IETF Logo Mail Archive

Re: [v6ops] Thoughts about wider operational input

Ted Lemon <mellon@fugue.com> Tue, 22 March 2022 21:10 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44D2D3A0598 for <v6ops@ietfa.amsl.com>; Tue, 22 Mar 2022 14:10:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PYEA8sheHxQT for <v6ops@ietfa.amsl.com>; Tue, 22 Mar 2022 14:09:59 -0700 (PDT)
Received: from mail-oi1-x232.google.com (mail-oi1-x232.google.com [IPv6:2607:f8b0:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3C013A0123 for <v6ops@ietf.org>; Tue, 22 Mar 2022 14:09:59 -0700 (PDT)
Received: by mail-oi1-x232.google.com with SMTP id q189so20799646oia.9 for <v6ops@ietf.org>; Tue, 22 Mar 2022 14:09:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/6ireD20RC11accIRanRhrVb28Vj93fZkYOnVe+SaHg=; b=Tpv2WLio1aSLnaLIkGMvNJv1XlCeiAzerMEEV34u9EslIseWmXn2JubAMecNFl9Uxd DnnfBgac9QK4OuB/w8OfE7+H/y4/3gJVQfBsWWp3gUK1zUZEenBK1fgc/n42vyAjDszS nRQuBEcYCvjo79mKnnY2BPXsSg1msvp9TivNS7jK0PtQFjar1mbnc6LJavjU3Wpcvfg3 L1jeFl38zFTlbxWqmNPeKvu0h6Y+Wx+hjUsaTWibFadnEJ7Bj2uuTiCx78eIP3gwfiNO CJ16KyEntGIST05V9Q9fuDhb88ZkHUfDkLY+Fj4IcdBHaUPTxDD8QRlB+WdiENyBCvtF 3dSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/6ireD20RC11accIRanRhrVb28Vj93fZkYOnVe+SaHg=; b=frx6vsFQNWcBKE0xOPBlrhAmNlSGmCdVYS2Xz7HtU5G+rOtL4LYH7SXuHTSfqskouW A/i3i0kWr9OedoobDa+8gJcu6aY78mNyGc4tj4IfJuU8G9d539B8o7kGWmxE9wEjOvx0 /S2ONmPF23nHmpb9WkGYpeSAQLrlFDGzWeKIgsfhxDiUMh9bJTaltKjEHaj6NJTJZgI9 cslr7vVirXvfGUxIDyTXyGwO+vcu9b9XAidH/AMOHm0AwwlFAFYShLBpsh/xRoqMPuXd o0yfrqjq9UDgM+LU4BRDRW1euC06iXM0AQs0tn1TtmlG/dAKGc0FL5hiKV5v+N+DDkMT 5e3g==
X-Gm-Message-State: AOAM530arWLlr2eU/jJZcAOqtY4BV0HMrGnDUcguyifFxHnF8XX9RHbi QqPzM8S+zc5V0cFpwAL7d3lD6xM9ZvkxRRIMR3LKHA==
X-Google-Smtp-Source: ABdhPJyX86bZWtVRHznn1mGLfpH3tO3mdbukXPljWpbWj545VYQlxAEnkKBiSFyOL1QYAb0JOx3Kib6NYJvhPqIMce8=
X-Received: by 2002:aca:1919:0:b0:2ec:b56e:6932 with SMTP id l25-20020aca1919000000b002ecb56e6932mr3011987oii.209.1647983398289; Tue, 22 Mar 2022 14:09:58 -0700 (PDT)
MIME-Version: 1.0
References: <52661a3d-75dc-111a-3f23-09b10d7cb8d4@gmail.com> <A72CDDDB-CDCE-4EAF-B95E-997C764DB2C4@gmail.com> <9175dc32-45c1-e948-c20a-3bcc958b77b9@gmail.com> <YjmJQMNgnJoSInUw@Space.Net> <fd17a91f-68dc-92b5-0544-51aefa1b7f08@gmail.com> <CAM5+tA-Wq5O4pjQ++VZQi-FTKZGMRAW-LFc6O5dPOyox4QZDEw@mail.gmail.com> <CAPt1N1mK=Xgtt+aYa4ga8YqK2XYhCdQUPrwgVU8xstH+F_RAfQ@mail.gmail.com> <CAM5+tA9zhMpJ1s8keoL8eoEMej5tOM=-imXypHEreUa3wOrt5Q@mail.gmail.com> <2959747f-7b2e-ba95-64ae-95794fa8c4eb@gmail.com> <CAM5+tA8FqinJ0KNw7TuMEZ346bw+LStjGAY=gp7WwrRtii04cg@mail.gmail.com>
In-Reply-To: <CAM5+tA8FqinJ0KNw7TuMEZ346bw+LStjGAY=gp7WwrRtii04cg@mail.gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Tue, 22 Mar 2022 22:09:21 +0100
Message-ID: <CAPt1N1ndx6NNqAaBWD7754DpQqyKzYG24Tmv6ZoKO3tcv4+wKA@mail.gmail.com>
To: buraglio@es.net
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, v6ops@ietf.org
Content-Type: multipart/alternative; boundary="0000000000000db03e05dad509ee"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/cRGnCMGzsHGHp-OKWOKbiW1kJls>
Subject: Re: [v6ops] Thoughts about wider operational input
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2022 21:10:06 -0000

Okay, but what does that have to do with ULAs and NAT64?

On Tue, Mar 22, 2022 at 10:05 PM Nick Buraglio <buraglio@es.net> wrote:

> In RFC6724 section 2.1 states:
>
> If an implementation is not configurable or has not been configured,
> then it SHOULD operate according to the algorithms specified here in
> conjunction with the following default policy table:
>
>       Prefix        Precedence Label
>       ::1/128               50     0
>       ::/0                  40     1
>       ::ffff:0:0/96         35     4
>       2002::/16             30     2
>       2001::/32              5     5
>       fc00::/7               3    13
>       ::/96                  1     3
>       fec0::/10              1    11
>       3ffe::/16              1    12
>
> https://datatracker.ietf.org/doc/html/rfc6724#section-2.1
>
> Linux is /theoretically/ configurable but implementations are
> inconsistent. Even so, changing this at scale is operationally
> impossible and would present as a huge impediment for any deployment
> of size. My experience has been that most implementations have taken
> the "...implementation is not configurable" approach, and that has
> become the de facto standard. Again, if we are talking about
> impediments to enterprise deployment, this is on the list. It is
> unrealistic to expect or require a sweeping change to a protocol
> default by a random enterprise deployment team. We went quite deep in
> this thread back in August of 2021 on this list. I am also happy to be
> wrong here.
>
> nb
>
> ---
> Nick Buraglio
> Planning and Architecture
> Energy Sciences Network
> +1 (510) 995-6068
>
>
> On Tue, Mar 22, 2022 at 3:48 PM Brian E Carpenter
> <brian.e.carpenter@gmail.com> wrote:
> >
> > Nick,
> >
> > Where is the "prefer IPv4 over ULA" preference coded (whereas,
> presumably, "prefer IPv4 over GUA" is not coded)?
> >
> > Regards
> >     Brian Carpenter
> >
> > On 23-Mar-22 09:35, Nick Buraglio wrote:
> > > Yes, I know I have harped on this many times and have posted some
> simple examples of the behavior to the list. My experience has been, and
> continues to be, that if I have dual stacked hosts with A and AAAA records,
> and the IPv6 clients are using ULA that IPv6 is never used. In an IPv6-only
> environment ULA has no higher priority protocol to supersede the ULA. In
> the context of transitioning to an IPv6 world, it is fairly unrealistic to
> assume any kind of greenfield, and dual-stack
> > is by and large the standard "permanently temporary" solution for the
> vast majority of implementations. So in this context, which has been 99% of
> what I have seen until I began working on the IPv6-only implementation
> mandated by the USG OMB-M-21-07 document, that was the de facto standard
> (and will continue to be for enterprise deployments, in my opinion).
> > > I would be happy to be incorrect about this, honestly it would make my
> work-life easier if I was. So, yes, I fully acknowledge that your use case
> is absolutely the right one for ULA. For doing a transition in an existing
> network (which circles back the the original topic of this thread: getting
> enterprises to use IPv6 in a meaningful way), this is a really
> > well put together descriptions of the every-day implications of trying
> to use ULA:
> > >
> https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networks/
> <https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networks/
> >
> > >
> > > nb
> > >
> > >
> > >
> > >
> > >
> > > On Tue, Mar 22, 2022 at 3:20 PM Ted Lemon <mellon@fugue.com <mailto:
> mellon@fugue.com>> wrote:
> > >
> > >     I'm sure you believe this assertion, Nick, but you haven't given us
> > any way of understanding why you believe this. In fact we're using ULAs
> in the Thread Border Router to enable IPv6 communication between different
> > subnets, which literally could not be done with IPv4. So at least for
> this use case, ULAs work well. Would it work better to have a GUA? Comme ci
> comme ça. On the one hand, prefix delegation and real routing would make
> the solution more general. On the other, GUAs are great for reaching
> > out to the internet, which we may or may not want light bulbs to be able
> to do.
> > >
> > >     On Tue, Mar 22, 2022 at 9:13 PM Nick Buraglio <buraglio@es.net
> <mailto:buraglio@es.net>> wrote:
> > >
> > >         ULA is an operational non-starter in the presence of any dual
> stacked hosts.  Per its design, it just won't ever use IPv6 in any
> meaningful way and that time and effort are better served on adding GUA
> addressing of one kind or another.
> > >
> > >         nb
> > >
> > >
> > >
> > >         On Tue, Mar 22, 2022 at 2:55 PM Brian E Carpenter <
> brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>> wrote:
> > >
> > >             Hi Gert,
> > >
> > >             I see that the discussion has been going on while I was
> sleeping, but I want to clarify below...
> > >             On 22-Mar-22 21:30, Gert Doering wrote:
> > >              > Hi,
> > >              >
> > >              > On Tue, Mar 22, 2022 at 11:42:12AM +1300, Brian E
> Carpenter wrote:
> > >              >> I agree with Jordi that multihoming is a genuine
> impediment. What isn't generally realised is that it's a problem of scale
> when considering at least 10,000,000 enterprises, much more than it's a
> problem of IPv6 itself.
> > >              >
> > >              > What is "an enterprise"?
> > >              >
> > >              > My stance on this is that for "largely unmanaged SoHo
> networks" - which
> > >              > could be called "small enterprise" - dual-enduser-ISP
> with dual-/48 or
> > >              > NPT66 gets the job done in an easy and scalable way
> (HNCP would have
> > >              > been great, but IETF politics killed it).
> > >              >
> > >              > "Enterprise that truly need their own independent fully
> managed network
> > >              > with multiple ISP uplinks and fully routed independent
> address space"
> > >              > are probably way less than 10 million...
> > >
> > >             I came up with 10 million quite some years ago as a
> reasonable estimate
> > >             of the number of medium to large businesses in the world,
> all of which
> > >             might depend on *reliable* Internet access to survive (and
> WfH during
> > >             COVID has made this even more important recently). So all
> of them
> > >             should have two independent paths to the Internet to assure
> > reliability.
> > >             That means two different ISPs (or less good, two completely
> > independent
> > >             paths to the same ISP).
> > >
> > >             So, if PI addressing is the answer, that really does take
> us to
> > >             10M /48s to be routed.
> > >
> > >             If PA is the answer, that's why I worked on SHIM6 (may it
> rest in
> > >             peace). Which is why I worked on RFC 8028. If that's not
> the
> > >             answer, we're back to NPTv6. Possibly even to ULA+NPTv6.
> > >
> > >              > Half of them do not want Internet access anyway, just
> access to their
> > >              > ALGs that will do the filtering and TLS inspection and
> everything, and
> > >              > then out to the Internet as a new TCP session (= could
> > be done with
> > >              > DMZ islands of upstream-provider-allocated space just
> fine).
> > >              >
> > >              >
> > >              > We need to work on our marketing regarding
> multihoming.  "What is it that
> > >              > you get, what is the cost, which of the variants do you
> want, and why...?"
> > >
> > >             Yes.
> > >                  Brian
> > >
> > >             _______________________________________________
> > >             v6ops mailing list
> > >             v6ops@ietf.org <mailto:v6ops@ietf.org>
> > >             https://www.ietf.org/mailman/listinfo/v6ops <
> https://www.ietf.org/mailman/listinfo/v6ops>
> > >
> > >         _______________________________________________
> > >         v6ops mailing list
> > >         v6ops@ietf.org <mailto:v6ops@ietf.org>
> > >         https://www.ietf.org/mailman/listinfo/v6ops <
> https://www.ietf.org/mailman/listinfo/v6ops>
> > >
> >
>

v2.23.0 | Report a Bug | By Email