Re: [v6ops] single /64, ND Proxy, and draft-ietf-v6ops-464xlat-07.txt
Ray Hunter <v6ops@globis.net> Sun, 26 August 2012 11:40 UTC
Return-Path: <v6ops@globis.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D69B21F84F2 for <v6ops@ietfa.amsl.com>; Sun, 26 Aug 2012 04:40:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.19
X-Spam-Level:
X-Spam-Status: No, score=-2.19 tagged_above=-999 required=5 tests=[AWL=-0.191, BAYES_00=-2.599, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j2-YU2bO7WRG for <v6ops@ietfa.amsl.com>; Sun, 26 Aug 2012 04:40:05 -0700 (PDT)
Received: from globis01.globis.net (RayH-1-pt.tunnel.tserv11.ams1.ipv6.he.net [IPv6:2001:470:1f14:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id 5F57D21F84B2 for <v6ops@ietf.org>; Sun, 26 Aug 2012 04:40:04 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id E1A48870067; Sun, 26 Aug 2012 13:39:47 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at globis01.globis.net
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0mVP4rPpIqLw; Sun, 26 Aug 2012 13:39:18 +0200 (CEST)
Received: from Rays-iMac-2.local (unknown [192.168.0.3]) (Authenticated sender: Ray.Hunter@globis.net) by globis01.globis.net (Postfix) with ESMTPA id E695487005C; Sun, 26 Aug 2012 13:39:17 +0200 (CEST)
Message-ID: <503A0ADF.5070303@globis.net>
Date: Sun, 26 Aug 2012 13:39:11 +0200
From: Ray Hunter <v6ops@globis.net>
User-Agent: Postbox 3.0.4 (Macintosh/20120616)
MIME-Version: 1.0
To: Cameron Byrne <cb.list6@gmail.com>
References: <75B6FA9F576969419E42BECB86CB1B890779FB@xmb-rcd-x06.cisco.com> <CAD6AjGSpxUsXcLt3HhWfnptbjm3-_ADUxqLHV5AMF=TwWAYQvw@mail.gmail.com> <50392728.6020002@globis.net> <CAD6AjGQr4cJOjdYiOYsiFrGqcs2+PFaQ1YDcgJpVE1TEAd88aQ@mail.gmail.com>
In-Reply-To: <CAD6AjGQr4cJOjdYiOYsiFrGqcs2+PFaQ1YDcgJpVE1TEAd88aQ@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] single /64, ND Proxy, and draft-ietf-v6ops-464xlat-07.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Aug 2012 11:40:06 -0000
Inline. Thanks! > Cameron Byrne <mailto:cb.list6@gmail.com> > 25 August 2012 22:40 > Hi Ray, > > On Sat, Aug 25, 2012 at 12:27 PM, Ray Hunter<v6ops@globis.net> wrote >> The single /64 deployment model conflicts with previous approved IETF BCP. I >> was also vocal in the discussion on 6204bis. >> >> Specifically: According to BCP 157 RFC6177 "A key principle for address >> management is that end sites always be able to obtain a reasonable amount of >> address space for their actual and planned usage, and over time ranges >> specified in years rather than just months." >> > > Without ND proxy, the amount of address you have is exactly zero for a > tethered device in all of today's 3GPP networks. So the question is > do we do allow tethering on IPv6 today or do we say "no, IPv6 is > future exercise for someone else". Failing to engineer for it now > makes yet another chicken-and-egg issue. No customers, no demand, no > spec, no gear, no code, ... Understand that. No problem with a phone using xlat for it's own internal mono-stack apps. Or in a stand alone LAN where the phone is the only router. I'm just trying to understand interoperability when there's more than one device present: either in parallel or cascaded. When asked what happens when CLAT's are cascaded I got an answer back that this was out of scope of the draft. If I read ND Proxy I think that this case is illegal and that ND proxy processing will be disabled [ 2nd CLAT will receive an RA message with the P bit set on its upstream interface] But there's no such explicit protection or detection of cascaded IANA assigned EUI-64 ID addresses in XLAT, which would definitely cause an IPv6 address conflict with the upstream CLAT. It strikes me as odd that ND Proxy goes to the trouble of detecting and shutting down the 2nd ND proxy if there's cascading, but XLAT BCP doesn't. Why not explicitly shut down the affected functions of the downstream CLAT if it detects a duplicate IANA assigned EUI-64 address on it's upstream interface? Wouldn't that protect existing service from the upstream CLAT? > On my 3GPP Release 7 network, you may tether today with NDproxy and > have access to the WAN /64 on your LAN. > > As soon as kit arrives that can do DHCP-PD, that will be the preferred > mechanism. > > I believe that is clearly documented here: > http://tools.ietf.org/html/draft-ietf-v6ops-464xlat-07#section-8.3.2 > IF DHCP-PD available, then use DHCP-PD to grab as much address space as needed > > Else if NDproxy available, do that > > Else if EUI-64 reserved address available, do that. > I have read 8.3.2 and it does not seem to be worded exactly as you suggest. Currently it's worded in the negative "if cannot X then can Y", and in some places it doesn't even use reserved keywords in capitals. That to me does not express a preference for good behaviour of an "if X then SHOULD Y else MAY Z ....." clause. I'd prefer this section to be worded in the positive (this is Best Current Practice) to give the preferred translation order (exactly as you state, using if then else... ), and thus avoid perpetuating bad practice of single /64 working, and ensure interoperability if devices are swapped out. Here's my (non expert) version of the text: In the case that DHCPv6-PD [RFC3633] is available, the CLAT SHOULD use a dedicated IPv6 prefix for stateless translation [RFC6145]. ND Proxy andIANA assigned EUI-64 ID based addresses SHOULD NOT be used. If the CLAT does not have a dedicated IPv6 prefix available for translation, the CLAT SHOULD attempt to perform NAT44 and stateless translation [RFC6145] as detailed in the following paragraph. IPv4 packets from the LAN SHOULD be translated using NAT44 to the private IPv4 host address of the CLAT that is not included in LAN segment of CLAT. Then, the CLAT SHOULD perform a stateless translation [RFC6145] so that the IPv4 packets from the CLAT IPv4 host address are translated to the CLAT WAN IPv6 address as described in [RFC6145]. ND Proxy MAY be used. EUI-64 ID based addresses SHOULD NOT be used. Please note that RFC 4389 section 4.1.3.3 http://tools.ietf.org/html/rfc4389#section-4.1.3.3 prohibits a CLAT from performing ND Proxy if RA packets are received on the downstream interface. When both DHCPv6-PD and ND proxy are not available a CLAT MAY use a dedicated IANA assigned EUI-64 ID for creating a translated IPv6 address to be used in stateless translation [RFC6145]. This will allow the CLAT to avoid possible IPv6 address duplication issues between an IPv6 address for stateless translation [RFC6145] in the CLAT and an IPv6 address assigned to native IPv6 nodes behind the CLAT. This document describes an example for this case in Example 2. of the Appendix A. The IANA assigned EUI-64 ID SHOULD NOT be used for L2 link addressing. Network operators SHOULD ensure that the upstream interface of each CLAT is connected to an unique upstream IPv6 prefix, to prevent potential problems with duplicate IPv6 addressing of downstream interfaces of two CLAT's connected in parallel, I'm relying on you xlat experts to get the preference order right..... >> The single /64 deployment model may be reality of Release-9 3gpp, but should >> we be producing a new (xlat) BCP that potentially condones bad practice >> forever? Especially as future releases of 3gpp seem to be moving away from >> the single /64 deployment model. >> e > > It does not condone NDproxy forever, i believe the current text is > clear that DHCP-PD is the preferred path. Given that that the > preferred path is only available in vaporware on 3GPP networks and > this is a BCP, we documented what we know to work in a 3GPP network > for real .. with real code .. .real customers .... real production > network. While, at the same time, saying DHCP-PD is the best path > when available I appreciate the intention but I think the text could be improved. >> I'm worried that we'll create issues for Homenet, because an IPv6 wireless >> LTE mobile phone acting as a CPE router (with built in CLAT and special >> processing for single /64 working) is pretty likely to connect into a >> Homenet in parallel to a domestic wired CPE router (with built in CLAT). >> > > Homenet has a lot of work to do on many fronts, and finding network > boundaries is one of their most active areas of research As stated above I now think ND proxy should shut down when a phone using ND proxy is connected to Homenet. However, if two wireless devices are using CLAT + single /64 + ND Proxy at the moment one phone is tethered, wouldn't they both detect RA packets on their downstream interfaces, causing both to fail over to a different translation scheme (based on fixed IANA address)? This isn't such a crazy scenario: I know of places that deliver "fixed" domestic Internet links via wireless; as well as some friends who own more than one mobile device per household. Wouldn't this cause some interesting oscillation effects, as well as killing existing sessions? >> Can you remove that worry? >> > > I hope i already have. > >> Does the WG think Lorenzo's and Hemant's vision of a tethered mobile phone >> as "just another CPE router" the more correct model? > > I have my reservations about the commercial reality of multi-homing > for residential use, but i think it is viable. > > CB >> regards, >> >> >> Cameron Byrne wrote: >>> On Sat, Aug 25, 2012 at 8:54 AM, Hemant Singh (shemant) >>> <shemant@cisco.com> wrote: >>>> I do have to start a new thread to focus this ND Proxy discussion with >>>> 464xlat. Elide the use case of a single /64 from the document and then >>>> the >>>> following go away too. >>>> >>>> >>>> >>>> 1. ND Proxy >>>> >>>> 2. RFC 4389 >>>> >>>> 3. Single /64 allocated to the CLAT >>>> >>>> >>> Single /64 is the reality of many of today's access networks, and >>> specifically important is all deployed 3GPP networks work this way for >>> IPv6. Note, there are no known Release 10 networks deployed or any >>> known support of 3GPP DHCP-PD, AFAIK. It is known that IPv4 resources >>> are exhausted in APNIC, and soon to be so in RIPE and then ARIN. So, >>> there is no point in waiting for perfect. A single /64 is the only >>> reality we know in 3GPP, and is therefore the most concrete thing we >>> have for this BCP, which includes running code / running network. >>> >>> http://tools.ietf.org/html/rfc6459#section-5.3 >>> >>> 5.3. Prefix Delegation >>> >>> IPv6 prefix delegation is a part of Release-10 and is not covered by >>> any earlier releases. However, the /64 prefix allocated for each >>> default bearer (and to the UE) may be shared to the local area >>> network by the UE implementing Neighbor Discovery proxy (ND proxy) >>> [RFC4389] functionality. >>> >>>> During the IPv6 CPE router specification development, for a long time, >>>> some >>>> folks from the 3GPPP community asked us to add a use case for a single >>>> /64 >>>> and ND Proxy to rfc6204. However, after more careful study, a consensus >>>> was >>>> reached to remove the single /64 use case from rfc6204 and rfc6204bis. >>>> Additionally, I am told the IETF endorses the DHCPv6 PD model over a >>>> single /64. >>>> >>>> >>> I am also told the IETF endorses dual-stack >>> >>>> A single /64 cannot be supported on a CPE/CLAT because then the CPE has >>>> to >>>> proxy the RA to hosts in the LAN or tethered segment. There is no >>>> document >>>> on a Standards Track in the IETF that defines how to proxy an RA. I am >>> Is a standard tack document required? I assume the point you are >>> trying to make is that rfc4389 is experimental status. >>> >>>> assuming the CLAT CPE sees an IPv6 ND RA from an upstream IPv6 router in >>>> the >>>> wireless service provider domain. If the cellular network does not >>>> issue >>>> an RA to the CLAT/UE/CPE, how does the UE know it’s ipv6 default router? >>>> How is the /64 assigned to the CLAT? >>>> >>>> >>> If you are wondering how 3GPP side works, start here rfc6459 >>> >>> CB >>> >>>> Hemant >>>> >>>> >>>> _______________________________________________ >>>> v6ops mailing list >>>> v6ops@ietf.org >>>> https://www.ietf.org/mailman/listinfo/v6ops >>>> > Ray Hunter <mailto:v6ops@globis.net> > 25 August 2012 21:27 > The single /64 deployment model conflicts with previous approved IETF > BCP. I was also vocal in the discussion on 6204bis. > > Specifically: According to BCP 157 RFC6177 "A key principle for > address management is that end sites always be able to obtain a > reasonable amount of address space for their actual and planned usage, > and over time ranges specified in years rather than just months." > > The single /64 deployment model may be reality of Release-9 3gpp, but > should we be producing a new (xlat) BCP that potentially condones bad > practice forever? Especially as future releases of 3gpp seem to be > moving away from the single /64 deployment model. > > I'm worried that we'll create issues for Homenet, because an IPv6 > wireless LTE mobile phone acting as a CPE router (with built in CLAT > and special processing for single /64 working) is pretty likely to > connect into a Homenet in parallel to a domestic wired CPE router > (with built in CLAT). > > Can you remove that worry? > > Does the WG think Lorenzo's and Hemant's vision of a tethered mobile > phone as "just another CPE router" the more correct model? > > regards, > > > ------------------------------------------------------------------------
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Cameron Byrne
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Mark ZZZ Smith
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Mark ZZZ Smith
- [v6ops] single /64, ND Proxy, and draft-ietf-v6op… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Cameron Byrne
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Ray Hunter
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Rajiv Asati (rajiva)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Cameron Byrne
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Mark ZZZ Smith
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Ray Hunter
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Rajiv Asati (rajiva)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Rajiv Asati (rajiva)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Victor Kuarsingh
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Rajiv Asati (rajiva)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Cameron Byrne
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Victor Kuarsingh
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Cameron Byrne
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Mikael Abrahamsson
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… jouni korhonen
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… GangChen
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Rémi Després
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Lorenzo Colitti
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Alexandru Petrescu
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Rémi Després
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Gert Doering
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Mark ZZZ Smith
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Lorenzo Colitti
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Alexandru Petrescu
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Lorenzo Colitti
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Rémi Després
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Vízdal Aleš
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Alexandru Petrescu
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… jouni korhonen
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Vízdal Aleš
- [v6ops] ND Proxy in Mobile [was: RE: single /64, … Vízdal Aleš
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Lorenzo Colitti
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Lorenzo Colitti
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… jouni korhonen
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Cameron Byrne
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Lorenzo Colitti
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Lorenzo Colitti
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Cameron Byrne
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Rémi Després
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Mark ZZZ Smith
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Rémi Després
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Lorenzo Colitti
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Rémi Després
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Mikael Abrahamsson
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Vízdal Aleš
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… jouni korhonen
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… jouni korhonen
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Mark ZZZ Smith
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Vízdal Aleš
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Vízdal Aleš
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Rémi Després
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Rémi Després
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… GangChen
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Lorenzo Colitti
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Lorenzo Colitti
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Rémi Després
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Lorenzo Colitti
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Rémi Després
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… Hemant Singh (shemant)
- [v6ops] No conflict between ND proxy and EUI-64 r… Rémi Després
- [v6ops] 464XLAT - Applicability of reserved IID p… Rémi Després
- Re: [v6ops] single /64, ND Proxy, and draft-ietf-… joel jaeggli
- Re: [v6ops] example method (was: single /64, ND P… Alexandru Petrescu
- Re: [v6ops] example method (was: single /64, ND P… Lorenzo Colitti
- Re: [v6ops] example method Alexandru Petrescu
- Re: [v6ops] example method Jouni Korhonen
- Re: [v6ops] example method Alexandru Petrescu