IETF Logo Mail Archive

Re: [v6ops] [Int-area] Still need to know what has changed.... Re: IPv10 draft (was Re: FW: v6ops - New Meeting Session Request for IETF 109 - IPv10)

Khaled Omar <eng.khaled.omar@outlook.com> Fri, 25 September 2020 14:03 UTC

Return-Path: <eng.khaled.omar@outlook.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C3513A0E28 for <v6ops@ietfa.amsl.com>; Fri, 25 Sep 2020 07:03:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gp9b2zLmCYKK for <v6ops@ietfa.amsl.com>; Fri, 25 Sep 2020 07:03:04 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-oln040092071075.outbound.protection.outlook.com [40.92.71.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17A203A0E23 for <v6ops@ietf.org>; Fri, 25 Sep 2020 07:03:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d6hxJqMrsF5V9doDsUvL77wHcgxy85d9w0hWvYwj9GItw60Q5yz7WU+1wjTWIqV/1Mmz7iJolhoCsyEiUmgc0hBtwcyNRx/6pd5YU8IDCHCgp7c+BdOJAS0j1/5BKuGbgbFbC/jFxHUbrd/U+shbJutg8CyQAA2YxDXsZGj82KDRbGF3f+utlAVH1+03uH0JSvbKasPdXuvKC6H/zRsI5a4jOsRN4d5x9fKStxEvxiLWcqtmPc0IyrWCx1l29b+BwkaXm1+oM7Uo1b4bW/97JB0AcI1R3NsSMwmtMT3iUImCLoFS5K0rbrI7T55fWFJ585Vb+twnM/JzJlTw4Ii5nw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dQdYZptWZ5OG3xziMevO3N5ryJOl4w8EkfcPQYhy890=; b=HTFeNDPqFoJNlZ6B9/GE+Fc0O0bTh99ow/8GetS0JuAa2oEMxTElRVg6wMFpgTFNqHmQveQtj3YVb35le1DAI1W8vczyQLmgk/CaR9KN4OKEU4FM2+M/lqYfKwBhvnCAIFoE43P0GZH5gkvXZIMc121NJG8G/asmnUw9poDL1/rhw5ff4vg4jJvNXeq9TWei7yw03gI6MYnwcw4B31iz0oTqSvXlKE/oCm6Q1cDuvEvU3xOu5pt96YOcfRJbuX3qEhn0thwphwwnDAotZNN7OgwUk25iggB5stcrnmDsKh8JNyMMCFMnyU0uCDoe8iWowETkHzbV/JlJKEVmQ6eOkQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dQdYZptWZ5OG3xziMevO3N5ryJOl4w8EkfcPQYhy890=; b=FEuoI7Nt3nWp1fpEdD+Msnc1s0IYhnK6Sftl/gUvthP104NQliqXEH2XrECJFvVzCfXANC7JNDgyo4RcrGVZ8NBbB5GmstRz8D3efBW7ZQpueVOamX28sYZkDtCX1QbC3K8lDG23UnDHIzm/qHot31pl0OmlohTB2/+2U2j94VXEFtX2Kza1PjgKHjpKfP68bgHI1RWMbhpOpySpMNJyraWoVUU13bhTH+u9tWP6tvwBu67WP9RT2L54fcK7jkF7fgefjxBgsH6ZIX6DqCZN0IegGTwcbA4VnxpJbwLXlNzpH/XgYcW+3HJqSc7KyfaoEdwyK4UdXD3MrAS4WRKlYQ==
Received: from VE1EUR03FT019.eop-EUR03.prod.protection.outlook.com (2a01:111:e400:7e09::41) by VE1EUR03HT040.eop-EUR03.prod.protection.outlook.com (2a01:111:e400:7e09::269) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.25; Fri, 25 Sep 2020 14:03:01 +0000
Received: from VI1P194MB0285.EURP194.PROD.OUTLOOK.COM (2a01:111:e400:7e09::43) by VE1EUR03FT019.mail.protection.outlook.com (2a01:111:e400:7e09::153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.21 via Frontend Transport; Fri, 25 Sep 2020 14:03:01 +0000
Received: from VI1P194MB0285.EURP194.PROD.OUTLOOK.COM ([fe80::89f6:7540:e834:ffb8]) by VI1P194MB0285.EURP194.PROD.OUTLOOK.COM ([fe80::89f6:7540:e834:ffb8%5]) with mapi id 15.20.3412.024; Fri, 25 Sep 2020 14:03:01 +0000
From: Khaled Omar <eng.khaled.omar@outlook.com>
To: Ola Thoresen <ola@nlogic.no>, "v6ops@ietf.org" <v6ops@ietf.org>
Thread-Topic: [v6ops] [Int-area] Still need to know what has changed.... Re: IPv10 draft (was Re: FW: v6ops - New Meeting Session Request for IETF 109 - IPv10)
Thread-Index: AQHWky0j5DPKSZ6F40OTLMgU9JFvQal5OFwggAAH1wCAAAEWgIAAE7CAgAAA5qCAAAprgIAAAYCw
Date: Fri, 25 Sep 2020 14:03:01 +0000
Message-ID: <VI1P194MB02857F31ACD53EA5D49D3896AE360@VI1P194MB0285.EURP194.PROD.OUTLOOK.COM>
References: <VI1P194MB0285F47132384AC7C0D8A8DCAE3C0@VI1P194MB0285.EURP194.PROD.OUTLOOK.COM> <F2516A37-06B1-44FC-850F-307114B7D6A5@gmail.com> <VI1P194MB0285B8AE9ACE88D1AF051ADAAE3A0@VI1P194MB0285.EURP194.PROD.OUTLOOK.COM> <601FB9F8-DB83-4654-B652-BE07C49F7918@gmail.com> <5ab64d0ebef1402d8bf912b937d7c489@huawei.com> <VI1P194MB02850EAA7D945B9163C84399AE360@VI1P194MB0285.EURP194.PROD.OUTLOOK.COM> <ac5fc80a-ff06-18e2-b8bf-2e5e4c6a1d90@nlogic.no> <VI1P194MB028559BEA400CA9EE6C5B26DAE360@VI1P194MB0285.EURP194.PROD.OUTLOOK.COM> <bc175f41-39b8-49e4-69e5-409ead616062@nlogic.no> <VI1P194MB0285A695A93D630DD779FE24AE360@VI1P194MB0285.EURP194.PROD.OUTLOOK.COM> <6e03701a-457c-f228-fcb2-7aaf10e8ec99@nlogic.no>
In-Reply-To: <6e03701a-457c-f228-fcb2-7aaf10e8ec99@nlogic.no>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:22C8BA8181D07201668E747013CB2A2FA0AD5965ACC9C663397A1E1B6458C67E; UpperCasedChecksum:E2F705B14F514F75D938A70CB994CB3204F89133914DD2F1DC8A12B480F7A3E7; SizeAsReceived:7708; Count:43
x-tmn: [R5Xgd7UlCR55o0wvlGkova+BdjL5i0SI]
x-ms-publictraffictype: Email
x-incomingheadercount: 43
x-eopattributedmessage: 0
x-ms-office365-filtering-correlation-id: 3b0e6f7d-05b4-499a-7318-08d8615bb747
x-ms-traffictypediagnostic: VE1EUR03HT040:
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: pWZ8PW+L6UppoU+voCPWVD8tczE3TKr+mgtG4xHfLdQ2TXvQXN5bGD/XmvTYRNyEljoVfEo1lPsFP6SymoEQm+X2Eq8yVsdW0JtigFKA4EjaPiJ98w2h3unxiJWw3Jql/LO5kZHKxTpxbUkhK6SS9fdVKb+avczYPd8JV4/n2XQ1BnPpAeKlSEm9cdyhACwdbtiafW3uCbEbMKHX5IFK+r2lNfCENtayNpzFEN2Rp7gRgGmqc8pxu57Txg5bQbFp
x-ms-exchange-antispam-messagedata: bvVGMi51aQuN9BlBkAp2YHosZMq1mpmL30mMav/Vvp8KT5DngtC3PJwP87TGOjEaIp/cslXaV1wnl2YI9T9K8lUDGJbVcQWu3oKDq2TG3V8yiVfKuVRtwNAIECrZCHqMMRsvSroJTvpdtw1jGj2K0A==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT019.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 3b0e6f7d-05b4-499a-7318-08d8615bb747
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Sep 2020 14:03:01.6986 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1EUR03HT040
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/GJ7v5yA8FNAdD5lRHgp9pNfPjXA>
Subject: Re: [v6ops] [Int-area] Still need to know what has changed.... Re: IPv10 draft (was Re: FW: v6ops - New Meeting Session Request for IETF 109 - IPv10)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Sep 2020 14:03:06 -0000

I agree with most of what you said, but regarding ACLs and firewalls, they will use the same configuration after IPv10 and then they can add more configuration if needed when there are different source or destination addresses.

Regarding the path, as mentioned, when ALL are updated (of course there will be a flag day) then everything will work in the best way and we will use both address spaces till full migration is accomplished.

Best Regards,

Khaled Omar 

-----Original Message-----
From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Ola Thoresen
Sent: Friday, September 25, 2020 3:54 PM
To: v6ops@ietf.org
Subject: Re: [v6ops] [Int-area] Still need to know what has changed.... Re: IPv10 draft (was Re: FW: v6ops - New Meeting Session Request for IETF 109 - IPv10)


On 25.09.2020 15:20, Khaled Omar wrote:
>>> IPv6 is not held back by lack of support in hardware, software or operating systems.  IPv6 is held back by policy and lack of demand.
> This is what we call "Migration" which requires user's dependence.


For an enterprise _user_, nothing is needed. It is managed by the enterprises IT-department, and is either enabled or disabled by them.

For a home user, nothing is needed.  Their ISP just needs to support it, and it must be enabled in their CPE with some sane security policies.

And trust me. I have done multiple IPv4 -> Dual Stack "migrations" for both enterprises and ISPs.  No involvement of the end users is required.

But a LOT of work is required both in the enterprise IT department and at the ISPs to ensure that everything works as expected.


>>> IPv6 is held back by policy in the big enterprises, that don't want to deal with another protocol.
> That’s why IPv10 is needed, they have to do nothing about it, only keep using your IP version and that’s it.

No, they don't.

They need to enable this IPv10 protocol in their network, just as they 
need to enable IPv6 today.  And they need to be sure that ALL their back 
office systems support it, that all their firewalls, access lists, 
applications etc. are up to date with new source and destination 
addresses (since they can now be both IPv4 and IPv6).   And not only 
that.  Today, if you are dual stack enabled.  You need one access list 
for IPv4 -> IPv4 and one for IPv6 -> IPv6.  With your suggestion, you 
would ALSO need to update all policies and firewalls and access lists 
and whatnot with policies for IPv4 -> IPv6 and IPv6 -> IPv4 as well, 
because some hosts are suddenly talking to hosts that they should not be 
allowed to, using another protocol than they would previously do.

To me, this sounds like MORE work than to just going for dual stack in 
the first place.  So, no.  They can't just keep their IP-version.

And they still need to update all other systems, logg-parsers, 
monitoring applications, you name it, from one protocol (most likely 
IPv4 only) to two protocols.  IPv4 + IPv6.



>>> And it would still require a customer demand for the ISPs to add it.  If IPv4-only customers are not requesting IPv6 today - why would they start requesting "IPv10" tomorrow?
> They will not request IPv10, they will have hosts support IPv10, this will not be accomplished by them but by OS developers.

It does not matter if my host has IPv10 activated, if my ISP does not 
route IPv10 packets.  And it does not even matter if my ISP routes IPv10 
packets, if somewhere along the path from source to destination, there 
is a single router that does not support this protocol.  So, yes.  Even 
if my OS has IPv10, I would have to request my ISP to enable it to be 
able to talk to IPv6 hosts.  And all their peers would have to enabled 
it.  And in that case, I can just as well ask my ISP to enable IPv6, as 
that is already a mature protocol that is well implemented in all OSes 
already.

Don't you see this simple thing?

The problem is not the address of the source or destination host.  The 
problem is all the hosts in between, which must be able to parse and 
understand this new protocol.  And all the package-mangling that is done 
in hardware and software along the path of a packet traversing the internet.

And _even_ if they all actually had the new protocol implemented in 
hardware and software (which in itself will take many, many years), you 
would STILL have the problem of the enterprises not wanting to deal with 
multiple protocols and of ISPs not wanting to turn in on for their 
customers because it might lead to more support requests, less security 
and added complexity, and we would basically be exactly where we are 
today with IPv6.


Rgds,

/Ola (T)

_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email