IETF Logo Mail Archive

Re: [v6ops] draft-palet-v6ops-464xlat-opt-cdn-caches **Call for Adoption**

Fernando Gont <fgont@si6networks.com> Fri, 03 January 2020 23:52 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B231120110 for <v6ops@ietfa.amsl.com>; Fri, 3 Jan 2020 15:52:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LDqJ9DRENoVz for <v6ops@ietfa.amsl.com>; Fri, 3 Jan 2020 15:51:57 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E65B1120024 for <v6ops@ietf.org>; Fri, 3 Jan 2020 15:51:56 -0800 (PST)
Received: from [192.168.4.77] (unknown [190.179.40.144]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 2117486AA5; Sat, 4 Jan 2020 00:51:51 +0100 (CET)
To: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>
References: <BN7PR05MB5699BA200FB1CF3F05062EDAAE5A0@BN7PR05MB5699.namprd05.prod.outlook.com>
From: Fernando Gont <fgont@si6networks.com>
Autocrypt: addr=fgont@si6networks.com; prefer-encrypt=mutual; keydata= mQINBE5so2gBEACzBQBLUy8nzgAzSZn6ViXT6TmZBFNYNqTpPRvTVtUqF6+tkI+IEd9N2E8p pXUXCd0W4dkxz6o7pagnK63m4QSueggvp881RVVHOF8oTSHOdnGxLfLeLNJFKE1FOutU3vod GK/wG/Fwzkv9MebdXpMlLV8nnJuAt66XGl/lU1JrNfrKO4SoYQi4TsB/waUQcygh7OR/PEO0 EttiU8kZUbZNv58WH+PAj/rdZCrgUSiGXiWUQQKShqKnJxLuAcTcg5YRwL8se/V6ciW0QR9i /sr52gSmLLbW5N3hAoO+nv1V/9SjJAUvzXu43k8sua/XlCXkqU7uLj41CRR72JeUZ4DQsYfP LfNPC98ZGTVxbWbFtLXxpzzDDT8i3uo7w1LJ2Ij/d5ezcARqw01HGljWWxnidUrjbTpxkJ9X EllcsH94mer728j/HKzC9OcTuz6WUBP3Crgl6Q47gY5ZIiF0lsmd9/wxbaq5NiJ+lGuBRZrD v0dQx9KmyI0/pH2AF8cW897/6ypvcyD/1/11CJcN+uAGIrklwJlVpRSbKbFtGC6In592lhu7 wnK8cgyP5cTU+vva9+g6P1wehi4bylXdlKc6mMphbtSA+T3WBNP557+mh3L62l4pGaEGidcZ DLYT2Ud18eAJmxU3HnM8P3iZZgeoK7oqgb53/eg96vkONXNIOwARAQABtCVGZXJuYW5kbyBH b250IDxmZ29udEBzaTZuZXR3b3Jrcy5jb20+iQJBBBMBAgArAhsjBQkSzAMABgsJCAcDAgYV CAIJCgsEFgIDAQIeAQIXgAUCTmylpQIZAQAKCRCuJQ1VHU50kv7wD/9fuNtTfxSLk3B3Hs3p ixTy8YXVjdkVwWlnJjFd7BOWmg7sI+LDhpjGfT6+ddOiwkumnvUZpObodj4ysH0i8c7P4C5t F9yu7WjklSlrB5Rth2CGChg5bKt541z2WHkFFxys9qBLmCSYDeKQkzLqhCjIUJizY2kOJ2GI MnSFDzJjhSFEh//oW830Y8fel1xnf/NVF+lBVtRMtMOfoWUqDjvP3sJ1G4zgkDCnF0CfncLx +hq2Mv26Uq9OTzvLH9aSQQ/f067BOkKAJKsfHdborX4E96ISTz57/4xECRSMr5dVsKVm4Y// uVIsb+L5z+a32FaiBZIAKDgnJO7Z8j6CV5e5yfuBTtX52Yi9HjYYqnYJGSDxYd6igD4bWu+7 xmJPHjkdqZgGV6dQIgiUfqkU+s5Cv350vK48CMaT/ZLo2BdsMhWsmaHmb+waePUMyq6E4E9x 9Js+EJb9ZiCfxS9exgieZQpet1L36IvhiwByvkQM009ywfa30JeMOltUtfLi5V06WQWsTzPL 5C+4cpkguSuAJVDTctjCA0moIeVDOpJ8WH9voQ4IeWapQnX35OIoj1jGJqqYdx65gc1ygbyx b8vw+pJ9E5GLse5TQnYifOWpXzX9053dtbwp/2OVhU4KLlzfCPCEsoTyfu9nIZxdI2PMwiL5 M85BfjX4NmwBLmPGoLkCDQRObKNoARAAqqXCkr250BchRDmi+05F5UQFgylUh10XTAJxBeaQ UNtdxZiZRm6jgomSrqeYtricM9t9K0qb4X2ZXmAMW8o8AYW3RrQHTjcBwMnAKzUIEXXWaLfG cid/ygmvWzIHgMDQKP+MUq1AGQrnvt/MRLvZLyczAV1RTXS58qNaxtaSpc3K/yrDozh/a4pu WcUsVvIkzyx43sqcwamDSBb6U8JFoZizuLXiARLLASgyHrrCedNIZdWSx0z0iHEpZIelA2ih AGLiSMtmtikVEyrJICgO81DkKNCbBbPg+7fi23V6M24+3syHk3IdQibTtBMxinIPyLFF0byJ aGm0fmjefhnmVJyCIl/FDkCHprVhTme57G2/WdoGnUvnT7mcwDRb8XY5nNRkOJsqqLPemKjz kx8mXdQbunXtX9bKyVgd1gIl+LLsxbdzRCch773UBVoortPdK3kMyLtZ4uMeDX3comjx+6VL bztUdJ1Zc9/njwVG8fgmQ+0Kj5+bzQfUY+MmX0HTXIx3B4R1I1a8QoOwi1N+iZNdewV5Zfq+ 29NlQLnVPjCRCKbaz9k6RJ2oIti55YUI6zSsL3lmlOXsRbXN5bRswFczkNSCJxJMlDiyAUIC WOay7ymzvgzPa+BY/mYn94vRaurDQ4/ljOfj6oqgfjts+dJev4Jj89vp8MQI3KJpZPEAEQEA AYkCJQQYAQIADwUCTmyjaAIbDAUJEswDAAAKCRCuJQ1VHU50km4xEACho45PZrUjY4Zl2opR DFNo5a6roTOPpgwO9PcBb3I5F8yX2Dnew+9OhgWXbBhAFq4DCx+9Gjs43Bn60qbZTDbLGJ/m 8N4PwEiq0e5MKceYcbetEdEUWhm5L6psU9ZZ82GR3UGxPXYe+oifEoJjOXQ39avf9S8p3yKP Diil0E79rn7LbJjMcgMLyjFg9SDoJ6pHLtniJoDhEAaSSgeV7Y745+gyMIdtQmrFHfqrFdjq D6G0HE+Z68ywc5KN67YxhvhBmSycs1ZSKAXv1zLDlXdmjHDHkU3xMcB+RkuiTba8yRFYwb/n j62CC4NhFTuIKOc4ta3dJsyXTGh/hO9UjWUnmAGfd0fnzTBZF8Qlnw/8ftx5lt4/O+eqY1EN RITScnPzXE/wMOlTtdkddQ+QN6xt6jyR2XtAIi7aAFHypIqA3lLI9hF9x+lj4UQ2yA9LqpoX 6URpPOd13JhAyDe47cwsP1u9Y+OBvQTVLSvw7Liu2b4KjqL4lx++VdBi7dXsjJ6kjIRjI6Lb WVpxe8LumMCuVDepTafBZ49gr7Fgc4F9ZSCo6ChgQNLn6WDzIkqFX+42KuHz90AHWhuW+KZR 1aJylERWeTcMCGUSBptd48KniWmD6kPKpzwoMkJtEXTuO2lVuborxzwuqOTNuYg9lWDl7zKt wPI9brGzquUHy4qRrA==
Message-ID: <8956e2c3-3f4d-9edd-ffc6-5ce5015b517c@si6networks.com>
Date: Fri, 03 Jan 2020 18:40:11 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
MIME-Version: 1.0
In-Reply-To: <BN7PR05MB5699BA200FB1CF3F05062EDAAE5A0@BN7PR05MB5699.namprd05.prod.outlook.com>
Content-Type: text/plain; charset="windows-1252"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/VTRebd93tDNQuHdzYrUiWEa8-tA>
Subject: Re: [v6ops] draft-palet-v6ops-464xlat-opt-cdn-caches **Call for Adoption**
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2020 23:52:00 -0000

Folks,

I've read the document, and have the following comments:

It would seem to me is that this document has resulted from an
operators' concern that deployment of 464xlat might result in
unnecessary heavyweight use of the stateful PLAT, leading to scalability
problems or unnecessary money spendings. In that sense, I would like the
issue to be documented (even if somehow we don't agree on a workaround).

So I support the adoption of this document (or some version of it) --
i.e., there's value in documenting the issue itself.

That said, I think that further work is required on the document. PLease
find my review below:


**** Some meta comments ****

* Meta: I'd put more stress on why this "optimization" is important. You
delve into many other (rather unnecessary) details, but don't elaborate
much regarding why this "optimization" is important.

* Meta: It'd be important to note that, according to the Abstract of
RFC6877, 464XLAT assumes IPv4 services over an IPv6-only node. In that
sense, the behavior you describe is kind of "expected", and what you
describe would seem to me more of a mechanism to *opt out of 464xlat*
than an optimization to 464XLAT itself.

* It would seem to me that the cases where this issue is more of a
concern is essentially smartboxes (smart TVs) consuming media from large
CDNs. If so, this should be spelled out, since this essentially sets the
context for what options/approaches can be considered acceptable.



*** Some specific comments: ****

* Abstract: I'm curious if the term "NAT46" can be confusing, for
multiple reasons (for instance, it's not specified in RFC7915). Just use
"SIIT", and the context (i.e., describe what's on each side of the SIIT
device, and what's the intent).


* Introduction:
It seems to me the intro contains too many unnecessary details. e.g.,
just talk about the CLAT as an abstract concept. Where/how
(specifically) it is implemented is mostly irrelevant in the context of
this document.


* Section 4:
Is the option where packets might get to the Cache with *private space*
worth mentioning/describing/discussing?


* Section 4.3:
   One more advantage of this solution is that the EAMT pairs doesn't
   need to match the "real" IPv4/IPv6 addresses available in the A/AAAA
   records, as shown in the next example.

Please elaborate.


* Section 5:
   If NAT46/CLAT/DNS-proxy-EAM approach (Section 4.2) is chosen, it can
   be complemented to resolve this issue, by means of making sure that
   IPv6-only destinations have one A resource record (even an invalid
   one), despite they aren't actually connected to IPv4.

Not sure what you mean.


* Section 5:
   In fact, it may become an incentive for the IPv6 deployment in
   Internet services and provides the option to use an IPv4 address
   (maybe anycast) for the "non-valid" A resource record, that points to
   a "universal" web page (maybe hosted by IETF?) that displays a
   warning such as "Sorry, you don't IPv6 support in your operator, so
   this service is not available for you".

Please *no*, for so many different reasons. -- including "the average
user doesn't care about IPv6, and may not even be aware of what it is".



* Section 6:
   Should we recommend having A records for IPv6-only services in
   Internet?  The A record may point to a "reserved" or "special" IPv4
   address.  A web page IPv4-only hosted by IETF(?) showing "sorry this
   web page/service is only available from IPv6 enabled operators"?.

Please no. This assumes (?) hosts prefer IPv6, but they don't need to.
In which case they would get to such page and have a not so great
WTH(!?) moment.



* Section 6:
   NAT46/CLAT/DNS-proxy-EAM approach (Section 4.2) seems the right
   solution for optimizing the access to dual-stack services, whether
   they are located inside or outside the ISP.

It would seem to me that, actually, Approach #3, when the ISP has no
control on the CDN, or approach #1 (when it does), are the way to go.
Approach #2 seems rather complex, with the consequent opportunities to
screw up.


* Section 6:
   SIIT already has a SHOULD for EAM support.  Should 464XLAT be updated
   by this document so the CLAT has a MUST for EAM support?.

464xlat employs existing technologies. So I'm not sure you can do a MUST
in 464xlat, when it relies on SIIT, and for SIIT the requirement is a
SHOULD.

Besides, the 464xlat spec does not even employ RFC2119 language.



* Section 7:

Any solution where you spoof DNS records would play bad with DNSsec.
This should at least be discussed.


Thanks!

Cheers,
Fernando




On 11/12/19 14:24, Ron Bonica wrote:
> Folks,
> 
>  
> 
> Each week between now and IETF 107, we will review and discuss one draft
> with an eye towards progressing it.
> 
>  
> 
> This week, please review and comment on
> draft-palet-v6ops-464xlat-opt-cdn-caches.
> 
>  
> 
> When reviewing this draft, please indicate whether you think that V6OPS
> should adopt it a s a work item.
> 
>  
> 
>                                                       Fred and Ron
> 
>  
> 
> 
> Juniper Business Use Only
> 
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
> 


-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email