Re: IPv10 (Temp. name IPmix) (draft-omar-ipv10-00.txt).

"Patrik Fältström " <paf@frobbit.se> Fri, 30 December 2016 07:36 UTC

Return-Path: <paf@frobbit.se>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBEA6129584 for <ietf@ietfa.amsl.com>; Thu, 29 Dec 2016 23:36:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.801
X-Spam-Level:
X-Spam-Status: No, score=-5.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=frobbit.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VpHpr7J-0Lyq for <ietf@ietfa.amsl.com>; Thu, 29 Dec 2016 23:36:05 -0800 (PST)
Received: from mail.frobbit.se (mail.frobbit.se [85.30.129.185]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E81A1129583 for <ietf@ietf.org>; Thu, 29 Dec 2016 23:36:04 -0800 (PST)
Received: from [192.165.72.121] (unknown [IPv6:2a02:80:3ffc:0:14fc:2190:5361:5989]) by mail.frobbit.se (Postfix) with ESMTPSA id DB86F23401; Fri, 30 Dec 2016 08:36:01 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=frobbit.se; s=mail; t=1483083361; bh=4XS2BAbFuC1mS73AAbuTJCkKMsiSV7wgr7+/FNl/ONM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=o3Ul2mgguUa3AMKXRiD0n3MbXNjQFVFSmM+8kSOQyt88UP/MUgEbFz2bGJYFYu54F 0MFcTU9QgYWyJhiWGOP5uRSzUgGDiHItfZ7Obtw868abF98JSWBVZWjnH1PDBzkUhc NBV4UBX81ASDnQGSS3sKh4VYGhrvfo6hB4CyeT3M=
From: "Patrik =?utf-8?b?RsOkbHRzdHLDtm0=?=" <paf@frobbit.se>
To: "John C Klensin" <john-ietf@jck.com>, "Lee Howard" <lee@asgard.org>
Subject: Re: IPv10 (Temp. name IPmix) (draft-omar-ipv10-00.txt).
Date: Fri, 30 Dec 2016 08:36:01 +0100
Message-ID: <8D87002E-FB28-4CA7-8FB5-EFE3A7C00893@frobbit.se>
In-Reply-To: <529FEFF25101DE837A8234E1@PSB>
References: <HE1PR04MB14492A6FA01B592B6DD69093BD920@HE1PR04MB1449.eurprd04.prod.outlook.com> <7F96C4EC-B762-4A2C-AF7E-20D92AE7F9CF@nic.cz> <CAEik=Cv0AXRTLKc1azgnKRrMtQxrC19kX5_RqaQNSt9nkDfPFw@mail.gmail.com> <049f01d2613f$c5431ef0$4fc95cd0$@tndh.net> <m2o9zv7bh5.wl-randy@psg.com> <alpine.DEB.2.10.1612282213390.18445@sleekfreak.ath.cx> <B137A15F-A5C1-41BE-84B5-A12DF2D5AFFC@virtualized.org> <FE7643B1-28CB-4ABA-AF95-1B831D701E25@frobbit.se> <5FBCC938E3BF3F24CD0B9C42@PSB> <804FC2E1-1141-455A-8E53-33755B732F1A@frobbit.se> <529FEFF25101DE837A8234E1@PSB>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=_MailMate_432882C0-770E-464D-B22E-5ADBF68B2849_="; micalg=pgp-sha1; protocol="application/pgp-signature"
X-Mailer: MailMate (2.0BETAr6072)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/6lVVLeSiTLEHfC58K7u__ihtJ9E>
Cc: IETF Rinse Repeat <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Dec 2016 07:36:07 -0000

[Responses to John and Lee in the same email]

On 29 Dec 2016, at 16:52, John C Klensin wrote:

>> I completely agree with this. But I also see access providers
>> and enterprises that regardless of how they have built their
>> networks today do run out of IPv4 space. And when they have
>> run out they only have a few choices:
>>
>> 1. Add another layer of NAT
>>
>> 2. Buy IPv4 addresses
>>
>> 3. Start running IPv6
>
> Actually, two more options:
>
> 4.  Run IPv6 (exclusively) in their backbones, converting to IPv4 islands at their boundaries.  The mechanism may be a
> variation on NAT, but the architecture is different.

This implies NAT64 but I do not see that be closer in evolution than other alternatives. And hard to deploy in combination with for example DNSSEC. It further sets quite high requirements not only on the NAT64 operator on how the network is deployed, provisioning systems etc.

So, yes an alternative in theory but not in reality.

> 5. Run <something-else> in their backbones, converting to IPv4 islands at the boundaries.  It isn't very hard to think about candidates for <something-else> given that there is no
> requirement for interoperation with other ISPs and the key
> requirement is support for semi-permanent virtual circuits (or, if one prefers, channels or tunnels).

Actually, I have very hard problems finding what <something-else> is that you can deploy, find hardware, software and provisioning software for. Do you have any suggestions?

> Of those five cases, only your (3) implies even the possibility of end-to-end IPv6.

I would add that [3], [4] and [5] all three imply running IPv6 to the end user. And that is not cooked yet. See below.

> A comparison to the deployment of IPv4 may be helpful.  That deployment incorporated, among other things, the following
> characteristics for which there is no IPv6 equivalent that I can find:

Agree.

That said, the largest problem with IPv6 deployment is that I find so many mistakes be done at or close to the edge. The access provider was forgotten.

> That is where our analyses differ a bit ... and differs more the more we see the network in terms of concurrent flows from a
> large number of clients to a small number of servers (or server clusters).  If we were designing an optimal network architecture for a CDN, especially a provider-optimized CDN, I suggest it wouldn't look much like IPv6 or evem IPv6.

So you choose [1]?

> We certainly agree about the "must make (3) easier" part.  A different way of stating my concern is that, each few years that pass when we have not widely deployed IPv6 and have figured out way to control the pain, the more we may create the perception that we can manage without IPv6 forever.  Whether that is true or not, the assumption tends to drive decisions whose
> side-effect is driving the perceived pain of IPv6 conversion up.

Yes!

And on top of this, the alternatives to [3] are also used for higher lock-in of customers, building silos (specifically when eye balls communicate with fewer and fewer clouds), and other things that act against open Internet but in favor of market economy driving forces.

On 29 Dec 2016, at 16:28, Lee Howard wrote:

>>> I don't particularly dislike IPv6, I just think we've failed to
>>> pay enough attention to incentives and barriers.  I wish it were
>>> otherwise, really I do.
>
> Lessons learned, and captured in draft-iab-protocol-transitions-04

Agree and in this case I claim specifically 4.1 is interesting.

>> I completely agree with this. But I also see access providers and
>> enterprises that regardless of how they have built their networks today
>> do run out of IPv4 space. And when they have run out they only have a few
>> choices:
>>
>> 1. Add another layer of NAT
>>
>> 2. Buy IPv4 addresses
>>
>> 3. Start running IPv6
>
> These are not alternatives, but complementary elements to an overall strategy.

Yes and no. [1] and [2] do not imply deployment of IPv6. [3] (and [4], [5] of Johns proposal) imply deployment of IPv6 at edge. Deployment of IPv6 at edge of an ISP is hard.

First of all, remember that every access customer, except cellphone networks, that run IPv4 already have one layer of NAT. What you talk about here is adding a 2nd layer of NAT. In cellphone networks there was at first no NAT, but is now in most cases. Growth of end nodes have been on mobile data networks.

> Running IPv6 doesn¹t mean you don¹t need to buy addresses or deploy NAT.
> It may reduce the amount your NAT is used (esepcially useful for those applications that don¹t play well with NAT). It might reduce the number of addresses you need to buy (if your addresses are being used on the outside of your NAT).
> The value of running IPv6 increases over time.

Somewhat, yes, of course you are right. But, the step to add a 2nd layer of NAT for an access provider is not easy.

>> No, we are obviously not ready with [3] yet,
>
> I don¹t understand this statement, since thousands of access providers and enterprises are running IPv6.

Not really...

> As reported by Mr. Vyncke, users in 20 nations use IPv6 10% of the time to get to IPv6-enabled sites; that¹s only a fraction of the number of users who have IPv6 capability. Most people in Belgium use IPv6, and about 1/3 of users in four other countries use IPv6.

I disagree.

I see IPv6 deployment:

a. At some cellphone providers. It is ready to add IPv6 in the cellphone network(s) as long as you as a provider do have some control (or understand) how the handsets work.

b. Enterprises that did have fixed IPv4 address, i.e. one router port per customer.

c. Hosting providers, because they in reality are like [b].

But we do not see deployment of IPv6 in general:

d. In DSL-based networks.

e. In FTTH (and similar) networks where DHCP in various split VLAN based L2 domains are in use.

[d] just because it was never implemented.

[e] just because IETF never really did agree on how to handle zero-conf. Too many alternatives, and definitely not "as easy" as setting DHCP helper address. This in turn lead to complications in the CPE management. You can not even today "buy a CPE and plug it in".

> I don¹t see how this is a failure, or how IPv6 isn¹t ready.

Zeroconf and IPv6 is a mess.

> I¹ve been predicting 2018 as The Tipping Year for IPv6 for about five years, and I¹m standing by it.

That I agree with, but the zeroconf must be cleaned up. Specifically in implementations. As easy for an access provider as allocation of a subnet for a VLAN and then add DHCP helper address to the interface.

>> Because of this, I still think we must make [3] easier, because when
>> people really need IPv6 we must be done.
>
> In what ways is it difficult to ³Start running IPv6²?
> We even have guidance on this in RFC7381 ³Enterprise IPv6 deployment Guidelines.²

I am not talking about Enterprise. That is ready.

You say in 7381:

> Last but not least, one of the most important design choices to make
> while deploying IPv6 on the internal network is whether to use SLAAC
> [RFC4862], the Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
> [RFC3315], or a combination thereof.

To be blunt, as long as there is a choice, we will not see large deployment.

   paf