Re: [v6ops] IPREF as a transitioning tool

"Soni \"They/Them\" L." <fakedme+ipv6@gmail.com> Wed, 08 November 2023 20:27 UTC

Return-Path: <fakedme+ipv6@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44193C15C2B7 for <v6ops@ietfa.amsl.com>; Wed, 8 Nov 2023 12:27:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.855
X-Spam-Level:
X-Spam-Status: No, score=-1.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WMeZSEFNqTy6 for <v6ops@ietfa.amsl.com>; Wed, 8 Nov 2023 12:27:55 -0800 (PST)
Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54F9DC15C297 for <v6ops@ietf.org>; Wed, 8 Nov 2023 12:27:55 -0800 (PST)
Received: by mail-pj1-x1032.google.com with SMTP id 98e67ed59e1d1-2800f7c8125so944971a91.1 for <v6ops@ietf.org>; Wed, 08 Nov 2023 12:27:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699475275; x=1700080075; darn=ietf.org; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=UbMjh7HMOSJ98w7mAJe4ookt/qqWKBkHCYJ8PdvE9JU=; b=YgLk23XvEvH5Wz3DgHHIR6qz2rOrW8wJ1ByaBM0KSct1BKROr6riZgVGG/u6KYtLCo Z7gE7qgIv8NosSSWWoGuPKg+yuMvJr9/Rkl5pAElSegrralpaftFDlHrz9tDnBhbOibb WfqIvweBD+g6iIoExWSwt9/lEMIqlJyNnyqFtcf0p0Q2kAcYHs9RowRSFuJ/cwzHiB7W S87HkOQh1A0ky/OVS5N76LUVRa3uyMZYAQMH4o1Cxe2YS8qQvtrzuNX1v31tQBkzG0OY edPlHv8Q2k/zXkQ9BTKbwde5LNVCd7jVpeTwfrtdzlvr6xEBRa1XTK3j+xIqsZg0w9Cp 4Q7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699475275; x=1700080075; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :sender:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UbMjh7HMOSJ98w7mAJe4ookt/qqWKBkHCYJ8PdvE9JU=; b=MJpQAzMhdn1P+uZCV263mKXajo+REXr6nPRZD8UFY3vD7JMj+ZyAs5VvoQAa3TBkZK ncP5N6f0WyxDhRV4rzzkYrOamBzeainL6oTvNjIhm9X76bsEj6HzeCqQ+OvGjY97ArGm UE4AhhsYxB5Yxo4SqIxIB4B+j5dJhKyCo7JsXDHOz3Qo776TeP2aiRK+XamN92TIUcaR Jesvsa8smLT2J0cVVkdo1q6ygP/nU6qVDRtg9WRERNWMpsJmQVMC9f8Ryu9dA+dRLHPk xNO3c0Z3kBFoJzFu1VOujPwO9M5OQjKBs5r5FCwRVsz7mRxeKbkCpaK1OWQHNIxSmHT7 8PGA==
X-Gm-Message-State: AOJu0YwQl34V2c3Xe76l47+YxFHl1tm41kfZJ4WRfVEyeoKv52k6S3Oh OAvqe8m4QNQrDh8cdO/oQnOqicp/rf0=
X-Google-Smtp-Source: AGHT+IHOdPjXACDqWtk8jfFs2+KERuWflsn/h/TwRfTE1IcpN71nAtfOYzx94EauMuJTGEOmNqsAyw==
X-Received: by 2002:a17:90b:2551:b0:280:a002:be85 with SMTP id nw17-20020a17090b255100b00280a002be85mr4391671pjb.20.1699475274656; Wed, 08 Nov 2023 12:27:54 -0800 (PST)
Received: from ?IPV6:2804:431:cfcc:50e9::536f:6e69? ([2804:431:cfcc:50e9::536f:6e69]) by smtp.googlemail.com with ESMTPSA id em16-20020a17090b015000b0026b12768e46sm1900422pjb.42.2023.11.08.12.27.52 for <v6ops@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 08 Nov 2023 12:27:54 -0800 (PST)
Sender: "Soni L." <fakedme@gmail.com>
Message-ID: <9067a45b-56ca-47d6-b011-9274c0b634b8@gmail.com>
Date: Wed, 08 Nov 2023 17:27:44 -0300
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: v6ops@ietf.org
References: <90f07ffa-1f44-8fa6-a6eb-b35c14fcf655@wdmsys.com> <9DD47882-7147-4C39-B559-E363182438EA@delong.com>
From: "Soni \"They/Them\" L." <fakedme+ipv6@gmail.com>
In-Reply-To: <9DD47882-7147-4C39-B559-E363182438EA@delong.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/xmp1oms32N2vQGQnCvnlUskwOGQ>
Subject: Re: [v6ops] IPREF as a transitioning tool
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2023 20:27:56 -0000


On 2023-11-08 16:48, owen@Delong.com wrote:
> > (a) IPREF is 100% customer premise technology. As such, its use is totally dependent on the customers choice. There is nothing IETF can do to stop them. It is similar to NAT in this respect. NAT was widely despised, still is, by IPv6 enthusiast but it took over the world in spite of attempts to  block it.
>
> NAT took over the world because we dithered around too long before providing working IPv6 and that was a tragic missed opportunity.
>
> Sadly, we took so long that we now have a generation and a half of network engineers who don’t understand how peer to peer networking is supposed to work and regard address transparency as a security risk. Indeed, I’m constantly having to teach actual network and systems administrators that it is possible to do stateful inspection without mutilating the packet header and that it provides all the same security benefits as stateful inspection combined with header mutilation, with the added benefits of rational audit trails, easier troubleshooting, and transparent addressing.

Personally we like to think ephemeral IPv6 is the solution to this 
problem. It basically takes away address transparency in all the 
relevant places, with all of the drawbacks that comes with, except 
without header mangling (i.e. it's still peer to peer).

>
> I haven’t had a chance to look at IPREF in detail (and I guarantee if you keep that name, it’s going to crate wonderful confusion with iperf the beloved performance measurement tool), so I don’t know whether it’s a good or bad thing.
>
> > (b) Related to (a), enterprises love the ability to control the process themselves, without anybody dictating what they should or should not do with their networks. In addition, the economic profile hugely favors IPREF. It is simply cheaper not to do dual stacks, not to do two step transition, not to have to upgrade what they don't want to upgrade, not to have to coordinate with peers. Less cost, less risk.
>
> Enterprises claim to love that, but they also love cloud (at the moment) which is completely antithetical to that claim. Anything that gets us to IPv6-only sooner and/or cheaper does seem appealing. If IPREF does that, I’ll end up being a supporter.

*Anything*...? (Something something, "Proof of IPv4"/"Waste of IPv4" 
blockchain algorithms. :v)

>
> > (c) Related to (b) the economic profile of IPREF is hugely attractive to  ISPs as well. Why doing IPv4-as-a-service if it is not necessary, why burden pure IPv6 Internet with IPv4 services if they're not needed? How can IPv6 compete with IPv4 if it is required to provide extra functionality but which can be avoided? Less cost, less risk.
>
> At some point, there are going to be IPv6-only services because there simply aren’t enough IPv4 addresses for services to continue to grow indefinitely. The only requirement for ISPs to continue to provide IPv4 as a service stems from content/services that are not available on IPv6.

We already have those, The White House Website archives are IPv6-only 
nowadays.

> Fortunately, Amazon (one of the biggest holdouts) is doing better about this finally. (They’re still not quite there yet as order-status doesn’t work v6-only, but I was able to place an order on Amazon without IPv4 a while back).
>
> Some of the larger Chinese service providers (Tencent, 163, Alibaba) are among the worst remaining laggards in this arena.
>
> It’s slowly getting better, but for now, I don’t see how you get around IPv4AAS at some level because the customer needs some way to connect to IPv4-only content and services.
>
> > I am just an individual, an inventor, I can do only so much. There are different roles played by different entities. IPREF must be picked up by others. By vendors to build commercial gateways, by architects and operators to complete its specification. This project is in a very vulnerable stage. It can be easily dismissed. Because of (a), (b), and (c) above, it would be foolish to do so. You must allow that the project might be picked up at some point, the gateways will be built, and in the end the economy of the method will prevail. IPv6 cause is better served embracing it than fighting it.
>
> Ironically, this entire message doesn’t reference any ID or RFC regarding IPERF.
>
> Owen
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops