IETF Logo Mail Archive

Re: [v6ops] IPREF as a transitioning tool

waldemar <waldemar@wdmsys.com> Fri, 10 November 2023 03:13 UTC

Return-Path: <waldemar@wdmsys.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F7CBC0A8561 for <v6ops@ietfa.amsl.com>; Thu, 9 Nov 2023 19:13:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.199
X-Spam-Level:
X-Spam-Status: No, score=-7.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.091, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wdmsys.com header.b="VNqi5O80"; dkim=pass (2048-bit key) header.d=outbound.mailhop.org header.b="BpMh9k5X"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aXoiJMUl-a7w for <v6ops@ietfa.amsl.com>; Thu, 9 Nov 2023 19:13:33 -0800 (PST)
Received: from catfish.pear.relay.mailchannels.net (catfish.pear.relay.mailchannels.net [23.83.216.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7435C17DBE1 for <v6ops@ietf.org>; Thu, 9 Nov 2023 19:13:32 -0800 (PST)
X-Sender-Id: _forwarded-from|217.96.228.89
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id A0B2510128B for <v6ops@ietf.org>; Fri, 10 Nov 2023 03:13:31 +0000 (UTC)
Received: from outbound2o.ore.mailhop.org (unknown [127.0.0.6]) (Authenticated sender: duocircle) by relay.mailchannels.net (Postfix) with ESMTPA id 5F6C0101091 for <v6ops@ietf.org>; Fri, 10 Nov 2023 03:13:31 +0000 (UTC)
ARC-Seal: i=2; s=arc-2022; d=mailchannels.net; t=1699586011; a=rsa-sha256; cv=pass; b=caOgBlHUSVFNIn+GGb2RrHOe7J3GNt7vsfAC9dVa+4yhAgDOUB5g7QHKApyE4S9rVYAbwM x5aDgrPRgS+owos3hA5CN1yK5JEVf7kvHIqK3fd/MeOQf4jOASlEHJLbfVtINsJHgFC9Rs B8ZQRRE683ubrlM+gnSIq376TkOkzojqg75sI4J7/6ymPkiyrDj8Me8U7pO1z6W2Yi8NQa WCc8ia0GO5a3p0YO0voP22hxNZJEx9wfH5DKjW64y1RSps+68Q97k4FUsFlDS4Dk2w0ork 6MZP768VBw+tIw4VGXbB1fpjT2KxpXfEvHPjTzt11i7hKz/XT1dAAOk2yExQBQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1699586011; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=nn452rzsb0qSe6QBCJ/zE48EL0yztEMkAHhszc25J3M=; b=3kEDhVPxyDVVQZkMFHCOEhSHBr6P41vsVhKwXctwSSuuc3Az087F7tN1HEje+sgSjCPAyz vafVmfPvY0v5/3mY6w3/MerR6+CuejD4tDb5POiSAGMlM1M9WeZlD/mNF09+LM71OHrcwI Le0x/t45B8GegvZ001X7fODgqAN1dext3lIRQC73IN0yhQFh+jPmBNtyQVhhSRnspo8Aq1 +Sy0pOSpqH/eoVS4ZK8alK0fPbGZuR07EcgVpEIh15Qqjy4rSOS151vTalw8sfyX85MKcH 8nHnVI/iUawuNfp9x1DJjd8OiasZSozXMCiyrOjIyZ5YmhPGCFG4p8dprBmQ9w==
ARC-Authentication-Results: i=2; rspamd-6c48c794c6-p5xgd; arc=pass ("outbound.mailhop.org:s=arc-outbound20181012:i=1"); auth=pass smtp.auth=duocircle smtp.mailfrom=waldemar@wdmsys.com
X-Sender-Id: _forwarded-from|217.96.228.89
X-MC-Relay: Forwarding
X-MailChannels-SenderId: _forwarded-from|217.96.228.89
X-MailChannels-Auth-Id: duocircle
X-Trade-Vacuous: 4292f5491d0d90ce_1699586011550_206854319
X-MC-Loop-Signature: 1699586011550:563706376
X-MC-Ingress-Time: 1699586011549
Received: from outbound2o.ore.mailhop.org (outbound2o.ore.mailhop.org [54.187.213.119]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.110.238.199 (trex/6.9.2); Fri, 10 Nov 2023 03:13:31 +0000
ARC-Seal: i=1; a=rsa-sha256; t=1699586011; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=dGLHcFrADfBL+/a0wj9kL/nRMSgvQekauuc6SEd08KQFNuNlDtvalDBS2VBX6BJ+bZleql7pfEO8a qBLw6ZodvpweRxBSvmua0sKPE1/vu2a+UsyrjTutqukrT+dJZzAUwSGGLXXEk1UqepYeeh2Y9kxp7J PhFnUG8XIx4vE5eWv9ReKxwLlbzPSMwc8i+sX1apXTR5or7JfGRVn9iZplqvu7gFWyMQemElmrLcsF D9dTT+twhxzv8VYta/dXEcusf3pUuj9QVSHGkMhAr83/LCldK7qg5ISbjh4f9gCgkN04lna9UYSjBY 4Vz8T0kBwSkkelYwJV5FUoQi2zpHb1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-transfer-encoding:content-type:in-reply-to:from:references:to:subject: mime-version:date:message-id:dkim-signature:dkim-signature:from; bh=nn452rzsb0qSe6QBCJ/zE48EL0yztEMkAHhszc25J3M=; b=nFkm8ZLvLbRj4BLZlt6MvP92QjVknOZ1dp86GkpzOCDfqquDiFWHw637uwGuTlFU2RiQdvylJLqGP hBj8+SeMSMJvlUrQds9sxuDu6yzRlQ7PUkJqQwtFyQqkwoXSGDxyhW0ICzULgbLDZ4Bi2NaY6ZZ9jx m8kNCzUbq+u1zNYJp3owIGWzKsFoKjDEWJ841+WPEY3SioHO03eSF94v7KGjUePuTjjIDWWR0BF6HW OmXVwLMTHElT3nYEwYbDBS6q3paExFpEA5Zqu4s1WWIGKAnHuDk0UoXybbFt+L+bUswh5tFRsgxVvo aeiCx4SOyegceloNl7WccS1JvcfjLQQ==
ARC-Authentication-Results: i=1; outbound4.ore.mailhop.org; spf=softfail smtp.mailfrom=wdmsys.com smtp.remote-ip=168.235.72.19; dmarc=none header.from=wdmsys.com; arc=none header.oldest-pass=0;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wdmsys.com; s=duo-1675405977089-29a98ead; h=content-transfer-encoding:content-type:in-reply-to:from:references:to:subject: mime-version:date:message-id:from; bh=nn452rzsb0qSe6QBCJ/zE48EL0yztEMkAHhszc25J3M=; b=VNqi5O800cR1AGT5m+VPT1Wx0Y3k1ITXS2WZBbg3gFmMVnRY5vwL/LFajWRPBEzsCmjOEnTH2EQCY bBwhxlfttVdk0ka8dZYKpWoylB5yie+ZWWIhGTIvQTmxNoZb5jBeOb6g590/nonkvFCmC3DUlYbMUC utcc2v1g4+eSompo=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-transfer-encoding:content-type:in-reply-to:from:references:to:subject: mime-version:date:message-id:from; bh=nn452rzsb0qSe6QBCJ/zE48EL0yztEMkAHhszc25J3M=; b=BpMh9k5XsAsWgTePhsMiJXj9wJ7QlTg91Ac7GK78MbVWn6ZVRt165hwc2/CAlFSn12aAJXm56uiSI H5eJ80CXX82bxSSqmbQBhHyxFj9jQzNyBi+UH4gr50NkMP97VL/ZHFVBjW8XfzAf1o/jpF4bISFTsA 8wyB35I4PCw4zdTxVhCOwWmgy5Qg+I3rAlEpz3jV5aIlcreZ7WWLSoGXb/Cy7DC+7vlWLNVti3wVRr OM0v3u2A6Rjypgzw/mIvJu6HEkd3u7SxcHTaNBpo7by1hPt9mprJPSO0HTiJWpr1Spz+qOP+oTIAtS qSPnyY7Ue+TLAMzx49gK49+DWn34yiw==
X-Originating-IP: 168.235.72.19
X-MHO-RoutePath: d2FsZGVtYXI=
X-MHO-User: 1df0fd9e-7f77-11ee-9e7d-95702c074b68
X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information
X-Mail-Handler: DuoCircle Outbound SMTP
Received: from cmail.wdmsys.com (168-235-72-19.cloud.ramnode.com [168.235.72.19]) by outbound4.ore.mailhop.org (Halon) with ESMTPSA id 1df0fd9e-7f77-11ee-9e7d-95702c074b68; Fri, 10 Nov 2023 03:13:29 +0000 (UTC)
Received: from 217.96.228.89.ipv4.supernova.orange.pl ([217.96.228.89] helo=[192.168.1.13]) by cmail.wdmsys.com with esmtpsa (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from <waldemar@wdmsys.com>) id 1r1HxX-000dn9-6K; Fri, 10 Nov 2023 03:13:27 +0000
Message-ID: <df800110-7ee4-23d8-e11f-c6e1e32e8edc@wdmsys.com>
Date: Thu, 09 Nov 2023 19:13:24 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1
Content-Language: en-US
To: Martin Huněk <martin.hunek@tul.cz>, v6ops@ietf.org
References: <90f07ffa-1f44-8fa6-a6eb-b35c14fcf655@wdmsys.com> <11220775.0j3nEXixpK@asclepius.adm.tul.cz>
From: waldemar <waldemar@wdmsys.com>
In-Reply-To: <11220775.0j3nEXixpK@asclepius.adm.tul.cz>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/reJoETnOKRdfvqV25KNZ5a8_o1k>
Subject: Re: [v6ops] IPREF as a transitioning tool
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2023 03:13:37 -0000

On 11/9/23 17:12, Martin Huněk wrote:
> Hi,
>
> I'm missing these parts:
> - How this technology would interact with the networks that would not use IPREF.
It wouldn't. Gateways are needed on both ends. You should think of GWs 
as a software upgrade on the edge routers, although stand alone gateways 
make sense in certain configurations, too.
> - How the GWs would know when to switch to the IPv6 on the Internet.
They wouldn't. The servers would advertise addresses with IPv6 context 
addresses. GWs don't choose, the endpoints do.
> - What about DNSSEC?
This was discussed (offline). No issue here. Unlike NAT64, IPREF 
actually places the exact returned addresses in the packets. It does 
encode them for local hosts, which are unmodified, but GWs decode them 
back to their original values when sending out of the network. Also, 
there is a proposal for a new RR which would simplify things for DNSSEC.
> - What benefits does it bring to the network that already did the transition?
They would be able to communicate with those that did not, or with some 
more exotic or experimental networks like SCION. IPREF also allows peer 
networking. Dealing with references might be viewed as easier than 
dealing with IP addresses.
>
> A lot of us do not start with just IPv4 running. We run dual-stack or braver ones IPv6-mostly/only. The IPv4-only starting point would be around 15 years ago.
A lot is still less than all.  Dual stacks prevent taking down IPv4 
Internet. The hope that somehow everyone switches  to IPv6 and we can 
take down IPv4 is a mirage.  These existing technologies perpetuate 
IPv4. They will never be able to eliminate IPv4 Internet.
>
> Modifying DNS replies on a local recursive resolver is not a good idea. This would break DNSSEC signatures, so IPREF would not work for DNSSEC-validating clients.
As mentioned above, DNS replies are not modified. DNSSEC is fine.
>
> Rest see inline.
>
> Dne středa 8. listopadu 2023 10:08:14 CET, waldemar napsal(a):
>> I wanted to address one comment that I did not have time to during the
>> session yesterday.
>>
>> There was a gentleman who questioned the wisdom of introducing another
>> transition strategy. He said such a proposal would make sense 15 years
>> ago, he also said many could propose new strategies but refrain from
>> doing so. He ended by stating that there is no need for another
>> transition strategy.
> I must agree with the thought of the above-mentioned gentleman. Maybe 15 years ago, this could be a viable solution even though we would probably have thought the IPv6 adoption would have been faster than it actually was. Anyway, now we have the proper tools to do the transition to IPv6-only even without IPREF. We can use, for example, SIIT-DC to shut down IPv4 internally without waiting for latecomers. The IPv4-only operator would not care about the reachability of IPv6-only services (together with any transitional mechanism) until there is something really important there. When so, it is not a good idea to give such an operator tool how to not implement native IPv6.
The opposite is true. It is the existing transition technologies that 
give operators tools to not implement pure IPv6. IPREF transitions only 
to pure IPv6.
>> I generally agree with the line of thought. Excessive proliferation of
>> methods is detrimental to the cause. I questioned myself whether to go
>> with the proposal or not. In the end I decided that IPREF is so
>> different and so distinct from anything currently available that it
>> should be presented. I already mentioned that it is based on a different
>> principle which will make it succeed where existing methods would fail.
>> There are other factors, even more significant:
>>
>> (a) IPREF is 100% customer premise technology. As such, its use is
>> totally dependent on the customers choice. There is nothing IETF can do
>> to stop them. It is similar to NAT in this respect. NAT was widely
>> despised, still is, by IPv6 enthusiast but it took over the world in
>> spite of attempts to  block it.
>>
>> (b) Related to (a), enterprises love the ability to control the process
>> themselves, without anybody dictating what they should or should not do
>> with their networks. In addition, the economic profile hugely favors
>> IPREF. It is simply cheaper not to do dual stacks, not to do two step
>> transition, not to have to upgrade what they don't want to upgrade, not
>> to have to coordinate with peers. Less cost, less risk.
> With the "Enterprise" admin hat on, I like more tools; there is no dispute about that. However, I don't like the idea of placing some translator in the way of all my traffic and being forced to keep it there until the last latecomer finishes the transition. I run full dual-stack now. If I want to run IPREF, it would cost me additional money to do so - buy the translator. There is more risk that an additional device in the way, the translator, would fail. Higher latency. And because all would have to go through it, for me, it means up to 100 Gbps throughput. I'm not convinced if it is better than dual-stack or 464XLAT + SIIT-DC. Seams more like charity work for latecomers than an economically viable solution.
Dual stacks is a huge problem. They re-enforce IPv4. These technologies 
you mention will never be able to do away with IPv4 Internet.
>> (c) Related to (b) the economic profile of IPREF is hugely attractive
>> to  ISPs as well. Why doing IPv4-as-a-service if it is not necessary,
>> why burden pure IPv6 Internet with IPv4 services if they're not needed?
>> How can IPv6 compete with IPv4 if it is required to provide extra
>> functionality but which can be avoided? Less cost, less risk.
> Now, ISP admin hat on. I'm also doing dual-stack now. I would rather love to get rid of NAT/CGNAT. Putting all the traffic through yet another translator that I do not have now. And keep it for how long? I see the additional cost, not less. Also, there is an additional risk of implementing new transitional technology and to run it.
IPREF will eliminate NAT, NAT6, and CGNAT, albeit not the first thing 
that will happen. ISPs running dual stacks?? Yeah, exactly. We need to 
do away with it. IPREF is 100% customer premise technology, ISPs don't 
need to do anything, just provide pure IPv6 Internet.
>> I am just an individual, an inventor, I can do only so much. There are
>> different roles played by different entities. IPREF must be picked up by
>> others. By vendors to build commercial gateways, by architects and
>> operators to complete its specification. This project is in a very
>> vulnerable stage. It can be easily dismissed. Because of (a), (b), and
>> (c) above, it would be foolish to do so. You must allow that the project
>> might be picked up at some point, the gateways will be built, and in the
>> end the economy of the method will prevail. IPv6 cause is better served
>> embracing it than fighting it.
> The whole reasoning is full of claims but very little data and very "heavy" (GWs in every network, modified DNS, etc.) without clear motivation for those who already made the transition.
Yes, it is in a vulnerable stage for the moment. There is no way to 
convince doubters without advancing it by building a GW and 
demonstrating results. But what else is new?
>
> Regards,
> Martin
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org
>> https://www.ietf.org/mailman/listinfo/v6ops
>>
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.36.0 | Report a Bug | By Email | System Status