IETF Logo Mail Archive

Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds

Kristian McColm <kristianmccolm@hotmail.com> Mon, 28 October 2019 09:18 UTC

Return-Path: <kristianmccolm@hotmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 822791200F7 for <v6ops@ietfa.amsl.com>; Mon, 28 Oct 2019 02:18:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.126
X-Spam-Level:
X-Spam-Status: No, score=-1.126 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n7oIxL6X2JUr for <v6ops@ietfa.amsl.com>; Mon, 28 Oct 2019 02:18:05 -0700 (PDT)
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-oln040092009025.outbound.protection.outlook.com [40.92.9.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D3D812003F for <v6ops@ietf.org>; Mon, 28 Oct 2019 02:18:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CCS5MMOxB+cE+7HKJVdrOlOooJX69w1EY/n8U8qiSzBABWNAely+cmaYxIIrMwynsT2Na7k5lmiJHFxUq6topuuxVZ1MimtzsghERLBLqFs7FJFpHAY+Vxo+5fKJorYXDeL5ByOuYYDrFyxuKbib4l71cEZUV7wgiBqLTLQrkGIsb5t8MgfgnDsYyUq/bXxeAqE0C0xVhSz7EGarZfwp7ZWsPYu/+U1f0zQpo47y6kAkN1HjEvOqyhaRKfInAi+AqvCk6iRO37J4q9hVYdGLO9uRYTtUf9s0CBwAD/hxfBpHD3RMVWsPsLnJDrOqepFUONaLUFqEm0dfuBekTyxAPQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UssSwXEmH1J6re0CBTF/km6EbAk/+d3wcKeJgTG6Cv0=; b=PxM+8HjXOn89lrupL4TSdMLdp7eBF2V/FMlF7NDCXvU+OGN4YX1jBnLvGI5kyI+Qo/NZzc06mBAcF5zOB5WScwWGhgFxyvsNXg6iw5ue8t78aatjDwHp6w6eASBdc+8ITN16+L4z4wpx4dlEa0m8WcO9VfcIWrZm8pK6PGtox1g8IACCOtmQNws6wi8ECHkiNvKpQd7sVH4nGVkBsHlh+LofcFqpeZWNPXSXPA2/xyMn7ih5+83n1/V6fJ6lGiVZYxwRZru71CPMrnYm2WJaFN7wC6Cv1c1SO+b9aMXnKuR6j402FskcTxPDpGgoFj7YysDl2Di4gnFw9THVxqTaxA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UssSwXEmH1J6re0CBTF/km6EbAk/+d3wcKeJgTG6Cv0=; b=qnGAE+nSUzx4TzCFN1SjEYls0pChSGg0rpY5Ftt+tI/xmyou18IVS8oWt83x1qHcAqPX+2tqH0OhtfzxygtNFoxK8euoJ9rj8/q7qViv2STNfKXJ22hbQmyGek7EpV0r525coAJHb/E12104lK6HMv2k8czmLRn3T6Hr3MNZ7l7dZZgmBGPddZ64trPEYR9Cd2dkOFm6TBqjjR2RDAKKywBp6sjjsTy3zA1sNlYPzEQegsvuml5rE6RqOaXHgIVEl1LezKsXUU47IknsuNe3D7Q8m30A8VKlCmzbkOlKI5S2oNUxQmeXMgAXU2D3giJrkfTh0ir8AvXeP6Jo8isVrA==
Received: from SN1NAM04FT033.eop-NAM04.prod.protection.outlook.com (10.152.88.56) by SN1NAM04HT106.eop-NAM04.prod.protection.outlook.com (10.152.89.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20; Mon, 28 Oct 2019 09:18:04 +0000
Received: from DM6PR04MB4009.namprd04.prod.outlook.com (10.152.88.53) by SN1NAM04FT033.mail.protection.outlook.com (10.152.88.101) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20 via Frontend Transport; Mon, 28 Oct 2019 09:18:04 +0000
Received: from DM6PR04MB4009.namprd04.prod.outlook.com ([fe80::7185:46b3:d5ae:62b3]) by DM6PR04MB4009.namprd04.prod.outlook.com ([fe80::7185:46b3:d5ae:62b3%5]) with mapi id 15.20.2387.025; Mon, 28 Oct 2019 09:18:03 +0000
From: Kristian McColm <kristianmccolm@hotmail.com>
To: Philip Homburg <pch-v6ops-9@u-1.phicoh.com>, "v6ops@ietf.org" <v6ops@ietf.org>
Thread-Topic: [v6ops] SLAAC renum: Problem Statement & Operational workarounds
Thread-Index: AQHVibO/i8YLMLGJDU2B6ep98TTbvKdoZH0AgAGe9YCAAaEQgIACS40AgAA1BICAAERiAIAACLiAgAATIoiAABa1AIAAQ5WGgAA/WYCAAKe9eIAABeLA
Date: Mon, 28 Oct 2019 09:18:03 +0000
Message-ID: <DM6PR04MB40091219BFAD0747049F87AEDD660@DM6PR04MB4009.namprd04.prod.outlook.com>
References: <m1iOinq-0000J3C@stereo.hq.phicoh.net> <44F39DE2-E142-4ED0-853E-2F3AAC6F4ADE@employees.org> <m1iOnqN-0000EpC@stereo.hq.phicoh.net> <ADCF08FD-1366-4CCB-984E-695D8E2AC2F8@employees.org> <m1iP0kt-0000GkC@stereo.hq.phicoh.net>
In-Reply-To: <m1iP0kt-0000GkC@stereo.hq.phicoh.net>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:E23E3B12AD18623D880AEC3C8948D5EDC5194C1C3B384273D6E954163C91BF8D; UpperCasedChecksum:626A953A2353FFEE58D4D55EF78B5D756D7A27CFF9D413D76D01D9CF894B08B2; SizeAsReceived:7181; Count:43
x-tmn: [0ya1+HpnZqKJmGyzPUJaOwSc0sDnRqGTJ1h6mYKgRplj3Krn+E9Nc94bcXpQpn0q]
x-ms-publictraffictype: Email
x-incomingheadercount: 43
x-eopattributedmessage: 0
x-ms-traffictypediagnostic: SN1NAM04HT106:
x-ms-exchange-purlcount: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wgtROBQGFTO8URmZekFSSZBbcl6A+Hn4OsYGLBFaV2SqtUiInX/SZZKAPSiBWpbsq18nXVkhS6LKFRpUTv/gpykJY8GwHo+N4yrDKvBvu4cnsSHQVCi4EpLtWaq8dLRd+J6aOcb+WbgS2cBCAdiO0ERwzw3U/NmhMVKqed22b841nSr4hFUFiHewCp2f+m7cxDPYESf4hau1u5xqA+hpF5EIgRRTon007od7CLkzOcI=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: ebf27b1f-326a-4377-d5b2-08d75b87bca5
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2019 09:18:03.9022 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1NAM04HT106
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/VhIPsY-RQD-i_kQF7UvqVLyvVEE>
Subject: Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2019 09:18:08 -0000

> For large ISPs, IPv4 NAT is also annoying from a network management point of view because it is not possible to uniquely number all devices in the network.

For cellular networks, NAT is also very expensive when we talk about CGN (both NAT44 and NAT64) and by simply deploying dual-stacked connectivity to your users you can immediately reduce CG-NAT requirement by around 60%, due to most cellular data traffic being to native IPv6 enabled sites like YouTube, Facebook, Instagram etc.

-----Original Message-----
From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Philip Homburg
Sent: October 28, 2019 04:52
To: v6ops@ietf.org
Subject: Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds

> The (only) value (sic) of IPv6 to end-users is retoration of end to 
> end connectivity at the network layer.

End users at not really part of the equation at the moment. Many people have tried to convince their ISPs to provide IPv6 and failed.

For home use, IPv6 is what you get when the ISP has decided that providing IP services over IPv6 instead of or next to IPv4 is worth it.

This is not my ideal world. But realistically, we live in a world that still has to transition away from IPv4. 

> I challenge you to find in the "real world" of end-users many with 
> much trust in the ad-based "you are the product" centralised services 
> in the current Internet.  IPv6 was meant to allow end-users to run 
> decentralized services.

This is a separate issue. The problem started when people paid for connectivity but assumed they paid for internet services. There are plenty of providers for mail, messaging, etc. where you are not the product. But very few customers are willing to pay extra for such services.

At the same time, where an ISP does provide stable addresses, most people find it hard to run services at home.

> - hidden primary DNS - mail - web - home-automation - video 
> conferencing - jabber

Many people have a more or less fixed IPv4 address. Setting up a few port forwards in a CPE is not that hard (and with IPv6, you have to do the same for the firewall in the CPE).

Yet very few people run these services at home.

Basically, the market value for those service at a residential home is zero.

> Assuming all the moving parts required were updated to support flash 
> renumbering (I have little proof they even support graceful 
> renumbering), if the end-user cannot trust the lifetimes in the 
> delegated prefix, DNS with TTL=1s is presumably the only choice?

ISPs that do flash renumbering, typically do that after a link down event.
Assuming those events are rare (and ISPs have an incentive to make them rare because it interferes with watching video), then a TTL of a few minutes should work.

> If making IPv6 no better than IPv4 + NAT, then stick with IPv4 + NAT.  
> IPv4 NAT scales very well as it turns out.
 
IPv4 NAT doesn't scale very well when law enforcement wakes up and find out that a single IP address means lots of different people at the same time.

IPv4 NAT also doesn't scale very well when it comes to bandwidth.

For large ISPs, IPv4 NAT is also annoying from a network management point of view because it is not possible to uniquely number all devices in the network.

Plenty of reasons for an ISP to move to IPv6 even if they don't care about providing end-to-end connectivity.

> We don't need IPv6 to maintain the status quo.

We are out of IPv4 addresses. There is a lot of demand for IPv4 addresses and the lack of them is a barrier against entry.

> And don't get me wrong, I'm all for making IPv6 addressing / onlink 
> behaviour more robust.  But not justified in this way that can be seen 
> to allow for practices that removes any benefit of IPv6 over IPv4/NAT.

The current internet has moved to lots of short lived flows. If we can tune systems that new address information propagates quickly, both on the local network and in DNS, then unstable prefixes could very well something we can live with.

In fact, we can also use the letsencrypt argument: by having short lived certificates letencrypt strongly encourages automating the whole process.
Lots of tooling popped up to support that model.

Right now we are stuck in a model where too many files are hand edited with address and prefix information. At the same time, everybody expects phones and laptops to seemlessly move between networks, picking up new addresses and removing stale ones as they move around.


_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email