[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-templin-v6v4inet-00.txt

To: IPv6 Operations <v6ops@ops.ietf.org>
Subject: Re: I-D ACTION:draft-templin-v6v4inet-00.txt
From: Brian E Carpenter <brc@zurich.ibm.com>
Date: Thu, 22 Jul 2004 12:05:57 +0200
In-reply-to: <200407131935.PAA07549@ietf.org>
Organization: IBM
References: <200407131935.PAA07549@ietf.org>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113

Fred, I'm not sure which list this belongs on, so I chose v6ops.

I have a few comments and questions.

Abstract

IPv6 includes a 128-bit address space designed as a solution for the 32-bit limitation of IPv4. But, IPv4 proliferation in the global Internet continues via private addressing domains behind Network Address Translators (NATs). Furthermore, a formerly popular viewpoint that IPv6 networking would soon replace IPv4 seems to be yielding to an emerging viewpoint of long-term coexistence.


I really have problems with the last sentence. I can't imagine where
such a "popular viewpoint" ever existed. Speaking personally, I've
been on a coexistence model since RFC 1671.

4. Inter-Enterprise Communications

   When an ISATAP node sends ip-protocol-41 packets toward an IPv6
   target node located in a remote enterprise, the virtual link can
   theoretically extend all the way from the sender to the target's
   enterprise border (or even to the target itself) given appropriate
   enhancements in RPBSs along the path as follows:


Either I have read the document carelessly, or it doesn't explain
anywhere by what magic the path between the RPBSs is formed. Do they
run normal IPv6 routing protocols, or what?

4.1 From the Sender to the Target's Enterprise Border

   Any RPBSs along the path from the sender to the target's enterprise
   border that rewrite a packet's IPv4 source address should implement a
   simple enhancement to support extension of the virtual link. In
   particular, each such RPBS should also rewrite any matching IPv4
   addresses embedded in the packet's IPv6 source address and (for IPv6
   Neighbor Discovery messages) in Source/Target Link Layer Address
   Options [RFC2529] at the same time the IPv4 source address is
   rewritten (i.e., an operation commonly referred to as proxying
   [NDPROXY]).


This appears to describe an IPv6 NAT process. If so, surely we must deem
it unacceptable. We want packets to be delivered unchanged in IPv6.

Each such RPBS should also cache IPv6 flow soft state [RFC3697]...


RFC 3697 doesn't discuss soft state. It specifically says that "The nature
of the specific treatment and the methods for the flow state establishment
are out of scope for this specification."

   ...as a
   logical interface identifying the sender and take care that no two
   flows with the same (IPv4 src, IPv4 dst, IPv6 flow_label)-tuple exit
   the enterprise/site at the same time.   If two or more flows attempt to
   use the same (non-zero) IPv6 flow label and IPv4 destination address,
   an RPBS can break the tie by assigning distinct IPv4 addresses to the
   flows when it re-writes the IPv4 source address and matching IPv4
   addresses in ip-protocol-41 packets. (This requires each RPBS to
   assign multiple IPv4 addresses to its outgoing interfaces.)


Well, the RFC 3697 requirement for flow labels is only that the
(IPv6 src, IPv6 dst, IPv6 flow_label) tuple must be unique. That is a
much easier constraint to meet. If the IPv4 addresses in question
are to be taken from a NAT pool, I don't think this will scale at all.
What if a site generates 20000 simultaneous flows to different clients?
It's quite consistent with RFC 3697 for them to use the same flow label.

6. Addressing

   When an ISATAP node's application initiates communications with a
   target peer, it first resolves the target's Fully-Qualified Domain
   Name (FQDN) using the DNS [RFC1035] or an enterprise-internal name
   service, e.g., [LLMNR]. If the name service returns a set of AAAA
   records including one with a 6to4 [RFC3056] subnet router anycast
   address, ...

I don't understand why that would ever happen.

   ...the initiating node can use the IPv4 address embedded in the
   6to4 prefix as the IPv4 destination address for the target node's
   enterprise border RPBS. (The address can also be used to determine
   whether the initiator and target reside in the same enterprise.)


No it can't, in the general case. A site might run multiple simultaneous
6to4 prefixes (e.g. belonging to several different ISPs or several different
border routers).

Regards,

Brian

Follow-Ups:
- Re: I-D ACTION:draft-templin-v6v4inet-00.txt
  - From: Fred Templin <ftemplin@iprg.nokia.com>

Prev by Date: Re: 9/9/2004 IP6.INT Removal (Was: 9/9/2006 : ip6.int shutdown?)
Next by Date: Re: [ipv6-wg@ripe.net] 9/9/2004 IP6.INT Removal (Was: 9/9/2006 : ip6.int shutdown?)
Previous by thread: 9/9/2004 IP6.INT Removal (Was: 9/9/2006 : ip6.int shutdown?)
Next by thread: Re: I-D ACTION:draft-templin-v6v4inet-00.txt
Index(es):
- Date
- Thread