Re: [v6ops] About Req for Comments - "Transition to IPv6"

[Owen DeLong <owen@delong.com>]

> On Mar 12, 2020, at 02:22 , JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org> wrote:
> 
> Hi Owen,
> 
> Using +++ below …
> 
I have to again restate that it would be vastly preferable if you got an MUA that actually worked.

>  
>  
> El 10/3/20 21:49, "v6ops en nombre de Owen DeLong" <v6ops-bounces@ietf.org <mailto:v6ops-bounces@ietf.org> en nombre de owen@delong.com <mailto:owen@delong.com>> escribió:
>  
>  
> 
> 
>> On Mar 10, 2020, at 11:25 , JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org <mailto:jordi.palet=40consulintel.es@dmarc.ietf.org>> wrote:
>>  
>> Hi Owen,
>>  
>> Responses below with ***.
>>  
>> El 10/3/20 19:03, "v6ops en nombre de Owen DeLong" <v6ops-bounces@ietf.org <mailto:v6ops-bounces@ietf.org> en nombre de owen@delong.com <mailto:owen@delong.com>> escribió:
>>  
>>  
>> 
>> 
>> 
>>> On Mar 9, 2020, at 01:42 , JORDI PALET MARTINEZ <jordi.palet=40consulintel.es@dmarc.ietf.org <mailto:jordi.palet=40consulintel.es@dmarc.ietf.org>> wrote:
>>>  
>>> Hi Clark,
>>>  
>>> El 8/3/20 12:38, "v6ops en nombre de Clark Gaylord" <v6ops-bounces@ietf.org <mailto:v6ops-bounces@ietf.org> en nombre de cgaylord@vt.edu <mailto:cgaylord@vt.edu>> escribió:
>>>  
>>> It seems to me the context of the OMB guidance is relevant to the question of "IPv6-only". The draft memo is reasonably good at this, but succinctly something like "agency internal networks use single-stack IPv6 with any 
>>>  
>>> [Jordi] I don’t think is so clear. Footnote 4 “IPv6-Only refers to network environments in which use of the IPv4 protocol has been eliminated” will be much clear if it says “IPv6-Only refers to network environments in which use of the *native* IPv4 protocol has been eliminated”.
>>  
>> I don’t believe that what you propose is the intent in the memo.
>>  
>> I believe they intend to eliminate the use of ALL IPv4, not just native IPv4 on government networks.
>>  
>> *** Then there is a problem. If they really want to have ALL the way thru only IPv6 in the LANs, the federal employees will not be able to use *ANY* application that uses literal addresses (even a simple web page that is doing that). Because there is NO transition mechanism that allows that. They are able to force all their internal apps to use only IPv6, fine, but they have no control over the rest of the Internet. If they are thinking that NAT64+DNS64 resolves that, they lost this “small” bit in their thinking. I’ve already reported them to the site that is asking for comments, hopefully they really pay attention to the inputs.
>  
> I don’t see that as a problem… I see that as a benefit.
>  
> I think that the US Federal government is one of the few organizations in a position to actually put the kind of pressure that will be necessary to effectuate this change.
>  
> So, personally, I don’t see it so much as “they lost this in their thinking” as in they are choosing to stop supporting certain “broken by design” ways of thinking.
>  
> I hope that they stick to their guns and do not soften their position.
>  
> +++ Somehow, I agree, is not a “problem”, depending on how you see it. As moving on to a real IPv6-only world, it is good. But we are interpreting the document as they really want that. They don’t say explicitly, so we don’t know. If they want that effect, I think it will be much better message to say “we know this will create this problem for people still using literal IPv4 addresses in web sites, but they should react if they want to work with us” or whatever..

I know many of the people involved. I suspect that the authors of the document do, in fact, intend that.

What you propose would be the customer friendly way for a business to approach it. It isn’t culturally typical of the US Government to approach anything in a customer friendly manner.

>>  
>> *** I will be glad if they can send this memo to every small web site in the world, because even if one of them is missing it, and need to be accessed by the employees, will not work!
>  
> I’m pretty sure that the employees that encounter difficulty will make it known to the web sites in question.
>  
> +++ Not sure, it may get ignored, as they ignore problems in their deployment. Last time I tried to fill in the ESTA for traveling to US, it was not working in some of the final steps. I did some debugging and realized that they were dual stack, but filtering PTB, so because the MTU at some point in the network, it never worked until I disabled IPv6 to complete the form and pay the fee. I tried to tell them. I recall there was even a thread about that in NANOG (talking from the top of my head, it may be in a different list). They never responded or resolved it. I’m not sure if now the problem is still there.

We’re talking about two different things here…

In your case, you were  trying to get the government to fix something they broke. The government is very good at ignoring such feedback.

In this case, we’re talking about government employees informing web sites they are trying to visit that they are no longer accessible from US Government networks. That’s not something web sites are nearly as likely to ignore.
 
> In reality, in terms of actual job-related usage, the federal government is unlikely to need access to every small web site in the world. As a general rule, every small web site in the world has no ability to support things at the scale of US Government usage.
>  
> +++ Sometimes this happens even in bigger sites … so yes and not.

I’m quite certain the bigger sites will get the memo somehow. If they don’t get it before this starts taking hold of their USG customers, they will certainly learn about it and quickly mitigate it afterwards. ;-)

> +++  Fully agree! But some text could make it more clear, so nobody believes “they didn’t though about this issue” as I did.

I’m not sure how much experience you have with the USG, but if you think clarity is their strong suit, I suggest you read 14CFR121 and get back to me.

Owen