Re-, Thanks Alain for the answers. Please see inline.
Cheers, Med > -----Message d'origine----- > De : Alain Durand [mailto:adur...@juniper.net] > Envoyé : mercredi 14 mars 2012 12:11 > À : BOUCADAIR Mohamed OLNC/NAD/TIP > Cc : draft-penno-softwire-sd...@tools.ietf.org; Softwires WG; > draft-cui-softwire-b4-translated-ds-lite > Objet : Re: [Softwires] draft-penno-softwire-sdnat vs. > draft-cui-softwire-b4-translated-ds-lite > > Hi Med, see inline response to your questions wrt sd-nat-02 > > On Mar 13, 2012, at 10:58 AM, > <mohamed.boucad...@orange.com<mailto:mohamed.boucadair@orange. > com>> > <mohamed.boucad...@orange.com<mailto:mohamed.boucadair@orange. > com>> wrote: > (*) Question 1: It is not clear in text if there is a second NAT > in the AFTR or not. Could you please confirm/infirm a > second NAT > is present? > > in sd-nat, packets originated by an sd-CPE will be 'shaped' > to use the correct IPv4 address and port by the CPE before > being encapsulated in IPv6. In that scenario, the AFTR > decapsulate the traffic, check IPv4 address & port range are > indeed assigned to that IPv6 user, then forward the packet. > There is only one level of NAT, done by the CPE Med: Ok, got it. This is the same as per draft-cui-*. > In 'compatibility' mode, if the CPE fails to enforce the > proper port range, the AFTR will perform a second level of NAT. Med: If the ultimate target is to remove the NAT module from the AFTR, I would see this compatibility mode as an implementation detail. BTW, why a CPE will fail to restrict the port? I see at least two cases: (1) want to grab more ports but this is not legitimate; I would vote for discarding those packets instead of NATing them. (2) the CPE does not support port-restriction: in that case why not use classic DS-Lite instead of NATing twice. > > (*) Question 3: If the public IP address assigned by the AFTR is > not known to the port-restricted CPE, some applications may fail > (referral). How the CPE will make a distinction between the > external IP address to be assigned in the WAN and the > one used in > the AFTR? If UPnP is used, the WAN IP address should not be > returned. > > In SD-Nat, the sd-CPE knows the external address via DHCPv4 over IPv6 Med: Ok, thanks. So for draft-penno-* two provisioning means are required (compared to basic DS-Lite) * DHCPv4 for IPv4 address allocation * ICMP for port range configuration. I must admit the rationale behind this choice is not clear to me. > (*) Question 4: Given this list, is there really a need for the > proposed ICMP-based solution? > > IMHO, not specifying the technology to get pot range and > living this to implementation is a serious shortcoming. > We need to standardize one method. Med: But the question is why ICMP-based method is needed? Why not using port-restricted DHCPv4 options for instance? _______________________________________________ Softwires mailing list Softwires@ietf.org https://www.ietf.org/mailman/listinfo/softwires