Re: [v6ops] Our IPv6-only home network and future experiments
Brian Candler <brian@nsrc.org> Mon, 15 April 2024 08:13 UTC
Return-Path: <brian@nsrc.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 648EAC14EB17 for <v6ops@ietfa.amsl.com>; Mon, 15 Apr 2024 01:13:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.852
X-Spam-Level:
X-Spam-Status: No, score=-5.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nsrc.org header.b="liAZJtNA"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="L5lkErJg"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rWJEUjPSOb7i for <v6ops@ietfa.amsl.com>; Mon, 15 Apr 2024 01:13:53 -0700 (PDT)
Received: from fout8-smtp.messagingengine.com (fout8-smtp.messagingengine.com [103.168.172.151]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4344FC14F708 for <v6ops@ietf.org>; Mon, 15 Apr 2024 01:13:53 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailfout.nyi.internal (Postfix) with ESMTP id 4359813804ED; Mon, 15 Apr 2024 04:13:52 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Mon, 15 Apr 2024 04:13:52 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nsrc.org; h=cc :content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1713168832; x=1713255232; bh=VTL5kGJ8oy 3J9ekT6QF8xtYuwzl++dcPLcsbc89No5E=; b=liAZJtNAUJpNGaeEnbIUFKKrhd 8UdvzByhEQAviqTxW8z71d9umUTFzOgt7IvBZ3Al/syUgZNKlGYYNypA8sG5Gt1H ivTBBI83upQbI2iYl4s+j+FC27eY/aguLrMEguvww3PluzcLLYdPzpQDenM1YFGB FiwUmi9awWUXvdOlMO/2Iv9a0DSof0rkUhiV1U5F2dovLimxoxfQDosQDAf70bmU JAQhu5XmBswyrtRNEzYxcCKX3w5DelWu9UZpwBys+CPyF/ftFleEqBibDtDSW5Ht 55UK+OeEiWtmvaJIUykNgPxEGjOANFBslut6DSZ2vz/RhgSfEBk6v2X4InAA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1713168832; x=1713255232; bh=VTL5kGJ8oy3J9ekT6QF8xtYuwzl+ +dcPLcsbc89No5E=; b=L5lkErJgKpPahVAXSagavHc4MoA2FB/BJdQRF8U0hX8c Poeb/RthdXRPoorsxbzj3Jx0/7yipB3l7SdBw0SXVG3o3CJnRD6a1QbM0TeIgfjp 0z7EPHTZ/uHvgGQX8SiGP/b77thUKkz0U8g2/2MIjuAgwiy+fFPmbeejAbX33K/h H7y9Y9f87foRY3iCYmW8NXAR+RsDC1TG8vPN0MrP51KKOhnf8ddKHzeG/dRKYiJx VP3rVPGGnm4uIcRkUNc2PR6YbBc64l6jFf+hUb1jnBrDFkAzIYuqguZ7sB1ZOStl 6daJvbLWyxooXwjStkMSYKa89v1OKia+RHWre7lsjw==
X-ME-Sender: <xms:wOEcZlpi0NUaOPojCQf0dSaCb8wttarI5IozNfDzHRGUxyftzmVHgA> <xme:wOEcZnrYBEEz08eavjNUk41qj38R1SoxmL21dr0cpSlLKqtd3ctbaycS5yQQvpVob 0G5iWWwoLzKK63yWaU>
X-ME-Received: <xmr:wOEcZiMgZl3XrNlJl2kTMuf_i7g0gqCozkcs4LSLoUIcZEjQN7ibZz1I39d200A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudejvddgtdduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptgfkffggfgfuvfhfhfgjsegrtderredtvdejnecuhfhrohhmpeeurhhirghn ucevrghnughlvghruceosghrihgrnhesnhhsrhgtrdhorhhgqeenucggtffrrghtthgvrh hnpeekhfduleehhfetgfetkeetudeujeeklefhkeehtdfgtdevgeekgffgtdeuteefkeen ucffohhmrghinhepuddruddruddrudenucevlhhushhtvghrufhiiigvpedtnecurfgrrh grmhepmhgrihhlfhhrohhmpegsrhhirghnsehnshhrtgdrohhrgh
X-ME-Proxy: <xmx:wOEcZg6NgsQFS092nBZs623CG8kEiVeHy7RifW5OMQiuzz-U655ITw> <xmx:wOEcZk5nfF9xpYuJX4QfFEUxl08LfdrEJKExWZmhF4P-F7BXwzgd9A> <xmx:wOEcZoisls3vQYvjl0Lmcntd62-g4sg5vlNgd_upjgFpvUS0g2DNoA> <xmx:wOEcZm43J1iAnooA7o556fWPf1FQ9ULGRVFOP480UxiKlbG1bOdzsg> <xmx:wOEcZv0FU2LEvKLH7YX1cxMAGzwRto4kc_A9bfv3u3OOJcu-gFtHROJw>
Feedback-ID: i8f09498f:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 15 Apr 2024 04:13:51 -0400 (EDT)
Content-Type: multipart/alternative; boundary="------------D2tkoZ2jeszpW8e5Okhbyai3"
Message-ID: <78b6ef7b-2ca5-455c-a727-f03964fe74b6@nsrc.org>
Date: Mon, 15 Apr 2024 09:13:50 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>, "Soni \"They/Them\" L." <fakedme+ipv6@gmail.com>, IPv6 Operations <v6ops@ietf.org>
References: <91ee2782-c98a-4ccf-ae8f-71be571420b6@gmail.com> <7b89e8bd81674a61b364e1fec4176006@huawei.com> <5e65b7b4-b112-4875-a603-22b5e570619a@nsrc.org> <14eff54c01c24e0190397afff768efbb@huawei.com>
From: Brian Candler <brian@nsrc.org>
In-Reply-To: <14eff54c01c24e0190397afff768efbb@huawei.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/P_TQXQz6iYD6QX-wC214FlsHhkc>
Subject: Re: [v6ops] Our IPv6-only home network and future experiments
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2024 08:13:58 -0000
On 15/04/2024 08:47, Vasilenko Eduard wrote: > > OK. It looks like you want to avoid centralized DNS64, but still use > NAT64 (and pref64). > We spend our lives trying to make the DNS trustworthy, but DNS64 destroys that by giving out fake information. In any case, DNS64 doesn't work for IP literals. You should try running 464XLAT on an IPv6-only network some time: you can do "ping 8.8.8.8" and it works fine. Most end-users don't use IP literals (even though https://1.1.1.1/ is a thing). But for sophisticated users, especially network engineers, it's an extremely useful thing to be able to use. > By the way, how NAT64 prefix would become available for libc **at the > compilation time** (on a host in a different organization). > > Or libc should get pref64 from the host at the run time? > The latter. > My doubt is still applicable: > > If you have to change application then it is better to change it to IPv6. > The applications at the end-user (consumer) side are already IPv6-ready and don't need changing. The problem here is that the vast majority of Internet content is only present with IPv4 addresses, and will be for a very long time - possibly forever. At the consumer side, for the last 25+ years we've been telling people to run dual-stack. Most edge networks have rejected this, IMO quite understandably. They get all the pain (double addressing plans, double attack surface, double sets of firewall rules etc etc) with almost zero benefit, since everything they want is reachable via the IPv4 leg anyway. Or to put it bluntly: dual stack is the problem, not the solution. The only way I see out of this quandry is to make it realistic to run single-stack, IPv6-only networks at the access side. And that means having a usable mechanism to access IPv4-only content. An embedded CLAT gives this. Traditional embedded CLATs appears as a local pseudo-device with IP address 192.0.2.2, and you point IPv4 default route at 192.0.2.1. macOS, iOS, Android all have this, and soon Windows. It works, but it's clunky, and it relies on an IPv4 stack in the kernel. The initiative here is to try a different approach for Unix-like systems: one which is lightweight and requires fewer changes. Regards, Brian.
- [v6ops] Our IPv6-only home network and future exp… Soni "They/Them" L.
- Re: [v6ops] Our IPv6-only home network and future… Brian Candler
- Re: [v6ops] Our IPv6-only home network and future… Soni "They/Them" L.
- Re: [v6ops] Our IPv6-only home network and future… Brian Candler
- Re: [v6ops] Our IPv6-only home network and future… Tore Anderson
- Re: [v6ops] Our IPv6-only home network and future… Tore Anderson
- Re: [v6ops] Our IPv6-only home network and future… Brian Candler
- Re: [v6ops] Our IPv6-only home network and future… Soni "They/Them" L.
- Re: [v6ops] Our IPv6-only home network and future… Brian Candler
- Re: [v6ops] Our IPv6-only home network and future… Ole Trøan
- Re: [v6ops] Our IPv6-only home network and future… Vasilenko Eduard
- Re: [v6ops] Our IPv6-only home network and future… Gert Doering
- Re: [v6ops] Our IPv6-only home network and future… Vasilenko Eduard
- Re: [v6ops] Our IPv6-only home network and future… Gert Doering
- Re: [v6ops] Our IPv6-only home network and future… Vasilenko Eduard
- Re: [v6ops] Our IPv6-only home network and future… Vasilenko Eduard
- Re: [v6ops] Our IPv6-only home network and future… Brian Candler
- Re: [v6ops] Our IPv6-only home network and future… Vasilenko Eduard
- Re: [v6ops] Our IPv6-only home network and future… Brian Candler
- Re: [v6ops] Our IPv6-only home network and future… Gert Doering
- Re: [v6ops] Our IPv6-only home network and future… Brian Candler
- Re: [v6ops] Our IPv6-only home network and future… Vasilenko Eduard
- Re: [v6ops] Our IPv6-only home network and future… Gert Doering