Re: [v6ops] draft-vf-v6ops-ipv6-deployment

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Wed, 24 March 2021 15:13 UTC

Return-Path: <prvs=17172b6c16=jordi.palet@consulintel.es>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 584AA3A2E6E for <v6ops@ietfa.amsl.com>; Wed, 24 Mar 2021 08:13:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.742
X-Spam-Level:
X-Spam-Status: No, score=-0.742 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_LINK_PLUS=0.012, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, SPF_HELO_NONE=0.001, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YVwbqtAi3bOY for <v6ops@ietfa.amsl.com>; Wed, 24 Mar 2021 08:13:21 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [IPv6:2001:470:1f09:495::5]) by ietfa.amsl.com (Postfix) with ESMTP id E04603A2E71 for <v6ops@ietf.org>; Wed, 24 Mar 2021 08:13:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1616598797; x=1617203597; i=jordi.palet@consulintel.es; q=dns/txt; h=User-Agent:Date: Subject:From:To:Message-ID:Thread-Topic:References:In-Reply-To: Mime-version:Content-type:Content-transfer-encoding; bh=LBKCbPhk pEUm9GQNUlMza5z+o0C6k+3aqyKGdjRlqhI=; b=Z12PgZFfg1wVJEO5uszVtub6 5X2crUwj5M7lk9OQRqJQNVaBkrkkVY6wQElwy7LBSBLUH1N3wOGQHpFjfFqo+56J mr8Q4En0dt2qAHCVeIVubHTdFkZ9QQ8CnRflrP+dim4r9OppRUC/s/1o3Ix2ftv3 dKyQwFdPljkjgseY73o=
X-MDAV-Result: clean
X-MDAV-Processed: mail.consulintel.es, Wed, 24 Mar 2021 16:13:17 +0100
X-Spam-Processed: mail.consulintel.es, Wed, 24 Mar 2021 16:13:15 +0100
Received: from [10.10.10.145] by mail.consulintel.es (MDaemon PRO v16.5.2) with ESMTPA id md50000556468.msg for <v6ops@ietf.org>; Wed, 24 Mar 2021 16:13:14 +0100
X-MDRemoteIP: 2001:470:1f09:495:dd8:91f9:b11c:7792
X-MDHelo: [10.10.10.145]
X-MDArrival-Date: Wed, 24 Mar 2021 16:13:14 +0100
X-Authenticated-Sender: jordi.palet@consulintel.es
X-Return-Path: prvs=17172b6c16=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: v6ops@ietf.org
User-Agent: Microsoft-MacOutlook/16.47.21031401
Date: Wed, 24 Mar 2021 16:13:12 +0100
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: "v6ops@ietf.org" <v6ops@ietf.org>
Message-ID: <1D378C51-569D-4E7E-B46E-1D8CD4D75D5E@consulintel.es>
Thread-Topic: [v6ops] draft-vf-v6ops-ipv6-deployment
References: <BL0PR05MB5316425C5650B5D2FE43DE4DAE6C9@BL0PR05MB5316.namprd05.prod.outlook.com> <CAB75xn4ioyzQ5AvUrPKVyuybjZRV__Tv1OMs70Lm-z9bo1Eo6g@mail.gmail.com> <74d6dca7019f44aba09caf47ef703e2f@huawei.com> <CAB75xn7=swhtwqRuV6SoWoMO7jtCcPCc02XiVpAjE=VUx8CyaQ@mail.gmail.com> <6059897e.1c69fb81.ac270.d863SMTPIN_ADDED_BROKEN@mx.google.com> <749643a7-313f-4bd1-8bb8-7dc26d830070@gmail.com> <605aae8f.1c69fb81.8a8ed.04b7SMTPIN_ADDED_BROKEN@mx.google.com> <35c4cf4f-0128-dff6-27a3-4cc868539f7f@gmail.com> <9614BF99-431D-4046-9762-0F111AFBB27D@consulintel.es> <a498117e-4834-41f8-5c90-ad7734d07220@hit.bme.hu> <e770fec1-2189-f683-6c74-36e32541c53d@gmail.com> <abe65114-d9c9-10ee-2c78-449051acbb61@hit.bme.hu> <3c50c72b-b606-a6cf-3095-f08ad48eecf5@gmail.com> <2A0C2B40-2DA4-4941-A09F-5BD31EDA3301@consulintel.es> <f6bdc2840af54f49a6c9113f088cbc36@huawei.com>
In-Reply-To: <f6bdc2840af54f49a6c9113f088cbc36@huawei.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/87UoKqm6yEMAIAGd7t8MM14sCf8>
Subject: Re: [v6ops] draft-vf-v6ops-ipv6-deployment
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2021 15:13:25 -0000

Yes, but I'm guessing that Alex is doing an "experiment" and the ISP actually provides him dual-stack. I think he mention already Free in a previous email.

 
Regards,
Jordi
@jordipalet
 
 

El 24/3/21 16:09, "v6ops en nombre de Vasilenko Eduard" <v6ops-bounces@ietf.org en nombre de vasilenko.eduard@huawei.com> escribió:

    Hi Jordi,
    But NAT64 should have one interface in IPv4. That is not possible on the "single VM in your own network" if your network is IPv6 only.
    You have to pay some cloud provider for this VM together with public IPv4.
    It is not expensive (like 5$ per month), but it is probably too much hassle for the majority of users.

    I do not believe that there is any provider with IPv6-only, but without NAT64. They would lose too many users as a result of such policy.
    Hence it is better to search for proper prefix in particular IPv6-only network.
    Eduard
    -----Original Message-----
    From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of JORDI PALET MARTINEZ
    Sent: Wednesday, March 24, 2021 5:48 PM
    To: v6ops@ietf.org
    Subject: Re: [v6ops] draft-vf-v6ops-ipv6-deployment

    I think you need to read the NAT64 and related RFCs ...

    If your ISP doesn't offer the NAT64, then it is really bad to use IPv6-only in your network. I may understand that you do that as an experiment, but then you can setup your own NAT64, it is really simple in any Linux or even an OpenWRT CPE.

    You may also setup a DNS64 and I will suggest also to setup a CLAT, all that can be done via VMs, even a single VM in your own network.

    Regards,
    Jordi
    @jordipalet



    El 24/3/21 15:33, "v6ops en nombre de Alexandre Petrescu" <v6ops-bounces@ietf.org en nombre de alexandre.petrescu@gmail.com> escribió:

        Hi, Gabor,

        Thanks for the reply.  Allow me to continue this discussion.

        Le 24/03/2021 à 13:11, Gabor LENCSE a écrit :
        > Dear Alex,
        > 
        > I meant that you need to do the address synthesis manually. I 
        > intended the 64:ff9b::/96 WKP only as an example.

        As a side note,  I think that 64:ff9b::/96 prefix might need a 32bit
        IID, which is probably forbidden by the IPv6 Addressing Architecture RFC
        4291 ("For all unicast addresses, except those that start with the
        binary value 000, Interface IDs are required to be 64 bits long").

        This is not to say that I disagree with the 64:: prefix, but maybe point
        to what appears to me to be a slight incoherency.

        > First, you need to find out the NAT64 prefix used by your ISP. (RFC 
        > 7050 describes the process.)

        I wanted to ask: do you mean the NAT64 prefix that my ISP uses, or the
        ISP that the data provider (the URL in question) uses?

        I am saying this because I think my ISP does not provide NAT64 service
        to home.  It is probably an optional feature.

        > Then, you can synthesize and use the proper IPv4-Embedded IPv6 
        > Address. (I hope that the IPv6 routing will find the NAT64 gateway 
        > based on the NAT64 prefix.)
        > 
        > Of course, it is just a hack, DNS64 makes our life easier, if the 
        > IPv4 only server is registered in the DNS system. And, naturally,
        > the real solution is that the server should have an IPv6 address.
        > :-)

        Yes, I agree with it too.

        Alex

        > 
        > Best regards,
        > 
        > Gábor
        > 
        > On 3/24/2021 10:59 AM, Alexandre Petrescu wrote:
        >> 
        >> :-)
        >> 
        >> 
        >> Le 24/03/2021 à 09:39, Gabor LENCSE a écrit :
        >>> Of course, it is better to use DNS,
        >> 
        >> 
        >> I agree.
        >> 
        >> 
        >>> but if you have only an IPv4 literal AND you know the NAT64 
        >>> prefix used in your network, then you can synthesize the (RFC 
        >>> 6052) IPv4-embedded IPv6 address manually. :-)
        >> 
        >> 
        >> For that to work there is a need to implement some conversion in a 
        >> network box (NAT64?  464XLAT?) _and_ in the client.
        >> 
        >> 
        >>> 
        >>> The URL would look like:
        >>> 
        >>> https://[64:ff9b::218.2.231.237]:5001/cgi-bin/generate
        >> 
        >> 
        >> thanks for the converted URL.
        >> 
        >> I clicked on it in my Mail User Agent (MUA) client Thunderbird on 
        >> an IPv6-only PC and it quickly complains about something that
        >> might relate to security.  It complains about it very quickly,
        >> there is no circling pointing to wait for response of discoverying
        >> some server in the infra, or waiting reply from a site.
        >> 
        >> It says: "The link text indicates 'A' but it leads to 'A'" where A 
        >> is the hex text with ":" everywhere converted from the hex you 
        >> provided above containing 4 dots.  Remark A is the same as A, and 
        >> the error reporting is wrong.  That is a client problem that 
        >> deserves correction (a bug).
        >> 
        >> But it is a larger client problem too in that clients on PCs dont 
        >> have that support for '64::' addresses.  Smartphones might have 
        >> that support.  I am not sure it is good to consider that lack of 
        >> implementation of "64::" addresses in clients to be a bug.
        >> 
        >> 
        >> Alex
        >> 
        >> PS: for firefox: when I copy paste that URL 
        >> https://[64:ff9b::218.2.231.237]:5001/cgi-bin/generate on my 
        >> address bar of web browser firefox on my IPv6-only PC it tries to 
        >> connect to something, waitslike 10 seconds, and then firefox 
        >> reports 'The wait delay has been reached' (translated) and stops 
        >> waiting.  Firefox is also affected by this problem in protocols.
        >> 
        >> 
        >>> 
        >>> Hopefully, your ISP uses a Network-Specific Prefix, and not the 
        >>> NAT64 Well-Known Prefix.
        >>> 
        >>> Gábor
        >>> 
        >>> On 3/24/2021 9:02 AM, JORDI PALET MARTINEZ wrote:
        >>>> It will be much better to use DNS, not literals!
        >>>> 
        >>>> You probably don't see that from an IPv6-only network because 
        >>>> it is a literal (if you have NAT64+DNS64 it will work with
        >>>> DNS, if you have 464XLAT it will also work with a literal
        >>>> IPv4).
        >>>> 
        >>>> El 24/3/21 8:53, "v6ops en nombre de Alexandre Petrescu" 
        >>>> <v6ops-bounces@ietf.org en nombre de 
        >>>> alexandre.petrescu@gmail.com> escribió:
        >>>> 
        >>>> 
        >>>> 
        >>>> Le 24/03/2021 à 04:14, hsyu a écrit :
        >>>>> Dear Paolo and  Alexandre,
        >>>>> 
        >>>>> Thank you very much for your interest in this website. This 
        >>>>> is a test website, and the current data still
        >>>> needs
        >>>>> further confirmation. Therefore, I will post it after the
        >>>> data is corrected.
        >>>> 
        >>>> Hi,
        >>>> 
        >>>> Thank you for the reply.
        >>>> 
        >>>> The data on the website might be correct already.  I can see
        >>>> it on an IPv4 connection.
        >>>> 
        >>>> But the access to that data should be on IPv6 too, not only on 
        >>>> IPv4.
        >>>> 
        >>>> Ideally, one should add an IPv6 address to the computer's 
        >>>> interface. Then the URL would be something like 
        >>>> https://[2001:db8:1::1]:5001/cgi-bin/generate (attention that 
        >>>> is an IPv6 address for documentation, do not put that 
        >>>> particular address on the interface)
        >>>> 
        >>>> Alex
        >>>> 
        >>>>> 
        >>>>> 
        >>>>> Haisheng Yu(Johnson) hsyu@cfiec.net
        >>>>> 
        >>>>> 
        >>>> <https://maas.mail.163.com/dashi-web-extend/html/proSignature.html?ftlId=1&name=Haisheng+Yu%28Johnson%29&uid=hsyu%40cfiec.net&iconUrl=https%3A%2F%2Fmail-online.nosdn.127.net%2Fsm50a1433bca9fb284d4265d35e9ed54d3.jpg&items=%5B%22%22%2C%22hsyu%40cfiec.net%22%2C%22%22%2C%22%22%2C%22%22%5D>
        >>>>
        >>>>
        >>>> 
        > 
        >>>>> 签名由 网易邮箱大师
        >>>> <https://mail.163.com/dashi/dlpro.html?from=mail81>
        >>>>> 定制 On 3/24/2021 02:14,Alexandre
        >>>> Petrescu<alexandre.petrescu@gmail.com>
        >>>>> <mailto:alexandre.petrescu@gmail.com> wrote:
        >>>>> 
        >>>>> Hi,
        >>>>> 
        >>>>> Thank you for the link in China about IPv6 deployment.
        >>>>> 
        >>>>> But I can not see it :-(
        >>>>> 
        >>>>> When I copy paste that link
        >>>> (http://218.2.231.237:5001/cgi-bin/generate)
        >>>>> in my web browser  it responds that the connection has
        >>>> failed.  I use an
        >>>>> IPv6-only computer (Windows with IPv4 unchecked in the
        >>>> interface
        >>>>> Properties).
        >>>>> 
        >>>>> Ideally, one would put data about IPv6 on a server that
        >>>> is also capable
        >>>>> of doing IPv6.
        >>>>> 
        >>>>> Maybe one can put an IPv6 address on the server
        >>>> 218.2.231.237?
        >>>>> 
        >>>>> Alex
        >>>>> 
        >>>>> 
        >>>>> Le 23/03/2021 à 07:21, hsyu a écrit :
        >>>>> 
        >>>>> Hi Paolo, I can also provide some data on the
        >>>> deployment of IPv6 in
        >>>>> China. http://218.2.231.237:5001/cgi-bin/generate
        >>>>> 
        >>>>> Best regards.
        >>>>> 
        >>>>> Haisheng Yu(Johnson) hsyu@cfiec.net
        >>>>> 
        >>>>> 
        >>>> <https://maas.mail.163.com/dashi-web-extend/html/proSignature.html?ftlId=1&name=Haisheng+Yu%28Johnson%29&uid=hsyu%40cfiec.net&iconUrl=https%3A%2F%2Fmail-online.nosdn.127.net%2Fsm50a1433bca9fb284d4265d35e9ed54d3.jpg&items=%5B%22%22%2C%22hsyu%40cfiec.net%22%2C%22%22%2C%22%22%2C%22%22%5D>
        >>>>
        >>>>
        >>>> 
        > 
        >>>>> 
        >>>>> 签名由 网易邮箱大师 <https://mail.163.com/dashi 
        >>>>> /dlpro.html?from=mail81> 定制 On 3/23/2021 12:40,Dhruv 
        >>>>> Dhody<dhruv.ietf@gmail.com> <mailto:dhruv.ietf@gmail.com> 
        >>>>> wrote:
        >>>>> 
        >>>>> Hi Paolo,
        >>>>> 
        >>>>> I think we should highlight that we do not have
        >>>> visibility
        >>>>> inside the enterprises beyond the external-facing website or
        >>>>> 
        >>>> email and thus it
        >>>>> is also difficult to gauge the IPv6 deployments
        >>>> inside enterprises.
        >>>>> 
        >>>>> [PV] Ok. Probably here you refer to small-medium
        >>>> enterprises. For
        >>>>> large enterprises public data on the usage of IPv6
        >>>> can be retrieved
        >>>>> (Nalini, in copy, provided a good input on IPv6 in large 
        >>>>> organizations). We will better specify this point in
        >>>> the next
        >>>>> version of the draft.
        >>>>> 
        >>>>> 
        >>>>> I had this NIST data in mind - 
        >>>>> https://fedv6-deployment.antd.nist.gov/cgi-bin/generate-com
        >>>> which
        >>>>> includes large enterprises and relies on DNS, mail,
        >>>> external
        >>>>> website. Also, see Eric's site - 
        >>>>> https://www.vyncke.org/ipv6status/detailed.php?country=in
        >>>>> 
        >>>>> Thanks! Dhruv
        >>>>> 
        >>>>> _______________________________________________ v6ops
        >>>>> mailing
        >>>>> 
        >>>> list
        >>>>> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
        >>>>> 
        >>>>> 
        >>>>> _______________________________________________ v6ops
        >>>>> mailing
        >>>>> 
        >>>> list
        >>>>> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
        >>>>> 
        >>>> 
        >>>> _______________________________________________ v6ops mailing 
        >>>> list v6ops@ietf.org 
        >>>> https://www.ietf.org/mailman/listinfo/v6ops
        >>>> 
        >>>> 
        >>>> 
        >>>> ********************************************** IPv4 is over
        >>>> Are you ready for the new Internet ?
        >>>> http://www.theipv6company.com The IPv6 Company
        >>>> 
        >>>> This electronic message contains information which may be 
        >>>> privileged or confidential. The information is intended to be 
        >>>> for the exclusive use of the individual(s) named above and 
        >>>> further non-explicilty authorized disclosure, copying, 
        >>>> distribution or use of the contents of this information, even 
        >>>> if partially, including attached files, is strictly prohibited 
        >>>> and will be considered a criminal offense. If you are not the 
        >>>> intended recipient be aware that any disclosure, copying, 
        >>>> distribution or use of the contents of this information, even 
        >>>> if partially, including attached files, is strictly
        >>>> prohibited, will be considered a criminal offense, so you must
        >>>> reply to the original sender to inform about this communication
        >>>> and delete it.
        >>>> 
        >>>> 
        >>>> 
        >>>> _______________________________________________ v6ops mailing 
        >>>> list v6ops@ietf.org 
        >>>> https://www.ietf.org/mailman/listinfo/v6ops
        >>>> 
        >>> 
        >>> _______________________________________________ v6ops mailing 
        >>> list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
        >> 
        >> _______________________________________________ v6ops mailing list
        >>  v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops

        _______________________________________________
        v6ops mailing list
        v6ops@ietf.org
        https://www.ietf.org/mailman/listinfo/v6ops



    **********************************************
    IPv4 is over
    Are you ready for the new Internet ?
    http://www.theipv6company.com
    The IPv6 Company

    This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.



    _______________________________________________
    v6ops mailing list
    v6ops@ietf.org
    https://www.ietf.org/mailman/listinfo/v6ops
    _______________________________________________
    v6ops mailing list
    v6ops@ietf.org
    https://www.ietf.org/mailman/listinfo/v6ops



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.