Re: [v6ops] Éric Vyncke's Discuss on draft-ietf-v6ops-transition-comparison-03: (with DISCUSS and COMMENT)
Gábor LENCSE <lencse@hit.bme.hu> Fri, 20 May 2022 13:41 UTC
Return-Path: <lencse@hit.bme.hu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72C89C1594BF; Fri, 20 May 2022 06:41:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.753
X-Spam-Level:
X-Spam-Status: No, score=-3.753 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-1.857, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dVARJinyIvgl; Fri, 20 May 2022 06:41:45 -0700 (PDT)
Received: from frogstar.hit.bme.hu (frogstar.hit.bme.hu [IPv6:2001:738:2001:4020::2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83EEAC1594B8; Fri, 20 May 2022 06:41:42 -0700 (PDT)
Received: from [192.168.1.145] (host-79-121-40-187.kabelnet.hu [79.121.40.187]) (authenticated bits=0) by frogstar.hit.bme.hu (8.15.2/8.15.2) with ESMTPSA id 24KDf7if006111 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 20 May 2022 15:41:14 +0200 (CEST) (envelope-from lencse@hit.bme.hu)
X-Authentication-Warning: frogstar.hit.bme.hu: Host host-79-121-40-187.kabelnet.hu [79.121.40.187] claimed to be [192.168.1.145]
Content-Type: multipart/alternative; boundary="------------4JM8ZCpihqqU0h0w9ZIVkUWb"
Message-ID: <6708e1a6-91e7-1913-c708-50891dd18ef8@hit.bme.hu>
Date: Fri, 20 May 2022 15:41:03 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0
Content-Language: en-US
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, The IESG <iesg@ietf.org>
References: <165054719591.9426.5840545530020097885@ietfa.amsl.com> <DE758661-4FBF-4E66-8E40-E42F0EA9AED4@consulintel.es> <91D9305A-549E-4766-B528-EAE5C90FC10F@cisco.com> <94DE58E6-7980-41A9-B0BE-5F5A722AF52E@consulintel.es> <6A6427F1-268C-4C44-ABC4-5B8A61BCADA2@cisco.com> <9CF92661-8D8B-493F-8C04-F36FFCF0E961@consulintel.es>
Cc: "draft-ietf-v6ops-transition-comparison@ietf.org" <draft-ietf-v6ops-transition-comparison@ietf.org>, "v6ops-chairs@ietf.org" <v6ops-chairs@ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>, "tale@dd.org" <tale@dd.org>
From: Gábor LENCSE <lencse@hit.bme.hu>
In-Reply-To: <9CF92661-8D8B-493F-8C04-F36FFCF0E961@consulintel.es>
X-Virus-Scanned: clamav-milter 0.103.2 at frogstar.hit.bme.hu
X-Virus-Status: Clean
Received-SPF: pass (frogstar.hit.bme.hu: authenticated connection) receiver=frogstar.hit.bme.hu; client-ip=79.121.40.187; helo=[192.168.1.145]; envelope-from=lencse@hit.bme.hu; x-software=spfmilter 2.001 http://www.acme.com/software/spfmilter/ with libspf2-1.2.10;
X-DCC--Metrics: frogstar.hit.bme.hu; whitelist
X-Scanned-By: MIMEDefang 2.79 on 152.66.248.44
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/wkdJhIQ3TvZ04p9tGoS5SZHKO3M>
Subject: Re: [v6ops] Éric Vyncke's Discuss on draft-ietf-v6ops-transition-comparison-03: (with DISCUSS and COMMENT)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 May 2022 13:41:49 -0000
Dear Éric,
We have checked our proposed text for version "04" internally, and Jordi
has noticed that I forgot to include the sentence below. Now I have
added it as:
In deployments where NAT64 load-balancing [RFC7269] section 4.2 is
enabled, multiple WKPs [RFC8215] may be used.
In addition to that I promised that Jordi would propose some text for
hair-pinning (for every single technology).
They are as follows:
At the end of Section 2.1:
Often NAT64 vendors support direct communication (that is, without
translation) between two CLATs by means of hair-pinning through the
NAT64.
At the end of Section 2.2:
Some AFTR vendors support direct communication between two B4s by
means of hair-pinning through the AFTR.
(Section 2.3 had already the text about hair-pinning.)
At the end of Sections 2.4 and 2.5:
Some BR vendors support direct communication between two MAP CEs by
means of hair-pinning through the BR.
I hope that no more things are missing.
I plan to submit version 04 soon.
Best regards,
Gábor
4/26/2022 4:48 PM keltezéssel, JORDI PALET MARTINEZ írta:
> Hi Eric,
>
> Discussing this with Med (tks a lot!), we reached the conclusion that as the NAT64 prefix is only required for 464XLAT, we don't need to have the text that I drafted. However, this text makes much better sense:
>
> "In deployments where NAT64 load-balancing [RFC7269 section 4.2] is enabled, multiple WKPs [RFC8215] may be used."
>
>
> Regards,
> Jordi
> @jordipalet
>
>
>
> El 22/4/22, 12:35, "Eric Vyncke (evyncke)"<evyncke@cisco.com> escribió:
>
> Jordi,
>
> My bad for 64::ff9b::/96, it is indeed RFC 6052 so please use this reference and not RFC 8215 in section 2.1.
>
> You may also want to add your 'very draft' (but good) idea of course.
>
> Regards
>
> -éric
>
>
> -----Original Message-----
> From: JORDI PALET MARTINEZ<jordi.palet@consulintel.es>
> Date: Friday, 22 April 2022 at 12:02
> To: Eric Vyncke<evyncke@cisco.com>, The IESG<iesg@ietf.org>
> Cc:"draft-ietf-v6ops-transition-comparison@ietf.org" <draft-ietf-v6ops-transition-comparison@ietf.org>,"v6ops-chairs@ietf.org" <v6ops-chairs@ietf.org>,"v6ops@ietf.org" <v6ops@ietf.org>, Ron Bonica<rbonica@juniper.net>,"tale@dd.org" <tale@dd.org>
> Subject: Re: Éric Vyncke's Discuss on draft-ietf-v6ops-transition-comparison-03: (with DISCUSS and COMMENT)
>
> Hi Eric,
>
> All points taken and we will submit a new version ASAP.
>
> Just one minor point about the WKP 64:ff9b::/96. It is defined in RFC6052, which we citted already.
>
> RFC8215 is defining a "local" WKP, which is only needed if you are going to use multiple translation mechanism.
>
> Our document is arguing to choose one, not multiple. We could have a new very short section "Use of Multiple IPv4aaS technologies in the same network", may be towards the end of the document that just states something in the line of:
>
> "This document is suggesting, for obvious deployment and operational simplicity reasons, to choose a single IPv4aaS technology in a given operators network. However, in some cases, it may be neccesary to choose several of them in different parts of the network. In that case, if multiple IPv4/IPv6 translation mechanisms have to coexist, RFC8215 needs to be taken in consideration."
>
> (very draft ... just a quick idea)
>
> Regards,
> Jordi
> @jordipalet
>
>
>
> El 22/4/22, 11:40, "Eric Vyncke (evyncke)"<evyncke@cisco.com> escribió:
>
> Hello Jordi,
>
> Thank you for your quick reply, and also addressing most of my points. Look below for EV> (all points that we agree on have been elided).
>
> Regards
>
> -éric
>
> PS: once a revised I-D is uploaded, then I am clearing my DISCUSS of course.
>
> -----Original Message-----
> From: JORDI PALET MARTINEZ<jordi.palet@consulintel.es>
> Date: Thursday, 21 April 2022 at 18:51
> To: Eric Vyncke<evyncke@cisco.com>, The IESG<iesg@ietf.org>
> Cc:"draft-ietf-v6ops-transition-comparison@ietf.org" <draft-ietf-v6ops-transition-comparison@ietf.org>,"v6ops-chairs@ietf.org" <v6ops-chairs@ietf.org>,"v6ops@ietf.org" <v6ops@ietf.org>, Ron Bonica<rbonica@juniper.net>,"tale@dd.org" <tale@dd.org>
>
> ## Section 3.3
>
> "Here, the centralized network function (lwAFTR or BR) only needs to perform
> stateless encapsulation/decapsulation or NAT64", actually in MAP-T, BR does
> translation.
>
> [Jordi] I'm lost here, we say stateless encapsulation/decapsulation or NAT64 (so translation)?
>
> EV> Jordi, please accept my apologies on this one, you are correct, and I wonder why I did not see NAT64 :-(
>
> ## Section 3.4
>
> I am afraid that the number of IPv4 public addresses that are required goes
> beyond this "simple" computation. There are also other constraints such as
> laws, MoU, rules and operators BCP, see:
>
> -
> https://bipt.be/operators/publication/consultation-of-11-october-2016-regarding-the-conditions-of-use-of-ipv4cgn
> (alas in French/Dutch) but meaning that in my country, Belgium, an IP address
> can be shared by 16 subscribers max
>
> -
> https://www.europol.europa.eu/media-press/newsroom/news/are-you-sharing-same-ip-address-criminal-law-enforcement-call-for-end-of-carrier-grade-nat-cgn-to-increase-accountability-online
>
> [Jordi] We have a mention of that in section 4.2. Do you mean to add those references as well?
>
> EV> you could indeed add the above references in 4.2 for "may also be impacted by local regulatory law" (and in the Belgian case it is not a law but more a MoU / BCP)
>
> EV> but my main point if that the beginning of section 3.4 should have a sentence about "technical limitations are not the only point to consider for port sharing, there are also local regulations or BCP".
>
> # COMMENTS
>
> Note for the shepherding AD: missing consensus boilerplate.
>
> Generally, I would have appreciated some text about the difference between a
> residential CE (serving multiple hosts) and a mobile hand-set (serving usually
> a single host -- except when tethering)
>
> [Jordi] I'm not sure this is useful considering that in the case of UE, only 464XLAT is supported. Anyway, if you think it is useful, you will like to have some text in the intro?
>
> EV> correct just something long the words above about UE & 464XLAT
>
> ## Section 2.1
>
>
> About "64:ff9b::/96 Well-Known Prefix", suggest adding a reference to RFC 8215.
>
> [Jordi] I fail to see the relevance of RFC8215 here.
>
> EV> simply because the WKP has been allocated by RFC 8215
>
> s/In the operator's network, the provider-side translator/At the edge the
> operator's network, the provider-side translator/ ?
>
> [Jordi] I some cases the NAT64 may not be at the "edge" ...
>
> EV> true, forget about my comment
>
> Hummm "when a dedicated /64 "... RFC 8215 is a /48, the text above is /96 and
> now it is a /64 ?
>
> [Jordi] I think we are talking about different things. /96 is needed for the operator. /48 is needed if the translation is done "per site", a dedicated /64 is optional in 464XLAT in order to avoid doing NAT44 then NAT46 (stateless) - it is CE CLAT implementation dependent. In a UE usually is not possible, because DHCPv6-PD is not commonly being used. See section 4.8 of RFC8683 for a more detailed explanation. We can add a reference to that.
>
> EV> indeed, I was confused by the current text. The /64 not being the 64::ff9b:: one but the prefix assigned to the CE/UE. The current text should perhaps be clearer for that "when a /64 is not assigned to the hosts" ? Also, if there is a single host (UE) even a /128 should work.
>
> ## Section 3.2
>
> The 3rd paragraph is more on multicast and deserves a section on its own (or
> added in section 3.6). Especially the last sentence, which is about
> encapsulation in a NAT section ;-)
>
> [Jordi] I think only the last sentence is about multicast, but in the context of the rest of the section. We are just making clear the differences between tunneling and translation in the scope of IPv4aaS.
>
> The 4th paragraph has also little to do with NAT but more with L4 visibility
> for ECMP/ACL, suggest to make its own section.
>
> [Jordi] Again it is a problem of context. May be the solution to resolve both issues is to rename the section to "Network Address Translation among the different IPv4aaS technologies" ?
>
> EV> sounds good to me
>
> ## Section 3.3
>
> Should "CGN" be introduced before ? (at least expanded ?)
>
> [Jordi] We have introduced AFTR in 2.2. May be we missed there to say that CGN is the "commercial" name for "AFTR"?
>
> EV> indeed
>
> ## Section 3.4
>
>
> Please provide references to the numbers of 300 ports and 4 devices.
>
> [Jordi] We are already addressing that with some text and a reference.
>
> EV> I failed to see them but I trust you
>
> ## Section 8
>
> Should DNSSEC interactions with translation (and not with encapsulation) be
> discussed ?
>
> [Jordi] I think we can make it very short making a reference to RFC8683, a new p. such as:
> "IPv4aaS technologies based in encapsulation have not DNSSEC implications. However, those based in translation may have implications as discussed in section 4.1 of RFC8683."
>
> EV> yes please
>
>
>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
>
>
>
>
>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
>
>
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>
- [v6ops] Éric Vyncke's Discuss on draft-ietf-v6ops… Éric Vyncke via Datatracker
- Re: [v6ops] Éric Vyncke's Discuss on draft-ietf-v… JORDI PALET MARTINEZ
- Re: [v6ops] Éric Vyncke's Discuss on draft-ietf-v… mohamed.boucadair
- Re: [v6ops] Éric Vyncke's Discuss on draft-ietf-v… Eric Vyncke (evyncke)
- Re: [v6ops] Éric Vyncke's Discuss on draft-ietf-v… JORDI PALET MARTINEZ
- Re: [v6ops] Éric Vyncke's Discuss on draft-ietf-v… Eric Vyncke (evyncke)
- Re: [v6ops] Éric Vyncke's Discuss on draft-ietf-v… JORDI PALET MARTINEZ
- Re: [v6ops] Éric Vyncke's Discuss on draft-ietf-v… Gábor LENCSE
- Re: [v6ops] Éric Vyncke's Discuss on draft-ietf-v… Gábor LENCSE
- Re: [v6ops] Éric Vyncke's Discuss on draft-ietf-v… mohamed.boucadair
- Re: [v6ops] Éric Vyncke's Discuss on draft-ietf-v… Jordi Palet Martínez
- Re: [v6ops] Éric Vyncke's Discuss on draft-ietf-v… mohamed.boucadair