IETF Logo Mail Archive

Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05

Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 04 May 2019 04:28 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A26251200DE for <ipv6@ietfa.amsl.com>; Fri, 3 May 2019 21:28:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mTz6nIj5nT05 for <ipv6@ietfa.amsl.com>; Fri, 3 May 2019 21:28:50 -0700 (PDT)
Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 609EE120019 for <ipv6@ietf.org>; Fri, 3 May 2019 21:28:50 -0700 (PDT)
Received: by mail-pf1-x42f.google.com with SMTP id g3so3908103pfi.4 for <ipv6@ietf.org>; Fri, 03 May 2019 21:28:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=UTJXKed+FgyrPIni6JYnUUm61qaNgTcF+CUkH6smvzk=; b=kiERnzfIytdeAW/fGDyTyJP9bsvREs1k+lbtSCKM17wqQHEQU/kE4LbJT+azzDMcOy 9mgDd09PCgWfAi3KYcKoQE64ZSTkDLLrHgvRMPGc7Qtzzsd5nxXE9Xhre+qZYlu0zTaP pOUgCveadbMQHpHFe5I6lkytFlrqzb0UJvvwlmuqwYNMA9H8J4luhP2wAv9WvS73R2yw AaEY8UL+DbcOblv/gp+2dcnZBJ6OOm0Tdz/jUzjLY/OoVr97CKlD+iyIidFHSQulwdA0 +ibQO5/huXyJ9/AqdBMbH/rVkLpP54X1+nPpYAow0TBk0wYqHw7OUYeCiPQIx2qmbUu3 Mhfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=UTJXKed+FgyrPIni6JYnUUm61qaNgTcF+CUkH6smvzk=; b=UX+4UF5fEWAkRaaW3j5r6NF4OkDPOVpLWpR3dgs7BxlI7MBazrrdtgqPJ/8AjAQBvG wrD6EkieY2/jsAYMV2arNp1a4iGjDiUD08fp1VAilxB6syCFT8KWA7dXCZDabU388wga YvqG+MFYHLle84VXqJNaqdZ4s2PxmneNG/AMYllDz6Idc75sXEw+vp88zye5ElVYkjx2 eBh/bcTM+HZ6i49y0CfpT9ShkJHl/b3BRU2IFlJw51yq+7YdTAhYx2JSw4u/g9rF+QQ/ ahLoCWdbw/TuzLpdzvx/HwH5I8LwiU6xjjykN9KPowdo9Q5feftUx/MBhoCEXiNwZoLh ZZRw==
X-Gm-Message-State: APjAAAXmyUSFVBk4CrXyS57C13G08xFi/Fw5oDj10RCxaSBkmQQcXbu7 /HSKuVEdb7MVFee6vfLNk9iikYpb
X-Google-Smtp-Source: APXvYqyrOYBpICRJHQYajMochblbiBaWB7YJJ2DKDbP2w7rAirwqbg92/SO9VPYuQS3jtAuWXIYYWA==
X-Received: by 2002:a63:4820:: with SMTP id v32mr8902600pga.89.1556944129585; Fri, 03 May 2019 21:28:49 -0700 (PDT)
Received: from [192.168.178.30] ([118.148.72.205]) by smtp.gmail.com with ESMTPSA id o2sm5387453pgq.1.2019.05.03.21.28.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 May 2019 21:28:48 -0700 (PDT)
Subject: Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05
To: Gyan Mishra <hayabusagsm@gmail.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, 6man WG <ipv6@ietf.org>
References: <F8BFFCAD-E58E-4736-8A1C-56579B6F6032@employees.org> <a2465e81-a17f-ab48-efda-20fe12a70077@foobar.org> <30239E0C-C444-4A7E-8342-AEE47BF8A2BB@employees.org> <8b9fd743-bfcc-525c-98f6-154f3fa713cc@foobar.org> <CAO42Z2zEWvt9NyemMb8H0AEvPvmNSDGa4wcXiS6n5yRxNFCHQg@mail.gmail.com> <c7e18765-be04-6494-8193-984dbccb520b@foobar.org> <CANMZLAYh+V57yrWOzmUyjSMK0g95u1D5_GZmyZBMOMKAZnrnCg@mail.gmail.com> <3F474511-6FE3-4A0A-9B84-7C37F08FBB5D@steffann.nl> <E352C226-C708-4418-BCDE-10525CAB109A@jisc.ac.uk> <652fb10e-b8ce-0151-a9a0-62d2378caed2@gmail.com> <0079c716-d56c-7199-f493-f5e56e1307ae@foobar.org> <b33de303-eaca-f7f6-804e-2c9343eb92a1@gmail.com> <6C4ABEF1-2565-4BA9-9FC5-5B3C45A719AD@gmail.com> <c2222416-6491-1906-a403-d012777a4b38@gmail.com> <CABNhwV0-SdKZqQa4z9jhpc8h1Eq=8UxRhtvHt1==BYEMTVRjug@mail.gmail.com> <CAO42Z2zCYEHtyKyrWEw8n95c0jiGqLikFesPHqrd4p+zcsA24g@mail.gmail.com> <ab351bef-5307-a3c0-5321-182e337fcf2a@gmail.com> <F279D8BE-D1D9-40BB-879A-6FFE48857C5B@gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <6d087a16-6dc6-132a-4d1d-aefb234b2b72@gmail.com>
Date: Sat, 04 May 2019 16:28:47 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <F279D8BE-D1D9-40BB-879A-6FFE48857C5B@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/fVNGKk0U5yZXixb_Vi4KJ49kfoI>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 May 2019 04:28:53 -0000

On 04-May-19 16:14, Gyan Mishra wrote:
> Brian
> 
> I am on board with the draft and based on Microsoft and FB both big players driving IPv6 only and since Microsoft has a majority share in the desktop market that makes a big difference.
> 
> I have always been and still am a proponent of dual stack but now I understand more clearly that the use case for enterprises would be tpresenting dual stack to the public while being IPv6 only internally. I think this use case idea for enterprises should be added to the draft if not already.
> 
> What was Nick and Sanders operator and operational objection as I missed that in an earlier thread.

Thanks, I will forward their recent messages off-list to avoid repetition.

    Brian
> 
> Thank you 
> 
> Gyan
> 
> Sent from my iPhone
> 
>> On May 3, 2019, at 9:33 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>
>>> On 04-May-19 12:04, Mark Smith wrote:
>>>> On Sat., 4 May 2019, 08:54 Gyan Mishra, <hayabusagsm@gmail.com> wrote:
>>>>
>>>> Do we or anyone in the WG know of any enterprise that is thinking of going IPv6 only.  I don't.
>>>
>>> Case Study: Facebook Moving To An IPv6-Only Internal Network, 6 June 2014
>>> https://www.internetsociety.org/resources/deploy360/2014/case-study-facebook-moving-to-an-ipv6-only-internal-network/
>>>
>>> Microsoft making progress towards IPv6-only, 17 Sep 2018
>>> https://blog.apnic.net/2018/09/17/microsoft-making-progress-towards-ipv6-only/
>>
>> Thanks Mark. And of course the entire motivation of all the work on NAT64, 464XLAT and so on was to *allow* operators and enterprises to make that choice (and thereby reduce operational complexity) without the whole world having dual stack capability. So while I have always been a strong advocate of dual stack, it's clear that there will be a trend for far-sighted enterprises to go IPv6-only sooner rather than later. (Of course, they have to present a dual-stack face to the outside world.)
>>
>> It's the job of a standards organization to be preemptive and to be out ahead of vendors and operators - years ahead, that is. So personally I think the "too soon" argument is completely wrong. We should probably have worked on this sooner, while NAT64 and 464LAT were still in development, in fact.
>>
>> I'm definitely sensitive to the operational arguments from Nick and Sander. However, on that topic the authors can only wait for directives from Ole, since we're servants of the WG consensus. If it isn't clear, I at least don't know what else to change in the text in response to those objections. If the WG wants to un-adopt the draft, so be it. But that would need to be a new consensus call.
>>
>>   Brian
>>
>>>>
>>>> I agree you have nat64 and dns64 and 6to4 proxy  for IPv6 only enterprises to access IPv4 content but if I was an enterprise customer I would go with dual stack over IPv6 only as that is the recommended mainstream deployment of IPv6
>>>
>>> It's debatable.
>>>
>>>> and IPv6 only is a few and far between  extreme exception that I don't think will gain traction till we are close to 100% of all internet content being dual stacked.
>>>>
>>>>
>>>
>>> Further to what Bob said, we have to expect it may take 3 to 5 years,
>>> perhaps sometimes longer, for our work to become widely available in
>>> implementations.
>>>
>>> For example, the current IPv6 Flow Label specification (RFC 6438) was
>>> published in November of 2011. Yet it took somewhere in the order of 2
>>> to 3 years for Mac OS X to be updated to support it, 4 years for Linux
>>> to be updated, and 6 years for Windows to be updated.
>>>
>>> We also need to try to have solutions that may last and can be in use
>>> for decades in many different contexts (ideally with one solution
>>> being able to be used in all possible use contexts), not just ISP or
>>> corporate/enterprise networks. We need to have solutions that can and
>>> will be implemented on billions of hosts, because that is literally
>>> how many IPv6 capable hosts are already in end-users' hands.
>>>
>>> Here we're doing medium to long term engineering, in contrast to the
>>> relatively short to medium term engineering that takes place when
>>> building and operating production networks.
>>>
>>>
>>>
>>>
>>>
>>>>
>>>> Regards
>>>>
>>>> Gyan
>>>>
>>>>> On Fri, May 3, 2019, 4:12 PM Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>>>>
>>>>>> So bottom line here is that until the internet content is 100% IPv6 there is no way any broadband provider would pull back IPv6 thus in essence making this IPv6 flag literally useless and added on way to early in the game which brings me to my next point.
>>>>>
>>>>> Sorry but you miss the point. An enterprise might choose to provide only IPv6 service (and presumably some variant of NAT64) this year. What a broadband service provider might decide is a different matter; of course they are driven by their own market.
>>>>>
>>>>> Regards
>>>>>   Brian
>>>>>
>>>>>> On 04-May-19 04:17, Gyan Mishra wrote:
>>>>>> Brian
>>>>>>
>>>>>> IPv6 penetration is honestly really defined by the percentage of content on the internet that is dual stacked which is still pretty far off and has a long ways to go to even get to a tipping point 50/50 mark.
>>>>>>
>>>>>> As far as cable and broadband providers for end users they are now starting to dual stack but it will be a long time as I said not until we hit the 100% mark that all content on the internet is dual stacked would broadband providers start thinking about pulling back and disabling IPv6.
>>>>>>
>>>>>> The internet really drives the local corporations and intranet which lags behind so that would be even further down the pike.
>>>>>>
>>>>>> All broadband providers small and the big ones like Comcast Verizon Time Warner etc would not want to risk losing customers to their competitors if they pulled back IPv4 early and the internet content was not 100% IPv6.
>>>>>>
>>>>>> If they did so god forbid they may be in for a a lot of class action suits as the entire internet majority being IPv4 would now not be accessible..
>>>>>>
>>>>>> So bottom line here is that until the internet content is 100% IPv6 there is no way any broadband provider would pull back IPv6 thus in essence making this IPv6 flag literally useless and added on way to early in the game which brings me to my next point.
>>>>>>
>>>>>> With regard to security ICMPv6 is not secure and with a SEND secure neighbor discovery that could be secure the iCMPv6 RFC 4861 RS/RA type 133/134 and NS/NA type 135/136.
>>>>>>
>>>>>> So the RA that has the reserved field 2 flag bits now allocated to the IPv6 only flag can be subject to a man in the middle attack easily with a sniffer and spoofing the packet from the router manipulation of the the bird setting from all sending routers to 0 and now basically you have a massive outage.  Thinking about this on a larger scale let’s say If a router was exposed to an attack that someone gained accesses via a stack overflow or glitch the the attacker could not manipulate the flag to set the IPv6 only flag on all routers and now you have an IPv4 meltdown and a massive outage.
>>>>>>
>>>>>> There are many scenarios of which this is only a few off the top of my head but maybe on a more grand scale since all hosts are talking ICMPv6 let’s say their was malware ddos virus that hit internet wise and was via email or any other type of delivery mechanism that was able to compromise all hosts gain root access and now on the host itself can set this IPv6 only flag to 1 and now you have an internet wide meltdown the  worst in history.
>>>>>>
>>>>>> So I a nutshell this IPv6 only flag in my opinion is way ahead of its time and is a good thought but at this point is way jumping the gun as the entire internet community is not ready for this flag as our penetration numbers are not there yet.
>>>>>>
>>>>>> I really think we should defer this RFC and put on hold for the future..
>>>>>>
>>>>>> Gyan
>>>>>>
>>>>>> Sent from my iPhone
>>>>>>
>>>>>>> On May 2, 2019, at 7:52 PM, Brian E Carpenter <brian.e..carpenter@gmail.com> wrote:
>>>>>>>
>>>>>>> Nick,
>>>>>>>>> On 01-May-19 09:55, Nick Hilliard wrote:
>>>>>>>>> Brian E Carpenter wrote on 30/04/2019 21:48:
>>>>>>>>> So I'd rather understand *why* the costs outweigh the benefits. One
>>>>>>>>> more thing for an operator to configure and check in each first-hop
>>>>>>>>> router, vs reduction of pointless traffic on updated hosts.. I'm not
>>>>>>>>> sure how to make that an objective rather than a subjective
>>>>>>>>> trade-off.
>>>>>>>> Hi Brian,
>>>>>>>>
>>>>>>>> Email is being a serious barrier to communication in this discussion :-(
>>>>>>>>
>>>>>>>> The problem statement just isn't there:
>>>>>>>>
>>>>>>>> https://mailarchive.ietf.org/arch/msg/ipv6/GCGYTXhg0V9mQBrcO7zhC5wtnp0
>>>>>>>>
>>>>>>>> The contents of this email largely still apply to the current text in -05.
>>>>>>>
>>>>>>> It's a judgment call. IMHO the problem statement is adequate. In your opinion, it isn't.
>>>>>>>
>>>>>>>> The cost is too high:
>>>>>>>>
>>>>>>>> https://mailarchive.ietf.org/arch/msg/ipv6/NIJ194PI8CLkuZT8U_jKEOY01QI
>>>>>>>>
>>>>>>>> You've shown no analysis of realistic use cases.
>>>>>>>>
>>>>>>>> For something standards track, and this far down the protocol stack and
>>>>>>>> with such a large security considerations section, the proposal ought to
>>>>>>>> be thoroughly compelling for a wide variety of deployment scenarios, but
>>>>>>>> it isn't.  There are better ways of skinning this cat..
>>>>>>>
>>>>>>> Again, a judgment call. We do refer to Layer 2 solutions and this is clearly positioned as a complementary approach.
>>>>>>>
>>>>>>> The authors aren't going to make the final judgment call, obviously.
>>>>>>>
>>>>>>>  Brian
>>>>>>>
>>>>>>> --------------------------------------------------------------------
>>>>>>> IETF IPv6 working group mailing list
>>>>>>> ipv6@ietf.org
>>>>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>>>>> --------------------------------------------------------------------
>>>>>>
>>>>>
>>>> --------------------------------------------------------------------
>>>> IETF IPv6 working group mailing list
>>>> ipv6@ietf.org
>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>> --------------------------------------------------------------------
>>>
>>
>

v2.23.0 | Report a Bug | By Email