IETF Logo Mail Archive

Re: [v6ops] Thoughts about wider operational input

Nick Buraglio <buraglio@es.net> Tue, 22 March 2022 20:35 UTC

Return-Path: <buraglio@es.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C28A3A1053 for <v6ops@ietfa.amsl.com>; Tue, 22 Mar 2022 13:35:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=es.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H3-vKuqmk_uB for <v6ops@ietfa.amsl.com>; Tue, 22 Mar 2022 13:35:23 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 423673A1075 for <v6ops@ietf.org>; Tue, 22 Mar 2022 13:35:23 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id q5so25536836ljb.11 for <v6ops@ietf.org>; Tue, 22 Mar 2022 13:35:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=es.net; s=esnet-google; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=RhUN446ycAg9DyxoOSNX4ErE4G6S5PqatIQHZWTXoOc=; b=gaa6I4Z9phbkyANXZzfWyHRn2YT9UZk20kJtlw/7gLeV1rSzOK9oIzQOXGG25cP0Nb RGbAc1jbVD+APTCeanIP21EBYj3zAm5IyF0eXgcxtIaCPROIvxTgUfQUMs5UUKFdRXus k22AeZWOoRfs5wPoIny5xGiPinys/DMYh/vVskyg03ePzWEcv5TUkez40HXVZLfF0U4C YikvfxCZatSxeTQrSRAFfr7R6iJW9TGHJfDTu2rO4KY2vSESs46NRWyJHdMkyIma8MdE XP3TUfpaE5LiZjya5nBerIe0K1/4rFjgsIYyDy3vO3tUbsr4QbWkFnGGlu2p+nppJ9kf Hlsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=RhUN446ycAg9DyxoOSNX4ErE4G6S5PqatIQHZWTXoOc=; b=WHaedTKoP8OXXNf1EMr9HEOrlNVAwH9gNgvtEHtNTQW7y2IcTN63rWg385Sb8rfNdS f9htIGh340eISUNr65zpxQeYxGZea9mwFJYZ9i0eb/7fWYo5K9YsBooDbRyi1/8mo109 LGOUnimz8mmILfyBe/tXYMOY1G5URjw6pofAKqs/r1f82OHmlQSO1mBjiYK80LPig1C9 Ri91c8q7RcaTblsV1q0fDPAA4WbzTPROPg4uwcRlQE87ykqhr+GJ6OFz1HXYVZQ23PZZ bSJxFeu+BoNTq5n4w+9jkjquJTS9o8c6NkS3IXEQzBmRbdWnJuLu16myEmDAENG2mhUq 66+g==
X-Gm-Message-State: AOAM5302o6HSXybJPhofwmfD7kGUzfUrgqrKtgJPVaeQ0DCgLQLgqpuL 8gCUrtfp2laFBJG0ducGQdpbomzfOd7dhQFcOrq/O59EnDLnsJpdD03BGk+3aIjtGRGaDpQ+FF6 esYHhUIJch9dlBKNjzFd0qQvtEPbPEZPHrDx38c+4K8QKX8tXuUcmhoMMQh8sScTwwIG1JSaUZq o=
X-Google-Smtp-Source: ABdhPJyVLR0vbRRFjpMiGOmwyA2iI3jMaBHQ5rCC2p+DncSwKYh+LIAOBQ7XNjSENOvsk7aPJ6LfRx7HWWN8nyx6J6g=
X-Received: by 2002:a05:651c:b11:b0:249:9504:e929 with SMTP id b17-20020a05651c0b1100b002499504e929mr2541076ljr.0.1647981320537; Tue, 22 Mar 2022 13:35:20 -0700 (PDT)
MIME-Version: 1.0
References: <52661a3d-75dc-111a-3f23-09b10d7cb8d4@gmail.com> <A72CDDDB-CDCE-4EAF-B95E-997C764DB2C4@gmail.com> <9175dc32-45c1-e948-c20a-3bcc958b77b9@gmail.com> <YjmJQMNgnJoSInUw@Space.Net> <fd17a91f-68dc-92b5-0544-51aefa1b7f08@gmail.com> <CAM5+tA-Wq5O4pjQ++VZQi-FTKZGMRAW-LFc6O5dPOyox4QZDEw@mail.gmail.com> <CAPt1N1mK=Xgtt+aYa4ga8YqK2XYhCdQUPrwgVU8xstH+F_RAfQ@mail.gmail.com>
In-Reply-To: <CAPt1N1mK=Xgtt+aYa4ga8YqK2XYhCdQUPrwgVU8xstH+F_RAfQ@mail.gmail.com>
Reply-To: buraglio@es.net
From: Nick Buraglio <buraglio@es.net>
Date: Tue, 22 Mar 2022 15:35:08 -0500
Message-ID: <CAM5+tA9zhMpJ1s8keoL8eoEMej5tOM=-imXypHEreUa3wOrt5Q@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, v6ops@ietf.org
Content-Type: multipart/alternative; boundary="000000000000356ada05dad48d50"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/hK0Sc1ReqaS5ovw3nenyqOmvVdk>
Subject: Re: [v6ops] Thoughts about wider operational input
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2022 20:35:31 -0000

Yes, I know I have harped on this many times and have posted some
simple examples of the behavior to the list. My experience has been, and
continues to be, that if I have dual stacked hosts with A and AAAA records,
and the IPv6 clients are using ULA that IPv6 is never used. In an IPv6-only
environment ULA has no higher priority protocol to supersede the ULA. In
the context of transitioning to an IPv6 world, it is fairly unrealistic to
assume any kind of greenfield, and dual-stack is by and large the standard
"permanently temporary" solution for the vast majority of implementations.
So in this context, which has been 99% of what I have seen until I began
working on the IPv6-only implementation mandated by the USG OMB-M-21-07
document, that was the de facto standard (and will continue to be for
enterprise deployments, in my opinion).
I would be happy to be incorrect about this, honestly it would make my
work-life easier if I was. So, yes, I fully acknowledge that your use case
is absolutely the right one for ULA. For doing a transition in an existing
network (which circles back the the original topic of this thread: getting
enterprises to use IPv6 in a meaningful way), this is a really well put
together descriptions of the every-day implications of trying to use ULA:
https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networks/

nb





On Tue, Mar 22, 2022 at 3:20 PM Ted Lemon <mellon@fugue.com> wrote:

> I'm sure you believe this assertion, Nick, but you haven't given us any
> way of understanding why you believe this. In fact we're using ULAs in the
> Thread Border Router to enable IPv6 communication between different
> subnets, which literally could not be done with IPv4. So at least for this
> use case, ULAs work well. Would it work better to have a GUA? Comme ci
> comme ça. On the one hand, prefix delegation and real routing would make
> the solution more general. On the other, GUAs are great for reaching out to
> the internet, which we may or may not want light bulbs to be able to do.
>
> On Tue, Mar 22, 2022 at 9:13 PM Nick Buraglio <buraglio@es.net> wrote:
>
>> ULA is an operational non-starter in the presence of any dual stacked
>> hosts.  Per its design, it just won't ever use IPv6 in any meaningful way
>> and that time and effort are better served on adding GUA addressing of one
>> kind or another.
>>
>> nb
>>
>>
>>
>> On Tue, Mar 22, 2022 at 2:55 PM Brian E Carpenter <
>> brian.e.carpenter@gmail.com> wrote:
>>
>>> Hi Gert,
>>>
>>> I see that the discussion has been going on while I was sleeping, but I
>>> want to clarify below...
>>> On 22-Mar-22 21:30, Gert Doering wrote:
>>> > Hi,
>>> >
>>> > On Tue, Mar 22, 2022 at 11:42:12AM +1300, Brian E Carpenter wrote:
>>> >> I agree with Jordi that multihoming is a genuine impediment. What
>>> isn't generally realised is that it's a problem of scale when considering
>>> at least 10,000,000 enterprises, much more than it's a problem of IPv6
>>> itself.
>>> >
>>> > What is "an enterprise"?
>>> >
>>> > My stance on this is that for "largely unmanaged SoHo networks" - which
>>> > could be called "small enterprise" - dual-enduser-ISP with dual-/48 or
>>> > NPT66 gets the job done in an easy and scalable way (HNCP would have
>>> > been great, but IETF politics killed it).
>>> >
>>> > "Enterprise that truly need their own independent fully managed network
>>> > with multiple ISP uplinks and fully routed independent address space"
>>> > are probably way less than 10 million...
>>>
>>> I came up with 10 million quite some years ago as a reasonable estimate
>>> of the number of medium to large businesses in the world, all of which
>>> might depend on *reliable* Internet access to survive (and WfH during
>>> COVID has made this even more important recently). So all of them
>>> should have two independent paths to the Internet to assure reliability.
>>> That means two different ISPs (or less good, two completely independent
>>> paths to the same ISP).
>>>
>>> So, if PI addressing is the answer, that really does take us to
>>> 10M /48s to be routed.
>>>
>>> If PA is the answer, that's why I worked on SHIM6 (may it rest in
>>> peace). Which is why I worked on RFC 8028. If that's not the
>>> answer, we're back to NPTv6. Possibly even to ULA+NPTv6.
>>>
>>> > Half of them do not want Internet access anyway, just access to their
>>> > ALGs that will do the filtering and TLS inspection and everything, and
>>> > then out to the Internet as a new TCP session (= could be done with
>>> > DMZ islands of upstream-provider-allocated space just fine).
>>> >
>>> >
>>> > We need to work on our marketing regarding multihoming.  "What is it
>>> that
>>> > you get, what is the cost, which of the variants do you want, and
>>> why...?"
>>>
>>> Yes.
>>>     Brian
>>>
>>> _______________________________________________
>>> v6ops mailing list
>>> v6ops@ietf.org
>>> https://www.ietf.org/mailman/listinfo/v6ops
>>>
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org
>> https://www.ietf.org/mailman/listinfo/v6ops
>>
>

v2.23.0 | Report a Bug | By Email