Re: [v6ops] IPv6-only section [draft-ietf-v6ops-enterprise-incremental-ipv6 WGLC]

Erik Nygren <erik+ietf@nygren.org> Thu, 08 August 2013 13:37 UTC

Return-Path: <nygren@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24AEC21F918C for <v6ops@ietfa.amsl.com>; Thu, 8 Aug 2013 06:37:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.377
X-Spam-Level:
X-Spam-Status: No, score=-1.377 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ykh3lmgpFzL5 for <v6ops@ietfa.amsl.com>; Thu, 8 Aug 2013 06:37:25 -0700 (PDT)
Received: from mail-ve0-x231.google.com (mail-ve0-x231.google.com [IPv6:2607:f8b0:400c:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 5B91E21E804E for <v6ops@ietf.org>; Thu, 8 Aug 2013 06:37:23 -0700 (PDT)
Received: by mail-ve0-f177.google.com with SMTP id cz11so3039155veb.22 for <v6ops@ietf.org>; Thu, 08 Aug 2013 06:37:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=QvmNOniPXvrXeKLk6ga6rmtvDCj2pgKTO2zvcMipgHg=; b=jJL+roEvRRJrnpyy8qgpXLyKfTgFzSoOmZ/iyS8iFGvFMwfJdNuBz6ps/cw6alI7nk g/882oE5KqkYAVmoJG0bVHd1NAs9Cib5RcXhEG5sfmRHvC2H0zEOTVpgo1+BhFvPSnKF X2TbH4nB0BNFcvX6FMaH6eW8egcVmnygwcgDZRC1gKnDZqO/xg74ifVmzxLjdYxMcN6B Xkr9rXj/8K1QuADqEoqDc/HYJXU6LOehcJxf6ei4c5FT7HJrbr5iPBFp30TFEut8RWBm 3P3R37c2YBQbWyCPhtVVdec3Xl+1VH310tIZuQtjBPqnwG/qVhZQijsNTWVGw6b5H647 ncsw==
MIME-Version: 1.0
X-Received: by 10.220.89.73 with SMTP id d9mr3978843vcm.87.1375969040444; Thu, 08 Aug 2013 06:37:20 -0700 (PDT)
Sender: nygren@gmail.com
Received: by 10.220.91.132 with HTTP; Thu, 8 Aug 2013 06:37:20 -0700 (PDT)
In-Reply-To: <CAD6AjGTAJVvmG_byRMW_F2g+WDBvdRLop_oLshgwbUsfBjRzbA@mail.gmail.com>
References: <201308041800.r74I03pC023049@irp-view13.cisco.com> <5200804D.2050006@gmail.com> <CAD6AjGTGL9JVK6egOAVXhMFv77L0b=9eVjKAauwNzLnaM=Mcyw@mail.gmail.com> <52031D69.3070604@gmail.com> <CAD6AjGTAJVvmG_byRMW_F2g+WDBvdRLop_oLshgwbUsfBjRzbA@mail.gmail.com>
Date: Thu, 8 Aug 2013 09:37:20 -0400
X-Google-Sender-Auth: Q33hOBqs9Ua5MU9gKfTAOHsR-EQ
Message-ID: <CAKC-DJh1q+sJB00yo7HsFifWb=42teg_ga4CjRQVVecU1emcDA@mail.gmail.com>
From: Erik Nygren <erik+ietf@nygren.org>
To: "cb.list6" <cb.list6@gmail.com>
Content-Type: multipart/alternative; boundary=047d7b3a8e94e0b4e904e36fc1f8
Cc: v6ops@ietf.org
Subject: Re: [v6ops] IPv6-only section [draft-ietf-v6ops-enterprise-incremental-ipv6 WGLC]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2013 13:37:27 -0000

It's also likely the case that at least some enterprises control portions
of
their environments well enough that mostly-IPv6 could potentially be much
more viable than a residential environment.  For example, a retail store
chain using
HTTP-based POS terminals and kiosks may have enough control over their
environment
that they could ideally deploy an IPv6-only environment and just use
NAT64/DNS64
to get to some of their supplier websites that still require IPv4.
It might also be attractive to some US Government agencies who control
the devices and clients within their network to use this approach as part
of meeting the OMB September 2014 mandate for IPv6 client support.
That could be simpler for those agencies than rolling out a dual-stack
environment.
(I'm very curious if either of these cases exists in production in the
field today...)

      Erik


On Thu, Aug 8, 2013 at 8:45 AM, cb.list6 <cb.list6@gmail.com> wrote:

>
> On Aug 7, 2013 9:24 PM, "Brian E Carpenter" <brian.e.carpenter@gmail.com>
> wrote:
> >
> > On 08/08/2013 16:08, cb.list6 wrote:
> > > On Aug 5, 2013 9:49 PM, "Brian E Carpenter" <
> brian.e.carpenter@gmail.com>
> > > wrote:
> > >> On a different topic, section 5 covers IPv6-only issues.
> > >> I'm a bit concerned that this might need a health warning:
> > >> deploying NAT64/DNS64 might cause pain and suffering.
> > >> Perhaps after this text:
> > >>
> > >>>    Together, RFCs
> > >>>    6146 and RFC 6147 provide a viable method for an IPv6-only client
> to
> > >>>    initiate communications to an IPv4-only server.
> > >> we should add something like:
> > >>
> > >>    At enterprise level, operating NAT64 and DNS64 services for
> > >>    heavy usage may have significant practical implications.
> > >>
> > >
> > > Can you be more specific? Pratical data?
> >
> > Not really, because I've never operated one in real life. It doesn't
> > strike me as the sort of service that most enterprise network
> > managers will be familiar with, and a v6-only site needing a normal
> > level of access to v4-land would end up sending most of its external
> > traffic via NAT64 and most of its external DNS queries via DNS64.
> > Therefore, these would become an important single point of failure
> > and a potential bottleneck. The text doesn't seem to point this out.
> >
>
> Agree with Joel, nat64 will be parity with common nat44 and firewalls in
> terms of availability
>
> Regarding majority of traffic, i believe the scales have tipped to show v6
> is the majority for campus networks, which is the best proxy in the
> available data
>
> http://www.worldipv6launch.org/measurements/
>
> These numbers also skew low since Apple has a non-deterministic happy
> eyeballs
>
> Given that enterprises and all users of IP are out of ipv4, so they need
> to not use ipv4 yet have access to it, guidance against nat64 will
> frustrate the issue.
>
> Guidance should be given to make as many flow v6 e2e. Full stop.
>
> CB
>
> >    Brian
> >
> > > CB
> > >
> > >> Also, the last paragraph of section 5:
> > >>
> > >>>    It is worth noting that for IPv6-only access networks that use
> > >>>    technologies such as NAT64, the more content providers (and
> > >>>    enterprises) that make their content available over IPv6, the less
> > >>>    the requirement to apply NAT64 to traffic leaving the access
> network.
> > >> A reference to RFC 6883 would fit nicely there.
> > >>
> > >> Regards
> > >>    Brian
> > >> _______________________________________________
> > >> v6ops mailing list
> > >> v6ops@ietf.org
> > >> https://www.ietf.org/mailman/listinfo/v6ops
> > >
>
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>
>