Re: [v6ops] draft-ietf-v6ops-enterprise-incremental-ipv6 WGLC
Lorenzo Colitti <lorenzo@google.com> Mon, 12 August 2013 05:42 UTC
Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EE4F21F9CFB for <v6ops@ietfa.amsl.com>; Sun, 11 Aug 2013 22:42:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.963
X-Spam-Level:
X-Spam-Status: No, score=-1.963 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oZe5MeVrQ-5f for <v6ops@ietfa.amsl.com>; Sun, 11 Aug 2013 22:42:49 -0700 (PDT)
Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id 07D6C21E80A5 for <v6ops@ietf.org>; Sun, 11 Aug 2013 22:35:01 -0700 (PDT)
Received: by mail-ie0-f180.google.com with SMTP id aq17so7509921iec.39 for <v6ops@ietf.org>; Sun, 11 Aug 2013 22:35:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=R5x11hWaeNx2xrY5XycXiMxCHkcHaHJgUnRFnEXnRpI=; b=e92AlHXaR6Mj5bBz8W1SXwBXSIU6Ul135QIze6O9W9c7qUi5u8AZQwrR+thtKAAyn9 EzI6lbANRIhYMNOfy/ghpUQNppO+ugiV2YKVn7EygCY9nwiuOPg5usCCvNOx9Bj8+WHy 1RC/fc+s+c7CrCdxhDxos2/L2A15ZfrrZ8YmBVdgmDjJgTxlFuwjz/rIHtCMFZ/tD0gv FH2DciVgRuoK/WIV2FtEc2U8K6bX+uGGDZ2zCA5IwsX4KaOe2qHpEn1lfjZarhip51/9 tvDr6BEo7E6FqCYivD3KeRnps2876+Ua/pj2cLemLfOQILDdWS2qSfocrV6JC5spZQ+l WHzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=R5x11hWaeNx2xrY5XycXiMxCHkcHaHJgUnRFnEXnRpI=; b=VAwxaQ9xhSAWjvhS2bZHEyQQheLKtW27u1vjnSZROPDOOpaP1Cy335uLm8sV+McuIg e3mg/jGh9IMbFDh0JIl02AFzBdG7UMdbDAt1cK8n2qrFWjOg5SIPMiO6RxWaTAtXumA3 rukCe5bA1QgszouXQbPiLadg8a/ZzpSYNVPuragfi4ELC6kIkuxr/lnoOnSHqMtnH0fu 5Mx/KOOyY8AH7Xr80FhyMmRKXFWo8IOjmR10g6HIiS2SUux0rB9JXYrPqszlwOA7+KNX UbHV3pTckiY6OOZY1RnUVMFCJyP5MjLBONhaqEbpYmwSti1bs+5V1WfdFwrg6oUdk/UM mDfQ==
X-Gm-Message-State: ALoCoQn7nTI5ZVd5KYp97ZanICGSThonSULszNMNaG6POvUmdQCKbW9Nkwz9TsLebD9/nFasJhC71wyL4Phh3F5Xf+W0FX+XXYhM+j1fQqRMl7qr8lgkfKtwK47lX1UJsn/BZIdeI0t+Nk+P1gwdUGhgy1fFPNmDHD3xWSx8ybSthXyhYe+06ALdAs4qZv+zIKA0PhOZ1dCU
X-Received: by 10.43.148.69 with SMTP id kf5mr8501798icc.41.1376285701407; Sun, 11 Aug 2013 22:35:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.181.72 with HTTP; Sun, 11 Aug 2013 22:34:41 -0700 (PDT)
In-Reply-To: <CA6D42D0F8A41948AEB3864480C554F104AE7A3F@xmb-rcd-x10.cisco.com>
References: <201308041800.r74I03pC023049@irp-view13.cisco.com> <3374_1375690984_51FF60E8_3374_427_1_983A1D8DA0DA5F4EB747BF34CBEE5CD15C5041E1E5@PUEXCB1C.nanterre.francetelecom.fr> <8C48B86A895913448548E6D15DA7553B96E2C5@xmb-rcd-x09.cisco.com> <CAKD1Yr13GK_cuvkt2LpJ1qJo2NR8eUnY-xfwMF_zWfe0P1mm9g@mail.gmail.com> <8C48B86A895913448548E6D15DA7553B96EAE7@xmb-rcd-x09.cisco.com> <CAKD1Yr2_d=4uD1W4WcQ82rupjVJ4UmmQAQmtSY+aQgTXmscNUw@mail.gmail.com> <97EB7536A2B2C549846804BBF3FD47E113128FA2@xmb-aln-x02.cisco.com> <CA6D42D0F8A41948AEB3864480C554F104AE7A3F@xmb-rcd-x10.cisco.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Mon, 12 Aug 2013 14:34:41 +0900
Message-ID: <CAKD1Yr2T4qhkwn+owX-VvfcgfxrCRZASHh6YeVZ+CjehhDMJVw@mail.gmail.com>
To: "Arie Vayner (avayner)" <avayner@cisco.com>
Content-Type: multipart/alternative; boundary="001a11c2d21457b1ef04e3b97cf2"
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] draft-ietf-v6ops-enterprise-incremental-ipv6 WGLC
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Aug 2013 05:42:50 -0000
On Fri, Aug 9, 2013 at 2:21 PM, Arie Vayner (avayner) <avayner@cisco.com>wrote: > Many enterprises rely on NAT on the Internet edge as their > multi-homing/traffic engineering mechanism with IPv4. > > ** ** > > If we recommend against ULA+NPTv6 (or just NPTv6 for traffic engineering), > then we need to highlight the symmetry requirement due to stateful security > layers.**** > > Traffic leaving from an Internet gateway site to the Internet has to come > back through the same site, or the stateful firewalls would break the flow > (well, has to hit the same stateful security layer) > By itself, NPTv6 doesn't protect against this problem because it's not stateful. It only protects against this problem if each egress point is only reachable using one prefix (which is not a requirement for doing NPTv6 - you could just as well do it by configuring all multiple exit points to use the same prefix, or to use all prefixes from all exit points). What does protect you against this is using source+destination routing, which is what this draft should recommend instead of recommending NPTv6.
- [v6ops] draft-ietf-v6ops-enterprise-incremental-i… Fred Baker
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Erik Kline
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… christian.jacquenet
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Victor Kuarsingh
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Fred Baker (fred)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Templin, Fred L
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Ray Hunter
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Mark ZZZ Smith
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Mark ZZZ Smith
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Fred Baker (fred)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Brian E Carpenter
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Fred Baker (fred)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Victor Kuarsingh
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… cb.list6
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Victor Kuarsingh
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- [v6ops] IPv6-only section [draft-ietf-v6ops-enter… Brian E Carpenter
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Martin Millnert
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Eric Vyncke (evyncke)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Eric Vyncke (evyncke)
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Brian E Carpenter
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… joel jaeggli
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… cb.list6
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Erik Nygren
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Ray Hunter
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… cb.list6
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Gert Doering
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Ray Hunter
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Tore Anderson
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Gert Doering
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Owen DeLong
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Fred Baker (fred)
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Ray Hunter
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Brian E Carpenter
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Gert Doering
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Tom Perrine
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Arie Vayner (avayner)
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Ray Hunter
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Gert Doering
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Ray Hunter
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Owen DeLong
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Owen DeLong
- [v6ops] draft-ietf-v6ops-enterprise-incremental-i… Fred Baker
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Arie Vayner (avayner)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Owen DeLong
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Arie Vayner (avayner)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Brian E Carpenter
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Mark Andrews
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Mark ZZZ Smith
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Eric Vyncke (evyncke)
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Eric Vyncke (evyncke)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Eric Vyncke (evyncke)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Fred Baker (fred)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Tom Perrine