Re: [v6ops] Thoughts about wider operational input

[Nick Buraglio <buraglio@es.net>]

The issue with ULA + NPT is that if there is an A record, ULA + translation
will rarely if ever be used unless the application dictates it as the ULA
addressing is de-prioritized in nearly every operating system - but that's
a very specific technical implementation issue and I don't believe that it
is fundamental to the lack of enterprise deployment.

nb



On Tue, Mar 22, 2022 at 11:53 AM Vasilenko Eduard <vasilenko.eduard=
40huawei.com@dmarc.ietf.org> wrote:

> Experimental is just a label. Change it if it is the only problem.
>
>
>
> Yes, maybe some protocol would embed the IP address, extremely rare.
>
> UDP/TCP ports are not touched.
>
>
>
> NPT+ULA is “low hanging fruit” in business consultants' terminology.
>
> It does not preclude developing something better.
>
> Because as Gert said: it is better to have a policy on what Carrier to use
> for what type of traffic.
>
>
>
> *From:* v6ops [mailto:v6ops-bounces@ietf.org] *On Behalf Of *JORDI PALET
> MARTINEZ
> *Sent:* Tuesday, March 22, 2022 7:44 PM
> *To:* v6ops@ietf.org
> *Subject:* Re: [v6ops] Thoughts about wider operational input
>
>
>
> I don’t think app developers will agree with you.
>
>
>
> I will re-read anyway NPT RFC, I recall it has a specific warning section
> on that … and anyway, it is an experimental protocol.
>
>
>
>
>
>
>
> Saludos,
>
> Jordi
>
> @jordipalet
>
>
>
>
>
>
>
> El 22/3/22, 17:37, "v6ops en nombre de Vasilenko Eduard" <
> v6ops-bounces@ietf.org en nombre de vasilenko.eduard=
> 40huawei.com@dmarc.ietf.org> escribió:
>
>
>
> Hi Jordi,
>
> NPT is not NAT – it is not a so big problem for applications (stateless,
> even connection could be initiated 2 way).
>
> Meanwhile, it is possible to think about a better solution.
>
> Eduard
>
> *From:* v6ops [mailto:v6ops-bounces@ietf.org <v6ops-bounces@ietf.org>] *On
> Behalf Of *JORDI PALET MARTINEZ
> *Sent:* Tuesday, March 22, 2022 5:55 PM
> *To:* v6ops@ietf.org
> *Subject:* Re: [v6ops] Thoughts about wider operational input
>
>
>
> Hi Eduard,
>
>
>
> What I meant is that I will like to avoid the issues that NAT creates for
> apps. We must aim for something better.
>
>
>
> On the other side, using an experimental protocol for production networks,
> in my opinion is a big “NO”.
>
>
>
> Regards,
>
> Jordi
>
> @jordipalet
>
>
>
>
>
>
>
> El 22/3/22, 13:04, "v6ops en nombre de Vasilenko Eduard" <
> v6ops-bounces@ietf.org en nombre de vasilenko.eduard=
> 40huawei.com@dmarc.ietf.org> escribió:
>
>
>
> Hi Jordi,
>
>
>
> I understand the desire to fix broken things. (I doubt it is possible)
>
> But why NPT+ULA is not enough for MHMP now?
>
> It is very similar to what Enterprises and small businesses have now.
>
> They would be happy.
>
>
>
> Eduard
>
> *From:* v6ops [mailto:v6ops-bounces@ietf.org <v6ops-bounces@ietf.org>] *On
> Behalf Of *JORDI PALET MARTINEZ
> *Sent:* Tuesday, March 22, 2022 12:34 PM
> *To:* v6ops@ietf.org
> *Subject:* Re: [v6ops] Thoughts about wider operational input
>
>
>
> You’re right. Let’s say it in a different way, as may be my first email
> was not clear on this.
>
>
>
> 1.      I don’t think we want again to repeat the NAT problems, so NPT is
> not a valid solution for me.
>
> 2.      I think in the future almost every site could want to be
> multihomed, in some cases “n” links active, many other cases just as a
> backup.
>
> 3.      This means that renumbering is not (probably) a valid choice in
> any cases.
>
> 4.      Can we make PI work in such “huge scale” scenario?
>
> 5.      Can source-address forwarding work and solve all that, or we need
> that and/or something else.
>
>
>
> Only if we solve this, organizations could learn that NAT with IPv6 is not
> the solution, but something better that provides the same results, and no
> need to have “private” addresses, because the way NAT is offering a
> “different” addressing inside and outside is not NAT per-se, but statefull
> firewalling.
>
>
>
> Regards,
>
> Jordi
>
> @jordipalet
>
>
>
>
>
>
>
> El 22/3/22, 10:27, "v6ops en nombre de Ted Lemon" <v6ops-bounces@ietf.org
> en nombre de mellon@fugue.com> escribió:
>
>
>
> Is it really hncp that we needed here?  I think the key tech we need is
> source-address-based forwarding, and babel i think has delivered that.
> Granted, getting that into soho routers is a problem.
>
>
>
> On Tue, Mar 22, 2022 at 10:11 JORDI PALET MARTINEZ <jordi.palet=
> 40consulintel.es@dmarc.ietf.org> wrote:
>
> Maybe the terminology is not the most appropriate and we should talk about
> "organizations", because there are many types of networks that have the
> same problem and those are not enterprises (such as government sites, NGOs,
> etc.).
>
> The problem is the same regardless of the "size" of the organization. The
> difference is that "today" most SMEs don't have that problem because they
> don't have PI, but it may turn the same when they realize that not being PI
> have renumbering issues if changing the ISP. Of course, again, if we talk
> about a "small" SME, then may not be an issue, they only have 40 or 50
> devices to renumber (your mileage will vary), not easy but not "terrible".
>
> On the rest of Gert comments, definitively I agree, and specially on our
> big mistake not working further on HNCP.
>
> Regards,
> Jordi
> @jordipalet
>
>
>
> El 22/3/22, 9:31, "v6ops en nombre de Gert Doering" <
> v6ops-bounces@ietf.org en nombre de gert@space.net> escribió:
>
>     Hi,
>
>     On Tue, Mar 22, 2022 at 11:42:12AM +1300, Brian E Carpenter wrote:
>     > I agree with Jordi that multihoming is a genuine impediment. What
> isn't generally realised is that it's a problem of scale when considering
> at least 10,000,000 enterprises, much more than it's a problem of IPv6
> itself.
>
>     What is "an enterprise"?
>
>     My stance on this is that for "largely unmanaged SoHo networks" - which
>     could be called "small enterprise" - dual-enduser-ISP with dual-/48 or
>     NPT66 gets the job done in an easy and scalable way (HNCP would have
>     been great, but IETF politics killed it).
>
>     "Enterprise that truly need their own independent fully managed network
>     with multiple ISP uplinks and fully routed independent address space"
>     are probably way less than 10 million...
>
>     Half of them do not want Internet access anyway, just access to their
>     ALGs that will do the filtering and TLS inspection and everything, and
>     then out to the Internet as a new TCP session (= could be done with
>     DMZ islands of upstream-provider-allocated space just fine).
>
>
>     We need to work on our marketing regarding multihoming.  "What is it
> that
>     you get, what is the cost, which of the variants do you want, and
> why...?"
>
>     Gert Doering
>             -- NetMaster
>     --
>     have you enabled IPv6 on something today...?
>
>     SpaceNet AG                      Vorstand: Sebastian v. Bomhard,
> Michael Emmer
>     Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A.
> Grundner-Culemann
>     D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
>     Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279
>
>     _______________________________________________
>     v6ops mailing list
>     v6ops@ietf.org
>     https://www.ietf.org/mailman/listinfo/v6ops
>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the exclusive use of
> the individual(s) named above and further non-explicilty authorized
> disclosure, copying, distribution or use of the contents of this
> information, even if partially, including attached files, is strictly
> prohibited and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying, distribution or
> use of the contents of this information, even if partially, including
> attached files, is strictly prohibited, will be considered a criminal
> offense, so you must reply to the original sender to inform about this
> communication and delete it.
>
>
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>
> _______________________________________________ v6ops mailing list
> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the exclusive use of
> the individual(s) named above and further non-explicilty authorized
> disclosure, copying, distribution or use of the contents of this
> information, even if partially, including attached files, is strictly
> prohibited and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying, distribution or
> use of the contents of this information, even if partially, including
> attached files, is strictly prohibited, will be considered a criminal
> offense, so you must reply to the original sender to inform about this
> communication and delete it.
>
> _______________________________________________ v6ops mailing list
> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the exclusive use of
> the individual(s) named above and further non-explicilty authorized
> disclosure, copying, distribution or use of the contents of this
> information, even if partially, including attached files, is strictly
> prohibited and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying, distribution or
> use of the contents of this information, even if partially, including
> attached files, is strictly prohibited, will be considered a criminal
> offense, so you must reply to the original sender to inform about this
> communication and delete it.
>
> _______________________________________________ v6ops mailing list
> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the exclusive use of
> the individual(s) named above and further non-explicilty authorized
> disclosure, copying, distribution or use of the contents of this
> information, even if partially, including attached files, is strictly
> prohibited and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying, distribution or
> use of the contents of this information, even if partially, including
> attached files, is strictly prohibited, will be considered a criminal
> offense, so you must reply to the original sender to inform about this
> communication and delete it.
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>