Re: [v6ops] draft-palet-v6ops-nat64-deployment discussion
Lencse Gábor <lencse@hit.bme.hu> Wed, 23 May 2018 20:04 UTC
Return-Path: <lencse@hit.bme.hu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 419D4127978 for <v6ops@ietfa.amsl.com>; Wed, 23 May 2018 13:04:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1vpapRiK_hii for <v6ops@ietfa.amsl.com>; Wed, 23 May 2018 13:03:59 -0700 (PDT)
Received: from frogstar.hit.bme.hu (frogstar.hit.bme.hu [IPv6:2001:738:2001:4020::2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F90D127010 for <v6ops@ietf.org>; Wed, 23 May 2018 13:03:59 -0700 (PDT)
Received: from [192.168.1.120] (host-79-121-41-125.kabelnet.hu [79.121.41.125]) (authenticated bits=0) by frogstar.hit.bme.hu (8.15.2/8.15.2) with ESMTPSA id w4NK3me4067187 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <v6ops@ietf.org>; Wed, 23 May 2018 22:03:53 +0200 (CEST) (envelope-from lencse@hit.bme.hu)
X-Authentication-Warning: frogstar.hit.bme.hu: Host host-79-121-41-125.kabelnet.hu [79.121.41.125] claimed to be [192.168.1.120]
To: v6ops@ietf.org
References: <C9183F53-FF89-4FA2-9787-B238A5BCA21F@gmail.com>
From: Lencse Gábor <lencse@hit.bme.hu>
Message-ID: <59246385-2673-e235-d625-0520edce457c@hit.bme.hu>
Date: Wed, 23 May 2018 22:03:45 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <C9183F53-FF89-4FA2-9787-B238A5BCA21F@gmail.com>
Content-Type: multipart/alternative; boundary="------------0A5D4CCBCFFC5E0A9DF3B69B"
Content-Language: en-US
X-Virus-Scanned: clamav-milter 0.100.0 at frogstar.hit.bme.hu
X-Virus-Status: Clean
Received-SPF: pass (frogstar.hit.bme.hu: authenticated connection) receiver=frogstar.hit.bme.hu; client-ip=79.121.41.125; helo=[192.168.1.120]; envelope-from=lencse@hit.bme.hu; x-software=spfmilter 2.001 http://www.acme.com/software/spfmilter/ with libspf2-1.2.10;
X-DCC--Metrics: frogstar.hit.bme.hu; whitelist
X-Scanned-By: MIMEDefang 2.79 on 152.66.248.44
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/nSq_jLK1qPexmEMeVxsStUKSklU>
Subject: Re: [v6ops] draft-palet-v6ops-nat64-deployment discussion
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 20:04:03 -0000
Dear Fred and Jordi, I have read the draft and I think it is useful. If I my put my two cents in, I would like to point out that we have come to a very similar conclusion in Section 4.9 (titled "DNS and DNSSEC") of our paper below to the one presented in Section 2 of the draft. G. Lencse and Y. Kadobayashi, "Methodology for the identification of potential security issues of different IPv6 transition technologies: Threat analysis of DNS64 and stateful NAT64", /Computers & Security/ (Elsevier), vol. 77, no. 1, pp. 397-411, September 1, 2018, DOI: 10.1016/j.cose.2018.04.012 Free access link valid until June 30: https://authors.elsevier.com/a/1X1K5c43ukegl Revised version is available freely (as green open access) from my list of publications: http://www.hit.bme.hu/~lencse/publications/ Perhaps ISPs can use our benchmarking results when selecting DNS64 or NAT64 implementations. As for DNS64, we have up to date performance information, which may be somewhat surprising concerning the performance problems of BIND. If you are interested, please check our results concerning the DNS64 performance of BIND, PowerDNS and Unbound: G. Lencse and Y. Kadobayashi, "Benchmarking DNS64 Implementations: Theory and Practice", /Computer Communications/ (Elsevier), to be published Revised version is available freely (as green open access) from my list of publications: http://www.hit.bme.hu/~lencse/publications/ As for stateful NAT64, we have only very old measurement results showing that OpenBSD PF outperformed TAYGA+iptables, which was not surprising at all, but those measurements were not RFC 8219 compliant, as RFC 8219 did not exist yet. Best regards, Gábor On 5/14/2018 4:07 AM, Fred Baker wrote: > Considering https://tools.ietf.org/html/draft-palet-v6ops-nat64-deployment-00, discussed at IETF 101 using the slides at https://datatracker.ietf.org/meeting/101/materials/slides-101-v6ops-nat64-deployment-guidelines-in-operator-and-enterprise-networks-00. I'd like to invite discussion on the list. What thoughts do folks have on this draft? > > > > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops
- Re: [v6ops] draft-palet-v6ops-nat64-deployment di… STARK, BARBARA H
- Re: [v6ops] draft-palet-v6ops-nat64-deployment di… JORDI PALET MARTINEZ
- [v6ops] draft-palet-v6ops-nat64-deployment discus… Fred Baker
- Re: [v6ops] draft-palet-v6ops-nat64-deployment di… Lencse Gábor
- Re: [v6ops] draft-palet-v6ops-nat64-deployment di… JORDI PALET MARTINEZ
- Re: [v6ops] draft-palet-v6ops-nat64-deployment di… Lencse Gábor
- Re: [v6ops] draft-palet-v6ops-nat64-deployment di… JORDI PALET MARTINEZ
- Re: [v6ops] draft-palet-v6ops-nat64-deployment di… Andrew Sullivan
- Re: [v6ops] draft-palet-v6ops-nat64-deployment di… JORDI PALET MARTINEZ
- Re: [v6ops] draft-palet-v6ops-nat64-deployment di… Andrew Sullivan
- Re: [v6ops] draft-palet-v6ops-nat64-deployment di… Lee Howard
- Re: [v6ops] draft-palet-v6ops-nat64-deployment di… JORDI PALET MARTINEZ
- Re: [v6ops] draft-palet-v6ops-nat64-deployment di… JORDI PALET MARTINEZ
- Re: [v6ops] draft-palet-v6ops-nat64-deployment di… Fred Baker