IETF Logo Mail Archive

Re: [v6ops] The need for local-ipv4 socket transition solutions -- NAT64/DNS64 remains insufficient

James Woodyatt <jhw@nestlabs.com> Mon, 27 April 2015 18:21 UTC

Return-Path: <jhw@nestlabs.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FA021A90C0 for <v6ops@ietfa.amsl.com>; Mon, 27 Apr 2015 11:21:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Lt-4FstFaZA for <v6ops@ietfa.amsl.com>; Mon, 27 Apr 2015 11:21:21 -0700 (PDT)
Received: from mail-wi0-x22b.google.com (mail-wi0-x22b.google.com [IPv6:2a00:1450:400c:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 614471A90BF for <v6ops@ietf.org>; Mon, 27 Apr 2015 11:21:21 -0700 (PDT)
Received: by wizk4 with SMTP id k4so110323850wiz.1 for <v6ops@ietf.org>; Mon, 27 Apr 2015 11:21:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nestlabs.com; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=j83H1lrXsSB4AXYXB/qbfLmsp/EEp/vKuZZZW9Sx2qs=; b=WoPmnaLqmj5umaOhzi9MdC4bEm0ILvyZN3cfIgZ4GAZ4eH3AJJC8STYgxIZ16cSIQ7 SRQvKOiXWEp3F8geyBmi91qDMh0b+cy2jjS81Dl2nkB9UIw+TkIT2VR18euDtWhu9+Tk ANuBuZoGpby8pL7UNeDHcHoevD3BsEf24iOKQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=j83H1lrXsSB4AXYXB/qbfLmsp/EEp/vKuZZZW9Sx2qs=; b=hB68KdmYTNAr6xatUE6xStV5ZeHC603XI7i/0daCf1yxlEJoZ3ssTkzvp3rNG6rGu5 qTpSq18I5C2Q6Me/44jERB8gMm3spRCMr/pb02jABZKUBX6JHVDBqnjAe2bCS8/k4J+J Nuqy5aMPsTc2A9+TzsIjSSR64Bz4TCtfIXwNX0a08+giaiEjkVIOS5i6xPveL5HZZ7zN CMdSFDhUZzq/jy8DwQ9WvD3L/Dm0Y+y6vDhr/tiQgcolJFAweEvaEiDKL5N0orRL4SV2 dGuRacEKWwe23WZo0Jbhc5KZ9FMCyaOCXtjkbF/O0c8HD6m+fBgLweXYTMXqkm1jwc/Z JaYw==
X-Gm-Message-State: ALoCoQlTZ9S9VM0SQW0F7oaPRnGDjtcevzMZqOggeRpSckWHKW7DsTaMNi+DKtNM//4+y/ArS2/e
MIME-Version: 1.0
X-Received: by 10.194.52.10 with SMTP id p10mr24013224wjo.98.1430158880061; Mon, 27 Apr 2015 11:21:20 -0700 (PDT)
Received: by 10.28.16.1 with HTTP; Mon, 27 Apr 2015 11:21:19 -0700 (PDT)
In-Reply-To: <1B8ED9D0-AF02-4F3A-BFFB-D14AD0B5E043@nominum.com>
References: <CAD6AjGT-hG-uvRQvRosrZtfrf0Nb8ne9jy=tD9oh=5zNM42Xsg@mail.gmail.com> <CAD6AjGTcKgK8W+VB1H5EQpHaYiKVYXqOz_2RS-w_CiTf9kL2CQ@mail.gmail.com> <CADhXe530+OVZrFZVaYh1-zoRDvJhUd0rf4sx6a2nO8SvKmm6zg@mail.gmail.com> <CAPi140PQ+TF0rED_bQPeS=Fj415qt0-zE2RdGnEL34PAzHyx6Q@mail.gmail.com> <CAD6AjGTjXAeMF6pw5MO2Jrf9B8LJ48D3m1YTVkdBe=_OHjtroQ@mail.gmail.com> <CADhXe51TCqU2eMP4LS3DooZxQDAPD95OVJDXbiU7qvuvKCMq+w@mail.gmail.com> <CAKD1Yr2=zc57+pOA9TFs+0azw0ZR1g67+08T=9eZPHjGXBvgFQ@mail.gmail.com> <CADhXe53T_30pj7xxwNs=mWEnd=do6oiq3KgN=U-gHLrLF-gG7Q@mail.gmail.com> <D1441574.4C168%wesley.george@twcable.com> <CAD6AjGQrzoBJrqQfKO0N8Ji=oJ-ZP6Sn88sXf=opJ6bYVmTDZg@mail.gmail.com> <552102B0.6070904@cernet.edu.cn> <35D97B17-8E83-43CF-ABEF-122572F1321A@eircom.net> <552369C8.5000801@cernet.edu.cn> <CADhXe51BDuPhc8wdKGmRiBfSnrz7PMtqYXaoDO+5cwLx_xW2tw@mail.gmail.com> <55290E26.8080500@cernet.edu.cn> <CADhXe50zz9EtNtifMh+tN9XT-jKCTJB=vsQ6uG515iddOo7f2Q@mail.gmail.com> <6536E263028723489CCD5B6821D4B21303E8C63A@UK30S005EXS06.EEAD.EEINT.CO.UK> <67A2A6E4-0603-4E84-8534-EA6C706C6D5D@lists.zabbadoz.net> <6536E263028723489CCD5B6821D4B21303E8CBAB@UK30S005EXS06.EEAD.EEINT.CO.UK> <0C3D10F1-B8AF-4097-91C6-D92CDDD5978D@nominum.com> <CAD6AjGR65jtZN4NV62p1XnUgoQRC+h=ELmsLcQaFTdrToMtwRA@mail.gmail.com> <CADhXe53VJeUDLpq2fpdndXF1VyPzQLTO=3LEYqbpOFmEPNbCJw@mail.gmail.com> <54AE4471-B568-4A92-B12D-137AD5950B60@nominum.com> <CADhXe52acGYR-y7VNpfXt=OQK7uqm1vNyHL3mwGhX8cpaYyW3A@mail.gmail.com> <CAKD1Yr0UAYH+tCc7LCLWbqzqiez7kZNJ8mVH3FB-K1LvnjXVUQ@mail.gmail.com> <CADhXe5302YTxvTSqoOyXJSMiT_vpuhkZPiE3W1Kty8E-Pd89nw@mail.gmail.com> <CAKD1Yr0snsxmHMXazJfKFhYhOpj3a+wNKcGuhHLgLXAhd07ixg@mail.gmail.com> <1B8ED9D0-AF02-4F3A-BFFB-D14AD0B5E043@nominum.com>
Date: Mon, 27 Apr 2015 11:21:19 -0700
Message-ID: <CADhXe53ncjBnODurNDcLp4pYGjFi8YOoxd-r_HWfueyp4KDFVw@mail.gmail.com>
From: James Woodyatt <jhw@nestlabs.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
Content-Type: multipart/alternative; boundary="047d7bae428604d3c40514b8d038"
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/xs1u0pSoPcpFUJFHSZ9AukSgQZ0>
Cc: IPv6 Ops WG <v6ops@ietf.org>
Subject: Re: [v6ops] The need for local-ipv4 socket transition solutions -- NAT64/DNS64 remains insufficient
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2015 18:21:23 -0000

On Mon, Apr 27, 2015 at 4:22 AM, Ted Lemon <Ted.Lemon@nominum.com> wrote:

> On Apr 26, 2015, at 9:37 PM, Lorenzo Colitti <lorenzo@google.com> wrote:
> > So, assuming it isn't... what sort of questions do you see around
> 464xlat that cannot be immediately answered by just saying that "464xlat is
> an unnumbered IPv4-only point-to-point link"?
>

I'll provide the beginning of an answer to Lorenzo's specific question
below, but I think the topic would be better handled at the IETF 93 meeting.

Also, I'm not trying to stall the conversation. I'm actually trying to
provoke what I think would be a reasonable way to keep the conversation
going in a productive direction: by improving the situation for application
programmers and host operating systems maintainers who will be forced to
live with 464XLAT for the foreseeable future if the recommendation in this
proposed BCP is widely adopted.

You're right, that makes it trivial.   Most applications are used to
> dealing with unnumbered IPv4-only point-to-point tunnels, so there's no
> explanation needed!   ;)
>
> Seriously, I have to say that if I saw that explanation, I would have no
> idea what it meant.   My understanding, having never actually _used_
> 464xlat knowingly, is that you open a socket and send on it and it just
> works, and that since most applications don't try to figure out what their
> source address is this isn't a problem.   But that's not what I would take
> your proposed text to mean.
>

Most applications don't even really want to know they are using TCP/IP,
much less which version of it. The whole point of 464XLAT is to cover the
special category of applications that do not make the usual assumptions and
use the corner cases of the IPv4-only application programming interfaces in
the host operating system. There are a lot of corner cases. So, here are
some example questions.

1. What about MIF? It's not sufficient to simply say put an IPv4 address on
the point-to-network pseudo-link for each provider. How does an application
that cares about which interface it's using know which IPv4 address belongs
to which interface? Does the getifaddrs() [not POSIX, but commonly
implemented] return results showing them all on the same interface? Or
different interfaces? How does an application sending a packet from a UDP
socket without a source address bound use IP_PKTINFO to specify which
source interface to use if ipi_spec_dst is zero? What about dual-stack
applications that care about which IP addresses are attached at which
interfaces over time? How do they know what IPv4 addresses are associated
with which interface if all the CLAT IPv4 addresses are attached to a
point-to-network pseudo-link instead of the interface where the CLAT IPv6
address is attached?

2. Consider the interaction an IPv6 listener and an IPv4 listener binding
to the same UDP port without using either SO_REUSEADDR option [or the
non-standard SO_REUSEPORT option], where the IPv6 socket is binding to the
same interface address that the CLAT will translate for the interface
address bound by the IPv4 socket? Does only the first socket() call succeed
while the second one fails? Or is there a different semantic? If so, what
is it?

3. Suppose instead the applications in the example above (2) do use
SO_REUSEADDR [and SO_REUSEPORT], and there are now two sockets bound to the
same IPv6 address and port, one of them translated by the CLAT and the
other not. Can these two applications communicate over interface loopback
through the CLAT?

Just saying that the CLAT is "an unnumbered IPv4-only point-to-point link"
tells us nothing about what application programmers can expect in these
sorts of weird corner cases, but the whole point of 464XLAT is to support
applications that don't use the protocol-independent interfaces.

I can understand why one might not want to document the answers to these
questions. Doing so might expose precisely how 464XLAT doesn't actually
deliver IPv4-only equivalence to applications on IPv6-only networks, but I
contend it's important to describe precisely what the CLAT does and doesn't
enable. Explaining what remains broken even after deploying a CLAT in every
host operating system will go a long way toward retaining a sensible
argument for application developers to migrate away from IPv4-only
programming interfaces.


-- 
james woodyatt <jhw@nestlabs.com>
Nest Labs, Communications Engineering

v2.23.0 | Report a Bug | By Email