[Jool-list] RFC: Limiting EAM algorithm to specific header fields
Tore Anderson
tore at fud.no
Tue Apr 14 01:25:49 CDT 2015
Hi Alberto,
* Alberto Leiva <ydahhrk at gmail.com>
> I don't really have anything against implementing your solution. All
> that bothers me is that, while straightforward EAM will work out of
> the box, EAM+hairpinning will not.
>
> That being the case, I'm wondering if supporting hairpinning via EAM
> is in fact worth the extra documentation it will require. Up till now,
> I haven't even needed to mention hairpinning in the site. It has
> worked all along, and some people don't even know it's a thing.
>
> I guess you're tired of objecting to this approach, but I'll try to
> complicate the heuristic and see if it's worth your time:
>
> in the 6 -> 4 direction,
> if the source address was translated using EAM,
> the destination address was translated using the 6052 prefix,
> AND the resulting destination address is also part of the EAM,
> then hairpin the packet manually.
> -> the outgoing IPv4 packet becomes the incoming packet.
> -> the packet is translated "recursively".
> -> In this 2nd translation, EAM is disabled for the src address.
>
> If I'm not missing something, this will happen (following the example
> you have been using):
>
> Packet from A:
> 2001:db8:6::8 -> 64:ff9b::198.51.100.9
>
> T's translated packet:
> 198.51.100.8 -> 198.51.100.9
>
> source address was translated using EAM? yes
> the destination address was translated using the 6052 prefix? yes
> the resulting destination address is also part of the EAM? yes
> -> Do not send packet yet; hairpin it.
>
> T's new incoming packet (ie. same one):
> 198.51.100.8 -> 198.51.100.9
>
> T's new translated packet (EAM disabled on src):
> 64:ff9b::198.51.100.8 -> 2001:db8::9
>
> Is this not what we wanted?
Yes, on first glance I think this could work... You do incur an extra
EAMT lookup on each 6->4 translation though, but maybe that isn't a too
big price to pay?
> Me daydreaming:
> - It seems to me this does exactly what your solution does, except
> it's more "elitist"; your solution denies EAM translation for all
> certain addresses, this solution denies EAM translation only on the
> same certain address but in specific situations only. Because this
> heuristic is less aggressive, it seems to me if it breaks something,
> then yours breaks it as well.
Yep. At least if the hairpinning heuristic can be configured on or off,
in case that it actually does break something (which would probably a
different use case than SIIT-DC).
> - At the same time, I guess something that would require constant
> denial of EAMT translation for a certain field would work with your
> solution and not with this. But I can't think of any.
On the top of my head, me neither. I will think more about it and see
if I can come up with something.
> - Also yours allows different behaviours depending on EAM entry, but
> we agree this does not seem to be much better than
> all-entries-share-the-same-fields.
Yep. My SIIT-DC use case will have all entries share the same fields,
but I am hesistant to add siit-dc specific text to the siit-eam draft,
as it is supposed to be generic algorithm that should support other use
cases equally well. But I think that your solution qualifies as generic
enough.
> I do not have an enumeration of every possibility we have to cover,
> but this seems to handle your whole Internet EAM entry (0.0.0.0/0 <->
> 64:ff9b::/96) just fine. This is because A's IPv6 packet would not be
> translated in the first place, since its source address doesn't match
> the entry. If A sends 64:ff9b:: -> 64:ff9b::, then it would also
> behave like normal RFC 6052 translation.
Yep...
The heuristic might need to handle ICMP addresses differentl
> PS. Do you have a sandbox implementation of the new column? I could
> spend some time from my weekend.
No, this is all in my head so far. :-D
I need to spend some time thinking if addresses in ICMP errors need
special handling or not...
If you are able to cook up a quick patch, I'll be (as always) happy to
test it.
Tore
More information about the Jool-list
mailing list