IETF Logo Mail Archive

Re: [v6ops] Thoughts about wider operational input

"Ackermann, Michael" <MAckermann@bcbsm.com> Wed, 30 March 2022 14:32 UTC

Return-Path: <mackermann@bcbsm.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D54133A0820 for <v6ops@ietfa.amsl.com>; Wed, 30 Mar 2022 07:32:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=MAckermann@bcbsm.com header.d=bcbsm.com; dkim=pass (1024-bit key) header.d=bcbsm.com header.b=ajdHujHG; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=bcbsm.onmicrosoft.com header.b=P7Q1ArWp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TRLBdRfZYt8V for <v6ops@ietfa.amsl.com>; Wed, 30 Mar 2022 07:32:07 -0700 (PDT)
Received: from mx.z120.zixworks.com (bcbsm.zixworks.com [199.30.235.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A65A3A0819 for <v6ops@ietf.org>; Wed, 30 Mar 2022 07:32:07 -0700 (PDT)
Received: from 127.0.0.1 (ZixVPM [127.0.0.1]) by Outbound.z120.zixworks.com (Proprietary) with SMTP id A84DD23C7A1 for <v6ops@ietf.org>; Wed, 30 Mar 2022 09:32:06 -0500 (CDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ZIXVPM1670e2ded26; d=bcbsm.com; h=From:To:Subject:Date; b=VTxmq3CA1XlbW5O3iMMixm7Z27YdrvshH4+ryODlJ5hjqqhwcnmz0hBwYR34NgJT H51ba7Z5+jVsbAQEnB5Xant9ObvNlL1b+rZogVKu3CKcCiil3Xc5gNmVNLizhT 1So6mG5iWMBr1XB/oIxADRAKYFBNoCntZ/VjPy4isZdeA=;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.com; s=ZIXVPM1670e2ded26; t=1648650726; bh=vVlS5seFLa/aMEVI1YmeNh2yKaJpGRi+F5/39znTnLE=; h=From:To:Subject:Date; b=ajdHujHGQ2TDE8K+9v6FMmb9K59e9YOLI3XFl/dVzfck/gQFae6DtJjSGbAHb/Un7 IKQtGKUGhJriG2B6/BCwkQfDGdRLBPP8zGQE4ckK+/ce8GqE1R2LuNW2dUcdOKMRZt YQFwHtF01gGhtxUbpkxfVP9kpzdaVNI5ac0Cph08=
Received: from imsva1.bcbsm.com (inetmta03.bcbsm.com [12.107.172.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.z120.zixworks.com (Proprietary) with ESMTPS id 9C33941B6329; Wed, 30 Mar 2022 09:32:05 -0500 (CDT)
Received: from imsva1.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3F4A092083; Wed, 30 Mar 2022 10:32:05 -0400 (EDT)
X-IMSS-DKIM-Authentication-Result: imsva1.bcbsm.com; sigcount=1; dkim=pass(1024-bit key) header.i=@bcbsm.onmicrosoft.com state=0
Received: from imsva1.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 011E792086; Wed, 30 Mar 2022 10:32:05 -0400 (EDT)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (unknown [104.47.55.173]) by imsva1.bcbsm.com (Postfix) with ESMTPS; Wed, 30 Mar 2022 10:32:04 -0400 (EDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Tr9Ja6W1y1d+vwu0A6BB1AkEeurp/Td/53ltaoBoeyVBkTfS5nPrjIHwGiSmv8VYQsZS79/5jyXEwR6suxf31NCeMrSVlvLw3Fx8qneV0+QdgNvMsH3r9yFaowzeLOmlANvZPwSRs3qwdJOmlP+IQDb8ERWxtSWepMpjHVVWCdNsG530WL9fXfRmLyr9I3wWJktIktgijO9Pt9EfDGTgCeaQzmn17qT4cStzo1Y8gOe2HlCYIiXGVOlSUDpIx+R9s6VNgo/N3jNxYKKQrd1NJnPB/nXhBcyP6I9ORkcARsfh0dCsS4UaGYt1bgyjCnaCZvBtZDuGSUsJJGR1W8nyvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=v5Hr/e9WgWAp1UOE1ZP5SMT+WDqUoZCBnsRHjiriea4=; b=YkWRFpAOagPT7mYnJLy0fjEVmDLaXW7oGNpjW9HCXgP6T9d4b19PMF9bniqaeoRXlP5HNjydQwHxQtf6+iYd2pCirHaDShZVd6Q+nBCM3M/sZKE+DtPbLrtJzqypekey0gBItaYJoq9NzKAw78HS8XPqJ3DDImK32B1KqsL9zh7Ndju6wyQWBN2RpYpJjlOuzVpNhkeJcQh8m1x0eWhCxdCI1FkULDeIF2dEqXRjSQzeuuC+yI6oG8Sv6Z04M+XnscAbINWFKfRq5yd4AjI0CBNCJdjp15f94XkDOoQa6wTOFxejQllVXJt2CTo4niBvRiWFwOxt8y9JNq2ajuPSCw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bcbsm.com; dmarc=pass action=none header.from=bcbsm.com; dkim=pass header.d=bcbsm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.onmicrosoft.com; s=selector2-bcbsm-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v5Hr/e9WgWAp1UOE1ZP5SMT+WDqUoZCBnsRHjiriea4=; b=P7Q1ArWpT2gbhWVoLlIJswdFktFPuoaT+DKKpzrrXaGk+tp4awU31tAYQGdv/4PshFtP3bgR7N9KSsbHFHuyeEnyE0t1eQ92eR8vdcEcFe7bKL5LWRWsIE2xmYQyEf366G8u+SO9tFTrFkihD8c4dYtv7m0YweOrM1QxB8QiFXw=
Received: from DM6PR14MB3178.namprd14.prod.outlook.com (2603:10b6:5:118::30) by SN7PR14MB4493.namprd14.prod.outlook.com (2603:10b6:806:f5::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.20; Wed, 30 Mar 2022 14:32:03 +0000
Received: from DM6PR14MB3178.namprd14.prod.outlook.com ([fe80::fc52:941f:cc00:2dd9]) by DM6PR14MB3178.namprd14.prod.outlook.com ([fe80::fc52:941f:cc00:2dd9%5]) with mapi id 15.20.5123.019; Wed, 30 Mar 2022 14:32:03 +0000
From: "Ackermann, Michael" <MAckermann@bcbsm.com>
To: JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org>, v6ops list <v6ops@ietf.org>
Thread-Topic: [v6ops] Thoughts about wider operational input
Thread-Index: AQHYPWLxesV8fulCSU6drVXmx0+5BazKU+MAgAAMoQCAAA6FAIAApH0AgAALFICAAAQuAIAAAngAgAAp1QCAAC+pgIAL0TCAgAA04QCAAA74gIAAdlQg
Date: Wed, 30 Mar 2022 14:32:03 +0000
Message-ID: <DM6PR14MB31782C88A190259EE4B8C6B0D71F9@DM6PR14MB3178.namprd14.prod.outlook.com>
References: <52661a3d-75dc-111a-3f23-09b10d7cb8d4@gmail.com> <A72CDDDB-CDCE-4EAF-B95E-997C764DB2C4@gmail.com> <9175dc32-45c1-e948-c20a-3bcc958b77b9@gmail.com> <YjmJQMNgnJoSInUw@Space.Net> <D75EF08F-6A41-41B2-AFB2-649CBCC1D83E@consulintel.es> <CAPt1N1nRnYUFA=yyJHx6t52yqWbmcd2Tf1H8gQuCZBd3Q3VqJw@mail.gmail.com> <7F4AEB43-4B24-4A21-AE9D-3EB512B98C46@consulintel.es> <8fac4314b8244ba6b33eea68694296d0@huawei.com> <9A13E47B-75D0-443F-9EE9-D2917ACB2D0F@consulintel.es> <CAO42Z2xUG+BXj+VQpajed9aGjH+q-HR7RX7C-T4DsTbouz7xWQ@mail.gmail.com> <F6A90BBF-7F44-403E-960A-8F756353B562@chinatelecom.cn> <B49417F7-3EFB-4A4D-9D1A-0D21574EA4F2@consulintel.es>
In-Reply-To: <B49417F7-3EFB-4A4D-9D1A-0D21574EA4F2@consulintel.es>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=bcbsm.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c27975fc-cff7-4dc5-07c7-08da125a0efa
x-ms-traffictypediagnostic: SN7PR14MB4493:EE_
x-microsoft-antispam-prvs: <SN7PR14MB44939513B6A76822BA88B071D71F9@SN7PR14MB4493.namprd14.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: u+7T1a9A30QlPJ5RuXZiAv2i/uMAgORaVHTQJ/8kwGJwhUszfP1PfgjyGDDjSMr0/7hP/dDDjePhV+4dArWEDvh1vVePNlXw23A9g8OexIw3JJSKE08WrEodJmBMxcA5Lwn6qkSsff/v+pLHrX3JYSfgK8WfIoJCkuCFKogDQe2GYj9JZL4wmc5tijmM+EtlAwlWT1p7ayyXbasM5N3R3yKqWtoSjt50bj7hCGSr3eALLLqNtqYFFcnb2SVknX4Awjuqzm/qfrJkLcwf55fXTGkwdbVB9z6Mu4+bdICqp4wSGwu7AqbvMy3LXctPcFQ/3oBCeZ/5RZ1LKFpVcRolKIWoN18kucovMQBkba9jGjMq8TtSOW6cX6YRc5z8/eoruGjTJzFMkvjlsHaXv+hY6AVPXE1Ylcy81JqGyS3+qbdTZG11BLbZnado49leiuA5K3w5n51gg4gb5O2BZtJmQ0uRaFTT5A4eNdNHbtqEw0yGjOwJJ18XoIXkof4YhV5SSeYOVY4Me67ou0eeZ4eUVsxPFckzqj7+VAihFRdS8TkES10TSO8VCvxZxeLT3N8zkucr9rlX1dGoE275u4cZk0ZR9jUYSBXsZW7sfCI7naJX+IQeX7dMoRThdLfSFoHiOtP3ZBXDMA1S7LAz/hZ4OTuucFHH8qGEj4MQt3Z8MnO2+QC8mmsPU/JJy/snAMYs3gV6mnDBfzaXvwGRD4dqbssy36/rANBLCqp+FgePYiWD9wr06eJC7NVonof9dLMNRqF1KKpWyQNxLaZRX+xY4fR3aLGOEqhcmr07oXgRBy4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR14MB3178.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(6506007)(66574015)(26005)(186003)(86362001)(7696005)(33656002)(966005)(52536014)(38100700002)(8936002)(55016003)(30864003)(5660300002)(508600001)(2906002)(64756008)(71200400001)(66556008)(83380400001)(122000001)(76116006)(66946007)(66476007)(55236004)(53546011)(66446008)(166002)(110136005)(8676002)(9686003)(38070700005)(316002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 1+GxijSelP48H39EXglEo2OdbP6nqDo/5aJnwbZpgw4Bxocfvn7ks6BSE6+xdw7hKeRoUvSYOx/azRou8p7iuqbL9niaYV1tvhsS3Br1JDXccNeDlXpKzB90eDIocSW9+ZjC4u1qUNHLi0/SLVFMAltTK5yC1ELnoJtFZ3iuECk5RatEct6eCaT5GKDrz46C/5Gru/wdRH43Fh9y0JtVF9dh37yI2UNtRmEIzonkNuM9dSPXT5u8VffwmDwGV7r8XLB3YXD070acdvqJpbwihLA1/fwHuUT/Z4wIixburR145O8yVUnzyyIV9SzTJT6Hq/HftPaKb765IJIvBc9TG/GPIJYwmqJ8bCfvwPUk/fdWQfEBTFg8Y+R+xDwRWj6xnmv52FSH0hKVxqVZg1/nmN2Ma6s8MmqAOVUMwXIMK8CODQ1YJzLWUJMaKRznVOt+qek8aFQ2q9DGdBY32G1rmke70AxB4PxDnfpnf+2itahP+T4rBzb7T+7/pIefcDs0czwnLa3BLBXsHn6VH50TGJ3cVM3Xr7kKmQjylfP+9ggzj9mY94PZs/kgNi9XxlXdSPe9vXYJYVUPgv0qGorvcdZfYfpT83PEBxCLRdK5QYEjQKf+8YzqRt83poxp+lHuKr0PCQPRG+C0UphvGItsb2bi8vzBxpsoXx2e2QnNWEjeR/dMQ2dfix5oRdT82RfkRkKxYkh/F7zsmDz2CYB9iHhlwYSjSYvp7JSHG3FRvCXcRRPkW6W2LG7Omc36he1yfFybzOi6R4Q+gDP5ee75VB87Wgm6zcpB++DTBsn7O5ToekSyyJMMindymkafR4EpVXS3L1HRBt2tj8R7/ZoTppEOPLp6dWe0ZlqmVepbwd7M6pbQ5AvwEiSwXNPwt1mWBlvQ3vR9xOwJHvt/lB6YFb8ygmivtUkeAZqkw2UcJZK5WXDvZPpJGaYdDZ/AtK4EFhwqTRBXbIvXyTD1d2vUm9iAxg63yiL1vgHC/abw9iAwgGyIXKBJWq3QQh2uEKl34iFFEdGeHTnNhTRHSjMeQm8d5YRbJ0oHJm0m5MvozadjTVbRU00ApaHuwDCobX/lq9/xdOe3fBRLBAksUmAM/MWDzb8D9yn2BkBl/76JKcuNGT7UyMgbsdLWJ8JW+69vP7bE6p6259g73e/MkyRaC5nX2ES7r9ThqOpJQnjCYgoBXoc0wdZm/XwLQlNKLdwqQmodekurMOu+5HcHfTGYyVtFnm1pa9o4YyKUNiJwKlHWms3Sa6Heltd4ndeVx0O55aZwip/fBeldLbInGnm4Ik7ZwPnlmNpeXEUELcGqH1Xzvzi94G8dmp069AdeeVwxnsZW42Q8eH44s9DwlsLWThO3GCdu5e2XmRikVkM3doYHNbmikskKiIxI682AM4T7BOgTfpZK2N0TrcRiPpUIC8XeTNrL42NyWjClZT1q14VkbWZ3Dy9q06Jz9wR8esGznT//qgmzWxusgocMRxAuJ9bPGNomFDL+6xNvpKHDAuHx55o7/AluUcpkHqb5CgDbTNCK452Ol6ezO8qiUiDV8/9o1c9hyDrVaQ/SlLlltPNUyK3gAqaopk96OIgdZr+6vl57KUnFXiNgtaJoJEhRWWW3wDKkwXiAgbbKgmIlNxFksK4C0p296Q4Aml+UGd+iMbqRs30RT8VCqsVfnIwx6pqRFo6v/FcIXJXAiRoZlW04WSYYT6L2Jn2zVP4qtenSw2MK1xlQLHBjUq9RI8CfnQ==
Content-Type: multipart/alternative; boundary="_000_DM6PR14MB31782C88A190259EE4B8C6B0D71F9DM6PR14MB3178namp_"
MIME-Version: 1.0
X-OriginatorOrg: bcbsm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR14MB3178.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c27975fc-cff7-4dc5-07c7-08da125a0efa
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Mar 2022 14:32:03.2876 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6f56d3fa-5682-4261-b169-bc0d615da17c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: QVVxZrNCwzvm/XqvlQLpAs59zcD4IMn8rdQWqE97c33Js+iyAJ6aYj9OXt/UKPzcy+7G1pml8dYwJcZX8po7KA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR14MB4493
X-TM-AS-GCONF: 00
X-VPM-HOST: vmvpm02.z120.zixworks.com
X-VPM-GROUP-ID: 6c724c83-f26d-4e8f-baff-1cfb1978045c
X-VPM-MSG-ID: 15b119e2-11f2-4912-9dfd-14a89ea80f7f
X-VPM-ENC-REGIME: TLS,Plaintext
X-VPM-IS-HYBRID: 0
X-VPM: TLS Sent
X-VPM-TLS-SENDER: vmvpm02.z120.zixworks.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/JI2_2esDNyVm142eQKuhAimm_8E>
Subject: Re: [v6ops] Thoughts about wider operational input
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Mar 2022 14:32:13 -0000

Great points Jordi!

IMHO, the biggest problem is #2  (appropriately designated 😊)
This is very old thinking and Security professionals will say this is no longer a good idea for any security reason.    But yet this thinking persists.    To the extent that we can educate these thoughts away,  and make enterprises realize that NATs are not desirable,  I believe that would be effective.

Thanks

Mike



From: v6ops <v6ops-bounces@ietf.org> On Behalf Of JORDI PALET MARTINEZ
Sent: Wednesday, March 30, 2022 3:25 AM
To: v6ops list <v6ops@ietf.org>
Subject: Re: [v6ops] Thoughts about wider operational input

[External email]
I bet that in the majority of the cases for enterprises willing to continue using NAT with IPv6, the reasons are:

  1.  We are using to it in IPv4, why changing it in IPv6 (mental change when adopting IPv6 = lack of proper training).
  2.  Wrong perception that NAT (and hiding addresses) = security.
  3.  Vendors of equipment continue to lie and say “yes” to customers when they ask for NAT66, even if they are supporting an experimental protocol (NPT) and they don’t tell customers “yes we have it, but note that it is an experimental protocol, so not proven interoperability and you’re exposed to consequences than we don’t know yet with apps or services, and same problems as in NAT44”.

Regards,
Jordi
@jordipalet



El 30/3/22, 8:32, "v6ops en nombre de Chongfeng Xie" <v6ops-bounces@ietf.org<mailto:v6ops-bounces@ietf.org> en nombre de xiechf@chinatelecom.cn<mailto:xiechf@chinatelecom.cn>> escribió:

Hi, Mark,
Some enterprises do not want to expose their real address in the network to the outside, so they will use NAT, whether nat44 or nat64 or even nat66 in the future. Therefore, NAT may always exist with the needs of customers.

The technology itself is not right or wrong. It is inappropriate to directly state whether a technology is good or bad, but whether the technology is appropriate for specific scenarios. You said there was a lot of issues with IPv6+NAT,under what scenario? What's are the issues ? Is it a stateless IPv6+NAT or a stateful IPv6+NAT?

Thanks
Chongfeng


2022年3月30日 上午11:22,Mark Smith <markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>> 写道:


On Wed, 23 Mar 2022, 01:55 JORDI PALET MARTINEZ, <jordi.palet=40consulintel.es@dmarc.ietf.org<mailto:40consulintel.es@dmarc.ietf.org>> wrote:
Hi Eduard,

What I meant is that I will like to avoid the issues that NAT creates for apps. We must aim for something better.

This.

IPv6+NAT creates a lot of the issues that IPv4+NAT does, so why bother deploying IPv6 when you've already got the equivalent via IPv4 today?


People need to understand why enterprises go to the expense of deploying technologies.

Technology is a means to an end, not the end itself. Technology in business either saves money or makes money for the business.

Enterprises in the 1990s didn't really deploy IPv4, they deployed global email and WWW access. Deploying IPv4 was the means to reaching those ends, because IPv4 underpinned them.


So the questions to think about in the context of businesses and enterprises and IPv6 are:

- What business problem does or can IPv6 solve better than existing IPv4?

- IPv6 is the technology means to an end, so what is or are the ends that are of value to a business, where IPv6 is the better underpinning technology than IPv4 to reach those ends?

- How can deploying IPv6 save or make money for a business?

Regards,
Mark.




On the other side, using an experimental protocol for production networks, in my opinion is a big “NO”.

Regards,
Jordi
@jordipalet



El 22/3/22, 13:04, "v6ops en nombre de Vasilenko Eduard" <v6ops-bounces@ietf.org<mailto:v6ops-bounces@ietf.org> en nombre de vasilenko.eduard=40huawei.com@dmarc.ietf.org<mailto:40huawei.com@dmarc.ietf.org>> escribió:

Hi Jordi,

I understand the desire to fix broken things. (I doubt it is possible)
But why NPT+ULA is not enough for MHMP now?
It is very similar to what Enterprises and small businesses have now.
They would be happy.

Eduard
From: v6ops [mailto:v6ops-bounces@ietf.org<mailto:v6ops-bounces@ietf.org>] On Behalf Of JORDI PALET MARTINEZ
Sent: Tuesday, March 22, 2022 12:34 PM
To: v6ops@ietf.org<mailto:v6ops@ietf.org>
Subject: Re: [v6ops] Thoughts about wider operational input

You’re right. Let’s say it in a different way, as may be my first email was not clear on this.

1.      I don’t think we want again to repeat the NAT problems, so NPT is not a valid solution for me.
2.      I think in the future almost every site could want to be multihomed, in some cases “n” links active, many other cases just as a backup.
3.      This means that renumbering is not (probably) a valid choice in any cases.
4.      Can we make PI work in such “huge scale” scenario?
5.      Can source-address forwarding work and solve all that, or we need that and/or something else.

Only if we solve this, organizations could learn that NAT with IPv6 is not the solution, but something better that provides the same results, and no need to have “private” addresses, because the way NAT is offering a “different” addressing inside and outside is not NAT per-se, but statefull firewalling.

Regards,
Jordi
@jordipalet



El 22/3/22, 10:27, "v6ops en nombre de Ted Lemon" <v6ops-bounces@ietf.org<mailto:v6ops-bounces@ietf.org> en nombre de mellon@fugue.com<mailto:mellon@fugue.com>> escribió:

Is it really hncp that we needed here?  I think the key tech we need is source-address-based forwarding, and babel i think has delivered that. Granted, getting that into soho routers is a problem.

On Tue, Mar 22, 2022 at 10:11 JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org<mailto:40consulintel.es@dmarc.ietf.org>> wrote:
Maybe the terminology is not the most appropriate and we should talk about "organizations", because there are many types of networks that have the same problem and those are not enterprises (such as government sites, NGOs, etc.).

The problem is the same regardless of the "size" of the organization. The difference is that "today" most SMEs don't have that problem because they don't have PI, but it may turn the same when they realize that not being PI have renumbering issues if changing the ISP. Of course, again, if we talk about a "small" SME, then may not be an issue, they only have 40 or 50 devices to renumber (your mileage will vary), not easy but not "terrible".

On the rest of Gert comments, definitively I agree, and specially on our big mistake not working further on HNCP.

Regards,
Jordi
@jordipalet



El 22/3/22, 9:31, "v6ops en nombre de Gert Doering" <v6ops-bounces@ietf.org<mailto:v6ops-bounces@ietf.org> en nombre de gert@space.net<mailto:gert@space.net>> escribió:

    Hi,

    On Tue, Mar 22, 2022 at 11:42:12AM +1300, Brian E Carpenter wrote:
    > I agree with Jordi that multihoming is a genuine impediment. What isn't generally realised is that it's a problem of scale when considering at least 10,000,000 enterprises, much more than it's a problem of IPv6 itself.

    What is "an enterprise"?

    My stance on this is that for "largely unmanaged SoHo networks" - which
    could be called "small enterprise" - dual-enduser-ISP with dual-/48 or
    NPT66 gets the job done in an easy and scalable way (HNCP would have
    been great, but IETF politics killed it).

    "Enterprise that truly need their own independent fully managed network
    with multiple ISP uplinks and fully routed independent address space"
    are probably way less than 10 million...

    Half of them do not want Internet access anyway, just access to their
    ALGs that will do the filtering and TLS inspection and everything, and
    then out to the Internet as a new TCP session (= could be done with
    DMZ islands of upstream-provider-allocated space just fine).


    We need to work on our marketing regarding multihoming.  "What is it that
    you get, what is the cost, which of the variants do you want, and why...?"

    Gert Doering
            -- NetMaster
    --
    have you enabled IPv6 on something today...?

    SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael Emmer
    Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
    D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
    Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279

    _______________________________________________
    v6ops mailing list
    v6ops@ietf.org<mailto:v6ops@ietf.org>
    https://www.ietf.org/mailman/listinfo/v6ops



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com<http://www.theipv6company.com/>
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.



_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops
_______________________________________________ v6ops mailing list v6ops@ietf.org<mailto:v6ops@ietf.org> https://www.ietf.org/mailman/listinfo/v6ops

**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com<http://www.theipv6company.com/>
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
_______________________________________________ v6ops mailing list v6ops@ietf.org<mailto:v6ops@ietf.org> https://www.ietf.org/mailman/listinfo/v6ops

**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com<http://www.theipv6company.com/>
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops
_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops

_______________________________________________ v6ops mailing list v6ops@ietf.org<mailto:v6ops@ietf.org> https://www.ietf.org/mailman/listinfo/v6ops

**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.


The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
 
 Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.


This message was secured by Zix(R).

v2.23.0 | Report a Bug | By Email