IETF Logo Mail Archive

Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]

Michael Sweet <msweet@msweet.org> Fri, 29 April 2022 15:26 UTC

Return-Path: <msweet@msweet.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46B47C15ED77; Fri, 29 Apr 2022 08:26:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=msweet.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CdYl-LDTJ7AY; Fri, 29 Apr 2022 08:26:18 -0700 (PDT)
Received: from mail.msweet.org (mail.msweet.org [173.255.209.91]) by ietfa.amsl.com (Postfix) with ESMTP id CE187C15ED5E; Fri, 29 Apr 2022 08:26:18 -0700 (PDT)
Received: from smtpclient.apple (cbl-66-186-76-47.vianet.ca [66.186.76.47]) by mail.msweet.org (Postfix) with ESMTPSA id AEA3C81BF2; Fri, 29 Apr 2022 15:26:17 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.msweet.org AEA3C81BF2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=msweet.org; s=default; t=1651245978; bh=YjRNKCMcoG3ZVwquYA7N5FYFlxp81R2DWaaal6S3VzM=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=CoZiHaqMvRV2/sK2ne6CUGtZ790iVtnKh2b0f15uU//1uIrMXxEC3F6lOXPnJG4uk 9qShmJ0RE5iTvMuFW1jRwm/VUo7oN0SzB6w22oDhsl3nX0oIKj4L6mDFykx1sZEazF 2uMGQ4QT/7Nt2jdH8TxzCm2Og/Gf7lXPoxg1shK8=
Content-Type: multipart/signed; boundary="Apple-Mail=_73F1B6F8-A926-462A-8A63-AEDE19D4307C"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\))
From: Michael Sweet <msweet@msweet.org>
In-Reply-To: <CAM5+tA__Gegt5fR1UFwshm7DKDVMDpFsJK2jMG6Z6Yo79Noc3A@mail.gmail.com>
Date: Fri, 29 Apr 2022 11:26:15 -0400
Cc: Ed Horley <ed@hexabuild.io>, David Farmer <farmer=40umn.edu@dmarc.ietf.org>, Xipengxiao <xipengxiao=40huawei.com@dmarc.ietf.org>, v6ops list <v6ops@ietf.org>, 6man list <ipv6@ietf.org>
Message-Id: <1053AA33-FBDC-4EEF-AD16-5710098FBA72@msweet.org>
References: <CAM5+tA8WvjvWirxqE6kQ9LQAG0NcpWyCLGVooB=G7gZ9ETb2zQ@mail.gmail.com> <20220424172743.GA218999@fg-networking.de> <CAKD1Yr1v0Tkh+pWD-ts=PL3gZf7Qj6OHW6Cuvj8iGcSSMibjew@mail.gmail.com> <0afe25f5-52b7-a438-0696-cf8b0a83c2dc@gmail.com> <BN8PR07MB70760D9693580F5BDCB61DD995F89@BN8PR07MB7076.namprd07.prod.outlook.com> <CAKD1Yr3Z9wGQ+uiA2WcW00MrOiLyHs+bSoFjHVtrixCi2qp4DA@mail.gmail.com> <BN8PR07MB7076A6456CAB48EF428D6E8695F89@BN8PR07MB7076.namprd07.prod.outlook.com> <65d0d9ac-77fc-c200-09e3-0c3949ca1541@gmail.com> <CAN-Dau2FS99ewfgH8xk-jSJFCnO92CJV9ZC98DUE2UDR7V1Eww@mail.gmail.com> <CANMZLAYbpZBDA8uFnJqfWfWTQ4S9RN4a-DqWe36qzfAfDtXiQA@mail.gmail.com> <CAN-Dau0BjRR2_7xz38DpJsz0Y=Z_8bV5n-=Eh1QUVEDzqVxmaA@mail.gmail.com> <CAPt1N1=H=eAyRu0JcHnLpZEUizDZ4Kj0VwPu=0nM=Wn+y3Ho1w@mail.gmail.com> <CAM5+tA_4rtSkgEuRUFZ2LYr6i8a7vWeKODYieVARF3RbRvgRww@mail.gmail.com> <BN8PR07MB7076DE3E745CB916FB81879595FA9@BN8PR07MB7076.namprd07.prod.outlook.com> <ADAE42CE-448F-42F5-89BE-692F493E2DC8@consulintel.es> <CAM5+tA_ksJ+agY1tze1-zPHLsgYFgjEYtnuPs+ffZbnRqiHytw@mail.gmail.com> <BAD082DA-0958-4926-B3E5-4E4599A75078@consulintel.es> <BN8PR07MB7076564E50C0DAFBFAB950FD95FA9@BN8PR07MB7076.namprd07.prod.outlook.com> <CAPt1N1ncVkekecS=dBHSR3WtaEMruy55Udxy0WSMGTgbN24pKw@mail.gmail.com> <CAM5+tA8-Zqka-vZ9jRL3wn0dtfuJj0ECx_k9prwyS2ypisaPtw@mail.gmail.com> <FB031B76-7E88-4824-876F-D1A05F8D2215@thehobsons.co.uk> <CAFU7BAST-oNGpy4JvODDsf=8eS69hV8XCi8OgEHBkkoujRN3Rw@mail.gmail.com> <699f556a3eac41179a80d2cc8749a191@huawei.com> <CAO42Z2wiebCOPmtcEOJ3rOaZEpHE7qFZZTf5KLWybSsL6rOd9Q@mail.gmail.com> <CAN-Dau1FV-uEkX1S7vOEVxggjcNvUVTmokPAEOiapxPTySN-vw@mail.gmail.com> <CAPt1N1mk8Qv1anXohCJaiH0WWn-BkS4mr=ffyF0cCaE7CM314w@mail.gmail.com> <CAE=N4xf_wRPQeChkfXWxj7+Do8jp2U6hDtjH+-RUNis+ynMRbQ@mail.gmail.com> <CAM5+tA__Gegt5fR1UFwshm7DKDVMDpFsJK2jMG6Z6Yo79Noc3A@mail.gmail.com>
To: buraglio@es.net
X-Mailer: Apple Mail (2.3696.80.82.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/b5VzOu8Nnzq44h0xdirmlPtKyOI>
X-Mailman-Approved-At: Fri, 29 Apr 2022 09:59:00 -0700
Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Apr 2022 15:26:23 -0000

FWIW, I agree with the observations in draft-burgalio-v6ops-ula.  I can only assume the current RFC 6274 priority wording was a pragmatic compromise based on then-current usage of mixed networks, but now we have more real-world experience to apply to the problems.

One tiny bit of feedback - it might be useful to spell out ULA (Unique Local Address) in this document, to prevent confusion for those of us that suffer from multi-organizational alphabet soup syndrome... :)


> On Apr 29, 2022, at 11:09 AM, Nick Buraglio <buraglio@es.net> wrote:
> 
> 
> On Fri, Apr 29, 2022 at 10:00 AM Ed Horley <ed@hexabuild.io> wrote:
> To bring things back into focus. I believe the goal of the submitted informational draft was to identify the "Unintended Operational issues with ULA" (which is the title of the draft) so that it was clear what structural problems exist with ULA currently. It does not propose any fixes, I believe that would be a separate but important discussion (well, a yelling match apparently). I am specifically interested if anyone has any documented and verifiable configurations that either counter the points made, disprove the points made, or prove false the points made in the submitted draft. For those that have not read it yet you can find it here:
> https://datatracker-ietf-org.lucaspardue.com/doc/draft-buraglio-v6ops-ula/
> or
> https://www.ietf.org/id/draft-buraglio-v6ops-ula-01.html
> 
> Once we agree on what the problem space is, I believe it makes it a bit easier to talk about what to actually fix, if anything. I believe that was the goal Nick had originally with this, but he can confirm that I imagine.
> 
> Exactly this. The draft was intended to identify a gap, a problem space that we encounter fairly frequently in the work I am doing at the moment. It is *not* intended to condone address translation, to hasten NAT66, or to solutioneer anything. That part should come after we agree that there is in fact a problem space as defined in the draft.
> 
> To bring this back to a very simple yes or no question, does anyone disagree with, or have recent experience that is counter to the draft?
> If the answer is that "yes, we have data that shows that this draft is incorrect", let's talk about that.
> 
> nb
> 
> 
> - Ed
> 
> On Fri, Apr 29, 2022 at 7:38 AM Ted Lemon <mellon@fugue.com> wrote:
> The difference is that NAT44 made things better. NAT66 arguably doesn’t. Pretty clearly there is a better alternative for the specific pci case we’ve been discussing.
> 
> This doesn’t mean people won’t do nat66 out of habit anyway, but it will cost extra and add no value, so I don’t see any reason why it would become and remain a best practice.
> 
> On Fri, Apr 29, 2022 at 10:16 David Farmer <farmer=40umn.edu@dmarc.ietf.org> wrote:
> 
> 
> On Thu, Apr 28, 2022 at 6:02 PM Mark Smith <markzzzsmith@gmail.com> wrote:
> On Fri, 29 Apr 2022 at 07:37, Xipengxiao
> <xipengxiao=40huawei.com@dmarc.ietf.org> wrote:
> 
> > My point is, given PCI DSS 4.0 (what Jen wrote as PCR DSS 4.0), we should tell enterprises they no longer need NAT. But if some enterprises still insist, respect their decision.
> 
> Ignore them. IPv6 doesn't solve any problem they have, and adding NAT
> to IPv6 still won't solve any problem they have, because IPv6 still
> won't solve a problem they have.
> 
> ...
> 
> Even government mandates to get enterprises to adopt a networking
> protocol don't work - the Internet is supposed to be running CLNS by
> now as mandated by governments around the world. (I expect Vint Cerf
> was being nice while working on this rather than truly believing OSI
> would take over.)
> 
> Explaining the Role of GOSIP
> https://www.rfc-editor.org/rfc/rfc1169.html
> 
> 
>  It's more important to get enterprises to use IPv6 ASAP, than to
> insist that they use the "right" IPv6 solution.
> >
> 
> Why is it important to get enterprises to use IPv6 ASAP?
> 
> 
> Regards,
> Mark.
> 
> Ignore credit cards and enterprises, that's your advice for IPv6?
> 
> So, no one using IPv6 wants to get paid for anything? Or, are you suggesting we maintain a quaint IPv4 network in the corner, so we can do credit cards and can get paid?
> 
> As for enterprises, Google and AWS are enterprises, are you suggesting they should be ignored too? Most of the valuable things on the Internet are run by enterprises.
> 
> Supporters of IPv6 need to very much care about enterprises; We need them to make their content available via IPv6. We need them to enable IPv6 on the Internet-facing parts of their networks.
> 
> Do we need them to enable IPv6 on their internal networks, maybe or maybe not. However, if enterprises are not comfortable with IPv6 why would they enable their content over IPv6?
> 
> I'm not suggesting we have to do NAT66 or even NPTv6, however, I think we should have something to tell those doing NAT44 today and want to maintain an internal private network. Maybe ULA with application gateways and proxies instead of NAT. But I don't think the internal private network model is just going to go away, too many people are comfortable with it.
> 
> Furthermore, ignoring NAT44 from a standardization point of view worked so well the last time. "Ignore them, and they will go away," didn't work last time and it's not going to work this time either.
> 
> Thanks
> 
> 
> --
> ===============================================
> David Farmer               Email:farmer@umn.edu
> Networking & Telecommunication Services
> Office of Information Technology
> University of Minnesota
> 2218 University Ave SE        Phone: 612-626-0815
> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> ===============================================
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
> 
> 
> --
> Ed Horley
> ed@hexabuild.io | (925) 876-6604
> Advancing Cloud, IoT, and Security with IPv6
> https://hexabuild.io
> And check out the IPv6 Buzz Podcast at https://packetpushers.net/series/ipv6-buzz/
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
> ᐧ
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

________________________
Michael Sweet

v2.23.0 | Report a Bug | By Email