IETF Logo Mail Archive

Re: [v6ops] draft-palet-v6ops-nat64-deployment discussion

Lencse Gábor <lencse@hit.bme.hu> Wed, 23 May 2018 20:04 UTC

Return-Path: <lencse@hit.bme.hu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 419D4127978 for <v6ops@ietfa.amsl.com>; Wed, 23 May 2018 13:04:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1vpapRiK_hii for <v6ops@ietfa.amsl.com>; Wed, 23 May 2018 13:03:59 -0700 (PDT)
Received: from frogstar.hit.bme.hu (frogstar.hit.bme.hu [IPv6:2001:738:2001:4020::2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F90D127010 for <v6ops@ietf.org>; Wed, 23 May 2018 13:03:59 -0700 (PDT)
Received: from [192.168.1.120] (host-79-121-41-125.kabelnet.hu [79.121.41.125]) (authenticated bits=0) by frogstar.hit.bme.hu (8.15.2/8.15.2) with ESMTPSA id w4NK3me4067187 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <v6ops@ietf.org>; Wed, 23 May 2018 22:03:53 +0200 (CEST) (envelope-from lencse@hit.bme.hu)
X-Authentication-Warning: frogstar.hit.bme.hu: Host host-79-121-41-125.kabelnet.hu [79.121.41.125] claimed to be [192.168.1.120]
To: v6ops@ietf.org
References: <C9183F53-FF89-4FA2-9787-B238A5BCA21F@gmail.com>
From: Lencse Gábor <lencse@hit.bme.hu>
Message-ID: <59246385-2673-e235-d625-0520edce457c@hit.bme.hu>
Date: Wed, 23 May 2018 22:03:45 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <C9183F53-FF89-4FA2-9787-B238A5BCA21F@gmail.com>
Content-Type: multipart/alternative; boundary="------------0A5D4CCBCFFC5E0A9DF3B69B"
Content-Language: en-US
X-Virus-Scanned: clamav-milter 0.100.0 at frogstar.hit.bme.hu
X-Virus-Status: Clean
Received-SPF: pass (frogstar.hit.bme.hu: authenticated connection) receiver=frogstar.hit.bme.hu; client-ip=79.121.41.125; helo=[192.168.1.120]; envelope-from=lencse@hit.bme.hu; x-software=spfmilter 2.001 http://www.acme.com/software/spfmilter/ with libspf2-1.2.10;
X-DCC--Metrics: frogstar.hit.bme.hu; whitelist
X-Scanned-By: MIMEDefang 2.79 on 152.66.248.44
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/nSq_jLK1qPexmEMeVxsStUKSklU>
Subject: Re: [v6ops] draft-palet-v6ops-nat64-deployment discussion
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 20:04:03 -0000

Dear Fred and Jordi,

I have read the draft and I think it is useful.

If I my put my two cents in, I would like to point out that we have come 
to a very similar conclusion in Section 4.9 (titled "DNS and DNSSEC") of 
our paper below to the one presented in Section 2 of the draft.

G. Lencse and Y. Kadobayashi, "Methodology for the identification of 
potential security issues of different IPv6 transition technologies: 
Threat analysis of DNS64 and stateful NAT64", /Computers & Security/ 
(Elsevier), vol. 77, no. 1, pp. 397-411, September 1, 2018, DOI: 
10.1016/j.cose.2018.04.012
Free access link valid until June 30: 
https://authors.elsevier.com/a/1X1K5c43ukegl
Revised version is available freely (as green open access) from my list 
of publications: http://www.hit.bme.hu/~lencse/publications/

Perhaps ISPs can use our benchmarking results when selecting DNS64 or 
NAT64 implementations.

As for DNS64, we have up to date performance information, which may be 
somewhat surprising concerning the performance problems of BIND. If you 
are interested, please check our results concerning the DNS64 
performance of BIND, PowerDNS and Unbound:

G. Lencse and Y. Kadobayashi, "Benchmarking DNS64 Implementations: 
Theory and Practice", /Computer Communications/ (Elsevier), to be published

Revised version is available freely (as green open access) from my list 
of publications: http://www.hit.bme.hu/~lencse/publications/

As for stateful NAT64, we have only very old measurement results showing 
that OpenBSD PF outperformed TAYGA+iptables, which was not surprising at 
all, but those measurements were not RFC 8219 compliant, as RFC 8219 did 
not exist yet.

Best regards,

Gábor




On 5/14/2018 4:07 AM, Fred Baker wrote:
> Considering https://tools.ietf.org/html/draft-palet-v6ops-nat64-deployment-00, discussed at IETF 101 using the slides at https://datatracker.ietf.org/meeting/101/materials/slides-101-v6ops-nat64-deployment-guidelines-in-operator-and-enterprise-networks-00. I'd like to invite discussion on the list. What thoughts do folks have on this draft?
>
>
>
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email