date:20120314

Hi Francis,

Please see inline.

Cheers,
Med

-Message d'origine-
De : francis.dup...@fdupont.fr [mailto:francis.dup...@fdupont.fr]
Envoyé : mardi 13 mars 2012 17:56
À : BOUCADAIR Mohamed OLNC/NAD/TIP
Cc : draft-penno-softwire-sd...@tools.ietf.org; Softwires WG;
draft-cui-softwire-b4-translated-ds-lite
Objet : Re: [Softwires] draft-penno-softwire-sdnat vs.
draft-cui-softwire-b4-translated-ds-lite

In your previous mail you wrote:

(*) Question 1: It is not clear in text if there is
a second NAT
in the AFTR or not. Could you please confirm/infirm
a second NAT
is present?

= there is one but:
- it translates only port numbers following an algorithm

Med: Ok, thanks. But this is not clear in the -02 of draft-penno-*.

- the NAT is not strictly required: one can imagine to assign
directly to a CPE its port range as it is visible from the Internet

Med: Agree.

(note: 1- it should be not what we want as it makes CPEs trivial
to track, 2- it doesn't remove the mandatory check on source ports
in the from CPE to the Internet way)

Med: I failed to get your first point. Could you please clarify? Thanks.

(*) Question 2: If yes, is there any reason why you want to
maintain that second NAT?

= I can see at least 2 reasons:
- make CPE simplers (only applications which need to know
what is a port
number seen from the Internet side have to enter into the second NAT
details, i.e., typically the PCP (/UPnP iGD/NAT-PMP/...)
server on the CPE)

Med: applications using referral need to know the external IP address. I failed
to see why this is simpler compared to draft-cui-*.

(*) Question 3: If the public IP address assigned by
the AFTR is
not known to the port-restricted CPE, some
applications may fail
(referral). How the CPE will make a distinction between the
external IP address to be assigned in the WAN and
the one used in
the AFTR? If UPnP is used, the WAN IP address should not be
returned.

= my read of the SD-NAT mechanism is the public IP address
is the same
at each side of the SD-CGN.

Med: This is not clear in -02 of the draft-penno-*.

(2) Unlike draft-penno-*, draft-cui-* does not mandate
any proffered
provisioning means for port ranges; a list of alternatives is
provided in draft-cui-* without any preference (this is
deployment-
specific):

= but the ICMP-based solution is deeply broken so is it a real
advantage?

(*) Question 4: Given this list, is there really a
need for the
proposed ICMP-based solution?

= see previous item

(*) Question 5: draft-penno-* says: A stateless
DS-Lite CPE MUST
implement the DHCPv4 client relay option defined in
[I-D.ietf-dhc-
dhcpv4-over-ipv6] to learn is external IPv4 address..

Question 5-1: Why MUST? IMHO, this is
deployment-specific.

= no such specific:
- it makes the reasonable assumption than IPv4 addresses are assigned
using DHCPv4

Med: It is not reasonable when you don't have a DHCPv4 server but use PCP for
instance.

(*) Question 6: Is there any particular reason
draft-penno-* does
not mention draft-donley-behave-deterministic-cgn?

= too many drafts...?

Med: I think it is fair to cite draft-donley-*.

More seriously I have more concerns about
too simple algorithms deployed in the SD-CGN, for instance the:
[1024...xxx] - [N...N-1024+xxx] where p' = p + N - 1024
is good for tests or demos but makes CPEs too easy to trace,
I prefer what
draft-tsou-softwire-port-set-algorithms-analysis calls GMA
(still trivial to implement and to use but harder to trace).

Med: We don't have the constraint of MAP so I would not exclude pseudo-random
port set algos (see
http://tools.ietf.org/html/draft-tsou-softwire-port-set-algorithms-analysis-01#section-3.3)
___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] draft-penno-softwire-sdnat vs.draft-cui-softwire-b4-translated-ds-lite

Re-,

Thanks Rajiv for the pointer. 

BTW unlike the constraints we have in MAP (e.g., the bits forming PSID must be 
adjacent), draft-cui-* and the like can use pseudo-random algorithms to 
generate port ranges. 

Cheers,
Med


 -Message d'origine-
 De : Rajiv Asati (rajiva) [mailto:raj...@cisco.com] 
 Envoyé : mardi 13 mars 2012 21:19
 À : Francis Dupont; BOUCADAIR Mohamed OLNC/NAD/TIP; o...@cisco.com
 Cc : Softwires WG; draft-cui-softwire-b4-translated-ds-lite; 
 draft-penno-softwire-sd...@tools.ietf.org
 Objet : RE: [Softwires] draft-penno-softwire-sdnat 
 vs.draft-cui-softwire-b4-translated-ds-lite
 
  I prefer what draft-tsou-softwire-port-set-algorithms-analysis calls
 GMA
  (still trivial to implement and to use but harder to trace).
 
 I agree. GMA is defined here, btw -
 http://tools.ietf.org/html/draft-mdt-softwire-mapping-address-
 and-port-0
 2#section-4.1
 
 Cheers,
 Rajiv
 
 
 
  -Original Message-
  From: softwires-boun...@ietf.org [mailto:softwires-boun...@ietf.org]
 On
  Behalf Of Francis Dupont
  Sent: Tuesday, March 13, 2012 12:56 PM
  To: mohamed.boucad...@orange.com
  Cc: Softwires WG; draft-cui-softwire-b4-translated-ds-lite;
 draft-penno-
  softwire-sd...@tools.ietf.org
  Subject: Re: [Softwires] draft-penno-softwire-sdnat
 vs.draft-cui-softwire-b4-
  translated-ds-lite
  
  
   In your previous mail you wrote:
  
  (*) Question 1: It is not clear in text if there 
 is a second
 NAT
  in the AFTR or not.  Could you please 
 confirm/infirm a second
 NAT
  is present?
  
  = there is one but:
   - it translates only port numbers following an algorithm
  
   - the NAT is not strictly required: one can imagine to assign
 directly to a CPE its port range as it is visible from 
 the Internet
 (note: 1- it should be not what we want as it makes CPEs trivial
  to track, 2- it doesn't remove the mandatory check on 
 source ports
  in the from CPE to the Internet way)
  
  (*) Question 2: If yes, is there any reason why you want to
  maintain that second NAT?
  
  = I can see at least 2 reasons:
   - make CPE simplers (only applications which need to know what is a
 port
number seen from the Internet side have to enter into the 
 second NAT
details, i.e., typically the PCP (/UPnP iGD/NAT-PMP/...) server on
 the CPE)
  
  (*) Question 3: If the public IP address assigned 
 by the AFTR
 is
  not known to the port-restricted CPE, some applications may
 fail
  (referral).  How the CPE will make a distinction 
 between the
  external IP address to be assigned in the WAN and the one
 used in
  the AFTR?  If UPnP is used, the WAN IP address 
 should not be
  returned.
  
  = my read of the SD-NAT mechanism is the public IP address is the
 same
  at each side of the SD-CGN.
  
   (2) Unlike draft-penno-*, draft-cui-* does not mandate any
 proffered
   provisioning means for port ranges; a list of alternatives is
   provided in draft-cui-* without any preference (this is
 deployment-
   specific):
  
  = but the ICMP-based solution is deeply broken so is it a real
  advantage?
  
  (*) Question 4: Given this list, is there really a need for
 the
  proposed ICMP-based solution?
  
  = see previous item
  
  (*) Question 5: draft-penno-* says: A stateless 
 DS-Lite CPE
 MUST
  implement the DHCPv4 client relay option defined in
 [I-D.ietf-dhc-
  dhcpv4-over-ipv6] to learn is external IPv4 address..
  
 Question 5-1: Why MUST?  IMHO, this is
 deployment-specific.
  
  = no such specific:
   - it makes the reasonable assumption than IPv4 addresses 
 are assigned
using DHCPv4
   - it states DS-Lite so there is no direct IPv4 available
   - so IMHO the question is more about the DHCPv4-over-IPv6 
 application
and is more for the DHC WG (BTW please don't bounce this issue
 between
the two WGs, my idea is more to make a point about 
 DHCPv4-over-IPv6
itself)
  
 Question 5-2: By external IPv4 address, do 
 you mean the
 address to be assigned in the AFTR (if any)? or 
 the one to
 be
 used in the WAN interface of the CPE?
  
  = if they are the same the answer is easy
  
   (3) draft-penno-* advocates it is deterministic but 
 this feature
 can
   be enforced in any IPv4 address sharing technique:
  
  = BTW we need a better definition of deterministic. My proposal
  is it means the mapping follows an algorithm (and it is the case on
  the SD-CGN, BTW not on the SD-CPE).
  
  (*) Question 6: Is there any particular reason 
 draft-penno-*
 does
  not mention draft-donley-behave-deterministic-cgn?
  
  = too many drafts...? More seriously I have more concerns about
  too simple algorithms deployed in the SD-CGN, for instance the:
   [1024...xxx] - [N...N-1024+xxx] where p' = p + N - 1024
  is good for tests or demos but makes CPEs too easy to

Re: [Softwires] draft-penno-softwire-sdnat vs. draft-cui-softwire-b4-translated-ds-lite

Dear Qiong,

Please see inline.

Cheers,
Med


De : Qiong [mailto:bingxu...@gmail.com]
Envoyé : mercredi 14 mars 2012 00:50
À : Francis Dupont
Cc : BOUCADAIR Mohamed OLNC/NAD/TIP; Softwires WG; 
draft-cui-softwire-b4-translated-ds-lite; 
draft-penno-softwire-sd...@tools.ietf.org
Objet : Re: [Softwires] draft-penno-softwire-sdnat vs. 
draft-cui-softwire-b4-translated-ds-lite


 (2) Unlike draft-penno-*, draft-cui-* does not mandate any proffered
 provisioning means for port ranges; a list of alternatives is
 provided in draft-cui-* without any preference (this is deployment-
 specific):

= but the ICMP-based solution is deeply broken so is it a real
advantage?
[Qiong] In draft-cui-softwire-b4-translated-ds-lite, we have described the 
ICMP processing in section 10. And we have verified that it works fine in all 
ICMP-based protocols, e.g. ping, tracert, etc. There is no problem here.

[Med] I know it is confusing but these are two distinct issues. draft-penno-* 
defines a new method using ICMP to learn ports. Please refer to 
http://tools.ietf.org/html/draft-penno-softwire-sdnat-02#section-5


___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] IPv4 Residual Deployment - Unified-standard proposal 4rd


Le 2012-03-14 à 06:51, Maoke a écrit :

 
 
 2012/3/13 Rémi Després despres.r...@laposte.net
 2012-03-13 12:02, Maoke :
 2012/3/13 Rémi Després despres.r...@laposte.net
 ...
 
 The 4rd mechanism is for protocols that have ports at their usual place 
 (all existing protocols that have ports have them at the same place, even 
 if using another checksum algorithm like SCTP).
 
 
 may you have a check on the statement of all existing protocols again? i 
 noticed RFC908/RFC1151. sorry if that are not a transport protocol over IP. 
 
 I missed this one.
 None of the proposed stateless solutions supports it, but it remains that you 
 are right: it has ports at a different place.

 alright. so 4rd-U doesn't not support all existing transport protocol 
 either.

Never said that without qualifying which protocols.

 but i suppose you may make an update in the 4rd-u-06 so that a new 
 if...else... is added the port pick-up logic, and surely the CNP is not a 
 problem for RDP because the old version (RFC908) has 32bit checksum but not 
 involving pseudo-header while the newer version (RFC1151) changed to use 
 TCP-checksum. no big deal but only needs a new patch to the draft.

In the Note in 4.4 (7), the first sentence is:
This guarantees that, for all protocols that use the same checksum algorithm 
as TCP, Tunnel packets are valid IPv6 packets, and this independently from 
where the checksum field is placed for each protocol.
It can become: 
This guarantees that, for all protocols that use the same checksum algorithm 
as TCP and have ports at the same place, Tunnel packets are valid IPv6 packets, 
and this independently from where the checksum field is placed for each 
protocol.

Similarly, in the comparison table, H6 is:
For shared IPv4 addresses, DCCP and UDP-Lite supported, as well as future  
protocols using the TCP checksum algorithm
It can become:
For shared IPv4 addresses, DCCP and UDP-Lite supported, as well any future 
protocol that might use the TCP checksum algorithm and ports at the same place 
   

 but this is not my point. my point is: there must be something we don't know 
 (non omnia possumus omnes). even we have gone through the RFCs, there might 
 be some other proprietary L4 protocols, or experimental protocols. even they 
 are minority, i don't think ignoring their existance in our solution fits the 
 spirit of the Internet. it might be argued that NAT44 doesn't support such L4 
 protocols now, but an L4 protocol owner may makes his own NAT44, either 
 attached to the CE or separated. if 4rd-U respects such an effort, it should 
 state currently blahblabla L4 protocols are supported. the similar 
 statement applies to the RFC6145 or MAP as well.

 i somehow am hard to accept words like far fetched theoretical problem. 

If I had thought it might be so, I would have avoided the word.


 the L4-recalculate is a generic, architectural solution, surely needing codes 
 for every L4 protocol. but this generality in architecture makes RFC6145 or 
 MAP-T equipment be easily enhanced to support anything new with the same 
 logic. but for the 4rd-U BR, it looks to me we cannot have the unified logic 
 for all (even limited to existing and well-known) L4 protocols. 
 
 only my 2 cents. 

With amendments above, the point is AFAIK completely covered: everything is 
rigorously true, and worth noting.
Thanks for the useful reference to the RDP of RFC1151.

RD 




___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] IPv4 Residual Deployment - Unified-standard proposal 4rd

2012-03-14 Thread Maoke

2012/3/14 Rémi Després despres.r...@laposte.net


 Le 2012-03-14 à 06:51, Maoke a écrit :



 2012/3/13 Rémi Després despres.r...@laposte.net

 2012-03-13 12:02, Maoke :

 2012/3/13 Rémi Després despres.r...@laposte.net

 ...

  The 4rd mechanism is for protocols that have ports at their usual place
 (all existing protocols that have ports have them at the same place, even
 if using another checksum algorithm like SCTP).


  may you have a check on the statement of all existing protocols
 again? i noticed RFC908/RFC1151. sorry if that are not a transport protocol
 over IP.


 I missed this one.
 None of the proposed stateless solutions supports it, but it remains that
 you are right: it has ports at a different place.


 alright. so 4rd-U doesn't not support all existing transport protocol
 either.


 Never said that without qualifying which protocols.

 but i suppose you may make an update in the 4rd-u-06 so that a new
 if...else... is added the port pick-up logic, and surely the CNP is not a
 problem for RDP because the old version (RFC908) has 32bit checksum but not
 involving pseudo-header while the newer version (RFC1151) changed to use
 TCP-checksum. no big deal but only needs a new patch to the draft.


 In the Note in 4.4 (7), the first sentence is:
 This guarantees that, for all protocols that use the same checksum
 algorithm as TCP, Tunnel packets are valid IPv6 packets, and this
 independently from where the checksum field is placed for each protocol.
 It can become:
 This guarantees that, for all protocols that use the same checksum
 algorithm as TCP and have ports at the same place, Tunnel packets are
 valid IPv6 packets, and this independently from where the checksum field is
 placed for each protocol.

 Similarly, in the comparison table, H6 is:
 For shared IPv4 addresses, DCCP and UDP-Lite supported, as well as
 future  protocols using the TCP checksum algorithm
 It can become:
 For shared IPv4 addresses, DCCP and UDP-Lite supported, as well any
 future protocol that might use the TCP checksum algorithm and ports at the
 same place


then it is fine. with these statement, 4rd-U can support
- TCP
- UDP
- DCCP
- any future or less well-known protocol as long as it uses TCP checksum
and port at the same place

as a counterpart, we may suggest MAP-T to state it supports
- TCP
- UDP
- DCCP (with enforcing it rather than RFC6145's optional)
- any future or less well-known protocol, no matter what layout it is nor
how the checksum is defined, with the similar logic of L4 checksum
recalculation

;-)
maoke



 but this is not my point. my point is: there must be something we don't
 know (non omnia possumus omnes). even we have gone through the RFCs,
 there might be some other proprietary L4 protocols, or experimental
 protocols. even they are minority, i don't think ignoring their existance
 in our solution fits the spirit of the Internet. it might be argued that
 NAT44 doesn't support such L4 protocols now, but an L4 protocol owner may
 makes his own NAT44, either attached to the CE or separated. if 4rd-U
 respects such an effort, it should state currently blahblabla L4 protocols
 are supported. the similar statement applies to the RFC6145 or MAP as well.


 i somehow am hard to accept words like far fetched theoretical problem.


 If I had thought it might be so, I would have avoided the word.


 the L4-recalculate is a generic, architectural solution, surely needing
 codes for every L4 protocol. but this generality in architecture makes
 RFC6145 or MAP-T equipment be easily enhanced to support anything new with
 the same logic. but for the 4rd-U BR, it looks to me we cannot have the
 unified logic for all (even limited to existing and well-known) L4
 protocols.

 only my 2 cents.


 With amendments above, the point is AFAIK completely covered: everything
 is rigorously true, and worth noting.
 Thanks for the useful reference to the RDP of RFC1151.

 RD





___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] IPv4 Residual Deployment - Unified-standard proposal 4rd


Le 2012-03-14 à 10:00, Maoke a écrit :

 
 
 2012/3/14 Rémi Després despres.r...@laposte.net
 
 Le 2012-03-14 à 06:51, Maoke a écrit :
 
 
 
 2012/3/13 Rémi Després despres.r...@laposte.net
 2012-03-13 12:02, Maoke :
 2012/3/13 Rémi Després despres.r...@laposte.net
 ...
 
 The 4rd mechanism is for protocols that have ports at their usual place 
 (all existing protocols that have ports have them at the same place, even 
 if using another checksum algorithm like SCTP).
 
 
 may you have a check on the statement of all existing protocols again? i 
 noticed RFC908/RFC1151. sorry if that are not a transport protocol over IP. 
 
 I missed this one.
 None of the proposed stateless solutions supports it, but it remains that 
 you are right: it has ports at a different place.
 
 alright. so 4rd-U doesn't not support all existing transport protocol 
 either.
 
 Never said that without qualifying which protocols.
 
 but i suppose you may make an update in the 4rd-u-06 so that a new 
 if...else... is added the port pick-up logic, and surely the CNP is not a 
 problem for RDP because the old version (RFC908) has 32bit checksum but not 
 involving pseudo-header while the newer version (RFC1151) changed to use 
 TCP-checksum. no big deal but only needs a new patch to the draft.
 
 In the Note in 4.4 (7), the first sentence is:
 This guarantees that, for all protocols that use the same checksum algorithm 
 as TCP, Tunnel packets are valid IPv6 packets, and this independently from 
 where the checksum field is placed for each protocol.
 It can become: 
 This guarantees that, for all protocols that use the same checksum algorithm 
 as TCP and have ports at the same place, Tunnel packets are valid IPv6 
 packets, and this independently from where the checksum field is placed for 
 each protocol.
 
 Similarly, in the comparison table, H6 is:
 For shared IPv4 addresses, DCCP and UDP-Lite supported, as well as future  
 protocols using the TCP checksum algorithm
 It can become:
 For shared IPv4 addresses, DCCP and UDP-Lite supported, as well any future 
 protocol that might use the TCP checksum algorithm and ports at the same 
 place
 
 then it is fine. with these statement, 4rd-U can support 
 - TCP 
 - UDP
 - DCCP
 - any future or less well-known protocol as long as it uses TCP checksum and 
 port at the same place
 
 as a counterpart, we may suggest MAP-T to state it supports 
 - TCP
 - UDP
 - DCCP (with enforcing it rather than RFC6145's optional) 
 - any future or less well-known protocol, no matter what layout it is nor how 
 the checksum is defined, with the similar logic of L4 checksum recalculation 

Maybe I get the point you are making: you implicitly consider that BR and CE 
modifications can be synchronized. This is feasible if ISPs provide all CE 
nodes, but not in the general case.
  
Changing DCCP support from optional to mandatory in RFC6145 isn't backward 
compatible (an upgraded node isn't guaranteed to interwork with a non upgraded 
node).
 
To be even more precise, H6 of the comparison table can be:
For ISPs that don't provide all CE nodes, and for shared IPv4 addresses, DCCP 
and UDP-Lite are supported, as well as future protocols using the TCP checksum 
algorithm and ports at the same place

Does this cover the point?

RD




 
 ;-)
 maoke 
  
 
 but this is not my point. my point is: there must be something we don't know 
 (non omnia possumus omnes). even we have gone through the RFCs, there 
 might be some other proprietary L4 protocols, or experimental protocols. 
 even they are minority, i don't think ignoring their existance in our 
 solution fits the spirit of the Internet. it might be argued that NAT44 
 doesn't support such L4 protocols now, but an L4 protocol owner may makes 
 his own NAT44, either attached to the CE or separated. if 4rd-U respects 
 such an effort, it should state currently blahblabla L4 protocols are 
 supported. the similar statement applies to the RFC6145 or MAP as well.
 
 i somehow am hard to accept words like far fetched theoretical problem. 
 
 If I had thought it might be so, I would have avoided the word.
 
 
 the L4-recalculate is a generic, architectural solution, surely needing 
 codes for every L4 protocol. but this generality in architecture makes 
 RFC6145 or MAP-T equipment be easily enhanced to support anything new with 
 the same logic. but for the 4rd-U BR, it looks to me we cannot have the 
 unified logic for all (even limited to existing and well-known) L4 
 protocols. 
 
 only my 2 cents. 
 
 With amendments above, the point is AFAIK completely covered: everything is 
 rigorously true, and worth noting.
 Thanks for the useful reference to the RDP of RFC1151.
 
 RD 
 
 
 
 
 

___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] IPv4 Residual Deployment - Unified-standard proposal 4rd

2012-03-14 Thread Maoke

2012/3/14 Rémi Després despres.r...@laposte.net


 Le 2012-03-14 à 10:00, Maoke a écrit :



 2012/3/14 Rémi Després despres.r...@laposte.net


 Le 2012-03-14 à 06:51, Maoke a écrit :



 2012/3/13 Rémi Després despres.r...@laposte.net

 2012-03-13 12:02, Maoke :

 2012/3/13 Rémi Després despres.r...@laposte.net

 ...

  The 4rd mechanism is for protocols that have ports at their usual
 place (all existing protocols that have ports have them at the same place,
 even if using another checksum algorithm like SCTP).


  may you have a check on the statement of all existing protocols
 again? i noticed RFC908/RFC1151. sorry if that are not a transport protocol
 over IP.


 I missed this one.
 None of the proposed stateless solutions supports it, but it remains
 that you are right: it has ports at a different place.


 alright. so 4rd-U doesn't not support all existing transport protocol
 either.


 Never said that without qualifying which protocols.

 but i suppose you may make an update in the 4rd-u-06 so that a new
 if...else... is added the port pick-up logic, and surely the CNP is not a
 problem for RDP because the old version (RFC908) has 32bit checksum but not
 involving pseudo-header while the newer version (RFC1151) changed to use
 TCP-checksum. no big deal but only needs a new patch to the draft.


 In the Note in 4.4 (7), the first sentence is:
 This guarantees that, for all protocols that use the same checksum
 algorithm as TCP, Tunnel packets are valid IPv6 packets, and this
 independently from where the checksum field is placed for each protocol.
 It can become:
 This guarantees that, for all protocols that use the same checksum
 algorithm as TCP and have ports at the same place, Tunnel packets are
 valid IPv6 packets, and this independently from where the checksum field is
 placed for each protocol.

 Similarly, in the comparison table, H6 is:
 For shared IPv4 addresses, DCCP and UDP-Lite supported, as well as
 future  protocols using the TCP checksum algorithm
 It can become:
 For shared IPv4 addresses, DCCP and UDP-Lite supported, as well any
 future protocol that might use the TCP checksum algorithm and ports at the
 same place


 then it is fine. with these statement, 4rd-U can support
 - TCP
 - UDP
 - DCCP
 - any future or less well-known protocol as long as it uses TCP checksum
 and port at the same place

 as a counterpart, we may suggest MAP-T to state it supports
 - TCP
 - UDP
 - DCCP (with enforcing it rather than RFC6145's optional)
 - any future or less well-known protocol, no matter what layout it is nor
 how the checksum is defined, with the similar logic of L4 checksum
 recalculation


 Maybe I get the point you are making: you implicitly consider that BR and
 CE modifications can be synchronized. This is feasible if ISPs provide all
 CE nodes, but not in the general case.


i don't consider their modifications are synced but i do consider that each
device, either BR or CE, should has a specification on its supported
functionalities.



 Changing DCCP support from optional to mandatory in RFC6145 isn't backward
 compatible (an upgraded node isn't guaranteed to interwork with a non
 upgraded node).


the CE/BR specified RFC6145-compliant might be a problem but MAP-T is still
in development. if we state to enforce DCCP mandatorily rather than
optional in MAP-T, a MAP-T-compliant CE/BR won't has the backward
compatible problem. to this extend, MAP-T is at the same kick-off line of
the 4rd-U.



 To be even more precise, H6 of the comparison table can be:
 For ISPs that don't provide all CE nodes, and for shared IPv4 addresses,
 DCCP and UDP-Lite are supported, as well as future protocols using the TCP
 checksum algorithm and ports at the same place


i actually think the original text is fine. For  shared IPv4
addresses is not needed for 4rd-U, to my understanding, nor needed to
MAP-T.

maoke



 Does this cover the point?

 RD





 ;-)
 maoke



  but this is not my point. my point is: there must be something we don't
 know (non omnia possumus omnes). even we have gone through the RFCs,
 there might be some other proprietary L4 protocols, or experimental
 protocols. even they are minority, i don't think ignoring their existance
 in our solution fits the spirit of the Internet. it might be argued that
 NAT44 doesn't support such L4 protocols now, but an L4 protocol owner may
 makes his own NAT44, either attached to the CE or separated. if 4rd-U
 respects such an effort, it should state currently blahblabla L4 protocols
 are supported. the similar statement applies to the RFC6145 or MAP as well.


 i somehow am hard to accept words like far fetched theoretical problem.


 If I had thought it might be so, I would have avoided the word.


 the L4-recalculate is a generic, architectural solution, surely needing
 codes for every L4 protocol. but this generality in architecture makes
 RFC6145 or MAP-T equipment be easily enhanced to support anything new with
 the same logic. but for

[Softwires] MAP support of IPv4 prefixes?

Ole, co-authors of draft-mdt-softwire-mapping-address-and-port-02,

Sec. 1 says::
the residual IPv4 over IPv6 mechanisms must be capable of...Provisioning an 
IPv4 prefix, an IPv4 address or a shared IPv4 address.
(We all agree, I think, that this is important.)

Sec.5.2 says:
 The MAP IPv6 address is created by concatenating the End-user IPv6 prefix 
with the MAP subnet-id and the interface-id as specified in Section 6.

Sec6 says:
The Interface identifier format is based on the format specified in section 
2.2 of [RFC6052], with the added PSID format field (i.e. with at least a full 
embedded IPv4 address)

What should be done for a CE that is provisioned an IPv4 prefix, i.e. several 
IPv4 addresses, is in my understanding unclear.
Could you please clarify the intent?

Thanks,
RD



___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] draft-penno-softwire-sdnat vs. draft-cui-softwire-b4-translated-ds-lite

2012-03-14 Thread Alain Durand

Hi Med, see inline response to your questions wrt sd-nat-02

On Mar 13, 2012, at 10:58 AM,
mohamed.boucad...@orange.commailto:mohamed.boucad...@orange.com
mohamed.boucad...@orange.commailto:mohamed.boucad...@orange.com wrote:

(*) Question 1: It is not clear in text if there is a second NAT
in the AFTR or not. Could you please confirm/infirm a second NAT
is present?

in sd-nat, packets originated by an sd-CPE will be 'shaped' to use the correct
IPv4 address and port by the CPE before being encapsulated in IPv6. In that
scenario, the AFTR decapsulate the traffic, check IPv4 address port range are
indeed assigned to that IPv6 user, then forward the packet. There is only one
level of NAT, done by the CPE

In 'compatibility' mode, if the CPE fails to enforce the proper port range, the
AFTR will perform a second level of NAT.

(*) Question 2: If yes, is there any reason why you want to
maintain that second NAT?

in SD-nat, the 2nd NAT is only there to enable 'legacy' DS-Lite CPEs or DS-lite
+ B4 translated CPEs to interoperate with stateless DS-Lite CPEs.

(*) Question 3: If the public IP address assigned by the AFTR is
not known to the port-restricted CPE, some applications may fail
(referral). How the CPE will make a distinction between the
external IP address to be assigned in the WAN and the one used in
the AFTR? If UPnP is used, the WAN IP address should not be
returned.

In SD-Nat, the sd-CPE knows the external address via DHCPv4 over IPv6

(2) Unlike draft-penno-*, draft-cui-* does not mandate any proffered
provisioning means for port ranges; a list of alternatives is
provided in draft-cui-* without any preference (this is deployment-
specific):

o DHCPv4: the DHCPv4 protocol should be extended to support port-set
allocation
[I-D.bajko-pripaddrassignhttp://tools.ietf.org/html/draft-cui-softwire-b4-translated-ds-lite-05#ref-I-D.bajko-pripaddrassign].
Besides, the DHCP message
should send to the concentrator over IPv6. The concentrator can
be the DHCP server or DHCP relay
agent[I-D.ietf-dhc-dhcpv4-over-ipv6].

o PCP[I-D.ietf-pcp-base]: an initiator can launch multiple PCP
requests simultaneously to acquire a number ports within the same
IPv4 address, or use
[I-D.tsou-pcp-natcoordhttp://tools.ietf.org/html/draft-cui-softwire-b4-translated-ds-lite-05#ref-I-D.tsou-pcp-natcoord]
for one-time port-set
allocation.

o DHCPv6: the DHCPv6 protocol should be extended to support port-set
allocation
[I-D.boucadair-dhcpv6-shared-address-optionhttp://tools.ietf.org/html/draft-cui-softwire-b4-translated-ds-lite-05#ref-I-D.boucadair-dhcpv6-shared-address-option].

o IPCP: IPCP should be extended to carry the port-set.
[RFC6431http://tools.ietf.org/html/rfc6431]
gives an example.

(*) Question 4: Given this list, is there really a need for the
proposed ICMP-based solution?

IMHO, not specifying the technology to get pot range and living this to
implementation is a serious shortcoming.
We need to standardize one method.

(*) Question 5: draft-penno-* says: A stateless DS-Lite CPE MUST
implement the DHCPv4 client relay option defined in [I-D.ietf-dhc-
dhcpv4-over-ipv6] to learn is external IPv4 address..

Question 5-1: Why MUST? IMHO, this is deployment-specific.

Same as above, we need to have one common technology that is implemented by
everyone. This is the only way
to guaranty interoperability.

Question 5-2: By external IPv4 address, do you mean the
address to be assigned in the AFTR (if any)? or the one to be
used in the WAN interface of the CPE?

The IPv4 address to put as src address of v4 traffic by the CPE before
encapsulating in IPv6 and sending to AFTR.

(3) draft-penno-* advocates it is deterministic but this feature can

be enforced in any IPv4 address sharing technique:

(*) Question 6: Is there any particular reason draft-penno-* does
not mention draft-donley-behave-deterministic-cgn?

Alain.
___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] draft-penno-softwire-sdnat vs. draft-cui-softwire-b4-translated-ds-lite

2012-03-14 Thread Peng Wu

Hi Alain,

It's a little confusing now. Let me try to get things clear.

So the sd-nat-02 is not quite similar to the earlier version, the
mechanism somehow changes.
In my understanding, now the principle of the mechanism is similar to
the lightweight 4over6 draft, but I may miss something here.

My question is, how is it stateless or deterministic, and how is IPv6
anycast for multiple AFTRs working?
Seems the draft is suggesting that we put an identical profile on each
AFTR, the content of which is the mapping between IPv6 address and
IPv4 address+port range for all the CPEs (And of course, we can try to
find some protocol to synchronize the mapping automatically). Did I
get this correctly?

2012/3/14 Alain Durand adur...@juniper.net:
Hi Med, see inline response to your questions wrt sd-nat-02

On Mar 13, 2012, at 10:58 AM,
mohamed.boucad...@orange.commailto:mohamed.boucad...@orange.com
mohamed.boucad...@orange.commailto:mohamed.boucad...@orange.com wrote:

(*) Question 1: It is not clear in text if there is a second NAT
in the AFTR or not. Could you please confirm/infirm a second NAT
is present?

in sd-nat, packets originated by an sd-CPE will be 'shaped' to use the
correct IPv4 address and port by the CPE before being encapsulated in IPv6.
In that scenario, the AFTR decapsulate the traffic, check IPv4 address port
range are indeed assigned to that IPv6 user, then forward the packet. There
is only one level of NAT, done by the CPE

In 'compatibility' mode, if the CPE fails to enforce the proper port range,
the AFTR will perform a second level of NAT.

(*) Question 2: If yes, is there any reason why you want to
maintain that second NAT?

in SD-nat, the 2nd NAT is only there to enable 'legacy' DS-Lite CPEs or
DS-lite + B4 translated CPEs to interoperate with stateless DS-Lite CPEs.

(*) Question 3: If the public IP address assigned by the AFTR is
not known to the port-restricted CPE, some applications may fail
(referral). How the CPE will make a distinction between the
external IP address to be assigned in the WAN and the one used in
the AFTR? If UPnP is used, the WAN IP address should not be
returned.

In SD-Nat, the sd-CPE knows the external address via DHCPv4 over IPv6

(2) Unlike draft-penno-*, draft-cui-* does not mandate any proffered
provisioning means for port ranges; a list of alternatives is
provided in draft-cui-* without any preference (this is deployment-
specific):

o IPCP: IPCP should be extended to carry the port-set.
[RFC6431http://tools.ietf.org/html/rfc6431]
gives an example.

(*) Question 4: Given this list, is there really a need for the
proposed ICMP-based solution?

IMHO, not specifying the technology to get pot range and living this to
implementation is a serious shortcoming.
We need to standardize one method.

(*) Question 5: draft-penno-* says: A stateless DS-Lite CPE MUST
implement the DHCPv4 client relay option defined in [I-D.ietf-dhc-
dhcpv4-over-ipv6] to learn is external IPv4 address..

Question 5-1: Why MUST? IMHO, this is deployment-specific.

Same as above, we need to have one common technology that is implemented by
everyone. This is the only way
to guaranty interoperability.

Question 5-2: By external IPv4 address, do you mean the
address to be assigned in the AFTR (if any)? or the one to be
used in the WAN interface of the CPE?

The IPv4 address to put as src address of v4 traffic by the CPE before
encapsulating in IPv6 and sending to AFTR.

(3) draft-penno-* advocates it is deterministic but this feature can

be enforced in any IPv4 address sharing technique:

(*) Question 6: Is there any particular reason draft-penno-* does
not mention draft-donley-behave-deterministic-cgn?

Alain.
___
Softwires mailing list

Re: [Softwires] MAP support of IPv4 prefixes?

2012-03-14 Thread Ole Trøan

Remi,

 Ole, co-authors of draft-mdt-softwire-mapping-address-and-port-02,
 
 Sec. 1 says::
 the residual IPv4 over IPv6 mechanisms must be capable of...Provisioning an 
 IPv4 prefix, an IPv4 address or a shared IPv4 address.
 (We all agree, I think, that this is important.)
 
 Sec.5.2 says:
  The MAP IPv6 address is created by concatenating the End-user IPv6 prefix 
 with the MAP subnet-id and the interface-id as specified in Section 6.
 
 Sec6 says:
 The Interface identifier format is based on the format specified in section 
 2.2 of [RFC6052], with the added PSID format field (i.e. with at least a 
 full embedded IPv4 address)
 
 What should be done for a CE that is provisioned an IPv4 prefix, i.e. several 
 IPv4 addresses, is in my understanding unclear.
 Could you please clarify the intent?

section 6 says:
   In the case of an IPv4 prefix, the IPv4 address field is right-padded
   with zeroes up to 32 bits.  The PSID field is left-padded to create a
   16 bit field.  For an IPv4 prefix or a complete IPv4 address, the
   PSID field is zero.

if you find this unclear, feel free to contribute better text.

cheers,
Ole
___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] draft-penno-softwire-sdnat vs. draft-cui-softwire-b4-translated-ds-lite

 In your previous mail you wrote:

In your previous mail you wrote:
  
   (*) Question 1: It is not clear in text if there is a second NAT
   in the AFTR or not.  Could you please confirm/infirm a second NAT
   is present?
  
   = there is one but:
- it translates only port numbers following an algorithm
  
- the NAT is not strictly required: one can imagine to assign
 directly to a CPE its port range as it is visible from the Internet
 (note: 1- it should be not what we want as it makes CPEs trivial
  to track, 2- it doesn't remove the mandatory check on source ports
  in the from CPE to the Internet way)
  
  [Qiong] Thanks for clarification. It seems this is not mentioned when to
  adopt and how to process the second NAT in current version of sd-nat. But
  still, I would prefer a solution without double-NAT.

= my answer is simple:
 1- it is technically possible but IMHO should not be deployed in the real
  world.
 2- one can avoid only the second NAT itself, not the packet reassembly for
  instance.
 3- the second NAT is a pretty simple one and is stateless (i.e., you can drop
  the CGN box and hotplug a replacement box with the same config: customers
  should see only the packets dropped during the operation. BTW we have a
  plan to show this at the next IETF meeting).

   = but the ICMP-based solution is deeply broken so is it a real
   advantage?
  
  [Qiong] In draft-cui-softwire-b4-translated-ds-lite, we have described the
  ICMP processing in section 10. And we have verified that it works fine in
  all ICMP-based protocols, e.g. ping, tracert, etc. There is no problem here.

= my comment was about the ICMP-base solution for the configuration in
Reinaldo Penno's I-D. Of course I have no concern about raising admin prohib
ICMPs when a port out-of-range packet is filtered (in fact it is a great idea).
For the ICMP echo service you can map it using the ID as the (source) port,
it works well but if you'd like to use this from the Internet side you need
a modified ping where you can set the ID to use (I can provide one if you want
to try: IMHO it is better to be able to ping SD-CPEs and not only the SD-CGN).

  Question 5-1: Why MUST?  IMHO, this is deployment-specific.

   = no such specific:
- it makes the reasonable assumption than IPv4 addresses are assigned
using DHCPv4
- it states DS-Lite so there is no direct IPv4 available
- so IMHO the question is more about the DHCPv4-over-IPv6 application
and is more for the DHC WG (BTW please don't bounce this issue between
the two WGs, my idea is more to make a point about DHCPv4-over-IPv6
itself)
  
  [Qiong] I still think it is deployment-specific. For operators who perfer
  to deploy PCP solution, it is nature for them to adopt PCP-base or
  PCP-extension (pcp-natcoord). For operators who would like to deploy
  DHCPv4-over-IPv6, port-range can be assigned in this way.

= I misunderstood your concern: in fact you prefer something which provides
the whole config, not only the IPv4 address. So the issue is not the 2.1 but
the 2.1 and 2.2 (i.e., DHCPv4 over IPv6 for the external address, and ICMP
for the port range) together, and you already know what I think about 2.2.

  [Qiong] Since it is a stateless solution, I also prefer the GMA algorithm
  which has been discusses widely in the WG.

= yes, it has many advantages. But to come back to the first point, it is
for the second NAT (:-)!

Regards

francis.dup...@fdupont.fr
___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] draft-penno-softwire-sdnat vs. draft-cui-softwire-b4-translated-ds-lite


Re-,

Thanks Alain for the answers. Please see inline.

Cheers,
Med

 -Message d'origine-
 De : Alain Durand [mailto:adur...@juniper.net] 
 Envoyé : mercredi 14 mars 2012 12:11
 À : BOUCADAIR Mohamed OLNC/NAD/TIP
 Cc : draft-penno-softwire-sd...@tools.ietf.org; Softwires WG; 
 draft-cui-softwire-b4-translated-ds-lite
 Objet : Re: [Softwires] draft-penno-softwire-sdnat vs. 
 draft-cui-softwire-b4-translated-ds-lite
 
 Hi Med, see inline response to your questions wrt sd-nat-02
 
 On Mar 13, 2012, at 10:58 AM, 
 mohamed.boucad...@orange.commailto:mohamed.boucadair@orange.
 com 
 mohamed.boucad...@orange.commailto:mohamed.boucadair@orange.
 com wrote:
   (*) Question 1: It is not clear in text if there is a second NAT
   in the AFTR or not.  Could you please confirm/infirm a 
 second NAT
   is present?
 
 in sd-nat, packets originated by an sd-CPE will be 'shaped' 
 to use the correct IPv4 address and port by the CPE before 
 being encapsulated in IPv6. In that scenario, the AFTR 
 decapsulate the traffic, check IPv4 address  port range are 
 indeed assigned to that IPv6 user, then forward the packet. 
 There is only one level of NAT, done by the CPE

Med: Ok, got it. This is the same as per draft-cui-*.

 In 'compatibility' mode, if the CPE fails to enforce the 
 proper port range, the AFTR will perform a second level of NAT.

Med: If the ultimate target is to remove the NAT module from the AFTR, I would 
see this compatibility mode as an implementation detail. BTW, why a CPE will 
fail to restrict the port? I see at least two cases: 
(1) want to grab more ports but this is not legitimate; I would vote for 
discarding those packets instead of NATing them.
(2) the CPE does not support port-restriction: in that case why not use classic 
DS-Lite instead of NATing twice.
 
 
   (*) Question 3: If the public IP address assigned by the AFTR is
   not known to the port-restricted CPE, some applications may fail
   (referral).  How the CPE will make a distinction between the
   external IP address to be assigned in the WAN and the 
 one used in
   the AFTR?  If UPnP is used, the WAN IP address should not be
   returned.
 
 In SD-Nat, the sd-CPE knows the external address via DHCPv4 over IPv6

Med: Ok, thanks. So for draft-penno-* two provisioning means are required 
(compared to basic DS-Lite)
* DHCPv4 for IPv4 address allocation
* ICMP for port range configuration.
I must admit the rationale behind this choice is not clear to me.

   (*) Question 4: Given this list, is there really a need for the
   proposed ICMP-based solution?
 
 IMHO, not specifying the technology to get pot range and 
 living this to implementation is a serious shortcoming.
 We need to standardize one method.

Med: But the question is why ICMP-based method is needed? Why not using 
port-restricted DHCPv4 options for instance?

___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] MAP support of IPv4 prefixes?


Le 2012-03-14 à 13:17, Ole Trøan a écrit :

 Remi,
 
 Ole, co-authors of draft-mdt-softwire-mapping-address-and-port-02,
 
 Sec. 1 says::
 the residual IPv4 over IPv6 mechanisms must be capable of...Provisioning an 
 IPv4 prefix, an IPv4 address or a shared IPv4 address.
 (We all agree, I think, that this is important.)
 
 Sec.5.2 says:
  The MAP IPv6 address is created by concatenating the End-user IPv6 prefix 
 with the MAP subnet-id and the interface-id as specified in Section 6.
 
 Sec6 says:
 The Interface identifier format is based on the format specified in section 
 2.2 of [RFC6052], with the added PSID format field (i.e. with at least a 
 full embedded IPv4 address)
 
 What should be done for a CE that is provisioned an IPv4 prefix, i.e. 
 several IPv4 addresses, is in my understanding unclear.
 Could you please clarify the intent?
 
 section 6 says:
   In the case of an IPv4 prefix, the IPv4 address field is right-padded
   with zeroes up to 32 bits.  The PSID field is left-padded to create a
   16 bit field.  For an IPv4 prefix or a complete IPv4 address, the
   PSID field is zero.

OK 

 if you find this unclear, feel free to contribute better text.

I have to agree that the spec is already clear enough. 
Sorry for how I asked the question.

Maybe you could improve the first sentence of sec. 6 to say::
The Interface identifier format is based on the format specified in section 
2.2 of [RFC6052], with the added PSID format field, or with an IPv4 prefix 
instead of an IPv4 address. 


Thanks,
RD




 
 cheers,
 Ole

___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

[Softwires] Question about hub-and-spoke operation in MAP

Ole, Tomek,

I couldn't figure out by how CEs can be required to work hub-and-spoke without 
some DHCPv6 indication:
- If two CEs apply the same BMR to their delegated IPv6 prefixes, how do they 
know whether their ISP expects direct paths between them (mesh) or BR 
hairpinning (hub-and-spoke)?

Sorry for bothering you if I missed something obvious.
RD




___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] draft-penno-softwire-sdnat vs. draft-cui-softwire-b4-translated-ds-lite

 In your previous mail you wrote:

  However, the draft seems give people impression there is only one NAT
  at CPE(i.e. 2.3.  Stateless DS-Lite CPE operation) and AFTR is
  responsible for decapsulation and IPv4 package validation.  Did I miss
  something?

= yes, the SD-CGN (the SD-AFTR with DS-Lite) runs a second NAT but
only on port (vs. address and port) and following algorithm (aka stateless).

Regards

francis.dup...@fdupont.fr

PS: you can expand the algorithm application to a table of static mapping rules
(it provides an easy way to configure a standard NAT as a SD-CGN without
a line of C code :-).

___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] draft-penno-softwire-sdnat vs. draft-cui-softwire-b4-translated-ds-lite

 In your previous mail you wrote:

= I leave the draft-penno-* unclear items to Reinaldo...

  (note: 1- it should be not what we want as it makes CPEs trivial
   to track, 2- it doesn't remove the mandatory check on source ports
   in the from CPE to the Internet way)
  
  Med: I failed to get your first point. Could you please clarify? Thanks.

= when what you can see from the Internet is a big port range per customer
it is trivial to track/trace customers. So what I call none algorithm
(i.e., no port translation by the SD-CGN) or direct algorithm
(i.e., port translation by adding a constant, the difference between
the first/base port of ranges) are bad according to (quoting
draft-tsou-softwire-port-set-algorithms-analysis):

   A good port set definition algorithm must be reversible, easy to
   implement, and should be able to define non-continuous or random port
   sets for better security, be able to exclude the well known ports, 0
   ~ 1023 or 0 ~ 4095, etc.

(BTW the last point doesn't apply to ICMP echo IDs)

The note is about no second NAT, i.e., none algorithm.

  Med: applications using referral need to know the external IP address.

= this comment is about the second NAT so as it doesn't translate
the IP address is out of context (but I agree there are more needs
for the external address than the external port)

   = no such specific:
- it makes the reasonable assumption than IPv4 addresses are assigned
 using DHCPv4
  
  Med: It is not reasonable when you don't have a DHCPv4 server but use PCP
   for instance.

= PCP doesn't provide your IPv4 address. In fact, if you don't know your
assigned IPv4 address you can't run PCP, nor any applications over IPv4
(note DHCPv4 is not over IPv4 exactly for this reason).

 Med: We don't have the constraint of MAP so I would not exclude
 pseudo-random port set algos (see
 draft-tsou-softwire-port-set-algorithms-analysis-01#section-3.3)

= I have no concern about them as soon as enough information
is given to SD-CPEs (including SD-B4s in the DS-Lite case) so
they can compute external ports as visible from the Internet.

Regards

francis.dup...@fdupont.fr

PS: in fact for implementing a PCP/NAT-PMP/UPnP-IGD/etc
service on a SD-CPE you need the SD-CGN algo parameters
to implement:
 - something giving the next local (i.e., SD-CPE WAN side)
  external port. Note ++ is never enough as one must stay
  inside the allowed port range.
 - something (I call it map) giving the external port
  as visible from the Internet from the local external port
  value (i.e., applying the SD-CGN algo in the CPE to Internet
  way). Note this must not fail when the input is a valid
  (i.e., in range) value.
 - something (I call it unmap) giving the local external port
  from the value as visible from the Internet. Note this can
  be failed if the port doesn't belong to the customer
  translated port range (nothing really new: we already know
  a random external port is likely unavailable on a CGN).

___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] IPv4 Residual Deployment - Unified-standard proposal 4rd

2012-03-14 Thread Lee, Yiu

Hi Maoke and Remi,

Thanks very much for discussing this issue on the mailing-list. I guess the
points are now clear for both options. IMHO, there is no one better than the
other, it is all about choice of implementation. Perhaps it is time for more
people to comment how they feel for both options.

Thanks again for the great discussion.

B.R.,
Yiu


From:  Maoke fib...@gmail.com
Date:  Wed, 14 Mar 2012 09:46:06 +
To:  Rémi Després despres.r...@laposte.net
Cc:  Softwires WG softwires@ietf.org, Yong Cui cuiy...@tsinghua.edu.cn
Subject:  Re: [Softwires] IPv4 Residual Deployment - Unified-standard
proposal 4rd



2012/3/14 Rémi Després despres.r...@laposte.net
 
 Le 2012-03-14 à 10:00, Maoke a écrit :
 
 
 
 2012/3/14 Rémi Després despres.r...@laposte.net
 
 Le 2012-03-14 à 06:51, Maoke a écrit :
 
 
 
 2012/3/13 Rémi Després despres.r...@laposte.net
 2012-03-13 12:02, Maoke :
 2012/3/13 Rémi Després despres.r...@laposte.net
 ...
 
 The 4rd mechanism is for protocols that have ports at their usual place
 (all existing protocols that have ports have them at the same place,
 even if using another checksum algorithm like SCTP).
 
 may you have a check on the statement of all existing protocols again?
 i noticed RFC908/RFC1151. sorry if that are not a transport protocol over
 IP. 
 
 I missed this one.
 None of the proposed stateless solutions supports it, but it remains that
 you are right: it has ports at a different place.
 
 alright. so 4rd-U doesn't not support all existing transport protocol
 either. 
 
 Never said that without qualifying which protocols.
 
 but i suppose you may make an update in the 4rd-u-06 so that a new
 if...else... is added the port pick-up logic, and surely the CNP is not a
 problem for RDP because the old version (RFC908) has 32bit checksum but not
 involving pseudo-header while the newer version (RFC1151) changed to use
 TCP-checksum. no big deal but only needs a new patch to the draft.
 
 In the Note in 4.4 (7), the first sentence is:
 This guarantees that, for all protocols that use the same checksum
 algorithm as TCP, Tunnel packets are valid IPv6 packets, and this
 independently from where the checksum field is placed for each protocol.
 It can become: 
 This guarantees that, for all protocols that use the same checksum
 algorithm as TCP and have ports at the same place, Tunnel packets are valid
 IPv6 packets, and this independently from where the checksum field is placed
 for each protocol.
 
 Similarly, in the comparison table, H6 is:
 For shared IPv4 addresses, DCCP and UDP-Lite supported, as well as future
 protocols using the TCP checksum algorithm
 It can become:
 For shared IPv4 addresses, DCCP and UDP-Lite supported, as well any future
 protocol that might use the TCP checksum algorithm and ports at the same
 place
 
 then it is fine. with these statement, 4rd-U can support
 - TCP 
 - UDP
 - DCCP
 - any future or less well-known protocol as long as it uses TCP checksum and
 port at the same place
 
 as a counterpart, we may suggest MAP-T to state it supports
 - TCP
 - UDP
 - DCCP (with enforcing it rather than RFC6145's optional)
 - any future or less well-known protocol, no matter what layout it is nor how
 the checksum is defined, with the similar logic of L4 checksum recalculation
 
 Maybe I get the point you are making: you implicitly consider that BR and CE
 modifications can be synchronized. This is feasible if ISPs provide all CE
 nodes, but not in the general case.

i don't consider their modifications are synced but i do consider that each
device, either BR or CE, should has a specification on its supported
functionalities. 
 
   
 Changing DCCP support from optional to mandatory in RFC6145 isn't backward
 compatible (an upgraded node isn't guaranteed to interwork with a non upgraded
 node).

the CE/BR specified RFC6145-compliant might be a problem but MAP-T is still
in development. if we state to enforce DCCP mandatorily rather than optional
in MAP-T, a MAP-T-compliant CE/BR won't has the backward compatible problem.
to this extend, MAP-T is at the same kick-off line of the 4rd-U.
 
  
 To be even more precise, H6 of the comparison table can be:
 For ISPs that don't provide all CE nodes, and for shared IPv4 addresses, DCCP
 and UDP-Lite are supported, as well as future protocols using the TCP checksum
 algorithm and ports at the same place

i actually think the original text is fine. For  shared IPv4 addresses
is not needed for 4rd-U, to my understanding, nor needed to MAP-T.

maoke 
 
 
 Does this cover the point?
 
 RD
 
 
 
 
 
 ;-)
 maoke 
  
 
 but this is not my point. my point is: there must be something we don't
 know (non omnia possumus omnes). even we have gone through the RFCs,
 there might be some other proprietary L4 protocols, or experimental
 protocols. even they are minority, i don't think ignoring their existance
 in our solution fits the spirit of the Internet. it might be argued that
 NAT44 doesn't support such L4 protocols now,

Re: [Softwires] Question about hub-and-spoke operation in MAP

2012-03-14 Thread Ole Trøan

Remi,

 I couldn't figure out by how CEs can be required to work hub-and-spoke 
 without some DHCPv6 indication:
 - If two CEs apply the same BMR to their delegated IPv6 prefixes, how do they 
 know whether their ISP expects direct paths between them (mesh) or BR 
 hairpinning (hub-and-spoke)?
 

that's correct it needs to be provisioned. either explicitly or implicitly (via 
the rules).

cheers,
Ole
___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] draft-penno-softwire-sdnat vs. draft-cui-softwire-b4-translated-ds-lite

2012-03-14 Thread Lee, Yiu

I am a little lost. Let's put the double-nat aside for a moment. Except
the fact that sd-nat uses icmp for port-set provisioning, what else
different between Lightweight 4over6 vs. sd-nat? Am I missing something?
For Lightweight 4over6, we can use anycast for redundancy. I fail to see
what sd-nat does more than Lightweight 4over6.

/Yiu


On 3/14/12 8:47 AM, mohamed.boucad...@orange.com
mohamed.boucad...@orange.com wrote:

Med: But the question is why ICMP-based method is needed? Why not using
port-restricted DHCPv4 options for instance?



smime.p7s
Description: S/MIME cryptographic signature
___
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

Re: [Softwires] draft-penno-softwire-sdnat vs. draft-cui-softwire-b4-translated-ds-lite