Re: [v6ops] Is 464XLAT really inferior to all other IPv6 transition technologies? -- Re: updating RFC8026 to support 464XLAT in draft-ietf-v6ops-transition-ipv4aas
Lee Howard <lee@asgard.org> Wed, 13 June 2018 11:12 UTC
Return-Path: <lee@asgard.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F27F8120049 for <v6ops@ietfa.amsl.com>; Wed, 13 Jun 2018 04:12:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level:
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SVVovdCZHJ5a for <v6ops@ietfa.amsl.com>; Wed, 13 Jun 2018 04:12:42 -0700 (PDT)
Received: from atl4mhob06.registeredsite.com (atl4mhob06.registeredsite.com [209.17.115.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D5B01292F1 for <v6ops@ietf.org>; Wed, 13 Jun 2018 04:12:42 -0700 (PDT)
Received: from mailpod.hostingplatform.com (atl4qobmail01pod6.registeredsite.com [10.30.71.209]) by atl4mhob06.registeredsite.com (8.14.4/8.14.4) with ESMTP id w5DBCcGl026574 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <v6ops@ietf.org>; Wed, 13 Jun 2018 07:12:38 -0400
Received: (qmail 4208 invoked by uid 0); 13 Jun 2018 11:12:38 -0000
X-TCPREMOTEIP: 68.100.68.25
X-Authenticated-UID: lee@asgard.org
Received: from unknown (HELO ?192.168.1.135?) (lee@asgard.org@68.100.68.25) by 0 with ESMTPA; 13 Jun 2018 11:12:38 -0000
To: v6ops@ietf.org
References: <FEACFE5A-F2E6-4533-8602-C05F8A1FB59A@consulintel.es> <28C9E7B4-1D2F-4C65-A121-90E9AFB470AD@gmail.com> <CAHL_VyDc1iF7T4k3J1uQvDYUpxaRg7_eOqK6poV_cZ-NAFAEDQ@mail.gmail.com> <7B87AAA7-E5C5-498E-A41E-8927BC554F29@consulintel.es> <CAKD1Yr2HpJFvW3=CQQV6HVr6tOGSW=Kj5mpO-rLLrEEuPZ4vmg@mail.gmail.com> <966D347E-0A4F-4F51-90AB-03D178EF4CEB@consulintel.es> <CAKD1Yr3uSr-KJCOhTJvaf1xh4g7hOqwzxZSv7TNH5fB5Z1VigQ@mail.gmail.com> <C48F6BAD-84CE-4121-B862-218004A417D3@consulintel.es> <CAKD1Yr1_NeLyAmdAJitd=jUKeY0kW8qxV_9FWGCbNf1__ppecw@mail.gmail.com> <018DD24B-DD2F-4B31-A939-328173891F3E@consulintel.es> <CAKD1Yr1ohmb9BUV+KO2Ff+LJ1+pNwQ+-UJ6t7MmwY6PV3MLhyA@mail.gmail.com> <0F82C180-CE02-4DC1-88EE-5BB6CEC46F3C@consulintel.es> <CAKD1Yr1FVdWt446zq9mDec4fsCmN6K=M1MkK4FUWv=RBMQMrbQ@mail.gmail.com> <da095b32-3bb9-d2ec-dd41-e6e526cff83f@hit.bme.hu> <CAKD1Yr3ZbOLbsXFmZqa78ZJ9aaiFnCxAPUVOX26=VoqChA1g-A@mail.gmail.com>
From: Lee Howard <lee@asgard.org>
Message-ID: <63dd2434-bf75-1abd-bb57-53f4be856075@asgard.org>
Date: Wed, 13 Jun 2018 07:12:36 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <CAKD1Yr3ZbOLbsXFmZqa78ZJ9aaiFnCxAPUVOX26=VoqChA1g-A@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------B18A1461EC6314CED87BB993"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/SqF1yJW5-hwrokpz5qFb6rjC1L4>
Subject: Re: [v6ops] Is 464XLAT really inferior to all other IPv6 transition technologies? -- Re: updating RFC8026 to support 464XLAT in draft-ietf-v6ops-transition-ipv4aas
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jun 2018 11:12:45 -0000
So you mean "stateful < stateless"? I haven't looked recently at which packet headers get munged in what ways. Care to save us all half an hour of examining RFCs and tell us which ones? Lee On 06/13/2018 06:55 AM, Lorenzo Colitti wrote: > Here are a few disadvantages of 464xlat: > > * It consumes lots of state on the NAT64 (one state table entry for > every connection). MAP is much better since it uses port ranges. > * It doesn't allow any inbound connections unless the NAT > cooperates. MAP is better in the sense that you can at least > receive connections within your port range. > * The transformation is lossy because there are IPv4 header fields > that cannot be translated. MAP-E is better because the > encapsulation preserves the original packet header. > > > On Wed, Jun 13, 2018 at 6:12 PM Lencse Gábor <lencse@hit.bme.hu > <mailto:lencse@hit.bme.hu>> wrote: > > Dear Lorenzo, > > I think it is a rather strong statement that "464XLAT is pretty > much the worse of the transition mechanisms from a technical > perspective." > > We have listed 26+ IPv6 transition technologies in our workshop > paper [1], but there are even more solutions exist. > > Which of them do you mean to be better than 464XLAT? > > What technical points do you consider when stating that 464XLAT is > worse than the others? (E.g. resource consumption, scalability, > security, ease of implementation, etc.) > > I think it is important for network operators to have a balanced > view of the advantages and disadvantages of the different IPv6 > transition mechanisms, this is why I am asking these questions. > > Best regards, > > Gábor Lencse > > > [1] G. Lencse and Y. Kadobayashi, "Survey of IPv6 Transition > Technologies for Security Analysis", IEICE Communications Society > Internet Architecture Workshop, Tokyo, Japan, Aug. 28, 2017, > /IEICE Tech. Rep./, vol. 117, no. 187, pp. 19-24. Available > online: > http://www.hit.bme.hu/~lencse/publications/IEICE-IA-2017-survey.pdf > <http://www.hit.bme.hu/%7Elencse/publications/IEICE-IA-2017-survey.pdf> > > > 6/13/2018 9:38 AM keltezéssel, Lorenzo Colitti írta: >> That goes back to my earlier point of that from a technical >> perspective 464xlat is pretty much the worst of the transition >> mechanisms.. I don't think we should be recommending running it >> on wireline at all, let alone prioritizing it over something else >> .:-) >> >> On Wed, Jun 13, 2018 at 3:50 PM JORDI PALET MARTINEZ >> <jordi.palet=40consulintel.es@dmarc.ietf.org >> <mailto:40consulintel.es@dmarc.ietf.org>> wrote: >> >> Lorenzo, you’re missing the key aspect: Being able to >> prioritize, when an ISP supports several transition mechanisms. >> >> RFC8026 key aspect is priority. If we don’t add an option >> code for 464XLAT, then it can’t be managed the same way. >> >> >> Regards, >> >> Jordi >> >> *De: *v6ops <v6ops-bounces@ietf.org >> <mailto:v6ops-bounces@ietf.org>> en nombre de Lorenzo Colitti >> <lorenzo=40google.com@dmarc.ietf.org >> <mailto:40google.com@dmarc.ietf.org>> >> *Fecha: *miércoles, 13 de junio de 2018, 4:45 >> *Para: *<jordi.palet=40consulintel.es@dmarc.ietf.org >> <mailto:40consulintel.es@dmarc.ietf.org>> >> *CC: *"v6ops@ietf.org <mailto:v6ops@ietf.org> WG" >> <v6ops@ietf.org <mailto:v6ops@ietf.org>> >> *Asunto: *Re: [v6ops] updating RFC8026 to support 464XLAT in >> draft-ietf-v6ops-transition-ipv4aas >> >> On Tue, Jun 12, 2018 at 7:40 PM JORDI PALET MARTINEZ >> <jordi.palet=40consulintel..es@dmarc.ietf.org >> <mailto:40consulintel.es@dmarc.ietf.org>> wrote: >> >> You don’t need RFC7050 neither DNS64, you can use PCP >> (RFC7225) to tell the CLAT the NAT64 prefix. It also >> provides additional advantages to the operator to control >> many related aspects (see section 3 of RFC7225). >> >> 1.If the operator wants to enable 464xlat: they should >> hand out a DNS64 to the CPE. >> >> 2.If the operator wants to disable 464xlat: they should >> NOT hand out a DNS64 to the CPE. >> >> This doesn’t work, because the operator may be using >> RFC7225 instead of RFC7050. You need to try both in that >> case, and you aren’t providing a “priority” to a possible >> list of mechanisms, which is what RFC8026 does. >> >> But it's the same problem again: what's the use case for this >> DHCPv6 option? An operator that's using RFC7225 has an easy >> way to tell the CPE not to do 464xlat: don't hand out the >> prefix64 to those CPEs. So this is already possible today. >> >> 3.If the operator uses 464xlat, they should not allow the >> user to change the DNS server. >> >> Let’s be realistic. You can’t “force” the customer to >> avoid changing the DNS … >> >> On an operator-managed CPE, you can. On a user-managed CPE, >> you can't. But on such a CPE you probably shouldn't be >> disabling 464xlat. If the user wants to use it, it's their >> CPE, right? >> >> _______________________________________________ v6ops mailing >> list v6ops@ietf.org <mailto:v6ops@ietf.org> >> https://www.ietf.org/mailman/listinfo/v6ops >> >> >> ********************************************** >> IPv4 is over >> Are you ready for the new Internet ? >> http://www.consulintel.es >> The IPv6 Company >> >> This electronic message contains information which may be >> privileged or confidential. The information is intended to be >> for the exclusive use of the individual(s) named above and >> further non-explicilty authorized disclosure, copying, >> distribution or use of the contents of this information, even >> if partially, including attached files, is strictly >> prohibited and will be considered a criminal offense. If you >> are not the intended recipient be aware that any disclosure, >> copying, distribution or use of the contents of this >> information, even if partially, including attached files, is >> strictly prohibited, will be considered a criminal offense, >> so you must reply to the original sender to inform about this >> communication and delete it. >> >> >> >> _______________________________________________ >> v6ops mailing list >> v6ops@ietf.org <mailto:v6ops@ietf.org> >> https://www.ietf.org/mailman/listinfo/v6ops > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org <mailto:v6ops@ietf.org> > https://www.ietf.org/mailman/listinfo/v6ops > > > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops
- Re: [v6ops] Is 464XLAT really inferior to all oth… JORDI PALET MARTINEZ
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… Ca By
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… Hans Liu
- Re: [v6ops] Is 464XLAT really inferior to all oth… Lee Howard
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… JORDI PALET MARTINEZ
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… Lee Howard
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… nick.heatley
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… JORDI PALET MARTINEZ
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… Lorenzo Colitti
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… JORDI PALET MARTINEZ
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… Lee Howard
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… JORDI PALET MARTINEZ
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… Lee Howard
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… Ca By
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… Lorenzo Colitti
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… nick.heatley
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… Lorenzo Colitti
- Re: [v6ops] Is 464XLAT really inferior to all oth… Lorenzo Colitti
- Re: [v6ops] Disadvantages of MAP protocols -- Re:… Ole Troan
- [v6ops] Disadvantages of MAP protocols -- Re: Is … Lencse Gábor
- Re: [v6ops] Is 464XLAT really inferior to all oth… Alejandro D'Egidio
- Re: [v6ops] Is 464XLAT really inferior to all oth… JORDI PALET MARTINEZ
- Re: [v6ops] Is 464XLAT really inferior to all oth… JORDI PALET MARTINEZ
- Re: [v6ops] Is 464XLAT really inferior to all oth… Philip Homburg
- Re: [v6ops] Is 464XLAT really inferior to all oth… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Lorenzo Colitti
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Lorenzo Colitti
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Philip Homburg
- [v6ops] Is 464XLAT really inferior to all other I… Lencse Gábor
- Re: [v6ops] updating RFC8026 to support 464XLAT i… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Mark Andrews
- Re: [v6ops] updating RFC8026 to support 464XLAT i… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Lorenzo Colitti
- Re: [v6ops] updating RFC8026 to support 464XLAT i… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Lorenzo Colitti
- [v6ops] updating RFC8026 to support 464XLAT in dr… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Fred Baker
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Fred Baker
- Re: [v6ops] updating RFC8026 to support 464XLAT i… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Alejandro Acosta
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Lorenzo Colitti
- Re: [v6ops] updating RFC8026 to support 464XLAT i… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Richard Patterson
- Re: [v6ops] updating RFC8026 to support 464XLAT i… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Philip Homburg
- Re: [v6ops] updating RFC8026 to support 464XLAT i… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Philip Homburg
- Re: [v6ops] updating RFC8026 to support 464XLAT i… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Lorenzo Colitti
- Re: [v6ops] updating RFC8026 to support 464XLAT i… JORDI PALET MARTINEZ
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Philip Homburg
- Re: [v6ops] updating RFC8026 to support 464XLAT i… Alejandro D'Egidio