IETF Logo Mail Archive

Re: [v6ops] Are we competitive?

Clark Gaylord <cgaylord@vt.edu> Mon, 15 August 2022 11:59 UTC

Return-Path: <cgaylord@vt.edu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 405EFC1524A5 for <v6ops@ietfa.amsl.com>; Mon, 15 Aug 2022 04:59:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=vt-edu.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2FaB8jfF_Adz for <v6ops@ietfa.amsl.com>; Mon, 15 Aug 2022 04:59:11 -0700 (PDT)
Received: from mail-il1-x134.google.com (mail-il1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CBCFC1524A0 for <v6ops@ietf.org>; Mon, 15 Aug 2022 04:59:11 -0700 (PDT)
Received: by mail-il1-x134.google.com with SMTP id t15so3677652ilm.7 for <v6ops@ietf.org>; Mon, 15 Aug 2022 04:59:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vt-edu.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=ZmGZs/iIdDHEU1CqtP1ubFn77V/CXNepBRjYPXtx5C8=; b=V9cwxJnR76vH8v++1y6VfvutRExrwsq747cPCuMSgLTbYqs7BVgfAqI9BM28VTUbsA jsAJZxGpONvPlpWmJFGTPZLxN5S+BqWGN4HuLZ6UTkK6xpRwaHXsO64BXzM4Fm6gs8tU Ba/uYfuzw2ByTX91TUiEOyZs+9KBacesMorUnyXmP4bfpLmgpNU+DLD2ErjYGyfmkqrV 7lodUw5msLutJ+AvvwekBxLL572MrRoJWSl+CgpZnIQPErxhU0L05OTEyo+MtHk6+8Zw +KZO0aG4phkWaE+IGSkcw6WCmjNlw3mt5sxV+Wv7lPabCbGwz9CtayI4oCN4Xwrm0PkR 57FA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=ZmGZs/iIdDHEU1CqtP1ubFn77V/CXNepBRjYPXtx5C8=; b=k0U0EyBjRvkAF3hslgpKoTAxgASVHRH2NjZkwuxoBznRkN5FRiR17rxzob3X8PsMle 368m2y8/p/HSVyWwZ9Q4Elgda9RHmaqky8ARW02wkJMIU+oaMwEH4msGTgUfG/l2VWJL C2Iu419Sbhpz38B0Q0BJ2HFLpWLbDrwL04S3CDYeylQhtb/JT8xZvgOjJS/QZwZ5zWAt 8B0LjWKKxI+VCR8vZxFkACpEYCDGgv4+r490FSD9gmr5cGqMrKA/OwmkHgr9vX8Nmb91 +hIKQ7LmNuNKJPAZzKUWSvQ6KXQHc1P/os0vhzMHTOnLV2BxdjWZiFnzs0bHk+2RwO72 yyJg==
X-Gm-Message-State: ACgBeo3HR6tojCsnnHTg/6Pl8V/e07TyykPVsz4U6QasFII7tDvI14LE Sr8ZXwDAAKLgq9K8YhN7G0/RusiHEcGn3RFUAZf3Sw==
X-Google-Smtp-Source: AA6agR5BeM2XShbjc8Bb29Tfvjppv2IPIb3uXigU9NDg1vtXCgUD1Qb8dEfomG83UZXQB6F/k7R0hiaBNlYBjkguQ+w=
X-Received: by 2002:a05:6e02:2167:b0:2e5:cb31:f453 with SMTP id s7-20020a056e02216700b002e5cb31f453mr1291522ilv.179.1660564750193; Mon, 15 Aug 2022 04:59:10 -0700 (PDT)
MIME-Version: 1.0
References: <CAM5+tA8UF-3ZHkE0npZ0r5sDQ+FudTSPhpWns1BsPCk=NecX+Q@mail.gmail.com> <7e4606c4534c49a593863bda870b6e63@huawei.com> <3f138b03-940a-e83a-6c6e-6039506b6e4b@gont.com.ar> <10f89b7cbe784881bd22b4af81577aa6@huawei.com> <CAN-Dau0nz0TouDnz5pei0MCmTzSbP8q+gHLx1m0sxX0hsuPX3w@mail.gmail.com> <b9f33aa499b043bb90ff926731db9739@huawei.com> <b885bdd4-d837-1eda-9614-36c76190d920@gont.com.ar> <a6975472445f49018abab153fa61b399@huawei.com> <YvoaJ+IJdl/VXYLj@Space.Net> <1cdf7569a11d43e2b4fdd8675b657e42@huawei.com> <YvoilaQfj40uYI5X@Space.Net>
In-Reply-To: <YvoilaQfj40uYI5X@Space.Net>
From: Clark Gaylord <cgaylord@vt.edu>
Date: Mon, 15 Aug 2022 07:58:57 -0400
Message-ID: <CADzU5g6w4=W8mAwpaCDQM0D=HVEN-OaWpVAwguKpL_kTELMMsw@mail.gmail.com>
To: Gert Doering <gert@space.net>
Cc: Vasilenko Eduard <vasilenko.eduard@huawei.com>, IPv6 Operations <v6ops@ietf.org>, Fernando Gont <fernando@gont.com.ar>
Content-Type: multipart/alternative; boundary="0000000000000ff0dd05e6465c66"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/Z5Dij-BUpp6XXrwfY4J2SQnrhjU>
Subject: Re: [v6ops] Are we competitive?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2022 11:59:15 -0000

I would century that the vast majority that say they are tracking/logging
NAT tables today are lying. Tracking all temporary addresses from the
ipv6NetToMediaTable is more transparent, more scalable, and (comparatively)
blindingly easy. Yes your netdisco (or equivalent) table will be bigger;
it's still completely manageable(*). Reasserting the end-to-end principle
should be a major objective, not replicating legacy antipatterns.

There's plenty of room for those who want to do NAT66 etc; it should not be
the recommended best practice.

--ckg

(*) I recognize most shops don't have full logging of ipv6NetToMediaTable
etc, either, but that is generally more tractable and more important from a
security perspective IMO.

On Mon, Aug 15, 2022, 06:40 Gert Doering <gert@space.net> wrote:

> Hi,
>
> On Mon, Aug 15, 2022 at 10:37:39AM +0000, Vasilenko Eduard wrote:
> > Hence, temporary addresses are needed.
>
> Temporary addresses are mostly a no-go for enterprise environments.
>
> People do not want to pay for privacy *in* the enterprise network - that
> stuff gets in the way of auditing, reverse DNS and all, and just adds
> hassles.
>
> Gert Doering
>         -- NetMaster
> --
> have you enabled IPv6 on something today...?
>
> SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael
> Emmer
> Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
> Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email