IETF Logo Mail Archive

Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]

Nick Buraglio <buraglio@es.net> Fri, 29 April 2022 15:09 UTC

Return-Path: <buraglio@es.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B24B0C15EB57 for <v6ops@ietfa.amsl.com>; Fri, 29 Apr 2022 08:09:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=es.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9RUn12Q9Gaf7 for <v6ops@ietfa.amsl.com>; Fri, 29 Apr 2022 08:09:41 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80420C15ED43 for <v6ops@ietf.org>; Fri, 29 Apr 2022 08:09:41 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id s27so10903297ljd.2 for <v6ops@ietf.org>; Fri, 29 Apr 2022 08:09:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=es.net; s=esnet-google; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=veEeWQQMiqYhAFeWNQuh0sHlCBD5RGEvnhyoiWDvqF4=; b=djC7pvcDd/spSp63n99OiGfkiC2jGlTr/dTj0ees9pD2l9xna9jyAuTn7i3eoSlVCa 8snTiAgt5C5r7uhuh/u4pgMDDU+ZxdU3zmcxZ07yswb7JjVSp8eDiCTaCHEFYxFmOTHM yLn/qjZ2uVfxKEUdkHeyCYZiz0LCtvO3iuKcjoSAorI06PXfqt7Uzvn3Jm6aWOqqtcV0 NkQDCVOnEhvfBuATCgcCBDlvV99k+SKTa9YMc8pzVL4wmhv8P1BUGQkSS5Vgz6Z1bggR D9KLbqYsnbSzBZs6cgyopcOt433VBzdmH0jqXewCR9d/Me+7FVv+IhaY4VUUS6LV84tQ UCbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=veEeWQQMiqYhAFeWNQuh0sHlCBD5RGEvnhyoiWDvqF4=; b=mIVUj7Xv52LCxO6cO2Y9qrHbNdPgPzlzL3MjZVGomCASWNeSny1SsF4aVi8t1IDL8S Nki/tmM9K7YlPXyB4jA7ZW+7IShMQ6hNWJq2HcLRqdMLwLlCX37G6v9vn4VwM2U5VrAV Bw8FszAvREsnoEv70X/1Iwlwd9fvlapnKiZnA1rgFChvDXRqSNDtZsMxy/N70aLsEBOV +3abb/cY/0VZbdAXlEwJaBoNF2UoxdZBt4le1OT2tb1AlhcDFiDq/ZpwLm9CxYkF2k7a TqcxlMgA9ujoabYOUBCkJO4MtL7f1ehgOBsth+eWr7K9P0PZfwR3hItraCthi4VGap9r U89A==
X-Gm-Message-State: AOAM533fQmYlBECkqN3tTMUyePr20+8sR4BLShqcoEyHrEoqomscLsiU 927i65eqoX7WTqCVbpkzVB7ttQJkwNN04fw2Bw1oTQChH8gPi5O6ARp4f1CNaBuJRrKB1aLPSOA ZrUVyCuOPXlXiiYLPlbzB/4siNk8pr1tw9NoCeaDglGPOAaFy6bgGrAmj/aYpjg07ZzQu8M5iYU 0=
X-Google-Smtp-Source: ABdhPJzFfpzgfz5YANx6rQ/KJ/RRy6mEsN2AqMs6vHvZ1i+6ySeOR4CBiuxLPyXY51oqAoKdcOD8mCBdSPe67hfsqEA=
X-Received: by 2002:a2e:1f09:0:b0:24d:d65:bd8a with SMTP id f9-20020a2e1f09000000b0024d0d65bd8amr24995481ljf.245.1651244978712; Fri, 29 Apr 2022 08:09:38 -0700 (PDT)
MIME-Version: 1.0
References: <CAM5+tA8WvjvWirxqE6kQ9LQAG0NcpWyCLGVooB=G7gZ9ETb2zQ@mail.gmail.com> <20220424172743.GA218999@fg-networking.de> <CAKD1Yr1v0Tkh+pWD-ts=PL3gZf7Qj6OHW6Cuvj8iGcSSMibjew@mail.gmail.com> <0afe25f5-52b7-a438-0696-cf8b0a83c2dc@gmail.com> <BN8PR07MB70760D9693580F5BDCB61DD995F89@BN8PR07MB7076.namprd07.prod.outlook.com> <CAKD1Yr3Z9wGQ+uiA2WcW00MrOiLyHs+bSoFjHVtrixCi2qp4DA@mail.gmail.com> <BN8PR07MB7076A6456CAB48EF428D6E8695F89@BN8PR07MB7076.namprd07.prod.outlook.com> <65d0d9ac-77fc-c200-09e3-0c3949ca1541@gmail.com> <CAN-Dau2FS99ewfgH8xk-jSJFCnO92CJV9ZC98DUE2UDR7V1Eww@mail.gmail.com> <CANMZLAYbpZBDA8uFnJqfWfWTQ4S9RN4a-DqWe36qzfAfDtXiQA@mail.gmail.com> <CAN-Dau0BjRR2_7xz38DpJsz0Y=Z_8bV5n-=Eh1QUVEDzqVxmaA@mail.gmail.com> <CAPt1N1=H=eAyRu0JcHnLpZEUizDZ4Kj0VwPu=0nM=Wn+y3Ho1w@mail.gmail.com> <CAM5+tA_4rtSkgEuRUFZ2LYr6i8a7vWeKODYieVARF3RbRvgRww@mail.gmail.com> <BN8PR07MB7076DE3E745CB916FB81879595FA9@BN8PR07MB7076.namprd07.prod.outlook.com> <ADAE42CE-448F-42F5-89BE-692F493E2DC8@consulintel.es> <CAM5+tA_ksJ+agY1tze1-zPHLsgYFgjEYtnuPs+ffZbnRqiHytw@mail.gmail.com> <BAD082DA-0958-4926-B3E5-4E4599A75078@consulintel.es> <BN8PR07MB7076564E50C0DAFBFAB950FD95FA9@BN8PR07MB7076.namprd07.prod.outlook.com> <CAPt1N1ncVkekecS=dBHSR3WtaEMruy55Udxy0WSMGTgbN24pKw@mail.gmail.com> <CAM5+tA8-Zqka-vZ9jRL3wn0dtfuJj0ECx_k9prwyS2ypisaPtw@mail.gmail.com> <FB031B76-7E88-4824-876F-D1A05F8D2215@thehobsons.co.uk> <CAFU7BAST-oNGpy4JvODDsf=8eS69hV8XCi8OgEHBkkoujRN3Rw@mail.gmail.com> <699f556a3eac41179a80d2cc8749a191@huawei.com> <CAO42Z2wiebCOPmtcEOJ3rOaZEpHE7qFZZTf5KLWybSsL6rOd9Q@mail.gmail.com> <CAN-Dau1FV-uEkX1S7vOEVxggjcNvUVTmokPAEOiapxPTySN-vw@mail.gmail.com> <CAPt1N1mk8Qv1anXohCJaiH0WWn-BkS4mr=ffyF0cCaE7CM314w@mail.gmail.com> <CAE=N4xf_wRPQeChkfXWxj7+Do8jp2U6hDtjH+-RUNis+ynMRbQ@mail.gmail.com>
In-Reply-To: <CAE=N4xf_wRPQeChkfXWxj7+Do8jp2U6hDtjH+-RUNis+ynMRbQ@mail.gmail.com>
Reply-To: buraglio@es.net
From: Nick Buraglio <buraglio@es.net>
Date: Fri, 29 Apr 2022 10:09:26 -0500
Message-ID: <CAM5+tA__Gegt5fR1UFwshm7DKDVMDpFsJK2jMG6Z6Yo79Noc3A@mail.gmail.com>
To: Ed Horley <ed@hexabuild.io>
Cc: Ted Lemon <mellon@fugue.com>, David Farmer <farmer=40umn.edu@dmarc.ietf.org>, Xipengxiao <xipengxiao=40huawei.com@dmarc.ietf.org>, v6ops list <v6ops@ietf.org>, 6man list <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000651e2405ddcc6ee0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/hgSRAFMqIHQvT-Zy9N4gKFtoLLA>
Subject: Re: [v6ops] Vicious circle [ULA precedence [Thoughts about wider operational input]]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Apr 2022 15:09:45 -0000

On Fri, Apr 29, 2022 at 10:00 AM Ed Horley <ed@hexabuild.io> wrote:

> To bring things back into focus. I believe the goal of the submitted
> informational draft was to identify the "Unintended Operational issues with
> ULA" (which is the title of the draft) so that it was clear what structural
> problems exist with ULA currently. It does not propose any fixes, I believe
> that would be a separate but important discussion (well, a yelling
> match apparently). I am specifically interested if anyone has any
> documented and verifiable configurations that either counter the points
> made, disprove the points made, or prove false the points made in the
> submitted draft. For those that have not read it yet you can find it here:
> https://datatracker-ietf-org.lucaspardue.com/doc/draft-buraglio-v6ops-ula/
> or
> https://www.ietf.org/id/draft-buraglio-v6ops-ula-01.html
>
> Once we agree on what the problem space is, I believe it makes it a bit
> easier to talk about what to actually fix, if anything. I believe that was
> the goal Nick had originally with this, but he can confirm that I imagine.
>

Exactly this. The draft was intended to identify a gap, a problem space
that we encounter fairly frequently in the work I am doing at the moment.
It is *not* intended to condone address translation, to hasten NAT66, or to
solutioneer anything. That part should come after we agree that there is in
fact a problem space as defined in the draft.

To bring this back to a very simple yes or no question, does anyone
disagree with, or have recent experience that is counter to the draft?
If the answer is that "yes, we have data that shows that this draft is
incorrect", let's talk about that.

nb



> - Ed
>
> On Fri, Apr 29, 2022 at 7:38 AM Ted Lemon <mellon@fugue.com> wrote:
>
>> The difference is that NAT44 made things better. NAT66 arguably doesn’t.
>> Pretty clearly there is a better alternative for the specific pci case
>> we’ve been discussing.
>>
>> This doesn’t mean people won’t do nat66 out of habit anyway, but it will
>> cost extra and add no value, so I don’t see any reason why it would become
>> and remain a best practice.
>>
>> On Fri, Apr 29, 2022 at 10:16 David Farmer <farmer=
>> 40umn.edu@dmarc.ietf.org> wrote:
>>
>>>
>>>
>>> On Thu, Apr 28, 2022 at 6:02 PM Mark Smith <markzzzsmith@gmail.com>
>>> wrote:
>>>
>>>> On Fri, 29 Apr 2022 at 07:37, Xipengxiao
>>>> <xipengxiao=40huawei.com@dmarc.ietf.org> wrote:
>>>>
>>>> > My point is, given PCI DSS 4.0 (what Jen wrote as PCR DSS 4.0), we
>>>> should tell enterprises they no longer need NAT. But if some enterprises
>>>> still insist, respect their decision.
>>>>
>>>> Ignore them. IPv6 doesn't solve any problem they have, and adding NAT
>>>> to IPv6 still won't solve any problem they have, because IPv6 still
>>>> won't solve a problem they have.
>>>>
>>>> ...
>>>>
>>>> Even government mandates to get enterprises to adopt a networking
>>>> protocol don't work - the Internet is supposed to be running CLNS by
>>>> now as mandated by governments around the world. (I expect Vint Cerf
>>>> was being nice while working on this rather than truly believing OSI
>>>> would take over.)
>>>>
>>>> Explaining the Role of GOSIP
>>>> https://www.rfc-editor.org/rfc/rfc1169.html
>>>>
>>>>
>>>>  It's more important to get enterprises to use IPv6 ASAP, than to
>>>> insist that they use the "right" IPv6 solution.
>>>> >
>>>>
>>>> Why is it important to get enterprises to use IPv6 ASAP?
>>>>
>>>>
>>>> Regards,
>>>> Mark.
>>>>
>>>
>>> Ignore credit cards and enterprises, that's your advice for IPv6?
>>>
>>> So, no one using IPv6 wants to get paid for anything? Or, are you
>>> suggesting we maintain a quaint IPv4 network in the corner, so we can do
>>> credit cards and can get paid?
>>>
>>> As for enterprises, Google and AWS are enterprises, are you suggesting
>>> they should be ignored too? Most of the valuable things on the Internet are
>>> run by enterprises.
>>>
>>> Supporters of IPv6 need to very much care about enterprises; We need
>>> them to make their content available via IPv6. We need them to enable IPv6
>>> on the Internet-facing parts of their networks.
>>>
>>> Do we need them to enable IPv6 on their internal networks, maybe or
>>> maybe not. However, if enterprises are not comfortable with IPv6 why would
>>> they enable their content over IPv6?
>>>
>>> I'm not suggesting we have to do NAT66 or even NPTv6, however, I think
>>> we should have something to tell those doing NAT44 today and want to
>>> maintain an internal private network. Maybe ULA with application gateways
>>> and proxies instead of NAT. But I don't think the internal private network
>>> model is just going to go away, too many people are comfortable with it.
>>>
>>> Furthermore, ignoring NAT44 from a standardization point of view worked
>>> so well the last time. "Ignore them, and they will go away," didn't work
>>> last time and it's not going to work this time either.
>>>
>>> Thanks
>>>
>>>
>>> --
>>> ===============================================
>>> David Farmer               Email:farmer@umn.edu
>>> Networking & Telecommunication Services
>>> Office of Information Technology
>>> University of Minnesota
>>> 2218 University Ave SE
>>> <https://streaklinks.com/BByrD6ad3b0OpBiK1wctjpyV/https%3A%2F%2Fwww.google.com%2Fmaps%2Fsearch%2F2218%2BUniversity%2BAve%2BSE%3Fentry%3Dgmail%26source%3Dg>
>>>       Phone: 612-626-0815
>>> Minneapolis, MN 55414-3029   Cell: 612-812-9952
>>> ===============================================
>>> _______________________________________________
>>> v6ops mailing list
>>> v6ops@ietf.org
>>> https://www.ietf.org/mailman/listinfo/v6ops
>>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
>
>
> --
> Ed Horley
> ed@hexabuild.io | (925) 876-6604
> Advancing Cloud, IoT, and Security with IPv6
> https://hexabuild.io
> And check out the IPv6 Buzz Podcast at
> https://packetpushers.net/series/ipv6-buzz/
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>
ᐧ

v2.23.0 | Report a Bug | By Email