In message <CAPt1N1ksfcjSAf06rVzNFBD-vyLcJUxL7UdRVud9_HKk7Eiysw@xxxxxxxxxxxxxx>, Ted Lemo n writes: > > Actually CLAT+NAT64 doesn't require changes on the node. I don't disagree > with the rest of what you said (aside from the Frankenstein's monster bit: > Frankenstein's monster was really misunderstood). It does for IPv6-only if want to talk to IPv4 literals or talk to IPv4 only services when you are validating DNS answers. You may be thinking about DS local + IPv6 only uplink where you have the CLAT on the router (which is the configuration that is being proposed for ietf ssid). Real IPv6 only networks don't have IPv4 traffic on the wire, just inside the node. Mark > On Tue, Aug 1, 2017 at 7:26 PM, Mark Andrews <marka@xxxxxxx> wrote: > > > > > In message <30708801-142F-47C5-A154-15E9D3C5068D@xxxxxxxxx>, Ted Lemon > > writes: > > > > > > On Aug 1, 2017, at 1:57 PM, Ted Lemon <mellon@xxxxxxxxx> wrote: > > > > What she doesn't mention is that there is a way to detect DNS64, so i= > n > > > principle a validating stub resolver can do DNS64 itself _post > > > validation_. > > > > > > Oops, actually she did mention that in the last paragraph=E2=80=94sorry= > ! > > > > You have to detect it and work around it. > > > > NAT64 start out with the claim "You don't have to touch the node". > > > > Now you have complicated CLAT and DNSSEC changes required in every > > node in the internet to support NAT64 with more breakage than simple > > tunneling and a NAT44 protocol translation in DS-Lite. What's the > > next workaround that will have to be deployed because NAT64 is being > > used instead of NAT44 at the end of the tunnel? > > > > CLAT and DNSSEC changes are required on every node as they will end > > up on IPv6-only networks. DS-Lite also requires changes on every > > node on IPv6-only networks but they are much less intrusive. > > > > We have created Frankenstein's monster here with NAT64. > > > > Mark > > -- > > Mark Andrews, ISC > > 1 Seymour St., Dundas Valley, NSW 2117, Australia > > PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx > > > > --94eb2c0de54cf091f30555badf94 > Content-Type: text/html; charset="UTF-8" > Content-Transfer-Encoding: quoted-printable > > <div dir=3D"ltr">Actually CLAT+NAT64 doesn't require changes on the nod= > e. =C2=A0 I don't disagree with the rest of what you said (aside from t= > he Frankenstein's monster bit: Frankenstein's monster was really mi= > sunderstood).</div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote= > ">On Tue, Aug 1, 2017 at 7:26 PM, Mark Andrews <span dir=3D"ltr"><<a hre= > f=3D"mailto:marka@xxxxxxx"; target=3D"_blank">marka@xxxxxxx</a>></span> w= > rote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;borde= > r-left:1px #ccc solid;padding-left:1ex"><div class=3D"HOEnZb"><div class=3D= > "h5"><br> > In message <<a href=3D"mailto:30708801-142F-47C5-A154-15E9D3C5068D@fugue= > .com">30708801-142F-47C5-A154-<wbr>15E9D3C5068D@xxxxxxxxx</a>>, Ted Lemo= > n writes:<br> > ><br> > > On Aug 1, 2017, at 1:57 PM, Ted Lemon <<a href=3D"mailto:mellon@fug= > ue.com">mellon@xxxxxxxxx</a>> wrote:<br> > > > What she doesn't mention is that there is a way to detect DNS= > 64, so in<br> > > principle a validating stub resolver can do DNS64 itself _post<br> > > validation_.<br> > ><br> > > Oops, actually she did mention that in the last paragraph=E2=80=94sorr= > y!<br> > <br> > </div></div>You have to detect it and work around it.<br> > <br> > NAT64 start out with the claim "You don't have to touch the node&q= > uot;.<br> > <br> > Now you have complicated CLAT and DNSSEC changes required in every<br> > node in the internet to support NAT64 with more breakage than simple<br> > tunneling and a NAT44 protocol translation in DS-Lite.=C2=A0 What's the= > <br> > next workaround that will have to be deployed because NAT64 is being<br> > used instead of NAT44 at the end of the tunnel?<br> > <br> > CLAT and DNSSEC changes are required on every node as they will end<br> > up on IPv6-only networks.=C2=A0 DS-Lite also requires changes on every<br> > node on IPv6-only networks but they are much less intrusive.<br> > <br> > We have created Frankenstein's monster here with NAT64.<br> > <span class=3D"HOEnZb"><font color=3D"#888888"><br> > Mark<br> > </font></span><div class=3D"HOEnZb"><div class=3D"h5">--<br> > Mark Andrews, ISC<br> > 1 Seymour St., Dundas Valley, NSW 2117, Australia<br> > PHONE: <a href=3D"tel:%2B61%202%209871%204742" value=3D"+61298714742">+61 2= > 9871 4742</a>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= > =A0INTERNET: <a href=3D"mailto:marka@xxxxxxx";>marka@xxxxxxx</a><br> > </div></div></blockquote></div><br></div> > > --94eb2c0de54cf091f30555badf94-- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx