjIRhEKtwam36ISSu4ni7zFl5wJ0zr1QrP5VFVWzcx9DFgbx7I9aUUAa6gSwkDs1mSlEnmYi7+JTY7uarpEPeq5Moj/3L4xZoiZESMjaZ1JMeAKT59ISqePFA9SQZn9Bvhda8u0R3265f9JRrQ=
Received: from LO1P123MB0098.GBRP123.PROD.OUTLOOK.COM (10.167.24.141) by LO1P123MB0019.GBRP123.PROD.OUTLOOK.COM (10.166.224.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.906.25; Wed, 4 Jul 2018 08:13:43 +0000
Received: from LO1P123MB0098.GBRP123.PROD.OUTLOOK.COM ([fe80::7c12:6cbe:b2c9:e22b]) by LO1P123MB0098.GBRP123.PROD.OUTLOOK.COM ([fe80::7c12:6cbe:b2c9:e22b%5]) with mapi id 15.20.0930.016; Wed, 4 Jul 2018 08:13:43 +0000
From: nick.heatley@bt.com
To: marka@isc.org, cb.list6@gmail.com
CC: v6ops@ietf.org
Thread-Topic: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments
Thread-Index: AQHUE0FN8WL36YCkkk2HPoHewMHHKaR+tdng
Date: Wed, 04 Jul 2018 08:13:43 +0000
Message-ID: <LO1P123MB009802AF44568758A8A3ECB4EA410@LO1P123MB0098.GBRP123.PROD.OUTLOOK.COM>
References: <CAD6AjGQqaQumYyBPVG6qkc9cs+jSGFKgUnGHkMfJmtes5Fk47g@mail.gmail.com> <AD5D4A8E-8A02-463B-A222-3D32A6235DF4@gmail.com> <CAD6AjGQsDq1ELdZPnaAtbZPq5SZoXbD--W5JS5tkN63J1D=W9g@mail.gmail.com> <2F5CCC76-4364-4B66-B956-199969CFFCB4@isc.org>
In-Reply-To: <2F5CCC76-4364-4B66-B956-199969CFFCB4@isc.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=nick.heatley@bt.com;
x-originating-ip: [77.97.239.204]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; LO1P123MB0019; 7:MEoKdID7ufKIOimK/XxMfCcynBMq9Frxw4LrM9zhSEnv2kgMoE3TTf7dcaTipHmktwae6sJ0ksKCtdNvQ9zpxezJr7Vh36ltRz+//S3cNXTHMkhKHXkYe7AS+Ojuvps7RtPrcelWECv/0fteJ5cY70f7/JDu/4ULVQpH7G9UVwqWFy8mRCrWGKOEdjyEbd1j9QrzrZoz/WL9SWfLQ062Uf53WSHOUHfcBXyfZOJuRu/c9V1thmecW7qRTEOSvVhU
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 3df5abdd-39df-4b9a-94bf-08d5e1860ef7
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:LO1P123MB0019;
x-ms-traffictypediagnostic: LO1P123MB0019:
x-antispam-2: 1
x-microsoft-antispam-prvs: <LO1P123MB00193113E2A737F43B3E8E79EA410@LO1P123MB0019.GBRP123.PROD.OUTLOOK.COM>
x-exchange-antispam-report-test: UriScan:(120809045254105)(85827821059158);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231254)(944501410)(52105095)(3002001)(93006095)(93001095)(10201501046)(149027)(150027)(6041310)(20161123562045)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:LO1P123MB0019; BCL:0; PCL:0; RULEID:; SRVR:LO1P123MB0019;
x-forefront-prvs: 0723A02764
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(346002)(366004)(376002)(396003)(39860400002)(51444003)(13464003)(199004)(189003)(3846002)(186003)(26005)(25786009)(99286004)(6116002)(14454004)(305945005)(5250100002)(14444005)(86362001)(7736002)(53546011)(8676002)(966005)(478600001)(256004)(7696005)(6506007)(2900100001)(102836004)(76176011)(6436002)(2906002)(39060400002)(68736007)(316002)(4326008)(5660300001)(8936002)(81166006)(97736004)(74316002)(81156014)(106356001)(53936002)(66066001)(110136005)(55016002)(6246003)(105586002)(33656002)(446003)(9686003)(6306002)(229853002)(93886005)(486006)(11346002)(476003); DIR:OUT; SFP:1101; SCL:1; SRVR:LO1P123MB0019; H:LO1P123MB0098.GBRP123.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: bt.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 9UOFxieo/JI15LVb2eWFPnXVdRZsKO2GQtXwtu1em0SzNNvdT67yVSAXs72MQhOfgTCYd5oA44w3g/le/qPPgde0m3OwI/6uENbeHezBLzaAdMm9adSVsowcdFJLD5CyMrG702x2DGhbLHqnX63yP0pw+X4UktfXr9y41XufF80x4GVc26w0zHthEji+Q6i7fd41nRjqYoukIwoAs8t6rCVFB2Hq4LAipTsT3l/Qp5iIeSPNt4L1hYuT7jMpM8bAnfok7hm4my2KBkPXMf4wB7w7wUlHlAL4gJ0cQepNruHX1ZvtWpMX2iyj+S0fyFyM/2PdvU4epszg8RqtlEW1EVds4xZEQXghouuCapM+H1o=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 3df5abdd-39df-4b9a-94bf-08d5e1860ef7
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jul 2018 08:13:43.4596 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a7f35688-9c00-4d5e-ba41-29f146377ab0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO1P123MB0019
X-OriginatorOrg: bt.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/ROraF7Cf_RFuQj5snm_UPG1rNnI>
Subject: Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2018 08:13:53 -0000

You are arguing to make DNS64 historic. I think that case is mutually exclusive.
What I mean is, I don't see that v6ops/IETF should stop trying to make DNS64 workable/compatible until the point it is retired. So it is not an argument against draft-byrne-v6ops-dnssecaaaa.


-----Original Message-----
From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Mark Andrews
Sent: 04 July 2018 03:46
To: Ca By <cb.list6@gmail.com>
Cc: v6ops@ietf.org WG <v6ops@ietf.org>
Subject: Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments

While it will mitigate things it is a case of the tail wagging the dog and really the correct solution is to make DNS64 historic.  DNS64 has always been a case of tail-wagging-dog.

Accounting could have been fixed by “if next hop is IPv4 do accounting on the that layer”.  That should have been a quick fix for the telcos.

It was claimed "This will be a short term hack”.  Yeh, really?

It was claimed “Hosts won’t need to be upgraded” yet all those hosts (cell
phones) supported personal hotspots with IPv4 clients.  Almost all cell phones have some mechanism to support IPv4 clients today.

It was claimed “Than DNS64 was the only way that would let one know when it was safe to turn off IPv4 as a service as nothing else would move the traffic to IPv6”.  Yet we see traffic prefering IPv6 instead of IPv4 when DNS64 is not in use.

It was claimed that DNS64/NAT64 was better than tunnels yet it has basically all the same problems.  You have a smaller PMTU for translated packets.  Bring with it PMTUD problems, mss re-writing in the NAT64 mitigates some of the for TCP but the problem still exists.

It was argued at the time DNSSEC problems were not properly addressed and that has been demonstrated to be true.

The IETF process itself doesn’t lead to got solutions because if you have argued in the working group against something you get ignored at IETF last call with “you argued that in the W-G and lost”.

There is NO REASON to keep DNS64.  The current crop of phones will work without it.  464XLAT doesn’t need DNS64, it just need ipv4only.arpa configured on the recursive servers.  For wireline / fixed wireless / personal hotspot there are
IPv4 only clients that have to be handled so DNS64/NAT64 was never enough.

Put DNS64 out of its misery.

> On 4 Jul 2018, at 5:37 am, Ca By <cb.list6@gmail.com> wrote:
> 
> 
> 
> On Tue, Jul 3, 2018 at 10:11 AM Fred Baker <fredbaker.ietf@gmail.com> wrote:
> A general note. I have wondered aloud about interest in several new drafts, and managed to miss Cameron's:
> 
> https://datatracker.ietf.org/doc/draft-byrne-v6ops-dnssecaaaa
> https://tools.ietf.org/html/draft-byrne-v6ops-dnssecaaaa
>   "DNSSEC Resource Record Should Include AAAA", Cameron Byrne, 
> 2018-07-01,
> 
> If you want it on the agenda in two weeks, now would be the time to say so.
> 
> No, i will not be present. 
> 
> But  i am interested in folks sending feedback on if this is useful.  The goal of this I-D is to harmonize dns64 and dnssec deployment with an ideal solution, as opposed to falling into a worst case where folks pick one or the other.
> 
> 
> 
> > Begin forwarded message:
> > 
> > From: Ca By <cb.list6@gmail.com>
> > Subject: Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments
> > Date: July 2, 2018 at 2:55:09 PM PDT
> > To: Fred Baker <fredbaker.ietf@gmail.com>
> > Cc: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>, 
> > "v6ops@ietf.org list" <v6ops@ietf.org>
> > 
> > 
> > 
> > On Mon, Jul 2, 2018 at 1:41 PM Fred Baker <fredbaker.ietf@gmail.com> wrote:
> > 
> > 
> > > On Jul 2, 2018, at 1:17 PM, JORDI PALET MARTINEZ <jordi.palet@consulintel..es> wrote:
> > >
> > > DNSSEC is *only* broken if the dual-stack host is doing DNSSEC validation over the synthetized AAAA.
> > 
> > So you're worried about DNSSEC validation working through NAT64 in the case that the host is using the DNS service in the IPv4 network through the NAT64 device.
> > 
> > That doesn't have anything to do with DNS64; an a 464XLAT network, if we believe RFC 6877, the issue you raise happens in the absence of DNS64.
> > 
> > A good postion for the IETF to take is that one should only produce 
> > a signed A if they can also produce a signed AAAA, which is not a 
> > tall order these says
> > 
> > https://tools.ietf.org/html/draft-byrne-v6ops-dnssecaaaa-00
> > 
> > 
> > _______________________________________________
> > v6ops mailing list
> > v6ops@ietf.org
> > https://www.ietf.org/mailman/listinfo/v6ops
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org

_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email