[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multihoming requirement and NAT64

To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: multihoming requirement and NAT64
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Thu, 27 Mar 2008 14:56:46 +0100
Cc: IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <47EAB7CF.9010106@gmail.com>
References: <47EA9812.8010202@it.uc3m.es> <47EAB7CF.9010106@gmail.com>

On 26 mrt 2008, at 21:53, Brian E Carpenter wrote:

during the v6ops meeting in Philadelphia, Michael brought up theissueabout multihoming support for NAT64 boxes. As we know, current NATboxesinteract poorly with multihioming configurations. the question iguess
whether we should impose some requirements of multihoming support for
new NAT64 boxes.

I don't see how we can, since there is no single, agreed technique
for IPv6 multihoming, and I don't see why we would impose anyconstraint
to do better than regular v4 NAT on the v4 side.


What kind of multihoming are we talking about?

In the NAT64 model there are three entities: the IPv6 source host, thetranslator and the IPv4 destination host. There are three things thatcan go down:


1. The link between the source and the translator
2. The translator
3. The link between the translator and the destination

For MNAT-PT, we are currently not considering any security mechanisms,which means that the translator pretty much has to be located in theservice provider network. In that case, 1. can be addressed by regularcustomer-to-the-same-ISP multihoming techniques which don't impactglobal routing. If we assume that the translator is run by a thirdparty this requires some form of IPv6 multihoming, so either PI spaceor shim6. Obviously it's impossible to do HBA for any IPv6 addressesthat embed IPv4 addresses so shim6 is a problem.

Alternatively, an outage in 1. or 2. can be addressed by switching toanother translator, likely located at another ISP. This means thatsessions break.

It should be possible to deploy translators in clusters, but the statereplication thta's required to perform a failover without breakingsessions seems prohibitive.


For 3., standard IPv4 multihoming techniques would have to apply.

It seems to me that not having any session preserving multihomingsupport isn't worse than NAT44, so there is no need to make this arequirement - with one small exception: in order to successfully failover to a different translator, the entity that creates the full IPv6address from the IPv4 address and the translator prefix MUST be ableto discover a /96 prefix for a working translator fairly quickly afterthe failure of a previously used translator. I'm not sure what "fairlyquickly" would mean in this context, though. Certainly not days orhours. Minutes? Seconds, even?

Follow-Ups:
- Re: multihoming requirement and NAT64
  - From: marcelo bagnulo <marcelo@it.uc3m.es>

References:
- multihoming requirement and NAT64
  - From: marcelo bagnulo <marcelo@it.uc3m.es>
- Re: multihoming requirement and NAT64
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>

Prev by Date: Re: NAT64 and DNSSec
Next by Date: Re: NAT64 and DNSSec
Previous by thread: Re: multihoming requirement and NAT64
Next by thread: Re: multihoming requirement and NAT64
Index(es):
- Date
- Thread