IETF Logo Mail Archive

Re: [v6ops] Thoughts about wider operational input

Daniel Woititz <support@masteripv6.com> Thu, 24 March 2022 06:07 UTC

Return-Path: <support@masteripv6.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7440E3A0A6C for <v6ops@ietfa.amsl.com>; Wed, 23 Mar 2022 23:07:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=masteripv6-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GFlZhgMgngHf for <v6ops@ietfa.amsl.com>; Wed, 23 Mar 2022 23:07:36 -0700 (PDT)
Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com [IPv6:2607:f8b0:4864:20::644]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8E8B3A00E3 for <v6ops@ietf.org>; Wed, 23 Mar 2022 23:07:36 -0700 (PDT)
Received: by mail-pl1-x644.google.com with SMTP id e5so3712676pls.4 for <v6ops@ietf.org>; Wed, 23 Mar 2022 23:07:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=masteripv6-com.20210112.gappssmtp.com; s=20210112; h=from:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:in-reply-to; bh=jkpgb9UPPr/YaNb7PjRs2V5/ebRDV9t3+dzo6V5J2XA=; b=ckJnA+dmrwoclnCx/0HmM2jjIXzdBaxNVYS/bT7gHF/DramJfCo7nduy8WsI9hcFG7 QqN9sp6ic4EIwNAQty4h/pkRd+r2h742PkbhLQB3JZyw8woEXfN+0PC6oI3knrKWuWnU QQADkC9dWDnTGvdNtxYXKHnU2QDelCSAYZ8uAjWZmO4S9i/7F2xpu5WoZmndAiex1afP 5LNm7uDXeymOZyzlfpIhWtNrMXRIZmShZ6D7q/gAEULfwfmFTSmIyDLZjRXKtETt2aLz 8IbQLuH2O1MyM+Wh4hamDZAy1kOqVEo+etdO4wrs3kveuqCZGw9NJHZlCGmo10wKPtKm ozrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:date:mime-version:user-agent :subject:content-language:to:cc:references:in-reply-to; bh=jkpgb9UPPr/YaNb7PjRs2V5/ebRDV9t3+dzo6V5J2XA=; b=3jb1R5PSUKRLZftzKkJZZz/X37d9HND8Q6s8BVmMG1LN0t4lO5Xakqy1dRJ02VfAbG 9AATq6TTBmEiIHA3CFdevLMRaNfRTy/qVkPm1ZpRG2meL9AYwim78bHkBqkr1uLZDf40 9C1hkTAenvUZIUUkn/GamEmhqnS5fvjaDhPTwNhKzDV5DkugDIfd0XmOWSItqNwQWZmg x5tPkVxcD81PixnD7nlLYZAwdSy217zG3Y/LMEWtqFM7r7wRuAETzFJbn3/skHPqgN3o +fARVO9Tht0hg2gQ97zzf5rywfYSOutoLiZMPyuGESvIq52/pMGsg9mTv1y5VBU5HD6C Xavw==
X-Gm-Message-State: AOAM532mrWIHlQ5lIGeOG+Y2epTIHEXGmtH2IlL8oAXoIoFzAoSHf3Z0 cK9jkdL4A2TO3WUekFXSKDzrMsF8mIgYN5hq
X-Google-Smtp-Source: ABdhPJzzRp0+X7hDpKmBAUqBx/mEbRR/Xt3sb+nfouXF6iKGiP4kE8HXxBrnQvagNBiSY1HPp3QFrg==
X-Received: by 2002:a17:902:be18:b0:153:2444:9c1a with SMTP id r24-20020a170902be1800b0015324449c1amr4144761pls.152.1648102055138; Wed, 23 Mar 2022 23:07:35 -0700 (PDT)
Received: from [10.112.0.6] ([94.177.118.111]) by smtp.gmail.com with ESMTPSA id k22-20020aa788d6000000b004faba984f62sm1760808pff.67.2022.03.23.23.07.32 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 23 Mar 2022 23:07:34 -0700 (PDT)
From: Daniel Woititz <support@masteripv6.com>
X-Google-Original-From: Daniel Woititz <Support@MasterIPv6.com>
Content-Type: multipart/alternative; boundary="------------VST7X5K0Ipb0ICeraWcuvkNS"
Message-ID: <026460e6-e2a2-1b48-a9c0-3596985cb3d5@MasterIPv6.com>
Date: Thu, 24 Mar 2022 14:07:29 +0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0
Content-Language: en-US
To: buraglio@es.net, Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: v6ops@ietf.org
References: <52661a3d-75dc-111a-3f23-09b10d7cb8d4@gmail.com> <A72CDDDB-CDCE-4EAF-B95E-997C764DB2C4@gmail.com> <9175dc32-45c1-e948-c20a-3bcc958b77b9@gmail.com> <YjmJQMNgnJoSInUw@Space.Net> <fd17a91f-68dc-92b5-0544-51aefa1b7f08@gmail.com> <CAM5+tA-Wq5O4pjQ++VZQi-FTKZGMRAW-LFc6O5dPOyox4QZDEw@mail.gmail.com> <CAPt1N1mK=Xgtt+aYa4ga8YqK2XYhCdQUPrwgVU8xstH+F_RAfQ@mail.gmail.com> <CAM5+tA9zhMpJ1s8keoL8eoEMej5tOM=-imXypHEreUa3wOrt5Q@mail.gmail.com> <2959747f-7b2e-ba95-64ae-95794fa8c4eb@gmail.com> <CAM5+tA8FqinJ0KNw7TuMEZ346bw+LStjGAY=gp7WwrRtii04cg@mail.gmail.com> <bd2eca50-b33b-2075-2e5b-83adc3bd713c@gmail.com> <CAM5+tA9eYqoGk2dmTDQ+GC6XyMaoYX6wndmedbKwg8oyyA_B8g@mail.gmail.com>
In-Reply-To: <CAM5+tA9eYqoGk2dmTDQ+GC6XyMaoYX6wndmedbKwg8oyyA_B8g@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/bmh4wPEeCT66yZBTlETW7bpLhcg>
Subject: Re: [v6ops] Thoughts about wider operational input
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2022 06:07:50 -0000

Hi Nick,

Is it the right place to do so?
I think so. The technology needs to be useful. Even though the IETF is non-profit, the users should be thought of as customers. Learn customer needs and then work from there. maybe we should used the word "consumer" instead of "customer".

How can the IETF provide guidance that fills that gap?
This, and probably many other items, would go back to the answer above. Who and how are the major consumers of the product. How to best cater to them?

On 3/23/22 9:52 PM, Nick Buraglio wrote:
> The point I am trying to make is to address the initial question about
> enterprise deployment of IPv6. The fact that we are talking about
> manually changing the behavior of an off the shelf operating system,
> and that the behavior may be inconsistent at best and incorrect at
> worst across said systems /is/ the impediment. As Chongfeng states
> further up the thread, there is a sizable gap between IETF and
> enterprise deployment, where "enterprise" is defined as somewhere that
> the network is a cost center that enables their business.
> My counter-questions are these:
> How can the IETF provide guidance that fills that gap?
> Is it the right place to do so?
>
> nb
>
> On Tue, Mar 22, 2022 at 5:41 PM Brian E Carpenter
> <brian.e.carpenter@gmail.com>  wrote:
>> Nick,
>>
>> I'm familiar with RFC6724. It says this:
>>
>> "  Another effect of the default policy table is to prefer
>>      communication using IPv6 addresses to communication using IPv4
>>      addresses, if matching source addresses are available."
>>
>> That seems to be incorrect. To make it true, the entry should be
>>
>>    fc00::/7              39    13
>>
>> if I have that right. That would still give precedence to GUAs
>> if available. 41 would give precedence to ULAs.
>>
>> Regards
>>      Brian Carpenter
>>
>> On 23-Mar-22 10:04, Nick Buraglio wrote:
>>> In RFC6724 section 2.1 states:
>>>
>>> If an implementation is not configurable or has not been configured,
>>> then it SHOULD operate according to the algorithms specified here in
>>> conjunction with the following default policy table:
>>>
>>>         Prefix        Precedence Label
>>>         ::1/128               50     0
>>>         ::/0                  40     1
>>>         ::ffff:0:0/96         35     4
>>>         2002::/16             30     2
>>>         2001::/32              5     5
>>>         fc00::/7               3    13
>>>         ::/96                  1     3
>>>         fec0::/10              1    11
>>>         3ffe::/16              1    12
>>>
>>> https://datatracker.ietf.org/doc/html/rfc6724#section-2.1
>>>
>>> Linux is /theoretically/ configurable but implementations are
>>> inconsistent. Even so, changing this at scale is operationally
>>> impossible and would present as a huge impediment for any deployment
>>> of size. My experience has been that most implementations have taken
>>> the "...implementation is not configurable" approach, and that has
>>> become the de facto standard. Again, if we are talking about
>>> impediments to enterprise deployment, this is on the list. It is
>>> unrealistic to expect or require a sweeping change to a protocol
>>> default by a random enterprise deployment team. We went quite deep in
>>> this thread back in August of 2021 on this list. I am also happy to be
>>> wrong here.
>>>
>>> nb
>>>
>>> ---
>>> Nick Buraglio
>>> Planning and Architecture
>>> Energy Sciences Network
>>> +1 (510) 995-6068
>>>
>>>
>>> On Tue, Mar 22, 2022 at 3:48 PM Brian E Carpenter
>>> <brian.e.carpenter@gmail.com>  wrote:
>>>> Nick,
>>>>
>>>> Where is the "prefer IPv4 over ULA" preference coded (whereas, presumably, "prefer IPv4 over GUA" is not coded)?
>>>>
>>>> Regards
>>>>       Brian Carpenter
>>>>
>>>> On 23-Mar-22 09:35, Nick Buraglio wrote:
>>>>> Yes, I know I have harped on this many times and have posted some simple examples of the behavior to the list. My experience has been, and continues to be, that if I have dual stacked hosts with A and AAAA records, and the IPv6 clients are using ULA that IPv6 is never used. In an IPv6-only environment ULA has no higher priority protocol to supersede the ULA. In the context of transitioning to an IPv6 world, it is fairly unrealistic to assume any kind of greenfield, and dual-stack
>>>> is by and large the standard "permanently temporary" solution for the vast majority of implementations. So in this context, which has been 99% of what I have seen until I began working on the IPv6-only implementation
>> mandated by the USG OMB-M-21-07 document, that was the de facto standard (and will continue to be for enterprise deployments, in my opinion).
>>>>> I would be happy to be incorrect about this, honestly it would make my work-life easier if I was. So, yes, I fully acknowledge that your use case is absolutely the right one for ULA. For doing a transition in an existing network (which circles back the the original topic of this thread: getting enterprises to use IPv6 in a meaningful way), this is a really
>>>> well put together descriptions of the every-day implications of trying
>> to use ULA:
>>>>> https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networks/  <https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networks/>
>>>>>
>>>>> nb
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Mar 22, 2022 at 3:20 PM Ted Lemon <mellon@fugue.com  <mailto:mellon@fugue.com>> wrote:
>>>>>
>>>>>       I'm sure you believe this assertion, Nick, but you haven't given
>> us
>>>> any way of understanding why you believe this. In fact we're using ULAs in the Thread Border Router to enable IPv6 communication between different
>>>> subnets, which literally could not be done with IPv4. So at least for this use case, ULAs work well. Would it work better to have a GUA? Comme ci comme ça. On the one hand, prefix delegation and real routing would make the solution more general. On the other, GUAs are great for reaching
>>>> out to the internet, which we may or may not want light bulbs to be able to do.
>>>>>       On Tue, Mar 22, 2022 at 9:13 PM Nick Buraglio <buraglio@es.net  <mailto:buraglio@es.net>> wrote:
>>>>>
>>>>>           ULA is an operational non-starter in the presence of any dual stacked hosts.  Per its design, it just won't ever use IPv6 in any meaningful way and that time and effort are better served on adding GUA addressing of one kind or another.
>>>>>
>>>>>           nb
>>>>>
>>>>>
>>>>>
>>>>>           On Tue, Mar 22, 2022 at 2:55 PM Brian E Carpenter <brian.e.carpenter@gmail.com  <mailto:brian.e.carpenter@gmail.com>> wrote:
>>>>>
>>>>>               Hi Gert,
>>>>>
>>>>>               I see that the discussion has been going on while I was sleeping, but I want to clarify below...
>>>>>               On 22-Mar-22 21:30, Gert Doering wrote:
>>>>>                > Hi,
>>>>>                >
>>>>>                > On Tue, Mar 22, 2022 at 11:42:12AM +1300, Brian E Carpenter wrote:
>>>>>                >> I agree with Jordi that multihoming is a genuine impediment. What isn't generally realised is that it's a problem of scale when considering at least 10,000,000 enterprises, much more than it's a problem of IPv6 itself.
>>>>>                >
>>>>>                > What is "an enterprise"?
>>>>>                >
>>>>>                > My stance on this is that for "largely unmanaged SoHo
>> networks" - which
>>>>>                > could be called "small enterprise" - dual-enduser-ISP
>> with dual-/48 or
>>>>>                > NPT66 gets the job done in an easy and scalable way (HNCP would have
>>>>>                > been great, but IETF politics killed it).
>>>>>                >
>>>>>                > "Enterprise that truly need their own independent fully managed network
>>>>>                > with multiple ISP uplinks and fully routed independent address space"
>>>>>                > are probably way less than 10 million...
>>>>>
>>>>>               I came up with 10 million quite some years ago as a reasonable estimate
>>>>>               of the number of medium to large businesses in the world, all of which
>>>>>               might depend on *reliable* Internet access to survive (and WfH during
>>>>>               COVID has made this even more important recently). So all of them
>>>>>               should have two independent paths to the Internet to assure
>>>> reliability.
>>>>>               That means two different ISPs (or less good, two completely
>>>> independent
>>>>>               paths to the same ISP).
>>>>>
>>>>>               So, if PI addressing is the answer, that really does take us to
>>>>>               10M /48s to be routed.
>>>>>
>>>>>               If PA is the answer, that's why I worked on SHIM6 (may it rest in
>>>>>               peace). Which is why I worked on RFC 8028. If that's not
>> the
>>>>>               answer, we're back to NPTv6. Possibly even to ULA+NPTv6.
>>>>>
>>>>>                > Half of them do not want Internet access anyway, just
>> access to their
>>>>>                > ALGs that will do the filtering and TLS inspection and everything, and
>>>>>                > then out to the Internet as a new TCP session (= could
>>>> be done with
>>>>>                > DMZ islands of upstream-provider-allocated space just
>> fine).
>>>>>                >
>>>>>                >
>>>>>                > We need to work on our marketing regarding multihoming.  "What is it that
>>>>>                > you get, what is the cost, which of the variants do you want, and why...?"
>>>>>
>>>>>               Yes.
>>>>>                    Brian
>>>>>
>>>>>               _______________________________________________
>>>>>               v6ops mailing list
>>>>>               v6ops@ietf.org  <mailto:v6ops@ietf.org>
>>>>>               https://www.ietf.org/mailman/listinfo/v6ops  <https://www.ietf.org/mailman/listinfo/v6ops>
>>>>>
>>>>>           _______________________________________________
>>>>>           v6ops mailing list
>>>>>           v6ops@ietf.org  <mailto:v6ops@ietf.org>
>>>>>           https://www.ietf.org/mailman/listinfo/v6ops  <https://www.ietf.org/mailman/listinfo/v6ops>
>>>>>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
-- 

Thank you,

Danny Woititz
Founder and Primary Author of MasterIPv6.com <https://www.MasterIPv6.com>

v2.23.0 | Report a Bug | By Email