Re: [v6ops] About Req for Comments - "Transition to IPv6"

[Owen DeLong <owen@delong.com>]

> On Mar 9, 2020, at 01:42 , JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org> wrote:
> 
> Hi Clark,
>  
> El 8/3/20 12:38, "v6ops en nombre de Clark Gaylord" <v6ops-bounces@ietf.org <mailto:v6ops-bounces@ietf.org> en nombre de cgaylord@vt.edu <mailto:cgaylord@vt.edu>> escribió:
>  
> It seems to me the context of the OMB guidance is relevant to the question of "IPv6-only". The draft memo is reasonably good at this, but succinctly something like "agency internal networks use single-stack IPv6 with any 
>  
> [Jordi] I don’t think is so clear. Footnote 4 “IPv6-Only refers to network environments in which use of the IPv4 protocol has been eliminated” will be much clear if it says “IPv6-Only refers to network environments in which use of the *native* IPv4 protocol has been eliminated”.

I don’t believe that what you propose is the intent in the memo.

I believe they intend to eliminate the use of ALL IPv4, not just native IPv4 on government networks.
 
> If a Federal office decides to have its DC with IPv6-only, then IPv4-only users will not be able to access it. In that case the DC must use, for example SIIT-DC. That will mean that the DC (internally) is IPv6-only, but the DC-to-Internet is dual-stack, in order to be able to use SIIT-DC.

I believe that _IS_ the intent (no support for SIIT/NAT64/etc.).

Remember, this is referring to the INTERNAL networks of the federal government agencies… Not the public-facing networks.

Unless I misread the memo, the intent is to preserve dual-stack functionality on public-facing services, but ensure that there are no remaining IPv4 dependencies in providing those services over IPv6.
 
> Furthermore, footnote 5, “Note that for public Internet services, maintaining viable IPv4 interfaces and transition mechanisms at the edge of service infrastructure may be necessary for additional time, but this does not preclude operating the backend infrastructure as IPv6-only.” Is precisely saying that.

Correct.
 
> It may happen that some of the LANs in the Federal office itself, are dual-stack still. Otherwise, employees will not be able to use Internet resources that don’t work well with NAT64+DNS64, for example, web sites or apps that use literal IPv4-addresses and are out of the control of the Federal office. So, in this case they still need to use IPv4aaS.

That’s not the desired outcome in this process.

Indeed, my impression is that the government is, through this memo, intending to put suppliers and web sites on notice that if they do not have IPv6 accessibility they are likely to lose their government customers.

I see that as a good thing.
 
> external connectivity supporting IPv6. External connectivity that requires connectivity to legacy Internet hosts can be accomplished via appropriate gateway technologies such as NAT64". A provision for "specific applications where IPv6 is not supportable may be able to use internal gateway technologies such as 464XLAT with a plan for migration to support IPv6 natively." These aren't exact quotes, just my suggested ideas, but this seems to capture the spirit of the initiative.

I don’t think that’s the actual spirit of the initiative…

See above.

Owen