IETF Logo Mail Archive

Re: [v6ops] Thoughts about wider operational input

Ted Lemon <mellon@fugue.com> Tue, 22 March 2022 21:04 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0C083A111A for <v6ops@ietfa.amsl.com>; Tue, 22 Mar 2022 14:04:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZvXDfV4vDzGc for <v6ops@ietfa.amsl.com>; Tue, 22 Mar 2022 14:04:12 -0700 (PDT)
Received: from mail-ot1-x32b.google.com (mail-ot1-x32b.google.com [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FEDD3A1117 for <v6ops@ietf.org>; Tue, 22 Mar 2022 14:04:12 -0700 (PDT)
Received: by mail-ot1-x32b.google.com with SMTP id z9-20020a05683020c900b005b22bf41872so13367745otq.13 for <v6ops@ietf.org>; Tue, 22 Mar 2022 14:04:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eCWifiaI6Q3bEed0ad0y08MH4kj5apSGLb64mQ3PPo0=; b=Y6xcMCGILpYeE+EGnfDLAj16HnJMkhq61AcUcSW6JxfBBd0ZXgkKelroSP85qa0Xro RSyf8w9xoavE4lD5QXr4m+gth2Dq0OjI3dIkpwXXif5B+ICBtM8SSgvvkVX2wlwJGTt/ eNo4LWPuNVpR51pF/yr9972pbMlluHQsDoKR1PrmGsPGZ2sBiVMhL1HgZrbMCfeUO7WQ jM/1FKEwYZ4LXz5n6kjqaroK3dLIjtcxnaYkvQuhMFiccPuUBJYWBrSrRru7/D68mCv2 iJRzCYXQpUujnjIv473eE3KMT8yGOJgzLA7+O8D7L7HlPTdex9pv9DdRpJ51eIbxhKJ9 TjZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eCWifiaI6Q3bEed0ad0y08MH4kj5apSGLb64mQ3PPo0=; b=GdtgiwHWO3q6QLW6OqBVk0gsfeDwHY6MsBTMGojQPUCJmrF7iEj4Jpdsi5IWavFsL2 GyZhERClCU+0cHaRDz+7aJCHROOoKaBrO6IsFx/95KbeMO3/XY+YU2fve9uos6CgfrP9 V1FqEr8IUh2clnNiQVdxQbuBfjTb3LjWwGvveAQauOvlU8jQSvGSgwIT1TGjgALsSSER wZSn2R0/GLH1UUOYTDarpS5IjpedbvcHQWD0epZkX0XKzKWkb6gw5v9lNrvTeAT+hkPq BJsSPkhLy9FWZT66l3ewqc6DFXiDba3ClRyhRqicZ5VSAQYQMuXtfKW4ZdoMJOssPPRk vXHA==
X-Gm-Message-State: AOAM530/ow1HPP6P6XjcT+/m2BXC6lBRPK6lE52Dw5oqewkqCNPOwH6b bWLv5DHJ1RlVWR+Dy6xZvIsI2fb1/wa0hlA1JZWniQ==
X-Google-Smtp-Source: ABdhPJw4gn+YcNKmlEjl2/RenoalB3uNO+eqnpss/E17VR6WKRQrBD66yf5E3RgWkknb9590twY3tkhVr1nFTagLgk4=
X-Received: by 2002:a9d:6f0a:0:b0:5b2:4473:107c with SMTP id n10-20020a9d6f0a000000b005b24473107cmr10751491otq.285.1647983051695; Tue, 22 Mar 2022 14:04:11 -0700 (PDT)
MIME-Version: 1.0
References: <52661a3d-75dc-111a-3f23-09b10d7cb8d4@gmail.com> <A72CDDDB-CDCE-4EAF-B95E-997C764DB2C4@gmail.com> <9175dc32-45c1-e948-c20a-3bcc958b77b9@gmail.com> <YjmJQMNgnJoSInUw@Space.Net> <fd17a91f-68dc-92b5-0544-51aefa1b7f08@gmail.com> <CAM5+tA-Wq5O4pjQ++VZQi-FTKZGMRAW-LFc6O5dPOyox4QZDEw@mail.gmail.com> <CAPt1N1mK=Xgtt+aYa4ga8YqK2XYhCdQUPrwgVU8xstH+F_RAfQ@mail.gmail.com> <CAM5+tA9zhMpJ1s8keoL8eoEMej5tOM=-imXypHEreUa3wOrt5Q@mail.gmail.com>
In-Reply-To: <CAM5+tA9zhMpJ1s8keoL8eoEMej5tOM=-imXypHEreUa3wOrt5Q@mail.gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Tue, 22 Mar 2022 22:03:35 +0100
Message-ID: <CAPt1N1kC9H46a+SUA6B8W8JoNmnb48f9mJj3i6vOQ8pp5d=yxg@mail.gmail.com>
To: buraglio@es.net
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, v6ops@ietf.org
Content-Type: multipart/alternative; boundary="000000000000647ae405dad4f436"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/OBV3QCZ4BQqRdux0T8SK2k4zG7c>
Subject: Re: [v6ops] Thoughts about wider operational input
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2022 21:04:18 -0000

Oh, now that's really interesting. I'm glad I asked the clarifying
question. So when you have a host with a ULA, it doesn't try to do NAT64 I
guess because it thinks it needs a GUA to do that?

On Tue, Mar 22, 2022 at 9:35 PM Nick Buraglio <buraglio@es.net> wrote:

> Yes, I know I have harped on this many times and have posted some
> simple examples of the behavior to the list. My experience has been, and
> continues to be, that if I have dual stacked hosts with A and AAAA records,
> and the IPv6 clients are using ULA that IPv6 is never used. In an IPv6-only
> environment ULA has no higher priority protocol to supersede the ULA. In
> the context of transitioning to an IPv6 world, it is fairly unrealistic to
> assume any kind of greenfield, and dual-stack is by and large the standard
> "permanently temporary" solution for the vast majority of implementations.
> So in this context, which has been 99% of what I have seen until I began
> working on the IPv6-only implementation mandated by the USG OMB-M-21-07
> document, that was the de facto standard (and will continue to be for
> enterprise deployments, in my opinion).
> I would be happy to be incorrect about this, honestly it would make my
> work-life easier if I was. So, yes, I fully acknowledge that your use case
> is absolutely the right one for ULA. For doing a transition in an existing
> network (which circles back the the original topic of this thread: getting
> enterprises to use IPv6 in a meaningful way), this is a really well put
> together descriptions of the every-day implications of trying to use ULA:
> https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networks/
>
> nb
>
>
>
>
>
> On Tue, Mar 22, 2022 at 3:20 PM Ted Lemon <mellon@fugue.com> wrote:
>
>> I'm sure you believe this assertion, Nick, but you haven't given us any
>> way of understanding why you believe this. In fact we're using ULAs in the
>> Thread Border Router to enable IPv6 communication between different
>> subnets, which literally could not be done with IPv4. So at least for this
>> use case, ULAs work well. Would it work better to have a GUA? Comme ci
>> comme ça. On the one hand, prefix delegation and real routing would make
>> the solution more general. On the other, GUAs are great for reaching out to
>> the internet, which we may or may not want light bulbs to be able to do.
>>
>> On Tue, Mar 22, 2022 at 9:13 PM Nick Buraglio <buraglio@es.net> wrote:
>>
>>> ULA is an operational non-starter in the presence of any dual stacked
>>> hosts.  Per its design, it just won't ever use IPv6 in any meaningful way
>>> and that time and effort are better served on adding GUA addressing of one
>>> kind or another.
>>>
>>> nb
>>>
>>>
>>>
>>> On Tue, Mar 22, 2022 at 2:55 PM Brian E Carpenter <
>>> brian.e.carpenter@gmail.com> wrote:
>>>
>>>> Hi Gert,
>>>>
>>>> I see that the discussion has been going on while I was sleeping, but I
>>>> want to clarify below...
>>>> On 22-Mar-22 21:30, Gert Doering wrote:
>>>> > Hi,
>>>> >
>>>> > On Tue, Mar 22, 2022 at 11:42:12AM +1300, Brian E Carpenter wrote:
>>>> >> I agree with Jordi that multihoming is a genuine impediment. What
>>>> isn't generally realised is that it's a problem of scale when considering
>>>> at least 10,000,000 enterprises, much more than it's a problem of IPv6
>>>> itself.
>>>> >
>>>> > What is "an enterprise"?
>>>> >
>>>> > My stance on this is that for "largely unmanaged SoHo networks" -
>>>> which
>>>> > could be called "small enterprise" - dual-enduser-ISP with dual-/48 or
>>>> > NPT66 gets the job done in an easy and scalable way (HNCP would have
>>>> > been great, but IETF politics killed it).
>>>> >
>>>> > "Enterprise that truly need their own independent fully managed
>>>> network
>>>> > with multiple ISP uplinks and fully routed independent address space"
>>>> > are probably way less than 10 million...
>>>>
>>>> I came up with 10 million quite some years ago as a reasonable estimate
>>>> of the number of medium to large businesses in the world, all of which
>>>> might depend on *reliable* Internet access to survive (and WfH during
>>>> COVID has made this even more important recently). So all of them
>>>> should have two independent paths to the Internet to assure reliability.
>>>> That means two different ISPs (or less good, two completely independent
>>>> paths to the same ISP).
>>>>
>>>> So, if PI addressing is the answer, that really does take us to
>>>> 10M /48s to be routed.
>>>>
>>>> If PA is the answer, that's why I worked on SHIM6 (may it rest in
>>>> peace). Which is why I worked on RFC 8028. If that's not the
>>>> answer, we're back to NPTv6. Possibly even to ULA+NPTv6.
>>>>
>>>> > Half of them do not want Internet access anyway, just access to their
>>>> > ALGs that will do the filtering and TLS inspection and everything, and
>>>> > then out to the Internet as a new TCP session (= could be done with
>>>> > DMZ islands of upstream-provider-allocated space just fine).
>>>> >
>>>> >
>>>> > We need to work on our marketing regarding multihoming.  "What is it
>>>> that
>>>> > you get, what is the cost, which of the variants do you want, and
>>>> why...?"
>>>>
>>>> Yes.
>>>>     Brian
>>>>
>>>> _______________________________________________
>>>> v6ops mailing list
>>>> v6ops@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/v6ops
>>>>
>>> _______________________________________________
>>> v6ops mailing list
>>> v6ops@ietf.org
>>> https://www.ietf.org/mailman/listinfo/v6ops
>>>
>>

v2.23.0 | Report a Bug | By Email