IETF Logo Mail Archive

Re: [v6ops] draft-vf-v6ops-ipv6-deployment

Alexandre Petrescu <alexandre.petrescu@gmail.com> Wed, 24 March 2021 15:12 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9372E3A2E6E for <v6ops@ietfa.amsl.com>; Wed, 24 Mar 2021 08:12:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.924
X-Spam-Level: *
X-Spam-Status: No, score=1.924 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, IP_LINK_PLUS=0.012, NICE_REPLY_A=-0.001, NML_ADSP_CUSTOM_MED=0.9, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iqqGlWE0Uy_F for <v6ops@ietfa.amsl.com>; Wed, 24 Mar 2021 08:12:27 -0700 (PDT)
Received: from oxalide-smtp-out.extra.cea.fr (oxalide-smtp-out.extra.cea.fr [132.168.224.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8246C3A2E65 for <v6ops@ietf.org>; Wed, 24 Mar 2021 08:12:27 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 12OFCPIi026809 for <v6ops@ietf.org>; Wed, 24 Mar 2021 16:12:25 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 756CF204249 for <v6ops@ietf.org>; Wed, 24 Mar 2021 16:12:25 +0100 (CET)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 6B81C2041B7 for <v6ops@ietf.org>; Wed, 24 Mar 2021 16:12:25 +0100 (CET)
Received: from [10.14.9.240] ([10.14.9.240]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 12OFCOrw021707 for <v6ops@ietf.org>; Wed, 24 Mar 2021 16:12:24 +0100
To: v6ops@ietf.org
References: <BL0PR05MB5316425C5650B5D2FE43DE4DAE6C9@BL0PR05MB5316.namprd05.prod.outlook.com> <CAB75xn4ioyzQ5AvUrPKVyuybjZRV__Tv1OMs70Lm-z9bo1Eo6g@mail.gmail.com> <74d6dca7019f44aba09caf47ef703e2f@huawei.com> <CAB75xn7=swhtwqRuV6SoWoMO7jtCcPCc02XiVpAjE=VUx8CyaQ@mail.gmail.com> <6059897e.1c69fb81.ac270.d863SMTPIN_ADDED_BROKEN@mx.google.com> <749643a7-313f-4bd1-8bb8-7dc26d830070@gmail.com> <605aae8f.1c69fb81.8a8ed.04b7SMTPIN_ADDED_BROKEN@mx.google.com> <35c4cf4f-0128-dff6-27a3-4cc868539f7f@gmail.com> <9614BF99-431D-4046-9762-0F111AFBB27D@consulintel.es> <a498117e-4834-41f8-5c90-ad7734d07220@hit.bme.hu> <e770fec1-2189-f683-6c74-36e32541c53d@gmail.com> <abe65114-d9c9-10ee-2c78-449051acbb61@hit.bme.hu> <3c50c72b-b606-a6cf-3095-f08ad48eecf5@gmail.com> <2A0C2B40-2DA4-4941-A09F-5BD31EDA3301@consulintel.es>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <2e64b426-3a0a-b5f8-0306-005e9f1023d0@gmail.com>
Date: Wed, 24 Mar 2021 16:12:24 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1
MIME-Version: 1.0
In-Reply-To: <2A0C2B40-2DA4-4941-A09F-5BD31EDA3301@consulintel.es>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/MhRK-39lzpA3VoqWFEpD82PrpUE>
Subject: Re: [v6ops] draft-vf-v6ops-ipv6-deployment
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2021 15:12:33 -0000


Le 24/03/2021 à 15:48, JORDI PALET MARTINEZ a écrit :
> I think you need to read the NAT64 and related RFCs ...
> 
> If your ISP doesn't offer the NAT64, then it is really bad to use 
> IPv6-only in your network.

?

No no, I live well in the IPv6 world without NAT64... I dont understand
why NAT64 is so required?

> I may understand that you do that as an experiment, but then you can
> setup your own NAT64, it is really simple in any Linux or even an
> OpenWRT CPE.

I dont want to set up new boxes at home.  It is indeed possible, but at 
this time I do not want.

> You may also setup a DNS64 and I will suggest also to setup a CLAT, 
> all that can be done via VMs, even a single VM in your own network.

YEs, that is possible too.

But can I do without it please?

Does IPv6 mandate the use of DNS64 and NAT64?

Alex

> 
> Regards, Jordi @jordipalet
> 
> 
> 
> El 24/3/21 15:33, "v6ops en nombre de Alexandre Petrescu" 
> <v6ops-bounces@ietf.org en nombre de alexandre.petrescu@gmail.com> 
> escribió:
> 
> Hi, Gabor,
> 
> Thanks for the reply.  Allow me to continue this discussion.
> 
> Le 24/03/2021 à 13:11, Gabor LENCSE a écrit :
>> Dear Alex,
>> 
>> I meant that you need to do the address synthesis manually. I 
>> intended the 64:ff9b::/96 WKP only as an example.
> 
> As a side note,  I think that 64:ff9b::/96 prefix might need a 32bit
>  IID, which is probably forbidden by the IPv6 Addressing
> Architecture RFC 4291 ("For all unicast addresses, except those that
> start with the binary value 000, Interface IDs are required to be 64
> bits long").
> 
> This is not to say that I disagree with the 64:: prefix, but maybe 
> point to what appears to me to be a slight incoherency.
> 
>> First, you need to find out the NAT64 prefix used by your ISP. (RFC
>> 7050 describes the process.)
> 
> I wanted to ask: do you mean the NAT64 prefix that my ISP uses, or 
> the ISP that the data provider (the URL in question) uses?
> 
> I am saying this because I think my ISP does not provide NAT64 
> service to home.  It is probably an optional feature.
> 
>> Then, you can synthesize and use the proper IPv4-Embedded IPv6 
>> Address. (I hope that the IPv6 routing will find the NAT64 gateway
>>  based on the NAT64 prefix.)
>> 
>> Of course, it is just a hack, DNS64 makes our life easier, if the 
>> IPv4 only server is registered in the DNS system. And, naturally, 
>> the real solution is that the server should have an IPv6 address. 
>> :-)
> 
> Yes, I agree with it too.
> 
> Alex
> 
>> 
>> Best regards,
>> 
>> Gábor
>> 
>> On 3/24/2021 10:59 AM, Alexandre Petrescu wrote:
>>> 
>>> :-)
>>> 
>>> 
>>> Le 24/03/2021 à 09:39, Gabor LENCSE a écrit :
>>>> Of course, it is better to use DNS,
>>> 
>>> 
>>> I agree.
>>> 
>>> 
>>>> but if you have only an IPv4 literal AND you know the NAT64 
>>>> prefix used in your network, then you can synthesize the (RFC 
>>>> 6052) IPv4-embedded IPv6 address manually. :-)
>>> 
>>> 
>>> For that to work there is a need to implement some conversion in 
>>> a network box (NAT64?  464XLAT?) _and_ in the client.
>>> 
>>> 
>>>> 
>>>> The URL would look like:
>>>> 
>>>> https://[64:ff9b::218.2.231.237]:5001/cgi-bin/generate
>>> 
>>> 
>>> thanks for the converted URL.
>>> 
>>> I clicked on it in my Mail User Agent (MUA) client Thunderbird on
>>> an IPv6-only PC and it quickly complains about something that 
>>> might relate to security.  It complains about it very quickly, 
>>> there is no circling pointing to wait for response of 
>>> discoverying some server in the infra, or waiting reply from a 
>>> site.
>>> 
>>> It says: "The link text indicates 'A' but it leads to 'A'" where 
>>> A is the hex text with ":" everywhere converted from the hex you
>>>  provided above containing 4 dots.  Remark A is the same as A, 
>>> and the error reporting is wrong.  That is a client problem that
>>>  deserves correction (a bug).
>>> 
>>> But it is a larger client problem too in that clients on PCs dont
>>> have that support for '64::' addresses.  Smartphones might have
>>> that support.  I am not sure it is good to consider that lack of
>>> implementation of "64::" addresses in clients to be a bug.
>>> 
>>> 
>>> Alex
>>> 
>>> PS: for firefox: when I copy paste that URL 
>>> https://[64:ff9b::218.2.231.237]:5001/cgi-bin/generate on my 
>>> address bar of web browser firefox on my IPv6-only PC it tries to
>>> connect to something, waitslike 10 seconds, and then firefox 
>>> reports 'The wait delay has been reached' (translated) and stops
>>>  waiting.  Firefox is also affected by this problem in
>>> protocols.
>>> 
>>> 
>>>> 
>>>> Hopefully, your ISP uses a Network-Specific Prefix, and not the
>>>> NAT64 Well-Known Prefix.
>>>> 
>>>> Gábor
>>>> 
>>>> On 3/24/2021 9:02 AM, JORDI PALET MARTINEZ wrote:
>>>>> It will be much better to use DNS, not literals!
>>>>> 
>>>>> You probably don't see that from an IPv6-only network because
>>>>> it is a literal (if you have NAT64+DNS64 it will work with
>>>>> DNS, if you have 464XLAT it will also work with a literal
>>>>> IPv4).
>>>>> 
>>>>> El 24/3/21 8:53, "v6ops en nombre de Alexandre Petrescu" 
>>>>> <v6ops-bounces@ietf.org en nombre de 
>>>>> alexandre.petrescu@gmail.com> escribió:
>>>>> 
>>>>> 
>>>>> 
>>>>> Le 24/03/2021 à 04:14, hsyu a écrit :
>>>>>> Dear Paolo and  Alexandre,
>>>>>> 
>>>>>> Thank you very much for your interest in this website. This
>>>>>> is a test website, and the current data still
>>>>> needs
>>>>>> further confirmation. Therefore, I will post it after the
>>>>> data is corrected.
>>>>> 
>>>>> Hi,
>>>>> 
>>>>> Thank you for the reply.
>>>>> 
>>>>> The data on the website might be correct already.  I can see
>>>>>  it on an IPv4 connection.
>>>>> 
>>>>> But the access to that data should be on IPv6 too, not only 
>>>>> on IPv4.
>>>>> 
>>>>> Ideally, one should add an IPv6 address to the computer's 
>>>>> interface. Then the URL would be something like 
>>>>> https://[2001:db8:1::1]:5001/cgi-bin/generate (attention that
>>>>> is an IPv6 address for documentation, do not put that 
>>>>> particular address on the interface)
>>>>> 
>>>>> Alex
>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Haisheng Yu(Johnson) hsyu@cfiec.net
>>>>>> 
>>>>>> 
>>>>> <https://maas.mail.163.com/dashi-web-extend/html/proSignature.html?ftlId=1&name=Haisheng+Yu%28Johnson%29&uid=hsyu%40cfiec.net&iconUrl=https%3A%2F%2Fmail-online.nosdn.127.net%2Fsm50a1433bca9fb284d4265d35e9ed54d3.jpg&items=%5B%22%22%2C%22hsyu%40cfiec.net%22%2C%22%22%2C%22%22%2C%22%22%5D>
>
>>>>>
>>>>> 
>>>> 
>>>>> 
>>>>> 
>> 
>>>>>> 签名由 网易邮箱大师
>>>>> <https://mail.163.com/dashi/dlpro.html?from=mail81>
>>>>>> 定制 On 3/24/2021 02:14,Alexandre
>>>>> Petrescu<alexandre.petrescu@gmail.com>
>>>>>> <mailto:alexandre.petrescu@gmail.com> wrote:
>>>>>> 
>>>>>> Hi,
>>>>>> 
>>>>>> Thank you for the link in China about IPv6 deployment.
>>>>>> 
>>>>>> But I can not see it :-(
>>>>>> 
>>>>>> When I copy paste that link
>>>>> (http://218.2.231.237:5001/cgi-bin/generate)
>>>>>> in my web browser  it responds that the connection has
>>>>> failed.  I use an
>>>>>> IPv6-only computer (Windows with IPv4 unchecked in the
>>>>> interface
>>>>>> Properties).
>>>>>> 
>>>>>> Ideally, one would put data about IPv6 on a server that
>>>>> is also capable
>>>>>> of doing IPv6.
>>>>>> 
>>>>>> Maybe one can put an IPv6 address on the server
>>>>> 218.2.231.237?
>>>>>> 
>>>>>> Alex
>>>>>> 
>>>>>> 
>>>>>> Le 23/03/2021 à 07:21, hsyu a écrit :
>>>>>> 
>>>>>> Hi Paolo, I can also provide some data on the
>>>>> deployment of IPv6 in
>>>>>> China. http://218.2.231.237:5001/cgi-bin/generate
>>>>>> 
>>>>>> Best regards.
>>>>>> 
>>>>>> Haisheng Yu(Johnson) hsyu@cfiec.net
>>>>>> 
>>>>>> 
>>>>> <https://maas.mail.163.com/dashi-web-extend/html/proSignature.html?ftlId=1&name=Haisheng+Yu%28Johnson%29&uid=hsyu%40cfiec.net&iconUrl=https%3A%2F%2Fmail-online.nosdn.127.net%2Fsm50a1433bca9fb284d4265d35e9ed54d3.jpg&items=%5B%22%22%2C%22hsyu%40cfiec.net%22%2C%22%22%2C%22%22%2C%22%22%5D>
>
>>>>>
>>>>> 
>>>> 
>>>>> 
>>>>> 
>> 
>>>>>> 
>>>>>> 签名由 网易邮箱大师 <https://mail.163.com/dashi 
>>>>>> /dlpro.html?from=mail81> 定制 On 3/23/2021 12:40,Dhruv 
>>>>>> Dhody<dhruv.ietf@gmail.com> <mailto:dhruv.ietf@gmail.com> 
>>>>>> wrote:
>>>>>> 
>>>>>> Hi Paolo,
>>>>>> 
>>>>>> I think we should highlight that we do not have
>>>>> visibility
>>>>>> inside the enterprises beyond the external-facing website 
>>>>>> or
>>>>>> 
>>>>> email and thus it
>>>>>> is also difficult to gauge the IPv6 deployments
>>>>> inside enterprises.
>>>>>> 
>>>>>> [PV] Ok. Probably here you refer to small-medium
>>>>> enterprises. For
>>>>>> large enterprises public data on the usage of IPv6
>>>>> can be retrieved
>>>>>> (Nalini, in copy, provided a good input on IPv6 in large 
>>>>>> organizations). We will better specify this point in
>>>>> the next
>>>>>> version of the draft.
>>>>>> 
>>>>>> 
>>>>>> I had this NIST data in mind - 
>>>>>> https://fedv6-deployment.antd.nist.gov/cgi-bin/generate-com
>
>>>>>>
>>>>>> 
>>>> which
>>>>>> includes large enterprises and relies on DNS, mail,
>>>>> external
>>>>>> website. Also, see Eric's site - 
>>>>>> https://www.vyncke.org/ipv6status/detailed.php?country=in
>>>>>> 
>>>>>> Thanks! Dhruv
>>>>>> 
>>>>>> _______________________________________________ v6ops 
>>>>>> mailing
>>>>>> 
>>>>> list
>>>>>> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________ v6ops 
>>>>>> mailing
>>>>>> 
>>>>> list
>>>>>> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>>>>>> 
>>>>> 
>>>>> _______________________________________________ v6ops mailing
>>>>> list v6ops@ietf.org 
>>>>> https://www.ietf.org/mailman/listinfo/v6ops
>>>>> 
>>>>> 
>>>>> 
>>>>> ********************************************** IPv4 is over 
>>>>> Are you ready for the new Internet ? 
>>>>> http://www.theipv6company.com The IPv6 Company
>>>>> 
>>>>> This electronic message contains information which may be 
>>>>> privileged or confidential. The information is intended to be
>>>>> for the exclusive use of the individual(s) named above and
>>>>> further non-explicilty authorized disclosure, copying, 
>>>>> distribution or use of the contents of this information, even
>>>>> if partially, including attached files, is strictly 
>>>>> prohibited and will be considered a criminal offense. If you 
>>>>> are not the intended recipient be aware that any disclosure, 
>>>>> copying, distribution or use of the contents of this 
>>>>> information, even if partially, including attached files, is 
>>>>> strictly prohibited, will be considered a criminal offense, 
>>>>> so you must reply to the original sender to inform about
>>>>> this communication and delete it.
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________ v6ops mailing
>>>>> list v6ops@ietf.org 
>>>>> https://www.ietf.org/mailman/listinfo/v6ops
>>>>> 
>>>> 
>>>> _______________________________________________ v6ops mailing 
>>>> list v6ops@ietf.org 
>>>> https://www.ietf.org/mailman/listinfo/v6ops
>>> 
>>> _______________________________________________ v6ops mailing 
>>> list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
> 
> _______________________________________________ v6ops mailing list 
> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
> 
> 
> 
> ********************************************** IPv4 is over Are you 
> ready for the new Internet ? http://www.theipv6company.com The IPv6 
> Company
> 
> This electronic message contains information which may be privileged 
> or confidential. The information is intended to be for the exclusive 
> use of the individual(s) named above and further non-explicilty 
> authorized disclosure, copying, distribution or use of the contents 
> of this information, even if partially, including attached files, is 
> strictly prohibited and will be considered a criminal offense. If
> you are not the intended recipient be aware that any disclosure,
> copying, distribution or use of the contents of this information,
> even if partially, including attached files, is strictly prohibited,
> will be considered a criminal offense, so you must reply to the
> original sender to inform about this communication and delete it.
> 
> 
> 
> _______________________________________________ v6ops mailing list 
> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email