Re: IPv4 outage at next IETF in Chicago

[JORDI PALET MARTINEZ <jordi.palet@consulintel.es>]

Frank,

What I’m proposing will not involve installing the “client” part in the devices connecting to the IETF network.

The idea is the following:

Upstream provider – IETF router – NAT64/DNS64 – CLAT (can be a virtual machine) – IETF default SSID
                                                 |------------------------------ other IETF SSIDs

So I’m saying the IETF default SSID will behave as a “residential” LAN of the CLAT enabled “CPE”.

Regards,
Jordi


-----Mensaje original-----
De: ietf <ietf-bounces@ietf.org> en nombre de Franck Martin <franck@peachymango.org>
Responder a: <franck@peachymango.org>
Fecha: martes, 24 de enero de 2017, 21:24
Para: Brian E Carpenter <brian.e.carpenter@gmail.com>
CC: IETF <ietf@ietf.org>
Asunto: Re: IPv4 outage at next IETF in Chicago

    Brian,
    
    This is hardly to prove a point.
    
    It is to have an operational experience so that stuff gets fixed and standards get written to fix stuff.
    
    An IPv4 outage is radical, granted, may be it should be done during hackday on the weekend before IETF. May be it should not be done at all and instead the default network SSID:IETF to be NAT64, with an SSID:IETF-IPv4-only.
    
    May be NAT64 is not the right one, may be it is XLAT464? (NAT64/DNS64 does not require much client participation, XLAT464 does).
    
    May be it is way too short to have it in Chicago? Likely.
    
    May be it should be better planned. Certainly.
    
    We need a transition to IPv6-only, this go via dual stack, sure, but do we have to wait for the whole world to be IPv6 before we can deprecate IPv4? No, we need something that allows to have IPv6-only networks (enterprise, guest, customers,...) capable of talking to the legacy Internet. We also realize that the bottom line is: "dual stack=dual costs" and "dual stack=dual security issues". As the world progress, the need for NAT64 will go away...
    
    So, this is a very interesting discussion, as long we move towards some solution(s).
    
    What do you propose?
    
    ----- Original Message -----
    From: "Brian E Carpenter" <brian.e.carpenter@gmail.com>
    To: "Franck Martin" <franck@peachymango.org>
    Cc: "IETF" <ietf@ietf.org>
    Sent: Tuesday, January 24, 2017 5:21:23 PM
    Subject: Re: IPv4 outage at next IETF in Chicago
    
    Franck, I try not to be religious about NAT, and I use NAT44 every day
    like most people. Also like most people, I experience occasional
    unexplained failures of web-based transactions. Whether they are due
    to a NAT garbage-collect or a load-balancer failure, I don't know,
    of course. But actually I am not deeply concerned about NAT64, although
    any failures that it generates would be very hard to identify. I am
    more concerned about IETF participants whose devices are not set up
    as dual stack nodes at all. They would be completely blocked. Yes,
    I know, such people should not exist, should be deeply ashamed, etc.
    But I don't see why we would cut them off to prove a point.
    
    Regards
       Brian
    
    On 25/01/2017 14:05, Franck Martin wrote:
    > 
    > ----- Original Message -----
    >> From: "Brian E Carpenter" <brian.e.carpenter@gmail.com>
    >> To: "Franck Martin" <franck@peachymango.org>, "IETF" <ietf@ietf.org>
    >> Sent: Tuesday, January 24, 2017 4:33:22 PM
    >> Subject: Re: IPv4 outage at next IETF in Chicago
    > 
    >> On 25/01/2017 12:11, Franck Martin wrote:
    >>> I think it is time to move to the next level of IPv6 deployment.
    >>>
    >>> Ideally the IETF WiFi network should now only provide the following 2 networks:
    >>> 1)IPv6-only
    >>> 2)IPv6-only with NAT64
    >>>
    >>> The later should be the default network.
    >>>
    >>> However you would say, well some stuff will break, some non technical people
    >>> will use the IETF network and may have a bad experience, etc...
    >>>
    >>> So to be conservative but at the same time futurist and like it was done a few
    >>> years back, why not create again an IPv4 outage of a few hours where the above
    >>> 2 networks would be the only networks available?
    >>
    >> That would be a good way of damaging IETF productivity for a few hours.
    > 
    > Do you have evidence of applications not running in a NAT64 environment? I'm interested to know them.
    > 
    >>
    >> And for what? Moving away from the mainstream coexistence mechanism (dual
    >> stack),
    >> to a mechanism known to be intrinsically defective (NAT). I don't see the point.
    >>
    > 
    > I fail to see how NAT is intrinsically defective, since it is used successfully by everyone...
    > 
    > Nevertheless, the goal here is to get the Internet designers (IETF) to have operational experience on what needs to be fixed.
    > 
    > When the IPv4 outage happened a few years back, it gave a serious impetus in getting IPv6 totally mainstream on many platforms.
    > 
    > IAB encourages IPv6: https://www.iab.org/2016/11/07/iab-statement-on-ipv6/
    > 
    > However going IPv6-only can only be done in walled gardens. There still will be many environments with IPv4 only. A solution here is to move networks to NAT64, so you only need to support IPv4 at the edges...
    > 
    > Yes creating an outage for the sake of an outage is pointless, experience on what works and not work needs to be recorded.
    > 
    > May be the first step instead of doing an outage is to have as default a NAT64 network at IETF meetings and a dual stack network for the people that experience issues.
    > 
    >  
    >
    
    
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.