IETF Logo Mail Archive

Re: [v6ops] 464xlat case study (was reclassify 464XLAT as standard instead of info)

Mark Andrews <marka@isc.org> Tue, 26 September 2017 23:45 UTC

Return-Path: <marka@isc.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E07151344BA for <v6ops@ietfa.amsl.com>; Tue, 26 Sep 2017 16:45:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bgElqTKouFSK for <v6ops@ietfa.amsl.com>; Tue, 26 Sep 2017 16:45:21 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2BE11344BD for <v6ops@ietf.org>; Tue, 26 Sep 2017 16:45:19 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ams1.isc.org (Postfix) with ESMTPS id CEA8424B348; Tue, 26 Sep 2017 23:44:38 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 60342160052; Tue, 26 Sep 2017 23:44:46 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 3F954160087; Tue, 26 Sep 2017 23:44:46 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id xQo0rMeF8cfY; Tue, 26 Sep 2017 23:44:46 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id B99D7160052; Tue, 26 Sep 2017 23:44:45 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 9E339881608F; Wed, 27 Sep 2017 09:44:40 +1000 (AEST)
To: "Heatley,N,Nick,TQB R" <nick.heatley@bt.com>
Cc: IPv6 Ops WG <v6ops@ietf.org>
From: Mark Andrews <marka@isc.org>
References: <LO1P123MB01168388285206BB7C26F029EA7A0@LO1P123MB0116.GBRP123.PROD.OUTLOOK.COM> <20170925225028.DABE487DE1F6@rock.dv.isc.org> <LO1P123MB0116A19599D13DB643BBB3E3EA7B0@LO1P123MB0116.GBRP123.PROD.OUTLOOK.COM>
In-reply-to: Your message of "Tue, 26 Sep 2017 21:14:41 +0000." <LO1P123MB0116A19599D13DB643BBB3E3EA7B0@LO1P123MB0116.GBRP123.PROD.OUTLOOK.COM>
Date: Wed, 27 Sep 2017 09:44:40 +1000
Message-Id: <20170926234440.9E339881608F@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/_VrrhgNeFrM4k5WRfVCvvxJt3rs>
Subject: Re: [v6ops] 464xlat case study (was reclassify 464XLAT as standard instead of info)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Sep 2017 23:45:23 -0000

In message <LO1P123MB0116A19599D13DB643BBB3E3EA7B0@LO1P123MB0116.GBRP123.PROD.OU
TLOOK.COM>, "Heatley,N,Nick,TQB R" writes:
> Mark, What is this encapsulation solution?

DS-Lite or MAP-E.

> There is no running code for this on client devices, as far as I know -
> regardless of whether we set various vendors' "junior developers" on
> various parts of 3GPP core stack.

Well there is running code for both DS-Lite and I'm pretty sure
there is running code for MAP-E.  Millions of broadband CPE routers
do DS-Lite today.  Given the rate phones get broken, which is the
only reason Apple can get away with their aggressive deprecation
strategy, if you deployed to day you would have a very large deployed
base in 3 years.

Remember the phone and operator can support NAT64/DNS64 and DS-Lite
and/or MAP-E at the same time and the operator can see with a 100%
accuracy which devices support DS-Lite or MAP-E as they advertise
the fact that they do.  This allows the operator to see when legacy
NAT64/DNS64 population gets low enough for it to be switched off.

Alternatively they can play APN games.

> The alternative for an operator concerned with exhaustion of private
> addressing, is to start running overlapping copies of the private address
> ranges; for different customer segments or data centres or regions of the
> network.
> I am deadly serious about this, this is what operators have done. This
> comes with or without IPv6, because if you have to run v4 why add in a
> second address family?

Because the operating cost get higher and higher.  Because you still need
to add more public IPv4 addresses as your customer base increases.

> I guess you will be happy with this outcome because you believe NAT44 CGN
> is superior to NAT64 CGN. But I think you are missing the point.
> As others have stated, your perceived issues are all problems tied to
> IPv4. I have a way that drives IPv6-only in my network.

You have a way that puts costs on everyone else.  It isn't the only way.

DS-Lite is a IPv6-only solution all the way to the end device.
MAP-E is a IPv6-only solution all the way to the end device.

DS-Lite and MAP-E both support tethered devices.
DS-Lite the device doesn't perform NAT on the IPv4 traffic.
MAP-E the device needs to NAT the IPv4 traffic in the MAP address/port range.

Mark

> -----Original Message-----
> From: Mark Andrews mailto:marka@isc.org
> Sent: 25 September 2017 23:50
> To: Heatley,N,Nick,TQB R <nick.heatley@bt.com>
> Cc: IPv6 Ops WG <v6ops@ietf.org>
> Subject: Re: v6ops 464xlat case study (was reclassify 464XLAT as standard
> instead of info)
>
>
> In message
> <LO1P123MB01168388285206BB7C26F029EA7A0@LO1P123MB0116.GBRP123.PROD.OUTLOOK
> .COM>, "Heatley,N,Nick,TQB R" writes:
> > There are no arguments about architecture, there are only arguments
> > about requirements.
> >
> > Here is my case study on NAT64/DNS64/464xlat.
> > My requirements:
> >
> >   *   A solution for multi-million numbers of consumer nodes
> (smartphones)
> >   *   Mitigate IPv4 private and public address exhaustion
> >   *   Encapsulation is not compatible with the core of 3GPP mobile
> > networks  only translation is Core & Service-LAN friendly.
> >   *   Keep the provider network simple  the overhead of two address
> > families per customer in the mobile core is undesirable (as it doubles
> > the control plane signalling)
> >   *   2 consumer usecases (on the same Internet APN) to consider
> > on-device apps (smartphone+apps), tethering (smartphone+wifi-tethered
> > device of an unknown OS)
>
> The problem with those requirement is that miss the most important one.
>
> 	Don't do damage.
>
> DNS64 does damage to the DNS.
> NAT64 does damage to IPv6.
>
> DNS64/NAT64 and 464XLAT externalise the cost of not upgrading the billing
> software to unwrap the encapsulation.
>
> > Thanks to esteemed Android developers putting 464xlat into Android,
> > otherwise this wouldnt have happened.
> > DNS64/NAT64 did not get put into production until 464xlat appeared on
> > Android.
> > I had zero IPv6 clients until 464xlat, IPv6 was insufficient without it.
> > Prefix-share + 464xlat gave the tethering use-case support.
> > The result has been rapid deployment, meeting all the requirements, we
> > currently observe something like 70% of an IPv6-only devices traffic
> > is
> > IPv6-IPv6 based (and NAT-free).
>
> Just running the dual stack and a regular CGN rather than a NAT64 also
> achieves that as IPv6 nodes prefer IPv6 over IPv4 as the transport.
>
> > I have a good amount of internal mobile core traffic that is IPv6-only
> > (the combination of IPv6-only IMS APN for VoWifi and VoLTE, and this
> > internet APN).
> >
> > So this is my opinion: 464xlat is the currently the adopted approach
> when:
> > - IPv4 addresses are (near) exhausted for the mass-market,
> > - AND the provider network demands a translation technology (i.e.
> > incompatible with encaps.)
> > - AND at the client end,  apps are not purged of IPv4 literals OR
> > tethering to an unknown OS is required
>
> AND you are willing to be selfish and ignore the costs you are
> externalising on everyone else.
>
> No network DEMANDS translation technology.  You could have spent a little
> bit of developer time and upgraded the billing software to understand
> about encapsulation.  Its a very simple concept.  Even the most junior of
> developers could have done this.
>
> > What is the point of seeking BCP for 464xlat? I am not entirely sure.
> > It should not be to try to select Apple vs Android approaches, I want
> > to see both approaches successful.
> > Maybe it is to keep IETF relevant to the real world requirements and
> > specific usecases. Id like to see IETF do more on usecases/solution
> > context, BCPs can set the context, right?
> > Maybe I can use it to help drive an IPv6-only 5G?
> > Nick
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email