[Witarea] Re: [v6ops] Re: How to make an elegant IPv4 outage

[Franck Martin <franck@peachymango.org>]

I spent some time diving into various K8S deployments. K8S is great, but you really really need to standardize your deployments. And because K8S uses eBPF, and sometimes some network namespaces and sometimes not, you can no longer trust /proc/net to tell you the reality. you need to dive into the namespaces too... 

so K8S NAT is often not stored in the routing or iptable, but in eBPF, and it is very hard to get that information when you are on the host itself... At least that was my experience. 

having K8S with IPv6-only makes life much easier. 


From: "Nick Buraglio" <buraglio@forwardingplane.net> 
To: "Xipengxiao" <xipengxiao=40huawei.com@dmarc.ietf.org> 
Cc: "Franck Martin" <franck@peachymango.org>, "Brian E Carpenter" <brian.e.carpenter@gmail.com>, "S Moonesamy" <sm+ietf@elandsys.com>, "witarea" <witarea@ietf.org>, "ietf" <ietf@ietf.org>, "v6ops" <v6ops@ietf.org> 
Sent: Sunday, June 7, 2026 8:32:24 AM 
Subject: Re: [v6ops] Re: How to make an elegant IPv4 outage 

+1 

We have done k8s with IPv6-only in our data centers and once the initial hurdles are past, it is significantly easier to work with. 
Where the complications lie are in the random libraries inside of random containers, and in some cases in the container repositories. 
I’m curious to see what your experience is/was, and how it differed from ours, if at all. 

nb 

On Fri, Jun 5, 2026 at 10:21 Xipengxiao <xipengxiao= [ mailto:40huawei.com@dmarc.ietf.org | 40huawei.com@dmarc.ietf.org ] > wrote: 


Hi Franck, 

You are very welcome to take the lead on "Deploying IPv6 in the Data Center/Enterprises". We look forward to your drafts. 

XiPeng 

-----Original Message----- 
From: Franck Martin < [ mailto:franck@peachymango.org | franck@peachymango.org ] > 
Sent: Thursday, June 4, 2026 1:51 AM 
To: Brian E Carpenter < [ mailto:brian.e.carpenter@gmail.com | brian.e.carpenter@gmail.com ] > 
Cc: S Moonesamy < [ mailto:sm%2Bietf@elandsys.com | sm+ietf@elandsys.com ] >; witarea < [ mailto:witarea@ietf.org | witarea@ietf.org ] >; ietf < [ mailto:ietf@ietf.org | ietf@ietf.org ] >; [ mailto:v6ops@ietf.org | v6ops@ietf.org ] 
Subject: [v6ops] Re: How to make an elegant IPv4 outage 

Adding v6ops to the list of Cc 

Brian, 

Getting myself up to date with the v6ops. 

I see there is a milestone to adopt by dec 2026 Deploying IPv6 in the Data Center and Deploying IPv6 in the Enterprise. I have some experience with this having done that at LinkedIn and been very close to an IPv6-only deployment. I also was aware of what was happening at the mothership at Microsoft. 

I don’t see any lead for this besides the WG chair. I would be happy to contribute and may be to reach out to folks. I quickly looked through the archives but did not see anything obvious on those topics. 

Franck 

> On Jun 3, 2026, at 15:34, Brian E Carpenter < [ mailto:brian.e.carpenter@gmail.com | brian.e.carpenter@gmail.com ] > wrote: 
> 
> Franck, 
> 
> You definitely need to keep [ mailto:v6ops@ietf.org | v6ops@ietf.org ] aware of this. 
> 
> I assume you are aware of [ https://datatracker.ietf.org/doc/draft-palet-v6ops-ipv6-only/ | https://datatracker.ietf.org/doc/draft-palet-v6ops-ipv6-only/ ] and other work in v6ops related to IPv6-only and IPv6-mostly. 
> 
> Regards/Ngā mihi 
> Brian Carpenter 
> 
> On 04-Jun-26 09:29, Franck Martin wrote: 
>> Moving to Witarea, but keeping ietf in the loop for the moment. 
>> Hi Surya, 
>> Many thanks for those great points. 
>>> On Jun 3, 2026, at 13:00, S Moonesamy < [ mailto:sm%2Bietf@elandsys.com | sm+ietf@elandsys.com ] > wrote: 
>>> 
>>> Hi Franck, 
>>> 
>>> [Cc to witarea@] 
>>> 
>>> At 11:32 AM 03-06-2026, Franck Martin wrote: 
>>>> Today I submitted this Internet Draft (I-D) to the IETF 
>>>> [ https://datatracker.ietf.org/doc/draft-martin-retry-over-ipv6/ | https://datatracker.ietf.org/doc/draft-martin-retry-over-ipv6/ ] 
>>>> 
>>>> I have been building this site: [ http://pacific.ipv6forum.com/ | pacific.ipv6forum.com ] and I have been wondering, how could I do an IPv4 outage on this site on 6/6? 
>>>> 
>>>> I have also seen that Czechoslovakia has mandated the end of IPv4 on government sites on 6/6/2032, 6 years from now. 
>>>> 
>>>> I also recall (from recent experience) that it is relatively easy to reach >90% of IPv6 connections to an internal network (think datacenter), but the remaining last % are difficult to identify (or discard) because services may misbehave and prefer IPv4 from time to time: You don't know if they can't really do IPv4 or if they did not bother to do IPv6. 
>>>> 
>>>> In an enterprise environment, micro-services are made redundant, there are multiple IPs and have fallback mechanisms when they encounter a 5xx error on one endpoint. 
>>>> 
>>>> So, I started to work on this Internet Draft. It is ready for the first round of public comments. I suspect, if successful, it will take 1 or 2 years to make it a standard. Then an extra 1 or 2 years, before it is implemented on enough clients (and browsers), we will be just in time for doing enough IPv4 outages on 6/6 to meet the 6/6/2032 deadline. 
>>> 
>>> There is a recent thread about IPv6 at [ https://mailarchive.ietf.org/arch/msg/ipv6/BxSOgbF34xbBcijtxf85Pfnb5tc/ | https://mailarchive.ietf.org/arch/msg/ipv6/BxSOgbF34xbBcijtxf85Pfnb5tc/ ] I don't remember seeing anything resulting from that discussion. Having a draft is, relatively, better than the usual email discussion. The draft falls under the WIT Area and v6ops (which is in another IETF Area). 
>> I quickly read the thread, and also asked for a summary. I agree with many points like : some mobiles are IPv6-only (T-Mobile, Reliance,…), some networks are IPv6-only on the management side (Comcast),.. StarLink is moving the needle A LOT in small countries, see countries on [ https://pacific.ipv6forum.com/ | https://pacific.ipv6forum.com ] < [ https://pacific.ipv6forum.com/ | https://pacific.ipv6forum.com ] >.. but yes the frontier is Entreprise adoption. I have some experience here that I’m trying to share. 
>>> 
>>> Section 1.1 of the draft states that "Governments are also publishing fixed IPv4 end dates" and lists one example [1]. Are there any other governments which have a fixed end date? 
>> I am not aware of other governments that have published an equally 
>> specific “IPv4 service ends on <date>” policy for their public 
>> services. Several others publish IPv6 transition *milestones* rather 
>> than a fixed IPv4 shutdown date — for example, US OMB M-21-07 (80% of 
>> federal IP-enabled assets in IPv6-only environments by FY 2025, with 
>> strategic intent to phase out IPv4): 
>> [ https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-07.pdf | https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-07.pdf ] 
>> The Netherlands and others have long-standing IPv6 “use-or-explain” or adoption targets, but not, to my knowledge, a single published IPv4 end date comparable to the Czech case. 
>> There was also a memo from the State of Washington going in the same 
>> direction… I used to track all those… looks like I need to do that again. 
>> And I agree that those memos come and go… Why? Because it is not trivial, we (IETF?) ought to make it easier. 
>>> 
>>> Section 3 of the draft states that "Many operators plan to remove or disable IPv4 while retaining IPv6 service." Are those plans available on the operators' websites? 
>> I tend to abuse the word “Many”, you caught me! I make a note to change it to “Some" 
>> That being said: 
>> * Meta is IPv6-only in their data centers: 
>> [ https://engineering.fb.com/2017/01/17/production-engineering/legacy-s | https://engineering.fb.com/2017/01/17/production-engineering/legacy-s ] 
>> upport-on-ipv6-only-infra/ 
>> < [ https://engineering.fb.com/2017/01/17/production-engineering/legacy- | https://engineering.fb.com/2017/01/17/production-engineering/legacy- ] 
>> support-on-ipv6-only-infra/> 
>> * Google Cloud has guidance for IPv6-only: 
>> [ https://cloud.google.com/blog/products/networking/connect-ipv6-only-w | https://cloud.google.com/blog/products/networking/connect-ipv6-only-w ] 
>> orkloads-to-ipv4-with-dns64-and-nat64 
>> < [ https://cloud.google.com/blog/products/networking/connect-ipv6-only- | https://cloud.google.com/blog/products/networking/connect-ipv6-only- ] 
>> workloads-to-ipv4-with-dns64-and-nat64> 
>> * All the could providers are moving to support IPv6 (because for 
>> instance K8S bring undue complexity when you use NAT, also with the 
>> explosion of AI agents, this will not be sustainable, I’m not worry, 
>> they can afford to buy large chunks of IPv4 - side note: I spoke 
>> recently with a banker on why IPv4 is not on the balance sheet of 
>> companies?) 
>> * Cisco has an IPv6-only building: 
>> [ https://blogs.cisco.com/networking/an-ipv6-campus-of-the-future | https://blogs.cisco.com/networking/an-ipv6-campus-of-the-future ] 
>> < [ https://blogs.cisco.com/networking/an-ipv6-campus-of-the-future | https://blogs.cisco.com/networking/an-ipv6-campus-of-the-future ] > 
>> * Orange is considering IPv6-only: 
>> [ https://www.youtube.com/watch?v=ahlY1vwM8qE | https://www.youtube.com/watch?v=ahlY1vwM8qE ] 
>> < [ https://www.youtube.com/watch?v=ahlY1vwM8qE | https://www.youtube.com/watch?v=ahlY1vwM8qE ] > 
>> * Microsoft has IPv6-only deployments (I know that in Azure this is 
>> way more complicated): 
>> [ https://labs.ripe.net/author/mirjam/ipv6-only-at-microsoft/ | https://labs.ripe.net/author/mirjam/ipv6-only-at-microsoft/ ] 
>> < [ https://labs.ripe.net/author/mirjam/ipv6-only-at-microsoft/ | https://labs.ripe.net/author/mirjam/ipv6-only-at-microsoft/ ] > 
>> * LinkedIn is moving to Dual Stack and IPv6-only in their Datacenters. I may point you to the links in this post: [ https://www.patreon.com/posts/ipv6-in-lessons-159595711 | https://www.patreon.com/posts/ipv6-in-lessons-159595711 ] where I share my experience with IPv6. 
>> On this last point, I want to say my motivation is more on how to make life easier for internal deployments than external deployments. As such I found out that making a software outage is easier than an infrastructure outage, and easier and faster to rollback. “You can’t fix what you don’t measure”, if you can differentiate an IPv4 outage from any other outage, then you don’t know what to fix. 
>> I’m not expecting the web browsers to implement anything fast, but I think we can have “faster” implementation in open source software like gRPC and Rest.Li to make life easier in enterprises, therefore impacting other software in those enterprises, which will lead to make it easier on the public Internet... 
>> So thanks for all those valid points, I’ll figure out how to better answer them in version -01. 
>> I tried to address the same with email, a while back. See those expired ID: [ https://datatracker.ietf.org/doc/draft-martin-smtp-ipv6-to-ipv4-fallback/ | https://datatracker.ietf.org/doc/draft-martin-smtp-ipv6-to-ipv4-fallback/ ] < [ https://datatracker.ietf.org/doc/draft-martin-smtp-ipv6-to-ipv4-fallback/ | https://datatracker.ietf.org/doc/draft-martin-smtp-ipv6-to-ipv4-fallback/ ] >, [ https://datatracker.ietf.org/doc/draft-martin-smtp-target-host-selection-ipv4-ipv6/ | https://datatracker.ietf.org/doc/draft-martin-smtp-target-host-selection-ipv4-ipv6/ ] < [ https://datatracker.ietf.org/doc/draft-martin-smtp-target-host-selection-ipv4-ipv6/ | https://datatracker.ietf.org/doc/draft-martin-smtp-target-host-selection-ipv4-ipv6/ ] >. I hope this ID has a bit more chances. 
>> Franck 
>> PS: if any has more references of mandate or wannabe mandates, please let me know. 
>>> 
>>> Regards, 
>>> S. Moonesamy 
>>> 
>>> 1. The IPv6 adoption rate for a social network in that country is 35.2%. 

_______________________________________________ 
v6ops mailing list -- [ mailto:v6ops@ietf.org | v6ops@ietf.org ] 
To unsubscribe send an email to [ mailto:v6ops-leave@ietf.org | v6ops-leave@ietf.org ] 
_______________________________________________ 
v6ops mailing list -- [ mailto:v6ops@ietf.org | v6ops@ietf.org ] 
To unsubscribe send an email to [ mailto:v6ops-leave@ietf.org | v6ops-leave@ietf.org ]