IETF Logo Mail Archive

Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]

Kevin Myers <kevin.myers@iparchitechs.com> Thu, 28 April 2022 10:28 UTC

Return-Path: <kevin.myers@iparchitechs.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21D64C1595E6; Thu, 28 Apr 2022 03:28:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iparchitechs.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PMc0HDxFwcPQ; Thu, 28 Apr 2022 03:28:34 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1anam02on2070c.outbound.protection.outlook.com [IPv6:2a01:111:f400:7ea9::70c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0C2FC14F744; Thu, 28 Apr 2022 03:28:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HUiUBmOQo2WU2lQwpc7IS/lwsVBf7kqExBFQcIz7pXsBf8S98fjWtRO3yG5N2g+MXLJ1rzWeHUh1vSzITlQq70inwD+eMDphEmVtRafjtXt3fvqjwIOJ3qKTV/j2lRAIGn3Wzr2608LlV/qhjOicK97o7/J8zCjbyHWxeFl8EfSKK8XrAs/GcRK4Pws8IUkAz/ipBdlk9ytoYpteCJsbJLZ6AjHq/eGo+hgOx0VF0I2jzPlWfi9B50Nn20pIm4/6VF5DckViv+y+t8VZ1oUA5SjfCk1mmFX1zpIiBXRwSxzsQmoxZOj5cS1RBTijBFu6P0VM7Ijgzd2BQTFngvVcCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/GTmfj2XynWW4aE9grCrj+sguoJ8EcZ7WOfOaTGnarc=; b=MSEsbg+/6kxgpiN3wBM+9baNCH+jzCadhZ4k/2UprCiSoDghY1RzL2CWqBzYg74F6E8IYXHuOMc5ciatl3uIC6QxrK4EsmgyghMu5iomab/fLoDFl2kDmFpsXZtsz+VFdgRyz9BQ5fMRsEJcPkKu0CrkhxJDhXd0Ph5eN+Npe3FYNRDkj7KLquip4mKb64MddF5MoP7m2dnapzWdhCenu76D2hTFSCuVcgPFtV23qTHfyq3LzQL23VoywLbmzGXCSRfO3b3mCD7dsyf+pl6JxpAKNGX50oA/KFeXeUKPo81qP2J0uC5IpeyNmDEK0cyzju0MYSOxMY19rp+o+RSavA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iparchitechs.com; dmarc=pass action=none header.from=iparchitechs.com; dkim=pass header.d=iparchitechs.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iparchitechs.onmicrosoft.com; s=selector2-iparchitechs-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/GTmfj2XynWW4aE9grCrj+sguoJ8EcZ7WOfOaTGnarc=; b=vycJ1LAc01gQXOfk+jt/SacSj//TdasoL4/cBCzEb9yZ7FjmiKgETC9thkF8ynwbHV25lwSJNO8b8d2gzE068uqZmFLXkmLKZSdtSGr3zod80HO3wcYRMIMmQ+x0VConKR58l3PqKOlGQcpjRY/PtCA7N8cMucitaiUE5cReLak=
Received: from BN8PR07MB7076.namprd07.prod.outlook.com (2603:10b6:408:79::19) by CY4PR07MB2856.namprd07.prod.outlook.com (2603:10b6:903:24::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5206.13; Thu, 28 Apr 2022 10:28:29 +0000
Received: from BN8PR07MB7076.namprd07.prod.outlook.com ([fe80::a840:dbb:c6ac:27dd]) by BN8PR07MB7076.namprd07.prod.outlook.com ([fe80::a840:dbb:c6ac:27dd%5]) with mapi id 15.20.5206.013; Thu, 28 Apr 2022 10:28:29 +0000
From: Kevin Myers <kevin.myers@iparchitechs.com>
To: Simon <linux@thehobsons.co.uk>, 6man list <ipv6@ietf.org>, v6ops list <v6ops@ietf.org>
Thread-Topic: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]
Thread-Index: AQHYWPMEsuW60eoQIk20MPzY3u+cMq0BQBmAgAAOt4CAAAsfAIAAAkWAgAABEwCAAqNNEIAAJJ6AgAAFeoCAAAeegIAAEhYAgAA9PgCAAAwtgIAAgQSAgAABSKA=
Date: Thu, 28 Apr 2022 10:28:29 +0000
Message-ID: <BN8PR07MB7076D1B5DBE0F826DF05247B95FD9@BN8PR07MB7076.namprd07.prod.outlook.com>
References: <CAM5+tA8WvjvWirxqE6kQ9LQAG0NcpWyCLGVooB=G7gZ9ETb2zQ@mail.gmail.com> <20220424172743.GA218999@fg-networking.de> <CAKD1Yr1v0Tkh+pWD-ts=PL3gZf7Qj6OHW6Cuvj8iGcSSMibjew@mail.gmail.com> <0afe25f5-52b7-a438-0696-cf8b0a83c2dc@gmail.com> <BN8PR07MB70760D9693580F5BDCB61DD995F89@BN8PR07MB7076.namprd07.prod.outlook.com> <CAKD1Yr3Z9wGQ+uiA2WcW00MrOiLyHs+bSoFjHVtrixCi2qp4DA@mail.gmail.com> <BN8PR07MB7076A6456CAB48EF428D6E8695F89@BN8PR07MB7076.namprd07.prod.outlook.com> <65d0d9ac-77fc-c200-09e3-0c3949ca1541@gmail.com> <CAN-Dau2FS99ewfgH8xk-jSJFCnO92CJV9ZC98DUE2UDR7V1Eww@mail.gmail.com> <CANMZLAYbpZBDA8uFnJqfWfWTQ4S9RN4a-DqWe36qzfAfDtXiQA@mail.gmail.com> <CAN-Dau0BjRR2_7xz38DpJsz0Y=Z_8bV5n-=Eh1QUVEDzqVxmaA@mail.gmail.com> <CAPt1N1=H=eAyRu0JcHnLpZEUizDZ4Kj0VwPu=0nM=Wn+y3Ho1w@mail.gmail.com> <CAM5+tA_4rtSkgEuRUFZ2LYr6i8a7vWeKODYieVARF3RbRvgRww@mail.gmail.com> <BN8PR07MB7076DE3E745CB916FB81879595FA9@BN8PR07MB7076.namprd07.prod.outlook.com> <ADAE42CE-448F-42F5-89BE-692F493E2DC8@consulintel.es> <CAM5+tA_ksJ+agY1tze1-zPHLsgYFgjEYtnuPs+ffZbnRqiHytw@mail.gmail.com> <BAD082DA-0958-4926-B3E5-4E4599A75078@consulintel.es> <BN8PR07MB7076564E50C0DAFBFAB950FD95FA9@BN8PR07MB7076.namprd07.prod.outlook.com> <CAPt1N1ncVkekecS=dBHSR3WtaEMruy55Udxy0WSMGTgbN24pKw@mail.gmail.com> <CAM5+tA8-Zqka-vZ9jRL3wn0dtfuJj0ECx_k9prwyS2ypisaPtw@mail.gmail.com> <FB031B76-7E88-4824-876F-D1A05F8D2215@thehobsons.co.uk>
In-Reply-To: <FB031B76-7E88-4824-876F-D1A05F8D2215@thehobsons.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iparchitechs.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 39e8b928-ad04-4d3a-8d64-08da2901d693
x-ms-traffictypediagnostic: CY4PR07MB2856:EE_
x-microsoft-antispam-prvs: <CY4PR07MB2856550330A3DCCE2A03C56795FD9@CY4PR07MB2856.namprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: WlMBz73a5HnC/RLOTahI6+qOe9dh7yv6ojkgn3fmlxSiejHxzNygL+1HDDxbZit9Kay9vGe1/wALwY1mZbNqTXgtrhJqO9KZbYKBPsf5NDTGaYS78tR3ROKmpUTylGt2cMdgzF5VEyF5J3o4XOpPbIBToeWRFsTtRffau+PxhzzuRWmqe6PPDyqd6GJsRAZciMJBiFPuYjAEYztYZz/lbYBK47peD5OIvDFl7KHkw8adLLSvHXaxGM/67Nm7B/LiHvaenLhNvOIU9+7DduGlKsK5qfLdnT94rDmlTq2uLwRyLiTvU/lMgu+V3bChbBS+ZRZC/08F37qMKehU9Jank6fCXXj+D5S0qzPItKWZqZ0CtYNA5JeLDKdSM5bEdZ2ZnD2IhQIxPwAJJtpQemeGmPEnLIT7nCrIYghsXRhigaodU01Ijw5Ixa/WlzPc+xW2rxXBQ6zQJNOC0j/+8JwSD1yTlNxIsMnrgBvSWGKaA+8h1qHuXK5jQTDTlM+BtJLkqdQvnItDKFgbIBoQfKt4Aqm3ZJNXatFTGpj+JkSLmUrGXi2Iy+ZWVrpr7x8I3gxawfzzgwyTdCAEeYcBd1oeoSvVi6FfbR1CxBSaYX38G7vXEUl6VT4mWVby+ensLeY59ZA34DYFgbPb0qBYYdwgyU32Fe424k2mywvGB8wswLYSy7ol84wuBmmcvHJXxRkgu71W+i1LnYUywDTosrTB4nug7HPV2avnMXzlZ5RmXZjEQi2JWo1aGaqdB5PkzElO3K1nUCz8qppVjIZtLNWcDKQMabc4UVrrka7r6R8cVdQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN8PR07MB7076.namprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(346002)(366004)(376002)(396003)(39830400003)(136003)(966005)(508600001)(86362001)(71200400001)(122000001)(6506007)(9686003)(53546011)(38070700005)(38100700002)(76116006)(66556008)(7696005)(186003)(66476007)(316002)(55016003)(2906002)(44832011)(33656002)(5660300002)(66946007)(8936002)(110136005)(52536014)(83380400001)(64756008)(8676002)(66446008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: 8wIHRFOgPW3WTI/OU4BGT5nJX8lZRJ0BHnzbJ9bvsFQUjEWysofno1NOGUU5gD/v1dACYLkloyuOsNEhy9KzFr8VwHFLmBXeZFMFEL90wAW6kZjvD83NXLlClFU5t9EY29HhmHTI8xxrdj2USgBovS1F49nyaO6htAnAUYwkGPS+Bs84T8S6mR56tbOfF879jMs3r8PjvAcNf+wupxYjA1I9f/hseZlK55Qy1tlYuBXlH3Ko7rqhfYJ2sMEx+z4qp75Fh8Mz8hw87whjOyFtATg1AtbIo2eDIWQrsv26BX9b4eIVgO70yfgpQeg73oreDdAQW4ENRKHl4GI2BtYY1H9mQRNJqEx7fMlrgVg/x49G60L5PRebFZbF6d5D6DHXq6pKTZo/BNoauqV0HEFwUICN2LHiwrLwqW3124MHaEpAkB8RFbE3Q5cckNQf6siw9V6weF4AZI863Qp27Da51oZxuN2JoGBJqodmsY3fLEtEmn6dD0a0c/oKTBBf+NRjFBN5FdiaPni6AzkABQ2GdUCu9GL5M2aLHKpvl3hADGhWQp7Zd9ARe7Y56xA+1V75rnnYDNqA/u46xaXwxdrebWZQtxFkPRoNq+oGOiRT+zgi1TzsdP0PL90aGBuqw22bvgqx2fjbD3SFvlSOlMwgAgUNVATZ+7/oJ4wJLb+lC636nkMcxwRV56zmGFD3qJ2RtMf+5XK2ujIxKVjoGDCa9RTFVlHy6kOrI01UR9r4K8ZHwV2vaRG0xOXD7RzYJG1JLnSyHlxlNHygabbL8RpZX4L2g6QBVyfOcgvCvIgKjftco7zWM2kxWtqQWvSPij7gO/R7nrJx3TuCfWWxe2lar117sJn7fX2r8fQ28fxPzpkh1YtgVFlm2a1cFSmQY7cjgmBpPsaAI5V9qEuLFMYvKr2RMVVbM70CYFO41CWJ5ONd5S4NAemgKszgjUf70aZRc23EtF5cXa1JMSgxxea+PCWiPDsHUwsXjIcaPLkgvHEggSsnkASCrdqgpi6aKyvnm7KeO+9V+9b/RnCohtI6vEGamyAUJa4A1PZhOhkCEFjXkar7Ly2ltSfWMCCF8UzplxiTc2vpCwFBpF0I57xdAA0aMW74lIzGql6UndQ72N4OKG0NOpoEEwyZQnqiL0aGG7eEdndyrxXQzH5da3oW1GGKYc6qFKkgNKhlDwKtvojdFKyIlmz8iZuseZa1Qh4Ynd57UY8TlIfKORWzmeyIjOkpB/Wp+zrUIxyN+a+anM19Owy5+kssq/cAPlzlB9ITQXvakGDf0kTamXtUJj854CO12TAmeo2wpJJLi10vRzqJTrwGVjza5O0EEbqJ0+rNKVMg7kUEHiL+bZlIE4uqozG/Cn7KCnYzltOe1G19jv/G4OfzoI6or/zGna65//NEqeTMGTr3h4OvSDuXrHyL43C3FqH84xCjTNnYd+D2U/N5SskbwPz+4E0lsujJRwrHPNM/DIZ33kjagL6awMCxNVmFlwwPGUfaGxA919yINatQo6IUMXr1jHukLfmAotBF8aQ66WZtDv25CVIBk19xtqS9vPx2aJob29bpTqIWU3moBgFshrdk+NKyK9i/4UoqenPOilu+Muvep93nq6TPM4GGfHkGUqOR9p4p69v5IpjOV9aRXUlBRrDW1xyCDD6mOtU6OaEoBLdLulpoOxCGs38Bw96nSkls69oiOl8hGYXAmzAmBci8biDu3corMLCQc1fTLARug+2WlVk2IExiHQoIj7K7LnPA4q6NXZd/FB3bJklS2DFPB06SGOc7YIIGLS9B4HBg
x-ms-exchange-antispam-messagedata-1: lKWgLHy/5o68NguKOagqUGdE0dMP8zk10v4=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: iparchitechs.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN8PR07MB7076.namprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 39e8b928-ad04-4d3a-8d64-08da2901d693
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Apr 2022 10:28:29.7578 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 394cfad8-1b06-48c6-b381-e12377a8fdde
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: OLp9zChBrPU/wYILUXdOk2TQpjRxoJGRgSd+F+8zIV+vep2JeSGL1pRET8vnsvHB6tDbaxEvRsiNHyKJ3kVOoJfB9RpgMUgfaq1tuzEhFAE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR07MB2856
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/GqtYSx9r3LQmU_R3Dq4nj-WAi1M>
Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2022 10:28:39 -0000

I don't think anyone is making the argument that we shouldn't bother engaging the regulatory communities to update the standards for IPv6 because it will take a decade to change the requirements. I fully support that endeavor and it should begin as soon as possible. In the intervening years, we need guidance on transition solutions and as Nick mentioned, a functional space that isn't ULA because ULA is broken. 

There is a clear and documented operational gap - it will be filled in one of two ways:

1) ULA cannot be fixed in any reasonable time frame - it will take years to update operating systems. The IETF can work towards allocating GUA space to solve the shortcomings of ULA and provide BCP on when and how this should be used.
   
2) If the IETF decides to punt and "wait it out", networks that have these requirements will, at best, find their own path to an IPv6 solution which will involve squatting on GUA space to bypass ULA issues. Or worse, they'll remain on IPv4 inside the data center indefinitely - which means we aren't updating applications, storage or systems for IPv6. 

And to reiterate, PCI-DSS is but one standard, we have banking, healthcare, manufacturing, energy and utilities to contend with - which isn't even an exhaustive list - they all have compliance frameworks with similar struggles. By working on transition strategies, the IETF has a chance to lower the barrier to entry for IPv6 with networks that have much tighter restrictions than those we build solely in the DFZ. 

The constraints these networks must work under are very real and legally binding regardless of whether we agree with the technical merits - the sooner this is acknowledged and we begin working on a solution, the better we'll be able to help compliant networks, systems and applications use IPv6.  :)

-----Original Message-----
From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Simon
Sent: Thursday, April 28, 2022 4:14 AM
To: 6man list <ipv6@ietf.org>; v6ops list <v6ops@ietf.org>
Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]

Nick Buraglio <buraglio@es.net> wrote:

> I also find it interesting that "keeping ipv4" is even a reasonable 
> choice to entertain. Clearly IPv6 is the long term path forward, and 
> it would behoove us to help with that simply from a protocol 
> simplification perspective. IPv4 isn't "working for them"
> it's the standard they are evaluated against

Translation (as previously mentioned):
The IPv6 community needs to engage with this other regulatory community to get them to bring their standard into the 21st century.

As long as the PCI standard effectively mandates IPv4 & NAPT then it’s going to be an uphill struggle.


On a much smaller scale I’ve been on the receiving end of this with a previous work hat on. Unknown to us in the IT dept, we would get various audits - insurers, finance auditors, parent company, blah, blah. Often the first we’d know about it would be manglement coming to us and saying “we need to do X because auditors” - no matter whether X is a sensible thing to do or not, or even if the technology we were using at the time supported it. Not running Windows servers would often confuse them !

Unfortunately, we were rarely brought in at the right stage so we could have that discussion where the auditor needs to tick a box, and we could explain “we do it this way, for these reasons - and that supports the objective you are trying to tick a box for”.


Arguing that trying to change the PCI requirements will take a decade, therefore we should bother, is simply kicking the problem down the road. The sooner “someone” starts that conversation, the sooner that 10 years will come round. Leave starting that conversation for another year means it’ll be 11 years, and so on.
As the proverb says "A journey of a thousand miles begins with a single step”.

And I guess the “someone” needs to be a person (or group) who have feet in both camps (IPv6 and PCI).

Simon

_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email