On Wed, Jul 21, 2010 at 3:18 AM, Fred Baker <fred@cisco.com> wrote:
IETF IPv6 Operations WG is looking at this draft, and we're interested in any comments you might have as well.
http://tools.ietf.org/html/draft-arkko-ipv6-transition-guidelines "Guidelines for Using IPv6 Transition Mechanisms", Jari Arkko, Fred Baker, 12-Jul-10
Hi Fred, Some feedback: In section 4.1, you kind of gloss over the challenges with native dual stack. You do state them, but if I didn't already know, I'd miss the significance of what you wrote. The significance is this: 1. The IPv6 Internet is not yet operating at the same availability standard as the IPv4 Internet and for reasons obvious to those of us who maintain operational systems, won't operate at the same standard until the networking emphasis (and funding!) moves from Ipv4 to Ipv6. 2. Connections to a dual stacked IPv6 host where the IPv6 path isn't working are much like connections to an IPv4 host with two IP addresses where one isn't working. With the added bonus that all assigned IPv6 addresses are tried first. The document is a little short on mitigations. Whitelisting between providers? Somehow in the name lookup? In what DNS software? And what about the folks who don't resolve names locally? There is a third major challenge to dual-stack that isn't addressed in the document: differing network security models that must deliver the same result for the same collection of hosts regardless of whether Ipv4 or v6 is selected. I can throw a COTS d-link box with address-overloaded NAT on a connection and have reasonably effective network security and anonymity in IPv4. Achieving comparable results in the IPv6 portion of the dual stack on each of those hosts is complicated at best. While interesting, 4.3 remains too deep in theory to seriously consider it for a short-term transition strategy. While 4.4 may be useful in the waning days of IPv4, it doesn't seem credible in the waxing days of IPv6. I'm going to make the vast majority of my customers pass through how many additional points of failure? That I have to pay extra to maintain? Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004