[v6ops] Re: 464XLAT-only networks

Lorenzo Colitti <lorenzo@google.com> Fri, 25 October 2024 22:59 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A96AAC14F70D for <v6ops@ietfa.amsl.com>; Fri, 25 Oct 2024 15:59:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.608
X-Spam-Level:
X-Spam-Status: No, score=-17.608 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DQhaIK0o3eii for <v6ops@ietfa.amsl.com>; Fri, 25 Oct 2024 15:59:10 -0700 (PDT)
Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD44FC14F6E2 for <v6ops@ietf.org>; Fri, 25 Oct 2024 15:59:10 -0700 (PDT)
Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-71ec997ad06so1826649b3a.3 for <v6ops@ietf.org>; Fri, 25 Oct 2024 15:59:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1729897150; x=1730501950; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=gAMkwJiZVZ2ovycUjNqlWqSn212An17mDiH/1487W30=; b=upHCHLhQ1YRmQfZv4tdhJdbFHC7u5qUobYOiZUpadbW1y8iyvH4Y0EF3Jwi9X2cp+D BSMEIkHDPrb8UG7UkLTa/fcnAfr0iysO6O8+N8z+nPLVEmS/JiF1rDCHKbMjdbOs9FuF Xd9nkta7mgC8Lc8FveTQ+OMJO2MfWjwQtx0O8O/oaAK5xrw0JDVsA9GAFmT+i1rrZQvZ wfGpJvDIcqY1GQNvy/bcCJDnGoZocwS9bvzjfvmMief257ob3NmZnSClcjJ66Fsg77Cv 5yZoO0gTxJiYVx2cpPvvnfBAM+Lb3MpcECr2n73MVdC1EGCEV0Kfu1X94DS37Wnwyu1M +E7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729897150; x=1730501950; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gAMkwJiZVZ2ovycUjNqlWqSn212An17mDiH/1487W30=; b=Lhl0q7TEMgHyloqP/u5YcPVqdsdsl/Q96PsYuDV88C1c1E4irNwSPd2STrxcG8GzHF 4qA6UUtSTNzl0OvXf5ddRqaLDBN3xN6/Et5OOYONiZqyhq+syRaJ0j6KB3tTZI+ObTSo fzfvq+6JLdvim6riwouTfTtPrwylRHlvshpkL97+vEoLNa2N/JN9aHYhRPQAmxGX78hD jFOSXnbtbqdxx/wE8/c/5JPZALyaCMsia2W0uK+HnBv20jYWpoiwkR0Axg3hgPEz9dZa 3TGhnsGcst92GQt0LCJPJfe/OS5OZuwUi6+dURxwE/fz/rAHEIBN5zvyqmgSRa5ZwLgY Shfg==
X-Forwarded-Encrypted: i=1; AJvYcCW7l4bOJvxPFZJhnd7bpzxc62J68I01bnqOjhTvvHC3FYjPu2i1LgSua4ygCzaHNCYqS1q+aA==@ietf.org
X-Gm-Message-State: AOJu0Ywxg36joCNdy1/ontiaVyWKN3dE10c++r/H3tCIg4/ePXVlUbET j4yA45Hh7qj/Z/Si0/OzIOej8/TWir3TOaKhcGvxX+P3kJ053zusYGraUNUbGTTp4m4cp+5KAXc ofTOXlSWIgD6oB+pSbmKoTboa187V1r3teWPF1qjatv09XW/D5A==
X-Google-Smtp-Source: AGHT+IHfRxxW9DeWOmX6MMdOsqFQ0/dpyJpApqrUgpVQBtxV6pdwfPetk09eZKkvVUDm+z0qM/ycDEgsenNr1PNmA6Q=
X-Received: by 2002:a05:6a00:1303:b0:71e:7636:3323 with SMTP id d2e1a72fcca58-72062f81c4dmr1828412b3a.7.1729897149854; Fri, 25 Oct 2024 15:59:09 -0700 (PDT)
MIME-Version: 1.0
References: <CA+-cKyPQR8k=PnG+X+Sj1XXwHmioUQQej3Wmx7jzMGFc=NtXLA@mail.gmail.com> <ZxowSz2G_eY3Mkt5@Space.Net> <CA+-cKyMJwLd+EVMNCt7m=-7pt4Tfr5g5aFUxQa5m02c+VSB04w@mail.gmail.com> <Zxo6mVmCPnYEDVjo@Space.Net> <CA+-cKyPPgsKsAWARw-nKEH5NgQeV+NkWfyiDK_aXQu0Vmh7sgQ@mail.gmail.com> <541a14ae-dd64-4fc9-ae61-ffd068dd2d08@gmail.com> <CA+-cKyMev6AH42LQcvcH07qtQSn4Vqw-JhV+vrvq3pQbZnq1mA@mail.gmail.com> <CAN-Dau0qCsteaPi_pFvSHoSBnC4Si0hizuyvEWbNjfQydhvDOg@mail.gmail.com> <CACyFTPGbp-EwOuZBLsgppNVtNPMuyAbtbG9H4zS-+RjgE2xRaw@mail.gmail.com> <CA+-cKyOk9GPJGrHrO-fqUnAuo9G5DGYU3=tuUEt4E30icyuVrg@mail.gmail.com>
In-Reply-To: <CA+-cKyOk9GPJGrHrO-fqUnAuo9G5DGYU3=tuUEt4E30icyuVrg@mail.gmail.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Sat, 26 Oct 2024 07:58:52 +0900
Message-ID: <CAKD1Yr3b63v8YibDR-KzJ3mwxuP9eq+iR6nPo-pg42MTXbsWmw@mail.gmail.com>
To: "Soni L." <fakedme+ietf@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000001e140506255511bc"
Message-ID-Hash: XHB7MUML2N4BDRGJFWHODY3U6A25FM7G
X-Message-ID-Hash: XHB7MUML2N4BDRGJFWHODY3U6A25FM7G
X-MailFrom: lorenzo@google.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-v6ops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Farmer <farmer=40umn.edu@dmarc.ietf.org>, IPv6 Operations <v6ops@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [v6ops] Re: 464XLAT-only networks
List-Id: v6ops discussion list <v6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/SKmM1qVV-BdPVsv93DnG50Y0e5w>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Owner: <mailto:v6ops-owner@ietf.org>
List-Post: <mailto:v6ops@ietf.org>
List-Subscribe: <mailto:v6ops-join@ietf.org>
List-Unsubscribe: <mailto:v6ops-leave@ietf.org>

You can apply it anywhere there is native IPv6. That's pretty common these
days.

For example, native IPv6 Is available to about 45% of Google users and 90%
of US mobile users, and many countries have IPv6 adoption rates well into
the double digits. In most countries it's possible to find either a
residential or mobile ISP that provides IPv6.

On Fri, 25 Oct 2024, 23:24 Soni L., <fakedme+ietf@gmail.com> wrote:

> Okay. You can learn IPv6, yes.
>
> ... And apply it where? Unlike IPv6, 464XLAT-only can be easily applied on
> existing IPv4 networks.
>
> On Fri, Oct 25, 2024, 11:00 Daryll Swer <contact@daryllswer.com> wrote:
>
>> David's analogy is a good one.
>>
>> Soni, all of this can take place inside GNS3, EVE-NG, containerlabs etc.
>>
>> That's how we learn networking in general in the absence of a dedicated
>> hardware lab (with or without IPv6).
>>
>> --
>> Sent from my iPhone
>>
>>
>> On Fri, 25 Oct 2024 at 6:17 PM, David Farmer <farmer=
>> 40umn.edu@dmarc.ietf.org> wrote:
>>
>>> Let me use the metaphor of flight training. You can learn to fly a plane
>>> in a simulator, but if the controls of the simulator are backwards. You are
>>> going to have a very hard time flying a real plane.
>>>
>>> If your goals for this are an environment to lean IPv6 in, which is what
>>> you seem to be saying. Then the IPv6 environment you are creating is so
>>> different from the normal IPv6 environment, I'm not sure it will be
>>> helpful, and it could very well be detrimental to the learners.
>>>
>>> I'm trying to keep an open mind, but I'm not seeing something very
>>> useful here, at least yet.
>>>
>>> Thanks.
>>>
>>> On Thu, Oct 24, 2024 at 15:13 Soni L. <fakedme+ietf@gmail.com> wrote:
>>>
>>>> for the record, the end result of a 464XLAT-only network is that it
>>>> ends up becoming a 464XLAT-enabled IPv6 network (eventually). there are no
>>>> security considerations beyond those that already apply to 464XLAT-enabled
>>>> IPv6 networks, it just happens to not have access to the IPv6 internet.
>>>>
>>>> 464XLAT-enabled IPv6 seems to be the recommended deployment strategy
>>>> for IPv6 these days, so despite the bastardization... it still works out in
>>>> the end.
>>>>
>>>>
>>>> On Thu, Oct 24, 2024, 16:43 Brian E Carpenter <
>>>> brian.e.carpenter@gmail.com> wrote:
>>>>
>>>>> In a few seconds I'll be putting this thread in a filter so that it
>>>>> will never trouble me again, but for now I'll just say that we originally
>>>>> invented 6to4 for such scenarios, and while it did help a bit when IPv6
>>>>> support was rare, it later became an operational nightmare and a security
>>>>> hole. It took years to exterminate. We should not repeat this.
>>>>>
>>>>> However, 6to4 within a university network that doesn't otherwise
>>>>> support IPv6 probably still works. I saw a case of that during 2023, caused
>>>>> by rogue behaviour in Windows Server 2008 and similar antiquities.
>>>>>
>>>>> Regards
>>>>>     Brian Carpenter
>>>>>
>>>>> On 25-Oct-24 01:45, Soni L. wrote:
>>>>> > maybe you're a student and your university is ipv4-only but you want
>>>>> to work with/make a practical ipv6 network as part of some project. this is
>>>>> the use-case for the "rogue" network (which would have to be approved by
>>>>> the university anyway). this would be the intended use-case for this cursed
>>>>> bastardization of ipv6...
>>>>> >
>>>>> > a lot of folks interested in ipv6 told us their university doesn't
>>>>> have ipv6. this might let them play with it in an university setting. ofc,
>>>>> gotta be careful about pissing off IT... (pissing off IT is probably
>>>>> ill-advised.)
>>>>> >
>>>>> > On Thu, Oct 24, 2024, 09:16 Gert Doering <gert@space.net <mailto:
>>>>> gert@space.net>> wrote:
>>>>> >
>>>>> >     Hi,
>>>>> >
>>>>> >     On Thu, Oct 24, 2024 at 09:15:04AM -0300, Soni L. wrote:
>>>>> >      > some providers still don't do ipv6, maybe you still want to
>>>>> migrate your
>>>>> >      > internal network to ipv6 to get it ready for future provider
>>>>> upgrades.
>>>>> >      >
>>>>> >      > or maybe you want to develop an ipv6-only consumer/SOHO
>>>>> router that works
>>>>> >      > on ipv4-only ISPs.
>>>>> >      >
>>>>> >      > or maybe you want to deploy a rogue ipv6-only network on an
>>>>> otherwise
>>>>> >      > ipv4-only organization, to prove a point.
>>>>> >
>>>>> >     None of these sound like anyone would want to do that...
>>>>> >
>>>>> >     Gert Doering
>>>>> >              -- NetMaster
>>>>> >     --
>>>>> >     have you enabled IPv6 on something today...?
>>>>> >
>>>>> >     SpaceNet AG                      Vorstand: Sebastian v. Bomhard,
>>>>> Ingo Lalla,
>>>>> >                                                 Karin Schuler,
>>>>> Sebastian Cler
>>>>> >     Joseph-Dollinger-Bogen 14
>>>>> <https://www.google.com/maps/search/Joseph-Dollinger-Bogen+14?entry=gmail&source=g>
>>>>>       Aufsichtsratsvors.: A. Grundner-Culemann
>>>>> >     D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
>>>>> >     Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > v6ops mailing list -- v6ops@ietf.org
>>>>> > To unsubscribe send an email to v6ops-leave@ietf.org
>>>>> _______________________________________________
>>>>> v6ops mailing list -- v6ops@ietf.org
>>>>> To unsubscribe send an email to v6ops-leave@ietf.org
>>>>>
>>>> _______________________________________________
>>>> v6ops mailing list -- v6ops@ietf.org
>>>> To unsubscribe send an email to v6ops-leave@ietf.org
>>>>
>>> _______________________________________________
>>> v6ops mailing list -- v6ops@ietf.org
>>> To unsubscribe send an email to v6ops-leave@ietf.org
>>>
>> _______________________________________________
> v6ops mailing list -- v6ops@ietf.org
> To unsubscribe send an email to v6ops-leave@ietf.org
>