On Thu, 17 Mar 2022 at 04:27, William Allen Simpson <william.allen.simpson@gmail.com> wrote:
This is intended to replace ARP, ICMP Router Advertisement, ICMP Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the [IPv6] environment. There are also elements of the OSI ES-IS and IS-IS Hello.
We were forward looking to deployments of thousands of systems per link, rather than the 30 maximum under then current ethernet standards. We needed fewer announcements, less chatty traffic, and more specific traffic designation.
Please bear with me, after negativity some sobering remarks follow. And the solution is broken, it assumes snooping packets and creating near arbitrary amounts of multicast groups and forwarding multicast on L2 device is cheaper than flooding. It is not, and everyone keeps MLD off in L2 to simplify and reduce cost. So in reality the multicast L2 resolution is not used, and useless complexity. In addition to this problem of changing broadcast to multicast, the ND can use GUA|LL<->GUA|LL any combination, which makes almost every input ACL broken, because operators simply are not aware of this. Very common problem for us is, we change vendor on our end, and customer IPv6 breaks, customer did 0 changes, so of course they blame us, and we have difficult task to educate them 'look this is how ND works, your ACL is broken, because it assumes special case is generic case, and the special case has changed' because different vendors choose different GUA|LL <-> GUA|LL for ND, it can be wrong and work until the far end does some change. The right solution is not to filter by ADDR, but to filter by hop-limit, but it's too complex for operators to understand. /MOST/ IPv6 'improvements' are like this, they solve problems that either didn't exist or make the existing problem worse. Like extension headers. Like creating large on-link networks, adding a lot more attack vectors. Ok IPv6 is kinda shit, but it's the only thing we have and we can make it work with some effort and some cost. And the effort and cost of making IPv6 work is less than making IPV4+IPV6 work, and we really really need the larger address space, it trumps all other deltas by a wide margin. So yes I have an ugly child, but it's the only child I have, and with my genes, a beautiful child isn't on the cards, so I'll raise this ugly child as best I can. I no longer care how bad IPv6 is, that's crying over spilt milk, it doesn't matter. I care about the cost of doing both IPV4+IPV6. -- ++ytti