IETF Logo Mail Archive

Re: [v6ops] draft-vf-v6ops-ipv6-deployment

hsyu <hsyu@cfiec.net> Thu, 25 March 2021 07:50 UTC

Return-Path: <hsyu@cfiec.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75CC23A1491 for <v6ops@ietfa.amsl.com>; Thu, 25 Mar 2021 00:50:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.426
X-Spam-Level:
X-Spam-Status: No, score=0.426 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, INVALID_MSGID=0.568, IP_LINK_PLUS=0.012, KHOP_HELO_FCRDNS=0.399, MIME_HTML_ONLY=0.1, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, SPF_NONE=0.001, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4-5CCqs7cXqJ for <v6ops@ietfa.amsl.com>; Thu, 25 Mar 2021 00:50:18 -0700 (PDT)
Received: from qq.com (smtpbg476.qq.com [59.36.132.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C3D03A1463 for <v6ops@ietf.org>; Thu, 25 Mar 2021 00:50:17 -0700 (PDT)
X-QQ-mid: bizesmtp11t1616658610tuagzc9w
Received: from DESKTOP-3U2VLEE (unknown [121.69.40.129]) by esmtp6.qq.com (ESMTP) with id ; Thu, 25 Mar 2021 15:50:07 +0800 (CST)
X-QQ-SSF: 00400000002000606000B00A0000000
X-QQ-FEAT: 3i0nkzBE96uVUpVodUpWRo+VgkikSSRcUCfdFgCoNFuFOjb+sQkftBHuNfknD 2jw/oLCyv7wzzz8K39C1nVhoEtY/PaipNsMybKj3Wr2zJL8QRvC5JBG423YY6Axve3RJXWg 536oPMLsrjHFBr+vCnMaWce9yWiNuNRIqRXNCLSsroWsP+tRN3t5BNbvkhsyXE/EiS6UCfY y5VM/xhovJda/RXWTBFhtuDjc4YTEo7nQj8TCXBMG6jmWWsxdCpiWexVNP95Up3+YijeC+z CwTsJkKG+eDRgk5bHSMznIPw/w2Dx+/b7gV0DIHeiy6j7N9xWHPordL1prQ/7jFj8TfNeg1 KbO4g+sNIHF/so047Nbdedk192w1J14h6IO7JZF
X-QQ-GoodBg: 2
Date: Thu, 25 Mar 2021 15:50:06 +0800
From: hsyu <hsyu@cfiec.net>
To: "alexandre.petrescu@gmail.com" <alexandre.petrescu@gmail.com>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Message-ID: <917F749D-7903-498C-B7FD-3C7373498694@cfiec.net>
In-Reply-To: <be6e2823-afb5-05ef-1530-d83b35d6cbb9@gmail.com>
References: <BL0PR05MB5316425C5650B5D2FE43DE4DAE6C9@BL0PR05MB5316.namprd05.prod.outlook.com> <CAB75xn4ioyzQ5AvUrPKVyuybjZRV__Tv1OMs70Lm-z9bo1Eo6g@mail.gmail.com> <74d6dca7019f44aba09caf47ef703e2f@huawei.com> <CAB75xn7=swhtwqRuV6SoWoMO7jtCcPCc02XiVpAjE=VUx8CyaQ@mail.gmail.com> <6059897e.1c69fb81.ac270.d863SMTPIN_ADDED_BROKEN@mx.google.com> <749643a7-313f-4bd1-8bb8-7dc26d830070@gmail.com> <605aae8f.1c69fb81.8a8ed.04b7SMTPIN_ADDED_BROKEN@mx.google.com> <35c4cf4f-0128-dff6-27a3-4cc868539f7f@gmail.com> <9614BF99-431D-4046-9762-0F111AFBB27D@consulintel.es> <a498117e-4834-41f8-5c90-ad7734d07220@hit.bme.hu> <e770fec1-2189-f683-6c74-36e32541c53d@gmail.com> <abe65114-d9c9-10ee-2c78-449051acbb61@hit.bme.hu> <3c50c72b-b606-a6cf-3095-f08ad48eecf5@gmail.com> <2A0C2B40-2DA4-4941-A09F-5BD31EDA3301@consulintel.es> <2e64b426-3a0a-b5f8-0306-005e9f1023d0@gmail.com> <3746B016-781F-48AE-9B50-F9D95CD96C2E@consulintel.es> <13e96ed1-65af-d474-56ec-9be4523d1026@gmail.com> <be6e2823-afb5-05ef-1530-d83b35d6cbb9@gmail.com>
X-Mailer: MailMasterPC/4.15.2.1005 (Windows 10 19H2)
X-CUSTOM-MAIL-MASTER-SENT-ID: B331767C-131A-4D5B-B1C7-E0F6344A2F7A
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64
X-QQ-SENDSIZE: 520
Feedback-ID: bizesmtp:cfiec.net:qybgweb:qybgweb14
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/iMtni8EEIavaqVsNI-USbsfRAB8>
Subject: Re: [v6ops] draft-vf-v6ops-ipv6-deployment
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Mar 2021 07:50:27 -0000

Hi, Alexandre and all,

Because the program for detecting whether a website supports IPv6 and the web corresponding to the program are deployed on the same server, in order to ensure the accuracy of the detection, the reachability of the network is the first consideration.  This is why IPv4 addresses are used in the website.

About adding the IPv6 forum and IPv6-test logos to the web, it's because I get some help from these two sites. However, in order to eliminate the misunderstanding, I will delete these two logos from the website. 

Regarding the use of IPv6 addresses and DNS domain names to display this website, I need to apply for relevant resources to support it. 

Since there are many disputes on the website and the website is currently only a test version, the website will be closed for a while to modify the content.

Best regards.
To be more concrete.

There are two IPv6 logos at the bottom of that page: "IPv6 Forum" and
"IPv6 validated by ipv6-test.com".

However, my IPv6 experiments from an IPv6--only computer does not see
the page:

http://218.2.231.237:5001/cgi-bin/generate
https://[64:ff9b::da02:e7ed]:5001/cgi-bin/generate

So maybe there is a need need to update the criteria of the IPv6 Forum
and of the ipv6-test.com.  Or update that web page simply to remove the
two logos.

Furthermore, browsing the ipv6-test.com website from an IPv6-only
computer is strange too.  If one tries to browse it from an IPv6-only
computer, then one can see what I mean.  It says I have a score of 10
out of 20, and recommends to install IPv4 to reach a higher score of 20.

That is a very strange recommendation in my oppinion.

On the contrary, if one would like IPv6 to succeed more quiuckly, then
one would construct a website ipv6-test.com which recommends to turn off
IPv4.

But I would not qualify these days an IPv6-only computer to be a score
10/20.  It's really not possible.

Alex




Le 24/03/2021 à 17:03, Alexandre Petrescu a écrit :
Le 24/03/2021 à 16:14, JORDI PALET MARTINEZ a écrit :
If you want to be able to connect to IPv4-only services in Internet,
 you really need 464XLAT. NAT64+DNS64 will break for you with any app
 using literals, etc.

I can agree.

Basically the experiment is: whenever someone invites me to click on
some link, and if I have enough time, I first turn off IPv4 and then I
click.

In the future Internet there would be no IPv4 to try, no DNSv4, no
NAT64, etc.  The future Internet of a sort.

Since I started these experiments a few years ago, as time goes by, more
and more URLs work ok on IPv6 and browsed from IPv6-only computers.

There are still some important issues with security and IPv6 at sites
that are known to be good for IPv6 (e.g. Google is known to be good with
IPv6, but some security checking comes to mind; and it is not the only
one, Cloud logins also comes to mind as not working ok on IPv6 even
though their dataspace is ok on IPv6).

There are other issues as well.  I am not trying only the HTTPS URLs but
also other new services that appear very often, or the old mail servers
like smtp.gmail.com STARTTLS.

There are many things to be learned about IPv6 deployment during all
these experiments of turning off IPv4.

Alex


Regards, Jordi @jordipalet



El 24/3/21 16:13, "v6ops en nombre de Alexandre Petrescu"
<v6ops-bounces@ietf.org en nombre de alexandre.petrescu@gmail.com>
escribió:



Le 24/03/2021 à 15:48, JORDI PALET MARTINEZ a écrit :
I think you need to read the NAT64 and related RFCs ...

If your ISP doesn't offer the NAT64, then it is really bad to use
IPv6-only in your network.

?

No no, I live well in the IPv6 world without NAT64... I dont
understand why NAT64 is so required?

I may understand that you do that as an experiment, but then you can
setup your own NAT64, it is really simple in any Linux or even
 an OpenWRT CPE.

I dont want to set up new boxes at home.  It is indeed possible, but
 at this time I do not want.

You may also setup a DNS64 and I will suggest also to setup a
CLAT, all that can be done via VMs, even a single VM in your own
network.

YEs, that is possible too.

But can I do without it please?

Does IPv6 mandate the use of DNS64 and NAT64?

Alex


Regards, Jordi @jordipalet



El 24/3/21 15:33, "v6ops en nombre de Alexandre Petrescu"
<v6ops-bounces@ietf.org en nombre de alexandre.petrescu@gmail.com>
escribió:

Hi, Gabor,

Thanks for the reply.  Allow me to continue this discussion.

Le 24/03/2021 à 13:11, Gabor LENCSE a écrit :
Dear Alex,

I meant that you need to do the address synthesis manually. I
intended the 64:ff9b::/96 WKP only as an example.

As a side note,  I think that 64:ff9b::/96 prefix might need a 32bit
IID, which is probably forbidden by the IPv6 Addressing Architecture
RFC 4291 ("For all unicast addresses, except those that start with
the binary value 000, Interface IDs are required to
be 64 bits long").

This is not to say that I disagree with the 64:: prefix, but maybe
point to what appears to me to be a slight incoherency.

First, you need to find out the NAT64 prefix used by your ISP. (RFC
7050 describes the process.)

I wanted to ask: do you mean the NAT64 prefix that my ISP uses, or
the ISP that the data provider (the URL in question) uses?

I am saying this because I think my ISP does not provide NAT64
service to home.  It is probably an optional feature.

Then, you can synthesize and use the proper IPv4-Embedded IPv6
Address. (I hope that the IPv6 routing will find the NAT64 gateway
based on the NAT64 prefix.)

Of course, it is just a hack, DNS64 makes our life easier, if
the IPv4 only server is registered in the DNS system. And,
naturally, the real solution is that the server should have an
IPv6 address. :-)

Yes, I agree with it too.

Alex


Best regards,

Gábor

On 3/24/2021 10:59 AM, Alexandre Petrescu wrote:

:-)


Le 24/03/2021 à 09:39, Gabor LENCSE a écrit :
Of course, it is better to use DNS,


I agree.


but if you have only an IPv4 literal AND you know the NAT64 prefix
used in your network, then you can synthesize the
(RFC 6052) IPv4-embedded IPv6 address manually. :-)


For that to work there is a need to implement some conversion in a
network box (NAT64?  464XLAT?) _and_ in the client.



The URL would look like:

https://[64:ff9b::218.2.231.237]:5001/cgi-bin/generate


thanks for the converted URL.

I clicked on it in my Mail User Agent (MUA) client Thunderbird
 on an IPv6-only PC and it quickly complains about something that
might relate to security.  It complains about it very quickly,
there is no circling pointing to wait for response of discoverying
some server in the infra, or waiting reply from a site.

It says: "The link text indicates 'A' but it leads to 'A'" where A
is the hex text with ":" everywhere converted from the
 hex you provided above containing 4 dots.  Remark A is the
same as A, and the error reporting is wrong.  That is a client
 problem that deserves correction (a bug).

But it is a larger client problem too in that clients on PCs dont
have that support for '64::' addresses.  Smartphones might
have that support.  I am not sure it is good to consider that
lack of implementation of "64::" addresses in clients to be a
bug.


Alex

PS: for firefox: when I copy paste that URL
https://[64:ff9b::218.2.231.237]:5001/cgi-bin/generate on my
address bar of web browser firefox on my IPv6-only PC it tries
 to connect to something, waitslike 10 seconds, and then
firefox reports 'The wait delay has been reached' (translated)
and stops waiting.  Firefox is also affected by this problem
in protocols.



Hopefully, your ISP uses a Network-Specific Prefix, and not the
NAT64 Well-Known Prefix.

Gábor

On 3/24/2021 9:02 AM, JORDI PALET MARTINEZ wrote:
It will be much better to use DNS, not literals!

You probably don't see that from an IPv6-only network because it
is a literal (if you have NAT64+DNS64 it will work with DNS, if
you have 464XLAT it will also work with a
literal IPv4).

El 24/3/21 8:53, "v6ops en nombre de Alexandre Petrescu"
<v6ops-bounces@ietf.org en nombre de
alexandre.petrescu@gmail.com> escribió:



Le 24/03/2021 à 04:14, hsyu a écrit :
Dear Paolo and  Alexandre,

Thank you very much for your interest in this website. This is a
test website, and the current data still
needs
further confirmation. Therefore, I will post it after the
data is corrected.

Hi,

Thank you for the reply.

The data on the website might be correct already.  I can see it
on an IPv4 connection.

But the access to that data should be on IPv6 too, not
only on IPv4.

Ideally, one should add an IPv6 address to the computer's
interface. Then the URL would be something like
https://[2001:db8:1::1]:5001/cgi-bin/generate (attention that is
an IPv6 address for documentation, do not put that particular
address on the interface)

Alex



Haisheng Yu(Johnson) hsyu@cfiec.net


<https://maas.mail.163.com/dashi-web-extend/html/proSignature.html?ftlId=1&name=Haisheng+Yu%28Johnson%29&uid=hsyu%40cfiec.net&iconUrl=https%3A%2F%2Fmail-online.nosdn.127.net%2Fsm50a1433bca9fb284d4265d35e9ed54d3.jpg&items=%5B%22%22%2C%22hsyu%40cfiec.net%22%2C%22%22%2C%22%22%2C%22%22%5D>














签名由 网易邮箱大师
<https://mail.163.com/dashi/dlpro.html?from=mail81>
定制 On 3/24/2021 02:14,Alexandre
Petrescu<alexandre.petrescu@gmail.com>
<mailto:alexandre.petrescu@gmail.com> wrote:

Hi,

Thank you for the link in China about IPv6 deployment.

But I can not see it :-(

When I copy paste that link
(http://218.2.231.237:5001/cgi-bin/generate)
in my web browser  it responds that the connection has
failed.  I use an
IPv6-only computer (Windows with IPv4 unchecked in the
interface
Properties).

Ideally, one would put data about IPv6 on a server that
is also capable
of doing IPv6.

Maybe one can put an IPv6 address on the server
218.2.231.237?

Alex


Le 23/03/2021 à 07:21, hsyu a écrit :

Hi Paolo, I can also provide some data on the
deployment of IPv6 in
China. http://218.2.231.237:5001/cgi-bin/generate

Best regards.

Haisheng Yu(Johnson) hsyu@cfiec.net


<https://maas.mail.163.com/dashi-web-extend/html/proSignature.html?ftlId=1&name=Haisheng+Yu%28Johnson%29&uid=hsyu%40cfiec.net&iconUrl=https%3A%2F%2Fmail-online.nosdn.127.net%2Fsm50a1433bca9fb284d4265d35e9ed54d3.jpg&items=%5B%22%22%2C%22hsyu%40cfiec.net%22%2C%22%22%2C%22%22%2C%22%22%5D>















签名由 网易邮箱大师 <https://mail.163.com/dashi
/dlpro.html?from=mail81> 定制 On 3/23/2021 12:40,Dhruv
Dhody<dhruv.ietf@gmail.com>
<mailto:dhruv.ietf@gmail.com> wrote:

Hi Paolo,

I think we should highlight that we do not have
visibility
inside the enterprises beyond the external-facing
website or

email and thus it
is also difficult to gauge the IPv6 deployments
inside enterprises.

[PV] Ok. Probably here you refer to small-medium
enterprises. For
large enterprises public data on the usage of IPv6
can be retrieved
(Nalini, in copy, provided a good input on IPv6 in large
organizations). We will better specify this point in
the next
version of the draft.


I had this NIST data in mind -
https://fedv6-deployment.antd.nist.gov/cgi-bin/generate-com









which
includes large enterprises and relies on DNS, mail,
external
website. Also, see Eric's site -
https://www.vyncke.org/ipv6status/detailed.php?country=in







Thanks! Dhruv

_______________________________________________ v6ops mailing

list
v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops


_______________________________________________ v6ops mailing

list
v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops


_______________________________________________ v6ops mailing
list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops



********************************************** IPv4 is
over Are you ready for the new Internet ?
http://www.theipv6company.com The IPv6 Company

This electronic message contains information which may be
privileged or confidential. The information is intended to
 be for the exclusive use of the individual(s) named above
 and further non-explicilty authorized disclosure,
copying, distribution or use of the contents of this
information, even if partially, including attached files,
is strictly prohibited and will be considered a criminal
offense. If you are not the intended recipient be aware
that any disclosure, copying, distribution or use of the
contents of this information, even if partially, including
attached files, is strictly prohibited, will be considered
a criminal offense, so you must reply to the original
sender to inform about this communication and delete it.



_______________________________________________ v6ops mailing
list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops


_______________________________________________ v6ops
mailing list v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops

_______________________________________________ v6ops mailing list
v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops

_______________________________________________ v6ops mailing list
v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops



********************************************** IPv4 is over Are
you ready for the new Internet ? http://www.theipv6company.com The
IPv6 Company

This electronic message contains information which may be privileged
or confidential. The information is intended to be for the exclusive
use of the individual(s) named above and further non-explicilty
authorized disclosure, copying, distribution or use
 of the contents of this information, even if partially, including
 attached files, is strictly prohibited and will be considered a
criminal offense. If you are not the intended recipient be aware that
any disclosure, copying, distribution or use of the contents of this
information, even if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must reply
to the original sender to inform about this communication and delete it.



_______________________________________________ v6ops mailing list
v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops


_______________________________________________ v6ops mailing list
v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops



********************************************** IPv4 is over Are you
ready for the new Internet ? http://www.theipv6company.com The IPv6
Company

This electronic message contains information which may be privileged
 or confidential. The information is intended to be for the exclusive
 use of the individual(s) named above and further non-explicilty
authorized disclosure, copying, distribution or use of the contents of
this information, even if partially, including attached files, is
 strictly prohibited and will be considered a criminal offense. If
you are not the intended recipient be aware that any disclosure,
copying, distribution or use of the contents of this information,
even if partially, including attached files, is strictly prohibited,
will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.



_______________________________________________ v6ops mailing list
v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops


_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops

_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email