IETF Logo Mail Archive

Re: [IPv6] Adoption call for draft-bctb-6man-rfc6296-bis

Ole Troan <otroan@employees.org> Fri, 22 March 2024 19:53 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 462B7C14F73E for <ipv6@ietfa.amsl.com>; Fri, 22 Mar 2024 12:53:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=employees.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IrnQiF9IMCyA for <ipv6@ietfa.amsl.com>; Fri, 22 Mar 2024 12:53:11 -0700 (PDT)
Received: from proxmox01.kjsl.com (proxmox01.kjsl.com [IPv6:2607:7c80:54:6::6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C86AAC151069 for <ipv6@ietf.org>; Fri, 22 Mar 2024 12:53:11 -0700 (PDT)
Received: from proxmox01.kjsl.com (localhost.localdomain [127.0.0.1]) by proxmox01.kjsl.com (Proxmox) with ESMTP id CE6A5E644E; Fri, 22 Mar 2024 19:53:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=employees.org; h=cc:cc:content-transfer-encoding:content-type:content-type :date:from:from:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=prox2023; bh=2PoaPgTf/NUWXzgM X1ftMg1Bl/wAmScXsNqRL66Dmpc=; b=PLpsqjpQxmPBTNEpxXM4G/6MXqpt/gJP Y68fhO7nSVgahFKwsGciKmvZ5nQ6BuN1ZfmPbUCNeDgScPYUOis+pcxi8WaSpWpK wb0qllinT1LcnQk/8PNj52wng8tt0fvgh6trvHCmKIspXfev6jNnjmqXtgpasSKz 2Ka+Rb7pH6AVsdx+2XsveMHPoVHt98fAAmx3UHZNFuGhr8eaPDxzM0RPOKyOs8LI S5d63+5kv9n3WUYZElAotD114w3Va+w70FFl5Tif9NMiXFcQu3rzaGaE5CAiZlei DJEijavAozUctQTdDLVrqhoZG40kKn94Xi7FRKF/SLz+FLGLXo2LHA==
Received: from clarinet.employees.org (clarinet.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by proxmox01.kjsl.com (Proxmox) with ESMTPS id AB66DE63AB; Fri, 22 Mar 2024 19:53:10 +0000 (UTC)
Received: from smtpclient.apple (unknown [IPv6:2001:4650:c3ed:37a:1e9f:54b:1ba9:d468]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 3FA194E11A5E; Fri, 22 Mar 2024 19:53:09 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
From: Ole Troan <otroan@employees.org>
In-Reply-To: <22452b49-227b-435c-9f2a-79bc231b00d9@gmail.com>
Date: Fri, 22 Mar 2024 20:52:56 +0100
Cc: Naoki Matsuhira <matsuhira.ietf@gmail.com>, Lorenzo Colitti <lorenzo@google.com>, 6man WG <ipv6@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A62E47CC-B21C-4CEA-9E8A-6A26A7E9ACB3@employees.org>
References: <df333346-f108-3782-0ff5-4bd85d7b49ac@gmail.com> <015F13BE-32F7-4C8B-8C86-C9153FE9C9E9@employees.org> <CAKD1Yr3dJ0EcMVPEGz-oHzNdWzJO1fE1u73Xxiw44BObuYTXbQ@mail.gmail.com> <CADmxuPExdq93HFRBpk6EeJdZsXOFQFDwB2EfVvkM++CDPb2gkg@mail.gmail.com> <CADmxuPEtbaehHwJhxfuhWzTeiZ7sHsveTrm69U2R67Swd1n0Bg@mail.gmail.com> <5ED8B6B1-991F-4D45-A3C3-C6BE20B00518@employees.org> <22452b49-227b-435c-9f2a-79bc231b00d9@gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/WddPNVmpcpK4YbwRhnWeCZ7DT3c>
Subject: Re: [IPv6] Adoption call for draft-bctb-6man-rfc6296-bis
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2024 19:53:16 -0000

Brian,

>>> I don't support adoption.
>>> 
>>> When NAT was first introduced, I experienced a lot of trouble. There may be fewer problems these days, but I think the reason is that applications are built with NAT in mind. In other words, I think it limits the ability to create applications.
>>> 
>>> I think it is undesirable that something works in an environment without NAT but does not work in an environment with NAT. If this happens, should I fix the application or the network?
>>> 
>>> I think it would be desirable to regain an environment where applications can be created without restrictions, and I think that would make the Internet better.
>>> 
>>> Even though IPv6 can eliminate this restriction, I do not agree with restricting applications with NPTv6.
>> Could you say a little more about _how_ NPTv6 restricts applications?
> 
> That's a slightly strange question since the draft already has a "Implications for Applications" section. Possibly it needs modernisation.

Perhaps I should have phrased it better. I meant what concerns he has outside of what’s already in the application section of the document.

> But I think Naoki is missing the trade-off here, and the comparison with our bad experience with NAPT44
> and even with NAT444 is too simple.
> 
> There are a few scenarios where NPTv6 makes things better for a user, because otherwise they will lose connectivity. Outside those scenarios, NPTv6 is a bad thing and should not be enabled.
> 
> It's quite different from NAPT44. I could not use any IPv4-only resource without NAPT44. I can use every IPv6 resource without NPTv6. That's the situation for the majority of users.

I think we are somewhat glossing over the complexities of what a native IPv6 application would have to deal with if it was acting as server.
And I don’t know if we have written this down or we have good patterns in implementations to follow.

An IPv6 host has multiple addresses with different reachability properties and lifetimes. And they may or may not be ephemeral. No way for the host to know.
It has to pick one, and avoid picking one that leaks any of the temporary addresses, and somehow get that registered in DNS.
Or exchange the right set of addresses through something like ICE.
Deal with the consequences when these addresses change.

And if stuck behind a stateful firewall, an IPv6 application would have to do some sort of firewall traversal.
And if the destination is behind a NAT64, it would have to do the full set of IPv4 NAPT traversal techniques (and most of these are now going to be endpoint dependent NATs).

All this, without even involving NPTv6.
In my NPTv6 setup, I have a single IPv6 address. With infinite lifetime.
From an application implementation perspective I am not convinced that this is not a lot easier to implement than the above with ephemeral global addressing.

Cheers,
Ole

v2.23.0 | Report a Bug | By Email