IETF Logo Mail Archive

Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments

Lencse Gábor <lencse@hit.bme.hu> Fri, 29 June 2018 08:15 UTC

Return-Path: <lencse@hit.bme.hu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23653130DBE for <v6ops@ietfa.amsl.com>; Fri, 29 Jun 2018 01:15:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1H9tBmt30uVU for <v6ops@ietfa.amsl.com>; Fri, 29 Jun 2018 01:15:54 -0700 (PDT)
Received: from frogstar.hit.bme.hu (frogstar.hit.bme.hu [IPv6:2001:738:2001:4020::2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FDCA12F295 for <v6ops@ietf.org>; Fri, 29 Jun 2018 01:15:53 -0700 (PDT)
Received: from [192.168.1.116] (host-79-121-42-98.kabelnet.hu [79.121.42.98]) (authenticated bits=0) by frogstar.hit.bme.hu (8.15.2/8.15.2) with ESMTPSA id w5T8FdVm086682 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <v6ops@ietf.org>; Fri, 29 Jun 2018 10:15:47 +0200 (CEST) (envelope-from lencse@hit.bme.hu)
X-Authentication-Warning: frogstar.hit.bme.hu: Host host-79-121-42-98.kabelnet.hu [79.121.42.98] claimed to be [192.168.1.116]
To: v6ops@ietf.org
References: <663F489C-7F63-4B0C-A5E6-F7EE4634E62B@gmail.com> <6ac32868-e0eb-00b7-2c3e-29c33c168323@hit.bme.hu> <427C7EE4-7B07-4094-9315-01E03A5120B3@consulintel.es>
From: Lencse Gábor <lencse@hit.bme.hu>
Message-ID: <f782fa3e-ca70-763a-15cc-f911a96296b0@hit.bme.hu>
Date: Fri, 29 Jun 2018 10:15:36 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <427C7EE4-7B07-4094-9315-01E03A5120B3@consulintel.es>
Content-Type: multipart/alternative; boundary="------------A6BF76E28BC9D01E08D977F2"
X-Virus-Scanned: clamav-milter 0.100.0 at frogstar.hit.bme.hu
X-Virus-Status: Clean
Received-SPF: pass (frogstar.hit.bme.hu: authenticated connection) receiver=frogstar.hit.bme.hu; client-ip=79.121.42.98; helo=[192.168.1.116]; envelope-from=lencse@hit.bme.hu; x-software=spfmilter 2.001 http://www.acme.com/software/spfmilter/ with libspf2-1.2.10;
X-DCC--Metrics: frogstar.hit.bme.hu; whitelist
X-Scanned-By: MIMEDefang 2.79 on 152.66.248.44
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/mzjaGl3vX7oQVtGquob8HqF1rqA>
Subject: Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jun 2018 08:15:58 -0000


6/28/2018 10:58 PM keltezéssel, JORDI PALET MARTINEZ írta:
> Thanks Gabor!
>
>
>
> I think the location of the DNS64 is not relevant, unless I'm missing something ...

Yes, I agree. The location of DNS64 by itself is not my concern. What I 
would like to emphasize is that DNS64 does not belong to NAT64. The 
reason, why I am aware of this is my experience with DNS64 and NAT64 
benchmarking.

In all other research papers than ours, they measured the performance of 
a given NAT64 implementation together with a given DNS64 implementation, 
which is a significant flaw. We have pointed out that their performances 
should be measured independently. And our approach was followed by RFC 
8219, too.

> In fact, the "easier and most common" scenario is that the DNS itself (Bind, etc.), is also running the DNS64 function.

You mentioned BIND, which is natural, as BIND is still considered the de 
facto industry standard DNS server.

However, when talking about DNS64, BIND is the worst solution. According 
to our benchmarking results, ISP-s should choose either Unbound or 
PowerDNS as DNS64 server, but not BIND. Let me support my statement with 
measurement results:


	PowerDNS 	Unbound 	BIND
1-core DNS64 performance (queries per second) 	3077 	8708 	2425
16-core DNS64 performance (queries per second) 	26620 	17131 	6661


The measurements complied with RFC 8219. For the details, please refer to:

G. Lencse and Y. Kadobayashi, "Benchmarking DNS64 Implementations: 
Theory and Practice", /Computer Communications/ (Elsevier), vol. 127, 
no. 1, pp. 61-74, September 1, 2018, DOI: 10.1016/j.comcom.2018.05.005

I think it would be worth mentioning these results in the draft, as they 
give useful guidelines for the DNS64 server implementation selection.

Best regards,

Gábor

>
>
> We could have 10 different pictures for it, the point is to clarify impacts of having it vs not, so to provide a decision point to an operator/enterprise willing to deploy it.
>
>
>
> Regards,
>
> Jordi
>
>   
>
>   
>
>
>
> -----Mensaje original-----
>
> De: v6ops <v6ops-bounces@ietf.org> en nombre de Lencse Gábor <lencse@hit.bme.hu>
>
> Fecha: jueves, 28 de junio de 2018, 21:48
>
> Para: <v6ops@ietf.org>
>
> Asunto: Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments
>
>
>
>      Dear Fred and Jordi,
>
>      
>
>      As an academic researcher, I think this draft makes sense and I support
>
>      its adoption.
>
>      
>
>      I have one minor comment regarding the figure below:
>
>      
>
>      >> 3.1.2.  Service Provider offering 464XLAT, with DNS64
>
>      > Pictorial image of what I'm picturing:
>
>      >
>
>      >                            +----+                +----+
>
>      >                            |DNS |     +-----+    |DNS |
>
>      >                            |IPv6|     |DNS64|    |IPv4|
>
>      >                            +--+-+     +--+--+    +--+-+
>
>      >    +------+ v6 +------+       |          |          |
>
>      >    |      +----+      |    ,--+--.       |       ,--+--.
>
>      >    |Dual  |    | IPv6 |   /       \    ,-+-.    /       \
>
>      >    |Stack |  +-+Router+--(  IPv6   )--( PLAT)--(  IPv4   )
>
>      >    |Device|v4|C|      |   \Network/`.  `---'    \Network/
>
>      >    |      +--+L|      |    `--+--'   `.         /`-----'
>
>      >    +------+  |A|      |       |        `+------+
>
>      >              |T|      |    +--+---+     | Peer |
>
>      >              +-+------+    | IPv6 |     |Device|
>
>      >                            |Device|     +------+
>
>      >                            +------+
>
>      
>
>      Connecting the DNS64 server to the PLAT device suggests me as if DNS64
>
>      were a kind of subfunction of PLAT. Of course it is not the case. They
>
>      can be implemented by two independent devices: stateful NAT64 is usually
>
>      implemented by a router and DNS64 is usually implemented by a DNS server.
>
>      
>
>      I have been thinking about an alternative drawing like this:
>
>      
>
>                                 +----+                +----+
>
>                                 |DNS |     +-----+    |DNS |
>
>                                 |IPv6|     |DNS64|    |IPv4|
>
>                                 +--+-+     +-----+    +--+-+
>
>         +------+ v6 +------+       |      /       \      |
>
>         |      +----+      |    ,--+--.  /         \  ,--+--.
>
>         |Dual  |    | IPv6 |   /       \/   ,---.   \/       \
>
>         |Stack |  +-+Router+--(  IPv6   )--( PLAT)--(  IPv4   )
>
>         |Device|v4|C|      |   \Network/`.  `---'    \Network/
>
>         |      +--+L|      |    `--+--'   `.         /`-----'
>
>         +------+  |A|      |       |        `+------+
>
>                   |T|      |    +--+---+     | Peer |
>
>                   +-+------+    | IPv6 |     |Device|
>
>                                 |Device|     +------+
>
>                                 +------+
>
>      
>
>      
>
>      What do you think of it?
>
>      
>
>      Best regards,
>
>      
>
>      Gabor
>
>      
>
>      
>
>      _______________________________________________
>
>      v6ops mailing list
>
>      v6ops@ietf.org
>
>      https://www.ietf.org/mailman/listinfo/v6ops
>
>      
>
>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.consulintel.es
> The IPv6 Company
>
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
>
>
>

v2.23.0 | Report a Bug | By Email