Re: [v6ops] The need for local-ipv4 socket transition solutions -- NAT64/DNS64 remains insufficient

[Ray Hunter <mr.r.a.hunter@gmail.com>]

> On 19 Mar 2015, at 22:27, Ca By <cb.list6@gmail.com> wrote:
> 
> Hi Folks,
> 
> The point of this message is to discuss the use of IPv4 literals and how this use requires transition solutions such as MAP, DS-Lite, and 464XLAT -- all of which provide local IPv4 socket support to the host.  If the primary operating environment of the host is the "internet", and the "web" is a highly valuable part of the that operating environment, then local IPv4 socket support is still required.
> 
> Specifically, this note builds the case that NAT64/DNS64 alone is still (at this time) not a sufficient solution for consumer Internet access by creating an IPv6-only network as described in https://tools.ietf.org/html/rfc6144#section-2.1
> 
> Empirically, it is commonly know that IPv4 addresses are used on the Internet, despite the guidance in RFC1958 (https://tools.ietf.org/html/rfc1958#section-4).  One common example is enterprise VPN services.
> 
> Quantitatively, it is easy to generate information about how frequently IPv4 address literals are used on the web.
> 
> Several years ago, draft-wing-behave-http-ip-address-literals-02 shared a simple method to gathering the data and reported that 2.38% of the top 1 million web pages have IPv4 literals in their homepage.  I re-ran a similar test this week that yielded 1.39% of the top 1 million web pages having IPv4 literals.   My test, like Dan's, only looks at the HTML on the home page and thus under-counts literals in deeper links or loaded via CSS, XML, or Javascript. 
> 
> Through other manual testing  i have seen catastrophic failure in Amazon's video streaming service with them passing literals in XML.  Facebook passes IPv4 literals in Javascript, but is not impacting the page load.
> 
> I posted IPv4 literals found in the HTML homepage of these 2,220 of the top 100,000 Alexa domains here https://sites.google.com/site/tmoipv6/ipv4literals
> 
> My conclusion is that it is not feasible for a network operator to deploy a purely IPv6-only socket solution.  As has been previously explored, about 20% of the apps in the Google and Apple "app store" cannot function on IPv6-only + NAT64/DNS64.  Even if these "app stores" were policed to force all applications to be Address Family agnostic, it is not possible to police the world wide web or enterprise VPN or SIP Phones.  Any network operator that attempt to do this would have to accept at least 1.39% failure to the total web and perhaps accept failure to some major services (like Amazon streaming).
> 
> I believe we are beyond the point of blaming the world for using IPv4 literals / referrals.  We just need to be realistic that internet service requires IPv4 sockets, and thus RFC6144 #2.1 is not today a consumer grade service.  A wild guess is that it this situation will not meaningfully improve (risk reduced to ~0) for 10+ years.  
> 
> Thoughts?
> 
> CB
> 
If all the smart solutions have failed, what about a dumb one?

Pipe all IPv4 literal requests using IPv6 transport to a big web proxy at the edge of the ISP's IPv6 only cloud. If it's one percent of traffic why isn't that feasible? Assuming the host can detect it has no native IPv4 connectivity and it can perform automatic proxy discovery over IPv6. It works for most enterprises and most enterprise apps....