IETF Logo Mail Archive

Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]

"Ackermann, Michael" <MAckermann@bcbsm.com> Mon, 02 May 2022 21:01 UTC

Return-Path: <mackermann@bcbsm.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD146C1594B6 for <v6ops@ietfa.amsl.com>; Mon, 2 May 2022 14:01:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=MAckermann@bcbsm.com header.d=bcbsm.com; dkim=pass (1024-bit key) header.d=bcbsm.com header.b=p2JiGEJc; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=bcbsm.onmicrosoft.com header.b=inMPRebP
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xfU0yvDIOmHN for <v6ops@ietfa.amsl.com>; Mon, 2 May 2022 14:01:09 -0700 (PDT)
Received: from mx.z120.zixworks.com (bcbsm.zixworks.com [199.30.235.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F340FC157B36 for <v6ops@ietf.org>; Mon, 2 May 2022 14:01:08 -0700 (PDT)
Received: from 127.0.0.1 (ZixVPM [127.0.0.1]) by Outbound.z120.zixworks.com (Proprietary) with SMTP id 44DF2C0B2DA7 for <v6ops@ietf.org>; Mon, 2 May 2022 16:01:07 -0500 (CDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ZIXVPM1670e2ded26; d=bcbsm.com; h=From:To:Subject:Date; b=Fsuz6K94gNGDfW8uYTaCqdLblY4eoBoJ+iEUHbuaHlt0r6ZxRskg6kosNyGNOtA3 QvBHUvfOCzegU2opTtRfPdvYiS/eMoRAtFKqnzbxQ6vfrczZJ2dCwMk4dQkC6c ByyE3mRPZ+gMHdj8At5VhdMhdwLYlhxULM+hYU/YU++Gs=;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.com; s=ZIXVPM1670e2ded26; t=1651525267; bh=oHOcQHUNDSBT6RhWY/oUGtGql/Vh/Bgguk7blhMXsqA=; h=From:To:Subject:Date; b=p2JiGEJcgKopBazp3axspIsgUtmASIE7XiYuRG1rcGTUApd45QxtI5fGLXaiDFth8 LnNiD6HsGNyWGLBtl9nTsJl9y4HRYiYRznvKzbvbc7YlexzOOgrs50DBM3s43TVPW+ OOWSG2lGP+OtzGThAMRbVfsn41x/FmtlVTRlAGAU=
Received: from imsva2.bcbsm.com (inetmta04.bcbsm.com [12.107.172.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.z120.zixworks.com (Proprietary) with ESMTPS id 42C7B41806ED; Mon, 2 May 2022 16:01:05 -0500 (CDT)
Received: from imsva2.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D4FFBFE085; Mon, 2 May 2022 17:01:04 -0400 (EDT)
X-IMSS-DKIM-Authentication-Result: imsva2.bcbsm.com; sigcount=1; dkim=pass(1024-bit key) header.i=@bcbsm.onmicrosoft.com state=0
Received: from imsva2.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 971E8FE082; Mon, 2 May 2022 17:01:04 -0400 (EDT)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (unknown [104.47.70.101]) by imsva2.bcbsm.com (Postfix) with ESMTPS; Mon, 2 May 2022 17:01:04 -0400 (EDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oN6J20Nwft/ktcK0h4qQyrTEHYklej6DkEjHoOCyx9pWa1/e5/Sdn3ZfZIvbbwE1tCapGvs/wtW31tsg9uSalijTpGiuPahP7bijagQHajF7gDQjpHz4FmEoS79U9JEp4GVqi83pQx13uoFlIXF1JfLwkUjx3ABV77waKXRNqk8tui7YWFAZbFYaqW33tjG01lXFChEyQoY00uP/aa3gQytRjGLFglKcJX7XxJvv46vHLOQaA5g6CixaSQENDRLR7Pi0mFWzHrq3+hHFA9moMa57urnJruP4yszdMskaqaIEL3wI0uMj4lMeuic2/etVgcb3An1tFHuI1LMXt9Ir1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7E2iMFhV7/N5ooPCpBpao73mKHdctUfKBI3SelTf3YY=; b=cEVoZPonvqVphg0BxYV9PlQuhrGJhieJN8fWMDXky0zxKuF0wYOho+u0viq1iYTKXc21NJi8kicAWbs2UmPWchkQY42RgtDLACOBd/mlI0I2003ronlrVyqTsk8jOXWCAYvcsWZiKKobpQdzc7FHzGJ8PSIFPjBHsAZhV7zte9wmQGBKbHW2PSQbUvsCGSkB4WOK4mpMqKPDiefY4dVRMy33atfdy2QihTFQv9YAYi9vAnuT6QYNDr+uugMo4Vy6FE0uahkGOBP+Ku2dpvL3B1HF/7PJQMydldi1O6QpRVn75UyoUrTo48RODCZg358LOnBHZMieA+nF0Kl6LpzO8Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bcbsm.com; dmarc=pass action=none header.from=bcbsm.com; dkim=pass header.d=bcbsm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.onmicrosoft.com; s=selector2-bcbsm-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7E2iMFhV7/N5ooPCpBpao73mKHdctUfKBI3SelTf3YY=; b=inMPRebPq82xxNrOF2RBjIr6hcAFbaChMpnryfrvxP+2ObzSsethFtWII3+bclKWr5dE38j3IH1IFCxjGyK0DkPWqshaT+nDn7gvng5H286o+J1uQTvttc6T4GxmiFtt48HzTuQ9VGdDgL6M2gOvnHDpGlgvmxm4ZoORtnlwvTw=
Received: from DM6PR14MB3178.namprd14.prod.outlook.com (2603:10b6:5:118::30) by SJ0PR14MB4281.namprd14.prod.outlook.com (2603:10b6:a03:2e4::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5186.28; Mon, 2 May 2022 21:01:03 +0000
Received: from DM6PR14MB3178.namprd14.prod.outlook.com ([fe80::b9f9:eaac:eb65:8a50]) by DM6PR14MB3178.namprd14.prod.outlook.com ([fe80::b9f9:eaac:eb65:8a50%6]) with mapi id 15.20.5206.024; Mon, 2 May 2022 21:01:02 +0000
From: "Ackermann, Michael" <MAckermann@bcbsm.com>
To: Ed Horley <ed@hexabuild.io>, David Farmer <farmer=40umn.edu@dmarc.ietf.org>
CC: v6ops list <v6ops@ietf.org>, 6man list <ipv6@ietf.org>, Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>
Thread-Topic: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]
Thread-Index: AQHYWPMSq8TR4I1z50KnVLR9gFPeAa0BQBiAgAAOt4CAAAsgAIAAAkWAgAABEwCAArKnAIAAFUSAgAAFeoCAAAeegIAAI/cAgAArXQCAAAwtgIAAgQSAgAAbkYCAALP8AIAAF8WAgAD/L4CAAAXwAIAABnkAgAACnACAABQ/AIAAGHuAgAA7FACABG8RAIAAG2Fw
Date: Mon, 02 May 2022 21:00:47 +0000
Deferred-Delivery: Mon, 2 May 2022 21:00:00 +0000
Message-ID: <DM6PR14MB3178A46301A64F3FD98A8E01D7C19@DM6PR14MB3178.namprd14.prod.outlook.com>
References: <CAN-Dau3iyP7sMUsiP3ckYEpkLoQK-bpgKnDn6d4Ci7f9V_5CPw@mail.gmail.com> <CAE=N4xe3ycbg+8UcLstFneg9q42SLQfPHLPmcQLEyNH4GOyPGw@mail.gmail.com>
In-Reply-To: <CAE=N4xe3ycbg+8UcLstFneg9q42SLQfPHLPmcQLEyNH4GOyPGw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=bcbsm.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b087de0a-5b6c-45fa-bfcf-08da2c7ede03
x-ms-traffictypediagnostic: SJ0PR14MB4281:EE_
x-microsoft-antispam-prvs: <SJ0PR14MB428177C7795DB710785913B1D7C19@SJ0PR14MB4281.namprd14.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wgeZ79F6JYia9l7Mq2mM6+fV/rUXNIBBKXl9/24eKoSHbp6t4yBIptYBeSQPWb1l1oYF1zDpIgNdkHGLLzTGSLpD/wJLu8IX64GEJHY7uBK/e+yN+XMX+m17+1yyBUlwD/+HFMjIgy2s1reKp795CmOCr43GD57IdU09SWroe2DbtmkDvhgpMeYe6YVnwvR+bOgb74yHLWVO+sz/ctF+g0CW+SBbFqWH3S9UImLVoI5ulnw+lilDRu/bR+DauTLx1/JMIwTgMOehQM5nj6Dxd2oRazVoRmd/SkPX6weGckW7u+lgrer8fTDrSQ/DI5qsDY6EHyBt2dqV8HwbDm+SGcmEmiNk+wOHqdQMJXAOz1B/vr9C5v3oNn45s33BcaUtUEJbsHiOl8Ayinmy+sP6UU3zCrS+B60W/JcKqcuBhv701rfdfFsWmIJ/1o99BCG/GpAmjvSyI1VOhiJgl5GXHyC7rujTQDLRFSEDezdFDzWfhEAYJFZ+mj+o0EYv5ChvakGaYRvyJeD2HlGFCalMYyTEN8skOFwZpzILBUR9R9cRy9Dyq6jmKpk88e3mQDfbkS3kiz5ObpIwVcKpqKg9Em6QeIkwCNCvSYVj6dN5ZQM+l6TvPXMqld+YadW1L8/3yWtRHNrgWlPwvAC9pOasluDHvs6aZD0TEhG9qspWp1i0WJEo44Zn6mfeDwcK8XQwGc2KMZ+MkjDQgwQIZCe/6a97md8Qh2zm34ARYQs39uOM7UoOvQAdZs7K652MNwHjWxgLBYJ3o7BpVBhbekTiktXWD/72Cw+4egF0tGVn4x2LZlMGIICmCpM470wPjZaK
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR14MB3178.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(38100700002)(52536014)(6506007)(53546011)(55236004)(7696005)(6666004)(33656002)(8936002)(38070700005)(71200400001)(110136005)(9686003)(26005)(966005)(508600001)(316002)(40140700001)(54906003)(76116006)(76236003)(66574015)(4326008)(8676002)(64756008)(186003)(66476007)(66556008)(83380400001)(66946007)(86362001)(66446008)(21615005)(166002)(122000001)(55016003)(30864003)(2906002)(5660300002)(99710200001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /oMOHeBHYZFXApxJ3+rLndoNJEIUNZjzZbUpJ9FV3tSdaqAzI8t7qU0QC8P6JqGHB/zu6/xxD/y0eRRAmqsCgqgqwzaEnTGaLY4PKApskY3EnI7++PaASa1jjehvUVl2eodzMhyQ12qncr3ac8OCu3qtCedZio8e+lsmdMdxhnxE7YAd1RWNrB8TL/dZFt/S2kHVwhXnYWjzr3/k4mHLs+yEaCzGBInnDqoli6JaPSR35+bGXVpFcFjc5S+a4gRoczRP2o4KQ2qYHXviKjKu4V4QeLDfc9OVDKxjQ4a2nKp3lO6EE9Sie4b3GxJKKdgWbY12+wAm6+DN8ZYRasuw9fFgP7KpvqHSlMitdAs6ZDvk2KPaOHiB6ovYUfW3RBY0gX0Z1YhwVImP1v2ktZXKfEJGbyrhZuVuzM1olfqKtEAjQorbD/636Sux/n1hj266Q/DmrmAUMrPleC88UzO3I+OZPyhbkk5+YPsT9Csv70oY9ijUZalPiu9aHcwffF6gHpgDgQa+lmJgHPM/bmTaRJ+T45B8xk3L9fccHssqW92jqae8Mhu1eIEpuUTzTR5/XQrruq1hkqGkvX9ysCCIJUJ/54qa702dKDOzHhfNPvUC9XuMQeMpMk6ir3sf8zHevxMil5qJxfH7MadOS29agW8q5c7lhUNaf5SANTHGEGyPPakT+M4AF8NPV9HSjZOfQMvcz9zlwdFazoEkaNEip0r1gUNp0U6DKfe3aMtjMmv+IbIDzax3rVHMcrE8rsSrLPSY0XMyWK4xfYDaGex2GkKIfDST+fq9kArb6Zy5ba3Alfrq2paMV1CAPtolvPW3FHuog6phHbXby+AA+O6/LM7hKTxpsPcLqFEIYmn0yEDefYqMFwt2Vr7/BVm9R0cvAmfbI6dL7VyUWYeKR/LOQUWUPgbSewLnDgz9JNFmJFPnQ4WQeAg6z7Ot2YPAU/+Ya8KmxTwJ0XfrtXMWojcOLkBO4MBu4ORtcxnSUI+gK92yMnBPxOPYtMZzN7V4cokH87/Kx58M2P8EJwl2CdhGrrt3g50iZPUY95987lzle/lulF/aSEOfgi5FdjZzjsaiWxUNifObAJUAJ83vo++9BpN//pJeaKtLh9EzpETrQ+OS5JAUUgIABfWdBs4CPZ66hpUGXLa+/U2OzHTFJlLLeCsBWA7QtoNxGnsm3Of3pqdYSrbz3ZPqHKojuD/1WshI+ayGkYH9wDAvxQeZ4343qwvQmeI0/Alt2yBzej4nXqCPCpjT+YsGkYIhOCT4RAvuy7K66LMiaL0FjZusMwxXEjhMRMGf4NKgw0K14QjFCbPcNt22SV7ADhpygUDyU+gcjtMgjCVxA+wZAa3CR8rnOg6kpxnHXmJOWbZf6+9AK/LexnMQNDUHmSBjaJnSwA8t1Z+KQ88UNd5ZiqaEgVxYWeTXYmkBKXQrbxwKxGHDinMtv6qFWKBX5BXAwXt0mnAC3KqC9XfTxjvIBOVpjIzDZbgEFi0qeOJvzeEmgxhs/bMI/xyl3ABvpMdD0GnucG/lOTbXsp1mnio1NO9DnjcidP6gRHiEp+ZMG8IhqKQM+fo0RMf6UHILC8p18PtNP5uvVzF1K0c6VMhHfjVYMoM4uurpOtxR5Cg9C0+2hxefAFKXSmfRgBRUWHd7PPUavoh38EVvFODW9VbTVaUv4AHSj0T7hH02Dn39v2eVtPbmFHCQYIUPGxJjBwNJDx/W8tV7x0CaFQeLQZEMPe7i67PCBQ==
Content-Type: multipart/alternative; boundary="_000_DM6PR14MB3178A46301A64F3FD98A8E01D7C19DM6PR14MB3178namp_"
MIME-Version: 1.0
X-OriginatorOrg: bcbsm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR14MB3178.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b087de0a-5b6c-45fa-bfcf-08da2c7ede03
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 May 2022 21:01:02.8479 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6f56d3fa-5682-4261-b169-bc0d615da17c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xnx8Uggf/vKFFEeoE8hTPPE2I54AGKEEaM642BAvN6SmqXlOG1Texn+jZ6lKrjXDWhnSIAGoOyXog8nAw+/sBg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR14MB4281
X-TM-AS-GCONF: 00
X-VPM-HOST: vmvpm01.z120.zixworks.com
X-VPM-GROUP-ID: 248f7442-bcf6-4c67-9a25-84ce176c4d39
X-VPM-MSG-ID: 7c09453c-07d7-48d6-9da0-e640202836c4
X-VPM-ENC-REGIME: TLS,Plaintext
X-VPM-IS-HYBRID: 0
X-VPM: TLS Sent
X-VPM-TLS-SENDER: vmvpm01.z120.zixworks.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/AqGxTa71TtazuabI4kGLXu31V0s>
Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 May 2022 21:01:13 -0000

Another big +1

The stated goal of Nicks draft was to identify the "Unintended Operational issues with ULA".  Which as I read it, highlights several issues that need to be addressed for successful deployment of ULAs.
This is well done, thorough and the issues are important to network / Data Center operators.

This draft should be promoted to a V6OPS WG Draft.
Which should allow many of the people contributing on this email chain to participate in creating optimal fixes for the related issues identified.

From an enterprise perspective, addressing such issues as identified in this draft are of critical importance,  because if we do finally begin IPv6 deployment and experience these issues,  we will recoil on IPv6 for another several years, which I hope is what none of us want!
But fixes to the issues identified in this draft will be beneficial to all.

Thanks

Mike

From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Ed Horley
Sent: Monday, May 2, 2022 1:04 PM
To: David Farmer <farmer=40umn.edu@dmarc.ietf.org>
Cc: v6ops list <v6ops@ietf.org>; 6man list <ipv6@ietf.org>; Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>
Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]

[External email]
I'm also in agreement that the problem needs to be addressed and would like to request the draft be promoted to v6ops WG draft.

On Fri, Apr 29, 2022 at 2:22 PM David Farmer <farmer=40umn.edu@dmarc.ietf.org<mailto:40umn.edu@dmarc.ietf.org>> wrote:
I think this problem needs to be worked on, so I think this draft should be promoted to v6ops WG draft.

As I see it, the problem is that many implementations prefer IPv4 local addresses over IPv6 (ULA) local addresses. This is because many implementations don't implement the suggestion in RFC6724, section 10.6, paragraph 3. Without RFC6724, section 10.6, paragraph 3, hosts prefer IPv4 local addresses over IPv6 (ULA) local addresses, whether or not NAT44 is being used.

Additionally, RFC6724 seems to have an unstated assumption that all devices need and want global connectivity to the Internet. This is probably the correct assumption for most general-purpose devices, like desktops, laptops, tablets, and even smartphones. However, many other devices, such as IoT or 6lowpan devices, and even printers, are intended only to communicate locally, or locally to an application-specific gateway, then to the cloud or the Internet through that gateway.

I think maybe the answer is to require the implementation of RFC6724, section 10.6, paragraph 3, which is effectively a MAY currently and should be promoted to at least SHOULD, if not a MUST. Currently, implementations that don't add the local ULA /48 as described in RFC6724, section 10.6, paragraph 3, exhibit a default behavior that prefers an IPv4 local address over an IPv6 local address.

Further, it might be worth making separate recommendations for devices that are intended for local-only communications, for these devices, it might be appropriate for ULA to be preferred over IPv4 and IPv6 GUA, only using GUA if ULA is unavailable.

Thanks.

On Fri, Apr 29, 2022 at 12:49 PM Kevin Myers <kevin.myers@iparchitechs.com<mailto:kevin.myers@iparchitechs.com>> wrote:
I agree, the problem is well defined and documented. It is impactful for real world ops and further work is valuable to a great number of orgs and operators worldwide.

it should be promoted to v6ops WG draft.

From: v6ops <v6ops-bounces@ietf.org<mailto:v6ops-bounces@ietf.org>> On Behalf Of Vasilenko Eduard
Sent: Friday, April 29, 2022 11:22 AM
To: buraglio@es.net<mailto:buraglio@es.net>
Cc: v6ops list <v6ops@ietf.org<mailto:v6ops@ietf.org>>; 6man list <ipv6@ietf.org<mailto:ipv6@ietf.org>>
Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]

IMHO: draft-buraglio-v6ops-ula should be promoted to v6ops WG draft.
The problem is real and important.
Ed/
From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Nick Buraglio
Sent: Friday, April 29, 2022 6:09 PM
To: Ed Horley <ed@hexabuild.io<mailto:ed@hexabuild.io>>
Cc: David Farmer <farmer=40umn.edu@dmarc.ietf.org<mailto:farmer=40umn.edu@dmarc.ietf.org>>; Xipengxiao <xipengxiao=40huawei.com@dmarc.ietf.org<mailto:xipengxiao=40huawei.com@dmarc.ietf.org>>; v6ops list <v6ops@ietf.org<mailto:v6ops@ietf.org>>; 6man list <ipv6@ietf.org<mailto:ipv6@ietf.org>>
Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]


On Fri, Apr 29, 2022 at 10:00 AM Ed Horley <ed@hexabuild.io<mailto:ed@hexabuild.io>> wrote:
To bring things back into focus. I believe the goal of the submitted informational draft was to identify the "Unintended Operational issues with ULA" (which is the title of the draft) so that it was clear what structural problems exist with ULA currently. It does not propose any fixes, I believe that would be a separate but important discussion (well, a yelling match apparently). I am specifically interested if anyone has any documented and verifiable configurations that either counter the points made, disprove the points made, or prove false the points made in the submitted draft. For those that have not read it yet you can find it here:
https://datatracker-ietf-org.lucaspardue.com/doc/draft-buraglio-v6ops-ula/
or
https://www.ietf.org/id/draft-buraglio-v6ops-ula-01.html

Once we agree on what the problem space is, I believe it makes it a bit easier to talk about what to actually fix, if anything. I believe that was the goal Nick had originally with this, but he can confirm that I imagine.

Exactly this. The draft was intended to identify a gap, a problem space that we encounter fairly frequently in the work I am doing at the moment. It is *not* intended to condone address translation, to hasten NAT66, or to solutioneer anything. That part should come after we agree that there is in fact a problem space as defined in the draft.

To bring this back to a very simple yes or no question, does anyone disagree with, or have recent experience that is counter to the draft?
If the answer is that "yes, we have data that shows that this draft is incorrect", let's talk about that.

nb


- Ed

On Fri, Apr 29, 2022 at 7:38 AM Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>> wrote:
The difference is that NAT44 made things better. NAT66 arguably doesn’t. Pretty clearly there is a better alternative for the specific pci case we’ve been discussing.

This doesn’t mean people won’t do nat66 out of habit anyway, but it will cost extra and add no value, so I don’t see any reason why it would become and remain a best practice.

On Fri, Apr 29, 2022 at 10:16 David Farmer <farmer=40umn.edu@dmarc.ietf.org<mailto:40umn.edu@dmarc.ietf.org>> wrote:


On Thu, Apr 28, 2022 at 6:02 PM Mark Smith <markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>> wrote:
On Fri, 29 Apr 2022 at 07:37, Xipengxiao
<xipengxiao=40huawei.com@dmarc.ietf.org<mailto:40huawei.com@dmarc.ietf.org>> wrote:

> My point is, given PCI DSS 4.0 (what Jen wrote as PCR DSS 4.0), we should tell enterprises they no longer need NAT. But if some enterprises still insist, respect their decision.

Ignore them. IPv6 doesn't solve any problem they have, and adding NAT
to IPv6 still won't solve any problem they have, because IPv6 still
won't solve a problem they have.

...

Even government mandates to get enterprises to adopt a networking
protocol don't work - the Internet is supposed to be running CLNS by
now as mandated by governments around the world. (I expect Vint Cerf
was being nice while working on this rather than truly believing OSI
would take over.)

Explaining the Role of GOSIP
https://www.rfc-editor.org/rfc/rfc1169.html


 It's more important to get enterprises to use IPv6 ASAP, than to
insist that they use the "right" IPv6 solution.
>

Why is it important to get enterprises to use IPv6 ASAP?


Regards,
Mark.

Ignore credit cards and enterprises, that's your advice for IPv6?

So, no one using IPv6 wants to get paid for anything? Or, are you suggesting we maintain a quaint IPv4 network in the corner, so we can do credit cards and can get paid?

As for enterprises, Google and AWS are enterprises, are you suggesting they should be ignored too? Most of the valuable things on the Internet are run by enterprises.

Supporters of IPv6 need to very much care about enterprises; We need them to make their content available via IPv6. We need them to enable IPv6 on the Internet-facing parts of their networks.

Do we need them to enable IPv6 on their internal networks, maybe or maybe not. However, if enterprises are not comfortable with IPv6 why would they enable their content over IPv6?

I'm not suggesting we have to do NAT66 or even NPTv6, however, I think we should have something to tell those doing NAT44 today and want to maintain an internal private network. Maybe ULA with application gateways and proxies instead of NAT. But I don't think the internal private network model is just going to go away, too many people are comfortable with it.

Furthermore, ignoring NAT44 from a standardization point of view worked so well the last time. "Ignore them, and they will go away," didn't work last time and it's not going to work this time either.

Thanks


--
===============================================
David Farmer               Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu>
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE<https://streaklinks.com/BByrD6ad3b0OpBiK1wctjpyV/https%3A%2F%2Fwww.google.com%2Fmaps%2Fsearch%2F2218%2BUniversity%2BAve%2BSE%3Fentry%3Dgmail%26source%3Dg>        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================
_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------


--
Ed Horley
ed@hexabuild.io<mailto:ed@hexabuild.io> | (925) 876-6604
Advancing Cloud, IoT, and Security with IPv6
https://hexabuild.io<https://hexabuild.io/>
And check out the IPv6 Buzz Podcast at https://packetpushers.net/series/ipv6-buzz/
_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops
ᐧ
_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops


--
===============================================
David Farmer               Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu>
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------


--
Ed Horley
ed@hexabuild.io<mailto:ed@hexabuild.io> | (925) 876-6604
Advancing Cloud, IoT, and Security with IPv6
https://hexabuild.io<https://hexabuild.io/>
And check out the IPv6 Buzz Podcast at https://packetpushers.net/series/ipv6-buzz/


The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
 
 Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.


This message was secured by Zix(R).

v2.23.0 | Report a Bug | By Email