On 7/29/17, 1:55 PM, "ietf on behalf of Randy Bush" <ietf-bounces@xxxxxxxx
on behalf of randy@xxxxxxx> wrote:
>> The point is that we claim that we have produced something that will
>> Just Work for the average user. If you really think you can't "get
>> work done" on an IPv6-only network with working and functional
>> transition tech, we have a problem.
>
>bingo! you are right. we have a problem. nat64/dns64 breaks things
>people use. this is known, documented, and extremely annoying this many
>years out [0].
>
>the question is how to progress fixing nat64/dns64, given that a lot of
>folk come to ietf meetings to simply get work done and not debug a semi-
>working transport. how about a bug bounty? and maybe a fix bounty a
>few times larger!
There are mulitple implementations of DNS64/NAT64. I think the one used by
the IETF NOC is from a router vendor, though I know of three router
vendors, at least one load balancer, and several open source
implementations (only one of which is intended for production use). I
haven’t tested them all, but I have no reason to think they are
particularly buggy.
Rather, I think the bugs are in applications.
How would default-NAT64 get application developers to fix their
applications?
In another message, Randy also said:
> why not start with what we have traditionally done with new protocols
> and implementations, the nat64 aficionados conduct interop testing with
> an i-d reporting the result? for example, in the s'pore hackathon, have
> a group with an assortment of devices and a wide assortment of
> applications actually testing nat64. maybe kickstart with the nat64
> tickets from {seoul,chicago,praha} if no other ideas come to mind.
I’m working on a research project along these lines, results of which I’ll
provide the IETF, and would be happy to help coordinate a NAT64 interop
testing project as part of IETF100-Singapore Hackathon.
Lee
>
>randy
>
>--
>
>0 - for just how many years, see my plenary rant against 4966 a few
> chicagos back. it is my $dayjob's customers, the enterprises, who
> are the main target of nat64/dns64, and i am not happy that they can
> not deploy it safely.
>
>