draft-durand-v6ops-natv4v6v4

[james woodyatt <jhw@apple.com>]

everyone--

I have some comments on the proposed solutions.

IPv6-Only >> In my wildest flights of fantasy, I cannot imagine this  
as a serious proposal.  It's only here for the sake of completeness,  
yes?  There is currently no practical value for IPv6-only service  
except to sites which don't need access to the public Internet and  
only need connectivity to an identified set of IPv6-only peers.  These  
customers can be adequately served by tunneling IPv6 over IPv4, e.g.  
the way Apple's Back-to-my-Mac works today.

Double IPv4->IPv4->IPv4 NAT >> This solution has an additional  
unstated advantage.  It's already deployed in residential settings and  
known to "work" to the satisfaction of its users.  It has drawbacks.   
Here's what I think about the ones noted in the draft.

+ We will fix the first drawback, i.e. the hole-punching problem of  
multiple layers of NAT, by forwarding NAT-PMP requests up the chain to  
the router with the public IPv4 address.  Obviously UPnP IGD will have  
to be likewise upgraded, but these router products tend to have a  
comparatively short product lifespan, and forces unrelated to IPv6  
deployment will be driving this upgrade.

+ The operational issues of operating several IPv4 routing realms on a  
large continental-scale network aren't impossible to manage.  They're  
just difficult.  Consider it an opportunity to concentrate on your  
core competencies.

+ Address conflicts are already a reasonably manageable problem inside  
residential networks, where users are stacking up NAT behind NAT on  
their own premises just because configuring boxes requires a level of  
geeky expertise that normal people generally avoid acquiring.  The  
same mechanisms we use to mitigate those problems will have to be used  
to deal with the case where the ISP is providing RFC 1918 addresses  
that conflict with what the box wants to use in its factory  
configuration.  (At Apple, this is already a problem in some markets  
where ISP's are routinely deploying the Double IPv4->IPv4->IPv4 NAT  
solution.)

Double IPv4->IPv6->IPv4 >> From the customer perspective, this looks  
identical to the Double IPv4->IPv4->IPv4 NAT solution above, because  
the only way this architecture can work is if the CPE that does the v4- 
>v6 translation is provider provisioned.  Absent the heavy hand of  
market regulation by government, vendors of retail consumer IPv4/NAT  
residential gateway CPE devices have no incentive whatsoever to assist  
ISP's with the deployment of the Double IPv4->IPv6->IPv4 solution to  
their operational issues.

+ On the subject of ALG requirements in this alternative: yes, the  
ALG's at both the v4->v6 NAT and the v6-v4 NAT will be required to  
translate addresses in the application protocols.

IPv6 Tunneling + carrier-grade IPv4->IPv4 NAT >> This is a  
simplification of the Double IPv4->IPv6->IPv4 solution above, and like  
it, looks identical to Double IPv4->IPv4->IPv4 from the customer  
perspective.  Whether the provider provisioned CPE does IPv6 tunnel to  
carrier grade IPv4->IPv4 NAT or IPv4->IPv6 NAT is matter for providers  
to decide.  Most will end up doing both in different parts of their  
networks.

+ The address sharing consideration described in section 5 is  
applicable to the Double IPv6->IPv6->IPv4 NAT solution as well.  The  
problem arises at the translation into the public IPv4 routing realm,  
and it's really a problem for application service providers to solve.   
If "a well-known application" uses AJAX to open 69 TCP ports per web  
page served, then the footprint they're taking up on the global IPv4  
address for each client is 69 ports per web page, regardless of  
whether those clients are IPv4-only, IPv6-only or dual-stack.  If they  
want to make their service available to as many customers as possible,  
then the IPv4 address depletion problem amounts to an effective cap on  
the growth of the market they can expect to be able to serve over IPv4  
in the future.

+ The way these applications will respond to that problem, I predict,  
is to reduce the footprint they require on the IPv4/NAT public address  
for their clients.  They will only feel safe transitioning to IPv6  
after a significant fraction of their user base has native IPv6  
service superior to their existing IPv4 service.  Anything that makes  
their existing IPv4 service limp along better in the face of address  
depletion reduces the urgency such application providers feel to make  
the transition to IPv6.

Multicast considerations >> The only multicast routing that needs to  
be considered is SSM originating in the service provider with  
receivers on their customer networks.  All other multicast  
applications are, for practical purpose, dead on arrival.  Probably,  
the best way to do this is to define an IPv6 SSM prefix that subsumes  
the existing IPv4 SSM addresses, and to define a way to send an IPv6  
SSM stream that can be easily translated into an equivalent IPv4 SSM  
stream at the provider provisioned CPE router.


--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering