IETF Logo Mail Archive

Re: [IPv6] Adoption call for draft-bctb-6man-rfc6296-bis

Tim Chown <Tim.Chown@jisc.ac.uk> Mon, 25 March 2024 10:00 UTC

Return-Path: <Tim.Chown@jisc.ac.uk>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70C66C14F6A1 for <ipv6@ietfa.amsl.com>; Mon, 25 Mar 2024 03:00:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jisc.ac.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id luEslTNv4648 for <ipv6@ietfa.amsl.com>; Mon, 25 Mar 2024 03:00:32 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on2128.outbound.protection.outlook.com [40.107.8.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24EEBC14F68D for <ipv6@ietf.org>; Mon, 25 Mar 2024 03:00:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T+fx8Vvfco7IJ5dqOaHF92HocfpIcNBPa1tL+W/9z88H+u22P3phGt7VESVwD3GIMJY8xBHowINfQafwofi6YIuFw/4wJpVVYY2PIZve7UWr8SBlulFz+vMyk4AK/httU0LF3SxvTQZizAiVM+ER/S8yk424p/ohhzCglmxg7G9R2I7voS8IRfNuHx8FxdM6zgtn9pUZZ5VnWzLZdHeAthFdvqn+LNnwgrjXHXM203hzhRJDbcABIEmK4cicGEO9OSuWuuocHmWYheZ2iyd28THe2kZpviMvkAue03CqaRfjwaaejQ4iaDtDejaDn7zJy8fGSw+W4Z8IHX6XrR5b4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7Fo1bfWKa4hESLb5/2i2s+Kpzo22c9u0M8WqNDugw8g=; b=dUbVuX5MOiyHYge3C5TZ7ZSWz0qFTdcKLOgzqL15Tzn9pWEPf7yTx2S7jL1YcfLsM+ZrD+hoHzWvTuWySvDfGIdxD6Le7zBZWaSiV1qmz2b28RuIoRjD8qzj3PCHkjakfMyr70VZTQgTMnfTc84Vo2vZMRVA3hkt5BvQ+GvVmo5n1UvArmitD8vlBSAoPVQgxbb/6mI9+t2JpSyCeLX5I1s85p/SAbBsjlj6v0z9FTpzQX6FJvHiRdt4gypMCSkiqZ3ZAVQDXpp6aOaaOqifqXezIkKoUCttMMsUnPAbd8lcCYynuSAISgMvglqc+0V2iMAufpAwronCUwhlT+yDhQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jisc.ac.uk; dmarc=pass action=none header.from=jisc.ac.uk; dkim=pass header.d=jisc.ac.uk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jisc.ac.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7Fo1bfWKa4hESLb5/2i2s+Kpzo22c9u0M8WqNDugw8g=; b=AaI+z1cjg4v5UorDvqKcm9Hf8f7c+Itt7N6r0iYJN8o41rjRZql9wBnUAj4NdfETUqWPcvjm+UZfganw7eRLvQL7wJKx2hBH4dzis9FGcOIKCEaNVAxt3MN+0EwSRQHTi3/KS+OqekCMB1hDWGVMoivQy2rQFgihFUAHYFmrNiaW20Ra9yus1IBlchXJ1qOmevvwiPIofqtn45Y7mcsokeUOMS9NF8ZnnjfMroESi3fuz+bJf6jREv6Mtj1SZnzZVnuX4b5jcSJku0/XTJjRVAxnrFrS+hM26ebuvUOOYbLdlJy+ZafF9Eppas/hOTYF6ge6AC+6wQN20m0m+n96hA==
Received: from DB9PR07MB7771.eurprd07.prod.outlook.com (2603:10a6:10:2a6::15) by GVXPR07MB9918.eurprd07.prod.outlook.com (2603:10a6:150:11d::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.31; Mon, 25 Mar 2024 10:00:23 +0000
Received: from DB9PR07MB7771.eurprd07.prod.outlook.com ([fe80::4850:b7b9:4466:3733]) by DB9PR07MB7771.eurprd07.prod.outlook.com ([fe80::4850:b7b9:4466:3733%7]) with mapi id 15.20.7409.026; Mon, 25 Mar 2024 10:00:23 +0000
From: Tim Chown <Tim.Chown@jisc.ac.uk>
To: Ole Troan <otroan=40employees.org@dmarc.ietf.org>
CC: Brian E Carpenter <brian.e.carpenter@gmail.com>, 6man WG <ipv6@ietf.org>
Thread-Topic: [IPv6] Adoption call for draft-bctb-6man-rfc6296-bis
Thread-Index: AQHaeY6yX2qS9K1ivUm5hyVwlPGArbFDf6sAgAAGDICAAKafAIAABZ0AgAAZ1YCAAAyiAIAAEyQAgAAjo4CAAFHZAIADYk2A
Date: Mon, 25 Mar 2024 10:00:23 +0000
Message-ID: <8606B370-28AD-43C2-BEA7-448097A18411@jisc.ac.uk>
References: <CAPt1N1mOyG2jrLcK3Gc47_i-XkbVPY=GweTMWNKOK7O00BpaFg@mail.gmail.com> <04BB59E2-D7DD-4409-A5AB-17321FA8E061@employees.org> <CAPt1N1=s9MRr48-ZiQp3FEydj9TWuq9RjTTTcmxOsMxaQNsb7w@mail.gmail.com> <27503357-b53c-4b1f-87a2-918923c439dd@gmail.com> <A156FB21-AA00-47E8-9897-57295B080FE5@employees.org>
In-Reply-To: <A156FB21-AA00-47E8-9897-57295B080FE5@employees.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.500.171.1.1)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB9PR07MB7771:EE_|GVXPR07MB9918:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: YLbf1FJbgckZ86DoHWMwanbZ1eJUSPE/CrTFMN6O5Rxij0Q1EBzzVzzGnuotoPVHk4Twc4YPV65jH9O9qC+fZlkUfPjspuuqw7zRC5Ea1prAYJmdh03Vn7GMMy8nvYvn7al59+BCzw/j+i+Yq9FlvJ4qNYZm+c9sKY8zJUtUwzXESc6B9oG/VMSJja+p5oXQCMvfqEVWaIW/v2F4z1PA0MKaNhQnwZduw1kDLvRVoJ1weuRHU98lG9zEXCcueYo79b/WXqjTYN20T5ZR/ByCmXMc8oolIVbnxppyYTKBlwiYxgaF4DmeWYzkT2/qMQuYTL2DIRIfGwg+Sy7aB6vFaEghRTPhtwvC0sywDaXUuqzUz+27wNhlmzA3mEtnUFhGjCjwvewZVOXpUkVAc7S3MqvuYyOCD28R0yyW2uomB2RbtdMWUGXDMCsIA+1khfdZvyzxAxc0AcHwQjDLVEVfIZOK148JLoiO2CwMT6JcLGMypLmw3pE2zc4v2+MXNy1z7KxkCltWBbsgULtcph99NrdZKqia7+XmZluzYgqMoZGGhccCC2hwggcJp3PphvJLrR4won2sioBCOxFp/1jZDDtHKjnPJpKSgfOMLHInt0M=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR07MB7771.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(1800799015)(376005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: EL+pvW7Qv+tdd2Es1xS7eMRDePbcddjjwsint32+IdoBoGRBcWTMoWKB1uHLixX4837XOtqIUkoIvQgcdNiIfSGgOKfzYtd+8DQsfg4EF+XC49TxdI1CRJCuc0xS/XThUgkiRmUT2I5OX4ckIqvvbApkRRW0jPI5aT/FsNTNb52dSqKENTgAzK3gHBAbmpNltLsSPWZPvWpi30nfdbYqTw3sXDJIGwNA191tf7NW/u+MCnSOhnONGzDbK4HuEChvXoisex6XLXuHyCzv+fmsgaOI11fBI+m/0ubuYlh9b2ZOCLoWRUOucistDfonfp8/nurGdudIoDhb7oSkW8nZp//jF5KJMvllYW8jvT573SbiNuWyJauKflFIgmw7c47WHu/0gogxZAmughn0otM09M4jHGtedVKkIjtOmdlrE9M1djAyFZZgMpG0i8kKDfDXZeE0f6f96JFOxp45DR7D5sBqYn4I3JcjPc74U2KEFk4MCm1XQRcW9i8yvRyCMw60qE5Zn6KYwJhlWKQgJO2J6MFAFl5BOlgXD61AlFmt55WoGLund5AuZ+9zJAncaQvolHcid2ZAg9unddtEwZLs9xPuWy5Q3fQzxeAPya2I7/KAmy2pCT+5xWW2qpeWP6idZZ/M3FLRoXzN3QckU4qIsC1LhZnL00T6w05MrhKwb24qr/Kt50CB+6CqkJVtZ8KVNYw0n1GbN1kU0vXjQfu+Esm9swsIqeaYDOnV0ikErewh16oi5ORh6bjacMjHMz868n3GupDFrDoMvcNcIRrwTkTt7B0H0Dr3D9tDRfTMQksoirAJHjxnfNkrntsq1/3WUik3X4vDh6zzADBic/t80zTb3DHWQekeQ1hMWmqZRD99dYOsBLC5YQiVy0I7QK1uSJvr7LIjuWiraFHgSLXsS0LNMvvXeUZtj4fj02mHsD8mcARID+UH9k6HWw15uA0qUCE9gZvdQZzmR4NtyTW1Y4MA1possJhPttqhZXlP4uchZ1ogT9il6SzHsjoMGW45+3RS5esxMXlmrPZ6j+11cO6PjhSt0XMcvj8yDpVlnSxY0mkbJC+7b1u9RWLw6PYu1piqqmCcZqQpjgjuWbJBzt/s/vU6KXc9da5L5dYEykJExT+/nXXfO1Ihe+MGJMiEegAMJ/OsCB5YI/xdPwoA5khz1aGnm6uE3sK506ZXkyAwYOdPaVGdG7w+it7iupb/biCvaCzbV6zrpZEdhEEurBuQZJFDjSSGQJvTL8JsNFpnVwiOynL6qgvjlC2feUHJ0K6IF7fWjdvJ5U4SM/crFUjbFSgY3ww2AXKMIh120qxcL6GDkAZcEym/fNzM9UV9dUKqZ+jh8DcWPyJO8zd3zsXGB5iFHr030XFR7n/oiRqEs5T/Yk8D1MN04D8ipWqB9Yvdb/4uG8RWaYvPbb9qxNBpHWIQS2bRZZpSGcbq3J8Bn+bHoigsmkWIW9KxbcmUoHcGwqdGePNY9ETgHiL4Eh2dU41Cn/ZLN4ACwTKuPjKv0n6HO3am/RjjGKji/dXCu5FVoNssxW5JK1enI+okKmgK1Y8BC8ZMeYuLVz1q+ziJEGsUfDMLHs0QIuCowGKfD5iykLmeR5r7/AytIEhyEg==
Content-Type: multipart/alternative; boundary="_000_8606B37028AD43C2BEA7448097A18411jiscacuk_"
MIME-Version: 1.0
X-OriginatorOrg: jisc.ac.uk
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR07MB7771.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9ccffec4-edf8-43d5-22f5-08dc4cb2635a
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Mar 2024 10:00:23.4082 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 48f9394d-8a14-4d27-82a6-f35f12361205
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PIfi6zXLcA3vC9Yjr92F4GQulxmU6s9ibbev/p2S69c8BRnyP1pNxBRfOB7yGr6XCMqrErfpcLTqOQcmoG6b9w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVXPR07MB9918
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/HltEa3ipY56__QeJsHWJn-RtQnc>
Subject: Re: [IPv6] Adoption call for draft-bctb-6man-rfc6296-bis
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2024 10:00:36 -0000

On 23 Mar 2024, at 06:19, Ole Troan <otroan=40employees.org@dmarc.ietf.org> wrote:

On 23 Mar 2024, at 02:26, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:

On 23-Mar-24 12:19, Ted Lemon wrote:
Ole, it sounds like you are saying that we don’t need end to end transparency. I don’t really know how to respond to that. Technology takes time to do right. At the moment I don’t know of the killer app for end to end, but certainly apps like signal and telegram would benefit from it. Lorenzo has brought up zoom, which uses its external address for rendezvous.

*Obviously* today's apps work around the problem of broken references caused by NAT, because they have to.

Why should we encumber future apps with this problem when we don't have to?

I wanted to point out that _even_ without NAT it’s quite tricky to get an end-to-end transparent application right.
And that we haven’t made it easier with ephemeral addressing, NAT64.
Presumably there will also be edge firewalls in IPv6 or some other security functions.

30 years in, someone must have built this application by now, if it’s nothing more than mosh.

On another tack, the cloud fees for v4 public addresses are an incentive to use e2e IPv6. If you want to run v6 to say AWS you can deploy v6 on your campus, and then push jobs there over v6 and save $40 per IP per year.

https://aws.amazon.com/blogs/aws/new-aws-public-ipv4-address-charge-public-ip-insights/

I haven’t seen if Google, MS, etc are doing the same.  Some other smaller cloud providers have been doing this for some time.

In the R&E world, the CERN experiments are heading towards v6-only, as they want all storage to be directly addressable, and potentially worker nodes too.

Tim

O.


 Brian

Op za 23 mrt 2024 om 08:10 schreef Ole Trøan <otroan@employees.org <mailto:otroan@employees.org>>
  On 22 Mar 2024, at 22:25, Ted Lemon <mellon@fugue.com <mailto:mellon@fugue.com>> wrote:

  
  You have a single address you can’t advertise in the dns, yes. If you had a GUA you could advertise it in the DNS and have confidence that it would be reachable for some time.  Sometimes you’d be wrong, but usually not. If you have two GUAs you advertise both and let happy eyeballs take care of it.
  Yes, hand-waving is not hard.
  Do we have an example application that does all that’s required? Open source?
  I struggle to think of anything, but surely someone must take advantage of the end to end transparency in IPv6…
  Cheers
  Ole

  Op za 23 mrt 2024 om 05:53 schreef Ole Troan <otroan=40employees.org@dmarc.ietf.org <mailto:40employees.org@dmarc.ietf.org>>

      Brian,

I don't support adoption.

When NAT was first introduced, I experienced a lot of trouble. There may be fewer problems these days, but I think the reason is that applications are built with NAT in mind. In other words, I think it limits the ability to create applications.

I think it is undesirable that something works in an environment without NAT but does not work in an environment with NAT. If this happens, should I fix the application or the network?

I think it would be desirable to regain an environment where applications can be created without restrictions, and I think that would make the Internet better.

Even though IPv6 can eliminate this restriction, I do not agree with restricting applications with NPTv6.
Could you say a little more about _how_ NPTv6 restricts applications?

That's a slightly strange question since the draft already has a "Implications for Applications" section. Possibly it needs modernisation.

      Perhaps I should have phrased it better. I meant what concerns he has outside of what’s already in the application section of the document.

But I think Naoki is missing the trade-off here, and the comparison with our bad experience with NAPT44
and even with NAT444 is too simple.

There are a few scenarios where NPTv6 makes things better for a user, because otherwise they will lose connectivity. Outside those scenarios, NPTv6 is a bad thing and should not be enabled.

It's quite different from NAPT44. I could not use any IPv4-only resource without NAPT44. I can use every IPv6 resource without NPTv6. That's the situation for the majority of users.

      I think we are somewhat glossing over the complexities of what a native IPv6 application would have to deal with if it was acting as server.
      And I don’t know if we have written this down or we have good patterns in implementations to follow.

      An IPv6 host has multiple addresses with different reachability properties and lifetimes. And they may or may not be ephemeral. No way for the host to know.
      It has to pick one, and avoid picking one that leaks any of the temporary addresses, and somehow get that registered in DNS.
      Or exchange the right set of addresses through something like ICE.
      Deal with the consequences when these addresses change.

      And if stuck behind a stateful firewall, an IPv6 application would have to do some sort of firewall traversal.
      And if the destination is behind a NAT64, it would have to do the full set of IPv4 NAPT traversal techniques (and most of these are now going to be endpoint dependent NATs).

      All this, without even involving NPTv6.
      In my NPTv6 setup, I have a single IPv6 address. With infinite lifetime.
From an application implementation perspective I am not convinced that this is not a lot easier to implement than the above with ephemeral global addressing.

      Cheers,
      Ole


      --------------------------------------------------------------------
      IETF IPv6 working group mailing list
      ipv6@ietf.org <mailto:ipv6@ietf.org>
      Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 <https://www.ietf.org/mailman/listinfo/ipv6>
      --------------------------------------------------------------------

  --------------------------------------------------------------------
  IETF IPv6 working group mailing list
  ipv6@ietf.org <mailto:ipv6@ietf.org>
  Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 <https://www.ietf.org/mailman/listinfo/ipv6>
  --------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email