Re: [v6ops] draft-anderson-v6ops-siit-dc-01

[Tore Anderson <tore@fud.no>]

* Ca By <cb.list6@gmail.com>

> On Monday, December 8, 2014, Tore Anderson <tore@fud.no> wrote:
> 
> > * Ca By <cb.list6@gmail.com <javascript:;>>
> >
> > > I have a one minor comments about draft-anderson-v6ops-siit-dc-01.
> > >
> > > The I-D identifies a real network scaling problem where
> > > dual-stack is not an acceptable solution since it does not allow
> > > network operators to decouple IPv4 addresses from nodes deployed,
> > > thus nodes deployed cannot scale beyond IPv4 address holdings
> > > with dual-stack.  The IETF needs to provide better guidance than
> > > "dual-stack everything".  But, the I-D does not address the
> > > simplest solution of simply having IPv4 nodes for IPv4 traffic
> > > and IPv6 nodes for IPv6 traffic.  This allows a data center
> > > operator to get the most usage out of scarce IPv4 nodes since
> > > they pick up the IPv4-only users (excluding Apple happy
> > > eyeballs!!!) while the IPv6 nodes pickup the IPv6 capable users.
> > > Now, this approach of IPv4-only nodes and IPv6-only nodes works
> > > great when you are Facebook and your smallest unit of
> > > provisioning is a fully packed rack of gear.  If you are a
> > > smaller operator, you may not have enough traffic to justify an
> > > IPv6-only node, yet you still have to scale nodes beyond IPv4
> > > holdings.  There is also the case where uniformity of
> > > provisioning is seen as being a higher value than having 2
> > > flavor: v4 and v6... thus draft-anderson-v6ops-siit-dc-01
> > > certainly fits a need, but it should be context of dual-stack and
> > > single stack v4 and v6.
> >
> > I'm not so sure about having separate IPv4-only and IPv6-only
> > infrastructures solves anything, actually...
> >
> > To continue the Facebook analogy with a rack of IPv4-only frontend
> > nodes and another rack of IPv6-only frontend nodes that serve
> > IPv4-only and IPv6-capable users: Presumably all those users need
> > to be shown the same content, regardless of which IP version they
> > used to request it. So those IPv4/IPv6-only frontend racks
> > necessarily share a common set of backend servers - and if they're
> > to be reachable from both the IPv4-only and the IPv6-only frontend
> > nodes, then the backend nodes must necessarily be dual-stack.
> >
> >
> Let's assume the backend is ipv6-only.
> 
> The ipv4-only front-end is in-fact dual stack but it has public v4 in
> public dns to be reached by clients but no public dns entry on the
> ipv6 side.  This is what allows for the separation of ipv4 and v6
> users

I see. I think I'd call this «Partial dual-stack» or somthing like it.
I don't think there is a material difference between having a single
set of dual-stacked frontends, or two separate sets of frontends (one
IPv6-only serving IPv6 users and the other dual-stack serving IPv4
users). The properties of such a solution remains the same, essentially:

The Good:

* No translation, so end-to-end principle remains intact..
* Compatible with all application protocols
* Alleviates IPv4 address scarcity to almost the same extent as SIIT-DC
  but not quite (as IPv4 addresses are still required for non-service
  purposes like the DC network infrastrucuture and some might go to
  wast due to subnets being rounded up to the next CIDR boundary).

The Bad:

* You still dual-stack in places, resulting in increased complexity.
  Apart from the frontend servers themselves and the applications
  running on them, this also applies to the DC network infrastructure,
  including any firewalls, ACLs, load balancers, etc.
* Can't support any IPv4-only application software, application
  protocols, or devices in the backend.

I'm thinking I could write up a separate appendix B.5 to describe this.

Tore