IETF Logo Mail Archive

Re: [v6ops] FYI: Microsoft's latest on CLAT

Ole Troan <otroan@employees.org> Mon, 11 March 2024 07:53 UTC

Return-Path: <otroan@employees.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85C16C14F6AE for <v6ops@ietfa.amsl.com>; Mon, 11 Mar 2024 00:53:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=employees.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tCOJAibmay29 for <v6ops@ietfa.amsl.com>; Mon, 11 Mar 2024 00:53:37 -0700 (PDT)
Received: from proxmox01.kjsl.com (proxmox01.kjsl.com [204.87.183.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32EEBC14F5E0 for <v6ops@ietf.org>; Mon, 11 Mar 2024 00:53:37 -0700 (PDT)
Received: from proxmox01.kjsl.com (localhost.localdomain [127.0.0.1]) by proxmox01.kjsl.com (Proxmox) with ESMTP id 8D2EAE72FA; Mon, 11 Mar 2024 07:53:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=employees.org; h=cc:cc:content-transfer-encoding:content-type:content-type :date:from:from:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=prox2023; bh=Bp/KpwmSl97L8/h7 W+74gg6lBePACWUkXaMiUmk34u0=; b=Uct9lKefo684OIYaIEcZ2SODUq1vArNH suZpGI1OR0dQx8wwCxZkEFMJfO83SvlldxZeIfJkLaeZH22obqhJhHqm7quXIq4i /q5IXSpyy2PULXtldWClsdROOYy91fu8+ocZ4K8ZTYqYMMZj83DP2W4/h9vSURA5 nOtShKI2dn+OM+v4fmBzZn2lLnDQieT9CKVGqVT0GemULAn/PVuDQFnueDr8BubT 41GszluoP1U2oSesXe3IRJBda+un4dyd+fj9/dc6SDmTayCsutnz7Sr1Vw4K1cep Emrz8C+8wO59jKJSGBhT1tqrruHjPwt9sNPTt/o2jPGExAWkyUOlPQ==
Received: from clarinet.employees.org (clarinet.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by proxmox01.kjsl.com (Proxmox) with ESMTPS id 6835BE72F8; Mon, 11 Mar 2024 07:53:36 +0000 (UTC)
Received: from smtpclient.apple (unknown [IPv6:2001:4650:c3ed:37a:1e9f:54b:1ba9:d468]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 3B6C34E11A6D; Mon, 11 Mar 2024 07:53:35 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\))
From: Ole Troan <otroan@employees.org>
In-Reply-To: <accf1dc8041c4b4cb0af30847c63703f@huawei.com>
Date: Mon, 11 Mar 2024 08:53:23 +0100
Cc: Daryll Swer <contact=40daryllswer.com@dmarc.ietf.org>, Jen Linkova <furry13@gmail.com>, "v6ops@ietf.org" <v6ops@ietf.org>, Tommy Jensen <Jensen.Thomas@microsoft.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <2E1D04A9-F10A-4FC6-AB68-58A5E5093435@employees.org>
References: <SJ0PR00MB1348781EB81293E8A0521F23FA202@SJ0PR00MB1348.namprd00.prod.outlook.com> <CAKD1Yr1GgOBR+Y5x4-+BCzQFp3usPwd_CM05nfwgM6pT5wef1Q@mail.gmail.com> <884F5E11-364C-4D42-B199-B8FEF33C59C4@employees.org> <CAFU7BAQn-EgpL0mukUUnsBt916UA0P9Qw8KYtC5E5vG3ZMOW7w@mail.gmail.com> <10EF7C0B-0690-4AC0-BD7D-4DAB03C23E76@employees.org> <b03cd464974b4f2cb9319ee8eff71914@huawei.com> <CACyFTPGNGJFJL0xc=J6fX0Y7fm9h6LqcA+D-3Mx5P181hYde2Q@mail.gmail.com> <accf1dc8041c4b4cb0af30847c63703f@huawei.com>
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
X-Mailer: Apple Mail (2.3774.400.31)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/aArhbIRDQNKDGVmxdTWTzxpHSFg>
Subject: Re: [v6ops] FYI: Microsoft's latest on CLAT
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2024 07:53:41 -0000

> Theoretically, MAP-E/T is much better but…
> MAP needs a much bigger IPv4 address pool for static mapping to IPv6 (disconnected subscribers keep their Port range block), the mapping block should be big enough for any subscriber (1k+). This technology is not dynamic at all. Not many ISPs have such a luxury (of IPv4 addresses).
> To kill it completely, MAP is absent on Android and iOS.
>  MAP calls the stateful translation device “Border Relay”. “PLAT” is a clear reference to 464XLAT.

MAP has a stateless border relay. Not stateful.


DS-lite would likely have been a better choice for IPv6 mostly. Or Jim Bound’s DSTM from 2005.
Just like Betamax vs VHS there are many other factors at play deciding which technology wins.
Random chance is likely a significant factor.

464XLAT has a the momentum, so let’s cheer it on, but also try to gently nudge implementors to make the right design decisions.

O.



> Eduard
> From: Daryll Swer <contact=40daryllswer.com@dmarc.ietf.org>
> Sent: Monday, March 11, 2024 10:01
> To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
> Cc: Ole Troan <otroan@employees.org>; Jen Linkova <furry13@gmail.com>; v6ops@ietf.org; Tommy Jensen <Jensen.Thomas@microsoft.com>
> Subject: Re: [v6ops] FYI: Microsoft's latest on CLAT
>  - PLAT is 30% more expensive than NAT44 (look to any vendor for scalability numbers)
> 464xlat is stateful, isn't it? To my understanding, MAP-T is “mostly stateless”, but I have only heard of MAP-T in a very limited number of SPs around the world. MAP-T on end-devices will probably never happen.
>  DHCP absence on the most popular OS would still block IPv6 progress in the Enterprise.
> If you read the past email threads on this mailing list, there was an extensive (and aggressive) debate on DHCPv6 support issues on client devices, with me included in that discussion. But alas, the SLAAC apologists still thinks DHCPv6 is anti-IPv6.
>  I've largely stopped pushing enterprise folks I know of, to IPv6, nobody wants to waste their resources on SLAAC hacks (which the SLAAC apologists claims is superior to DHCPv6) for logging/compliances etc. Life's so much simpler as an ISP, ia_na + static /56 or /48 ia_pd to the Customer Edge Router, RADIUS-based AAA/Logging of the prefix, problem solved. State sync is the only problem left, but, that can be solved using ISC Kea as someone pointed out before, or opt for an opinionated vendor stack, vendors have their own state sync mechanism for DHCPv6.
> 
> --
> Best Regards
> Daryll Swer
> Website: daryllswer.com
>   On Mon, 11 Mar 2024 at 12:19, Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org> wrote:
> IPv6-mostly looks good because it permits to have IPv6-only and IPv4-only on the same subnet. It is a smooth transition.
> 
> But "CLAT" means that somewhere should be PLAT:
> - double NAT translation for IPv4 to IPv4 traffic -> definitely more difficult to troubleshoot.
> - PLAT is 30% more expensive than NAT44 (look to any vendor for scalability numbers)
> 
> IMHO: IPv6-mostly would not be enough incentive to improve Enterprise miserable IPv6 adoption.
> DHCP absence on the most popular OS would still block IPv6 progress in the Enterprise.
> 
> Eduard
> -----Original Message-----
> From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Ole Troan
> Sent: Friday, March 8, 2024 16:29
> To: Jen Linkova <furry13@gmail.com>
> Cc: v6ops@ietf.org; Tommy Jensen <Jensen.Thomas@microsoft.com>
> Subject: Re: [v6ops] FYI: Microsoft's latest on CLAT
> 
> >> I’m also a fan of IPv6-mostly.
> >> Isn’t it too early to state that it has lower operational cost than dual-stack (or IPv4 only)?
> > 
> > It may be for people who haven't deployed it yet.
> 
> Definitely. That was my point. It “may be”. We don’t quite know yet.
> 
> > 
> >> What I mostly(sic) like about it, is that it provides a clearer path towards IPv6 only than dual stack.
> >> 
> >> But I would imagine at least for the short term there are going to be quite a few operational wrinkles to sort out.
> > 
> > When you find a new technology which doesn't have that problem, please 
> > let me know ;)
> 
> Of course not. It’s an interesting technology. My point was to not oversell it. It has the _potential_ to become a good option.
> 
> 
> > 
> >> It’s likely harder to troubleshoot IPv4 problems too.
> > 
> > It's not my experience. Actually troubleshooting is much easier.
> > For IPv6-only devices it's just one protocol. For dual-stack devices 
> > nothing has changed compared to a dual-stack setup.
> 
> Cool! I would just imagine get a few issues with PMTUD discovery, traceroute not working and so on.
> 
> 
> > 
> >> And I don’t think it even works on my DHCPv6 single address assigned network at all (yet to be tested).
> > 
> > Nor would IPv6-only.
> 
> Why not?
> 
> 
> > When you made the decision to assign a single IPv6 address per device, 
> > I assume you did evaluate pros and cons.
> > It doesn't make the  designs which are incompatible with your choice bad ones.
> 
> IPv6 mostly in itself is not incompatible with a single IPv6 address.
> That’s an implementation choice. I haven’t had time to test implementations yet.
> Documentation isn’t exactly where Apple shines, but interesting to see where Microsoft lands on this one.
> 
> Best regards,
> Ole
> 
> 
> > 
> >> 
> >>> On 8 Mar 2024, at 04:52, Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org> wrote:
> >>> 
> >>> Great to hear! I think this means that all the major platforms will support the "IPv6-mostly" operational model that v6ops has been working on for the past few years. That's super important, because it means that any network can use this model with confidence that all their clients will work.
> >>> 
> >>> Hopefully this will really help adoption of this model in enterprise networks. Dual-stack is expensive to operate, but if IPv6-only works, then any enterprise that wants to support IPv6 in some form can simply skip directly from IPv4-only to IPv6-mostly without having to worry about the costs of dual-stack at all.
> >>> 
> >>> On Fri, Mar 8, 2024 at 5:05 AM Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org> wrote:
> >>> Good day v6ops,
> >>> 
> >>> As a general IPv6 FYI, I'll share Windows' announcement to bring 
> >>> CLAT to general networking interfaces which went live today: 
> >>> https://techcommunity.microsoft.com/t5/networking-blog/windows-11-pl
> >>> ans-to-expand-clat-support/ba-p/4078173
> >>> 
> >>> Looking forward to seeing everyone in Brisbane and talking about CLAT recommendations, the draft Jen and I are coauthoring, as Windows will be an implementor!
> >>> 
> >>> Thanks,
> >>> Tommy
> >>> _______________________________________________
> >>> v6ops mailing list
> >>> v6ops@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/v6ops
> >>> _______________________________________________
> >>> v6ops mailing list
> >>> v6ops@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/v6ops
> >> 
> >> 
> >> _______________________________________________
> >> v6ops mailing list
> >> v6ops@ietf.org
> >> https://www.ietf.org/mailman/listinfo/v6ops
> > 
> > 
> > 
> > --
> > Cheers, Jen Linkova
> 
> 
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email