Re: [v6ops] Operational Consensus on deployment
Philip Homburg <pch-v6ops-3@u-1.phicoh.com> Tue, 05 August 2014 21:40 UTC
Return-Path: <pch-bBB316E3E@u-1.phicoh.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 905CD1B2BF8 for <v6ops@ietfa.amsl.com>; Tue, 5 Aug 2014 14:40:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.9
X-Spam-Level:
X-Spam-Status: No, score=-3.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qei4cb36K4fP for <v6ops@ietfa.amsl.com>; Tue, 5 Aug 2014 14:40:07 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo6.hq.phicoh.net [IPv6:2001:888:1044:10:2a0:c9ff:fe9f:17a9]) by ietfa.amsl.com (Postfix) with ESMTP id 2A2F41B2BF6 for <v6ops@ietf.org>; Tue, 5 Aug 2014 14:40:07 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (Smail #91) id m1XEmSi-0000A8C; Tue, 5 Aug 2014 23:40:04 +0200
Message-Id: <m1XEmSi-0000A8C@stereo.hq.phicoh.net>
To: Tore Anderson <tore@fud.no>
From: Philip Homburg <pch-v6ops-3@u-1.phicoh.com>
Sender: pch-bBB316E3E@u-1.phicoh.com
References: <256EAE0B-5C11-42C7-BCA1-CEC7EE6713A7@cisco.com> <53DFD634.4020304@fud.no> <DE860EBC-171E-46E7-A3B6-5E8B79A453CC@cisco.com> <53DFEC6C.3010707@gmail.com> <CAD6AjGRUWxT5XiNxMi_S5VgYtGMLb_FVHXN-ZfGpcY=geix15g@mail.gmail.com> <53E06AC9.9010908@fud.no> <4F7D76F6-BD81-453B-94DC-A3C3DFF68505@delong.com> <8600C096-37D0-4651-92C1-BCFDBA674433@nominum.com> <CAD6AjGTBfyT-zNDJtBKCNtRxd=Hi07678Sr_-HgSGYbjAiF3Tg@mail.gmail.com> <C5281716-DC04-42E6-AC82-0D53E5DA0284@nominum.com> <53E1236A.605@fud.no> <m1XEkJJ-0000BuC@stereo.hq.phicoh.net> <53E13A3B.4050303@fud.no>
In-reply-to: Your message of "Tue, 05 Aug 2014 22:10:35 +0200 ." <53E13A3B.4050303@fud.no>
Date: Tue, 05 Aug 2014 23:39:57 +0200
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/J9i0riqM21sMyBktXgWc9vlbUpI
Cc: IPv6 Ops WG <v6ops@ietf.org>
Subject: Re: [v6ops] Operational Consensus on deployment
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Aug 2014 21:40:09 -0000
In your letter dated Tue, 05 Aug 2014 22:10:35 +0200 you wrote: >The current IPv6 dual stack transition mechanism is defined in RFC 4213, >and it makes no reference to NAT whatsoever. This thread started out by >Fred asking if we needed to update the consensus that dual stack is the >IETF-recommended transition method, and in that context, no I not >consider that the current dual stack recommendation includes NAT44*. > >It would certainly be possible to update RFC 4213 to mean that the new >recommendation is to do NAT44* in combination with IPv6, though. But I >don't think that's a good idea. We find ourselves in a hole, so maybe we >should stop digging instead of getting ourselves a new shovel... The IETF has ignored NAT44 for a very long time. Most home users don't actually have IPv4 access: they have a middle box that breaks things. Outside the IETF (and I assume to a large extent also inside the IETF) people will find this line of reasoning overly pedantic. To them, NAT44 is just part of the Internet. We can also be pedantic about 'dual stack' and refer to v6+v4 or v6+NAT44 or v6+NAT444. However I think the meaning of dual stack is the concept that IPv4 and IPv6 are independent. Neither is tunneled over or translated into the other. In that sense, whether IPv4 is native or behind a CGN is not relevant. We matter is that IPv6 is completely independent of that. >If you by tunneling are referring to the catastrophe that was 6to4, then >I disagree. It is more like 6RD or MAP-E as it will typically contained >within a single administrative domain. No operator likes tunnels. 6RD is not considered 'native IPv6', it is a second class citizen. Personally I think tunneling IPv6 locally over IPv4 works very well. But there seem to be very few people who agree with that point of view. >As for other things failing, if you have some concrete examples, please >let me know. I'd certainly want to see if I can make those work, or if >not, make sure the drafts properly document the limitations causing the >failure. The thing is that in the IPv4 world, probably every coding mistake you can imagine is out there somewhere. Anything that differs from the way IPv4 is normally done, may cause things to fail in some small fraction of systems. To give a concrete example. The obvious solution to a lower MTU is actually path MTU discovery, but that doesn't work, so we do MSS clamping. Out in the field are middle boxes that break MSS clamping. The reason those boxes work is that every server supports an MTU of 1500. If your server doesn't, things break. >> I think it is safe to say that in your model you have enough public IPv4 >> address to run your services. What your proposal eliminates is the need >> for internal IPv4 addresses. > >That's right. No addresses lost due to network infrastructure, >servers/applications performing internal tasks, unused addresses on LAN >segments due to CIDR ^2 boundaries or space set aside for future growth. >One public service per IPv4 address only. I'd imagine that most internet >content providers have a much higher number of internal >applications/servers than they have public service addresses, so this >adds up to significant savings. Except that any truely internal server, you can already run on IPv6-only. No need to change anything in your front-end to do that. >Presumably you'll want a firewall inside of the SIIT gateway, to deal >with IPv6 ACLs? If so, you only need one firewall and only one ACL. If >you previously had an ACL that said something like in iptables syntax, >where 192.0.2.100 is the trusted IP address you want to allow: > >--source 192.0.2.100 --protocol tcp --dport ssh -j ACCEPT > >...with SIIT, you'd instead do, assuming 64:ff9b::/96 is the translation >prefix): > >--source 64:ff9b::192.0.2.100 --protocol tcp --dport ssh -j ACCEPT Now we wait for somebody to type 64:ff9b::192.0.2.0/24 instead of 64:ff9b::192.0.2.0/120. Also, this not in canonical form. So any program that outputs these address uses a different syntax. Try grepping your firewall config for an address you see in tcpdump and not finding it. And I wonder howmany people understand this notation at all.
- [v6ops] Operational Consensus on deployment Fred Baker (fred)
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Fred Baker (fred)
- Re: [v6ops] Operational Consensus on deployment Brian E Carpenter
- Re: [v6ops] Operational Consensus on deployment Fred Baker (fred)
- Re: [v6ops] Operational Consensus on deployment Mark Andrews
- Re: [v6ops] Operational Consensus on deployment Fred Baker (fred)
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Ca By
- Re: [v6ops] Operational Consensus on deployment Brian E Carpenter
- Re: [v6ops] Operational Consensus on deployment Ca By
- Re: [v6ops] Operational Consensus on deployment Ca By
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Gert Doering
- Re: [v6ops] Operational Consensus on deployment Czerwonka Michał 1 - Hurt
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment William F. Maton Sotomayor
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Ca By
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Ted Lemon
- Re: [v6ops] Operational Consensus on deployment Heatley, Nick
- Re: [v6ops] Operational Consensus on deployment Ca By
- Re: [v6ops] Operational Consensus on deployment Czerwonka Michał 1 - Hurt
- Re: [v6ops] Operational Consensus on deployment Philip Homburg
- Re: [v6ops] Operational Consensus on deployment Ted Lemon
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roaming… Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Philip Homburg
- Re: [v6ops] Operational Consensus on deployment Gert Doering
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Brian E Carpenter
- Re: [v6ops] Operational Consensus on deployment Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Philip Homburg
- Re: [v6ops] Operational Consensus on deployment Philip Homburg
- Re: [v6ops] Operational Consensus on deployment Ted Lemon
- Re: [v6ops] Operational Consensus on deployment Brian E Carpenter
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Mikael Abrahamsson
- Re: [v6ops] Operational Consensus on deployment Ross Chandler
- [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roaming… Tore Anderson
- Re: [v6ops] IPv4v6 roaming Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Philip Homburg
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Gert Doering
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Vízdal Aleš
- Re: [v6ops] Operational Consensus on deployment Gert Doering
- Re: [v6ops] Operational Consensus on deployment Philip Homburg
- Re: [v6ops] Operational Consensus on deployment Vízdal Aleš
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Tore Anderson
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… GangChen
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… GangChen
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… GangChen
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Tore Anderson
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… GangChen
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… GangChen
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… holger.metschulat
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Lee Howard
- Re: [v6ops] Operational Consensus on deployment Philip Homburg
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ca By
- Re: [v6ops] Operational Consensus on deployment Ca By
- Re: [v6ops] Operational Consensus on deployment Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Dave Michaud
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ca By
- Re: [v6ops] Operational Consensus on deployment Gert Doering
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Lorenzo Colitti
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… GangChen
- Re: [v6ops] Operational Consensus on deployment Ca By
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… GangChen
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Jouni
- Re: [v6ops] Operational Consensus on deployment Eric Vyncke (evyncke)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Dave Michaud
- Re: [v6ops] Operational Consensus on deployment Lorenzo Colitti
- Re: [v6ops] Operational Consensus on deployment Kossut Tomasz - Hurt
- Re: [v6ops] Operational Consensus on deployment Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Fred Baker (fred)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Ross Chandler
- Re: [v6ops] Operational Consensus on deployment Tore Anderson
- Re: [v6ops] Operational Consensus on deployment Ross Chandler
- Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-roa… Geir Egeland
- Re: [v6ops] Operational Consensus on deployment Ray Hunter
- Re: [v6ops] Operational Consensus on deployment Heatley, Nick
- Re: [v6ops] Operational Consensus on deployment Mark Andrews
- Re: [v6ops] Operational Consensus on deployment George Michaelson
- Re: [v6ops] Operational Consensus on deployment Heatley, Nick
- Re: [v6ops] Operational Consensus on deployment Kossut Tomasz - Hurt
- Re: [v6ops] Operational Consensus on deployment Eric Vyncke (evyncke)
- Re: [v6ops] Operational Consensus on deployment Owen DeLong
- Re: [v6ops] Operational Consensus on deployment Fred Baker (fred)
- Re: [v6ops] Operational Consensus on deployment James Woodyatt
- Re: [v6ops] Operational Consensus on deployment Fred Baker (fred)
- Re: [v6ops] Operational Consensus on deployment James Woodyatt
- Re: [v6ops] Operational Consensus on deployment Mark Andrews