An Internet IPv6 Transition Plan
Folks - There's quite a few IPv6 transition technologies, each with its own camp of supporters based on particular world view of the hardest & easiest system elements to change. One of the challenges this poses is that it's very easy to get caught up in the various transition approaches and miss the high-level view of what needs to be accomplished. In an effort to communicate one possible transition plan in a technology agnostic manner, I've written an Internet draft which highlights the expectations that organizations could face over the next few years: http://www.ietf.org/internet-drafts/draft-jcurran-v6transitionplan-00.txt I'd be interested in hearing any and all feedback from the NANOG community on this draft; feel free to send such privately if you'd prefer a degree of anonymity, or have the urge to use language inappropriate in public... ;-) Thanks! /John
wilbur: we need to fly though the air! orville: easy, let's make a machine, and we can call it an "airplane" wilbur: that's cute, but HOW WILL IT WORK?
At 10:59 PM -0500 7/23/07, Randy Bush wrote:
wilbur: we need to fly though the air! orville: easy, let's make a machine, and we can call it an "airplane" wilbur: that's cute, but HOW WILL IT WORK?
In the references section, you'll find a number of RFC's and ID's which propose answers on "how will this work" for particular sites (such as enterprise, campus, etc). The reality is that the world is far more diverse than a few RFC's can depict, and further that we don't have a lot of folks with real world experience (yet) who can provide feedback on the viability of these plans. Rumor has it that this will change over time... /John
John, Thank you for writing this down, this will help start the discussion. One of the things that is missing IMHO is that there is no clear vision of what the IPv6 Internet will/should looks like. Let me focus on the residential broadband for a minute, I'm fully aware there are other cases, but let's start somewhere. 1) What is the IPv6 'service'? For example, is it reasonable to define a 'basic' level service as web+mail and an 'extended' service as everything else? Random ideas include for example offering a lower cost 'basic' service with v6 that would be 'proxied' to the rest of the v4 Internet.... 2) What is the connectivity model in IPv6 for the residential customer? 1 address versus prefix delegation? what prefix size? is this prefix 'stable' or 'variable' over time? (ie renumbering is expected) (note: the answer to this question has huge implications) What types of devices are connected? PCs or appliances or sensors? What is the management model in the home? (how much all of this has to be controlable by the user vs made automatic?) Are there 'servers' (ie things that answers connections from the outside) in the home? Is there any kind of DNS delegation happening to the home? 3) What is the security model of all this? I just listened today half mistified to a presentation at IETF that was saying that the 'recommended' deployment model in the home is to put a NAT-like stateful firewall in the home gateway... This would mean that IPv6 would have to inherit all the NAT-traversal technologies from IPv4 to work... Is this really what we want? 4) What about the 'legacy' devices that cannot upgrade to IPv6? What kind of service is expected for those? Does defining an 80% type solution as in 1) take care of them? IMHO, until there is a better understanding of the answers to those questions (and many more I'm sure) to describe what the brave new world of IPv6 looks like, it will be difficult to define any Internet scale transition plan... My $.02 - Alain.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of John Curran Sent: Monday, July 23, 2007 11:56 PM To: nanog Subject: An Internet IPv6 Transition Plan
Folks -
There's quite a few IPv6 transition technologies, each with its own camp of supporters based on particular world view of the hardest & easiest system elements to change. One of the challenges this poses is that it's very easy to get caught up in the various transition approaches and miss the high-level view of what needs to be accomplished.
In an effort to communicate one possible transition plan in a technology agnostic manner, I've written an Internet draft which highlights the expectations that organizations could face over the next few years:
http://www.ietf.org/internet-drafts/draft-jcurran-v6transition plan-00.txt
I'd be interested in hearing any and all feedback from the NANOG community on this draft; feel free to send such privately if you'd prefer a degree of anonymity, or have the urge to use language inappropriate in public... ;-)
Thanks! /John
Alain - Present residential broadband Internet service is "provide the customer with access to/from any public-facing IPv4-based resource" Around 2011 (date for discussion purpose only) residential broadband Internet service is "provide the customer with access to/from any public-facing IPv6-based Internet resource" The specific "vision" of how to provide such service is left to the provider. The Internet/IAB/IETF/ICANN/ISOC/... history does not proscribe such items as prefix size, static versus dynamic addressing, management models, minimal security, or much else for that matter... It's entirely left to the service provider. There's certainly suggestions, both direct (such as filtering for end-site devices) and indirect (embedding a /48 endsite assumption into the addressing scheme), but at the end of the day its up to the service provider to make their own design tradeoffs and let the market decide if they're right. This overall transition plan simply states that you might want to provide customers with access to sites which are served by IPv6-only sometime around 1 Jan 2011. The will be particularly useful to ISP's who may (for lack of any choice) be using IPv6- only to provide "Internet" service, and would prefer to be making faithful representations that sites connected in this manner are reachable by everyone out there. This isn't a very hard concept. ISP's will not have access to the previously deep pool of IPv4 address blocks that have allowed their ongoing growth in the past. Continuation of the ISP industry is predicated on enabling IPv6 for public-facing sites over the next few years. /John At 1:41 AM -0400 7/24/07, Durand, Alain wrote:
John,
Thank you for writing this down, this will help start the discussion.
One of the things that is missing IMHO is that there is no clear vision of what the IPv6 Internet will/should looks like. Let me focus on the residential broadband for a minute, I'm fully aware there are other cases, but let's start somewhere.
1) What is the IPv6 'service'? For example, is it reasonable to define a 'basic' level service as web+mail and an 'extended' service as everything else? Random ideas include for example offering a lower cost 'basic' service with v6 that would be 'proxied' to the rest of the v4 Internet....
2) What is the connectivity model in IPv6 for the residential customer? 1 address versus prefix delegation? what prefix size? is this prefix 'stable' or 'variable' over time? (ie renumbering is expected) (note: the answer to this question has huge implications) What types of devices are connected? PCs or appliances or sensors? What is the management model in the home? (how much all of this has to be controlable by the user vs made automatic?) Are there 'servers' (ie things that answers connections from the outside) in the home? Is there any kind of DNS delegation happening to the home?
3) What is the security model of all this? I just listened today half mistified to a presentation at IETF that was saying that the 'recommended' deployment model in the home is to put a NAT-like stateful firewall in the home gateway... This would mean that IPv6 would have to inherit all the NAT-traversal technologies from IPv4 to work... Is this really what we want?
4) What about the 'legacy' devices that cannot upgrade to IPv6? What kind of service is expected for those? Does defining an 80% type solution as in 1) take care of them?
IMHO, until there is a better understanding of the answers to those questions (and many more I'm sure) to describe what the brave new world of IPv6 looks like, it will be difficult to define any Internet scale transition plan...
My $.02
- Alain.
-----Original Message----- From: John Curran [mailto:jcurran@istaff.org] Sent: Tuesday, July 24, 2007 7:20 AM To: Durand, Alain Cc: nanog Subject: RE: An Internet IPv6 Transition Plan
Alain -
Present residential broadband Internet service is "provide the customer with access to/from any public-facing IPv4-based resource"
Around 2011 (date for discussion purpose only) residential broadband Internet service is "provide the customer with access to/from any public-facing IPv6-based Internet resource"
The specific "vision" of how to provide such service is left to the provider. The Internet/IAB/IETF/ICANN/ISOC/... history does not proscribe such items as prefix size, static versus dynamic addressing, management models, minimal security, or much else for that matter... It's entirely left to the service provider.
Yes, this this correct. However, there is a fairly 'common' expectation today about what the 'user experience' is. Sure, YMMV, but very often the v4 story is a direct PC connected behind a modem or a v4 NAT box + all the NAT traversal baggage + a bunch of device in the home that may have different 'upgrade path' to v6... So, even though this is not written by any I*, this is where we are starting from. Now my question is: where do we land? Simply saying:
"provide the customer with access to/from any public-facing IPv6-based Internet resource" is not sufficient, IMHO, to describe a transition plan effectively.
- Alain.
On Tue, Jul 24, 2007 at 01:41:18AM -0400, Durand, Alain wrote:
John,
Thank you for writing this down, this will help start the discussion.
One of the things that is missing IMHO is that there is no clear vision of what the IPv6 Internet will/should looks like. Let me focus on the residential broadband for a minute, I'm fully aware there are other cases, but let's start somewhere.
1) What is the IPv6 'service'? For example, is it reasonable to define a 'basic' level service as web+mail and an 'extended' service as everything else?
actually, for some of us there is the thought that before the "basic" service of web+email can work at all, one needs to have a couple of other infrastructure pieces in play, namely DNS and NTP... Oh, and the routing to knit these services together. --bill
-----Original Message----- From: bmanning@vacation.karoshi.com [mailto:bmanning@vacation.karoshi.com]
1) What is the IPv6 'service'? For example, is it reasonable to define a 'basic' level service as web+mail and an 'extended' service as everything else?
actually, for some of us there is the thought that before the "basic" service of web+email can work at all, one needs to have a couple of other infrastructure pieces in play, namely DNS and NTP... Oh, and the routing to knit these services together.
Sure, this is very important... but I was talking about the "user experience". - Alain.
On Tue, Jul 24, 2007 at 10:59:34AM -0400, Durand, Alain wrote:
-----Original Message----- From: bmanning@vacation.karoshi.com [mailto:bmanning@vacation.karoshi.com]
1) What is the IPv6 'service'? For example, is it reasonable to define a 'basic' level service as web+mail and an 'extended' service as everything else?
actually, for some of us there is the thought that before the "basic" service of web+email can work at all, one needs to have a couple of other infrastructure pieces in play, namely DNS and NTP... Oh, and the routing to knit these services together.
Sure, this is very important... but I was talking about the "user experience".
- Alain.
good point. there are "levels" of basic services. i suspect that the network operations folks would want to have working viable v6 (naming, timestamps, audit, measurement) running -before- turning up production "basic" service for the "user experience". assuming that is the case, what things to these assembled operators think are critical for operational stability in bringing online a new address family? Randy had a non-exaustive list at the last IEPG. To memory: MIB, AAAA, DNS, NTP, SYSLOG, DHCP, RADIUS, CALEA, etc. --bill
On Tue, 24 Jul 2007, Durand, Alain wrote:
One of the things that is missing IMHO is that there is no clear vision of what the IPv6 Internet will/should looks like. Let me focus on the
'look like'... there are mostly ipv4 paths from each ipv4 endpoint to each other ipv4 endpoint (keeping ourselves to the 'global internet' here). I think it makes sense that the 'ipv6 internet' will look very similar (v6 connectivity from endpoint to endpoint). Now, the tricky parts are the mean time where some ipv4-only host (due to it's network infrastructure not being upgraded to dual-stack capabilities) needs to access some 'important' ipv6-only content. Or the reverse situation as well... (yes, there are firewalls and things that block some end-to-end connectivity those are mostly not important for the 'looks like' discussion)
residential broadband for a minute, I'm fully aware there are other cases, but let's start somewhere.
1) What is the IPv6 'service'?
I think that in the near term 'all' dsl/cable/dial folks will have to offer dual-stack environments. There is little hope of gateways being successful in larger deployments. (imho)
2) What is the connectivity model in IPv6 for the residential customer? 1 address versus prefix delegation? what prefix size?
I had thought it was 1 prefix, I had thought it was a /64 or a /56 someone keeps moving the classful boundaries :( but pick one. Maybe it'd be helpful to be able to subnet that, we ought to think about that too I suppose.
is this prefix 'stable' or 'variable' over time? (ie renumbering is expected)
renumbering is 'free' in ipv6 right? why not stick to your 7 day leases? Surely you'll want to keep the ability to move netspace around as capacity issues arise?
What types of devices are connected? PCs or appliances or sensors?
what types exist today? pc's, appliances, sensors... I suspect phones as well.
What is the management model in the home?
call grandson? I am probably missing your question here...
Are there 'servers' (ie things that answers connections from the outside) in the home?
my personal opinion is 'yes'... there are a number of things today that do this sort of function, in the IETF v6ops meeting slingbox was mentioned as a specific example.
3) What is the security model of all this? I just listened today half mistified to a presentation at IETF that was saying that the 'recommended' deployment model in the home is to put a NAT-like stateful firewall in the home gateway... This would mean that IPv6 would have to inherit all the NAT-traversal technologies from IPv4 to work... Is this really what we want?
I think that NAT is coming, regardless of anyone's want to avoid it, we'll have to plan for that. I think that if we get the chance to start over, let's do it 'right' or 'righter' or 'more correctly/securely' if at all possible, eh? Less direct pc->internet more pc->firewally-thingy->internet. (imho)
4) What about the 'legacy' devices that cannot upgrade to IPv6? What kind of service is expected for those? Does defining an 80% type solution as in 1) take care of them?
won't they have ipv4 'forever'? at some point the traffic will flip (more v6 than v4) but for the near term v4 seemingly will dominate and thus remain strong. -Chris
On 24-jul-2007, at 0:41, Durand, Alain wrote:
1) What is the IPv6 'service'? For example, is it reasonable to define a 'basic' level service as web+mail and an 'extended' service as everything else? Random ideas include for example offering a lower cost 'basic' service with v6 that would be 'proxied' to the rest of the v4 Internet....
I would say that IPv6 service is the ability to send packets to and receive packets from other systems also using the IPv6 service by being connected to the global IPv6 cloud. This means that if there is filtering, this must be under the control of the user. Interconnection with IPv4 is a separate problem, and I'm certainly in favor of proxying to achieve that for users who don't need to run more complex protocols over IPv4: http://www.ietf.org/internet-drafts/draft-van-beijnum-v6ops-connect- method-00.txt Hopefully, this will make it possible to start removing IPv4 from select parts of the network: http://arstechnica.com/news.ars/post/20070704-the-declaration-of-ipv6- independence.html
2) What is the connectivity model in IPv6 for the residential customer? 1 address versus prefix delegation?
Prefix of course.
what prefix size?
/48 is a nice round number, but even /64 will do the job for residential users.
is this prefix 'stable' or 'variable' over time? (ie renumbering is expected) (note: the answer to this question has huge implications)
As a residential ISP, you have to build the network, so you tell us. As long as the prefixes don't change too often and everything is done carefully, user impact is negligible.
What types of devices are connected? PCs or appliances or sensors?
Nobody knows, and why should you care?
What is the management model in the home?
Mostly: N/A.
Are there 'servers' (ie things that answers connections from the outside) in the home?
Of course.
Is there any kind of DNS delegation happening to the home?
You can't just give every address a name like with IPv4 and you don't really know what addresses customers are going to use. Solution: dynamic DNS. Problem: the authentication. Solution: set up a zone per customer that can be modified with DDNS from the addresses given out to the customer. Bonus: web interface for removing old crap.
3) What is the security model of all this?
Javascript is enabled, so: broken.
I just listened today half mistified to a presentation at IETF that was saying that the 'recommended' deployment model in the home is to put a NAT-like stateful firewall in the home gateway... This would mean that IPv6 would have to inherit all the NAT- traversal technologies from IPv4 to work... Is this really what we want?
No, but how do we avoid it? Vendors need to build good stuff and let the customer make their own decisions in the end, when security stuff gets in the way it WILL be disabled or worked around.
4) What about the 'legacy' devices that cannot upgrade to IPv6? What kind of service is expected for those? Does defining an 80% type solution as in 1) take care of them?
Start charging more for IPv4 / less for IPv6, smart users will have a garage sale and buy new stuff, conservative ones do nothing and pay you the extra couple of bucks until 2023.
participants (7)
-
bmanning@vacation.karoshi.com -
Chris L. Morrow -
Durand, Alain -
Iljitsch van Beijnum -
John Curran -
John Curran -
Randy Bush