Re: [v6ops] IPv6-only section [draft-ietf-v6ops-enterprise-incremental-ipv6 WGLC]

Ray Hunter <v6ops@globis.net> Thu, 08 August 2013 16:31 UTC

Return-Path: <v6ops@globis.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B13EF21E8089 for <v6ops@ietfa.amsl.com>; Thu, 8 Aug 2013 09:31:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.149
X-Spam-Level:
X-Spam-Status: No, score=-2.149 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VouFOq6k-GBX for <v6ops@ietfa.amsl.com>; Thu, 8 Aug 2013 09:31:57 -0700 (PDT)
Received: from globis01.globis.net (RayH-1-pt.tunnel.tserv11.ams1.ipv6.he.net [IPv6:2001:470:1f14:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id 85FA911E8152 for <v6ops@ietf.org>; Thu, 8 Aug 2013 09:31:56 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id 2AEC08700DF; Thu, 8 Aug 2013 18:31:40 +0200 (CEST)
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YplzXTzPPAlF; Thu, 8 Aug 2013 18:31:40 +0200 (CEST)
Received: from Rays-iMac-2.local (unknown [192.168.0.3]) (Authenticated sender: Ray.Hunter@globis.net) by globis01.globis.net (Postfix) with ESMTPA id DE521870025; Thu, 8 Aug 2013 18:31:39 +0200 (CEST)
Message-ID: <5203C7E5.3060106@globis.net>
Date: Thu, 08 Aug 2013 18:31:33 +0200
From: Ray Hunter <v6ops@globis.net>
User-Agent: Postbox 3.0.8 (Macintosh/20130427)
MIME-Version: 1.0
To: Erik Nygren <erik+ietf@nygren.org>
References: <201308041800.r74I03pC023049@irp-view13.cisco.com> <5200804D.2050006@gmail.com> <CAD6AjGTGL9JVK6egOAVXhMFv77L0b=9eVjKAauwNzLnaM=Mcyw@mail.gmail.com> <52031D69.3070604@gmail.com> <CAD6AjGTAJVvmG_byRMW_F2g+WDBvdRLop_oLshgwbUsfBjRzbA@mail.gmail.com> <CAKC-DJh1q+sJB00yo7HsFifWb=42teg_ga4CjRQVVecU1emcDA@mail.gmail.com>
In-Reply-To: <CAKC-DJh1q+sJB00yo7HsFifWb=42teg_ga4CjRQVVecU1emcDA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: v6ops@ietf.org
Subject: Re: [v6ops] IPv6-only section [draft-ietf-v6ops-enterprise-incremental-ipv6 WGLC]
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2013 16:31:57 -0000

Erik Nygren wrote:
> It's also likely the case that at least some enterprises control
> portions of
> their environments well enough that mostly-IPv6 could potentially be much
> more viable than a residential environment.  For example, a retail
> store chain using
> HTTP-based POS terminals and kiosks may have enough control over their
> environment
> that they could ideally deploy an IPv6-only environment and just use
> NAT64/DNS64
> to get to some of their supplier websites that still require IPv4.
> It might also be attractive to some US Government agencies who control
> the devices and clients within their network to use this approach as part
> of meeting the OMB September 2014 mandate for IPv6 client support. 
> That could be simpler for those agencies than rolling out a dual-stack
> environment.
> (I'm very curious if either of these cases exists in production in the
> field today...)
>
>       Erik
>

Why would anyone in their right mind chose to deploy NAT64/DNS64 in a
commercial environment given the prices I've seen for that functionality?

I can't imagine them wanting something like that in operations either.

It's likely to be much cheaper to let legacy applications die off
naturally, run dual stack or even dual servers for some systems, and
deploy a combination of simple forward and reverse web proxies for the
rest (assuming web based apps).

AFAIK There's still stuff happily running Bisync (BSC) out there (over
IP tunnels) and support for that was deprecated in the 1970's in favour
of SNA. So I wouldn't hold your breathe waiting for 100% migration to
IPv6. It's going to be pretty easy to maintain a private IPv4 - IPv4
network over a GRE tunnel over an IPv6 Internet for a very long time yet.

>
> On Thu, Aug 8, 2013 at 8:45 AM, cb.list6 <cb.list6@gmail.com
> <mailto:cb.list6@gmail.com>> wrote:
>
>
>     On Aug 7, 2013 9:24 PM, "Brian E Carpenter"
>     <brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>>
>     wrote:
>     >
>     > On 08/08/2013 16:08, cb.list6 wrote:
>     > > On Aug 5, 2013 9:49 PM, "Brian E Carpenter"
>     <brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>>
>     > > wrote:
>     > >> On a different topic, section 5 covers IPv6-only issues.
>     > >> I'm a bit concerned that this might need a health warning:
>     > >> deploying NAT64/DNS64 might cause pain and suffering.
>     > >> Perhaps after this text:
>     > >>
>     > >>>    Together, RFCs
>     > >>>    6146 and RFC 6147 provide a viable method for an
>     IPv6-only client to
>     > >>>    initiate communications to an IPv4-only server.
>     > >> we should add something like:
>     > >>
>     > >>    At enterprise level, operating NAT64 and DNS64 services for
>     > >>    heavy usage may have significant practical implications.
>     > >>
>     > >
>     > > Can you be more specific? Pratical data?
>     >
>     > Not really, because I've never operated one in real life. It doesn't
>     > strike me as the sort of service that most enterprise network
>     > managers will be familiar with, and a v6-only site needing a normal
>     > level of access to v4-land would end up sending most of its external
>     > traffic via NAT64 and most of its external DNS queries via DNS64.
>     > Therefore, these would become an important single point of failure
>     > and a potential bottleneck. The text doesn't seem to point this out.
>     >
>
>     Agree with Joel, nat64 will be parity with common nat44 and
>     firewalls in terms of availability
>
>     Regarding majority of traffic, i believe the scales have tipped to
>     show v6 is the majority for campus networks, which is the best
>     proxy in the available data
>
>     http://www.worldipv6launch.org/measurements/
>
>     These numbers also skew low since Apple has a non-deterministic
>     happy eyeballs
>
>     Given that enterprises and all users of IP are out of ipv4, so
>     they need to not use ipv4 yet have access to it, guidance against
>     nat64 will frustrate the issue.
>
>     Guidance should be given to make as many flow v6 e2e. Full stop.
>
>     CB
>
>
>     >    Brian
>     >
>     > > CB
>     > >
>     > >> Also, the last paragraph of section 5:
>     > >>
>     > >>>    It is worth noting that for IPv6-only access networks
>     that use
>     > >>>    technologies such as NAT64, the more content providers (and
>     > >>>    enterprises) that make their content available over IPv6,
>     the less
>     > >>>    the requirement to apply NAT64 to traffic leaving the
>     access network.
>     > >> A reference to RFC 6883 would fit nicely there.
>     > >>
>     > >> Regards
>     > >>    Brian
>     > >> _______________________________________________
>     > >> v6ops mailing list
>     > >> v6ops@ietf.org <mailto:v6ops@ietf.org>
>     > >> https://www.ietf.org/mailman/listinfo/v6ops
>     > >
>
>     _______________________________________________
>     v6ops mailing list
>     v6ops@ietf.org <mailto:v6ops@ietf.org>
>     https://www.ietf.org/mailman/listinfo/v6ops
>
>


-- 
Regards,
RayH