Re: [sunset4] Closing Sunset4

[Lee Howard <lee@asgard.org>]

On 05/16/2018 08:05 PM, Leo Gaspard wrote:
> On 05/16/2018 09:22 PM, Lee Howard wrote:>> - why new technologies and
> sites get invented yet IPv6 is not on them
>>>    (deployed IoT w/ IPv4, self-driving cars w/ IPv4, new big office
>>>    buildings w/ IPv4, and so on).
>> 1. Shortsightedness
>> 2. Developers hacking together what they barely know
>> 3. Using an OS designed for embedded systems that's based on a very old
>> Linux without IPv6 support.
> (getting ready to be lapidated)
>
> For my end-user (like, a computer and a rental server at a hosting
> company) point of view:
>
>   * Being dual-stack is painful to configure and risky from a security
> point of view (hello iptables and ip6tables getting out-of-sync, IPv6
> privacy extension, etc.)
Can you elaborate on the pain? I may be too close to it to feel it anymore.

>
>   * IPv6-only requires NAT64 to get things to work (just see the issues
> mentioned by the Mythic Beasts presentation from IETF101 you linked to,
> even with NAT64 things don't work out of the box)
Well, it probably requires translation somewhere, but:
1. Not if you're on 4G
2. Not if you control the network
3. There are other transition mechanisms than NAT64.

>
>   * IPv4-only requires nothing, as NAT when required is already handled
> by devices out of my line of sight (eg. routers from where I connect, etc)

As long as device-to-server communication is the only way you would ever 
want to communicate. And as long as 464xlat or DS-Lite or whatever 
transition mechanism the intermediate networks use doesn't bother you.

>
> Also, for my server, setting up a NAT64 is completely useless, as the
> NAT64 would need to run on… the same server, meaning that it needs to be
> dual-stack anyway.
Sure, in that scenario. It's uncommon, I think, to find a server all by 
itself. NAT64 or SIIT-DC make more sense at the edge of a data center. 
Happy to run that for you. :)
>
> So, as an end-user, the easiest solution for me for now is
> `ipv6.disable=1`, and I'll switch to `ipv4.disable=1` when it will exist
> and the rest of the world will be ready for it. Yes, I know this is a
> chicken-and-egg problem.

How will you decide it's time to do that?
How much notice will you have that you can/should/must do it, and how 
long will it take?
Logistic projection shows 50% of the world using IPv6 to reach Google in 
early 2020, and 80-90% in 2022-2023.
Whatever countries your devices are in may have a different growth 
curve, and may adopt transition technologies at a different rate.

>
> This is likely something that should be addressed by this WG (and the
> reason why I subscribed and lurked for a while), but I have absolutely
> no idea how.

Personally, I do not want to force anyone to deploy IPv6 before it makes 
sense for them. I do, however, want to make sure everyone who needs to 
make a decision about when to do it is well-informed about it, and the 
risks and opportunities of deploying or not deploying.

Lee