Re: [v6ops] Operational Consensus on deployment
Tore Anderson <tore@fud.no> Wed, 06 August 2014 10:51 UTC
Return-Path: <tore@fud.no>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70FF11B293E for <v6ops@ietfa.amsl.com>; Wed, 6 Aug 2014 03:51:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UGgfZGAxrQdd for <v6ops@ietfa.amsl.com>; Wed, 6 Aug 2014 03:51:56 -0700 (PDT)
Received: from greed.fud.no (greed.fud.no [IPv6:2a02:c0:1001:100::145]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2BD61B290E for <v6ops@ietf.org>; Wed, 6 Aug 2014 03:51:55 -0700 (PDT)
Received: from [2a02:c0:2:1:1194:17:0:1000] (port=45056 helo=echo.ms.redpill-linpro.com) by greed.fud.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <tore@fud.no>) id 1XEyp0-0002xc-Hx; Wed, 06 Aug 2014 12:51:54 +0200
Message-ID: <53E20879.4020509@fud.no>
Date: Wed, 06 Aug 2014 12:50:33 +0200
From: Tore Anderson <tore@fud.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.7.0
MIME-Version: 1.0
To: Philip Homburg <pch-v6ops-3@u-1.phicoh.com>
References: <256EAE0B-5C11-42C7-BCA1-CEC7EE6713A7@cisco.com> <53DFD634.4020304@fud.no> <53E0C548.9050706@fud.no> <5C9FC57A-0DA5-4D36-84AE-CF1D6D17FB44@eircom.net> <53E1C587.4000506@fud.no> <m1XEy8M-0000AXC@stereo.hq.phicoh.net>
In-Reply-To: <m1XEy8M-0000AXC@stereo.hq.phicoh.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/4ZvjKDS8amuY_4Abo3DuGFH2EYY
Cc: IPv6 Ops WG <v6ops@ietf.org>
Subject: Re: [v6ops] Operational Consensus on deployment
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Aug 2014 10:51:58 -0000
* Philip Homburg > As far as I can tell, your proposal maps every public IPv4 address to a > unique IPv6 address. Correct. > In that context, why not just use, for example, host routes to route IPv4 > traffic to the right interface of an IPv4 host. That would work, but there's a few reasons why I don't consider that optimal either: - It would not help me with IPv6 deployment at all, it distracts me from it. Having a fully IPv6-enabled infrastructure is the goal I want to be moving towards. SIIT-DC, like MAP and DS-Lite, *requires* IPv6. - I'd still need to maintain IPv4 throughout my infrastructure. If I'm also doing IPv6 at the same time, this means I incur extra operational overhead and cost compared to single stack - "dual everything", as Gert said. - There would be no way to aggregate all the host routes, it would severely pollute my IGP as every single /32 route must be distributed throughout my network. SIIT-DC, on the other hand, requires no host routes, as IPv4 traffic will be typically be translated to the server's primary IPv6 address, creating no extra IGP routes beyond the /64 or whatever that's routed to the LAN segment anyway. - You get interesting routing challenges if the servers need occasional Internet access through a stateful NAT (e.g., to download software updates). You'll want to route the traffic sourced from the public address directly out to the Internet, while traffic from RFC1918 sources needs to be routed through the NAT instance. But both the NAT and no-NAT route must necessarily be represented as an IPv4 default route. I'm sure this could be solved with the use of PBR and/or VRFs, but that incurs extra complexity. An SIIT gateway is on the other hand reached with a normal /96 route, and does not need to interfere with default routing at all. Same goes for a NAT64 instance that could be used for occasional Internet access analogous to the above. - You'll actually need special configuration on the servers, setting up and monitoring a secondary service address. With SIIT-DC, there is no need to touch the servers at all, except in the case where a host agent is needed to facilitate applications that do not support NAT and/or IPv6. - The host routes would need to be installed on each the upstream routers serving as default gateways for the servers' LAN segments, which scatters these assignments all over the place. With SIIT-DC, the SIIT gateways have a complete overview of all configured mappings and what service addresse are available. All in all it feels to me more like a stop-gap solution that only deals with IPv4 depletion, rather than something that also facilitates real progress towards an single-stack IPv6 infrastructure. (BTW: I've made the assumption that you mean that the server's primary IPv4 addresses is a private/RFC1918 one, which is then used as the next-hop for a public /32 assigned to the loopback interface. Let me know if this assumption was incorrect.) Tore
- [v6ops] Operational Consensus on deployment Fred Baker (fred)
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Fred Baker (fred)
- Re: [v6ops] Operational Consensus on deployment Brian E Carpenter
- Re: [v6ops] Operational Consensus on deployment Fred Baker (fred)
- Re: [v6ops] Operational Consensus on deployment Mark Andrews
- Re: [v6ops] Operational Consensus on deployment Fred Baker (fred)
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Ca By
- Re: [v6ops] Operational Consensus on deployment Brian E Carpenter
- Re: [v6ops] Operational Consensus on deployment Ca By
- Re: [v6ops] Operational Consensus on deployment Ca By
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Gert Doering
- Re: [v6ops] Operational Consensus on deployment Czerwonka Michał 1 - Hurt
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment William F. Maton Sotomayor
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Ca By
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Ted Lemon
- Re: [v6ops] Operational Consensus on deployment Heatley, Nick
- Re: [v6ops] Operational Consensus on deployment Ca By
- Re: [v6ops] Operational Consensus on deployment Czerwonka Michał 1 - Hurt
- Re: [v6ops] Operational Consensus on deployment Philip Homburg
- Re: [v6ops] Operational Consensus on deployment Ted Lemon
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roaming… Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Philip Homburg
- Re: [v6ops] Operational Consensus on deployment Gert Doering
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Brian E Carpenter
- Re: [v6ops] Operational Consensus on deployment Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Philip Homburg
- Re: [v6ops] Operational Consensus on deployment Philip Homburg
- Re: [v6ops] Operational Consensus on deployment Ted Lemon
- Re: [v6ops] Operational Consensus on deployment Brian E Carpenter
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Mikael Abrahamsson
- Re: [v6ops] Operational Consensus on deployment Ross Chandler
- [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roaming… Tore Anderson
- Re: [v6ops] IPv4v6 roaming Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Philip Homburg
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Gert Doering
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Vízdal Aleš
- Re: [v6ops] Operational Consensus on deployment Gert Doering
- Re: [v6ops] Operational Consensus on deployment Philip Homburg
- Re: [v6ops] Operational Consensus on deployment Vízdal Aleš
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Tore Anderson
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… GangChen
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… GangChen
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… GangChen
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Tore Anderson
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… GangChen
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… GangChen
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… holger.metschulat
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Lee Howard
- Re: [v6ops] Operational Consensus on deployment Philip Homburg
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ca By
- Re: [v6ops] Operational Consensus on deployment Ca By
- Re: [v6ops] Operational Consensus on deployment Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Dave Michaud
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ca By
- Re: [v6ops] Operational Consensus on deployment Gert Doering
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… GangChen
- Re: [v6ops] Operational Consensus on deployment Ca By
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… GangChen
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Jouni
- Re: [v6ops] Operational Consensus on deployment Eric Vyncke (evyncke)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Dave Michaud
- Re: [v6ops] Operational Consensus on deployment Lorenzo Colitti
- Re: [v6ops] Operational Consensus on deployment Kossut Tomasz - Hurt
- Re: [v6ops] Operational Consensus on deployment Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Fred Baker (fred)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Geir Egeland
- Re: [v6ops] Operational Consensus on deployment Ray Hunter
- Re: [v6ops] Operational Consensus on deployment Heatley, Nick
- Re: [v6ops] Operational Consensus on deployment Mark Andrews
- Re: [v6ops] Operational Consensus on deployment George Michaelson
- Re: [v6ops] Operational Consensus on deployment Heatley, Nick
- Re: [v6ops] Operational Consensus on deployment Kossut Tomasz - Hurt
- Re: [v6ops] Operational Consensus on deployment Eric Vyncke (evyncke)
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Fred Baker (fred)
- Re: [v6ops] Operational Consensus on deployment James Woodyatt
- Re: [v6ops] Operational Consensus on deployment Fred Baker (fred)
- Re: [v6ops] Operational Consensus on deployment James Woodyatt
- Re: [v6ops] Operational Consensus on deployment Mark Andrews