[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-durand-v6ops-natv4v6v4

To: IPv6 Operations <v6ops@ops.ietf.org>
Subject: draft-durand-v6ops-natv4v6v4
From: james woodyatt <jhw@apple.com>
Date: Tue, 11 Mar 2008 12:49:18 -0400

everyone--

I have some comments on the proposed solutions.

IPv6-Only >> In my wildest flights of fantasy, I cannot imagine thisas a serious proposal. It's only here for the sake of completeness,yes? There is currently no practical value for IPv6-only serviceexcept to sites which don't need access to the public Internet andonly need connectivity to an identified set of IPv6-only peers. Thesecustomers can be adequately served by tunneling IPv6 over IPv4, e.g.the way Apple's Back-to-my-Mac works today.

Double IPv4->IPv4->IPv4 NAT >> This solution has an additionalunstated advantage. It's already deployed in residential settings andknown to "work" to the satisfaction of its users. It has drawbacks.Here's what I think about the ones noted in the draft.

+ We will fix the first drawback, i.e. the hole-punching problem ofmultiple layers of NAT, by forwarding NAT-PMP requests up the chain tothe router with the public IPv4 address. Obviously UPnP IGD will haveto be likewise upgraded, but these router products tend to have acomparatively short product lifespan, and forces unrelated to IPv6deployment will be driving this upgrade.

+ The operational issues of operating several IPv4 routing realms on alarge continental-scale network aren't impossible to manage. They'rejust difficult. Consider it an opportunity to concentrate on yourcore competencies.

+ Address conflicts are already a reasonably manageable problem insideresidential networks, where users are stacking up NAT behind NAT ontheir own premises just because configuring boxes requires a level ofgeeky expertise that normal people generally avoid acquiring. Thesame mechanisms we use to mitigate those problems will have to be usedto deal with the case where the ISP is providing RFC 1918 addressesthat conflict with what the box wants to use in its factoryconfiguration. (At Apple, this is already a problem in some marketswhere ISP's are routinely deploying the Double IPv4->IPv4->IPv4 NATsolution.)

Double IPv4->IPv6->IPv4 >> From the customer perspective, this looksidentical to the Double IPv4->IPv4->IPv4 NAT solution above, becausethe only way this architecture can work is if the CPE that does the v4->v6 translation is provider provisioned. Absent the heavy hand ofmarket regulation by government, vendors of retail consumer IPv4/NATresidential gateway CPE devices have no incentive whatsoever to assistISP's with the deployment of the Double IPv4->IPv6->IPv4 solution totheir operational issues.

+ On the subject of ALG requirements in this alternative: yes, theALG's at both the v4->v6 NAT and the v6-v4 NAT will be required totranslate addresses in the application protocols.

IPv6 Tunneling + carrier-grade IPv4->IPv4 NAT >> This is asimplification of the Double IPv4->IPv6->IPv4 solution above, and likeit, looks identical to Double IPv4->IPv4->IPv4 from the customerperspective. Whether the provider provisioned CPE does IPv6 tunnel tocarrier grade IPv4->IPv4 NAT or IPv4->IPv6 NAT is matter for providersto decide. Most will end up doing both in different parts of theirnetworks.

+ The address sharing consideration described in section 5 isapplicable to the Double IPv6->IPv6->IPv4 NAT solution as well. Theproblem arises at the translation into the public IPv4 routing realm,and it's really a problem for application service providers to solve.If "a well-known application" uses AJAX to open 69 TCP ports per webpage served, then the footprint they're taking up on the global IPv4address for each client is 69 ports per web page, regardless ofwhether those clients are IPv4-only, IPv6-only or dual-stack. If theywant to make their service available to as many customers as possible,then the IPv4 address depletion problem amounts to an effective cap onthe growth of the market they can expect to be able to serve over IPv4in the future.

+ The way these applications will respond to that problem, I predict,is to reduce the footprint they require on the IPv4/NAT public addressfor their clients. They will only feel safe transitioning to IPv6after a significant fraction of their user base has native IPv6service superior to their existing IPv4 service. Anything that makestheir existing IPv4 service limp along better in the face of addressdepletion reduces the urgency such application providers feel to makethe transition to IPv6.

Multicast considerations >> The only multicast routing that needs tobe considered is SSM originating in the service provider withreceivers on their customer networks. All other multicastapplications are, for practical purpose, dead on arrival. Probably,the best way to do this is to define an IPv6 SSM prefix that subsumesthe existing IPv4 SSM addresses, and to define a way to send an IPv6SSM stream that can be easily translated into an equivalent IPv4 SSMstream at the provider provisioned CPE router.


--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering

Follow-Ups:
- RE: draft-durand-v6ops-natv4v6v4
  - From: <teemu.savolainen@nokia.com>
- RE: draft-durand-v6ops-natv4v6v4
  - From: "Dan Wing" <dwing@cisco.com>

Prev by Date: Agenda for this week
Next by Date: RE: draft-durand-v6ops-natv4v6v4
Previous by thread: Agenda for this week
Next by thread: RE: draft-durand-v6ops-natv4v6v4
Index(es):
- Date
- Thread