IETF Logo Mail Archive

Re: [v6ops] 464xlat case study (was reclassify 464XLAT as standard instead of info)

Ole Troan <otroan@employees.org> Thu, 28 September 2017 07:27 UTC

Return-Path: <otroan@employees.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA6D11353BD for <v6ops@ietfa.amsl.com>; Thu, 28 Sep 2017 00:27:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9AVBBoxvezRF for <v6ops@ietfa.amsl.com>; Thu, 28 Sep 2017 00:27:24 -0700 (PDT)
Received: from accordion.employees.org (accordion.employees.org [198.137.202.74]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C50B813546D for <v6ops@ietf.org>; Thu, 28 Sep 2017 00:23:55 -0700 (PDT)
Received: from h.hanazo.no (96.51-175-103.customer.lyse.net [51.175.103.96]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by accordion.employees.org (Postfix) with ESMTPSA id 007BC2D509E; Thu, 28 Sep 2017 07:23:53 +0000 (UTC)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by h.hanazo.no (Postfix) with ESMTP id 0790710F8A7C0; Thu, 28 Sep 2017 09:23:51 +0200 (CEST)
From: Ole Troan <otroan@employees.org>
Message-Id: <E0AA4C89-FEEA-463B-B118-F63109D4F20D@employees.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_AA7CED89-0EAC-42AC-A2B0-F00197EE4424"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Thu, 28 Sep 2017 09:23:50 +0200
In-Reply-To: <alpine.DEB.2.20.1709280753080.18564@uplift.swm.pp.se>
Cc: Mark Andrews <marka@isc.org>, "Heatley, N, Nick, TQB R" <nick.heatley@bt.com>, IPv6 Ops WG <v6ops@ietf.org>, james woodyatt <jhw@google.com>
To: Mikael Abrahamsson <swmike@swm.pp.se>
References: <LO1P123MB01168388285206BB7C26F029EA7A0@LO1P123MB0116.GBRP123.PROD.OUTLOOK.COM> <46045DAA-9096-43BA-A5FD-571232767726@google.com> <CAKD1Yr3vziaHfkR+hQ7QHXaz7QraKH2HLUVXUW63GpnOAj4JoQ@mail.gmail.com> <E72C3FBE-57A4-4058-B9E5-F7392C9E9101@google.com> <LO1P123MB0116805F9A18932E2D0694FEEA780@LO1P123MB0116.GBRP123.PROD.OUTLOOK.COM> <1496304E-54BE-47FA-A7F1-1AA6E163DAB1@employees.org> <CAD6AjGQdMFgv4727wHm41HmEyo2Z-PCabPHPSRSVwOi_rey7OQ@mail.gmail.com> <CAKD1Yr03zsuSBqPegs6RNbBqnJizUOLZwH+rNDi1Ocg4k+mARQ@mail.gmail.com> <20170928030630.DD2D08867238@rock.dv.isc.org> <alpine.DEB.2.20.1709280753080.18564@uplift.swm.pp.se>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/aVICrbZoP-xYIRBV6eu2RyAt8BM>
Subject: Re: [v6ops] 464xlat case study (was reclassify 464XLAT as standard instead of info)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Sep 2017 07:27:26 -0000

>> Garbage.  At worst it would have been growing IPv6 traffic + dropping
>> NAT44 traffic.  THE OPERATORS ONLY HAD TO TURN ON DUAL STACK.
> 
> NAT64 and the other ipv4-over-ipv6 technologies have the advantage of allowing not having to deploy IPv4 at the edge with all that entails in form of BCP38 functions, routing protocols, addressing, CGN boxes traffic needs to be routed to, etc. Instead you can put your NAT64 machines whereever they fit best and don't have to worry about how to get your RFC1918 prefix traffic to it. Instead it's tunneled there. Less complexity.

This discussion would benefit from us using terms with precision.

NAT64 is not an IPv4 over IPv6 technology. NAT64 allows an IPv6 application to speak to an IPv4 application.
NAT64 + DNS64 has the issue of breaking DNS64, and forcing every IPv6 application for eternity to be restricted in functionality to what an IPv4 application can do.

464xlat, while reusing the NAT64 component on the network side (which is just a CGN btw), offers shared IPv4 service. From the "user" perspective the '6' part really doesn't matter. It could be any form of transport.

> 
> So while I sympathize your "breaks DNSSEC" objection, 464XLAT actually doesn't do that. DNS64 does. If all devices had 464XLAT then you wouldn't have to do DNS64 (apart from the well-known "prefix detection" zones.

I don't understand what you mean here. These are in my mind two completely different use cases.
NAT64+DNS64 solves the problem of an IPv6 application talking to an IPv4 application (and we can argue if that should really be solved at all). 464XLAT solves the problem, of IPv4 exhaustion by extending IPv4 to live forever (sic!). (Yeah, that last one was meant to be a little provocative, but We are currently in a state where 32 + 16 > 128 appears true).

Best regards,
Ole

v2.23.0 | Report a Bug | By Email