IETF Logo Mail Archive

Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]

Vasilenko Eduard <vasilenko.eduard@huawei.com> Fri, 29 April 2022 14:52 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59803C15ED4A; Fri, 29 Apr 2022 07:52:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d5m6lZU-syzW; Fri, 29 Apr 2022 07:52:29 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD2C8C15EB2D; Fri, 29 Apr 2022 07:52:28 -0700 (PDT)
Received: from fraeml745-chm.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Kqb2R6VwNz67QJm; Fri, 29 Apr 2022 22:48:15 +0800 (CST)
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by fraeml745-chm.china.huawei.com (10.206.15.226) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Fri, 29 Apr 2022 16:52:25 +0200
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by mscpeml500001.china.huawei.com (7.188.26.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Fri, 29 Apr 2022 17:52:24 +0300
Received: from mscpeml500001.china.huawei.com ([7.188.26.142]) by mscpeml500001.china.huawei.com ([7.188.26.142]) with mapi id 15.01.2375.024; Fri, 29 Apr 2022 17:52:24 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: Ted Lemon <mellon@fugue.com>, David Farmer <farmer=40umn.edu@dmarc.ietf.org>
CC: Xipengxiao <xipengxiao=40huawei.com@dmarc.ietf.org>, v6ops list <v6ops@ietf.org>, 6man list <ipv6@ietf.org>
Thread-Topic: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]
Thread-Index: AQHYWPMa29ieH/YkeUSxTtcSlFLojK0BHpGAgAAOt4CAAAsgAIAAAkWAgAABEwCAArKmAIAAFUWAgAAFeoCAAAeegIAAI/YAgAArXQCAAAwtgIAAgQWAgAAbkYCAAMgQIP//8u6AgAD/LoCAAAXwAIAAM/Cw
Date: Fri, 29 Apr 2022 14:52:24 +0000
Message-ID: <8a2e2984285544cabf07a558154d9d5b@huawei.com>
References: <CAM5+tA8WvjvWirxqE6kQ9LQAG0NcpWyCLGVooB=G7gZ9ETb2zQ@mail.gmail.com> <20220424172743.GA218999@fg-networking.de> <CAKD1Yr1v0Tkh+pWD-ts=PL3gZf7Qj6OHW6Cuvj8iGcSSMibjew@mail.gmail.com> <0afe25f5-52b7-a438-0696-cf8b0a83c2dc@gmail.com> <BN8PR07MB70760D9693580F5BDCB61DD995F89@BN8PR07MB7076.namprd07.prod.outlook.com> <CAKD1Yr3Z9wGQ+uiA2WcW00MrOiLyHs+bSoFjHVtrixCi2qp4DA@mail.gmail.com> <BN8PR07MB7076A6456CAB48EF428D6E8695F89@BN8PR07MB7076.namprd07.prod.outlook.com> <65d0d9ac-77fc-c200-09e3-0c3949ca1541@gmail.com> <CAN-Dau2FS99ewfgH8xk-jSJFCnO92CJV9ZC98DUE2UDR7V1Eww@mail.gmail.com> <CANMZLAYbpZBDA8uFnJqfWfWTQ4S9RN4a-DqWe36qzfAfDtXiQA@mail.gmail.com> <CAN-Dau0BjRR2_7xz38DpJsz0Y=Z_8bV5n-=Eh1QUVEDzqVxmaA@mail.gmail.com> <CAPt1N1=H=eAyRu0JcHnLpZEUizDZ4Kj0VwPu=0nM=Wn+y3Ho1w@mail.gmail.com> <CAM5+tA_4rtSkgEuRUFZ2LYr6i8a7vWeKODYieVARF3RbRvgRww@mail.gmail.com> <BN8PR07MB7076DE3E745CB916FB81879595FA9@BN8PR07MB7076.namprd07.prod.outlook.com> <ADAE42CE-448F-42F5-89BE-692F493E2DC8@consulintel.es> <CAM5+tA_ksJ+agY1tze1-zPHLsgYFgjEYtnuPs+ffZbnRqiHytw@mail.gmail.com> <BAD082DA-0958-4926-B3E5-4E4599A75078@consulintel.es> <BN8PR07MB7076564E50C0DAFBFAB950FD95FA9@BN8PR07MB7076.namprd07.prod.outlook.com> <CAPt1N1ncVkekecS=dBHSR3WtaEMruy55Udxy0WSMGTgbN24pKw@mail.gmail.com> <CAM5+tA8-Zqka-vZ9jRL3wn0dtfuJj0ECx_k9prwyS2ypisaPtw@mail.gmail.com> <FB031B76-7E88-4824-876F-D1A05F8D2215@thehobsons.co.uk> <CAFU7BAST-oNGpy4JvODDsf=8eS69hV8XCi8OgEHBkkoujRN3Rw@mail.gmail.com> <699f556a3eac41179a80d2cc8749a191@huawei.com> <CAO42Z2wiebCOPmtcEOJ3rOaZEpHE7qFZZTf5KLWybSsL6rOd9Q@mail.gmail.com> <CAN-Dau1FV-uEkX1S7vOEVxggjcNvUVTmokPAEOiapxPTySN-vw@mail.gmail.com> <CAPt1N1mk8Qv1anXohCJaiH0WWn-BkS4mr=ffyF0cCaE7CM314w@mail.gmail.com>
In-Reply-To: <CAPt1N1mk8Qv1anXohCJaiH0WWn-BkS4mr=ffyF0cCaE7CM314w@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.81.190.13]
Content-Type: multipart/alternative; boundary="_000_8a2e2984285544cabf07a558154d9d5bhuaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/2BkeklidIuIn_kKw6jHeKINOXcM>
Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Apr 2022 14:52:33 -0000

I do not understand why everybody talking about NAT66
If NPT is available.
NPT is much better – it has a smaller list of problems.

Are Enterprise people happy about NPT?

Eduard
From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Ted Lemon
Sent: Friday, April 29, 2022 5:37 PM
To: David Farmer <farmer=40umn.edu@dmarc.ietf.org>
Cc: Xipengxiao <xipengxiao=40huawei.com@dmarc.ietf.org>; v6ops list <v6ops@ietf.org>; 6man list <ipv6@ietf.org>
Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]

The difference is that NAT44 made things better. NAT66 arguably doesn’t. Pretty clearly there is a better alternative for the specific pci case we’ve been discussing.

This doesn’t mean people won’t do nat66 out of habit anyway, but it will cost extra and add no value, so I don’t see any reason why it would become and remain a best practice.

On Fri, Apr 29, 2022 at 10:16 David Farmer <farmer=40umn.edu@dmarc.ietf.org<mailto:40umn.edu@dmarc.ietf.org>> wrote:


On Thu, Apr 28, 2022 at 6:02 PM Mark Smith <markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>> wrote:
On Fri, 29 Apr 2022 at 07:37, Xipengxiao
<xipengxiao=40huawei.com@dmarc.ietf.org<mailto:40huawei.com@dmarc.ietf.org>> wrote:

> My point is, given PCI DSS 4.0 (what Jen wrote as PCR DSS 4.0), we should tell enterprises they no longer need NAT. But if some enterprises still insist, respect their decision.

Ignore them. IPv6 doesn't solve any problem they have, and adding NAT
to IPv6 still won't solve any problem they have, because IPv6 still
won't solve a problem they have.

...

Even government mandates to get enterprises to adopt a networking
protocol don't work - the Internet is supposed to be running CLNS by
now as mandated by governments around the world. (I expect Vint Cerf
was being nice while working on this rather than truly believing OSI
would take over.)

Explaining the Role of GOSIP
https://www.rfc-editor.org/rfc/rfc1169.html


 It's more important to get enterprises to use IPv6 ASAP, than to
insist that they use the "right" IPv6 solution.
>

Why is it important to get enterprises to use IPv6 ASAP?


Regards,
Mark.

Ignore credit cards and enterprises, that's your advice for IPv6?

So, no one using IPv6 wants to get paid for anything? Or, are you suggesting we maintain a quaint IPv4 network in the corner, so we can do credit cards and can get paid?

As for enterprises, Google and AWS are enterprises, are you suggesting they should be ignored too? Most of the valuable things on the Internet are run by enterprises.

Supporters of IPv6 need to very much care about enterprises; We need them to make their content available via IPv6. We need them to enable IPv6 on the Internet-facing parts of their networks.

Do we need them to enable IPv6 on their internal networks, maybe or maybe not. However, if enterprises are not comfortable with IPv6 why would they enable their content over IPv6?

I'm not suggesting we have to do NAT66 or even NPTv6, however, I think we should have something to tell those doing NAT44 today and want to maintain an internal private network. Maybe ULA with application gateways and proxies instead of NAT. But I don't think the internal private network model is just going to go away, too many people are comfortable with it.

Furthermore, ignoring NAT44 from a standardization point of view worked so well the last time. "Ignore them, and they will go away," didn't work last time and it's not going to work this time either.

Thanks


--
===============================================
David Farmer               Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu>
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE<https://www.google.com/maps/search/2218+University+Ave+SE?entry=gmail&source=g>        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================
_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email