202203071610.AYC Re: Making Use of 240/4 NetBlock
/On Nov 24, 2021, at 5:08 PM, William Herrin <bill at herrin.us <https://mailman.nanog.org/mailman/listinfo/nanog>> wrote: />//>/On Wed, Nov 24, 2021 at 4:36 PM David Conrad <drc at virtualized.org <https://mailman.nanog.org/mailman/listinfo/nanog>> wrote: />>>/I like research but what would the RIRs study? The percentage of the />>//>>/Lots of people said similar things when 1.0.0.0/8 was allocated to APNIC />>/and they said similar things when 1.1.1.0/24 was stood up as an />>/experiment by Cloudflare and APNIC, yet 1.1.1.1 seems to be pretty
Dear Colleagues: 0) I was made aware of a recent discussion on this Forum that cited our work on the 240/4 NetBlock, nicknamed EzIP (Phonetic for Easy IPv4). (Please see, at the end of this MSG, the URL to the discussion and the highlighted text where the citation was made.) 1) As the lead investigator of the EzIP Project, I would like to formally introduce our solution by bringing your attention to an overview whitepaper: https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf In a nutshell, EzIP proposes to disable the program codes in current routers that have been disabling the use of the 240/4 NetBlock. The cost of this software engineering should be minimal. The EzIP deployment architecture is the same as that of the existing CG-NAT (Carrier Grade Network Address Translation). Consequently, there is no need to modify any hardware equipment. There is an online setup description (Reference II), called RAN (Regional Area Network), that demonstrates the feasibility of this approach. 2) There are additional consequential benefits by deploying EzIP, such as those mentioned by our comment to Reference III in the above whitepaper. I look forward to addressing your thoughts. Regards, Abe (2022-03-07 17:14 EST) VP Engineering Avinta Communications, Inc. Milpitas, CA 95035 USA +1(408)942-1485 Skype: Abraham.Y.Chen eMail: AYChen@Avinta.com WebSite: www.Avinta.com *********************** https://mailman.nanog.org/pipermail/nanog/2021-November/216766.html Class D addresses? was: Redploying most of 127/8 as unicast public *Greg Skinner* gregskinner0 at icloud.com <mailto:nanog%40nanog.org?Subject=Re%3A%20Class%20D%20addresses%3F%20was%3A%20Redploying%20most%20of%20127/8%20as%20unicast%20public&In-Reply-To=%3CFEDBF677-BC75-47F3-A92D-2611F43283BA%40icloud.com%3E> /Mon Nov 29 18:47:14 UTC 2021/ * Previous message (by thread): Class D addresses? was: Redploying most of 127/8 as unicast public <https://mailman.nanog.org/pipermail/nanog/2021-November/216640.html> * Next message (by thread): Class E addresses? 240/4 history <https://mailman.nanog.org/pipermail/nanog/2021-November/216602.html> * *Messages sorted by:* [ date ] <https://mailman.nanog.org/pipermail/nanog/2021-November/date.html#216766> [ thread ] <https://mailman.nanog.org/pipermail/nanog/2021-November/thread.html#216766> [ subject ] <https://mailman.nanog.org/pipermail/nanog/2021-November/subject.html#216766> [ author ] <https://mailman.nanog.org/pipermail/nanog/2021-November/author.html#216766> ------------------------------------------------------------------------ popular. />//>/Hi David, />//>/I don't recall there being any equipment or software compatibility />/concerns with 1.0.0.0/8. If you do, feel free to refresh my memory. As />/I recall it, there were concerns with prior local use and potential />/trash traffic. It seemed likely those concerns could be addressed with />/experiments, and the experiments in fact addressed them. />//>/The prior local use worry reared its head again with 240/4 but given />/the prior experience with 1.0.0.0/8 I don't personally believe we need />/to re-run that experiment just because the numbers are part of a />/different block. />//>//>>/Seems to me that a number of folks on this list and during this />>/discussion would disagree with a blanket assertion that 240/4 />>/is “dysfunctional on the 2021 Internet” - some of them even />>/wrote a draft discussing the possibility. />//>/Line them up. Show of hands. Who really thinks that if we assign />/240.0.0.1 to a customer tomorrow without waiting for anyone to clean />/up their software and hardware, you won't get enough complaints about />/things not working that you have to take it back and assign a />/different address instead? />//>//>>/1. Move 240/4 from "reserved" to "unallocated unicast" />>//>>/OK, but this seems like a quibble. The status for 240/4 is “ />>/RESERVED: designated by the IETF for specific non-global-unicast />>/purposes as noted.” The “as noted” part is “Future Use”. />//>/It's not a quibble. Some vendors take the current status to mean />/"treat it like unicast until we're told otherwise." Others take the />/status to mean, "packets with these addresses are bogons without a />/defined routing behavior until we're told otherwise." The result is />/incompatible behavior between vendors. Changing that direction to />/"treat it like unicast" without ambiguity is not a quibble. />//>/Regards, />/Bill Herrin />//>/-- />/William Herrin />/bill at herrin.us <https://mailman.nanog.org/mailman/listinfo/nanog> />/https://bill.herrin.us/ / For what it’s worth, I’ve been tracking this issue on other netops mailing lists. There is a recent post on the LACNOG list from Leandro Bertholdo <https://mail.lacnic.net/pipermail/lacnog/2021-November/008895.html> referencing https://datatracker.ietf.org/doc/draft-chen-ati-adaptive-ipv4-address-space/ <https://datatracker.ietf.org/doc/draft-chen-ati-adaptive-ipv4-address-space/>, a draft proposing another way to make additional IPv4 address space available I haven’t had time to read the draft closely, but I noticed that it involves the use of 240/4. Subsequent googling about the draft turned up a presentation <https://www.avinta.com/phoenix-1/home/RegionalAreaNetworkArchitecture.pdf> describing how the techniques described could be deployed. I noticed that the presentation made reference to OpenWRT, so perhaps the authors are aware of the work that the authors of the IPv4 Unicast Extensions Project have done in that area. The adaptive-ipv4 draft will expire sometime next month, so anyone interested in seeing it move forward should contact the authors. —gregbo ******************* -- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
I recall reading the IETF draft some time ago. It seemed like an overly convoluted mechanism to tunnel 240/4. On Tue, Mar 8, 2022 at 8:50 AM Abraham Y. Chen <aychen@avinta.com> wrote: > Dear Colleagues: > > 0) I was made aware of a recent discussion on this Forum that cited our > work on the 240/4 NetBlock, nicknamed EzIP (Phonetic for Easy IPv4). > (Please see, at the end of this MSG, the URL to the discussion and the > highlighted text where the citation was made.) > > 1) As the lead investigator of the EzIP Project, I would like to > formally introduce our solution by bringing your attention to an overview > whitepaper: > > https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf > > In a nutshell, EzIP proposes to disable the program codes in current > routers that have been disabling the use of the 240/4 NetBlock. The cost of > this software engineering should be minimal. The EzIP deployment > architecture is the same as that of the existing CG-NAT (Carrier Grade > Network Address Translation). Consequently, there is no need to modify any > hardware equipment. There is an online setup description (Reference II), > called RAN (Regional Area Network), that demonstrates the feasibility of > this approach. > > 2) There are additional consequential benefits by deploying EzIP, such > as those mentioned by our comment to Reference III in the above whitepaper. > I look forward to addressing your thoughts. > > > Regards, > > > Abe (2022-03-07 17:14 EST) > VP Engineering > Avinta Communications, Inc. > Milpitas, CA 95035 USA > +1(408)942-1485 > Skype: Abraham.Y.Chen > eMail: AYChen@Avinta.com > WebSite: www.Avinta.com > > > *********************** > > https://mailman.nanog.org/pipermail/nanog/2021-November/216766.html > Class D addresses? was: Redploying most of 127/8 as unicast public *Greg > Skinner* gregskinner0 at icloud.com > <nanog%40nanog.org?Subject=Re%3A%20Class%20D%20addresses%3F%20was%3A%20Redploying%20most%20of%20127/8%20as%20unicast%20public&In-Reply-To=%3CFEDBF677-BC75-47F3-A92D-2611F43283BA%40icloud.com%3E> > *Mon Nov 29 18:47:14 UTC 2021* > > - Previous message (by thread): Class D addresses? was: Redploying > most of 127/8 as unicast public > <https://mailman.nanog.org/pipermail/nanog/2021-November/216640.html> > - Next message (by thread): Class E addresses? 240/4 history > <https://mailman.nanog.org/pipermail/nanog/2021-November/216602.html> > - *Messages sorted by:* [ date ] > <https://mailman.nanog.org/pipermail/nanog/2021-November/date.html#216766> [ > thread ] > <https://mailman.nanog.org/pipermail/nanog/2021-November/thread.html#216766> [ > subject ] > <https://mailman.nanog.org/pipermail/nanog/2021-November/subject.html#216766> [ > author ] > <https://mailman.nanog.org/pipermail/nanog/2021-November/author.html#216766> > > ------------------------------ > > >* On Nov 24, 2021, at 5:08 PM, William Herrin <bill at herrin.us <https://mailman.nanog.org/mailman/listinfo/nanog>> wrote: > *> >* On Wed, Nov 24, 2021 at 4:36 PM David Conrad <drc at virtualized.org <https://mailman.nanog.org/mailman/listinfo/nanog>> wrote: > *>>>* I like research but what would the RIRs study? The percentage of the > *>> >>* Lots of people said similar things when 1.0.0.0/8 <http://1.0.0.0/8> was allocated to APNIC > *>>* and they said similar things when 1.1.1.0/24 <http://1.1.1.0/24> was stood up as an > *>>* experiment by Cloudflare and APNIC, yet 1.1.1.1 seems to be pretty popular. > *> >* Hi David, > *> >* I don't recall there being any equipment or software compatibility > *>* concerns with 1.0.0.0/8 <http://1.0.0.0/8>. If you do, feel free to refresh my memory. As > *>* I recall it, there were concerns with prior local use and potential > *>* trash traffic. It seemed likely those concerns could be addressed with > *>* experiments, and the experiments in fact addressed them. > *> >* The prior local use worry reared its head again with 240/4 but given > *>* the prior experience with 1.0.0.0/8 <http://1.0.0.0/8> I don't personally believe we need > *>* to re-run that experiment just because the numbers are part of a > *>* different block. > *> > >>* Seems to me that a number of folks on this list and during this > *>>* discussion would disagree with a blanket assertion that 240/4 > *>>* is “dysfunctional on the 2021 Internet” - some of them even > *>>* wrote a draft discussing the possibility. > *> >* Line them up. Show of hands. Who really thinks that if we assign > *>* 240.0.0.1 to a customer tomorrow without waiting for anyone to clean > *>* up their software and hardware, you won't get enough complaints about > *>* things not working that you have to take it back and assign a > *>* different address instead? > *> > >>* 1. Move 240/4 from "reserved" to "unallocated unicast" > *>> >>* OK, but this seems like a quibble. The status for 240/4 is “ > *>>* RESERVED: designated by the IETF for specific non-global-unicast > *>>* purposes as noted.” The “as noted” part is “Future Use”. > *> >* It's not a quibble. Some vendors take the current status to mean > *>* "treat it like unicast until we're told otherwise." Others take the > *>* status to mean, "packets with these addresses are bogons without a > *>* defined routing behavior until we're told otherwise." The result is > *>* incompatible behavior between vendors. Changing that direction to > *>* "treat it like unicast" without ambiguity is not a quibble. > *> >* Regards, > *>* Bill Herrin > *> >* -- > *>* William Herrin > *>* bill at herrin.us <https://mailman.nanog.org/mailman/listinfo/nanog> > *>* https://bill.herrin.us/ <https://bill.herrin.us/> > * > For what it’s worth, I’ve been tracking this issue on other netops mailing lists. There is a recent post on the LACNOG list from Leandro Bertholdo > <https://mail.lacnic.net/pipermail/lacnog/2021-November/008895.html> referencing https://datatracker.ietf.org/doc/draft-chen-ati-adaptive-ipv4-address-space/ > <https://datatracker.ietf.org/doc/draft-chen-ati-adaptive-ipv4-address-space/>, a draft proposing another way to make additional IPv4 address space available > I haven’t had time to read the draft closely, but I noticed that it involves the use of 240/4. Subsequent googling about the draft turned up a presentation > <https://www.avinta.com/phoenix-1/home/RegionalAreaNetworkArchitecture.pdf> describing how the techniques described could be deployed. I noticed that the presentation > made reference to OpenWRT, so perhaps the authors are aware of the work that the authors of the IPv4 Unicast Extensions Project have done in that area. > > The adaptive-ipv4 draft will expire sometime next month, so anyone interested in seeing it move forward should contact the authors. > > —gregbo > > ******************* > > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon> Virus-free. > www.avast.com > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link> > <#m_-6939840509531889009_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >
Hi, Tom: 0) Thanks to your thoughts. 1) First, logistics: Since this was my first post to this Forum, I got an auto-response stating that my post was being moderated. Then, I got your message even before I received any follow-up notice from such, nor my writing being published. Are you responding to the general distribution or acting as a moderator? 2) " .... an overly convoluted mechanism to tunnel 240/4. .... ": We started our work due to curiosity. As we made progresses in various areas, quite a few topics have distilled to a different yet much clearer picture. Allow me to describe the current EzIP proposal with respect to these aspects: A. "overly convoluted": EzIP proposes to make use of the long-reserved 240/4 NetBlock by utilizing the RFC791 to carry it. However, this is only needed for the long term full end-to-end deployment. For the immediate EzIP configuration that is for supporting the current Server / Client (Master /Slave) model (similar to the current CG-NAT, or CDN), EzIP will be using a degenerated configuration which we call it RAN (Regional Area Network) where the standard IPv4 packet header will be suffice, even without the RFC791. I believe these schemes are opposite to "convoluted". B. "tunnel": Instead of tunneling in the current sense of 6to4 tunneling, or similar, which interacts with the parameters of transmission environment, EzIP is an */overlay/* network consisting of RANs (Regional Area Networks), each is tethered from the current Internet via one IPv4 public address. Since each RAN appears to be a private network to the Internet core, pretty much everything in the RAN is independent of the latter. Direct communications between IoTs residing in separate RANs, when needed, will still be carried by native IPv4 packets (with the addition of Option Words carrying IoTs' Source and Destination addresses within the host RANs, respectively). Could you please clarify your characterizations of the above? Regards, Abe (2022-03-08 10:46) On 2022-03-08 09:09, Tom Beecher wrote:
I recall reading the IETF draft some time ago. It seemed like an overly convoluted mechanism to tunnel 240/4.
On Tue, Mar 8, 2022 at 8:50 AM Abraham Y. Chen <aychen@avinta.com> wrote:
Dear Colleagues:
0) I was made aware of a recent discussion on this Forum that cited our work on the 240/4 NetBlock, nicknamed EzIP (Phonetic for Easy IPv4). (Please see, at the end of this MSG, the URL to the discussion and the highlighted text where the citation was made.)
1) As the lead investigator of the EzIP Project, I would like to formally introduce our solution by bringing your attention to an overview whitepaper:
https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf
In a nutshell, EzIP proposes to disable the program codes in current routers that have been disabling the use of the 240/4 NetBlock. The cost of this software engineering should be minimal. The EzIP deployment architecture is the same as that of the existing CG-NAT (Carrier Grade Network Address Translation). Consequently, there is no need to modify any hardware equipment. There is an online setup description (Reference II), called RAN (Regional Area Network), that demonstrates the feasibility of this approach.
2) There are additional consequential benefits by deploying EzIP, such as those mentioned by our comment to Reference III in the above whitepaper.
I look forward to addressing your thoughts.
Regards,
Abe (2022-03-07 17:14 EST) VP Engineering Avinta Communications, Inc. Milpitas, CA 95035 USA +1(408)942-1485 Skype: Abraham.Y.Chen eMail: AYChen@Avinta.com WebSite: www.Avinta.com <http://www.Avinta.com>
***********************
https://mailman.nanog.org/pipermail/nanog/2021-November/216766.html
Class D addresses? was: Redploying most of 127/8 as unicast public
*Greg Skinner* gregskinner0 at icloud.com <mailto:nanog%40nanog.org?Subject=Re%3A%20Class%20D%20addresses%3F%20was%3A%20Redploying%20most%20of%20127/8%20as%20unicast%20public&In-Reply-To=%3CFEDBF677-BC75-47F3-A92D-2611F43283BA%40icloud.com%3E> /Mon Nov 29 18:47:14 UTC 2021/
* Previous message (by thread): Class D addresses? was: Redploying most of 127/8 as unicast public <https://mailman.nanog.org/pipermail/nanog/2021-November/216640.html> * Next message (by thread): Class E addresses? 240/4 history <https://mailman.nanog.org/pipermail/nanog/2021-November/216602.html> * *Messages sorted by:* [ date ] <https://mailman.nanog.org/pipermail/nanog/2021-November/date.html#216766> [ thread ] <https://mailman.nanog.org/pipermail/nanog/2021-November/thread.html#216766> [ subject ] <https://mailman.nanog.org/pipermail/nanog/2021-November/subject.html#216766> [ author ] <https://mailman.nanog.org/pipermail/nanog/2021-November/author.html#216766>
------------------------------------------------------------------------
>/On Nov 24, 2021, at 5:08 PM, William Herrin <bill at herrin.us <https://mailman.nanog.org/mailman/listinfo/nanog>> wrote: />//>/On Wed, Nov 24, 2021 at 4:36 PM David Conrad <drc at virtualized.org <https://mailman.nanog.org/mailman/listinfo/nanog>> wrote: />>>/I like research but what would the RIRs study? The percentage of the />>//>>/Lots of people said similar things when 1.0.0.0/8 <http://1.0.0.0/8> was allocated to APNIC />>/and they said similar things when 1.1.1.0/24 <http://1.1.1.0/24> was stood up as an />>/experiment by Cloudflare and APNIC, yet 1.1.1.1 seems to be pretty popular. />//>/Hi David, />//>/I don't recall there being any equipment or software compatibility />/concerns with 1.0.0.0/8 <http://1.0.0.0/8>. If you do, feel free to refresh my memory. As />/I recall it, there were concerns with prior local use and potential />/trash traffic. It seemed likely those concerns could be addressed with />/experiments, and the experiments in fact addressed them. />//>/The prior local use worry reared its head again with 240/4 but given />/the prior experience with 1.0.0.0/8 <http://1.0.0.0/8> I don't personally believe we need />/to re-run that experiment just because the numbers are part of a />/different block. />//>//>>/Seems to me that a number of folks on this list and during this />>/discussion would disagree with a blanket assertion that 240/4 />>/is “dysfunctional on the 2021 Internet” - some of them even />>/wrote a draft discussing the possibility. />//>/Line them up. Show of hands. Who really thinks that if we assign />/240.0.0.1 to a customer tomorrow without waiting for anyone to clean />/up their software and hardware, you won't get enough complaints about />/things not working that you have to take it back and assign a />/different address instead? />//>//>>/1. Move 240/4 from "reserved" to "unallocated unicast" />>//>>/OK, but this seems like a quibble. The status for 240/4 is “ />>/RESERVED: designated by the IETF for specific non-global-unicast />>/purposes as noted.” The “as noted” part is “Future Use”. />//>/It's not a quibble. Some vendors take the current status to mean />/"treat it like unicast until we're told otherwise." Others take the />/status to mean, "packets with these addresses are bogons without a />/defined routing behavior until we're told otherwise." The result is />/incompatible behavior between vendors. Changing that direction to />/"treat it like unicast" without ambiguity is not a quibble. />//>/Regards, />/Bill Herrin />//>/-- />/William Herrin />/bill at herrin.us <https://mailman.nanog.org/mailman/listinfo/nanog> />/https://bill.herrin.us/ / For what it’s worth, I’ve been tracking this issue on other netops mailing lists. There is a recent post on the LACNOG list from Leandro Bertholdo <https://mail.lacnic.net/pipermail/lacnog/2021-November/008895.html> referencing https://datatracker.ietf.org/doc/draft-chen-ati-adaptive-ipv4-address-space/ <https://datatracker.ietf.org/doc/draft-chen-ati-adaptive-ipv4-address-space/>, a draft proposing another way to make additional IPv4 address space available I haven’t had time to read the draft closely, but I noticed that it involves the use of 240/4. Subsequent googling about the draft turned up a presentation <https://www.avinta.com/phoenix-1/home/RegionalAreaNetworkArchitecture.pdf> describing how the techniques described could be deployed. I noticed that the presentation made reference to OpenWRT, so perhaps the authors are aware of the work that the authors of the IPv4 Unicast Extensions Project have done in that area.
The adaptive-ipv4 draft will expire sometime next month, so anyone interested in seeing it move forward should contact the authors.
—gregbo
*******************
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon> Virus-free. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link>
<#m_-6939840509531889009_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
> Cc: NANOG <nanog@nanog.org>, Greg Skinner <gregskinner0@icloud.com>, "Karandikar, Abhay" <Director@iitk.ac.in>, Rama Ati <rama_ati@outlook.com>, Bob Corner GMAIL <bobbiecorner@gmail.com>, "Hsing, T. Russell" <tHsing@ieee.org>, "Chen, Henry C.J." <hcjchen@avinta.com>, ST Hsieh <uschinaeetc@gmail.com>, "Chen, Abraham Y." <AYChen@alum.mit.edu> > This is a whole lot of cc:s to people who aren't even part of this group/list. One wonders with this many cc:s, how many bcc:s there also were, and to whom. Anne -- Anne P. Mitchell, Attorney at Law CEO Get to the Inbox by SuretyMail Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law) Author: The Email Deliverability Handbook Board of Directors, Denver Internet Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute In-house Counsel: Mail Abuse Prevention System (MAPS) (Closed in 2004) > On Mar 8, 2022, at 8:46 AM, Abraham Y. Chen <aychen@avinta.com> wrote: > > Hi, Tom: > > 0) Thanks to your thoughts. > > 1) First, logistics: Since this was my first post to this Forum, I got an auto-response stating that my post was being moderated. Then, I got your message even before I received any follow-up notice from such, nor my writing being published. Are you responding to the general distribution or acting as a moderator? > > 2) " .... an overly convoluted mechanism to tunnel 240/4. .... ": We started our work due to curiosity. As we made progresses in various areas, quite a few topics have distilled to a different yet much clearer picture. Allow me to describe the current EzIP proposal with respect to these aspects: > > A. "overly convoluted": EzIP proposes to make use of the long-reserved 240/4 NetBlock by utilizing the RFC791 to carry it. However, this is only needed for the long term full end-to-end deployment. For the immediate EzIP configuration that is for supporting the current Server / Client (Master /Slave) model (similar to the current CG-NAT, or CDN), EzIP will be using a degenerated configuration which we call it RAN (Regional Area Network) where the standard IPv4 packet header will be suffice, even without the RFC791. I believe these schemes are opposite to "convoluted". > > B. "tunnel": Instead of tunneling in the current sense of 6to4 tunneling, or similar, which interacts with the parameters of transmission environment, EzIP is an overlay network consisting of RANs (Regional Area Networks), each is tethered from the current Internet via one IPv4 public address. Since each RAN appears to be a private network to the Internet core, pretty much everything in the RAN is independent of the latter. Direct communications between IoTs residing in separate RANs, when needed, will still be carried by native IPv4 packets (with the addition of Option Words carrying IoTs' Source and Destination addresses within the host RANs, respectively). > > Could you please clarify your characterizations of the above? > > > > Regards, > > > > > > Abe (2022-03-08 10:46) > > > > > > On 2022-03-08 09:09, Tom Beecher wrote: >> I recall reading the IETF draft some time ago. It seemed like an overly convoluted mechanism to tunnel 240/4. >> >> On Tue, Mar 8, 2022 at 8:50 AM Abraham Y. Chen <aychen@avinta.com> wrote: >> Dear Colleagues: >> >> 0) I was made aware of a recent discussion on this Forum that cited our work on the 240/4 NetBlock, nicknamed EzIP (Phonetic for Easy IPv4). (Please see, at the end of this MSG, the URL to the discussion and the highlighted text where the citation was made.) >> >> 1) As the lead investigator of the EzIP Project, I would like to formally introduce our solution by bringing your attention to an overview whitepaper: >> >> https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf >> >> In a nutshell, EzIP proposes to disable the program codes in current routers that have been disabling the use of the 240/4 NetBlock. The cost of this software engineering should be minimal. The EzIP deployment architecture is the same as that of the existing CG-NAT (Carrier Grade Network Address Translation). Consequently, there is no need to modify any hardware equipment. There is an online setup description (Reference II), called RAN (Regional Area Network), that demonstrates the feasibility of this approach. >> >> 2) There are additional consequential benefits by deploying EzIP, such as those mentioned by our comment to Reference III in the above whitepaper. >> >> I look forward to addressing your thoughts. >> >> >> Regards, >> >> >> >> Abe (2022-03-07 17:14 EST) >> VP Engineering >> Avinta Communications, Inc. >> Milpitas, CA 95035 USA >> +1(408)942-1485 >> Skype: Abraham.Y.Chen >> eMail: AYChen@Avinta.com >> WebSite: www.Avinta.com >> >> >> *********************** >> >> https://mailman.nanog.org/pipermail/nanog/2021-November/216766.html >> >> Class D addresses? was: Redploying most of 127/8 as unicast public >> >> Greg Skinner gregskinner0 at icloud.com >> Mon Nov 29 18:47:14 UTC 2021 >> • Previous message (by thread): Class D addresses? was: Redploying most of 127/8 as unicast public >> • Next message (by thread): Class E addresses? 240/4 history >> • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] >> > On Nov 24, 2021, at 5:08 PM, William Herrin <bill at herrin.us >> > wrote: >> >> > >> >> >> > On Wed, Nov 24, 2021 at 4:36 PM David Conrad <drc at virtualized.org >> > wrote: >> >> >>> >> I like research but what would the RIRs study? The percentage of the >> >> >> >> >> >> >> Lots of people said similar things when 1.0.0.0/8 >> was allocated to APNIC >> >> >> and they said similar things when 1.1.1.0/24 >> was stood up as an >> >> >> >> experiment by Cloudflare and APNIC, yet 1.1.1.1 seems to be pretty popular. >> >> > >> >> >> > >> Hi David, >> >> > >> >> >> > >> I don't recall there being any equipment or software compatibility >> >> > concerns with 1.0.0.0/8 >> . If you do, feel free to refresh my memory. As >> >> > >> I recall it, there were concerns with prior local use and potential >> >> > >> trash traffic. It seemed likely those concerns could be addressed with >> >> > >> experiments, and the experiments in fact addressed them. >> >> > >> >> >> > >> The prior local use worry reared its head again with 240/4 but given >> >> > the prior experience with 1.0.0.0/8 >> I don't personally believe we need >> >> > >> to re-run that experiment just because the numbers are part of a >> >> > >> different block. >> >> > >> >> >> > >> >> >> >> >> Seems to me that a number of folks on this list and during this >> >> >> >> discussion would disagree with a blanket assertion that 240/4 >> >> >> >> is “dysfunctional on the 2021 Internet” - some of them even >> >> >> >> wrote a draft discussing the possibility. >> >> > >> >> >> > >> Line them up. Show of hands. Who really thinks that if we assign >> >> > >> 240.0.0.1 to a customer tomorrow without waiting for anyone to clean >> >> > >> up their software and hardware, you won't get enough complaints about >> >> > >> things not working that you have to take it back and assign a >> >> > >> different address instead? >> >> > >> >> >> > >> >> >> >> >> 1. Move 240/4 from "reserved" to "unallocated unicast" >> >> >> >> >> >> >> >> OK, but this seems like a quibble. The status for 240/4 is “ >> >> >> >> RESERVED: designated by the IETF for specific non-global-unicast >> >> >> >> purposes as noted.” The “as noted” part is “Future Use”. >> >> > >> >> >> > >> It's not a quibble. Some vendors take the current status to mean >> >> > >> "treat it like unicast until we're told otherwise." Others take the >> >> > >> status to mean, "packets with these addresses are bogons without a >> >> > >> defined routing behavior until we're told otherwise." The result is >> >> > >> incompatible behavior between vendors. Changing that direction to >> >> > >> "treat it like unicast" without ambiguity is not a quibble. >> >> > >> >> >> > >> Regards, >> >> > >> Bill Herrin >> >> > >> >> >> > >> -- >> >> > >> William Herrin >> >> > bill at herrin.us >> > https://bill.herrin.us/ >> >> For what it’s worth, I’ve been tracking this issue on other netops mailing lists. There is a recent post on the LACNOG list from Leandro Bertholdo >> < >> https://mail.lacnic.net/pipermail/lacnog/2021-November/008895.html> referencing https://datatracker.ietf.org/doc/draft-chen-ati-adaptive-ipv4-address-space/ >> >> < >> https://datatracker.ietf.org/doc/draft-chen-ati-adaptive-ipv4-address-space/ >> >, a draft proposing another way to make additional IPv4 address space available >> I haven’t had time to read the draft closely, but I noticed that it involves the use of 240/4. Subsequent googling about the draft turned up a presentation >> < >> https://www.avinta.com/phoenix-1/home/RegionalAreaNetworkArchitecture.pdf> describing how the techniques described could be deployed. >> I noticed that the presentation >> made reference to OpenWRT, so perhaps the authors are aware of the work that the authors of the IPv4 Unicast Extensions Project have done in that area. >> >> The adaptive-ipv4 draft will expire sometime next month, so anyone interested in seeing it move forward should contact the authors. >> >> —gregbo >> >> ******************* >> >> >> Virus-free. www.avast.com > >
It appears that Anne Mitchell <amitchell@isipp.com> said:
Cc: NANOG <nanog@nanog.org>, Greg Skinner <gregskinner0@icloud.com>, "Karandikar, Abhay" <Director@iitk.ac.in>, Rama Ati <rama_ati@outlook.com>, Bob Corner GMAIL <bobbiecorner@gmail.com>, "Hsing, T. Russell" <tHsing@ieee.org>, "Chen, Henry C.J." <hcjchen@avinta.com>, ST Hsieh <uschinaeetc@gmail.com>, "Chen, Abraham Y." <AYChen@alum.mit.edu>
This is a whole lot of cc:s to people who aren't even part of this group/list. One wonders with this many cc:s, how many bcc:s there also were, and to whom.
There are several thousand people on the NANOG list, and public web archives. I don't think this is a useful question. FWIW, I also don't think that repurposing 240/4 is a good idea. To be useful it would require that every host on the Internet update its network stack, which would take on the order of a decade, to free up some space that would likely be depleted in a year or two. It's basically the same amount of work as getting everything to work on IPv6. R's, John
On Tue, Mar 8, 2022 at 12:34 PM John Levine <johnl@iecc.com> wrote:
FWIW, I also don't think that repurposing 240/4 is a good idea. To be useful it would require that every host on the Internet update its network stack,
Hi John, That's incorrect and obviously so. While repurposing 240/4 as general purpose Internet addresses might require that level of effort, other uses such as local LAN addressing would only require the equipment on that one lan to be updated -- a much more attainable goal. Reallocating 240/4 as unpurposed unicast address space would allow some standards-compliant uses to become practical before others. A few quite quickly.
which would take on the order of a decade, to free up some space that would likely be depleted in a year or two. It's basically the same amount of work as getting everything to work on IPv6.
Is it not past time we admit that we have no real idea what the schedule or level of effort will be for making IPv6 ubiquitous? This year it was more than last year and next year it'll probably be more than this year. The more precise predictions all seem to have fallen flat. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/
It appears that William Herrin <bill@herrin.us> said:
On Tue, Mar 8, 2022 at 12:34 PM John Levine <johnl@iecc.com> wrote:
FWIW, I also don't think that repurposing 240/4 is a good idea. To be useful it would require that every host on the Internet update its network stack,
Hi John,
That's incorrect and obviously so. While repurposing 240/4 as general purpose Internet addresses might require that level of effort, other uses such as local LAN addressing would only require the equipment on that one lan to be updated -- a much more attainable goal.
If you want to patch your devices so they use 240/4 as a version of 10/8 on your own network, you can do that any time you want.
Reallocating 240/4 as unpurposed unicast address space would allow some standards-compliant uses to become practical before others. A few quite quickly.
So long as we agree that "quickly" means a decade. If we did this bad idea, at some point there would be a tipping point where enough hosts recognized them to be useful, but we say the same thing about IPv6.
Is it not past time we admit that we have no real idea what the schedule or level of effort will be for making IPv6 ubiquitous?
Oh, absolutely. I have conversations with my hosting provider in which they tell me that nobody has ever asked for IPv6 other than me, and they had no idea their upstream (Spectrum) had native IPv6. So I keep using a tunnel. I would expect the same conversations about 240/4. R's, John
On 8 Mar 2022 19:14:34 -0500 "John Levine" <johnl@iecc.com> wrote:
I have conversations with my hosting provider in which they tell me that nobody has ever asked for IPv6 other than me,
Oh you too? I got that response all the time. Then I when I press, they usually say they've had one, two, three, maybe four others ask over some really long period of time. The good news is most hosting providers I've dealt with in the past few years have v6 support now. Those that don't seem to be in the minority now from what I can tell. When I was a college DJ, the older people used to tell me for each phone call I get into the show figure you have about 100 listeners. I'm sure that was a WAG, but I bet there is some 1 to x ratio of others out there that just aren't calling about IPv6. John
John Levine wrote:
Oh, absolutely. I have conversations with my hosting provider in which they tell me that nobody has ever asked for IPv6 other than me, and they had no idea their upstream (Spectrum) had native IPv6. So I keep using a tunnel.
Why do you think you need IPv6? What is the point to have a tunnel even if people, maybe excluding you, are fine without it? Masataka Ohta
Is it not past time we admit that we have no real idea what the schedule or level of effort will be for making IPv6 ubiquitous? This year it was more than last year and next year it'll probably be more than this year. The more precise predictions all seem to have fallen flat.
The only way IPv6 will ever be ubiquitous is if there comes a time where there is some forcing event that requires it to be. Unless that occurs, people will continue to spend time and energy coming up with ways to squeeze the blood out of v4 that could have been used to get v6 going instead. I don't foresee anything changing for most of the rest of our careers, and possibly the next generation behind us. On Tue, Mar 8, 2022 at 4:13 PM William Herrin <bill@herrin.us> wrote:
On Tue, Mar 8, 2022 at 12:34 PM John Levine <johnl@iecc.com> wrote:
FWIW, I also don't think that repurposing 240/4 is a good idea. To be useful it would require that every host on the Internet update its network stack,
Hi John,
That's incorrect and obviously so. While repurposing 240/4 as general purpose Internet addresses might require that level of effort, other uses such as local LAN addressing would only require the equipment on that one lan to be updated -- a much more attainable goal.
Reallocating 240/4 as unpurposed unicast address space would allow some standards-compliant uses to become practical before others. A few quite quickly.
which would take on the order of a decade, to free up some space that would likely be depleted in a year or two. It's basically the same amount of work as getting everything to work on IPv6.
Is it not past time we admit that we have no real idea what the schedule or level of effort will be for making IPv6 ubiquitous? This year it was more than last year and next year it'll probably be more than this year. The more precise predictions all seem to have fallen flat.
Regards, Bill Herrin
-- William Herrin bill@herrin.us https://bill.herrin.us/
On Tue, 2022-03-08 at 19:25 -0500, Tom Beecher wrote:
The only way IPv6 will ever be ubiquitous is if there comes a time where there is some forcing event that requires it to be.
Unless that occurs, people will continue to spend time and energy coming up with ways to squeeze the blood out of v4 that could have been used to get v6 going instead. I don't foresee anything changing for most of the rest of our careers, and possibly the next generation behind us.
<sarcasm> Exactly. The only thing I see changing anything is when the MTU gets low enough that you are sending more encapsulation headers than payload. When the effective MTU is 8, then... But by then I'll have a 1Tb link to my house... so who cares?! </sarcasm>
The only way IPv6 will ever be ubiquitous is if there comes a time where there is some forcing event that requires it to be.
Unless that occurs, people will continue to spend time and energy coming up with ways to squeeze the blood out of v4 that could have been used to get v6 going instead.
I agree. There is a great deal of unused or underused v4 space that increasing prices have found and even if the long term cost of setting up v6 is lower, it's more than the short term cost to buy another v4 block. This still doesn't mean that screwing around with 240/4 or, an even worse 127/8 minus 127/24, is a good idea. Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
John R. Levine writes:
This still doesn't mean that screwing around with 240/4 or, an even worse 127/8 minus 127/24, is a good idea.
I hope you'll be slightly mollified to learn that it's actually 127/8 minus 127/16. https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-127/ That's the most challenging one, but we've still seen something of a lack of people getting in touch to point out concrete problems. One person did get in touch to describe an unofficial use of, apparently, all of 127/8 as private address space in a VPN product. If people let us know about more, we can investigate workarounds or possible changes to our proposals. We previously thought that the reference NTP implementation was using all of 127/8 to identify hardware clock drivers. But it turns out it doesn't actually connect to these. If anyone reading this knows of something that uses a loopback address outside of 127/16 for an application, or something that can't be updated and would be harmed if the rest of the network stopped treating this as loopback, we'd be glad to hear about it.
One thing is for certain… If folks had put 0.10 as much effort into deploying IPv6 as has been put into arguing about whether or not ~17 /8s worth of IPv4 makes a meaningful difference to the internet as a whole, IPv4 would long since have become irrelevant as it must eventually be. Owen
On Mar 8, 2022, at 18:35, Seth David Schoen <schoen@loyalty.org> wrote:
John R. Levine writes:
This still doesn't mean that screwing around with 240/4 or, an even worse 127/8 minus 127/24, is a good idea.
I hope you'll be slightly mollified to learn that it's actually 127/8 minus 127/16.
https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-127/
That's the most challenging one, but we've still seen something of a lack of people getting in touch to point out concrete problems.
One person did get in touch to describe an unofficial use of, apparently, all of 127/8 as private address space in a VPN product. If people let us know about more, we can investigate workarounds or possible changes to our proposals.
We previously thought that the reference NTP implementation was using all of 127/8 to identify hardware clock drivers. But it turns out it doesn't actually connect to these.
If anyone reading this knows of something that uses a loopback address outside of 127/16 for an application, or something that can't be updated and would be harmed if the rest of the network stopped treating this as loopback, we'd be glad to hear about it.
Owen DeLong via NANOG wrote:
One thing is for certain… If folks had put 0.10 as much effort into deploying IPv6 as has been put into arguing about whether or not ~17 /8s worth of IPv4 makes a meaningful difference to the internet as a whole, IPv4 would long since have become irrelevant as it must eventually be.
Owen
You might have had a decent point there instead of a soundbite, except that you are conflating different people together, as if the ones arguing to extend IPv4 are conveniently the same ones whom if they redirected their efforts would have IPv6 deployed in a few jiffies. Reality is quite a bit different. Joe
Given the draft lies about the status of 127/8. Words have meanings. When all of 127.0.0.0/8 was reserved for loopback addressing, IPv4 addresses were not yet recognized as scarce. Today, there is no justification for allocating 1/256 of all IPv4 addresses for this purpose, when only one of these addresses is commonly used and only a handful are regularly used at all. Unreserving the majority of these addresses provides a large number of additional IPv4 host addresses for possible use, alleviating some of the pressure of IPv4 address exhaustion. It is not RESERVED, it is ASSIGNED. The class A network number 127 is assigned the "loopback" function, that is, a datagram sent by a higher level protocol to a network 127 address should loop back inside the host. No datagram "sent" to a network 127 address should ever appear on any network anywhere. If it was actually reserved there would be much less complaint. People have made use of that space based on the fact that it was ASSIGNED a purpose whether you like that or feel that it was a good use of resources. Compulsory acquisition is something that should not be done lightly. It also requires fair compensation to be paid.
On 9 Mar 2022, at 13:35, Seth David Schoen <schoen@loyalty.org> wrote:
John R. Levine writes:
This still doesn't mean that screwing around with 240/4 or, an even worse 127/8 minus 127/24, is a good idea.
I hope you'll be slightly mollified to learn that it's actually 127/8 minus 127/16.
https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-127/
That's the most challenging one, but we've still seen something of a lack of people getting in touch to point out concrete problems.
One person did get in touch to describe an unofficial use of, apparently, all of 127/8 as private address space in a VPN product. If people let us know about more, we can investigate workarounds or possible changes to our proposals.
What’s “unofficial” about it? The point of ASSIGNING 127/8 for loopback meant the ANYONE could use that address space OFFICIALLY so long as packets with those addresses didn’t leave the machine.
We previously thought that the reference NTP implementation was using all of 127/8 to identify hardware clock drivers. But it turns out it doesn't actually connect to these.
If anyone reading this knows of something that uses a loopback address outside of 127/16 for an application, or something that can't be updated and would be harmed if the rest of the network stopped treating this as loopback, we'd be glad to hear about it.
What does it matter what people are using those addresses for. They are using them in good faith and are under no obligation to report how they are using them. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Tue, Mar 8, 2022 at 11:30 PM Mark Andrews <marka@isc.org> wrote:
Given the draft lies about the status of 127/8. Words have meanings.
When all of 127.0.0.0/8 was reserved for loopback addressing, IPv4 addresses were not yet recognized as scarce. Today, there is no justification for allocating 1/256 of all IPv4 addresses for this purpose, when only one of these addresses is commonly used and only a handful are regularly used at all. Unreserving the majority of these addresses provides a large number of additional IPv4 host addresses for possible use, alleviating some of the pressure of IPv4 address exhaustion.
It is not RESERVED, it is ASSIGNED.
The class A network number 127 is assigned the "loopback" function, that is, a datagram sent by a higher level protocol to a network 127 address should loop back inside the host. No datagram "sent" to a network 127 address should ever appear on any network anywhere.
If it was actually reserved there would be much less complaint. People have made use of that space based on the fact that it was ASSIGNED a purpose whether you like that or feel that it was a good use of resources.
Compulsory acquisition is something that should not be done lightly. It also requires fair compensation to be paid.
On 9 Mar 2022, at 13:35, Seth David Schoen <schoen@loyalty.org> wrote:
John R. Levine writes:
This still doesn't mean that screwing around with 240/4 or, an even worse 127/8 minus 127/24, is a good idea.
I hope you'll be slightly mollified to learn that it's actually 127/8 minus 127/16.
https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-127/
That's the most challenging one, but we've still seen something of a lack of people getting in touch to point out concrete problems.
One person did get in touch to describe an unofficial use of, apparently, all of 127/8 as private address space in a VPN product. If people let us know about more, we can investigate workarounds or possible changes to our proposals.
What’s “unofficial” about it? The point of ASSIGNING 127/8 for loopback meant the ANYONE could use that address space OFFICIALLY so long as packets with those addresses didn’t leave the machine.
re: *the machine*. This touches upon the one use case I've come up with for narrowing the scope of the loopback 127.x, and widening it slightly. What is a "machine"? nowadays there are fleets of microservices (:cough: kubernetes) being deployed. Crossing a security barrier within one machine is one thing, crossing it into the wire between machines, another. Local compute, separated by vms or containers, is often orders of magnitude faster than going over a wire, and a cluster of those can be carried from physical machine to physical machine. I otherwise don't want to be drawn into the tar-baby discussion about 127, it's discussion of utilizing 240/4 sanely and 0/8 sanely I desire more.
We previously thought that the reference NTP implementation was using all of 127/8 to identify hardware clock drivers. But it turns out it doesn't actually connect to these.
If anyone reading this knows of something that uses a loopback address outside of 127/16 for an application, or something that can't be updated and would be harmed if the rest of the network stopped treating this as loopback, we'd be glad to hear about it.
What does it matter what people are using those addresses for. They are using them in good faith and are under no obligation to report how they are using them.
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
-- I tried to build a better future, a few times: https://wayforward.archive.org/?site=https%3A%2F%2Fwww.icei.org Dave Täht CEO, TekLibre, LLC
On 09/03/2022 00:25, Tom Beecher wrote:
The only way IPv6 will ever be ubiquitous is if there comes a time where there is some forcing event that requires it to be.
In about two years time, IPv4 addresses will be worth on the order of $100/IP, assuming current trends hold. That's a lot of revenue in leasing IPv4 to the business customers that refuse to think about IPv6 because $reason. It's also a lot of unit cost to add to a consumer-grade service, where your margins are distastefully thin already (well, in some markets) and set to get thinner when you need to buy a swathe of CGNAT boxes to keep routing IPv4. Even at todays's dollar price, this dilemma holds true, but I largely suspect that there are too few fixed-line ISPs that have been forced into CGNAT yet - the more that are, the more will wonder why they're buying so many of them. -- Tom
Tom Beecher wrote:
The only way IPv6 will ever be ubiquitous is if there comes a time where there is some forcing event that requires it to be.
Unless that occurs, people will continue to spend time and energy coming up with ways to squeeze the blood out of v4 that could have been used to get v6 going instead. I don't foresee anything changing for most of the rest of our careers, and possibly the next generation behind us.
I dont think it is as bad as that, but what you are implicitly saying is that even multi-decades efforts to prolong IPv4 have clear justification to begin now, if not sooner. As for the rest of this popular meme, instead of aspirations to force a chosen technology down the throats of many clearly unwilling and/or uninterested parties whom make up a still significant percentage of the internet, perhaps more effort should be expended on A) making the chosen technology more attractive, more useful, more deployable, more compatible, etc. Because clearly its not enough of those things for many, regardless of whatever personal experience or theories you may have on the matter. B) Keeping the rest of the internet as functional as possible, with whatever tradeoffs make send, for the actual potential duration of A instead of pie-in-the-sky estimates. Which have a 100% track record of being wrong. Persuasion, not coercion. Which even if it were possible, is wrong and immoral. The internet is supposed to be about mutually beneficial cooperation, not hierarchical coercion. Joe
I'm beginning to wonder if the internet will survive the ipv6 adoption debates. Here's the real problem which you all can promptly ignore: The IETF et al are full of bright technical people who can design protocols, packet formats, etc. But many of the major problems facing the internet are not, at their core, engineering problems. They're in the realm of social, legal, marketing, politics, int'l policy, governance, law enforcement, commerce, economics, sociology, psychology, etc. which TBH as bright as many of the engineers et al are these problems are way beyond their ken, occasional polymath excepted. But first you have to admit you have a problem, and limitations. Shouting at the rafters about address space depletion etc while waving RFCs may not quite do it. Similar can be said about spam, malware attacks, phishing, etc. Yet another cryptographic protocol probably won't save the day but as the expression goes when all you have is a hammer the whole world looks like a nail. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
I agree. iMO, this 240/4 issue is another one of those tussles in cyberspace <https://david.choffnes.com/classes/cs4700fa14/papers/tussle.pdf>. But I don’t fault IETF people or anyone else who pursues technical solutions to these types of problems as long as they are open and honest about the limitations of these solutions. Also, IMO, the value of having a discussion about this issue here (and other NOG forums) is to get the perspective of people who (generally speaking) deal more immediately with the problems the broader “online" population has with IETF-based technology. —gregbo
On Mar 8, 2022, at 9:25 PM, bzs@theworld.com wrote:
I'm beginning to wonder if the internet will survive the ipv6 adoption debates.
Here's the real problem which you all can promptly ignore:
The IETF et al are full of bright technical people who can design protocols, packet formats, etc.
But many of the major problems facing the internet are not, at their core, engineering problems.
They're in the realm of social, legal, marketing, politics, int'l policy, governance, law enforcement, commerce, economics, sociology, psychology, etc. which TBH as bright as many of the engineers et al are these problems are way beyond their ken, occasional polymath excepted.
But first you have to admit you have a problem, and limitations.
Shouting at the rafters about address space depletion etc while waving RFCs may not quite do it.
Similar can be said about spam, malware attacks, phishing, etc.
Yet another cryptographic protocol probably won't save the day but as the expression goes when all you have is a hammer the whole world looks like a nail.
-- -Barry Shein
Software Tool & Die | bzs at TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
It is great to see NANOG members describing some of the real barriers to widespread IPv6 deployment. Buggy implementations, lack of consumer demand, too many other things to do (like rapidly deploying fiber to customers before they switch to a competitor), lack of IPv6 expertise at ISPs, lack of ISP demand driving lack of supplier support, and doubled testing and qualification workload. As Tim Howe <tim.h@bendtel.com> wrote:
... I do not really blame those who don't, because in order to get where we are I had to make it my personal mission in life to get to a passive FTTP configuration that would work with functional parity between v4 and v6... For over a year I had to test gear, which requires a lot of time and effort and study and support and managerial latitude. I had to isolate bugs and spend the time reporting them, which often means making a pain in the butt out of yourself and championing the issue with the vendor (sometimes it means committing to buying things). I had to INSIST on support from vendors and refuse to buy things that didn't work. I had to buy new gear I would not have otherwise needed. I also had to "fire" a couple of vendors and purge them from my network; I even sent back an entire shipment of gear to a vendor due to broken promises. Basically I had to be extremely unreasonable. My position is unique in that I was able to do these things and get away with it. I can't blame anyone for not going down that road.
What struck me is how NONE of those challenges in doing IPv6 deployment in the field had anything to do with fending off attempts to make IPv4 better. Let me say that again. Among all the reasons why IPv6 didn't take over the world, NONE of them is "because we spent all our time improving IPv4 standards instead". John Gilmore
What struck me is how NONE of those challenges in doing IPv6 deployment in the field had anything to do with fending off attempts to make IPv4 better.
Let me say that again. Among all the reasons why IPv6 didn't take over the world, NONE of them is "because we spent all our time improving IPv4 standards instead".
I’ll somewhat call bullshit on this conclusion from the data available. True, none of the reasons directly claim “IPv6 isn’t good enough because we did X for v4 instead”, yet all of them in some way refer back to “insufficient resources to make this the top priority.” which means that any resources being dedicated to improving (or more accurately further band-aiding) IPv4 are effectively being taken away from solving the problems that exist with IPv6 pretty much by definition. So I will stand by my statement that if we put half of the effort that has been spent discussing these 16 relatively useless /8s that would not significantly improve the lifespan of IPv4 on resolving the barriers to deployment of IPv6, we would actually have a lot less need for IPv4 and a lot more deployment of IPv6 already. Owen
On Mar 16, 2022, at 12:20 PM, Owen DeLong via NANOG <nanog@nanog.org <mailto:nanog@nanog.org>> wrote:
What struck me is how NONE of those challenges in doing IPv6 deployment in the field had anything to do with fending off attempts to make IPv4 better.
Let me say that again. Among all the reasons why IPv6 didn't take over the world, NONE of them is "because we spent all our time improving IPv4 standards instead".
I’ll somewhat call bullshit on this conclusion from the data available. True, none of the reasons directly claim “IPv6 isn’t good enough because we did X for v4 instead”, yet all of them in some way refer back to “insufficient resources to make this the top priority.” which means that any resources being dedicated to improving (or more accurately further band-aiding) IPv4 are effectively being taken away from solving the problems that exist with IPv6 pretty much by definition.
So I will stand by my statement that if we put half of the effort that has been spent discussing these 16 relatively useless /8s that would not significantly improve the lifespan of IPv4 on resolving the barriers to deployment of IPv6, we would actually have a lot less need for IPv4 and a lot more deployment of IPv6 already.
Owen
Regarding
all of them in some way refer back to “insufficient resources to
make this the top priority.”
This is not a technical issue. It is a management issue where long term global goals are sacrificed for short term local goals e.g., “How do I make my numbers this month so my bonus happens?” The insufficiency is management incentives driving management behavior. James
So your answer is do nothing because we should be spending the time on v6? There are a lot of barriers to v6, and there is no logical reason why this range of v4 subnets wasn’t made available to the world a decade (or two) ago. The next best time to do it is now though. On Wed, Mar 16, 2022 at 12:21 PM Owen DeLong via NANOG <nanog@nanog.org> wrote:
What struck me is how NONE of those challenges in doing IPv6 deployment in the field had anything to do with fending off attempts to make IPv4 better.
Let me say that again. Among all the reasons why IPv6 didn't take over the world, NONE of them is "because we spent all our time improving IPv4 standards instead".
I’ll somewhat call bullshit on this conclusion from the data available. True, none of the reasons directly claim “IPv6 isn’t good enough because we did X for v4 instead”, yet all of them in some way refer back to “insufficient resources to make this the top priority.” which means that any resources being dedicated to improving (or more accurately further band-aiding) IPv4 are effectively being taken away from solving the problems that exist with IPv6 pretty much by definition.
So I will stand by my statement that if we put half of the effort that has been spent discussing these 16 relatively useless /8s that would not significantly improve the lifespan of IPv4 on resolving the barriers to deployment of IPv6, we would actually have a lot less need for IPv4 and a lot more deployment of IPv6 already.
Owen
My answer is to work on resolving the barriers to v6 instead of wasting time on this, yes. Owen
On Mar 16, 2022, at 11:12 , David Bass <davidbass570@gmail.com> wrote:
So your answer is do nothing because we should be spending the time on v6?
There are a lot of barriers to v6, and there is no logical reason why this range of v4 subnets wasn’t made available to the world a decade (or two) ago. The next best time to do it is now though.
On Wed, Mar 16, 2022 at 12:21 PM Owen DeLong via NANOG <nanog@nanog.org <mailto:nanog@nanog.org>> wrote:
What struck me is how NONE of those challenges in doing IPv6 deployment in the field had anything to do with fending off attempts to make IPv4 better.
Let me say that again. Among all the reasons why IPv6 didn't take over the world, NONE of them is "because we spent all our time improving IPv4 standards instead".
I’ll somewhat call bullshit on this conclusion from the data available. True, none of the reasons directly claim “IPv6 isn’t good enough because we did X for v4 instead”, yet all of them in some way refer back to “insufficient resources to make this the top priority.” which means that any resources being dedicated to improving (or more accurately further band-aiding) IPv4 are effectively being taken away from solving the problems that exist with IPv6 pretty much by definition.
So I will stand by my statement that if we put half of the effort that has been spent discussing these 16 relatively useless /8s that would not significantly improve the lifespan of IPv4 on resolving the barriers to deployment of IPv6, we would actually have a lot less need for IPv4 and a lot more deployment of IPv6 already.
Owen
Let me say that again. Among all the reasons why IPv6 didn't take over the world, NONE of them is "because we spent all our time improving IPv4 standards instead".
I'll somewhat call bullshit on this conclusion from the data available. True, none of the reasons directly claim "IPv6 isn't good enough because we did X for v4 instead", yet all of them in some way refer back to "insufficient resources to make this the top priority." which means that any resources being dedicated to improving (or more accurately further band-aiding) IPv4 are effectively being taken away from solving the problems that exist with IPv6 pretty much by definition.
Hi, Owen. Your reasoning proves too much. You propose that every minute of every day that every human isn't actively working at top priority to make IPv6 the default protocol on the Internet, are misguided efforts. "Pretty much by definition." "Any resources being dedicated to" eating, sleeping, going to the bathroom, listening to music, painting a canvas, repairing cars, steering ships, growing food, running railroads, going to school, going to work, riding bicycles, ending homelessness, stopping wars, reforming drug laws, band-aiding IPv4, reducing corruption in government, posting to mailing lists (as you pointed out -- by posting a message to a mailing list!), hopping, skipping, and jumping, "are effectively being taken away from solving the problems that exist with IPv6." Given the billions of people who eat and sleep for HOURS every day, I think I am doing pretty well by just coordinating three people part-time trying to improve IPv4 a little bit. The eaters' and sleepers' level of non-IPv6 effort is billions of times stronger than my level of non-IPv6 effort. Can you forgive me? John
No quibble about the discussion happening on a NOG list, not at all. But frankly unless the proposal is even starting to move forward in the IETF process such that a standards change is possible, it's just noise. ( I don't predict that the draft being discussed ever gets that far anyways ; it has serious deficiencies.) On Sat, Mar 12, 2022 at 6:53 PM Greg Skinner via NANOG <nanog@nanog.org> wrote:
I agree. iMO, this 240/4 issue is another one of those tussles in cyberspace <https://david.choffnes.com/classes/cs4700fa14/papers/tussle.pdf>. But I don’t fault IETF people or anyone else who pursues technical solutions to these types of problems as long as they are open and honest about the limitations of these solutions.
Also, IMO, the value of having a discussion about this issue here (and other NOG forums) is to get the perspective of people who (generally speaking) deal more immediately with the problems the broader “online" population has with IETF-based technology.
—gregbo
On Mar 8, 2022, at 9:25 PM, bzs@theworld.com wrote:
I'm beginning to wonder if the internet will survive the ipv6 adoption debates.
Here's the real problem which you all can promptly ignore:
The IETF et al are full of bright technical people who can design protocols, packet formats, etc.
But many of the major problems facing the internet are not, at their core, engineering problems.
They're in the realm of social, legal, marketing, politics, int'l policy, governance, law enforcement, commerce, economics, sociology, psychology, etc. which TBH as bright as many of the engineers et al are these problems are way beyond their ken, occasional polymath excepted.
But first you have to admit you have a problem, and limitations.
Shouting at the rafters about address space depletion etc while waving RFCs may not quite do it.
Similar can be said about spam, malware attacks, phishing, etc.
Yet another cryptographic protocol probably won't save the day but as the expression goes when all you have is a hammer the whole world looks like a nail.
-- -Barry Shein
Software Tool & Die | bzs at TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
I have qualms about these drafts also. However, even if the IETF does not move forward with any of them (not even to adopt them as WG items), that doesn’t mean they never will. Times change. Circumstances change. The IETF has changed its position on several (IMO) key issues during its existence. Perhaps this will be one of those times. Incidentally, if you take a look at this post from Theodore Ts’o <https://mailarchive.ietf.org/arch/msg/ietf/IGKkL8IM1IptV4Q3Z3pko6OC1Xs/> he’s pretty much saying the same thing that Barry Shein said, that the IETF isn’t as good at policy as it is in producing protocol standards. (The thread it’s from started from a response to the publication of RFC2008 <https://www.rfc-editor.org/rfc/rfc2008.txt> as a Best Current Practice, in spite of “vigorous opposition”.) The other thing I wanted to say is for anyone who doesn’t know a lot about the IETF workings, the contributions of some of the authors of the Schoen drafts are recognized and respected in the IETF Transport Area. They’re not new to this stuff. They have “clue”. They do due diligence. They produce running code, and (IMO) are seeking rough consensus. I believe that in the IETF of, say, a quarter century ago, their drafts would have progressed further through the standards process. For various reasons, today’s IETF is different, but could still change its minds. I believe the authors of the Schoen drafts are capable of drumming up support for their ideas even if they don’t (immediately) become IETF drafts, and that the IETF might change its position on their ideas, as a result of such support. —gregbo
On Mar 16, 2022, at 5:28 AM, Tom Beecher <beecher@beecher.cc> wrote:
No quibble about the discussion happening on a NOG list, not at all.
But frankly unless the proposal is even starting to move forward in the IETF process such that a standards change is possible, it's just noise. ( I don't predict that the draft being discussed ever gets that far anyways ; it has serious deficiencies.)
On Sat, Mar 12, 2022 at 6:53 PM Greg Skinner via NANOG <nanog@nanog.org <mailto:nanog@nanog.org>> wrote: I agree. iMO, this 240/4 issue is another one of those tussles in cyberspace <https://david.choffnes.com/classes/cs4700fa14/papers/tussle.pdf>. But I don’t fault IETF people or anyone else who pursues technical solutions to these types of problems as long as they are open and honest about the limitations of these solutions.
Also, IMO, the value of having a discussion about this issue here (and other NOG forums) is to get the perspective of people who (generally speaking) deal more immediately with the problems the broader “online" population has with IETF-based technology.
—gregbo
On Mar 8, 2022, at 9:25 PM, bzs@theworld.com <mailto:bzs@theworld.com> wrote:
I'm beginning to wonder if the internet will survive the ipv6 adoption debates.
Here's the real problem which you all can promptly ignore:
The IETF et al are full of bright technical people who can design protocols, packet formats, etc.
But many of the major problems facing the internet are not, at their core, engineering problems.
They're in the realm of social, legal, marketing, politics, int'l policy, governance, law enforcement, commerce, economics, sociology, psychology, etc. which TBH as bright as many of the engineers et al are these problems are way beyond their ken, occasional polymath excepted.
But first you have to admit you have a problem, and limitations.
Shouting at the rafters about address space depletion etc while waving RFCs may not quite do it.
Similar can be said about spam, malware attacks, phishing, etc.
Yet another cryptographic protocol probably won't save the day but as the expression goes when all you have is a hammer the whole world looks like a nail.
-- -Barry Shein
Software Tool & Die | bzs at TheWorld.com <http://theworld.com/> | http://www.TheWorld.com <http://www.theworld.com/> Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
John Levine writes:
FWIW, I also don't think that repurposing 240/4 is a good idea.
As people will be aware, we have a different draft on this issue, so I'm also going to pipe up here. https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-240/ (Our draft offers no specific plan for exactly how to use the address space, arguing that the most important short-term priority is to ensure that implementations stop rejecting it, rather than to decide on a policy for how or when it can be allocated. For example, it might turn out that debogonization appears too daunting a task, in which case there might be a consensus to make it into official private address space in the future.)
To be useful it would require that every host on the Internet update its network stack,
Most hosts other than Windows already made this change following the previous proposal in 2008. So we mostly have to get Windows to make the change now. Routers are a more complicated question, and we would love people to help us obtain some concrete data about this.
which would take on the order of a decade, to free up some space that would likely be depleted in a year or two.
When I presented about this at NANOG 84 and APRICOT recently, I noted that a lot of people's intuitions about rapid exhaustion of IPv4 resources come from RIR allocations that were done with nominal fees. But blocks that became available and were sold for market rates seemed to last longer. We think that, if it does become feasible to allocate historically-reserved space for public Internet use, market-based allocations like auction mechanisms (which can potentially also be done by RIRs) will make people more cautious in their appetite for number resources, while also preventing the price of those resources from rising as quickly as it otherwise would. Someone asked a question about how long we thought it would take for that depletion to occur, and I passed it on to Lee Howard (on account of his experience in the IPv4 secondary markets). I think I remember that his answer was "about seven years" -- I should double-check that it wasn't six years or eight years. I understood the question I was passing on to be something like "how long will these resources last, assuming RIRs allocate them by selling them in a series of auctions or selling them into existing address space markets as though they were newly-recovered previously-allocated address space?".
It's basically the same amount of work as getting everything to work on IPv6.
That's challenging to quantify, but in any case it doesn't appear to be _the same work_ or, necessarily, _work by the same people_. For example, Windows already supports IPv6 quite well, but doesn't support unicast 240/4 at all. My Linux laptop supports both well, but my ISP doesn't give me native IPv6. (I don't know yet whether or not my ISP would have to make changes to support native 240/4, although I look forward to finding out!) I don't want people to work to support 240/4 (and other address ranges we've proposed unreserving) at the expense of supporting IPv6. I agree with the consensus that implementers and operators ought to support IPv6. Still, I haven't seen why one can be expected to substitute for or compete with the other, unless one envisions a very direct conflict between improving IPv4 support or services and improving IPv6 support or services. We also have a new draft (published yesterday) more directly on point about that issue... https://datatracker.ietf.org/doc/draft-schoen-intarea-ietf-maintaining-ipv4/
John Levine <johnl@iecc.com> wrote:
FWIW, I also don't think that repurposing 240/4 is a good idea. To be useful it would require that every host on the Internet update its network stack, which would take on the order of a decade...
Those network stacks were updated for 240/4 in 2008-2009 -- a decade ago. See the Implementation Status section of our draft: https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-240/ Major networks are already squatting on the space internally, because they tried it and it works. We have running code. The future is now. We are ready to update the standards. The only major OS that doesn't support 240/4 is Microsoft Windows -- and it comes with regular online updates. So if IETF made the decision to make it unicast space, most MS OS users could be updated within less than a year.
It's basically the same amount of work as getting everything to work on IPv6.
If that was true, we'd be living in the IPv6 heaven now. It doesn't take any OS upgrades for "getting everything to work on IPv6". All the OS's and routers have supported IPv6 for more than a decade. Whatever the IPv6 transition might require, it isn't comparable to the small effort needed to upgrade a few laggard OS's to support 240/4 and to do some de-bogonization in the global Internet, akin to what CloudFlare did for 1.1.1.1. John
It doesn't take any OS upgrades for "getting everything to work on IPv6". All the OS's and routers have supported IPv6 for more than a decade.
There are lots of vendors, both inside and outside the networking space, that have consistently released products with non-existant or broken IPv6 implementations. That includes smaller startups, as well as very big names. An affirmative choice is often made to make sure v4 works , get the thing out the door, and deal with v6 later, or if a big client complains. To be completely fair, some of those vendors also mess up IPv4 implementations as well, but in my experience , v4 stuff is more often 'vanilla' coding issues, whereas v6 mistakes tend to be more basic functional errors, like handling leading zeros correctly. On Wed, Mar 9, 2022 at 4:17 AM John Gilmore <gnu@toad.com> wrote:
John Levine <johnl@iecc.com> wrote:
FWIW, I also don't think that repurposing 240/4 is a good idea. To be useful it would require that every host on the Internet update its network stack, which would take on the order of a decade...
Those network stacks were updated for 240/4 in 2008-2009 -- a decade ago. See the Implementation Status section of our draft:
https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-240/
Major networks are already squatting on the space internally, because they tried it and it works. We have running code. The future is now. We are ready to update the standards.
The only major OS that doesn't support 240/4 is Microsoft Windows -- and it comes with regular online updates. So if IETF made the decision to make it unicast space, most MS OS users could be updated within less than a year.
It's basically the same amount of work as getting everything to work on IPv6.
If that was true, we'd be living in the IPv6 heaven now.
It doesn't take any OS upgrades for "getting everything to work on IPv6". All the OS's and routers have supported IPv6 for more than a decade.
Whatever the IPv6 transition might require, it isn't comparable to the small effort needed to upgrade a few laggard OS's to support 240/4 and to do some de-bogonization in the global Internet, akin to what CloudFlare did for 1.1.1.1.
John
On Wed, 9 Mar 2022 11:22:49 -0500 Tom Beecher <beecher@beecher.cc> wrote:
It doesn't take any OS upgrades for "getting everything to work on IPv6". All the OS's and routers have supported IPv6 for more than a decade.
There are lots of vendors, both inside and outside the networking space, that have consistently released products with non-existant or broken IPv6 implementations. That includes smaller startups, as well as very big names. An affirmative choice is often made to make sure v4 works , get the thing out the door, and deal with v6 later, or if a big client complains.
This a thousand times. Don't believe the claims of IPv6 support until you have fully tested it. Almost no vendor is including any IPv6 testing in their QA process and nobody is including it in any of their support staff training. Their labs may not even have v6 capability. Some of our biggest vendors who have supposedly supported v6 for over a decade have rudimentary, show-stopping bugs. The support staff at these vendors have often never even seen a customer using v6, and they have no idea what it looks like on their own gear. A subset of these vendors will listen to you and fix the problems. Give them your support and loyalty. I want to name names so bad... --TimH
Tim, On Mar 9, 2022, at 9:09 AM, Tim Howe <tim.h@bendtel.com> wrote:
Some of our biggest vendors who have supposedly supported v6 for over a decade have rudimentary, show-stopping bugs.
Not disagreeing (and not picking on you), but despite hearing this with some frequency, I haven’t seen much data to corroborate these sorts of statements.
A subset of these vendors will listen to you and fix the problems. Give them your support and loyalty. I want to name names so bad…
Perhaps the right approach would be similar for network operators to move to a timed full disclosure model (like Google’s Project Zero for security issues)? In the software security world, this model seems to have had a positive impact in getting fixes out. If a vendor who claims v6 support doesn’t actually support v6 (or, if a vendor fixes a known lack of v6 support), it would seem to me that this is information that folks on NANOG (and elsewhere) would find useful. Regards, -drc
On 3/9/22 10:46 AM, David Conrad wrote:
Not disagreeing (and not picking on you), but despite hearing this with some frequency, I haven’t seen much data to corroborate these sorts of statements.
My team ran into a bug in Cisco IOS-XR a few years ago wherein IPv6 connected BGP had problems when using on-link IPs that it did not have when using off-link IPs. E.g. on-link (LL or GUA) vs off-link (GUA on loopback / different interface). -- Grant. . . . unix || die
It's not just equipment vendors, it's ISPs. Here in Oregon, Frontier was recently acquired by Ziply. They're doing massive infrastructure work and recently started offering symmetrical gigabit FTTH. This is a brand new greenfield PON deployment. No IPv6. It took being transferred three times to reach a person who even knew what it was. Likewise the Wave Broadband cable operator. No IPv6, no plans for it. -- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
On 3/9/22 1:01 PM, Jay Hennigan wrote:
It's not just equipment vendors, it's ISPs.
I completely agree. I get why line of business applications; e.g. billing, provisioning, repair, haven't been updated to support IPv6. But I believe that any network equipment vendor that is (or has been for the last 1-2 decades) selling /new/ equipment really has no excuse for not IPv6 not having feature parity with IPv4.
Here in Oregon, Frontier was recently acquired by Ziply. They're doing massive infrastructure work and recently started offering symmetrical gigabit FTTH. This is a brand new greenfield PON deployment. No IPv6. It took being transferred three times to reach a person who even knew what it was.
I've had similar lack of success with my municipal GPON provider. At least the people answering support tickets know what IPv6 is and know that it's on their future list without even being in planing / testing phase.
Likewise the Wave Broadband cable operator. No IPv6, no plans for it.
.... -- Grant. . . . unix || die
ISP here. Deploying gigabit FTTH. No IPv6. Customers have 0 complaints about IPv6. 0 Complaints since 2006. On Wed, Mar 9, 2022 at 4:32 PM Grant Taylor via NANOG <nanog@nanog.org> wrote:
On 3/9/22 1:01 PM, Jay Hennigan wrote:
It's not just equipment vendors, it's ISPs.
I completely agree.
I get why line of business applications; e.g. billing, provisioning, repair, haven't been updated to support IPv6.
But I believe that any network equipment vendor that is (or has been for the last 1-2 decades) selling /new/ equipment really has no excuse for not IPv6 not having feature parity with IPv4.
Here in Oregon, Frontier was recently acquired by Ziply. They're doing massive infrastructure work and recently started offering symmetrical gigabit FTTH. This is a brand new greenfield PON deployment. No IPv6. It took being transferred three times to reach a person who even knew what it was.
I've had similar lack of success with my municipal GPON provider. At least the people answering support tickets know what IPv6 is and know that it's on their future list without even being in planing / testing phase.
Likewise the Wave Broadband cable operator. No IPv6, no plans for it.
....
-- Grant. . . . unix || die
On 3/9/22 1:46 PM, Josh Luthman wrote:
ISP here. Deploying gigabit FTTH. No IPv6.
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Do customers ever complain about double NAT's? Mike
On Wed, Mar 9, 2022 at 4:32 PM Grant Taylor via NANOG <nanog@nanog.org> wrote:
On 3/9/22 1:01 PM, Jay Hennigan wrote: > It's not just equipment vendors, it's ISPs.
I completely agree.
I get why line of business applications; e.g. billing, provisioning, repair, haven't been updated to support IPv6.
But I believe that any network equipment vendor that is (or has been for the last 1-2 decades) selling /new/ equipment really has no excuse for not IPv6 not having feature parity with IPv4.
> Here in Oregon, Frontier was recently acquired by Ziply. They're doing > massive infrastructure work and recently started offering symmetrical > gigabit FTTH. This is a brand new greenfield PON deployment. No > IPv6. It took being transferred three times to reach a person who > even knew what it was.
I've had similar lack of success with my municipal GPON provider. At least the people answering support tickets know what IPv6 is and know that it's on their future list without even being in planing / testing phase.
> Likewise the Wave Broadband cable operator. No IPv6, no plans for it.
....
-- Grant. . . . unix || die
IPv4 doesn't require NAT. But to answer your question, I would say most if not all of the complaints about NAT/double NAT are the Xbox saying strict nat instead of open. These complaints are super rare. On Wed, Mar 9, 2022 at 5:01 PM Michael Thomas <mike@mtcc.com> wrote:
On 3/9/22 1:46 PM, Josh Luthman wrote:
ISP here. Deploying gigabit FTTH. No IPv6.
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Do customers ever complain about double NAT's?
Mike
On Wed, Mar 9, 2022 at 4:32 PM Grant Taylor via NANOG <nanog@nanog.org> wrote:
On 3/9/22 1:01 PM, Jay Hennigan wrote:
It's not just equipment vendors, it's ISPs.
I completely agree.
I get why line of business applications; e.g. billing, provisioning, repair, haven't been updated to support IPv6.
But I believe that any network equipment vendor that is (or has been for the last 1-2 decades) selling /new/ equipment really has no excuse for not IPv6 not having feature parity with IPv4.
Here in Oregon, Frontier was recently acquired by Ziply. They're doing massive infrastructure work and recently started offering symmetrical gigabit FTTH. This is a brand new greenfield PON deployment. No IPv6. It took being transferred three times to reach a person who even knew what it was.
I've had similar lack of success with my municipal GPON provider. At least the people answering support tickets know what IPv6 is and know that it's on their future list without even being in planing / testing phase.
Likewise the Wave Broadband cable operator. No IPv6, no plans for it.
....
-- Grant. . . . unix || die
On 3/9/22 2:03 PM, Josh Luthman wrote:
IPv4 doesn't require NAT.
But to answer your question, I would say most if not all of the complaints about NAT/double NAT are the Xbox saying strict nat instead of open. These complaints are super rare.
CGNat -- which is the alternative -- creates a double NAT. I poked around and it seems that affects quite a few games. Mike
On Wed, Mar 9, 2022 at 5:01 PM Michael Thomas <mike@mtcc.com> wrote:
On 3/9/22 1:46 PM, Josh Luthman wrote:
ISP here. Deploying gigabit FTTH. No IPv6.
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Do customers ever complain about double NAT's?
Mike
On Wed, Mar 9, 2022 at 4:32 PM Grant Taylor via NANOG <nanog@nanog.org> wrote:
On 3/9/22 1:01 PM, Jay Hennigan wrote: > It's not just equipment vendors, it's ISPs.
I completely agree.
I get why line of business applications; e.g. billing, provisioning, repair, haven't been updated to support IPv6.
But I believe that any network equipment vendor that is (or has been for the last 1-2 decades) selling /new/ equipment really has no excuse for not IPv6 not having feature parity with IPv4.
> Here in Oregon, Frontier was recently acquired by Ziply. They're doing > massive infrastructure work and recently started offering symmetrical > gigabit FTTH. This is a brand new greenfield PON deployment. No > IPv6. It took being transferred three times to reach a person who > even knew what it was.
I've had similar lack of success with my municipal GPON provider. At least the people answering support tickets know what IPv6 is and know that it's on their future list without even being in planing / testing phase.
> Likewise the Wave Broadband cable operator. No IPv6, no plans for it.
....
-- Grant. . . . unix || die
Over here in AsiaPAC we ran out of readily available IPv4 many years ago. I’ve been deploying dual stack CGNAT v4 + Public V6 to ISP networks for at least 10 years. Virtually all modern RGW’s and devices (except *** play station) have supported V6 transparently for many years and the customer’s have no clue they are using V6. V6 accounts for about 60% of customer traffic due to widespread support on CDN’s and this reduces the requirement for services card capacity (ISA/ESA on Nokia, MS-MPC on Juniper) on the CGNAT device’s. As a general rule if a customer actually notices and complains about CGN (again *** Playstation) the rule has generally been, sure here is a static v4 ip, bye now. Those customers who notice run at about 100 per 10,000 customers as a general rule. So 10K customers = a /24 for CGN pools and a /25 for static IP’s and you are good to go. Every customer gets a /56 of v6. While I’m not a V6 fanboy it really does work just fine and works well enough that the end customers have absolutely no clue its turned on. It takes little extra effort to enable it when you are deploying a new network element and there is almost universal device support. From: NANOG <nanog-bounces+tony=wicks.co.nz@nanog.org> On Behalf Of Michael Thomas Sent: Thursday, 10 March 2022 11:12 am To: Josh Luthman <josh@imaginenetworksllc.com> Cc: nanog@nanog.org Subject: Re: V6 still not supported On 3/9/22 2:03 PM, Josh Luthman wrote: IPv4 doesn't require NAT. But to answer your question, I would say most if not all of the complaints about NAT/double NAT are the Xbox saying strict nat instead of open. These complaints are super rare. CGNat -- which is the alternative -- creates a double NAT. I poked around and it seems that affects quite a few games. Mike
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Asserting that IPv6 shouldn't be a priority because 'nobody asks for it' is specious. What if customers saw Cloudflare's "isbgpsafeyet" site and demented you stop running BGP because it's "unsafe" ? Is that a valid reason? Customers care about 1 thing only : Does it work when I want to use it, or not. And a lot of ISPs have learned difficult lessons in the last couple years when the small handful of customers who would complain that their work VPN didn't work behind the CGNAT boxes they ran turned into a heck of a lot MORE customers complaining. On Wed, Mar 9, 2022 at 4:48 PM Josh Luthman <josh@imaginenetworksllc.com> wrote:
ISP here. Deploying gigabit FTTH. No IPv6.
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
On Wed, Mar 9, 2022 at 4:32 PM Grant Taylor via NANOG <nanog@nanog.org> wrote:
On 3/9/22 1:01 PM, Jay Hennigan wrote:
It's not just equipment vendors, it's ISPs.
I completely agree.
I get why line of business applications; e.g. billing, provisioning, repair, haven't been updated to support IPv6.
But I believe that any network equipment vendor that is (or has been for the last 1-2 decades) selling /new/ equipment really has no excuse for not IPv6 not having feature parity with IPv4.
Here in Oregon, Frontier was recently acquired by Ziply. They're doing massive infrastructure work and recently started offering symmetrical gigabit FTTH. This is a brand new greenfield PON deployment. No IPv6. It took being transferred three times to reach a person who even knew what it was.
I've had similar lack of success with my municipal GPON provider. At least the people answering support tickets know what IPv6 is and know that it's on their future list without even being in planing / testing phase.
Likewise the Wave Broadband cable operator. No IPv6, no plans for it.
....
-- Grant. . . . unix || die
So you guys keep combining IPv4 and CGNAT. These two things are not the same. They do not require each other. If you're small, you get space straight from ARIN (I got mine in January 2022). If you're big, buy a block (after completing an ARIN ticket!) If you don't want to pay for a big v4 block, then do the cheaper thing: v6. But you're still deploying v4 anyway, it'll just be with (CG)NAT. For me, I see 0 value in v6. I do see customer issues and I have experienced v6 (dual stack) issues myself. So when I have customers demanding I get them FTTH every day and 0 customers demanding I get v6, which do you think I'm going to do? On Wed, Mar 9, 2022 at 5:11 PM Tom Beecher <beecher@beecher.cc> wrote:
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Asserting that IPv6 shouldn't be a priority because 'nobody asks for it' is specious. What if customers saw Cloudflare's "isbgpsafeyet" site and demented you stop running BGP because it's "unsafe" ? Is that a valid reason?
Customers care about 1 thing only : Does it work when I want to use it, or not. And a lot of ISPs have learned difficult lessons in the last couple years when the small handful of customers who would complain that their work VPN didn't work behind the CGNAT boxes they ran turned into a heck of a lot MORE customers complaining.
On Wed, Mar 9, 2022 at 4:48 PM Josh Luthman <josh@imaginenetworksllc.com> wrote:
ISP here. Deploying gigabit FTTH. No IPv6.
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
On Wed, Mar 9, 2022 at 4:32 PM Grant Taylor via NANOG <nanog@nanog.org> wrote:
On 3/9/22 1:01 PM, Jay Hennigan wrote:
It's not just equipment vendors, it's ISPs.
I completely agree.
I get why line of business applications; e.g. billing, provisioning, repair, haven't been updated to support IPv6.
But I believe that any network equipment vendor that is (or has been for the last 1-2 decades) selling /new/ equipment really has no excuse for not IPv6 not having feature parity with IPv4.
Here in Oregon, Frontier was recently acquired by Ziply. They're doing massive infrastructure work and recently started offering symmetrical gigabit FTTH. This is a brand new greenfield PON deployment. No IPv6. It took being transferred three times to reach a person who even knew what it was.
I've had similar lack of success with my municipal GPON provider. At least the people answering support tickets know what IPv6 is and know that it's on their future list without even being in planing / testing phase.
Likewise the Wave Broadband cable operator. No IPv6, no plans for it.
....
-- Grant. . . . unix || die
On Wed, 9 Mar 2022 16:46:56 -0500 Josh Luthman <josh@imaginenetworksllc.com> wrote:
ISP here. Deploying gigabit FTTH. No IPv6.
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Right. And this view point (which I have /some/ sympathy for) is what we're up against. The average person doesn't know IPv6 is a thing, so of course they aren't going to ask for it. But they don't know IPv4 is a thing either, they just want to connect to the Internet. It seems to require an unusual, and difficult-to-justify, drive to make IPv6 happen as part of a forward-looking strategy. ISPs don't deploy it because equipment vendors don't really supply it (or barely). Equipment vendors don't supply it because ISPs don't ask for it (at least that's what my vendors tell me, and I don't think they are lying). Our standard PON and Metro services are dual-stack by default - commercial and residential. Our supplied CPEs are dual stack by default. We offer IPv6 in a variety of configurations on every connectivity product that will support it. However, I do not really blame those who don't, because in order to get where we are I had to make it my personal mission in life to get to a passive FTTP configuration that would work with functional parity between v4 and v6... For over a year I had to test gear, which requires a lot of time and effort and study and support and managerial latitude. I had to isolate bugs and spend the time reporting them, which often means making a pain in the butt out of yourself and championing the issue with the vendor (sometimes it means committing to buying things). I had to INSIST on support from vendors and refuse to buy things that didn't work. I had to buy new gear I would not have otherwise needed. I also had to "fire" a couple of vendors and purge them from my network; I even sent back an entire shipment of gear to a vendor due to broken promises. Basically I had to be extremely unreasonable. My position is unique in that I was able to do these things and get away with it. I can't blame anyone for not going down that road. I'm still waiting to feel like it was worth it. --TimH
On Mar 9, 2022, at 4:39 PM, Tim Howe <tim.h@bendtel.com> wrote:
On Wed, 9 Mar 2022 16:46:56 -0500 Josh Luthman <josh@imaginenetworksllc.com> wrote:
ISP here. Deploying gigabit FTTH. No IPv6.
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Right. And this view point (which I have /some/ sympathy for) is what we're up against. The average person doesn't know IPv6 is a thing, so of course they aren't going to ask for it. But they don't know IPv4 is a thing either, they just want to connect to the Internet.
Been bugging my ISP, which is also a gigabit FTTH outfit, for IPv6 ever since they opened their doors 4-5 years ago. Nothing. “We’re working on it.” they say. “We’re waiting for wider adoption.” they say. “We’re waiting for our upstream to support it.” they say (and HE is their upstream). That comes from me politely emailing the CEO directly a handful of times. What the heck. I’ll name-and-shame. https://www.allocommunications.com -Andy
On 3/9/22 14:46, Andy Ringsmuth wrote:
“We’re waiting for our upstream to support it.” they say (and HE is their upstream).
Perhaps you should bake them a cake. -- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
Loose translation: On 09/03/2022 22:46, Andy Ringsmuth wrote:
“We’re working on it.” they say.
"There is only 1.5 of us; we're overworked and underpaid and this allows us to postpone this workstream for a while."
“We’re waiting for wider adoption.” they say.
"Not enough of you are complaining about the lack of IPv6, but we're still pushing 8.8.8.8 as our resolver so we have to fix that first."
“We’re waiting for our upstream to support it.” they say (and HE is their upstream).
"Our BGP edge router is a 7600 pieced together from several eBay purchases, and might blow up if we add the IPv6 DFZ." The first one is all-too-common where I live, too. Fake it until you make it is rife. Getting fibre into the ground - past as many homes as possible - is the sole priority. -- Tom
FWIW, most of my ISPs all know about dual stack and want it. I think the legacy websites, CPE and applications that hard code IPv4 make it a tough battle - it's easier to just support v4, but nowadays, some are going all v6. At some point, v4-only ISPs will be at a competitive disadvantage. ISPs that force this will not have to buy CGNAT or spend $60 on a v4 address, but yes, it's still a tough slog. -----Original Message----- From: NANOG <nanog-bounces+tmitchell=netelastic.com@nanog.org> On Behalf Of Tim Howe Sent: Wednesday, March 9, 2022 2:40 PM To: Josh Luthman <josh@imaginenetworksllc.com>; nanog@nanog.org Subject: Re: V6 still not supported On Wed, 9 Mar 2022 16:46:56 -0500 Josh Luthman <josh@imaginenetworksllc.com> wrote:
ISP here. Deploying gigabit FTTH. No IPv6.
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Right. And this view point (which I have /some/ sympathy for) is what we're up against. The average person doesn't know IPv6 is a thing, so of course they aren't going to ask for it. But they don't know IPv4 is a thing either, they just want to connect to the Internet. It seems to require an unusual, and difficult-to-justify, drive to make IPv6 happen as part of a forward-looking strategy. ISPs don't deploy it because equipment vendors don't really supply it (or barely). Equipment vendors don't supply it because ISPs don't ask for it (at least that's what my vendors tell me, and I don't think they are lying). Our standard PON and Metro services are dual-stack by default - commercial and residential. Our supplied CPEs are dual stack by default. We offer IPv6 in a variety of configurations on every connectivity product that will support it. However, I do not really blame those who don't, because in order to get where we are I had to make it my personal mission in life to get to a passive FTTP configuration that would work with functional parity between v4 and v6... For over a year I had to test gear, which requires a lot of time and effort and study and support and managerial latitude. I had to isolate bugs and spend the time reporting them, which often means making a pain in the butt out of yourself and championing the issue with the vendor (sometimes it means committing to buying things). I had to INSIST on support from vendors and refuse to buy things that didn't work. I had to buy new gear I would not have otherwise needed. I also had to "fire" a couple of vendors and purge them from my network; I even sent back an entire shipment of gear to a vendor due to broken promises. Basically I had to be extremely unreasonable. My position is unique in that I was able to do these things and get away with it. I can't blame anyone for not going down that road. I'm still waiting to feel like it was worth it. --TimH
but nowadays, some are going all v6.
Where is there v6 only services/content?
v4-only ISPs will be at a competitive disadvantage
That's such a wild claim I'd love to know where you come to that conclusion. In my rural market, we're the only option for service, simple as that. In the urban areas we find it's all about price promos to get the customer the lowest price. These same people can't tell the difference between three different companies (we were installing fiber next door and a guy kept asking us if we were Spectrum, he simply didn't understand we were a different company). They don't understand the difference between the internet and WiFi. Yet they'll prefer a v6 ISP over a v4 ISP? Come on. On Thu, Mar 10, 2022 at 3:24 PM netElastic Systems <tmitchell@netelastic.com> wrote:
FWIW, most of my ISPs all know about dual stack and want it. I think the legacy websites, CPE and applications that hard code IPv4 make it a tough battle - it's easier to just support v4, but nowadays, some are going all v6. At some point, v4-only ISPs will be at a competitive disadvantage. ISPs that force this will not have to buy CGNAT or spend $60 on a v4 address, but yes, it's still a tough slog.
-----Original Message----- From: NANOG <nanog-bounces+tmitchell=netelastic.com@nanog.org> On Behalf Of Tim Howe Sent: Wednesday, March 9, 2022 2:40 PM To: Josh Luthman <josh@imaginenetworksllc.com>; nanog@nanog.org Subject: Re: V6 still not supported
On Wed, 9 Mar 2022 16:46:56 -0500 Josh Luthman <josh@imaginenetworksllc.com> wrote:
ISP here. Deploying gigabit FTTH. No IPv6.
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Right. And this view point (which I have /some/ sympathy for) is what we're up against. The average person doesn't know IPv6 is a thing, so of course they aren't going to ask for it. But they don't know IPv4 is a thing either, they just want to connect to the Internet.
It seems to require an unusual, and difficult-to-justify, drive to make IPv6 happen as part of a forward-looking strategy.
ISPs don't deploy it because equipment vendors don't really supply it (or barely). Equipment vendors don't supply it because ISPs don't ask for it (at least that's what my vendors tell me, and I don't think they are lying).
Our standard PON and Metro services are dual-stack by default - commercial and residential. Our supplied CPEs are dual stack by default. We offer IPv6 in a variety of configurations on every connectivity product that will support it.
However, I do not really blame those who don't, because in order to get where we are I had to make it my personal mission in life to get to a passive FTTP configuration that would work with functional parity between v4 and v6... For over a year I had to test gear, which requires a lot of time and effort and study and support and managerial latitude. I had to isolate bugs and spend the time reporting them, which often means making a pain in the butt out of yourself and championing the issue with the vendor (sometimes it means committing to buying things). I had to INSIST on support from vendors and refuse to buy things that didn't work. I had to buy new gear I would not have otherwise needed. I also had to "fire" a couple of vendors and purge them from my network; I even sent back an entire shipment of gear to a vendor due to broken promises.
Basically I had to be extremely unreasonable. My position is unique in that I was able to do these things and get away with it. I can't blame anyone for not going down that road. I'm still waiting to feel like it was worth it.
--TimH
On 3/10/22 3:44 PM, Josh Luthman wrote:
In my rural market, we're the only option for service, simple as that.
We don't care, we don't have to; we're the phone company. -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
On Thu, Mar 10, 2022 at 12:45 PM Josh Luthman <josh@imaginenetworksllc.com> wrote:
but nowadays, some are going all v6.
Where is there v6 only services/content?
V6 only to 100m+ Smartphones and now coming up on millions of home broadband , we out here https://www.internetsociety.org/resources/deploy360/2014/case-study-t-mobile...
v4-only ISPs will be at a competitive disadvantage
That's such a wild claim I'd love to know where you come to that conclusion. In my rural market, we're the only option for service, simple as that. In the urban areas we find it's all about price promos to get the customer the lowest price. These same people can't tell the difference between three different companies (we were installing fiber next door and a guy kept asking us if we were Spectrum, he simply didn't understand we were a different company). They don't understand the difference between the internet and WiFi. Yet they'll prefer a v6 ISP over a v4 ISP? Come on.
On Thu, Mar 10, 2022 at 3:24 PM netElastic Systems < tmitchell@netelastic.com> wrote:
FWIW, most of my ISPs all know about dual stack and want it. I think the legacy websites, CPE and applications that hard code IPv4 make it a tough battle - it's easier to just support v4, but nowadays, some are going all v6. At some point, v4-only ISPs will be at a competitive disadvantage. ISPs that force this will not have to buy CGNAT or spend $60 on a v4 address, but yes, it's still a tough slog.
-----Original Message----- From: NANOG <nanog-bounces+tmitchell=netelastic.com@nanog.org> On Behalf Of Tim Howe Sent: Wednesday, March 9, 2022 2:40 PM To: Josh Luthman <josh@imaginenetworksllc.com>; nanog@nanog.org Subject: Re: V6 still not supported
On Wed, 9 Mar 2022 16:46:56 -0500 Josh Luthman <josh@imaginenetworksllc.com> wrote:
ISP here. Deploying gigabit FTTH. No IPv6.
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Right. And this view point (which I have /some/ sympathy for) is what we're up against. The average person doesn't know IPv6 is a thing, so of course they aren't going to ask for it. But they don't know IPv4 is a thing either, they just want to connect to the Internet.
It seems to require an unusual, and difficult-to-justify, drive to make IPv6 happen as part of a forward-looking strategy.
ISPs don't deploy it because equipment vendors don't really supply it (or barely). Equipment vendors don't supply it because ISPs don't ask for it (at least that's what my vendors tell me, and I don't think they are lying).
Our standard PON and Metro services are dual-stack by default - commercial and residential. Our supplied CPEs are dual stack by default. We offer IPv6 in a variety of configurations on every connectivity product that will support it.
However, I do not really blame those who don't, because in order to get where we are I had to make it my personal mission in life to get to a passive FTTP configuration that would work with functional parity between v4 and v6... For over a year I had to test gear, which requires a lot of time and effort and study and support and managerial latitude. I had to isolate bugs and spend the time reporting them, which often means making a pain in the butt out of yourself and championing the issue with the vendor (sometimes it means committing to buying things). I had to INSIST on support from vendors and refuse to buy things that didn't work. I had to buy new gear I would not have otherwise needed. I also had to "fire" a couple of vendors and purge them from my network; I even sent back an entire shipment of gear to a vendor due to broken promises.
Basically I had to be extremely unreasonable. My position is unique in that I was able to do these things and get away with it. I can't blame anyone for not going down that road. I'm still waiting to feel like it was worth it.
--TimH
not to echo cameron's comment too much, but... On Thu, Mar 10, 2022 at 3:44 PM Josh Luthman <josh@imaginenetworksllc.com> wrote:
but nowadays, some are going all v6.
Where is there v6 only services/content?
I don't think any of this matters, really. Is deploying v6 doable? yes Is deploying it going to cost some clams? probably? maybe? Is it important to users? no? yes? maybe?
The point of all of this 'deploy v6' conversation is REALLY: "Hey, eventually, in the long term using v4 is going to get more expensive and more inconvenient... probably." Some folk have taken the view that: "Do some work now, flush out the problems and be prepared so it's not an emergency later" some folk are waiting on everyone else (or enough everyone else) to flush out the problems for them. I don't see a lot of profit in trying to convince people that are on the 'meh, waiting on the <whatever> before v6 for me!' -chris btw, The year is 2022, verizon FIOS still has no actual v6 deployment... In the year ~2005 AS701 was fully v6 capable. In ~2009 the AS19262 edge was capable of ipv6. (think my chat with a noc/eng person was pre-aurora... so 2009 seems right) I guess not enough folk in AS701/19262/FIOS land are asking for v6? or something?
Yo Josh! On Wed, 9 Mar 2022 16:46:56 -0500 Josh Luthman <josh@imaginenetworksllc.com> wrote:
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Bull. I have not complained to any corporation in the last 5 years where the stanard response was not "We've never heard that complaint before". recently every one I my street complained about the same things at the same time, but we all got that response. Denial ain't just a river in Egypt. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 gem@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin
Gary, I'm the owner of the business. I answer a lot of tier 1 support calls. I read every single ticket summary. It's not denial, it's just that I'm small enough to be able to follow up on every support issue. You can claim bull if you want but my evidence can beat up your claim. On Wed, Mar 9, 2022 at 5:55 PM Gary E. Miller <gem@rellim.com> wrote:
Yo Josh!
On Wed, 9 Mar 2022 16:46:56 -0500 Josh Luthman <josh@imaginenetworksllc.com> wrote:
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Bull. I have not complained to any corporation in the last 5 years where the stanard response was not "We've never heard that complaint before". recently every one I my street complained about the same things at the same time, but we all got that response.
Denial ain't just a river in Egypt.
RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 gem@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin
I would like to ask an earnest question here, because I work in an environment where IPv6 has been deployed for more than a decade, and it's just automatically part of things we do and have to solve for, so I will openly admit my perspective can be warped. I am truly curious about what the perceived blockers are for you, and others with the same perspective. You appear to run a residential ISP. There are essentially 3 things you would have to do to deploy IPv6. 1. CPE would need to support it. 2. Your network infrastructure would have to support it. 3. Subscriber services ( DHCP / DNS / IPAM ) would have to support it. Putting aside the 'zero value' idea, if you were to decide to take steps today , what are your blockers? On Thu, Mar 10, 2022 at 9:59 AM Josh Luthman <josh@imaginenetworksllc.com> wrote:
Gary,
I'm the owner of the business. I answer a lot of tier 1 support calls. I read every single ticket summary. It's not denial, it's just that I'm small enough to be able to follow up on every support issue. You can claim bull if you want but my evidence can beat up your claim.
On Wed, Mar 9, 2022 at 5:55 PM Gary E. Miller <gem@rellim.com> wrote:
Yo Josh!
On Wed, 9 Mar 2022 16:46:56 -0500 Josh Luthman <josh@imaginenetworksllc.com> wrote:
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Bull. I have not complained to any corporation in the last 5 years where the stanard response was not "We've never heard that complaint before". recently every one I my street complained about the same things at the same time, but we all got that response.
Denial ain't just a river in Egypt.
RGDS GARY
--------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 gem@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin
Absolutely. This makes for good discussion. Strictly on the FTTH end of things to make it simpler (since that's where our growth is). We're very much residential with the commercial customers being farmers, home based mechanics/construction/horse stables, and the like - less Netflix and more websites. 1. Our ONT (gpon+nat+wifi) I'm all but certain would work out of the box. Now if the customer wants their own router in which case I guess we force them into one methodology for v6 (correct me if I'm wrong but there isn't a standard way to deploy v6 globally like DHCP, it needs RA which leads into obvious issues with the kid's 14 antenna Netgear). 2. Calix supports it (OLT), I suppose we would just need to enable v6 on the DNS servers and we're done 3. I don't believe our software supports it, but I'm not certain, obviously I haven't looked The biggest issue you completely left out is operational. I'd have to spend time adding on v6, which is a bit of a time sink but at least there's a nearby finish line. Time I'm not getting fiber hooked up to houses. Now when (not if, we all know nothing is perfect) there are issues with v6 but not v4 I have to figure out why "my internet is slow" when v6 has problems. Setting something up once, be it fiber or v6, is a one time capex. Ongoing support problems are indefinite opex. On Thu, Mar 10, 2022 at 10:20 AM Tom Beecher <beecher@beecher.cc> wrote:
I would like to ask an earnest question here, because I work in an environment where IPv6 has been deployed for more than a decade, and it's just automatically part of things we do and have to solve for, so I will openly admit my perspective can be warped. I am truly curious about what the perceived blockers are for you, and others with the same perspective.
You appear to run a residential ISP. There are essentially 3 things you would have to do to deploy IPv6.
1. CPE would need to support it. 2. Your network infrastructure would have to support it. 3. Subscriber services ( DHCP / DNS / IPAM ) would have to support it.
Putting aside the 'zero value' idea, if you were to decide to take steps today , what are your blockers?
On Thu, Mar 10, 2022 at 9:59 AM Josh Luthman <josh@imaginenetworksllc.com> wrote:
Gary,
I'm the owner of the business. I answer a lot of tier 1 support calls. I read every single ticket summary. It's not denial, it's just that I'm small enough to be able to follow up on every support issue. You can claim bull if you want but my evidence can beat up your claim.
On Wed, Mar 9, 2022 at 5:55 PM Gary E. Miller <gem@rellim.com> wrote:
Yo Josh!
On Wed, 9 Mar 2022 16:46:56 -0500 Josh Luthman <josh@imaginenetworksllc.com> wrote:
Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Bull. I have not complained to any corporation in the last 5 years where the stanard response was not "We've never heard that complaint before". recently every one I my street complained about the same things at the same time, but we all got that response.
Denial ain't just a river in Egypt.
RGDS GARY
--------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 gem@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin
On 3/10/22 7:36 AM, Josh Luthman wrote:
Now when (not if, we all know nothing is perfect) there are issues with v6 but not v4 I have to figure out why "my internet is slow" when v6 has problems.
You might find the opposite is true, though. Many dual-stack clients try both IPv4 and IPv6 and use whichever works best: https://en.wikipedia.org/wiki/Happy_Eyeballs In other words, adding IPv6 might sometimes completely avoid problems for your customers (saving you time), because it makes some IPv4 problems no longer noticeable. I'm confident that adding IPv6 support to all sites my company hosts reduced the number of "I can't reach a site on your servers" complaints, simply because there are two available network paths to our servers for most Comcast customers, customers on 4G connections, etc. From my perspective, IPv6 has added a widely-adopted form of network redundancy as an unexpected side-effect. "Neat!" -- Robert L Mathews
On Thu, 10 Mar 2022 at 15:20, Tom Beecher <beecher@beecher.cc> wrote:
You appear to run a residential ISP. There are essentially 3 things you would have to do to deploy IPv6. [...]
Putting aside the 'zero value' idea, if you were to decide to take steps
today , what are your blockers?
I'm going to turn this on it's head. Why would someone deploy IPv6 today when they have working IPv4, no CGNAT, and enough addressing to last them for a while? There are 3 reasons I can see: 1. More IPv4 is expensive. Let's say the price is currently $50 per IPv4 address, but it's not an expendable resource... You could depreciate it over 4 years and say it's $1/month, but realistically those addresses will probably increase in value for at least the short-medium term, so it's really just minor. Especially considering the cost of the CPE etc, which are generally disposable after a few years. 2. CGNAT is expensive. Well, it can be, but that's mostly because it's stateful. If MAP-T takes off as well as it seems to be doing, then you can pretty much rely on stateless transformation, and that will be cheaper and cheaper as time goes on. 3. Customer demand. The only customers who are demanding it tend to be the whiny folk who also complain about Android not supporting DHCPv6, or that they can't pay their bills with some kind of cryptocurrency. They will always be complaining about something. IPv6 is technologically superior to IPv4, there's no doubt about that. It is vastly inferior when it comes to understanding what is going on by your average sysadmin, network engineer, IT helpdesk person -- it is just far too complicated. Even the wording is confusing, e.g. router/neighbor "solicitation/advertisement" instead of "request/reply". I am not just referencing the longer addresses, the "multiple addresses on an interface" thing takes a long time to get used to, having ULAs for internal addressing and then using GUAs (which may change with no notice) for internet traffic, it just confuses people. Expecting those users who run a server at home (a NAS or similar) to now rely on SLAAC rather than static addressing that they might have done before, or even worse configuring static addressing based on the prefix today and 6-12 months down the line suddenly finding they can't access the NAS any longer in their bookmarks, and no idea what to do to talk to it. They're not going to understand why people use ULAs, or which prefix to use there. Not to mention that it would be a technical support nightmare to only offer IPv6-only services to customers, logging into their router or explaining why their few pieces of software not working may be because of the lack of IPv4 -- we're going to be stuck with IPv4 in the residential access and enterprise space for a long time, so there's very little incentive to put all the effort into IPv6 except for ideological reasons. IPv6 is a case study in how all too often human factors are not considered in the design of engineering projects. IPv4 works, and is relatively inexpensive. Until it isn't, I absolutely understand why an ISP would not consider IPv6 a priority at all. IPv6 cuts your IPv4 costs, but has costs of its own. ... and I don't really know how to fix that. M
Matthew Walster wrote:
IPv6 is technologically superior to IPv4, there's no doubt about that.
It is not. Though IPv6 was designed against OSI CLNP (with 20B, or, optionally, 40B addresses), IPv6 incorporated many abandoned ideas of CLNP and XNS already known to be useless or harmful with experiences on IPv4 to be a protocol as bad as or even worse than CLNP. For example, address length was extended from original 8B to 16B to allow lower 48bits be MAC addresses, which was what XNS was doing, only to make ISP operations with raw addresses prohibitively painful. Masataka Ohta
On 3/10/22 9:22 PM, Masataka Ohta wrote:
Matthew Walster wrote:
IPv6 is technologically superior to IPv4, there's no doubt about that.
It is not. Though IPv6 was designed against OSI CLNP (with 20B, or, optionally, 40B addresses), IPv6 incorporated many abandoned ideas of CLNP and XNS already known to be useless or harmful with experiences on IPv4 to be a protocol as bad as or even worse than CLNP.
For example, address length was extended from original 8B to 16B to allow lower 48bits be MAC addresses, which was what XNS was doing, only to make ISP operations with raw addresses prohibitively painful.
IPv6 as originally designed had 8 byte (64-bit) addresses that had no difficulty including 48-bit MAC addresses for link-local deployment. It was explicitly stated that they would *NEVER* be globally visible, as there were many documented examples of duplicate MAC assignments. Then, the powers that be declared that IPv6 should have 128-bit addresses, and a host of committees were setup with competing CLNP (TUBA) co-chairs. They incorporated many ideas of CLNP and XNS that were thought (by many of us) to be worthless, useless, and harmful. Committee-itis at its worst. My original address plan had the leading 32 bits as the existing ASN, with the lower 32-bits as the existing IPv4 address. Making ISP operations eminently easier, as we already knew those two things.
I'd flagged this to reply, but sadly am a bit behind.... On 3/10/22 11:02 AM, Matthew Walster wrote:
IPv6 is technologically superior to IPv4, there's no doubt about that. It is vastly inferior when it comes to understanding what is going on by your average sysadmin, network engineer, IT helpdesk person -- it is just far too complicated. Even the wording is confusing, e.g. router/neighbor "solicitation/advertisement" instead of "request/reply".
I'd wanted to clearly distinguish this from the old methods: This is intended to replace ARP, ICMP Router Advertisement, ICMP Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the [IPv6] environment. There are also elements of the OSI ES-IS and IS-IS Hello. We were forward looking to deployments of thousands of systems per link, rather than the 30 maximum under then current ethernet standards. We needed fewer announcements, less chatty traffic, and more specific traffic designation. We also prioritized network security. Moreover requiring addresses be ephemeral, such that applications would not be able to tie authentication/authorization to an IPv6 address and would be motivated to use cryptographic security. Unfortunately, later committees decided that rather than a single simpler secured address assignment scheme, we needed unsecured SLAAC and duplicate DHCPv6. Three ways to do the same thing are always a recipe for disaster.
IPv6 is a case study in how all too often human factors are not considered in the design of engineering projects. [...]
Reminder: I was an operator and one of the original NANOG members. We spent a lot of time considering human factors. I'd pioneered the "Operational Considerations" section of the original draft RFCs. IPv6 is a case study of what happens with committee-itis. The small design team worked well. On 3/16/22 9:03 PM, John Gilmore wrote:
Given the billions of people who eat and sleep for HOURS every day, I think I am doing pretty well by just coordinating three people part-time trying to improve IPv4 a little bit. [...]
Please tell me where this excellent effort is underway?
On Thu, 17 Mar 2022 at 04:27, William Allen Simpson <william.allen.simpson@gmail.com> wrote:
This is intended to replace ARP, ICMP Router Advertisement, ICMP Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the [IPv6] environment. There are also elements of the OSI ES-IS and IS-IS Hello.
We were forward looking to deployments of thousands of systems per link, rather than the 30 maximum under then current ethernet standards. We needed fewer announcements, less chatty traffic, and more specific traffic designation.
Please bear with me, after negativity some sobering remarks follow. And the solution is broken, it assumes snooping packets and creating near arbitrary amounts of multicast groups and forwarding multicast on L2 device is cheaper than flooding. It is not, and everyone keeps MLD off in L2 to simplify and reduce cost. So in reality the multicast L2 resolution is not used, and useless complexity. In addition to this problem of changing broadcast to multicast, the ND can use GUA|LL<->GUA|LL any combination, which makes almost every input ACL broken, because operators simply are not aware of this. Very common problem for us is, we change vendor on our end, and customer IPv6 breaks, customer did 0 changes, so of course they blame us, and we have difficult task to educate them 'look this is how ND works, your ACL is broken, because it assumes special case is generic case, and the special case has changed' because different vendors choose different GUA|LL <-> GUA|LL for ND, it can be wrong and work until the far end does some change. The right solution is not to filter by ADDR, but to filter by hop-limit, but it's too complex for operators to understand. /MOST/ IPv6 'improvements' are like this, they solve problems that either didn't exist or make the existing problem worse. Like extension headers. Like creating large on-link networks, adding a lot more attack vectors. Ok IPv6 is kinda shit, but it's the only thing we have and we can make it work with some effort and some cost. And the effort and cost of making IPv6 work is less than making IPV4+IPV6 work, and we really really need the larger address space, it trumps all other deltas by a wide margin. So yes I have an ugly child, but it's the only child I have, and with my genes, a beautiful child isn't on the cards, so I'll raise this ugly child as best I can. I no longer care how bad IPv6 is, that's crying over spilt milk, it doesn't matter. I care about the cost of doing both IPV4+IPV6. -- ++ytti
Hello Saku:
This is intended to replace ARP, ICMP Router Advertisement, ICMP Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the
[IPv6]
environment. There are also elements of the OSI ES-IS and IS-IS
Hello.
We were forward looking to deployments of thousands of systems per link, rather than the 30 maximum under then current ethernet standards. We needed fewer announcements, less chatty traffic, and
more specific traffic designation.
Please bear with me, after negativity some sobering remarks follow.
And the solution is broken, it assumes snooping packets and creating near arbitrary amounts of multicast groups and forwarding multicast on L2 device is cheaper than flooding. It is not, and everyone keeps MLD off in L2 to simplify and reduce cost. So in reality the multicast L2 resolution is not used, and useless complexity.
True. The issue is not with "IPv6" but specifically with SLAAC. As long one uses DHCP, IPv4 and v6 have similar properties WRT to BUM. Now, hosts having multiple addresses and renewing them when they wish could be a real bonus, if it was not done the Woodstock way; IOW if there was a minimum control from the network operator. *The hassle in SLAAC is the SL*. This is why the IETF introduced RFC 8505 / 8928. This combines the stateful behavior of DHCP and the benefits of autoconfiguration. No more multicast DAD or address lookup. No IGMP.
In addition to this problem of changing broadcast to multicast, the ND can use GUA|LL<->GUA|LL any combination, which makes almost every input ACL broken, because operators simply are not aware of this. Very common problem for us is, we change vendor on our end, and customer IPv6 breaks, customer did 0 changes, so of course they blame us, and we have difficult task to educate them 'look this is how ND works, your ACL is broken, because it assumes special case is generic case, and the special case has changed' because different vendors choose different GUA|LL <-> GUA|LL for ND, it can be wrong and work until the far end does some change. The right solution is not to filter by ADDR, but to filter by hop-limit, but it's too complex for operators to understand.
True. The "on-link" model is a very bad fit for any managed network. Don't use it outside home 😉. Probably turn off redirect when you do that, too.
/MOST/ IPv6 'improvements' are like this, they solve problems that either didn't exist or make the existing problem worse. Like extension headers. Like creating large on-link networks, adding a lot more attack vectors.
True too. The RFC 8505 / 8928 combo creates P2P IP link abstractions regardless of the L2 broadcast domain / L2 segments. This is how you can avoid BUM and set up a deterministic state for wireless (proxy ARP) and overlays (LISP, EVPN...) services. IOW the prefixes are always "not onlink".
Ok IPv6 is kinda shit, but it's the only thing we have and we can make it work with some effort and some cost. And the effort and cost of making IPv6 work is less than making IPV4+IPV6 work, and we really really need the larger address space, it trumps all other deltas by a wide margin. So yes I have an ugly child, but it's the only child I have, and with my genes, a beautiful child isn't on the cards, so I'll raise this ugly child as best I can. I no longer care how bad IPv6 is, that's crying over spilt milk, it doesn't matter. I care about the cost of doing both IPV4+IPV6.
The child has grown up, at least on paper. But very little of IETF efforts in the last 15 years has made it to products. Apart of SRv6 and IoT, which is where RFC 8505 started. I assume that user feedback is needed for vendors to implement, and users are not necessarily aware of the specs that were developed, so many of them. Would you care to extract RFC 8505 / 8928 from the background noise? Keep safe; Pascal
It seems team developing IPv6 had ONE way of doing things, with is actually recipe for disaster. Why? Because they were building an IP protocol. Something that will be using globally by ALL networks around. Not some local IOT (useless) shit used here and there. Thats why such IP protocol should be follow KISS concept and flexibility. Some people have different vision how to run network. And because Inter-net is an AS to AS network they should have right to do so. In my opinion all that crypto stuff should be put layer upper because crypto is hard, very hard and can get obsolete quickly. Its same about other weird things embedded into IPv6 that probably should go layer up. And now people wonder why IPv6 adoption is crap and there is high resistance. IPv4 made mistakes too, but hell, it was the first. It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems. Just my 2 cents... ---------- Original message ---------- From: William Allen Simpson <william.allen.simpson@gmail.com> To: NANOG <nanog@nanog.org> Subject: Re: V6 still not supported Date: Wed, 16 Mar 2022 22:24:14 -0400 I'd wanted to clearly distinguish this from the old methods: This is intended to replace ARP, ICMP Router Advertisement, ICMP Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the [IPv6] environment. There are also elements of the OSI ES-IS and IS-IS Hello. We were forward looking to deployments of thousands of systems per link, rather than the 30 maximum under then current ethernet standards. We needed fewer announcements, less chatty traffic, and more specific traffic designation. We also prioritized network security. Moreover requiring addresses be ephemeral, such that applications would not be able to tie authentication/authorization to an IPv6 address and would be motivated to use cryptographic security. Unfortunately, later committees decided that rather than a single simpler secured address assignment scheme, we needed unsecured SLAAC and duplicate DHCPv6. Three ways to do the same thing are always a recipe for disaster. Reminder: I was an operator and one of the original NANOG members. We spent a lot of time considering human factors. I'd pioneered the "Operational Considerations" section of the original draft RFCs. IPv6 is a case study of what happens with committee-itis. The small design team worked well.
“It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.” your argument against IPv6 is that they should have created a new version of IPv4, but bigger? So… IPv6? On Thu, Mar 17, 2022 at 06:32 <borg@uu3.net> wrote:
It seems team developing IPv6 had ONE way of doing things, with is actually recipe for disaster. Why? Because they were building an IP protocol. Something that will be using globally by ALL networks around. Not some local IOT (useless) shit used here and there. Thats why such IP protocol should be follow KISS concept and flexibility. Some people have different vision how to run network. And because Inter-net is an AS to AS network they should have right to do so.
In my opinion all that crypto stuff should be put layer upper because crypto is hard, very hard and can get obsolete quickly.
Its same about other weird things embedded into IPv6 that probably should go layer up. And now people wonder why IPv6 adoption is crap and there is high resistance. IPv4 made mistakes too, but hell, it was the first.
It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.
Just my 2 cents...
---------- Original message ----------
From: William Allen Simpson <william.allen.simpson@gmail.com> To: NANOG <nanog@nanog.org> Subject: Re: V6 still not supported Date: Wed, 16 Mar 2022 22:24:14 -0400
I'd wanted to clearly distinguish this from the old methods:
This is intended to replace ARP, ICMP Router Advertisement, ICMP Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the [IPv6] environment. There are also elements of the OSI ES-IS and IS-IS Hello.
We were forward looking to deployments of thousands of systems per link, rather than the 30 maximum under then current ethernet standards. We needed fewer announcements, less chatty traffic, and more specific traffic designation.
We also prioritized network security. Moreover requiring addresses be ephemeral, such that applications would not be able to tie authentication/authorization to an IPv6 address and would be motivated to use cryptographic security.
Unfortunately, later committees decided that rather than a single simpler secured address assignment scheme, we needed unsecured SLAAC and duplicate DHCPv6. Three ways to do the same thing are always a recipe for disaster.
Reminder: I was an operator and one of the original NANOG members.
We spent a lot of time considering human factors. I'd pioneered the "Operational Considerations" section of the original draft RFCs.
IPv6 is a case study of what happens with committee-itis.
The small design team worked well.
Did you read his email? He was saying that what a lot of people wanted was IPv4 + bigger address space, and not any other changes. Speaking for myself, other than the bigger address space, for a corporate/enterprise environment I have yet to see any advantages of IPv6 and many, many issues. Information hiding, aka NAT is very important in the financial world. For example, we have a directly peered connection with our clearing partner at our co-location. Both sides use NAT. This way either side can make a network change without having to involve the other partner. Here is what happens without NAT (circa 2008), and yes, this really happened: 1. We needed to separate out process and move to a different server. The existing server IP couldn’t change since other partners had it in their access list. 2. It took 9 weeks and: * 3 conference calls including one with 30 participants from the clearing company * 2 approvals by committees at the clearing company You can say that this was absurd and should be changed. Yes, but it won’t and we have no control over them. With NAT we can change internal IP addresses at any time as long as we update the NAT tables. This is not something important at ISP or hosting providers, but it’s many issues like this in the corporate world that prevent IPv6 adoption. Things like static addressing, consistent behavior of IPv6 across different operating systems including disabling SLAAC, privacy addressing and others. Based on my experience and people on tech mailing list that are oriented toward enterprises, I would bet that IPv6 deployment (with global addresses) is significantly less than 10% nor is it on their horizon. Matthew Huff | Director of Technical Operations | OTA Management LLC Office: 914-460-4039 mhuff@ox.com<mailto:mhuff@ox.com> | www.ox.com<http://www.ox.com> ........................................................................................................................................... From: NANOG <nanog-bounces+mhuff=ox.com@nanog.org> On Behalf Of Tom Beecher Sent: Thursday, March 17, 2022 7:41 AM To: borg@uu3.net Cc: nanog@nanog.org Subject: Re: V6 still not supported “It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.” your argument against IPv6 is that they should have created a new version of IPv4, but bigger? So… IPv6? On Thu, Mar 17, 2022 at 06:32 <borg@uu3.net<mailto:borg@uu3.net>> wrote: It seems team developing IPv6 had ONE way of doing things, with is actually recipe for disaster. Why? Because they were building an IP protocol. Something that will be using globally by ALL networks around. Not some local IOT (useless) shit used here and there. Thats why such IP protocol should be follow KISS concept and flexibility. Some people have different vision how to run network. And because Inter-net is an AS to AS network they should have right to do so. In my opinion all that crypto stuff should be put layer upper because crypto is hard, very hard and can get obsolete quickly. Its same about other weird things embedded into IPv6 that probably should go layer up. And now people wonder why IPv6 adoption is crap and there is high resistance. IPv4 made mistakes too, but hell, it was the first. It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems. Just my 2 cents... ---------- Original message ---------- From: William Allen Simpson <william.allen.simpson@gmail.com<mailto:william.allen.simpson@gmail.com>> To: NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> Subject: Re: V6 still not supported Date: Wed, 16 Mar 2022 22:24:14 -0400 I'd wanted to clearly distinguish this from the old methods: This is intended to replace ARP, ICMP Router Advertisement, ICMP Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the [IPv6] environment. There are also elements of the OSI ES-IS and IS-IS Hello. We were forward looking to deployments of thousands of systems per link, rather than the 30 maximum under then current ethernet standards. We needed fewer announcements, less chatty traffic, and more specific traffic designation. We also prioritized network security. Moreover requiring addresses be ephemeral, such that applications would not be able to tie authentication/authorization to an IPv6 address and would be motivated to use cryptographic security. Unfortunately, later committees decided that rather than a single simpler secured address assignment scheme, we needed unsecured SLAAC and duplicate DHCPv6. Three ways to do the same thing are always a recipe for disaster. Reminder: I was an operator and one of the original NANOG members. We spent a lot of time considering human factors. I'd pioneered the "Operational Considerations" section of the original draft RFCs. IPv6 is a case study of what happens with committee-itis. The small design team worked well.
You can still do NAT with IPv6 like you ask for. It's been around over a decade now: https://datatracker.ietf.org/doc/html/rfc6296 On Thu, 17 Mar 2022 at 12:02, Matthew Huff <mhuff@ox.com> wrote:
Did you read his email? He was saying that what a lot of people wanted was IPv4 + bigger address space, and not any other changes. Speaking for myself, other than the bigger address space, for a corporate/enterprise environment I have yet to see any advantages of IPv6 and many, many issues.
Information hiding, aka NAT is very important in the financial world.
For example, we have a directly peered connection with our clearing partner at our co-location. Both sides use NAT. This way either side can make a network change without having to involve the other partner.
Here is what happens without NAT (circa 2008), and yes, this really happened:
1. We needed to separate out process and move to a different server. The existing server IP couldn’t change since other partners had it in their access list. 2. It took 9 weeks and: 1. 3 conference calls including one with 30 participants from the clearing company 2. 2 approvals by committees at the clearing company
You can say that this was absurd and should be changed. Yes, but it won’t and we have no control over them.
With NAT we can change internal IP addresses at any time as long as we update the NAT tables.
This is not something important at ISP or hosting providers, but it’s many issues like this in the corporate world that prevent IPv6 adoption. Things like static addressing, consistent behavior of IPv6 across different operating systems including disabling SLAAC, privacy addressing and others.
Based on my experience and people on tech mailing list that are oriented toward enterprises, I would bet that IPv6 deployment (with global addresses) is significantly less than 10% nor is it on their horizon.
*Matthew Huff* | Director of Technical Operations | OTA Management LLC
*Office: 914-460-4039*
*mhuff@ox.com <mhuff@ox.com> | **www.ox.com <http://www.ox.com>*
*...........................................................................................................................................*
*From:* NANOG <nanog-bounces+mhuff=ox.com@nanog.org> * On Behalf Of *Tom Beecher *Sent:* Thursday, March 17, 2022 7:41 AM *To:* borg@uu3.net *Cc:* nanog@nanog.org *Subject:* Re: V6 still not supported
“It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.”
your argument against IPv6 is that they should have created a new version of IPv4, but bigger?
So… IPv6?
On Thu, Mar 17, 2022 at 06:32 <borg@uu3.net> wrote:
It seems team developing IPv6 had ONE way of doing things, with is actually recipe for disaster. Why? Because they were building an IP protocol. Something that will be using globally by ALL networks around. Not some local IOT (useless) shit used here and there. Thats why such IP protocol should be follow KISS concept and flexibility. Some people have different vision how to run network. And because Inter-net is an AS to AS network they should have right to do so.
In my opinion all that crypto stuff should be put layer upper because crypto is hard, very hard and can get obsolete quickly.
Its same about other weird things embedded into IPv6 that probably should go layer up. And now people wonder why IPv6 adoption is crap and there is high resistance. IPv4 made mistakes too, but hell, it was the first.
It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.
Just my 2 cents...
---------- Original message ----------
From: William Allen Simpson <william.allen.simpson@gmail.com> To: NANOG <nanog@nanog.org> Subject: Re: V6 still not supported Date: Wed, 16 Mar 2022 22:24:14 -0400
I'd wanted to clearly distinguish this from the old methods:
This is intended to replace ARP, ICMP Router Advertisement, ICMP Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the [IPv6] environment. There are also elements of the OSI ES-IS and IS-IS Hello.
We were forward looking to deployments of thousands of systems per link, rather than the 30 maximum under then current ethernet standards. We needed fewer announcements, less chatty traffic, and more specific traffic designation.
We also prioritized network security. Moreover requiring addresses be ephemeral, such that applications would not be able to tie authentication/authorization to an IPv6 address and would be motivated to use cryptographic security.
Unfortunately, later committees decided that rather than a single simpler secured address assignment scheme, we needed unsecured SLAAC and duplicate DHCPv6. Three ways to do the same thing are always a recipe for disaster.
Reminder: I was an operator and one of the original NANOG members.
We spent a lot of time considering human factors. I'd pioneered the "Operational Considerations" section of the original draft RFCs.
IPv6 is a case study of what happens with committee-itis.
The small design team worked well.
Good to know. I’ll keep a look out for future implantations. Currently we are using Cisco 3548P-XL switches with low-latency nat to support microsecond latency natting. Hopefully someday they will support it. Matthew Huff | Director of Technical Operations | OTA Management LLC Office: 914-460-4039 mhuff@ox.com<mailto:mhuff@ox.com> | www.ox.com<http://www.ox.com> ........................................................................................................................................... From: Dave Bell <me@geordish.org> Sent: Thursday, March 17, 2022 8:39 AM To: Matthew Huff <mhuff@ox.com> Cc: Tom Beecher <beecher@beecher.cc>; borg@uu3.net; nanog@nanog.org Subject: Re: V6 still not supported You can still do NAT with IPv6 like you ask for. It's been around over a decade now: https://datatracker.ietf.org/doc/html/rfc6296 On Thu, 17 Mar 2022 at 12:02, Matthew Huff <mhuff@ox.com<mailto:mhuff@ox.com>> wrote: Did you read his email? He was saying that what a lot of people wanted was IPv4 + bigger address space, and not any other changes. Speaking for myself, other than the bigger address space, for a corporate/enterprise environment I have yet to see any advantages of IPv6 and many, many issues. Information hiding, aka NAT is very important in the financial world. For example, we have a directly peered connection with our clearing partner at our co-location. Both sides use NAT. This way either side can make a network change without having to involve the other partner. Here is what happens without NAT (circa 2008), and yes, this really happened: 1. We needed to separate out process and move to a different server. The existing server IP couldn’t change since other partners had it in their access list. 2. It took 9 weeks and: * 3 conference calls including one with 30 participants from the clearing company * 2 approvals by committees at the clearing company You can say that this was absurd and should be changed. Yes, but it won’t and we have no control over them. With NAT we can change internal IP addresses at any time as long as we update the NAT tables. This is not something important at ISP or hosting providers, but it’s many issues like this in the corporate world that prevent IPv6 adoption. Things like static addressing, consistent behavior of IPv6 across different operating systems including disabling SLAAC, privacy addressing and others. Based on my experience and people on tech mailing list that are oriented toward enterprises, I would bet that IPv6 deployment (with global addresses) is significantly less than 10% nor is it on their horizon. Matthew Huff | Director of Technical Operations | OTA Management LLC Office: 914-460-4039 mhuff@ox.com<mailto:mhuff@ox.com> | www.ox.com<http://www.ox.com> ........................................................................................................................................... From: NANOG <nanog-bounces+mhuff=ox.com@nanog.org<mailto:ox.com@nanog.org>> On Behalf Of Tom Beecher Sent: Thursday, March 17, 2022 7:41 AM To: borg@uu3.net<mailto:borg@uu3.net> Cc: nanog@nanog.org<mailto:nanog@nanog.org> Subject: Re: V6 still not supported “It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.” your argument against IPv6 is that they should have created a new version of IPv4, but bigger? So… IPv6? On Thu, Mar 17, 2022 at 06:32 <borg@uu3.net<mailto:borg@uu3.net>> wrote: It seems team developing IPv6 had ONE way of doing things, with is actually recipe for disaster. Why? Because they were building an IP protocol. Something that will be using globally by ALL networks around. Not some local IOT (useless) shit used here and there. Thats why such IP protocol should be follow KISS concept and flexibility. Some people have different vision how to run network. And because Inter-net is an AS to AS network they should have right to do so. In my opinion all that crypto stuff should be put layer upper because crypto is hard, very hard and can get obsolete quickly. Its same about other weird things embedded into IPv6 that probably should go layer up. And now people wonder why IPv6 adoption is crap and there is high resistance. IPv4 made mistakes too, but hell, it was the first. It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems. Just my 2 cents... ---------- Original message ---------- From: William Allen Simpson <william.allen.simpson@gmail.com<mailto:william.allen.simpson@gmail.com>> To: NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> Subject: Re: V6 still not supported Date: Wed, 16 Mar 2022 22:24:14 -0400 I'd wanted to clearly distinguish this from the old methods: This is intended to replace ARP, ICMP Router Advertisement, ICMP Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the [IPv6] environment. There are also elements of the OSI ES-IS and IS-IS Hello. We were forward looking to deployments of thousands of systems per link, rather than the 30 maximum under then current ethernet standards. We needed fewer announcements, less chatty traffic, and more specific traffic designation. We also prioritized network security. Moreover requiring addresses be ephemeral, such that applications would not be able to tie authentication/authorization to an IPv6 address and would be motivated to use cryptographic security. Unfortunately, later committees decided that rather than a single simpler secured address assignment scheme, we needed unsecured SLAAC and duplicate DHCPv6. Three ways to do the same thing are always a recipe for disaster. Reminder: I was an operator and one of the original NANOG members. We spent a lot of time considering human factors. I'd pioneered the "Operational Considerations" section of the original draft RFCs. IPv6 is a case study of what happens with committee-itis. The small design team worked well.
Ohh sorry if I misunderstood orginal message a bit. I am all on your side about it indeed. I am el-cheapo dual-homed at home, and this setup is impossible to do without NAT. I can add/del ISP connections at any time with minimal reconf. Have static IPs in LAN and overlay network. Life is good. When NAT appeard we kinda hated it. Now it seems life is hard without it ;) ---------- Original message ---------- From: Matthew Huff <mhuff@ox.com> To: Tom Beecher <beecher@beecher.cc>, "borg@uu3.net" <borg@uu3.net> Cc: "nanog@nanog.org" <nanog@nanog.org> Subject: RE: V6 still not supported Date: Thu, 17 Mar 2022 12:00:59 +0000 Did you read his email? He was saying that what a lot of people wanted was IPv4 + bigger address space, and not any other changes. Speaking for myself, other than the bigger address space, for a corporate/enterprise environment I have yet to see any advantages of IPv6 and many, many issues. Information hiding, aka NAT is very important in the financial world. For example, we have a directly peered connection with our clearing partner at our co-location. Both sides use NAT. This way either side can make a network change without having to involve the other partner. Here is what happens without NAT (circa 2008), and yes, this really happened: 1. We needed to separate out process and move to a different server. The existing server IP couldn˙˙t change since other partners had it in their access list. 2. It took 9 weeks and: * 3 conference calls including one with 30 participants from the clearing company * 2 approvals by committees at the clearing company You can say that this was absurd and should be changed. Yes, but it won˙˙t and we have no control over them. With NAT we can change internal IP addresses at any time as long as we update the NAT tables. This is not something important at ISP or hosting providers, but it˙˙s many issues like this in the corporate world that prevent IPv6 adoption. Things like static addressing, consistent behavior of IPv6 across different operating systems including disabling SLAAC, privacy addressing and others. Based on my experience and people on tech mailing list that are oriented toward enterprises, I would bet that IPv6 deployment (with global addresses) is significantly less than 10% nor is it on their horizon. Matthew Huff | Director of Technical Operations | OTA Management LLC Office: 914-460-4039 mhuff@ox.com<mailto:mhuff@ox.com> | www.ox.com<http://www.ox.com> ........................................................................................................................................... From: NANOG <nanog-bounces+mhuff=ox.com@nanog.org> On Behalf Of Tom Beecher Sent: Thursday, March 17, 2022 7:41 AM To: borg@uu3.net Cc: nanog@nanog.org Subject: Re: V6 still not supported ˙˙It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.˙˙ your argument against IPv6 is that they should have created a new version of IPv4, but bigger? So˙˙ IPv6? On Thu, Mar 17, 2022 at 06:32 <borg@uu3.net<mailto:borg@uu3.net>> wrote: It seems team developing IPv6 had ONE way of doing things, with is actually recipe for disaster. Why? Because they were building an IP protocol. Something that will be using globally by ALL networks around. Not some local IOT (useless) shit used here and there. Thats why such IP protocol should be follow KISS concept and flexibility. Some people have different vision how to run network. And because Inter-net is an AS to AS network they should have right to do so. In my opinion all that crypto stuff should be put layer upper because crypto is hard, very hard and can get obsolete quickly. Its same about other weird things embedded into IPv6 that probably should go layer up. And now people wonder why IPv6 adoption is crap and there is high resistance. IPv4 made mistakes too, but hell, it was the first. It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems. Just my 2 cents... ---------- Original message ---------- From: William Allen Simpson <william.allen.simpson@gmail.com<mailto:william.allen.simpson@gmail.com>> To: NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> Subject: Re: V6 still not supported Date: Wed, 16 Mar 2022 22:24:14 -0400 I'd wanted to clearly distinguish this from the old methods: This is intended to replace ARP, ICMP Router Advertisement, ICMP Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the [IPv6] environment. There are also elements of the OSI ES-IS and IS-IS Hello. We were forward looking to deployments of thousands of systems per link, rather than the 30 maximum under then current ethernet standards. We needed fewer announcements, less chatty traffic, and more specific traffic designation. We also prioritized network security. Moreover requiring addresses be ephemeral, such that applications would not be able to tie authentication/authorization to an IPv6 address and would be motivated to use cryptographic security. Unfortunately, later committees decided that rather than a single simpler secured address assignment scheme, we needed unsecured SLAAC and duplicate DHCPv6. Three ways to do the same thing are always a recipe for disaster. Reminder: I was an operator and one of the original NANOG members. We spent a lot of time considering human factors. I'd pioneered the "Operational Considerations" section of the original draft RFCs. IPv6 is a case study of what happens with committee-itis. The small design team worked well.
Did you read his email? He was saying that what a lot of people wanted was IPv4 + bigger address space, and not any other changes. Speaking for myself, other than the bigger address space, for a corporate/enterprise environment I have yet to see any advantages of IPv6 and many, many issues.
There are absolute parts of the v6 feature set that don't work as well as they should. Some of that is design, some of that is implementation. Nobody asserts it's perfect. I also generally agree certain parts of the design suffer from overcomplication, and could have been simpler. However, it's an ill informed argument to say that IPv6 should have just been 128 bits of addressing with no other changes. That just would never have worked. I'm also very sympathetic to situations such as you describe that things are done a certain way based on human reasons, not technical ones. Trust me, I get it. On Thu, Mar 17, 2022 at 8:01 AM Matthew Huff <mhuff@ox.com> wrote:
Did you read his email? He was saying that what a lot of people wanted was IPv4 + bigger address space, and not any other changes. Speaking for myself, other than the bigger address space, for a corporate/enterprise environment I have yet to see any advantages of IPv6 and many, many issues.
Information hiding, aka NAT is very important in the financial world.
For example, we have a directly peered connection with our clearing partner at our co-location. Both sides use NAT. This way either side can make a network change without having to involve the other partner.
Here is what happens without NAT (circa 2008), and yes, this really happened:
1. We needed to separate out process and move to a different server. The existing server IP couldn’t change since other partners had it in their access list. 2. It took 9 weeks and: 1. 3 conference calls including one with 30 participants from the clearing company 2. 2 approvals by committees at the clearing company
You can say that this was absurd and should be changed. Yes, but it won’t and we have no control over them.
With NAT we can change internal IP addresses at any time as long as we update the NAT tables.
This is not something important at ISP or hosting providers, but it’s many issues like this in the corporate world that prevent IPv6 adoption. Things like static addressing, consistent behavior of IPv6 across different operating systems including disabling SLAAC, privacy addressing and others.
Based on my experience and people on tech mailing list that are oriented toward enterprises, I would bet that IPv6 deployment (with global addresses) is significantly less than 10% nor is it on their horizon.
*Matthew Huff* | Director of Technical Operations | OTA Management LLC
*Office: 914-460-4039*
*mhuff@ox.com <mhuff@ox.com> | **www.ox.com <http://www.ox.com>*
*...........................................................................................................................................*
*From:* NANOG <nanog-bounces+mhuff=ox.com@nanog.org> * On Behalf Of *Tom Beecher *Sent:* Thursday, March 17, 2022 7:41 AM *To:* borg@uu3.net *Cc:* nanog@nanog.org *Subject:* Re: V6 still not supported
“It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.”
your argument against IPv6 is that they should have created a new version of IPv4, but bigger?
So… IPv6?
On Thu, Mar 17, 2022 at 06:32 <borg@uu3.net> wrote:
It seems team developing IPv6 had ONE way of doing things, with is actually recipe for disaster. Why? Because they were building an IP protocol. Something that will be using globally by ALL networks around. Not some local IOT (useless) shit used here and there. Thats why such IP protocol should be follow KISS concept and flexibility. Some people have different vision how to run network. And because Inter-net is an AS to AS network they should have right to do so.
In my opinion all that crypto stuff should be put layer upper because crypto is hard, very hard and can get obsolete quickly.
Its same about other weird things embedded into IPv6 that probably should go layer up. And now people wonder why IPv6 adoption is crap and there is high resistance. IPv4 made mistakes too, but hell, it was the first.
It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.
Just my 2 cents...
---------- Original message ----------
From: William Allen Simpson <william.allen.simpson@gmail.com> To: NANOG <nanog@nanog.org> Subject: Re: V6 still not supported Date: Wed, 16 Mar 2022 22:24:14 -0400
I'd wanted to clearly distinguish this from the old methods:
This is intended to replace ARP, ICMP Router Advertisement, ICMP Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the [IPv6] environment. There are also elements of the OSI ES-IS and IS-IS Hello.
We were forward looking to deployments of thousands of systems per link, rather than the 30 maximum under then current ethernet standards. We needed fewer announcements, less chatty traffic, and more specific traffic designation.
We also prioritized network security. Moreover requiring addresses be ephemeral, such that applications would not be able to tie authentication/authorization to an IPv6 address and would be motivated to use cryptographic security.
Unfortunately, later committees decided that rather than a single simpler secured address assignment scheme, we needed unsecured SLAAC and duplicate DHCPv6. Three ways to do the same thing are always a recipe for disaster.
Reminder: I was an operator and one of the original NANOG members.
We spent a lot of time considering human factors. I'd pioneered the "Operational Considerations" section of the original draft RFCs.
IPv6 is a case study of what happens with committee-itis.
The small design team worked well.
Yes, IPv6.. but for example 64bit address space but with a much closer ties to IPv4 imo. So network people would be much more confortable with it. I already said how my ideal IPv6 should look like. Many people disagree with that ok. Its very hard to please everyone indeed, hence KISS concept should be followed. Also, the whole dual stack thing should be required only on content providers, so client should be moved to IPv6, freeing more space from IPv4 with could be moved to content/hosting. Once there is enough critical mass of clients on IPv6, IPv4 could be dropped gradually. This avoids chicken and egg problem. Lets stop that E2E myth, we do NOT have e2e connectivity on client side from loong time (users NATs, CGNATs). And you know what? Its not that needed these days due to how internet is centralized today. Its good moment for change imo, but we blowed it. ---------- Original message ---------- From: Tom Beecher <beecher@beecher.cc> To: borg@uu3.net Cc: nanog@nanog.org Subject: Re: V6 still not supported Date: Thu, 17 Mar 2022 07:40:32 -0400 ˙˙It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.˙˙ your argument against IPv6 is that they should have created a new version of IPv4, but bigger? So˙˙ IPv6? On Thu, Mar 17, 2022 at 06:32 <borg@uu3.net> wrote:
It seems team developing IPv6 had ONE way of doing things, with is actually recipe for disaster. Why? Because they were building an IP protocol. Something that will be using globally by ALL networks around. Not some local IOT (useless) shit used here and there. Thats why such IP protocol should be follow KISS concept and flexibility. Some people have different vision how to run network. And because Inter-net is an AS to AS network they should have right to do so.
In my opinion all that crypto stuff should be put layer upper because crypto is hard, very hard and can get obsolete quickly.
Its same about other weird things embedded into IPv6 that probably should go layer up. And now people wonder why IPv6 adoption is crap and there is high resistance. IPv4 made mistakes too, but hell, it was the first.
It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.
Just my 2 cents...
---------- Original message ----------
From: William Allen Simpson <william.allen.simpson@gmail.com> To: NANOG <nanog@nanog.org> Subject: Re: V6 still not supported Date: Wed, 16 Mar 2022 22:24:14 -0400
I'd wanted to clearly distinguish this from the old methods:
This is intended to replace ARP, ICMP Router Advertisement, ICMP Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the [IPv6] environment. There are also elements of the OSI ES-IS and IS-IS Hello.
We were forward looking to deployments of thousands of systems per link, rather than the 30 maximum under then current ethernet standards. We needed fewer announcements, less chatty traffic, and more specific traffic designation.
We also prioritized network security. Moreover requiring addresses be ephemeral, such that applications would not be able to tie authentication/authorization to an IPv6 address and would be motivated to use cryptographic security.
Unfortunately, later committees decided that rather than a single simpler secured address assignment scheme, we needed unsecured SLAAC and duplicate DHCPv6. Three ways to do the same thing are always a recipe for disaster.
Reminder: I was an operator and one of the original NANOG members.
We spent a lot of time considering human factors. I'd pioneered the "Operational Considerations" section of the original draft RFCs.
IPv6 is a case study of what happens with committee-itis.
The small design team worked well.
I agree that parts of IPv6 design suffer from a bit of overcomplication. Maybe it didn't seem that way when they did it, but experience has taught us otherwise. So we should take those learnings and adjust. On Thu, Mar 17, 2022 at 9:27 AM <borg@uu3.net> wrote:
Yes, IPv6.. but for example 64bit address space but with a much closer ties to IPv4 imo. So network people would be much more confortable with it.
I already said how my ideal IPv6 should look like. Many people disagree with that ok. Its very hard to please everyone indeed, hence KISS concept should be followed.
Also, the whole dual stack thing should be required only on content providers, so client should be moved to IPv6, freeing more space from IPv4 with could be moved to content/hosting. Once there is enough critical mass of clients on IPv6, IPv4 could be dropped gradually. This avoids chicken and egg problem.
Lets stop that E2E myth, we do NOT have e2e connectivity on client side from loong time (users NATs, CGNATs). And you know what? Its not that needed these days due to how internet is centralized today. Its good moment for change imo, but we blowed it.
---------- Original message ----------
From: Tom Beecher <beecher@beecher.cc> To: borg@uu3.net Cc: nanog@nanog.org Subject: Re: V6 still not supported Date: Thu, 17 Mar 2022 07:40:32 -0400
˙˙It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.˙˙
your argument against IPv6 is that they should have created a new version of IPv4, but bigger?
So˙˙ IPv6?
On Thu, Mar 17, 2022 at 06:32 <borg@uu3.net> wrote:
It seems team developing IPv6 had ONE way of doing things, with is actually recipe for disaster. Why? Because they were building an IP protocol. Something that will be using globally by ALL networks around. Not some local IOT (useless) shit used here and there. Thats why such IP protocol should be follow KISS concept and flexibility. Some people have different vision how to run network. And because Inter-net is an AS to AS network they should have right to do so.
In my opinion all that crypto stuff should be put layer upper because crypto is hard, very hard and can get obsolete quickly.
Its same about other weird things embedded into IPv6 that probably should go layer up. And now people wonder why IPv6 adoption is crap and there is high resistance. IPv4 made mistakes too, but hell, it was the first.
It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.
Just my 2 cents...
---------- Original message ----------
From: William Allen Simpson <william.allen.simpson@gmail.com> To: NANOG <nanog@nanog.org> Subject: Re: V6 still not supported Date: Wed, 16 Mar 2022 22:24:14 -0400
I'd wanted to clearly distinguish this from the old methods:
This is intended to replace ARP, ICMP Router Advertisement, ICMP Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the [IPv6] environment. There are also elements of the OSI ES-IS and IS-IS Hello.
We were forward looking to deployments of thousands of systems per link, rather than the 30 maximum under then current ethernet standards. We needed fewer announcements, less chatty traffic, and more specific traffic designation.
We also prioritized network security. Moreover requiring addresses be ephemeral, such that applications would not be able to tie authentication/authorization to an IPv6 address and would be motivated to use cryptographic security.
Unfortunately, later committees decided that rather than a single simpler secured address assignment scheme, we needed unsecured SLAAC and duplicate DHCPv6. Three ways to do the same thing are always a recipe for disaster.
Reminder: I was an operator and one of the original NANOG members.
We spent a lot of time considering human factors. I'd pioneered the "Operational Considerations" section of the original draft RFCs.
IPv6 is a case study of what happens with committee-itis.
The small design team worked well.
On 3/17/22 3:30 AM, borg@uu3.net wrote:
It seems team developing IPv6 had ONE way of doing things, with is actually recipe for disaster. Why? Because they were building an IP protocol. Something that will be using globally by ALL networks around. Not some local IOT (useless) shit used here and there. Thats why such IP protocol should be follow KISS concept and flexibility. Some people have different vision how to run network. And because Inter-net is an AS to AS network they should have right to do so. As somebody who designed IoT things back when v6 was being designed, my only question was whether it would get deployed, not whether it was too complex. It was honestly a lot easier than a completely new protocol stack like appletalk or netware.
In my opinion all that crypto stuff should be put layer upper because crypto is hard, very hard and can get obsolete quickly. I don't see what the OS layer has to do with anything. An operating system that doesn't get patches is even worse than app level code that doesn't.
Its same about other weird things embedded into IPv6 that probably should go layer up. And now people wonder why IPv6 adoption is crap and there is high resistance. IPv4 made mistakes too, but hell, it was the first.
It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.
There were tons of things that were slapped onto IP that were basically experimental like ARP and bootp. CIDR didn't even exist back then. Also: security, for example, was not an already fixed problem. Far from it. Mike
Yes, you are right. And gradually IPv4 was improved and fixed. We learned how to defend L2. CIDR was added (with should be thing from the begining instead of netmasks, but who could forsee...) And in case of IPv6 it seems that all that experience was throwed out of window. Design was much different that IPv4, adding new issues. I have feeling that IPv6 was made by people who were NOT running networks. The big question is, what we can do that to fix IPv6 problem. I have no clue at all.. Im personally biased against IPv6. ---------- Original message ---------- From: Michael Thomas <mike@mtcc.com> To: nanog@nanog.org Subject: Re: V6 still not supported Date: Thu, 17 Mar 2022 18:52:32 -0700 On 3/17/22 3:30 AM, borg@uu3.net wrote:
It seems team developing IPv6 had ONE way of doing things, with is actually recipe for disaster. Why? Because they were building an IP protocol. Something that will be using globally by ALL networks around. Not some local IOT (useless) shit used here and there. Thats why such IP protocol should be follow KISS concept and flexibility. Some people have different vision how to run network. And because Inter-net is an AS to AS network they should have right to do so. As somebody who designed IoT things back when v6 was being designed, my only question was whether it would get deployed, not whether it was too complex. It was honestly a lot easier than a completely new protocol stack like appletalk or netware.
In my opinion all that crypto stuff should be put layer upper because crypto is hard, very hard and can get obsolete quickly. I don't see what the OS layer has to do with anything. An operating system that doesn't get patches is even worse than app level code that doesn't.
Its same about other weird things embedded into IPv6 that probably should go layer up. And now people wonder why IPv6 adoption is crap and there is high resistance. IPv4 made mistakes too, but hell, it was the first.
It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.
There were tons of things that were slapped onto IP that were basically experimental like ARP and bootp. CIDR didn't even exist back then. Also: security, for example, was not an already fixed problem. Far from it. Mike
On 3/18/22 1:23 AM, borg@uu3.net wrote:
Yes, you are right. And gradually IPv4 was improved and fixed. We learned how to defend L2. CIDR was added (with should be thing from the begining instead of netmasks, but who could forsee...)
And in case of IPv6 it seems that all that experience was throwed out of window. Design was much different that IPv4, adding new issues. I have feeling that IPv6 was made by people who were NOT running networks.
I really don't see why people think it's so different that v4. To me back then it mostly seemed like v4 with bigger address. ND was just ARPv2 and SLAAC was an alternative to bootp. DHCP didn't exist, nor IPsec, nor NAT. What else does an ipv6 host need to implement? My theory is that the real problem is that hardware switching arrived before v6 and vendors didn't want to implement it because of cost. That gave a great excuse for why providers couldn't deploy v6 which they didn't want to do anyway. Mike
The big question is, what we can do that to fix IPv6 problem. I have no clue at all.. Im personally biased against IPv6.
---------- Original message ----------
From: Michael Thomas <mike@mtcc.com> To: nanog@nanog.org Subject: Re: V6 still not supported Date: Thu, 17 Mar 2022 18:52:32 -0700
On 3/17/22 3:30 AM, borg@uu3.net wrote:
It seems team developing IPv6 had ONE way of doing things, with is actually recipe for disaster. Why? Because they were building an IP protocol. Something that will be using globally by ALL networks around. Not some local IOT (useless) shit used here and there. Thats why such IP protocol should be follow KISS concept and flexibility. Some people have different vision how to run network. And because Inter-net is an AS to AS network they should have right to do so. As somebody who designed IoT things back when v6 was being designed, my only question was whether it would get deployed, not whether it was too complex. It was honestly a lot easier than a completely new protocol stack like appletalk or netware. In my opinion all that crypto stuff should be put layer upper because crypto is hard, very hard and can get obsolete quickly. I don't see what the OS layer has to do with anything. An operating system that doesn't get patches is even worse than app level code that doesn't. Its same about other weird things embedded into IPv6 that probably should go layer up. And now people wonder why IPv6 adoption is crap and there is high resistance. IPv4 made mistakes too, but hell, it was the first.
It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems. There were tons of things that were slapped onto IP that were basically experimental like ARP and bootp. CIDR didn't even exist back then.
Also: security, for example, was not an already fixed problem. Far from it.
Mike
Michael Thomas <mike@mtcc.com> writes:
I really don't see why people think it's so different that v4. To me back then it mostly seemed like v4 with bigger address.
Then I suppose, like me, you were in favor of the TUBA proposal? :) -tih -- Most people who graduate with CS degrees don't understand the significance of Lisp. Lisp is the most important idea in computer science. --Alan Kay
On 3/18/22 12:54 PM, Tom Ivar Helbekkmo wrote:
Michael Thomas <mike@mtcc.com> writes:
I really don't see why people think it's so different that v4. To me back then it mostly seemed like v4 with bigger address. Then I suppose, like me, you were in favor of the TUBA proposal? :)
We weren't part of the wars. What I saw was what eventually became ipv6 and I remember talking to one of my coworkers about how hard he thought it would be to implement. He concurred that he didn't think it would be any big deal. One of our big issues is that we didn't have anybody to interop with, that and nobody was asking for it unlike v4 features. Mike
On Fri, 2022-03-18 at 13:17 -0700, Michael Thomas wrote:
We weren't part of the wars. What I saw was what eventually became ipv6 and I remember talking to one of my coworkers about how hard he thought it would be to implement. He concurred that he didn't think it would be any big deal. One of our big issues is that we didn't have anybody to interop with, that and nobody was asking for it unlike v4 features.
Classic Second System Effect, as described by Fred Brooks... in 1975. "The Mythical Man-Month" is a great book for remembering how we got here. https://en.wikipedia.org/wiki/Second-system_effect But as all you have said, here we are.
On 3/18/22 1:31 PM, Nathan Angelacos wrote:
On Fri, 2022-03-18 at 13:17 -0700, Michael Thomas wrote:
We weren't part of the wars. What I saw was what eventually became ipv6 and I remember talking to one of my coworkers about how hard he thought it would be to implement. He concurred that he didn't think it would be any big deal. One of our big issues is that we didn't have anybody to interop with, that and nobody was asking for it unlike v4 features. Classic Second System Effect, as described by Fred Brooks... in 1975. "The Mythical Man-Month" is a great book for remembering how we got here.
https://en.wikipedia.org/wiki/Second-system_effect
But as all you have said, here we are.
As far as second system goes, at least for the host side it didn't seem overwrought to me. Part of the problem was that there were definitely politics with DHCPv6 and maybe some other things that we getting developed along side v6, but those were pretty easily overcome once the will was there. I'd really like to understand what the requirements that are specific to v6 are that make it so much harder or bloated. Not product availability, but actual things that make it difficult to deploy. Mike
On Fri, 18 Mar 2022 13:47:00 -0700, Michael Thomas <mike@mtcc.com> wrote: I'd really like to understand what the requirements that are specific to v6 are that make it so much harder or bloated. Not product availability, but actual things that make it difficult to deploy. -------------------------------------------------------------------------------------------- It's all in the nanog archives. Just the amount of grumping by network operators to finally get DHCPv6 was pretty tremendous. Basically, folks were shouting "we want it whether you think we need it or not!" Of course, that's just the start. This thread itself has a lot of the iceberg tops. scott
On 3/18/22 2:32 PM, surfer@mauigateway.com wrote:
On Fri, 18 Mar 2022 13:47:00 -0700, Michael Thomas <mike@mtcc.com> wrote:
I'd really like to understand what the requirements that are specific to v6 are that make it so much harder or bloated. Not product availability, but actual things that make it difficult to deploy. --------------------------------------------------------------------------------------------
It's all in the nanog archives. Just the amount of grumping by network operators to finally get DHCPv6 was pretty tremendous. Basically, folks were shouting "we want it whether you think we need it or not!" Of course, that's just the start. This thread itself has a lot of the iceberg tops.
That was almost 20 years ago. Anything a little more contemporary? I know about Android's aversion to DHCPv6, but that is not a standards problem it's a vendor being a PITA. Mike
Tom Ivar Helbekkmo via NANOG wrote:
I really don't see why people think it's so different that v4. To me back then it mostly seemed like v4 with bigger address.
Then I suppose, like me, you were in favor of the TUBA proposal? :)
TUBA is TCP/UDP over CLNP (ConnectionLess Network Protocol) designed by so infamous OSI, which is why it was denied by IETF through democratic process even though IAB tried to deploy it. However, as William Allen Simpson wrote:
Then, the powers that be declared that IPv6 should have 128-bit addresses, and a host of committees were setup with competing CLNP (TUBA) co-chairs. They incorporated many ideas of CLNP and XNS that were thought (by many of us) to be worthless, useless, and harmful. Committee-itis at its worst.
IAB hideously striked back to make IPv6 something a lot worse than CLNP and XNS. So, it is rather not the second but the zero-th system syndrome. Masataka Ohta
On 20 Mar 2022, at 5:09 AM, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
However, as William Allen Simpson wrote:
Then, the powers that be declared that IPv6 should have 128-bit addresses, and a host of committees were setup with competing CLNP (TUBA) co-chairs. They incorporated many ideas of CLNP and XNS that were thought (by many of us) to be worthless, useless, and harmful. Committee-itis at its worst.
IAB hideously striked back to make IPv6 something a lot worse than CLNP and XNS.
Alas, the above characterization doesn’t even come close to the actual history of IPng – - There was an open call for proposals. - We had many submissions: Nimrod, PIP, SIP, TUBA, IPAE, CATNIP (TP/IX), ... - SIP absorbed IPAE, and then PIP merged with SIP to form SIPP - Three final proposals CATNIP, TUBA, SIPP - Chicago Big-10 workshop did final review and recommended SIPP, only using 128-bit “NSAP-like” addresses This is all quite well covered by the IPv6 recommendation document - https://datatracker.ietf.org/doc/html/rfc1752 <https://datatracker.ietf.org/doc/html/rfc1752> (a document which probably should be required reading for those characterizing the history of IPv6) FYI, /John
On 21 Mar 2022, at 12:42 PM, John Curran <jcurran@istaff.org> wrote:
...
This is all quite well covered by the IPv6 recommendation document - https://datatracker.ietf.org/doc/html/rfc1752 <https://datatracker.ietf.org/doc/html/rfc1752> (a document which probably should be required reading for those characterizing the history of IPv6)
Just for the record, IPv6 is definitely far from perfect… There were things put in the specification that had no real world experience (some of which has since been deprecated), and some cases where tradeoffs were made that missed huge opportunities. However, neither the extra cruft nor the missed opportunities really got in the way of deployment – we are the present situation because we made a decision on the next IP protocol (IPv6) despite lacking the required "a straightforward transition plan from IPv4” – that was left as an exercise for the reader. Absent a clear bridge from here to there, it shouldn’t be surprising that there was no serious deployment for more than a decade… After several years of non-solutions out of the IETF, the "very large" network operator community (who realized that they were indeed going to need IPv6 for their broadband and mobile deployments) waded in and came up with workable IPv6 transition solutions. To this day, IPv6 remains essential to those with very large and growing networks, and less so for those with modest or no growth. FYI, /John
John Curran wrote:
IAB hideously striked back to make IPv6 something a lot worse than CLNP and XNS.
Alas, the above characterization doesn't even come close to the actual history of IPng –
That's too recent. First, as I wrote: : TUBA is TCP/UDP over CLNP (ConnectionLess Network Protocol) designed : by so infamous OSI, which is why it was denied by IETF through : democratic process even though IAB tried to deploy it. occurred, after which the history of IPng started.
- There was an open call for proposals. - We had many submissions: Nimrod, PIP, SIP, TUBA, IPAE, CATNIP (TP/IX), ... - SIP absorbed IPAE, and then PIP merged with SIP to form SIPP - Three final proposals CATNIP, TUBA, SIPP - Chicago Big-10 workshop did final review and recommended SIPP, only using 128-bit "NSAP-like" addresses
and such steps were controlled by IAB, that is, you merely support my point that:
IAB hideously striked back to make IPv6 something a lot worse than CLNP and XNS.
It should also be noted that merger is just political ceremony to pretend IPng were resulted from cooperation of many contributors only to make it bloat by incorporating all the features without technical merits. Masataka Ohta
On 22 Mar 2022, at 4:08 AM, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
- There was an open call for proposals. - We had many submissions: Nimrod, PIP, SIP, TUBA, IPAE, CATNIP (TP/IX), ... - SIP absorbed IPAE, and then PIP merged with SIP to form SIPP - Three final proposals CATNIP, TUBA, SIPP - Chicago Big-10 workshop did final review and recommended SIPP, only using 128-bit "NSAP-like" addresses
and such steps were controlled by IAB, that is, you merely support my point that:
co make IPv6 something a lot worse than CLNP and XNS.
The characterization that the IAB somehow struck back with the IPng decision implies a level of direction over the decision which simply did not exist. That’s not to say that there wasn’t "IETF politics” involved, but rather that such politics were expressed as enormous pressure to “make a decision” rather than IAB/IESG shaping of the various protocol proposals and their technical evolution. The technical teams that submitted each proposal controlled that proposal's evolution, and the IPng Directorate (not the IAB or IESG) made the final IPng protocol selection/recommendation. You can confirm all of this rather easily, as the entire set of IPng materials and decisions are here at Scott Bradner’s archive - https://www.sobco.com/ipng/ <https://www.sobco.com/ipng/>
It should also be noted that merger is just political ceremony to pretend IPng were resulted from cooperation of many contributors only to make it bloat by incorporating all the features without technical merits.
Half correct; the final protocol was indeed the result of compromise whereby features from multiple contributors were included, but such was driven (much like the “extra cruft” I referenced in an earlier message) out of the earnest belief of technical merit of the unproven features rather than politics. Of course, the problem with including new & unproven features is that they as often as not turn out to be either technically flawed or provide no functionality actually desired from the customer (and IPv6 certainly had examples of both) Best wishes, /John John Curran IPng Directorate Member, 1993 - 1996
john, fwiw your story matches what is left of my memory. one nuance
That’s not to say that there wasn’t "IETF politics” involved, but rather that such politics were expressed as enormous pressure to “make a decision”
my take was that cidr had done a lot to relieve the immediate technical pressure for the short term; but there was a deep fear that the industry press was stirring a major poolpah about the end of the internet due to ipv4 exhaustion. i.e. a seriously flawed technical compromise was pushed on us in reaction to a perception of bad press. i have learned that, when i am under great pressure to DO SOMETHING, it's time to step back, go make a cup of tea, and think. the ietf did not. and here we are, a quarter of a century later, still trying to clean up the mess. randy
On 3/22/22 5:45 AM, Randy Bush wrote:
john,
fwiw your story matches what is left of my memory. one nuance
That’s not to say that there wasn’t "IETF politics” involved, but rather that such politics were expressed as enormous pressure to “make a decision” my take was that cidr had done a lot to relieve the immediate technical pressure for the short term; but there was a deep fear that the industry press was stirring a major poolpah about the end of the internet due to ipv4 exhaustion. i.e. a seriously flawed technical compromise was pushed on us in reaction to a perception of bad press.
i have learned that, when i am under great pressure to DO SOMETHING, it's time to step back, go make a cup of tea, and think. the ietf did not. and here we are, a quarter of a century later, still trying to clean up the mess.
So are you saying that an ipng that came out in, say, 2000 which was according to you was vastly superior having taken the time to get it right would have had any better chance of being adopted? My experience with Cisco product managers at the time is that they couldn't give a shit about the technical aspects of an ipng. If their silicon forwarding couldn't handle it, they weren't interested unless customers were clamoring for it. I can't see how that negative feedback loop could have ever been prevented other than other ipng being done in, oh say, 1993 when it was all still software forwarding. Mike
On Tue, Mar 22, 2022 at 5:36 PM Michael Thomas <mike@mtcc.com> wrote:
On 3/22/22 5:45 AM, Randy Bush wrote:
<snip>
right would have had any better chance of being adopted? My experience with Cisco product managers at the time is that they couldn't give a shit about the technical aspects of an ipng. If their silicon forwarding couldn't handle it, they weren't interested unless customers were
Somewhere in this thread Randy sent a link to his ivtf screed^H^H^H^H^H^Hposition-paper. I think his point there was essentially: "Hey, vendors are coin operated, they build what people are asking for, if they are willing to pay AND if there are enough of them paying"
On 3/22/22 4:58 PM, Christopher Morrow wrote:
On Tue, Mar 22, 2022 at 5:36 PM Michael Thomas <mike@mtcc.com> wrote:
On 3/22/22 5:45 AM, Randy Bush wrote:
<snip>
right would have had any better chance of being adopted? My experience with Cisco product managers at the time is that they couldn't give a shit about the technical aspects of an ipng. If their silicon forwarding couldn't handle it, they weren't interested unless customers were
Somewhere in this thread Randy sent a link to his ivtf screed^H^H^H^H^H^Hposition-paper. I think his point there was essentially: "Hey, vendors are coin operated, they build what people are asking for, if they are willing to pay AND if there are enough of them paying"
I detect no lies here. If we didn't build the right thing from the standpoint of ISP's, they would have told us what they wanted instead. The truth is they didn't want anything but what they had with v4, and running off the cliff was multiple quarterly earnings away so who cares. IPv6 is a classic case of a standards body pushing on string, technical merits be damned. That people are relitigating something from 30 years ago that has been proven to not make any appreciable difference to deploability is part of the problem, not part of the solution. There is a salt mine's worth of saltiness. When the mobile guys came around and said they wanted to listen, they got the solution they could live with. That's all it took. Mike
I would normally not contribute to this, but I think having been a passive participant of the IPng mail lists through the 80s-90s I like the quality of reflecting "did we get what we wanted". I'm not writing here as an RIR employee (which I am) but as somebody who was along for the ride. We didn't get what we wanted. But, we did get what we built, what we argued for, or accepted as an outcome, or chose to ignore. But I don't think we got what we wanted. Tant pis. This is not uncommon I was a partisan for TUBA personally. I just wanted the same with bigger addresses. The decisions to re-architect outside of that, I think in the end were not helpful to adoption. I am thinking about EH, and their non transitive utility in routing, and fragmentation in particular. But I can celebrate that BGP for 6 works, and even can work over BGP mediated purely by 4. I can celebrate that we now have HUGE networks which are native 6 with a 4 overlay. Thats partly why I find a huge personal disconnect with "failure" -It hasn't failed the way DECnet failed. Far from it. There is this other side: I'm dualstack, and I simply dont notice. I am able to SSH back home from v6 externals, my home NAT is not a blocker. I do not routinely consider if I am reaching endpoints on 4 or 6. At some level, it works. I look at some of the "wont work" mails and I wonder what planet you are all on, because I am (and many other are) convinced its working for me at scale. Probably? Its the change from E2E to CDN mediated reality: the imbalance of dataflow is now dominant, and IPv6 works fine for that world, because the transitive costs don't apply. When most things come from a short hop path to a CDN or IX, the pMTU problems probably don't emerge. the fragmentation problems probably don't emerge. I might add that Mass CGN works too in that world. A lof of the vituperation here, is from people who either don't live in a dualstack, or can't be in a dualstack because of provider/upstream decisions. I am fortunate that I can ignore these problems, but I don't "disbelieve" them. They just don't apply to me, or to a huge number of other people, of the order 30-40% of the global Internet. They don't apply to mass markets significantly larger than the envisioned scale of Internet when we did this dance: Jio has more customers than all of the Internet when IPng was being borne. 30% is failure? Well yes, but also no. It's sort of complicated. I'm willing to bet that if your provider turned dualstack on underneath you, few of you would realize. Here's my (not serious) suggestion: lets flag day. here's my other (not serious) suggestion: Lets hand back the V4, and run everyone behind CGN with multiple /8 per ISP, keep all the global unicast 4 for the centre. Here's my final (serious) suggestion. We aren't going to be able to reverse course out of the current situation. Maybe the best thing, is to engineer it, not complain about it. Engineering won't end either right now. Betting on 4 continuance is betting on markets over planning. Maybe thats what some people want? What I want doesn't matter that much btw. -G
George Michaelson wrote:
Thats partly why I find a huge personal disconnect with "failure" -It hasn't failed the way DECnet failed. Far from it.
Since IPv6 was born of the effort to fix the upcoming address shortage visible at the time and to prevent and alleviate the resulting negative effects, the fact that it did not and that globally v4 address shortage is still a problem is a tally of multiple years of failure. I will give you that address shortage and resulting constraints is actually a spectrum, one we have not finished traveling on. I suppose we can date it from the time a class-c stopped being included as part of your leased line all the way to the hasnt happened yet point where you cant get v4 for any affordable amount. So yes, IPv6 will probably save the internet at some point before the end of that spectrum is reached, but the damage has already been done, and lots of it. Now if the goal was to produce a protocol that would work eventually as good as IPv4 and would theoretically fix the address shortage, but only if the non-practical mass conversion occurred immediately, well than its a success and has been for some time. However, successes like that are not what made the internet.
There is this other side: I'm dualstack, and I simply dont notice.
Being in transition state indefinitely is not success. The other side is when you are v6 only and you dont notice. We arent there yet. Thats the failure.
Here's my final (serious) suggestion. We aren't going to be able to reverse course out of the current situation. Maybe the best thing, is to engineer it, not complain about it. Engineering won't end either right now. Betting on 4 continuance is betting on markets over planning. Maybe thats what some people want? What I want doesn't matter that much btw.
-G
Hope for the best and prepare for the worst. That means improving v6 and making it more adoptable and appealing to more diverse user populations. It also means taking measures to prolong v4. That means give them DHCP the way they want it, give them NAT the way they want it. Give them whatever you can whatever they want in v6 the way they want it, whether you like it or not. Just get it out there more and more faster and faster. Ideological concerns had their day and its over. We are past deadline. Just get it done. Or get out of the way of those who want to. Yes, RiR's, IPv6 costing anyone any more money was a false start penalty. It also means taking a real look at proposal like 240/4 and whatever else can be scrounged up, extended, worked around, whatever you have, because if the worst happens and we are still having these threads in a decade, we are going to need it. bad. And if the best happens, who cares about v4 and what was done to it anyways? Now you can say nah, I am betting on things working out just the way they are now, but lets be clear about that. Joe
On 3/22/22 10:34 PM, Joe Maimon wrote:
There is this other side: I'm dualstack, and I simply dont notice.
Being in transition state indefinitely is not success.
The other side is when you are v6 only and you dont notice. We arent there yet. Thats the failure.
This is a terrible way to look at things. SIP has been gradually been taking over the PSTN signaling for 20 years. It has not rooted out every SS7 installation on the planet and probably won't until I'm long dead. Is that a failure? It's certainly a "transition state". After not paying attention for probably a decade and seeing how much it's penetrated I'd call that a resounding success. The same is true of IPv6 with all of the mobile uptake. Legacy is hard. It always has been hard. Calling something a failure because it doesn't instantly defeat legacy a terrible take. It was always going to be difficult to add address space to IP regardless of how it was done. All of the bagging on IPv6 and imagining a better ipng ignores that basic fact. Mike
Michael Thomas wrote:
On 3/22/22 10:34 PM, Joe Maimon wrote:
There is this other side: I'm dualstack, and I simply dont notice.
Being in transition state indefinitely is not success.
The other side is when you are v6 only and you dont notice. We arent there yet. Thats the failure.
This is a terrible way to look at things. SIP has been gradually been taking over the PSTN signaling for 20 years. It has not rooted out every SS7 installation on the planet and probably won't until I'm long dead. Is that a failure? It's certainly a "transition state". After not paying attention for probably a decade and seeing how much it's penetrated I'd call that a resounding success. The same is true of IPv6 with all of the mobile uptake. Legacy is hard. It always has been hard. Calling something a failure because it doesn't instantly defeat legacy a terrible take. It was always going to be difficult to add address space to IP regardless of how it was done. All of the bagging on IPv6 and imagining a better ipng ignores that basic fact.
Mike
SIP wasnt formulated to save telephony. In fact sip has nearly 100% adoption for ip based telephony. It did displace legacy and proprietary protocols. There is no comparison. IPv6 transition was intended to complete before run out using Dual Stack. Fail. Joe
On 3/23/22 10:04 AM, Joe Maimon wrote:
Michael Thomas wrote:
On 3/22/22 10:34 PM, Joe Maimon wrote:
There is this other side: I'm dualstack, and I simply dont notice.
Being in transition state indefinitely is not success.
The other side is when you are v6 only and you dont notice. We arent there yet. Thats the failure.
This is a terrible way to look at things. SIP has been gradually been taking over the PSTN signaling for 20 years. It has not rooted out every SS7 installation on the planet and probably won't until I'm long dead. Is that a failure? It's certainly a "transition state". After not paying attention for probably a decade and seeing how much it's penetrated I'd call that a resounding success. The same is true of IPv6 with all of the mobile uptake. Legacy is hard. It always has been hard. Calling something a failure because it doesn't instantly defeat legacy a terrible take. It was always going to be difficult to add address space to IP regardless of how it was done. All of the bagging on IPv6 and imagining a better ipng ignores that basic fact.
Mike
SIP wasnt formulated to save telephony. In fact sip has nearly 100% adoption for ip based telephony. It did displace legacy and proprietary protocols.
There is no comparison. IPv6 transition was intended to complete before run out using Dual Stack. Fail.
SIP won't displace all legacy PSTN any time soon. So it's a failure by your definition. And by your definition IPv6 was a failure before it was even born because the internet became popular -- something I'll add that nobody knew for certain when it was being designed. There's a lot of sour grapes about stuff that happened 30 years ago. Mike
Michael Thomas wrote:
SIP won't displace all legacy PSTN any time soon. So it's a failure by your definition. And by your definition IPv6 was a failure before it was even born because the internet became popular -- something I'll add that nobody knew for certain when it was being designed. There's a lot of sour grapes about stuff that happened 30 years ago.
Mike
The definition of failure flows from the definition of the objective, the goal, the desired outcome. What is your understanding of those for IPv6? My understanding of the goal of IPv6 was to replace IPv4 globally before address shortage caused real problems. If we agree on that, we must also agree that it has failed to do so, ergo, IPv6 as a global solution to IPv4 address shortage has been and thus far continues to be a failure. Now it will almost certainly eventually succeed, but that doesnt change that for all this time, it failed and there were real consequences that or may not carry on with us all for quite some time, and that there were real costs involved to real people. Joe
On 3/23/22 11:53 AM, Joe Maimon wrote:
Michael Thomas wrote:
SIP won't displace all legacy PSTN any time soon. So it's a failure by your definition. And by your definition IPv6 was a failure before it was even born because the internet became popular -- something I'll add that nobody knew for certain when it was being designed. There's a lot of sour grapes about stuff that happened 30 years ago.
Mike
The definition of failure flows from the definition of the objective, the goal, the desired outcome.
What is your understanding of those for IPv6?
My understanding of the goal of IPv6 was to replace IPv4 globally before address shortage caused real problems. If we agree on that, we must also agree that it has failed to do so, ergo, IPv6 as a global solution to IPv4 address shortage has been and thus far continues to be a failure. Now it will almost certainly eventually succeed, but that doesnt change that for all this time, it failed and there were real consequences that or may not carry on with us all for quite some time, and that there were real costs involved to real people.
IETF can't force people to adopt things, film at 11. They certainly can't control people's saltiness from something that happened 30 years ago. IPv6 is manifestly deployable for operators that want to. If others don't want to deploy it in the face of the predictable address crunch, that's on the operators and not anybody else. Vendors will build patches and hacks and other abominations if somebody is willing to pay for it. If you like CGN, by all means deploy it from a vendor standpoint. If you don't like CGN either then, well, you're sort of screwed. Going back and relitigating ipng is not ever going to happen. Mike
Michael Thomas wrote:
On 3/23/22 11:53 AM, Joe Maimon wrote:
Michael Thomas wrote:
IETF can't force people to adopt things, film at 11. They certainly can't control people's saltiness from something that happened 30 years ago. IPv6 is manifestly deployable for operators that want to. If others don't want to deploy it in the face of the predictable address crunch, that's on the operators and not anybody else. Vendors will build patches and hacks and other abominations if somebody is willing to pay for it. If you like CGN, by all means deploy it from a vendor standpoint. If you don't like CGN either then, well, you're sort of screwed. Going back and relitigating ipng is not ever going to happen.
Mike
Which is why the IETF should not engineer things under the assumption that they can. Which is why the IETF should not be citing IPv6 as cause to deny efforts on IPv4. Because as you say, at this point, even if you dont like CGN, the internet is sort of screwed. And the reasons that IPv6 is not deployed everywhere it could or even should be are myriad. Perhaps unpredictable. That reasons would abound was predictable. Network A deploying IPv6 does not do nearly as much to help A as it does when B-Z do, which is the core problem of IPv6 transition. You can understand then that even in the face of shortage IPv6 is only one of the options on the table at network A for short term alleviation. And usually not even the one with most bang per buck. Those who can choose D) all of the above, the rest prioritize based on resources and various locally defined assessments and analysis. Also unpredictable, but predictable that they would exist. Bygones are bygones, but not if the behavior persists. Yes, I understand referring to the IETF as an individual entity is grossly oversimplifying. Joe
On Mar 23, 2022, at 11:53 , Joe Maimon <jmaimon@jmaimon.com> wrote:
Michael Thomas wrote:
SIP won't displace all legacy PSTN any time soon. So it's a failure by your definition. And by your definition IPv6 was a failure before it was even born because the internet became popular -- something I'll add that nobody knew for certain when it was being designed. There's a lot of sour grapes about stuff that happened 30 years ago.
Mike
The definition of failure flows from the definition of the objective, the goal, the desired outcome.
What is your understanding of those for IPv6?
My understanding of the goal of IPv6 was to replace IPv4 globally before address shortage caused real problems. If we agree on that, we must also agree that it has failed to do so, ergo, IPv6 as a global solution to IPv4 address shortage has been and thus far continues to be a failure. Now it will almost certainly eventually succeed, but that doesnt change that for all this time, it failed and there were real consequences that or may not carry on with us all for quite some time, and that there were real costs involved to real people.
Joe
The goal of IPv6, IMHO, is to become the next lingua franca of the internet, eventually rendering IPv4 unnecessary except in small pockets of legacy support. I agree that has not yet been achieved. It was an objective to try and reach that point prior to IPv4 address shortages caused real problems, but we pretty well missed that target when NAT started catching on. I would not say that IPv6 has ben and continues to be a failure so much as IPv6 has not yet achieved its goal. Yes, it failed the (optimistic) objective of achieving it’s goal prior to IPv4 shortages causing real problems, but that happened pretty quickly and pretty early in the lifespan of IPv6 thus far (I view the popularization of NAT as being the first marker of real problems in IPv4 due to address shortage). Getting IPv6 to near ubiquitous deployment in that short time would have been an impressive accomplishment if it had happened. Owen
On 23Mar22, Owen DeLong via NANOG allegedly wrote:
I would not say that IPv6 has been and continues to be a failure
Even if one might ask that question, what are the realistic alternatives? 1. Drop ipv6 and replace it with ipv4++ or ipv6-lite or whatever other protocol that magically creates a better and quicker transition? 2. Drop ipv6 and extend above the network layer for the forseeable future? By extend I mean things which only introduce ipv4-compatible changes: NATs, TURN, CDN at the edge, application overlays and other higher layer solutions. 3. Live with ipv6 and continue to engineer simpler, better, easier and no-brainer deployments? I'll admit it risks being a "sunk cost falacy" argument to perpetuate ipv6, but are the alternatives so clear that we're really ready to drop ipv6?
so much as IPv6 has not yet achieved its goal.
As someone previously mentioned, "legacy" support can have an extremely long tail which might superficially make "achieving a goal" look like a failure. Forget ss7 and SIP, what about 100LL vs unleaded petrol or 1/2" bolts vs 13mm bolts? Both must be 50 years in the making with many more years to come. The glacial grind of displacing legacy tech is hardly unique to network protocols. In the grand scheme of things, the goal of replacing ipv4 with ipv6 has really only had a relatively short life-time compared to many other tech transitions. Perhaps it's time to adopt the patience of the physical world? Mark.
Hi all, From 10k meters: IPv6 is different from IPv4 only by: - extension headers - SLAAC instead of DHCP Everything else is minor. Enterprises could easily ignore EH. Carriers could test EH for closed domains and support. I do not see a problem with EHs. Hence, the primary blocking entity for IPv6 adoption is Google: they do not support DHCPv6 for the most popular OS. Whatever else the community would develop may be blocked by some monopoly in the same easy way. No point to change IPv6 to IPv6- Typical market pressure on such a company is not applicable here because: 1) Google is too big and powerful 2) Enterprises do not understand why they need IPv6 - they do not want to spend cycles on this pressure. Deadlock. Eduard -----Original Message----- From: NANOG [mailto:nanog-bounces+vasilenko.eduard=huawei.com@nanog.org] On Behalf Of Mark Delany Sent: Thursday, March 24, 2022 11:35 AM To: nanog@nanog.org Subject: Re: V6 still not supported On 23Mar22, Owen DeLong via NANOG allegedly wrote:
I would not say that IPv6 has been and continues to be a failure
Even if one might ask that question, what are the realistic alternatives? 1. Drop ipv6 and replace it with ipv4++ or ipv6-lite or whatever other protocol that magically creates a better and quicker transition? 2. Drop ipv6 and extend above the network layer for the forseeable future? By extend I mean things which only introduce ipv4-compatible changes: NATs, TURN, CDN at the edge, application overlays and other higher layer solutions. 3. Live with ipv6 and continue to engineer simpler, better, easier and no-brainer deployments? I'll admit it risks being a "sunk cost falacy" argument to perpetuate ipv6, but are the alternatives so clear that we're really ready to drop ipv6?
so much as IPv6 has not yet achieved its goal.
As someone previously mentioned, "legacy" support can have an extremely long tail which might superficially make "achieving a goal" look like a failure. Forget ss7 and SIP, what about 100LL vs unleaded petrol or 1/2" bolts vs 13mm bolts? Both must be 50 years in the making with many more years to come. The glacial grind of displacing legacy tech is hardly unique to network protocols. In the grand scheme of things, the goal of replacing ipv4 with ipv6 has really only had a relatively short life-time compared to many other tech transitions. Perhaps it's time to adopt the patience of the physical world? Mark.
On 24Mar22, Vasilenko Eduard allegedly wrote:
Hence, the primary blocking entity for IPv6 adoption is Google: they do not support DHCPv6 for the most popular OS.
No. The primary "blocking entity" is that "legacy" ipv4 works just fine and adopting ipv6 or ipv4++ or ipv6-lite or ipv-magical is harder than doing nothing. That Google/Android don't like DHCPv6 is largely irrelevant. My five year old ISP router only supports ipv4. Yet I get to every site on the planet just fine. Give me one good reason to spend my hard earned pay on an expensive new router which supports ipv6? You have two choices: make my ipv4 router fail or make the new ipv6 router compelling. How do you propose to do either of those? Mark.
On Mar 24, 2022, at 04:43 , Mark Delany <k3f@november.emu.st> wrote:
On 24Mar22, Vasilenko Eduard allegedly wrote:
Hence, the primary blocking entity for IPv6 adoption is Google: they do not support DHCPv6 for the most popular OS.
No. The primary "blocking entity" is that "legacy" ipv4 works just fine and adopting ipv6 or ipv4++ or ipv6-lite or ipv-magical is harder than doing nothing.
That Google/Android don't like DHCPv6 is largely irrelevant.
My five year old ISP router only supports ipv4. Yet I get to every site on the planet just fine. Give me one good reason to spend my hard earned pay on an expensive new router which supports ipv6?
You have two choices: make my ipv4 router fail or make the new ipv6 router compelling.
How do you propose to do either of those?
Mark.
There’s a third option… When your ISP starts charging $X/Month for legacy protocol support, your IPv4-only router will become more expensive to run than migrating to something that is dual-stack. Home users aren’t the long tail here. Enterprise is the long tail here. Android phones are, indeed, part of the enterprise problem, but not the biggest part. If this were a purely technical problem, we’d have been done more than a decade ago. The problem is a lack of corporate “round tuits” which for each enterprise are in limited supply and usually go to things that either reduce costs or increase revenue. IPv6 can do both in some circumstances, but not in a way that conveniently fits into a cost accounting model and the people with the knowledge to express it generally aren’t well versed in cost accounting anyway. So… here we are. Owen
On 3/24/22 1:59 PM, Owen DeLong via NANOG wrote:
Home users aren’t the long tail here. Enterprise is the long tail here. Android phones are, indeed, part of the enterprise problem, but not the biggest part.
If this were a purely technical problem, we’d have been done more than a decade ago. The problem is a lack of corporate “round tuits” which for each enterprise are in limited supply and usually go to things that either reduce costs or increase revenue.
So long as they have public facing v6 servers is there really a problem? Sure you're not going to get to 100% deployment, but nothing is going to do that in any of our lifetimes. The object should be to not have to deploy tortured hacks like CGNAT. That is what success is IMO, and we don't from a technical standpoint. Mike
On Mar 24, 2022, at 14:46 , Michael Thomas <mike@mtcc.com> wrote:
On 3/24/22 1:59 PM, Owen DeLong via NANOG wrote:
Home users aren’t the long tail here. Enterprise is the long tail here. Android phones are, indeed, part of the enterprise problem, but not the biggest part.
If this were a purely technical problem, we’d have been done more than a decade ago. The problem is a lack of corporate “round tuits” which for each enterprise are in limited supply and usually go to things that either reduce costs or increase revenue.
So long as they have public facing v6 servers is there really a problem? Sure you're not going to get to 100% deployment, but nothing is going to do that in any of our lifetimes. The object should be to not have to deploy tortured hacks like CGNAT. That is what success is IMO, and we don't from a technical standpoint.
Mike
Yes… We need them to have v6 deployed to their clients so that content providers can start turning off v4 where it’s costing them money to support it. Owen
On 3/24/22 3:13 PM, Owen DeLong wrote:
On Mar 24, 2022, at 14:46 , Michael Thomas <mike@mtcc.com> wrote:
On 3/24/22 1:59 PM, Owen DeLong via NANOG wrote:
Home users aren’t the long tail here. Enterprise is the long tail here. Android phones are, indeed, part of the enterprise problem, but not the biggest part.
If this were a purely technical problem, we’d have been done more than a decade ago. The problem is a lack of corporate “round tuits” which for each enterprise are in limited supply and usually go to things that either reduce costs or increase revenue.
So long as they have public facing v6 servers is there really a problem? Sure you're not going to get to 100% deployment, but nothing is going to do that in any of our lifetimes. The object should be to not have to deploy tortured hacks like CGNAT. That is what success is IMO, and we don't from a technical standpoint.
Mike
Yes… We need them to have v6 deployed to their clients so that content providers can start turning off v4 where it’s costing them money to support it.
Well content providers could pretty easily force the issue if they wanted. MIke
On Mar 24, 2022, at 15:16 , Michael Thomas <mike@mtcc.com> wrote:
On 3/24/22 3:13 PM, Owen DeLong wrote:
On Mar 24, 2022, at 14:46 , Michael Thomas <mike@mtcc.com> wrote:
On 3/24/22 1:59 PM, Owen DeLong via NANOG wrote:
Home users aren’t the long tail here. Enterprise is the long tail here. Android phones are, indeed, part of the enterprise problem, but not the biggest part.
If this were a purely technical problem, we’d have been done more than a decade ago. The problem is a lack of corporate “round tuits” which for each enterprise are in limited supply and usually go to things that either reduce costs or increase revenue.
So long as they have public facing v6 servers is there really a problem? Sure you're not going to get to 100% deployment, but nothing is going to do that in any of our lifetimes. The object should be to not have to deploy tortured hacks like CGNAT. That is what success is IMO, and we don't from a technical standpoint.
Mike
Yes… We need them to have v6 deployed to their clients so that content providers can start turning off v4 where it’s costing them money to support it.
Well content providers could pretty easily force the issue if they wanted.
MIke
Not really… Content providers turning off v4 face competition from content providers that don’t. Doing so en masse would require a kind of coordination that’s prohibited by the Sherman act. Owen
Michael Thomas wrote:
On 3/24/22 3:13 PM, Owen DeLong wrote:
On Mar 24, 2022, at 14:46 , Michael Thomas <mike@mtcc.com> wrote:
On 3/24/22 1:59 PM, Owen DeLong via NANOG wrote:
Home users aren’t the long tail here. Enterprise is the long tail here. Android phones are, indeed, part of the enterprise problem, but not the biggest part.
If this were a purely technical problem, we’d have been done more than a decade ago. The problem is a lack of corporate “round tuits” which for each enterprise are in limited supply and usually go to things that either reduce costs or increase revenue.
So long as they have public facing v6 servers is there really a problem? Sure you're not going to get to 100% deployment, but nothing is going to do that in any of our lifetimes. The object should be to not have to deploy tortured hacks like CGNAT. That is what success is IMO, and we don't from a technical standpoint.
Mike
Yes… We need them to have v6 deployed to their clients so that content providers can start turning off v4 where it’s costing them money to support it.
Well content providers could pretty easily force the issue if they wanted.
MIke
Content providers are rumored to dig into the single digit percentages of failing connections to ensure their audiences is as large as possible. And enterprises would likely happily settle on edge solutions for v6 only content so long as they are workable. Joe
> On Mar 24, 2022, at 02:04 , Vasilenko Eduard via NANOG <nanog@nanog.org> wrote: > > Hi all, >> From 10k meters: IPv6 is different from IPv4 only by: > - extension headers > - SLAAC instead of DHCP > Everything else is minor. There’s no such thing as SLAAC instead of DHCP… There’s SLACC in addition to DHCP and operators are free to choose the solution that best fits their network. I suppose the argument could be made that Android is SLAAC instead of DHCP, but I don’t buy that as a complete showstopper these days. I do wish Lorenzo and Google would pull their collective crania out of their hind quarters on this issue, but my vote is to treat Android as damage and route around it. > Enterprises could easily ignore EH. > Carriers could test EH for closed domains and support. > I do not see a problem with EHs. EHs do provide a few additional attack vectors, especially against untested or poorly tested code and especially when you consider the potential to construct a several-K long chain of EH and map it onto 568 octet fragments. > Hence, the primary blocking entity for IPv6 adoption is Google: they do not support DHCPv6 for the most popular OS. > Whatever else the community would develop may be blocked by some monopoly in the same easy way. > No point to change IPv6 to IPv6- > Typical market pressure on such a company is not applicable here because: > 1) Google is too big and powerful > 2) Enterprises do not understand why they need IPv6 - they do not want to spend cycles on this pressure. > Deadlock. Enterprises that don’t understand why they need IPv6 wouldn’t implement it quickly even if Android suddenly released DHCPv6 support tomorrow. I understand that this is your pet issue and I even agree with you to about Google being on the wrong side of it. However, if you honestly believe it is the number 1 blocker for enterprise deployment of IPv6, you are deluding yourself. Owen > > Eduard > -----Original Message----- > From: NANOG [mailto:nanog-bounces+vasilenko.eduard=huawei.com@nanog.org] On Behalf Of Mark Delany > Sent: Thursday, March 24, 2022 11:35 AM > To: nanog@nanog.org > Subject: Re: V6 still not supported > > On 23Mar22, Owen DeLong via NANOG allegedly wrote: > >> I would not say that IPv6 has been and continues to be a failure > > Even if one might ask that question, what are the realistic alternatives? > > 1. Drop ipv6 and replace it with ipv4++ or ipv6-lite or whatever other protocol that > magically creates a better and quicker transition? > > 2. Drop ipv6 and extend above the network layer for the forseeable future? By extend I > mean things which only introduce ipv4-compatible changes: NATs, TURN, CDN at the edge, > application overlays and other higher layer solutions. > > 3. Live with ipv6 and continue to engineer simpler, better, easier and no-brainer > deployments? > > I'll admit it risks being a "sunk cost falacy" argument to perpetuate ipv6, but are the alternatives so clear that we're really ready to drop ipv6? > > >> so much as IPv6 has not yet achieved its goal. > > As someone previously mentioned, "legacy" support can have an extremely long tail which might superficially make "achieving a goal" look like a failure. > > Forget ss7 and SIP, what about 100LL vs unleaded petrol or 1/2" bolts vs 13mm bolts? Both must be 50 years in the making with many more years to come. The glacial grind of displacing legacy tech is hardly unique to network protocols. > > In the grand scheme of things, the goal of replacing ipv4 with ipv6 has really only had a relatively short life-time compared to many other tech transitions. Perhaps it's time to adopt the patience of the physical world? > > > Mark.
On 3/24/22 2:13 PM, Owen DeLong via NANOG wrote: > >> On Mar 24, 2022, at 02:04 , Vasilenko Eduard via NANOG <nanog@nanog.org> wrote: >> >> Hi all, >>> From 10k meters: IPv6 is different from IPv4 only by: >> - extension headers >> - SLAAC instead of DHCP >> Everything else is minor. > There’s no such thing as SLAAC instead of DHCP… There’s SLACC in addition to DHCP and operators > are free to choose the solution that best fits their network. > > I suppose the argument could be made that Android is SLAAC instead of DHCP, but I don’t buy that as a > complete showstopper these days. I do wish Lorenzo and Google would pull their collective crania out of > their hind quarters on this issue, but my vote is to treat Android as damage and route around it. If you have SLAAC and DHCP4 isn't that good enough? Is there a DHCP4 option for v6 DNS addresses too? Mike, not that I disagree about the silliness of not implementing DHCP6
> On Mar 24, 2022, at 14:49 , Michael Thomas <mike@mtcc.com> wrote: > > > On 3/24/22 2:13 PM, Owen DeLong via NANOG wrote: >> >>> On Mar 24, 2022, at 02:04 , Vasilenko Eduard via NANOG <nanog@nanog.org> wrote: >>> >>> Hi all, >>>> From 10k meters: IPv6 is different from IPv4 only by: >>> - extension headers >>> - SLAAC instead of DHCP >>> Everything else is minor. >> There’s no such thing as SLAAC instead of DHCP… There’s SLACC in addition to DHCP and operators >> are free to choose the solution that best fits their network. >> >> I suppose the argument could be made that Android is SLAAC instead of DHCP, but I don’t buy that as a >> complete showstopper these days. I do wish Lorenzo and Google would pull their collective crania out of >> their hind quarters on this issue, but my vote is to treat Android as damage and route around it. > > If you have SLAAC and DHCP4 isn't that good enough? Is there a DHCP4 option for v6 DNS addresses too? Why would you need that? It doesn’t make sense to provide v6 DNS server information over a v4 protocol. SLAAC (RFC6106) can already provide RDNSS information (Resolving DNS Server) in the RAs. SLAAC and/or DHCPv6 are completely separate from DHCPv4. There’s no overlap and there shouldn’t be any. > Mike, not that I disagree about the silliness of not implementing DHCP6 People who support Lorenzo’s religion are relatively few and far between in the operational community. Owen
Mark Delany wrote:
On 23Mar22, Owen DeLong via NANOG allegedly wrote:
I would not say that IPv6 has been and continues to be a failure Even if one might ask that question, what are the realistic alternatives?
1. Drop ipv6 and replace it with ipv4++ or ipv6-lite or whatever other protocol that magically creates a better and quicker transition?
2. Drop ipv6 and extend above the network layer for the forseeable future? By extend I mean things which only introduce ipv4-compatible changes: NATs, TURN, CDN at the edge, application overlays and other higher layer solutions.
3. Live with ipv6 and continue to engineer simpler, better, easier and no-brainer deployments?
I'll admit it risks being a "sunk cost falacy" argument to perpetuate ipv6, but are the alternatives so clear that we're really ready to drop ipv6
I most assuredly hope not. However this is not actually within any specific bodies absolute control. The overblown representation of the top down nature of internet design is a significant fallacy. If a vacuum persists and what fills that void is detrimental to IPv6 global deployment, it would be a significant setback. But the internet wont care. What you can do is try and preempt the vacuum. In my view that takes the form of a multi-pronged strategy. Do what it takes to keep IPv4 as usable as possible for as long as possible. By all means, continue to evangelize users and pressure vendors. But thats not enough. Make IPv6 more attractive, more utilitarian, more useful. Address and remove barriers and hurdles. And that means doing and accepting things that many have significant distaste for. Personally, that means that although I have long disliked proposals that keep moving to the left of the 128bit space, were I to believe it likely to increase deployment and momentum I would champion it in my own limited fashion much as I do 240/4.
so much as IPv6 has not yet achieved its goal. As someone previously mentioned, "legacy" support can have an extremely long tail which might superficially make "achieving a goal" look like a failure.
While true, thats not my concern. My concern is that continued dependence on functioning IPv4 by and large for the internet population has resulted in additional costs and constrains on the addresses required to utilize it. So long as that persists, so does the failure status of IPv6 towards the goal of alleviating it. And thats the goal that actually matters to the internet population at large.
Forget ss7 and SIP, what about 100LL vs unleaded petrol or 1/2" bolts vs 13mm bolts? Both must be 50 years in the making with many more years to come. The glacial grind of displacing legacy tech is hardly unique to network protocols.
In the grand scheme of things, the goal of replacing ipv4 with ipv6 has really only had a relatively short life-time compared to many other tech transitions. Perhaps it's time to adopt the patience of the physical world?
Mark.
I agree. But that means behavioral modification towards a much longer term outlook than has been in widespread evidence thus far. Joe
On Mar 24, 2022, at 03:36 , Joe Maimon <jmaimon@jmaimon.com> wrote:
Mark Delany wrote:
On 23Mar22, Owen DeLong via NANOG allegedly wrote:
I would not say that IPv6 has been and continues to be a failure Even if one might ask that question, what are the realistic alternatives?
1. Drop ipv6 and replace it with ipv4++ or ipv6-lite or whatever other protocol that magically creates a better and quicker transition?
2. Drop ipv6 and extend above the network layer for the forseeable future? By extend I mean things which only introduce ipv4-compatible changes: NATs, TURN, CDN at the edge, application overlays and other higher layer solutions.
3. Live with ipv6 and continue to engineer simpler, better, easier and no-brainer deployments?
I'll admit it risks being a "sunk cost falacy" argument to perpetuate ipv6, but are the alternatives so clear that we're really ready to drop ipv6
I most assuredly hope not. However this is not actually within any specific bodies absolute control. The overblown representation of the top down nature of internet design is a significant fallacy.
If a vacuum persists and what fills that void is detrimental to IPv6 global deployment, it would be a significant setback. But the internet wont care.
One could argue that NAT44 and certainly NAT444 are exactly that.
What you can do is try and preempt the vacuum.
I really wish we had done so prior to the popularization of IPv4 NAT.
In my view that takes the form of a multi-pronged strategy.
Do what it takes to keep IPv4 as usable as possible for as long as possible.
I think this isn’t so much preempting the vacuum as trying to pretend we can survive on an hour of air for 20 years. 240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4. I think that admitting that IPv4 simply doesn’t scale to the present day internet, let alone beyond is a far better move than continuing to pretend its heart is still beating on its own when it’s been on life support for more than a decade with no signs of brain activity.
By all means, continue to evangelize users and pressure vendors. But thats not enough. Make IPv6 more attractive, more utilitarian, more useful. Address and remove barriers and hurdles. And that means doing and accepting things that many have significant distaste for.
Here, I agree…
Personally, that means that although I have long disliked proposals that keep moving to the left of the 128bit space, were I to believe it likely to increase deployment and momentum I would champion it in my own limited fashion much as I do 240/4.
Not sure what you mean by “moving to the left of the 128 bit space”. We will obviously agree to disagree about 240/4 as we long have. Owen
Owen DeLong wrote:
On Mar 24, 2022, at 03:36 , Joe Maimon <jmaimon@jmaimon.com> wrote:
In my view that takes the form of a multi-pronged strategy.
Do what it takes to keep IPv4 as usable as possible for as long as possible. I think this isn’t so much preempting the vacuum as trying to pretend we can survive on an hour of air for 20 years.
240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4.
I think it should be reclassified from never going to be used into some part of the internet might actually do something with it. Its important that happens now, better late then never. Whether its GUA or not or a mix of whatever, whether it buys months or years will depend greatly on how its actually used if it is ever used. You may be right about not being worth it. More importantly, you may be wrong. IPv6 is replete with not only a plethora of wrong predictions, but the same ones over and over again. To be clear, the only effort asked from the unwilling is to support cutting the red tape frustrating the willing. A hearty round of knock yourself out from the right folk in the right place and time and we dont have to debate this particular point ever again. How are we to ever find out who is right if that never happens? That alone is enough reason for me.
Personally, that means that although I have long disliked proposals that keep moving to the left of the 128bit space, were I to believe it likely to increase deployment and momentum I would champion it in my own limited fashion much as I do 240/4. Not sure what you mean by “moving to the left of the 128 bit space”.
That Ipv6 address allocation schemes and proposals tended to enlarge over time, using up more bits heading from right to left.
We will obviously agree to disagree about 240/4 as we long have.
Owen
To the next time then. Joe
On Mar 24, 2022, at 15:49, Joe Maimon <jmaimon@jmaimon.com> wrote:
Owen DeLong wrote:
On Mar 24, 2022, at 03:36 , Joe Maimon <jmaimon@jmaimon.com> wrote:
In my view that takes the form of a multi-pronged strategy.
Do what it takes to keep IPv4 as usable as possible for as long as possible. I think this isn’t so much preempting the vacuum as trying to pretend we can survive on an hour of air for 20 years.
240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4.
I think it should be reclassified from never going to be used into some part of the internet might actually do something with it. Its important that happens now, better late then never. Whether its GUA or not or a mix of whatever, whether it buys months or years will depend greatly on how its actually used if it is ever used.
Please feel free to use it for router IDs in BGP and/or OSPF area numbers. :p
You may be right about not being worth it. More importantly, you may be wrong. IPv6 is replete with not only a plethora of wrong predictions, but the same ones over and over again. To be clear, the only effort asked from the unwilling is to support cutting the red tape frustrating the willing. A hearty round of knock yourself out from the right folk in the right place and time and we dont have to debate this particular point ever again.
Certainly, if we continue to waste effort that is better spent deploying IPv6 on bandaids and hacks to make v4 last just a little longer, we will continue to fail and further delay IPv6 reaching a level of deployment that allows us to start turning down IPv4 and beginning to recognize the cost savings that come from moving forward.
How are we to ever find out who is right if that never happens? That alone is enough reason for me.
The problem is that we’re not talking about parallel experiments. We’re talking about an optional activity which will inherently pull resources away from a necessary activity, thus delaying the necessary activity and becoming somewhat of a self-fulfilling prophecy. Hence I oppose this wasteful experiment in favor of doing what we all know eventually needs to be done.
Personally, that means that although I have long disliked proposals that keep moving to the left of the 128bit space, were I to believe it likely to increase deployment and momentum I would champion it in my own limited fashion much as I do 240/4. Not sure what you mean by “moving to the left of the 128 bit space”.
That Ipv6 address allocation schemes and proposals tended to enlarge over time, using up more bits heading from right to left.
Meh… I haven’t seen too much of that. I’ve been guilty of a certain amount of it, to be sure, but we’re only recently seeing the two largest RIRs start working through their second /12s even though it’s been years since I pushed for (and achieved) nibble-boundary round-ups as the norm in the ARIN region. I think that we’re still OK on allocation policies. What I’d like to see is an end to the IPv4-think in large ISPs, such as Comcast’s continued micro allocations to their customers. Owen
Owen DeLong wrote:
You may be right about not being worth it. More importantly, you may be wrong. IPv6 is replete with not only a plethora of wrong predictions, but the same ones over and over again. To be clear, the only effort asked from the unwilling is to support cutting the red tape frustrating the willing. A hearty round of knock yourself out from the right folk in the right place and time and we dont have to debate this particular point ever again. Certainly, if we continue to waste effort that is better spent deploying IPv6 on bandaids and hacks to make v4 last just a little longer, we will continue to fail and further delay IPv6 reaching a level of deployment that allows us to start turning down IPv4 and beginning to recognize the cost savings that come from moving forward.
How are we to ever find out who is right if that never happens? That alone is enough reason for me. The problem is that we’re not talking about parallel experiments. We’re talking about an optional activity which will inherently pull resources away from a necessary activity, thus delaying the necessary activity and becoming somewhat of a self-fulfilling prophecy. Hence I oppose this wasteful experiment in favor of doing what we all know eventually needs to be done.
I dont know what it will take to paint this nonsensical argument as any more patently ridiculous than has already been done. It bears no relationship to actual reality. However, hypothetically, lets say thats exactly how it works. Too Bad. You had your chance to deploy IPv6 before the pain and now you must tend to both protocols. Joe
On Mar 24, 2022, at 9:25 PM, Owen DeLong via NANOG <nanog@nanog.org> wrote:
I think that we’re still OK on allocation policies. What I’d like to see is an end to the IPv4-think in large ISPs, such as Comcast’s continued micro allocations to their customers.
What exactly is your definition of “micro allocations”? Is a prefix/56 a “micro allocation”? In over nine years of being an active forum participant and customer of Comcast, I can not recall the usage of the term.
On Mar 24, 2022, at 21:18 , James R Cutler <james.cutler@consultant.com> wrote:
On Mar 24, 2022, at 9:25 PM, Owen DeLong via NANOG <nanog@nanog.org <mailto:nanog@nanog.org>> wrote:
I think that we’re still OK on allocation policies. What I’d like to see is an end to the IPv4-think in large ISPs, such as Comcast’s continued micro allocations to their customers.
What exactly is your definition of “micro allocations”? Is a prefix/56 a “micro allocation”? In over nine years of being an active forum participant and customer of Comcast, I can not recall the usage of the term.
They’re issuing /60s (maximum) to residential customers. And yes, a /56 is a micro allocation. /48 is the intended norm for IPv6 site assignments and is a perfectly reasonable prefix size for v6 delegation to a site. Owen
Owen DeLong wrote:
On Mar 24, 2022, at 21:18 , James R Cutler <james.cutler@consultant.com <mailto:james.cutler@consultant.com>> wrote:
On Mar 24, 2022, at 9:25 PM, Owen DeLong via NANOG <nanog@nanog.org <mailto:nanog@nanog.org>> wrote:
I think that we’re still OK on allocation policies. What I’d like to see is an end to the IPv4-think in large ISPs, such as Comcast’s continued micro allocations to their customers.
What exactly is your definition of “micro allocations”? Is a prefix/56 a “micro allocation”? In over nine years of being an active forum participant and customer of Comcast, I can not recall the usage of the term.
They’re issuing /60s (maximum) to residential customers.
And yes, a /56 is a micro allocation. /48 is the intended norm for IPv6 site assignments and is a perfectly reasonable prefix size for v6 delegation to a site.
Owen
/48 as universal site assignments is a ridiculousness that should never be a norm, and unsurprisingly in the real world it isnt. Now if your goal is to pick a number which will never change and is large enough to work for any assignment anywhere for any network topology ever, well you found it. However, thats a solution in search of a problem. Which causes its own problems. A /48 gives 16 bits of /64 subnetting for the site. Which is the same number of bits initial default ISP /32 has. Ridiculous in either direction. If you apply the same logic to ISP's that you have to end user site assignments (which is descended from the same logic as /64 subnets), you need to move left. Again. Goodbye limitless ipv6. Or you can move right on the /64 nonsense. SLAAC does not|should not need /64. Or, SLAAC isnt needed at all. Chaining DHCP to SLAAC is more nonsense. Joe
Dear Owen: 0) You rapid fired a few posts in succession yesterday. Some are interesting and crucial views that I would like to follow-up on. I will start from quoting the earlier ones. I hope that I am picking up the correct leads. 1) " ... 240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4. ... ": Perhaps you have not bothered to scan through a two page whitepaper (URL below, again) that I submitted a week or so ago? It promises simple implementation and significant increase of assignable IPv4 addresses, even extendable to the similar size of IPv6 if we could forgo our mentality about the IP addresses as "Personal Properties", by switching to treat them as "Natural Resources". https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf 2) " ... so that content providers can start turning off v4 where it’s costing them money to support it. .... " & "... Content providers turning off v4 face competition from content providers that don’t. ... ": These two statements appeared to come from two separate posting of yours. They seemed to be contradicting each other. Did I misread somehow? Now from the last post below: 3) " ... 240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4.... ": Please see information provided by Pt. 1) above. 4) " ... I think it should be reclassified from never going to be used into some part of the internet might actually do something with it. Its important that happens now, better late then never ... Please feel free to use it for router IDs in BGP and/or OSPF area numbers. :p ... ": I am in full agreement with you. Our proposal is the solution in Pt. 1) above. 5) " ... if we continue to waste effort that is better spent deploying IPv6 on bandaids and hacks to make v4 last just a little longer, .... ": This is not a productive opinion. Please do not forget that the Internet heavily promotes personal freedom. One can not force others to do something that they do not believe in. Stopping them from doing one thing does not automatically make them to do what you like. A project must have its own merits that attract contribution. The failure of the IPv6 actually started from when a decision was made to the effect of "not to emphasize backward compatibility with IPv4" which broke one of the golden rules in system engineering. Not recognizing such and focusing to find a way for remedying it, but continuing to force others to migrate to IPv6 camp with various tactics does not foster progress. 6) " ... The problem is that we’re not talking about parallel experiments. ... ": EzIP is a parallel experiment to the current Internet (not only IPv4, but also IPv6) operations, because its overlay architecture on the latter demarcates everything happening on it from the Internet. As long as packets exchanged between the two conform to the established Internet protocols, an EzIP deployment (called RAN - Regional Area Network) will appear as innocent as an ordinary private network. Regards, Abe (2022-03-25 12:24) On 2022-03-24 21:25, Owen DeLong via NANOG wrote:
On Mar 24, 2022, at 15:49, Joe Maimon<jmaimon@jmaimon.com> wrote:
Owen DeLong wrote:
On Mar 24, 2022, at 03:36 , Joe Maimon<jmaimon@jmaimon.com> wrote:
In my view that takes the form of a multi-pronged strategy.
Do what it takes to keep IPv4 as usable as possible for as long as possible. I think this isn’t so much preempting the vacuum as trying to pretend we can survive on an hour of air for 20 years.
240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4. I think it should be reclassified from never going to be used into some part of the internet might actually do something with it. Its important that happens now, better late then never. Whether its GUA or not or a mix of whatever, whether it buys months or years will depend greatly on how its actually used if it is ever used. Please feel free to use it for router IDs in BGP and/or OSPF area numbers. :p
You may be right about not being worth it. More importantly, you may be wrong. IPv6 is replete with not only a plethora of wrong predictions, but the same ones over and over again. To be clear, the only effort asked from the unwilling is to support cutting the red tape frustrating the willing. A hearty round of knock yourself out from the right folk in the right place and time and we dont have to debate this particular point ever again. Certainly, if we continue to waste effort that is better spent deploying IPv6 on bandaids and hacks to make v4 last just a little longer, we will continue to fail and further delay IPv6 reaching a level of deployment that allows us to start turning down IPv4 and beginning to recognize the cost savings that come from moving forward.
How are we to ever find out who is right if that never happens? That alone is enough reason for me. The problem is that we’re not talking about parallel experiments. We’re talking about an optional activity which will inherently pull resources away from a necessary activity, thus delaying the necessary activity and becoming somewhat of a self-fulfilling prophecy. Hence I oppose this wasteful experiment in favor of doing what we all know eventually needs to be done.
Personally, that means that although I have long disliked proposals that keep moving to the left of the 128bit space, were I to believe it likely to increase deployment and momentum I would champion it in my own limited fashion much as I do 240/4. Not sure what you mean by “moving to the left of the 128 bit space”. That Ipv6 address allocation schemes and proposals tended to enlarge over time, using up more bits heading from right to left. Meh… I haven’t seen too much of that. I’ve been guilty of a certain amount of it, to be sure, but we’re only recently seeing the two largest RIRs start working through their second /12s even though it’s been years since I pushed for (and achieved) nibble-boundary round-ups as the norm in the ARIN region.
I think that we’re still OK on allocation policies. What I’d like to see is an end to the IPv4-think in large ISPs, such as Comcast’s continued micro allocations to their customers.
Owen
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
1) please join the list properly and stop replying to the digests. (note there have been many folks asking you to do this, disconnected message/new-threads are super super super annoying and remove the parts of the discussion from a coherent thread) On Fri, Mar 25, 2022 at 12:25 PM Abraham Y. Chen <aychen@avinta.com> wrote: <snip>
1) " ... 240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4. ... ": Perhaps you have not bothered to scan through a two page whitepaper (URL below, again) that I submitted a week or so ago? It promises simple implementation and significant increase of assignable IPv4 addresses, even extendable to the similar size of IPv6 if we could forgo our mentality about the IP addresses as "Personal Properties", by switching to treat them as "Natural Resources".
This paper is super thin on any reasonable level of detail, and seems to wholly miss the mark on ipv4 usage patterns. <snip>
****** Resend to go through NANOG ****** On 2022-03-25 12:24, Abraham Y. Chen wrote:
Dear Owen:
0) You rapid fired a few posts in succession yesterday. Some are interesting and crucial views that I would like to follow-up on. I will start from quoting the earlier ones. I hope that I am picking up the correct leads.
1) " ... 240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4. ... ": Perhaps you have not bothered to scan through a two page whitepaper (URL below, again) that I submitted a week or so ago? It promises simple implementation and significant increase of assignable IPv4 addresses, even extendable to the similar size of IPv6 if we could forgo our mentality about the IP addresses as "Personal Properties", by switching to treat them as "Natural Resources".
https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf
2) " ... so that content providers can start turning off v4 where it’s costing them money to support it. .... " & "... Content providers turning off v4 face competition from content providers that don’t. ... ": These two statements appeared to come from two separate posting of yours. They seemed to be contradicting each other. Did I misread somehow?
Now from the last post below:
3) " ... 240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4.... ": Please see information provided by Pt. 1) above.
4) " ... I think it should be reclassified from never going to be used into some part of the internet might actually do something with it. Its important that happens now, better late then never ... Please feel free to use it for router IDs in BGP and/or OSPF area numbers. :p ... ": I am in full agreement with you. Our proposal is the solution in Pt. 1) above.
5) " ... if we continue to waste effort that is better spent deploying IPv6 on bandaids and hacks to make v4 last just a little longer, .... ": This is not a productive opinion. Please do not forget that the Internet heavily promotes personal freedom. One can not force others to do something that they do not believe in. Stopping them from doing one thing does not automatically make them to do what you like. A project must have its own merits that attract contribution. The failure of the IPv6 actually started from when a decision was made to the effect of "not to emphasize backward compatibility with IPv4" which broke one of the golden rules in system engineering. Not recognizing such and focusing to find a way for remedying it, but continuing to force others to migrate to IPv6 camp with various tactics does not foster progress.
6) " ... The problem is that we’re not talking about parallel experiments. ... ": EzIP is a parallel experiment to the current Internet (not only IPv4, but also IPv6) operations, because its overlay architecture on the latter demarcates everything happening on it from the Internet. As long as packets exchanged between the two conform to the established Internet protocols, an EzIP deployment (called RAN - Regional Area Network) will appear as innocent as an ordinary private network.
Regards,
Abe (2022-03-25 12:24)
On 2022-03-24 21:25, Owen DeLong via NANOG wrote:
On Mar 24, 2022, at 15:49, Joe Maimon<jmaimon@jmaimon.com> wrote:
Owen DeLong wrote:
On Mar 24, 2022, at 03:36 , Joe Maimon<jmaimon@jmaimon.com> wrote:
In my view that takes the form of a multi-pronged strategy.
Do what it takes to keep IPv4 as usable as possible for as long as possible. I think this isn’t so much preempting the vacuum as trying to pretend we can survive on an hour of air for 20 years.
240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4. I think it should be reclassified from never going to be used into some part of the internet might actually do something with it. Its important that happens now, better late then never. Whether its GUA or not or a mix of whatever, whether it buys months or years will depend greatly on how its actually used if it is ever used. Please feel free to use it for router IDs in BGP and/or OSPF area numbers. :p
You may be right about not being worth it. More importantly, you may be wrong. IPv6 is replete with not only a plethora of wrong predictions, but the same ones over and over again. To be clear, the only effort asked from the unwilling is to support cutting the red tape frustrating the willing. A hearty round of knock yourself out from the right folk in the right place and time and we dont have to debate this particular point ever again. Certainly, if we continue to waste effort that is better spent deploying IPv6 on bandaids and hacks to make v4 last just a little longer, we will continue to fail and further delay IPv6 reaching a level of deployment that allows us to start turning down IPv4 and beginning to recognize the cost savings that come from moving forward.
How are we to ever find out who is right if that never happens? That alone is enough reason for me. The problem is that we’re not talking about parallel experiments. We’re talking about an optional activity which will inherently pull resources away from a necessary activity, thus delaying the necessary activity and becoming somewhat of a self-fulfilling prophecy. Hence I oppose this wasteful experiment in favor of doing what we all know eventually needs to be done.
Personally, that means that although I have long disliked proposals that keep moving to the left of the 128bit space, were I to believe it likely to increase deployment and momentum I would champion it in my own limited fashion much as I do 240/4. Not sure what you mean by “moving to the left of the 128 bit space”. That Ipv6 address allocation schemes and proposals tended to enlarge over time, using up more bits heading from right to left. Meh… I haven’t seen too much of that. I’ve been guilty of a certain amount of it, to be sure, but we’re only recently seeing the two largest RIRs start working through their second /12s even though it’s been years since I pushed for (and achieved) nibble-boundary round-ups as the norm in the ARIN region.
I think that we’re still OK on allocation policies. What I’d like to see is an end to the IPv4-think in large ISPs, such as Comcast’s continued micro allocations to their customers.
Owen
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
On Mar 25, 2022, at 18:47 , Abraham Y. Chen <aychen@avinta.com> wrote:
****** Resend to go through NANOG ******
On 2022-03-25 12:24, Abraham Y. Chen wrote:
Dear Owen:
0) You rapid fired a few posts in succession yesterday. Some are interesting and crucial views that I would like to follow-up on. I will start from quoting the earlier ones. I hope that I am picking up the correct leads.
1) " ... 240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4. ... ": Perhaps you have not bothered to scan through a two page whitepaper (URL below, again) that I submitted a week or so ago? It promises simple implementation and significant increase of assignable IPv4 addresses, even extendable to the similar size of IPv6 if we could forgo our mentality about the IP addresses as "Personal Properties", by switching to treat them as "Natural Resources".
https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf <https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf>
It still looks like NAT to me. NAT is a disgusting hack and destroys the universal peer to peer nature of the internet in favor of a consumer/provider model. Your proposal perpetuates that problem.
2) " ... so that content providers can start turning off v4 where it’s costing them money to support it. .... " & "... Content providers turning off v4 face competition from content providers that don’t. ... ": These two statements appeared to come from two separate posting of yours. They seemed to be contradicting each other. Did I misread somehow?
No, it is not contradictory at all… Content providers that have deployed IPv6 are eager to turn off IPv4 as soon as it won’t lose them customers. They are worried about losing customers because competition exists that might not turn off IPv4 at the same time they do. Thus, there is a need for customers to be IPv6 deployed before content providers can start turning off IPv4. Thus, the persistence of IPv4 in clients, especially enterprises, is costing content providers money.
Now from the last post below:
3) " ... 240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4.... ": Please see information provided by Pt. 1) above.
OK, so you want to extend RFC-1918 instead… Arguably even more worthless than reclassifying it as GUA. While it’s true that some very large deployments are short of RFC-1918 space, the reality is that the real shortage is in the GUA realm.
4) " ... I think it should be reclassified from never going to be used into some part of the internet might actually do something with it. Its important that happens now, better late then never ... Please feel free to use it for router IDs in BGP and/or OSPF area numbers. :p ... ": I am in full agreement with you. Our proposal is the solution in Pt. 1) above.
That’s not me. That’s Joe Maimon IIRC. My part was “Pleas feel free to use it for router IDs in BGP and/or OSPF area numbers. :p. It was mostly a snarky comment since neither BGP Router IDs nor OSPF Area numbers are actually IP addresses.
5) " ... if we continue to waste effort that is better spent deploying IPv6 on bandaids and hacks to make v4 last just a little longer, .... ": This is not a productive opinion. Please do not forget that the Internet heavily promotes personal freedom. One can not force others to do something that they do not believe in. Stopping them from doing one thing does not automatically make them to do what you like. A project must have its own merits that attract contribution. The failure of the IPv6 actually started from when a decision was made to the effect of "not to emphasize backward compatibility with IPv4" which broke one of the golden rules in system engineering. Not recognizing such and focusing to find a way for remedying it, but continuing to force others to migrate to IPv6 camp with various tactics does not foster progress.
We can agree to disagree about that… I think trying to continue to support IPv4 is not a productive opinion.
6) " ... The problem is that we’re not talking about parallel experiments. ... ": EzIP is a parallel experiment to the current Internet (not only IPv4, but also IPv6) operations, because its overlay architecture on the latter demarcates everything happening on it from the Internet. As long as packets exchanged between the two conform to the established Internet protocols, an EzIP deployment (called RAN - Regional Area Network) will appear as innocent as an ordinary private network.
Again, I disagree… You left out the relevant part of my quote where I stated that resources spent developing this mechanism are better used deploying IPv6. Owen
Hi, Owen: 0) Re: Ur. Pt. 2): This topic is such a tongue-twister. Let's put it aside for now, until I can properly convey the EzIP concept and scheme to you. 00) Re: Ur. Pt. 4): Okay, I was concerned about how to decipher this cryptic exchange. So let's put it aside as well. 1) Re: Ur. Pt. 1): Yes, you are correct that the EzIP network architecture looks like that of CG-NAT. In fact, it is exactly the same. This is actually the beauty of the EzIP solution. That is, without touching the hardware, by implementing the EzIP technique (*/disabling/* the program code that has been */disabling/* the use of the 240/4 netblock), an existing CG-NAT module becomes a RAN! As to universal peer-to-peer, where is any of such today? On the other hand, upon fully implemented the EzIP proposal (the second phase: making use of the Option Word in RFC791), an IoT in one RAN can directly reach a second IoT in another RAN world-wide. So that the original promise of the Internet will be finally fulfilled and for the long haul. 2) Re: Ur. Pt. 3): Similarly, you probably only recognized the part that EzIP proposes to classify the 240/4 netblock as the fourth private address in RFC1918, but overlooked that such capacity will enable a RAN to cover a geographic area as big as Tokyo Metro, or 75% of smaller countries around the world, even before utilizing the conventional three private netblocks. This puts 240/4 into a different league from the other three conventional private netblocks, although all four have basically the same technical characteristics. Now, visualizing each RAN is tethered from the existing Internet core by one umbilical cord (one IPv4 address), it appears like a private network. So that each RAN can provide Internet services by utilizing existing technologies, while avoiding those undesired. Combining these RANs around the world, an */overlay/* layer of routers (SPRs) can operate in parallel to the current Internet. Under such a configuration, the latter no long is involved with daily local activities, but only carries inter-RAN traffic, very much like the division between national and international telephone networks. This creates quite a different operation landscape. Please have a look at slide # 11 of the below whitepaper for a rough breakdown of the available addresses under the EzIP scheme. Furthermore, if used diligently, (treating IP address as "*/natural resources/*" instead of "*/personal properties/*"), the assignable "EzIP addresses" can last quite awhile. https://www.avinta.com/phoenix-1/home/EzIPenhancedInternet.pdf 3) Re: Ur. Pts. 5) & 6): I believe that there is a philosophic / logic baseline that we need to sort out, first. That is, we must keep in mind that the Internet community strongly promotes "*/personal freedom/*". Assuming that by stopping others from working on IPv4 will shift their energy to IPv6 is totally contradicting such a principle. A project attracts contributors by its own merits, not by relying on artificial barriers to the competitions. Based on my best understanding, IPv6 failed right after the decision of "not emphasizing the backward compatibility with IPv4". It broke one of the golden rules in the system engineering discipline. After nearly three decades, still evading such fact, but defusing IPv6 issues by various tactics is the real impedance to progress, not only to IPv4 but also to IPv6. Regards, Abe (2022-03-26 09:35 EDT) On 2022-03-25 22:17, Owen DeLong wrote:
On Mar 25, 2022, at 18:47 , Abraham Y. Chen <aychen@avinta.com> wrote:
****** Resend to go through NANOG ******
On 2022-03-25 12:24, Abraham Y. Chen wrote:
Dear Owen:
0) You rapid fired a few posts in succession yesterday. Some are interesting and crucial views that I would like to follow-up on. I will start from quoting the earlier ones. I hope that I am picking up the correct leads.
1) " ... 240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4. ... ": Perhaps you have not bothered to scan through a two page whitepaper (URL below, again) that I submitted a week or so ago? It promises simple implementation and significant increase of assignable IPv4 addresses, even extendable to the similar size of IPv6 if we could forgo our mentality about the IP addresses as "Personal Properties", by switching to treat them as "Natural Resources".
It still looks like NAT to me.
NAT is a disgusting hack and destroys the universal peer to peer nature of the internet in favor of a consumer/provider model.
Your proposal perpetuates that problem.
2) " ... so that content providers can start turning off v4 where it’s costing them money to support it. .... " & "... Content providers turning off v4 face competition from content providers that don’t. ... ": These two statements appeared to come from two separate posting of yours. They seemed to be contradicting each other. Did I misread somehow?
No, it is not contradictory at all…
Content providers that have deployed IPv6 are eager to turn off IPv4 as soon as it won’t lose them customers. They are worried about losing customers because competition exists that might not turn off IPv4 at the same time they do. Thus, there is a need for customers to be IPv6 deployed before content providers can start turning off IPv4. Thus, the persistence of IPv4 in clients, especially enterprises, is costing content providers money.
Now from the last post below:
3) " ... 240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4.... ": Please see information provided by Pt. 1) above.
OK, so you want to extend RFC-1918 instead… Arguably even more worthless than reclassifying it as GUA. While it’s true that some very large deployments are short of RFC-1918 space, the reality is that the real shortage is in the GUA realm.
4) " ... I think it should be reclassified from never going to be used into some part of the internet might actually do something with it. Its important that happens now, better late then never ... Please feel free to use it for router IDs in BGP and/or OSPF area numbers. :p ... ": I am in full agreement with you. Our proposal is the solution in Pt. 1) above.
That’s not me. That’s Joe Maimon IIRC. My part was “Pleas feel free to use it for router IDs in BGP and/or OSPF area numbers. :p.
It was mostly a snarky comment since neither BGP Router IDs nor OSPF Area numbers are actually IP addresses.
5) " ... if we continue to waste effort that is better spent deploying IPv6 on bandaids and hacks to make v4 last just a little longer, .... ": This is not a productive opinion. Please do not forget that the Internet heavily promotes personal freedom. One can not force others to do something that they do not believe in. Stopping them from doing one thing does not automatically make them to do what you like. A project must have its own merits that attract contribution. The failure of the IPv6 actually started from when a decision was made to the effect of "not to emphasize backward compatibility with IPv4" which broke one of the golden rules in system engineering. Not recognizing such and focusing to find a way for remedying it, but continuing to force others to migrate to IPv6 camp with various tactics does not foster progress.
We can agree to disagree about that… I think trying to continue to support IPv4 is not a productive opinion.
6) " ... The problem is that we’re not talking about parallel experiments. ... ": EzIP is a parallel experiment to the current Internet (not only IPv4, but also IPv6) operations, because its overlay architecture on the latter demarcates everything happening on it from the Internet. As long as packets exchanged between the two conform to the established Internet protocols, an EzIP deployment (called RAN - Regional Area Network) will appear as innocent as an ordinary private network.
Again, I disagree… You left out the relevant part of my quote where I stated that resources spent developing this mechanism are better used deploying IPv6.
Owen
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Hello, On Sat, 26 Mar 2022 09:35:30 -0400 "Abraham Y. Chen" <aychen@avinta.com> wrote:
touching the hardware, by implementing the EzIP technique (*/disabling/* the program code that has been */disabling/* the use of the 240/4 netblock), an existing CG-NAT module becomes a RAN! As to universal
Have you ever considered that this may be in fact: */writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect Paul
Have you ever considered that this may be in fact:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect
While Mr. Chen may have considered that, he has repeatedly hand waved that it's 'not that big a deal.', so I don't think he adequately grasps the scale of that challenge. On Sat, Mar 26, 2022 at 9:53 AM Paul Rolland <rol@witbe.net> wrote:
Hello,
On Sat, 26 Mar 2022 09:35:30 -0400 "Abraham Y. Chen" <aychen@avinta.com> wrote:
touching the hardware, by implementing the EzIP technique (*/disabling/* the program code that has been */disabling/* the use of the 240/4 netblock), an existing CG-NAT module becomes a RAN! As to universal
Have you ever considered that this may be in fact:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect
Paul
Hi, Tom & Paul: 1) " ... hand waved ... ": Through my line of work, I was trained to behave exactly the opposite. I am surprised at you jumping to the conclusion, even before challenging me about where did I get my viewpoint from. The fact is, it has been clearly documented in our IETF draft for the last couple years (since Rev-06 on 2019 Dec. 1)! For your convenience, please see below a copy of the potential target code fragment and critique. It appears to me that our software member suggested to comment out only one line (1047). Regards, Abe (2022-03-26 18:16) **************** D.1 <https://datatracker.ietf.org/doc/html/draft-chen-ati-adaptive-ipv4-address-space#appendix-D.1>. Candidate Code for Modification The following short JavaScript function named "ifip" in the TP-Link Archer C20 V4 source code has been shown to selectively reject specific ranges of IP addresses. In particular, Line 1047 uses a "2's Complement" technique to identify the 240/4 netblock as "PRESERVED", thus rejecting it. A quick scan of the firmware code in the router indicates that this function is a popular utility because there are numerous processes calling for it. So, this should be the best candidate to start testing our concept. lib.js:1040:ifip: function(ip, unalert) { lib.js-1041-if ((ip = $.ip2num(ip)) === false) return $.alert(ERR_IP_FORMAT, unalert); lib.js-1042-if (ip == -1) return $.alert(ERR_IP_BROADCAST, unalert); lib.js-1043-var net = ip >> 24; lib.js-1044-if (net == 0) return $.alert(ERR_IP_SUBNETA_NET_0, unalert); lib.js-1045-if (net == 127) return $.alert(ERR_IP_LOOPBACK, unalert); lib.js-1046-if (net >= -32 && net < -16) return $.alert(ERR_IP_MULTICAST, unalert); lib.js-1047-if (net >= -16 && net < 0) return $.alert(ERR_IP_PRESERVED, unalert); lib.js-1048-return 0; lib.js-1049-}, D.2 <https://datatracker.ietf.org/doc/html/draft-chen-ati-adaptive-ipv4-address-space-10#appendix-D.2>. Proposed Modification To stop rejecting the 240/4 netblock addressed packets, below is a modification that comments out Line 1047, a modification that has been shown to eliminate javascript pre-validation of 240/4 IP addresses, allowing them to be sent within the router, where a second layer of validation rejects them in a different way. lib.js:1040: ifip: function(ip, unalert) { lib.js-1041- if ((ip = $.ip2num(ip)) === false) return $.alert(ERR_IP_FORMAT, unalert); lib.js-1042- if (ip == -1) return $.alert(ERR_IP_BROADCAST, unalert); lib.js-1043- var net = ip >> 24; lib.js-1044- if (net == 0) return $.alert(ERR_IP_SUBNETA_NET_0, unalert); lib.js-1045- if (net == 127) return $.alert(ERR_IP_LOOPBACK, unalert); lib.js-1046- if (net >= -32 && net < -16) return $.alert(ERR_IP_MULTICAST, unalert); lib.js-1047- //if (net >= -16 && net < 0) return $.alert(ERR_IP_PRESERVED, unalert); lib.js-1048- return 0; lib.js-1049-}, **************** On 2022-03-26 12:37, Tom Beecher wrote:
Have you ever considered that this may be in fact:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect
While Mr. Chen may have considered that, he has repeatedly hand waved that it's 'not that big a deal.', so I don't think he adequately grasps the scale of that challenge.
On Sat, Mar 26, 2022 at 9:53 AM Paul Rolland <rol@witbe.net> wrote:
Hello,
On Sat, 26 Mar 2022 09:35:30 -0400 "Abraham Y. Chen" <aychen@avinta.com> wrote:
> touching the hardware, by implementing the EzIP technique (*/disabling/* > the program code that has been */disabling/* the use of the 240/4 > netblock), an existing CG-NAT module becomes a RAN! As to universal
Have you ever considered that this may be in fact:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect
Paul
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
----- On Mar 26, 2022, at 6:16 PM, Abraham Y. Chen aychen@avinta.com wrote:
Hi, Tom & Paul:
1) " ... hand waved ... ": Through my line of work, I was trained to behave exactly the opposite. I am surprised at you jumping to the conclusion, even before challenging me about where did I get my viewpoint from. The fact is, it has been clearly documented in our IETF draft for the last couple years (since Rev-06 on 2019 Dec. 1)! For your convenience, please see below a copy of the potential target code fragment and critique. It appears to me that our software member suggested to comment out only one line (1047).
Just because it is trivial to make the modification in a single, specific firmware for one particular device does not mean it is trivial to get it done on *billions* of devices. Even if each one was as trivial as your example, it would still be ludicrously difficult. Beyond that, I am still not understanding what you are actually trying to propose here. Your refusal to follow simple mailing list etiquette even after numerous requests makes it very difficult to decipher what you are saying. -Randy
Hi, Randy: 1) " ... does not mean it is trivial to get it done on *billions* of device. ... ": It looks that your mind is focused on upgrading existing IoTs. They are not to be perturbed according to the initial and short term EzIP deployment plans, because it basically is following the existing CG-NAT network configuration and master / client service model. Many RGs (Residential / Routing Gateways) are already capable of being a 240/4 DHCP client. (If not, commenting out one single line is likely all what is needed.). For the long term, it will be only those*/new/* IoTs desiring for end-to-end communication across RAN borders to have the ability of handling Option Words in the IP header. 2) " ... Your refusal to follow simple mailing list etiquette ... ": Sorry for the inconvenience that I have caused. Honestly, I am still trying to figure out what is the "required" etiquette, since what I have received were mostly "complaints" not constructive "instructions" (i.e., how about a cheat sheet of what to do and what not to?). So, I have been adjusting my writing style. (My best guess of the issue is mostly likely due to the Subject line which according to my business correspondence training is my own choice. I am baffled by why does it cause problems on this mailing list.) Regards, Abe (2022-03-27 15:16) On 2022-03-26 18:53, Randy Carpenter wrote:
----- On Mar 26, 2022, at 6:16 PM, Abraham Y. Chenaychen@avinta.com wrote:
Hi, Tom & Paul: 1) " ... hand waved ... ": Through my line of work, I was trained to behave exactly the opposite. I am surprised at you jumping to the conclusion, even before challenging me about where did I get my viewpoint from. The fact is, it has been clearly documented in our IETF draft for the last couple years (since Rev-06 on 2019 Dec. 1)! For your convenience, please see below a copy of the potential target code fragment and critique. It appears to me that our software member suggested to comment out only one line (1047). Just because it is trivial to make the modification in a single, specific firmware for one particular device sdoes not mean it is trivial to get it done on *billions* of device. Even if each one was as trivial as your example, it would still be ludicrously difficult.
Beyond that, I am still not understanding what you are actually trying to propose here. Your refusal to follow simple mailing list etiquette even after numerous requests makes it very difficult to decipher what you are saying.
-Randy
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Sent using a machine that autocorrects in interesting ways...
On Mar 27, 2022, at 12:18 PM, Abraham Y. Chen <aychen@avinta.com> wrote:
Honestly, I am still trying to figure out what is the "required" etiquette, since what I have received were mostly "complaints" not constructive "instructions" (i.e., how about a cheat sheet of what to do and what not to?).
I suspect there are two important rules. 1) every mailing list has a topic. Post on that topic. 2) a mailing list discussion is a conversation. We all get involved in conversations every day. Act as you would in polite conversation.
Sent using a machine that autocorrects in interesting ways...
On Mar 27, 2022, at 12:18 PM, Abraham Y. Chen <aychen@avinta.com> wrote:
I am baffled by why does it cause problems on this mailing list.
Are you aware that NANOG is not an IETF list? What would you guess might be the topic of a list associated with a Network Operator Group? Permit me to comment on what I have seen in this discussion, and what I haven’t seen. I would guess that your objective is primarily to build a constituency for a replacement paradigm for the Internet - instead of connectivity between endpoints, you want it to be connectivity between PABX-like islands. What I have observed is a steady patter of email indicating that everyone except you is wrong. What I have not observed is an emerging consensus in the direction your posted draft suggests. Food fir thought.
On Sat, Mar 26, 2022 at 12:37:59PM -0400, Tom Beecher wrote:
Have you ever considered that this may be in fact:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect
While Mr. Chen may have considered that, he has repeatedly hand waved that it's 'not that big a deal.', so I don't think he adequately grasps the scale of that challenge.
It seems like it should only require changes on a few billion nodes, given the size of the IPv4 address space, right? Oh, wait, NAT... So I guess the question here is how do you plan to incentivize the patching of all these devices, many of which are legacy devices with no maintainer for the firmware/software, in roles where they may not be accessible, and protected by firewalls that understand Class E to be unusable space. I am unclear on the desirability of "fixing" the IPv4 network by touching lots of nodes, in a manner which will never be comprehensive, in order to free up a relatively small block of space. It's going to be crippled, less-valuable space. It seems to me like it'd be much more productive, if you're going to be touching gear, to move towards IPv6. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov
On 3/26/22 17:38, Joe Greco wrote:
It seems like it should only require changes on a few billion nodes, given the size of the IPv4 address space, right?
Oh, wait, NAT...
Oh, wait again, several million of those few billion nodes have their code burned into ROM soldered to the board. -- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
Tom Beecher <beecher@beecher.cc> wrote:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect
While Mr. Chen may have considered that, he has repeatedly hand waved that it's 'not that big a deal.', so I don't think he adequately grasps the scale of that challenge.
From multiple years of patching and testing, the IPv4 Unicast Extensions Project knows that 240/4 ALREADY WORKS in a large fraction of the Internet. Including all the Linux servers and desktops, all the Android phones and tablets, all the MacOS machines, all the iOS phones, many of the home wifi gateways. All the Ethernet switches. And some less popular stuff like routers from Cisco, Juniper, and OpenWRT. Most of these started working A DECADE AGO. If others grasp the scale of the challenge better than we do, I'm happy to learn from them.
A traceroute from my machine to 240.1.2.3 goes through six routers at my ISP before stopping (probably at the first default-route-free router). Today Google is documenting to its cloud customers that they should use 240/4 for internal networks. (Read draft-schoen-intarea-unicast-240 for the citation.) We have received inquiries from two other huge Internet companies, which are investigating or already using 240/4 as private IPv4 address space. In short, we are actually making it work, and writing a spec for what already works. Our detractors are arguing: not that it doesn't work, but that we should instead seek to accomplish somebody else's goals. John PS: Mr. Abraham Chen's effort is not related to ours. Our drafts are agnostic about what 240/4 should be used for after we enable it as ordinary unicast. His EzIP overlay network effort is one that I don't fully understand. What I do understand is that since his effort uses 240/4 addresses as the outer addresses in IPv4 packets, it couldn't work without reaching our goal first: allowing any site on the Internet to send unicast packets to or from 240.0.0.1 and having them arrive.
Dear John: 0) Appreciate very much for your comments. 1) "A traceroute from my machine to 240.1.2.3 goes through six routers at my ISP before stopping (probably at the first default-route-free router). ": Great, this confirms our experience. While our team's skill is far inferior than yours, we did use Xubuntu based PCs to send TraceRoute packets with 240/4 addresses into the Internet and got records indicating that they had traveled through at least a couple routers into Verizon's network a few years ago. Those observations kept us going, even though all we heard from the Internet community was "240/4 could not and should not be used". 2) " What I do understand is that since his effort uses 240/4 addresses as the outer addresses in IPv4 packets, it couldn't work without reaching our goal first: ": Exactly, We are in sync. I am glad that your team is doing the ground work of enabling 240/4 for unicast. EzIP is a specific application of such a capability as a private netblock. Yet, due to its size, it is possible to consider a global deployment configuration. 3) " ... I don't fully understand. ... allowing any site on the Internet to send unicast packets to or from 240.0.0.1 and having them arrive. ": Sorry that I have not made our presentation clear enough, thus misled you to this uncertainty. EzIP proposes to deploy 240/4 address based RANs, each tethering off the current Internet via one IPv4 public address. As such, the collection of RANs forms an overlay network layer wrapping around the current Internet core. Consequently, only the SPRs in the RAN need to be able to transport 240/4 addressed packets. This is why we talk about enabling new (but based on existing design) routers to use 240/4 netblock for serving as SPRs, but not perturbing any routers in the current Internet. 4) I would like to share one intriguing graphics (see URL below) that is almost perfect for depicting the EzIP deployment configuration. Consider the blue sphere as the earth or the current Internet core and the golden colored land as the RANs. By connecting each continent, country or all the way down to a Region to the earth via one IPv4 address, we have the EzIP configuration. With this architecture, each RAN looks like a private network. Thus, everything proposed by EzIP can be done in the RANs, independent of the current Internet. https://dotconnectafrica.org/icann-wins-by-technical-knockout-dca-blocked-fr... I do realize that the EzIP concept is rather unorthodox, making it difficult to visualize at a glance. Hope this clarifies the overall picture a bit. Regards, Abe (2022-03-27 00:31) On 2022-03-26 21:42, John Gilmore wrote:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect While Mr. Chen may have considered that, he has repeatedly hand waved that it's 'not that big a deal.', so I don't think he adequately grasps the scale of that challenge. From multiple years of patching and testing, the IPv4 Unicast Extensions Project knows that 240/4 ALREADY WORKS in a large fraction of the Internet. Including all the Linux servers and desktops, all the Android
Tom Beecher<beecher@beecher.cc> wrote: phones and tablets, all the MacOS machines, all the iOS phones, many of the home wifi gateways. All the Ethernet switches. And some less popular stuff like routers from Cisco, Juniper, and OpenWRT. Most of these started working A DECADE AGO. If others grasp the scale of the challenge better than we do, I'm happy to learn from them.
A traceroute from my machine to 240.1.2.3 goes through six routers at my ISP before stopping (probably at the first default-route-free router).
Today Google is documenting to its cloud customers that they should use 240/4 for internal networks. (Read draft-schoen-intarea-unicast-240 for the citation.) We have received inquiries from two other huge Internet companies, which are investigating or already using 240/4 as private IPv4 address space.
In short, we are actually making it work, and writing a spec for what already works. Our detractors are arguing: not that it doesn't work, but that we should instead seek to accomplish somebody else's goals.
John
PS: Mr. Abraham Chen's effort is not related to ours. Our drafts are agnostic about what 240/4 should be used for after we enable it as ordinary unicast. His EzIP overlay network effort is one that I don't fully understand. What I do understand is that since his effort uses 240/4 addresses as the outer addresses in IPv4 packets, it couldn't work without reaching our goal first: allowing any site on the Internet to send unicast packets to or from 240.0.0.1 and having them arrive.
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
On Sun Mar 27, 2022 at 12:31:48AM -0400, Abraham Y. Chen wrote:
EzIP proposes to deploy 240/4 address based RANs, each tethering off the current Internet via one IPv4 public address.
So each RAN has no possibility of redundant connections? Nobody of scale would accept such a limitation. It also looks like an opportunity for telcos/governments to partition their part of the internet and impose whatever censorship they wish.
As such, the collection of RANs forms an overlay network layer wrapping around the current Internet core. Consequently, only the SPRs in the RAN need to be able to transport 240/4 addressed packets.
You previously described this as like connecting CG-NATs together via a VPN. I don't see why we'd want to add maintaining a global VPN to already difficult peering relationships. It could be used to exlude non EzIP club members.
This is why we talk about enabling new (but based on existing design) routers to use 240/4 netblock for serving as SPRs, but not perturbing any routers in the current Internet.
As it's a CG-NAT variant why are you delaying yourself by requiring new address space that will take a long time to become available? Why not use the already allocated space for CG-NAT? Sure it's only a /10 but that's an already (probably too) large RAN. It also seems unfeasibly optimistic that if the work was done globally to make 240/4 useable that they'd want to dedicate it to the as yet undeployed EzIP. You might stand more chance if you gained some critical mass using the existing available 100.64/10 & rfc1918 space, and then those that find they need more in one RAN will make the case for 240/4 when it becomes necessary for them. Is 240/4 special to EzIP such that alternative numbers may not be used?
I would like to share one intriguing graphics (see URL below) that is almost perfect for depicting the EzIP deployment configuration. Consider the blue sphere as the earth or the current Internet core and the golden colored land as the RANs. By connecting each continent, country or all the way down to a Region to the earth via one IPv4 address, we have the EzIP configuration. With this architecture, each RAN looks like a private network.
That sounds an entirely undesirable goal for the internet. brandon
On 27 March 2022 15:53:25 Brandon Butterworth <brandon@rd.bbc.co.uk> wrote:
On Sun Mar 27, 2022 at 12:31:48AM -0400, Abraham Y. Chen wrote:
EzIP proposes to deploy 240/4 address based RANs, each tethering off the current Internet via one IPv4 public address.
So each RAN has no possibility of redundant connections? Nobody of scale would accept such a limitation. It also looks like an opportunity for telcos/governments to partition their part of the internet and impose whatever censorship they wish.
As such, the collection of RANs forms an overlay network layer wrapping around the current Internet core. Consequently, only the SPRs in the RAN need to be able to transport 240/4 addressed packets.
You previously described this as like connecting CG-NATs together via a VPN. I don't see why we'd want to add maintaining a global VPN to already difficult peering relationships. It could be used to exlude non EzIP club members.
This is why we talk about enabling new (but based on existing design) routers to use 240/4 netblock for serving as SPRs, but not perturbing any routers in the current Internet.
As it's a CG-NAT variant why are you delaying yourself by requiring new address space that will take a long time to become available? Why not use the already allocated space for CG-NAT? Sure it's only a /10 but that's an already (probably too) large RAN.
It also seems unfeasibly optimistic that if the work was done globally to make 240/4 useable that they'd want to dedicate it to the as yet undeployed EzIP. You might stand more chance if you gained some critical mass using the existing available 100.64/10 & rfc1918 space, and then those that find they need more in one RAN will make the case for 240/4 when it becomes necessary for them. Is 240/4 special to EzIP such that alternative numbers may not be used?
I would like to share one intriguing graphics (see URL below) that is almost perfect for depicting the EzIP deployment configuration. Consider the blue sphere as the earth or the current Internet core and the golden colored land as the RANs. By connecting each continent, country or all the way down to a Region to the earth via one IPv4 address, we have the EzIP configuration. With this architecture, each RAN looks like a private network.
That sounds an entirely undesirable goal for the internet.
brandon
It isn't the Internet. It's at best a very poorly connected spur gateway. Too many today don't remember the towers of Babel world prior to the Internet. If they did they'd understand that building on this type of idea is like burying yourself.... And any customers so unwise to get involved C
Hi, Christian: 0) Allow me following your "towers of babel world" metaphor to tell a short story. 1) In the ancient days, peasants labored under the shadow of the Tower, following the rules of and paid tax to the Lord living in the Tower. In return, they expected protection from the Lord against harms. (Sometime ago, I read an archaeological article reporting certain evidence that the Load somewhere in England during medieval time might have been expected to protect his peasants from any harm, including even paid his life for famine.) 2) In the modern world, the peasants still live around the Tower following the rules, paying taxes and expecting protection from the Lord, now represented by the government agencies such as local police, FCC, FTC, DoD, DHS, etc. 3) In the Internet era, the peasants roam everywhere around the cyberspace freely enjoying the Internet way. However, their wealth is now being siphoned out to the invisible Lords (the multi-national businesses with virtual presence in each and every Tower). However, little can be expected in return when perpetrators attack, because no Lord assumes the responsibility, nor any can be held responsible. 4) EzIP proposes an overlay cyberspace with geographic flavor to restore the society infrastructure back to Pt. 2) above, while providing the daily services of Pt. 3). It essentially offers a parallel Internet for the peasants who can again expect protection from their local government who collects taxes, while without losing the benefits of the digital revolution. 5) The two cyberspaces are expected to coexist and none-interfering to each other. Peasants have the freedom of choice by living in either or try both then decide. The above is just a quick rough thought, far from polished. It is intended to be a preliminary framework so that we can hang some meat on it for starting meaningful discussions. Regards, Abe (2022-04-01 14:17) On 2022-03-27 11:03, Christian de Larrinaga wrote:
On 27 March 2022 15:53:25 Brandon Butterworth <brandon@rd.bbc.co.uk> wrote:
On Sun Mar 27, 2022 at 12:31:48AM -0400, Abraham Y. Chen wrote:
EzIP proposes to deploy 240/4 address based RANs, each tethering off the current Internet via one IPv4 public address.
So each RAN has no possibility of redundant connections? Nobody of scale would accept such a limitation. It also looks like an opportunity for telcos/governments to partition their part of the internet and impose whatever censorship they wish.
As such, the collection of RANs forms an overlay network layer wrapping around the current Internet core. Consequently, only the SPRs in the RAN need to be able to transport 240/4 addressed packets.
You previously described this as like connecting CG-NATs together via a VPN. I don't see why we'd want to add maintaining a global VPN to already difficult peering relationships. It could be used to exlude non EzIP club members.
This is why we talk about enabling new (but based on existing design) routers to use 240/4 netblock for serving as SPRs, but not perturbing any routers in the current Internet.
As it's a CG-NAT variant why are you delaying yourself by requiring new address space that will take a long time to become available? Why not use the already allocated space for CG-NAT? Sure it's only a /10 but that's an already (probably too) large RAN.
It also seems unfeasibly optimistic that if the work was done globally to make 240/4 useable that they'd want to dedicate it to the as yet undeployed EzIP. You might stand more chance if you gained some critical mass using the existing available 100.64/10 & rfc1918 space, and then those that find they need more in one RAN will make the case for 240/4 when it becomes necessary for them. Is 240/4 special to EzIP such that alternative numbers may not be used?
I would like to share one intriguing graphics (see URL below) that is almost perfect for depicting the EzIP deployment configuration. Consider the blue sphere as the earth or the current Internet core and the golden colored land as the RANs. By connecting each continent, country or all the way down to a Region to the earth via one IPv4 address, we have the EzIP configuration. With this architecture, each RAN looks like a private network.
That sounds an entirely undesirable goal for the internet.
brandon
It isn't the Internet. It's at best a very poorly connected spur gateway.
Too many today don't remember the towers of Babel world prior to the Internet. If they did they'd understand that building on this type of idea is like burying yourself.... And any customers so unwise to get involved
C
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
On 1 Apr 2022, at 11:17, Abraham Y. Chen wrote:
4) EzIP proposes an overlay cyberspace with geographic flavor to restore the society infrastructure back to Pt. 2) above, while providing the daily services of Pt. 3). It essentially offers a parallel Internet for the peasants who can again expect protection from their local government who collects taxes, while without losing the benefits of the digital revolution.
So essentially a darknet whose implementation happens to be patent-encumbered by you. This doesn’t sound like progress to me. Ant
Hi, Ant: 1) " ... darknet ... ": I am not aware of this terminology. Nonetheless, I believe that bringing in a not commonly known word into a discussion like this is just distraction tactic. 2) " ... progress ... ": EzIP proposes a parallel cyberspace to the current Internet which not only is none interfering to each other, but also promises to require bare minimum engineering efforts to deploy. This can settle the long debates on which way the Internet should go via true experiments. If this is not regarded as progress, I am not sure what qualifies so under your definition. Regards, Abe (2022-04-02 08:55) On 2022-04-02 00:21, ant+nanog.org@antiphase.net wrote:
On 1 Apr 2022, at 11:17, Abraham Y. Chen wrote:
4) EzIP proposes an overlay cyberspace with geographic flavor to restore the society infrastructure back to Pt. 2) above, while providing the daily services of Pt. 3). It essentially offers a parallel Internet for the peasants who can again expect protection from their local government who collects taxes, while without losing the benefits of the digital revolution. So essentially a darknet whose implementation happens to be patent-encumbered by you. This doesn’t sound like progress to me.
Ant
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Sent using a machine that autocorrects in interesting ways...
On Apr 2, 2022, at 5:57 AM, Abraham Y. Chen <aychen@avinta.com> wrote:
1) " ... darknet ... ": I am not aware of this terminology. Nonetheless, I believe that bringing in a not commonly known word into a discussion like this is just distraction tactic.
It’s actually a pretty common word for a prefix or other set of addresses used to detect address scans. If an address is unused and not in DNS, a packet sent to it is not obviously benign, nor is the systemvv be sending it.
Your take on English history is a delightful fantasy but it is just that a delightful fantasy. Norman barons were not typically concerned with the health of their anglo saxon/british serfs / yoemen other than providing the required tithes. But taking you at what seems to be your intention. Speaking as a digital peasant I am not assured that my interests are protected from anybody by being told I have no direct access to people I want to communicate with but have to go through a third party. Any addressing model that terminates address space between me and someone I communicate with also terminates my communications and security and by so doing introduces a number of uncertainties potentially rather arbitrary to what would otherwise be under my direct policy domain. C "Abraham Y. Chen" <aychen@avinta.com> writes:
Hi, Christian:
0) Allow me following your "towers of babel world" metaphor to tell a short story.
1) In the ancient days, peasants labored under the shadow of the Tower, following the rules of and paid tax to the Lord living in the Tower. In return, they expected protection from the Lord against harms. (Sometime ago, I read an archaeological article reporting certain evidence that the Load somewhere in England during medieval time might have been expected to protect his peasants from any harm, including even paid his life for famine.)
2) In the modern world, the peasants still live around the Tower following the rules, paying taxes and expecting protection from the Lord, now represented by the government agencies such as local police, FCC, FTC, DoD, DHS, etc.
3) In the Internet era, the peasants roam everywhere around the cyberspace freely enjoying the Internet way. However, their wealth is now being siphoned out to the invisible Lords (the multi-national businesses with virtual presence in each and every Tower). However, little can be expected in return when perpetrators attack, because no Lord assumes the responsibility, nor any can be held responsible.
4) EzIP proposes an overlay cyberspace with geographic flavor to restore the society infrastructure back to Pt. 2) above, while providing the daily services of Pt. 3). It essentially offers a parallel Internet for the peasants who can again expect protection from their local government who collects taxes, while without losing the benefits of the digital revolution.
5) The two cyberspaces are expected to coexist and none-interfering to each other. Peasants have the freedom of choice by living in either or try both then decide.
The above is just a quick rough thought, far from polished. It is intended to be a preliminary framework so that we can hang some meat on it for starting meaningful discussions.
Regards,
Abe (2022-04-01 14:17)
On 2022-03-27 11:03, Christian de Larrinaga wrote:
On 27 March 2022 15:53:25 Brandon Butterworth <brandon@rd.bbc.co.uk> wrote:
On Sun Mar 27, 2022 at 12:31:48AM -0400, Abraham Y. Chen wrote:
EzIP proposes to deploy 240/4 address based RANs, each tethering off the current Internet via one IPv4 public address.
So each RAN has no possibility of redundant connections? Nobody of scale would accept such a limitation. It also looks like an opportunity for telcos/governments to partition their part of the internet and impose whatever censorship they wish.
As such, the collection of RANs forms an overlay network layer wrapping around the current Internet core. Consequently, only the SPRs in the RAN need to be able to transport 240/4 addressed packets.
You previously described this as like connecting CG-NATs together via a VPN. I don't see why we'd want to add maintaining a global VPN to already difficult peering relationships. It could be used to exlude non EzIP club members.
This is why we talk about enabling new (but based on existing design) routers to use 240/4 netblock for serving as SPRs, but not perturbing any routers in the current Internet.
As it's a CG-NAT variant why are you delaying yourself by requiring new address space that will take a long time to become available? Why not use the already allocated space for CG-NAT? Sure it's only a /10 but that's an already (probably too) large RAN.
It also seems unfeasibly optimistic that if the work was done globally to make 240/4 useable that they'd want to dedicate it to the as yet undeployed EzIP. You might stand more chance if you gained some critical mass using the existing available 100.64/10 & rfc1918 space, and then those that find they need more in one RAN will make the case for 240/4 when it becomes necessary for them. Is 240/4 special to EzIP such that alternative numbers may not be used?
I would like to share one intriguing graphics (see URL below) that is almost perfect for depicting the EzIP deployment configuration. Consider the blue sphere as the earth or the current Internet core and the golden colored land as the RANs. By connecting each continent, country or all the way down to a Region to the earth via one IPv4 address, we have the EzIP configuration. With this architecture, each RAN looks like a private network.
That sounds an entirely undesirable goal for the internet.
brandon
It isn't the Internet. It's at best a very poorly connected spur gateway.
Too many today don't remember the towers of Babel world prior to the Internet. If they did they'd understand that building on this type of idea is like burying yourself.... And any customers so unwise to get involved
C
-- christian de larrinaga https://firsthand.net
Hi, Christian: 1) I am a person who normally does not do hearsay. This was why I put the unverified "street legend" about ancient Lord in parentheses to just hint the possible extreme. Without it, the flow of my short story really does not change. Since you spotted on it, I went back to search for the online article that I had in mind. The following URL is likely what I read because the keyword "Celtic" linked my vague understanding of Ireland to England in general: https://www.smithsonianmag.com/smart-news/tollund-man-europe-bog-body-meal-f... There were several hypotheses in the above hinting the interpretation that I got. The following citation seems to be more specific. ***************** “In Ireland, the king is the pivotal member of society, so when things go wrong, he pays the price,” says Kelly. “All the new bodies discovered since then have reaffirmed this theory. ***************** For sure, this subject is off topic on this mailing list. Have fun to dig into it, if you like. I will be glad to carry on with you offline. 2) " I am not assured that my interests are protected from anybody by being told I have no direct access to people I want to communicate with but have to go through a third party. ... ": I am not sure that I can properly decipher your precise preference through a long paragraph. But, based on your general tone, I get the sense that you prefer the current "Internet way" than a more explicit and rigid communication system convention that EzIP proposes. If so, you might be living in fantasy: A. Note that the privacy and security issues are multi-faceted. One has to look at them from the perspectives of both the victims and the perpetrators. There was a "classic" paper a long time ago (2006) that made this painfully clear. Internet Geolocation and Evasion https://www.ccsl.carleton.ca/paper-archive/muir-computingsurveys-09.pdf It was a long research paper. But, a concise summary was given in Section 6 Concluding Remarks: ********* We note that even if accurate IP geolocation is possible for 99% of IP addresses, if the remaining 1% is fixed and predictable by an adversary, and such that the adversary can place themselves within this subspace, then they can evade geolocation 100% of the time. ********* Judging by the facts that the targeted marketing is very successful these days, while it is very challenging to identify, let alone to locate, a perpetrator, the above is most likely still true. B. On the other hand, governments have been taking advantage of the current Internet privacy practices as the excuse to actually invade individual's privacy. See below for a recent status report: 'A free pass to seize and sift': Federal court upholds terrorism conviction in controversial mass surveillancecase https://www.usatoday.com/story/news/2021/12/08/federal-court-upholds-terrori... <https://www.usatoday.com/story/news/2021/12/08/federal-court-upholds-terrorism-conviction-mass-surveillance-case/6440325001/> 3) Based on the master/slave relationship, the current sever/client operation model dominates the Content Delivery Networks (CDN) that even handles eMail services (probably by offering their off-peak spare capacity, since eMail is time insensitive). This was evidenced by eMail services got interrupted when Netflix service was down recently. This means that, like it or not, individual's communications have been buffered, relayed, etc. along the way, giving more than enough opportunities for the "free service" third, or fourth party providers to do whatever they wish, anyway. So, we should stop the current kind of ostrich mentality for our own good. What EzIP proposes is to forget about all these current fictitious "protections", but go back to the explicit communications disciplines of yesterday years. So that, the behind-the-scene mass surveillance will be outlawed again. Then, whenever there is any need to monitor a suspected party, an explicit request must be first made by a law enforcement agency to the court. Sorry to those businesses who provide surveillance and analysis equipment (computers and memories) as well as service to law enforcement agencies. Regards, Abe (2022-04-02 17:50) On 2022-04-02 12:13, christian de larrinaga wrote:
Your take on English history is a delightful fantasy but it is just that a delightful fantasy. Norman barons were not typically concerned with the health of their anglo saxon/british serfs / yoemen other than providing the required tithes.
But taking you at what seems to be your intention. Speaking as a digital peasant I am not assured that my interests are protected from anybody by being told I have no direct access to people I want to communicate with but have to go through a third party. Any addressing model that terminates address space between me and someone I communicate with also terminates my communications and security and by so doing introduces a number of uncertainties potentially rather arbitrary to what would otherwise be under my direct policy domain.
C
"Abraham Y. Chen"<aychen@avinta.com> writes:
Hi, Christian:
0) Allow me following your "towers of babel world" metaphor to tell a short story.
1) In the ancient days, peasants labored under the shadow of the Tower, following the rules of and paid tax to the Lord living in the Tower. In return, they expected protection from the Lord against harms. (Sometime ago, I read an archaeological article reporting certain evidence that the Load somewhere in England during medieval time might have been expected to protect his peasants from any harm, including even paid his life for famine.)
2) In the modern world, the peasants still live around the Tower following the rules, paying taxes and expecting protection from the Lord, now represented by the government agencies such as local police, FCC, FTC, DoD, DHS, etc.
3) In the Internet era, the peasants roam everywhere around the cyberspace freely enjoying the Internet way. However, their wealth is now being siphoned out to the invisible Lords (the multi-national businesses with virtual presence in each and every Tower). However, little can be expected in return when perpetrators attack, because no Lord assumes the responsibility, nor any can be held responsible.
4) EzIP proposes an overlay cyberspace with geographic flavor to restore the society infrastructure back to Pt. 2) above, while providing the daily services of Pt. 3). It essentially offers a parallel Internet for the peasants who can again expect protection from their local government who collects taxes, while without losing the benefits of the digital revolution.
5) The two cyberspaces are expected to coexist and none-interfering to each other. Peasants have the freedom of choice by living in either or try both then decide.
The above is just a quick rough thought, far from polished. It is intended to be a preliminary framework so that we can hang some meat on it for starting meaningful discussions.
Regards,
Abe (2022-04-01 14:17)
On 2022-03-27 11:03, Christian de Larrinaga wrote:
On 27 March 2022 15:53:25 Brandon Butterworth<brandon@rd.bbc.co.uk> wrote:
On Sun Mar 27, 2022 at 12:31:48AM -0400, Abraham Y. Chen wrote:
EzIP proposes to deploy 240/4 address based RANs, each tethering off the current Internet via one IPv4 public address. So each RAN has no possibility of redundant connections? Nobody of scale would accept such a limitation. It also looks like an opportunity for telcos/governments to partition their part of the internet and impose whatever censorship they wish.
As such, the collection of RANs forms an overlay network layer wrapping around the current Internet core. Consequently, only the SPRs in the RAN need to be able to transport 240/4 addressed packets. You previously described this as like connecting CG-NATs together via a VPN. I don't see why we'd want to add maintaining a global VPN to already difficult peering relationships. It could be used to exlude non EzIP club members.
This is why we talk about enabling new (but based on existing design) routers to use 240/4 netblock for serving as SPRs, but not perturbing any routers in the current Internet. As it's a CG-NAT variant why are you delaying yourself by requiring new address space that will take a long time to become available? Why not use the already allocated space for CG-NAT? Sure it's only a /10 but that's an already (probably too) large RAN.
It also seems unfeasibly optimistic that if the work was done globally to make 240/4 useable that they'd want to dedicate it to the as yet undeployed EzIP. You might stand more chance if you gained some critical mass using the existing available 100.64/10 & rfc1918 space, and then those that find they need more in one RAN will make the case for 240/4 when it becomes necessary for them. Is 240/4 special to EzIP such that alternative numbers may not be used?
I would like to share one intriguing graphics (see URL below) that is almost perfect for depicting the EzIP deployment configuration. Consider the blue sphere as the earth or the current Internet core and the golden colored land as the RANs. By connecting each continent, country or all the way down to a Region to the earth via one IPv4 address, we have the EzIP configuration. With this architecture, each RAN looks like a private network. That sounds an entirely undesirable goal for the internet.
brandon It isn't the Internet. It's at best a very poorly connected spur gateway.
Too many today don't remember the towers of Babel world prior to the Internet. If they did they'd understand that building on this type of idea is like burying yourself.... And any customers so unwise to get involved
C
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Hi, Brandon: 1) "So each RAN has no possibility of redundant connections? .. ": There is difference between "via one IPv4 public address" and "wide bandwidth or multiple channels". The former is called "numbering plan". The latter is part of "traffic engineering". The former defines the configuration / architecture of the latter, but not restricts its capability. One simple analogy is that a corporation headquarters publishes only one (representative) telephone number. But, everyone knows that there are multiple physical channels to carry the simultaneous conversations. So, we discuss about network architecture here. Then, the implementation engineering will take care of the details. 2) " It also looks like an opportunity for telcos/governments to partition their part of the internet and impose whatever censorship they wish. ... ": The EzIP scheme provides an alternative to the current "Internet way" operation model and can operate in parallel while none-interfering to each other. There is no intention for EzIP to replace the current Internet. The hope is to let the two models operate in real time for the consumer to make the informed choice, as in a free market. 3) " You previously described this as like connecting CG-NATs together via a VPN. ... ": I do not believe that I have ever mentioned VPN in any of our literature, nor correspondence. I would appreciate learning where did you find such a connection. 4) " As it's a CG-NAT variant why are you delaying yourself by requiring new address space that will take a long time to become available? ": As it has become evident recently through various posting, the 240/4 netblock has been used "behind-the-scene" by many projects without the explicit permission by ICANN. Since packets with 240/4 addressing get dropped by existing routers, it actually makes the deployment of the new project easier. EzIP can be deployed in the same fashion as well. However, with the Unicast Extension Project became known, we would like to go along with their efforts to make the EzIP process more "Kosher". 5) "... Why not use the already allocated space for CG-NAT? Sure it's only a /10 but that's an already (probably too) large RAN.... ": The CG-NAT netblock of /10 is only one fourth of the largest private netblock 10/8. So, it is not big enough for the next level of challenge. Making use of the 240/4 netblock allows EzIP to serve a large enough geographical area, so that a true "Regional" Area Network characteristic may be achieved. A RAN can serve a population of upto 39M, even before employing the three conventional private netblocks. So, it is possible to experiment the wish of the "Country" networks idea proposed by ITU about one decade ago. Whether it is better or worse than the current Internet, EzIP provides a separate test bed for such, instead of verbal debates forever. 6) " It also seems unfeasibly optimistic that if the work was done globally to make 240/4 useable that they'd want to dedicate it to the as yet undeployed EzIP. ... ": As have been hinted a couple times already on this forum, the ideal EzIP initial deployment beds are the existing CG-NAT modules. All we need to do is to enable the routers in a CG-NAT module to route 240/4 netblock and retire the 100.64/10 netblock. Since every customer premises can have a static 240/4 address, the DHCP process in the CG-NAT can fade out. The current communication between this CG-NAT with the Internet core remains unchanged. This process can be done gradually, one CG-NAT module at a time. No one outside of each of such tranistin will even notice something has happened. There is no need to do this globally in one shot, at all. 7) "Is 240/4 special to EzIP such that alternative numbers may not be used? " No, nothing is special here. The only reason that 240/4 is attractive is because it is big, continuous as well as being "Reserved for Future use" for so long. It is like a never-never land, fresh enough to do something really grand and for the long term. 8) " That sounds an entirely undesirable goal for the internet. ": As I state above, EzIP offers a configuration for experimenting a (or more) parallel Internet(s). they will not interfere the current Internet, nor one another. So, what is your concern or reservation? Regards, Abe (2022-03-27 16:35) On 2022-03-27 10:49, Brandon Butterworth wrote:
On Sun Mar 27, 2022 at 12:31:48AM -0400, Abraham Y. Chen wrote:
EzIP proposes to deploy 240/4 address based RANs, each tethering off the current Internet via one IPv4 public address. So each RAN has no possibility of redundant connections? Nobody of scale would accept such a limitation. It also looks like an opportunity for telcos/governments to partition their part of the internet and impose whatever censorship they wish.
As such, the collection of RANs forms an overlay network layer wrapping around the current Internet core. Consequently, only the SPRs in the RAN need to be able to transport 240/4 addressed packets. You previously described this as like connecting CG-NATs together via a VPN. I don't see why we'd want to add maintaining a global VPN to already difficult peering relationships. It could be used to exlude non EzIP club members.
This is why we talk about enabling new (but based on existing design) routers to use 240/4 netblock for serving as SPRs, but not perturbing any routers in the current Internet. As it's a CG-NAT variant why are you delaying yourself by requiring new address space that will take a long time to become available? Why not use the already allocated space for CG-NAT? Sure it's only a /10 but that's an already (probably too) large RAN.
It also seems unfeasibly optimistic that if the work was done globally to make 240/4 useable that they'd want to dedicate it to the as yet undeployed EzIP. You might stand more chance if you gained some critical mass using the existing available 100.64/10 & rfc1918 space, and then those that find they need more in one RAN will make the case for 240/4 when it becomes necessary for them. Is 240/4 special to EzIP such that alternative numbers may not be used?
I would like to share one intriguing graphics (see URL below) that is almost perfect for depicting the EzIP deployment configuration. Consider the blue sphere as the earth or the current Internet core and the golden colored land as the RANs. By connecting each continent, country or all the way down to a Region to the earth via one IPv4 address, we have the EzIP configuration. With this architecture, each RAN looks like a private network. That sounds an entirely undesirable goal for the internet.
brandon
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
John Gilmore wrote:
Tom Beecher <beecher@beecher.cc> wrote:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect While Mr. Chen may have considered that, he has repeatedly hand waved that it's 'not that big a deal.', so I don't think he adequately grasps the scale of that challenge. From multiple years of patching and testing, the IPv4 Unicast Extensions Project knows that 240/4 ALREADY WORKS in a large fraction of the Internet.
And this is without the removal of reserved status. There is no real reason to think it would not have been practically universal if that had happened a decade ago.
Today Google is documenting to its cloud customers that they should use 240/4 for internal networks. (Read draft-schoen-intarea-unicast-240 for the citation.) We have received inquiries from two other huge Internet companies, which are investigating or already using 240/4 as private IPv4 address space.
240/4 becoming a de-facto super rc1918 in its totality is actually a net-loss. Has 240/4 been unreserved for potential global internet purposes a decade ago, much more constructive purposes could have been standardized as well. So all the delay is not a "no harm no foul" situation.
In short, we are actually making it work, and writing a spec for what already works. Our detractors are arguing: not that it doesn't work, but that we should instead seek to accomplish somebody else's goals.
John
At this point, its more like you have publicly accepted all the blame for the current incomplete state of IPv6 by acknowledging that you chose to take on the daunting task of 240/4 and refused to direct yours and everyone you knew efforts into IPv6, which was missing only that. Joe
On Sat, Mar 26, 2022, 21:42 John Gilmore <gnu@toad.com> wrote:
Today Google is documenting to its cloud customers that they should use 240/4 for internal networks. (Read draft-schoen-intarea-unicast-240 for the citation.) We have received inquiries from two other huge Internet companies, which are investigating or already using 240/4 as private IPv4 address space.
I think the advice in the draft, and on the quoted page of Google cloud docs is that you can use whatever address space you want for your voc network. I think it also says that choosing poorly could make portions if the internet unreachable. I don't see that the docs specify usage of 240/4 though.
I usually keep quiet on this list, but this topic is relevant to me as a smaller (non-BGP level) network operator who would really love to see more IPv6 deployment. I don't have experience deploying internet technologies at the highest level, so I can't say I fully understand the difficulties surrounding it. What I can say, however, is that I am growing extremely frustrated by the lack of available internet address space.
From my perspective, IPv6 is the obvious way forward, and honestly, I see a whole lot of whining any time it is brought up. You guys seem to be so averse to actually doing your jobs sometimes. Yes, problems may arise when introducing a new technology. You may have to actually fix some things that break. The benefit is that we finally get enough address space for everyone to do what they want with.
How many times are you going to extend and hack away at IPv4, claiming its easier than just setting up IPv6? It is so silly. Watching this circus is getting boring. Upgrade your infrastructure. Many devices that can't be patched to support this "ezip" nonsense don't support IPv6 either, so I see the "legacy devices" argument as moot either way.
Joshua Mallad wrote:
I am growing extremely frustrated by the lack of available internet address space.
Then, let's have NAT with 32bit port numbers.
How many times are you going to extend and hack away at IPv4,
Perhaps, only once, which means NAT. Anyway, it is a lot less than hacks to try to have IPv6 with IPv4. Masataka Ohta
Christopher Morrow <morrowc.lists@gmail.com> wrote:
I think the advice in the draft, and on the quoted page of Google cloud docs is that you can use whatever address space you want for your voc network. I think it also says that choosing poorly could make portions if the internet unreachable.
I don't see that the docs specify usage of 240/4 though.
Thank you for catching this! Draft-schoen-intarea-unicast-240 links its reference [VPC] to: https://cloud.google.com/vpc/docs/vpc#valid-ranges As late as March 18, 2022, that page included a table of "Valid ranges" that include "240.0.0.0/4", which you can see in the Internet Archive's "Wayback Machine" copy of the page: http://web.archive.org/web/20220318080636/https://cloud.google.com/vpc/docs/... A subnet's primary and secondary IP address ranges are regional internal IP addresses. The following table describes valid ranges. ... 240.0.0.0/4 Reserved for future use (Class E) as noted in RFC 5735 and RFC 1112. Some operating systems do not support the use of this range, so verify that your OS supports it before creating subnets that use this range. However, as of March 20, Google moved that table into a subsidiary page, the "Subnets overview", which is now linked from the original page: http://web.archive.org/web/20220320031522/https://cloud.google.com/vpc/docs/... http://web.archive.org/web/20220328102630/https://cloud.google.com/vpc/docs/... The same information about 240/4 is there. Thanks again for the bug report! We'll update the URL in the next version of the draft. John
A traceroute from my machine to 240.1.2.3 goes through six routers at my ISP before stopping (probably at the first default-route-free router).
My experience is the opposite. My home edge router (dd-wrt) will pass it, but nothing in my ISP's network will. $DayJob networks aren't worth checking, as I know I have 224/3 bogonized. I'd be curious to see the data you guys have collected on what it has been confirmed to work on if that's available somewhere. ( More for curiosity's sake ; I still think that making 224/3 universally available isn't worth the effort it would take to make it happen. ) On Sat, Mar 26, 2022 at 9:42 PM John Gilmore <gnu@toad.com> wrote:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect
While Mr. Chen may have considered that, he has repeatedly hand waved
Tom Beecher <beecher@beecher.cc> wrote: that
it's 'not that big a deal.', so I don't think he adequately grasps the scale of that challenge.
From multiple years of patching and testing, the IPv4 Unicast Extensions Project knows that 240/4 ALREADY WORKS in a large fraction of the Internet. Including all the Linux servers and desktops, all the Android phones and tablets, all the MacOS machines, all the iOS phones, many of the home wifi gateways. All the Ethernet switches. And some less popular stuff like routers from Cisco, Juniper, and OpenWRT. Most of these started working A DECADE AGO. If others grasp the scale of the challenge better than we do, I'm happy to learn from them.
A traceroute from my machine to 240.1.2.3 goes through six routers at my ISP before stopping (probably at the first default-route-free router).
Today Google is documenting to its cloud customers that they should use 240/4 for internal networks. (Read draft-schoen-intarea-unicast-240 for the citation.) We have received inquiries from two other huge Internet companies, which are investigating or already using 240/4 as private IPv4 address space.
In short, we are actually making it work, and writing a spec for what already works. Our detractors are arguing: not that it doesn't work, but that we should instead seek to accomplish somebody else's goals.
John
PS: Mr. Abraham Chen's effort is not related to ours. Our drafts are agnostic about what 240/4 should be used for after we enable it as ordinary unicast. His EzIP overlay network effort is one that I don't fully understand. What I do understand is that since his effort uses 240/4 addresses as the outer addresses in IPv4 packets, it couldn't work without reaching our goal first: allowing any site on the Internet to send unicast packets to or from 240.0.0.1 and having them arrive.
Tom Beecher <beecher@beecher.cc> wrote:
I'd be curious to see the data you guys have collected on what it has been confirmed to work on if that's available somewhere.
The Implementation Status of unicast 240/4 is in the Appendix of our draft: https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-240/ Enjoy -- it's a long list. In addition to what's in the published draft, some research that I did last night also determined that 240/4 as unicast was released in Fedora 9 in May 2008, and in Ubuntu 8.10 in October 2008. John
On Wed, 30 Mar 2022 04:47:08 -0700 John Gilmore <gnu@toad.com> wrote:
https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-240/
The draft touches on IANA considerations, but this seems inadequate to make any more progress and gain wider acceptance. It seems to me there has been compelling arguments made about the ability to rx, tx, and relay packets with these addresses, but the real challenge remains, how should they be allocated? The document should probably request that they be changed from reserved to experimental explicitly. Suggesting the IETF/IANA just figure out what to do with them later seems unsatisfying. Perhaps the equivalent of an IAB-style workshop report or position paper that goes into potential allocation choices and effects in detail is worthwhile? I'd imagine you'd get lots of interesting presentations on a possible allocation strategies and challenges if you decide to organize something like this. I'd like to see some options for the IANA/IETF. Let's see someone dissect what if anything RIRs should get and what the effect of different policies for the new blocks might be. Let's hear about some interesting new special-use ideas. I'd love to see someone suggest a spectrum-like auction to the highest bidder and get doused with rotten fruit... etc :-) John
Dear John: 0) The below message just popped up in my InBox. And, it appears that there has not been any follow-up comments. 1) How about have a look at our work, (URL below), in case you have not come across? We propose a very specific way of making use of the 240/4 netblock. There are a couple manifestations from this approach that will enhance the Internet operations. In a sense, EzIP is a ready-to-go example that will benefit from the "IPv4 Unicast Extensions Project" efforts that Mr. Gilmore was referring to. https://datatracker.ietf.org/doc/html/draft-chen-ati-adaptive-ipv4-address-s... Your comments and thoughts will be much appreciated. Regards, Abe (2022-05-25 11:07) On 2022-03-30 19:26, John Kristoff wrote:
On Wed, 30 Mar 2022 04:47:08 -0700 John Gilmore <gnu@toad.com> wrote:
https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-240/ The draft touches on IANA considerations, but this seems inadequate to make any more progress and gain wider acceptance. It seems to me there has been compelling arguments made about the ability to rx, tx, and relay packets with these addresses, but the real challenge remains, how should they be allocated? The document should probably request that they be changed from reserved to experimental explicitly. Suggesting the IETF/IANA just figure out what to do with them later seems unsatisfying. Perhaps the equivalent of an IAB-style workshop report or position paper that goes into potential allocation choices and effects in detail is worthwhile? I'd imagine you'd get lots of interesting presentations on a possible allocation strategies and challenges if you decide to organize something like this. I'd like to see some options for the IANA/IETF. Let's see someone dissect what if anything RIRs should get and what the effect of different policies for the new blocks might be. Let's hear about some interesting new special-use ideas. I'd love to see someone suggest a spectrum-like auction to the highest bidder and get doused with rotten fruit... etc :-) John
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
On Mar 26, 2022, at 09:37 , Tom Beecher <beecher@beecher.cc> wrote:
Have you ever considered that this may be in fact:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect
While Mr. Chen may have considered that, he has repeatedly hand waved that it's 'not that big a deal.', so I don't think he adequately grasps the scale of that challenge.
It’s certainly clear that he does not understand that in terms of cost-benefit ratio, the benefit of deploying his idea divided by the cost is a significantly lower number (in my estimation) than the much larger benefit of deploying IPv6 divided by the rather limited remaining costs involved in doing so. Owen
On Sat, Mar 26, 2022 at 9:53 AM Paul Rolland <rol@witbe.net <mailto:rol@witbe.net>> wrote: Hello,
On Sat, 26 Mar 2022 09:35:30 -0400 "Abraham Y. Chen" <aychen@avinta.com <mailto:aychen@avinta.com>> wrote:
touching the hardware, by implementing the EzIP technique (*/disabling/* the program code that has been */disabling/* the use of the 240/4 netblock), an existing CG-NAT module becomes a RAN! As to universal
Have you ever considered that this may be in fact:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect
Paul
Hi, Paul: 1) " ... may be in fact: /writing/* and */deploying/* the code ... ": Having no idea why and how the 240/4 netblock became so mysteriously kept away from being used while the IPv4 was officially already on its way to "Sun Set", we started the conventional approach as you stated. It was quite frustrating since we did not have the background in networking software. One day, we came across a short program code fragment that did the function of /*disabling*/ 240/4 addressed IP packets. It is the "there exists an example" moment for us, like proofing a mathematics theorem. After all, there was no magic separating 240/4 from the rest of the IPv4 address pool to start with. It cleared our mind about this particular task. Now, we only cite this reference to challenge those software engineers who may state that using the 240/4 in their code is a lot more involved. .... Q.E.D. 😉 Regards, Abe (2022-03-26 12:37 EDT) On 2022-03-26 09:52, Paul Rolland wrote:
Hello,
On Sat, 26 Mar 2022 09:35:30 -0400 "Abraham Y. Chen"<aychen@avinta.com> wrote:
touching the hardware, by implementing the EzIP technique (*/disabling/* the program code that has been */disabling/* the use of the 240/4 netblock), an existing CG-NAT module becomes a RAN! As to universal Have you ever considered that this may be in fact:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect
Paul
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
It was quite frustrating since we did not have the background in networking software
You clearly still do not, if you sincerely believe that commenting out a single function in every vendor software implementation is all that it would take. No need to respond ; I will be filtering all future messages from you to /dev/null . Good luck with your efforts. On Sat, Mar 26, 2022 at 12:42 PM Abraham Y. Chen <aychen@avinta.com> wrote:
Hi, Paul:
1) " ... may be in fact: /writing/* and */deploying/* the code ... ": Having no idea why and how the 240/4 netblock became so mysteriously kept away from being used while the IPv4 was officially already on its way to "Sun Set", we started the conventional approach as you stated. It was quite frustrating since we did not have the background in networking software. One day, we came across a short program code fragment that did the function of *disabling* 240/4 addressed IP packets. It is the "there exists an example" moment for us, like proofing a mathematics theorem. After all, there was no magic separating 240/4 from the rest of the IPv4 address pool to start with. It cleared our mind about this particular task. Now, we only cite this reference to challenge those software engineers who may state that using the 240/4 in their code is a lot more involved. .... Q.E.D. 😉
Regards,
Abe (2022-03-26 12:37 EDT)
On 2022-03-26 09:52, Paul Rolland wrote:
Hello,
On Sat, 26 Mar 2022 09:35:30 -0400 "Abraham Y. Chen" <aychen@avinta.com> <aychen@avinta.com> wrote:
touching the hardware, by implementing the EzIP technique (*/disabling/* the program code that has been */disabling/* the use of the 240/4 netblock), an existing CG-NAT module becomes a RAN! As to universal
Have you ever considered that this may be in fact:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect
Paul
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon> Virus-free. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link> <#m_-7532339818749475379_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
Just because there is a small code snippet you found that prevents casting 240/4 as unicast on an interface doesn’t mean that removing that code will magically make 240/4 usable in the entire stack. It’s also important to note that there are at least a dozen IPv4 stacks in common use with differing code implementations and underlying assumptions baked into the code in various places. Your Q.E.D. is, in fact, a demonstration of the fact that you are still lack some background and experience in networking software. The code you found may just be a safety valve to prevent the user from doing something stupid that will have undefined consequences down the line if executed. What you appear to have found is, quite likely, the equivalent of a buffer bounds check on input. Removing the check doesn’t inherently make the buffer infinite. Owen
On Mar 26, 2022, at 09:38 , Abraham Y. Chen <aychen@avinta.com> wrote:
Hi, Paul:
1) " ... may be in fact: /writing/* and */deploying/* the code ... ": Having no idea why and how the 240/4 netblock became so mysteriously kept away from being used while the IPv4 was officially already on its way to "Sun Set", we started the conventional approach as you stated. It was quite frustrating since we did not have the background in networking software. One day, we came across a short program code fragment that did the function of disabling 240/4 addressed IP packets. It is the "there exists an example" moment for us, like proofing a mathematics theorem. After all, there was no magic separating 240/4 from the rest of the IPv4 address pool to start with. It cleared our mind about this particular task. Now, we only cite this reference to challenge those software engineers who may state that using the 240/4 in their code is a lot more involved. .... Q.E.D. 😉
Regards,
Abe (2022-03-26 12:37 EDT)
On 2022-03-26 09:52, Paul Rolland wrote:
Hello,
On Sat, 26 Mar 2022 09:35:30 -0400 "Abraham Y. Chen" <aychen@avinta.com> <mailto:aychen@avinta.com> wrote:
touching the hardware, by implementing the EzIP technique (*/disabling/* the program code that has been */disabling/* the use of the 240/4 netblock), an existing CG-NAT module becomes a RAN! As to universal Have you ever considered that this may be in fact:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect
Paul
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon> Virus-free. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link> <x-msg://41/#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
Owen DeLong via NANOG writes:
Just because there is a small code snippet you found that prevents casting 240/4 as unicast on an interface doesn’t mean that removing that code will magically make 240/4 usable in the entire stack.
[...]
The code you found may just be a safety valve to prevent the user from doing something stupid that will have undefined consequences down the line if executed. What you appear to have found is, quite likely, the equivalent of a buffer bounds check on input. Removing the check doesn’t inherently make the buffer infinite.
We've found remarkably few other places in Unix userspace that made assumptions that would forbid the use of 240/4. When we do find such a thing, we propose a patch for that too. Obviously, this can't prove that there is no application left that treats 240/4 specially somehow. Here is one! # Refuse reserved peer addresses in userspace. import socket import sys s = socket.socket() s.bind(("0.0.0.0", int(sys.argv[1]))) s.listen() conn, addr = s.accept() if socket.inet_aton(addr[0])[0] >= 240: conn.close() raise ValueError("Reserved peer address {}".format(addr[0])) conn.send(b"Hello, world!\n") conn.close() As long as people are running that application, their systems won't be fully compatible with use of 240/4. However, I haven't seen documentation that specifically encourages network developers to do this kind of check for themselves (instead, it's usually left to the OS). I would be surprised if it were common in userspace anywhere. The way we will find out about these issues (and to some extent the way we have been finding out about them already) is by running networks that use these addresses with already-patched OSes, and seeing what works or doesn't work. I've noted in several talks that you can easily try this for yourself if you run a wifi network that gives out internal addresses in 240/4 and NATs them. You can actually use this for day-to-day work -- if you're not on Windows -- and gain more experience and data about any possible problems. There _are_ somewhat more often special cases in dynamic routing, (to a lesser extent) autoconfiguration tools, and dedicated routers. However, those we've seen and fixed have also represented tiny code changes within those tools.
It’s also important to note that there are at least a dozen IPv4 stacks in common use with differing code implementations and underlying assumptions baked into the code in various places.
Yes, for example I found a printer that was unhappy with 240/4. Although I'm confident that the software changes needed are also tiny, it may be difficult to get the vendor to issue them officially. It's too bad that we couldn't officially agree back in 2008 to ask the printer vendor, or its embedded OS developer, to make those changes then. If it gets to be 2036 and we've had 14 more years of printers being manufactured with this behavior, that will be unfortunate, too.
Paul Rolland wrote:
Hello,
On Sat, 26 Mar 2022 09:35:30 -0400 "Abraham Y. Chen" <aychen@avinta.com> wrote:
touching the hardware, by implementing the EzIP technique (*/disabling/* the program code that has been */disabling/* the use of the 240/4 netblock), an existing CG-NAT module becomes a RAN! As to universal Have you ever considered that this may be in fact:
*/writing/* and */deploying/* the code that will allow the use of 240/4 the way you expect
Paul
While we cant really know, the odds are strong that there are only a few lines in any particular product that need to be removed or reworked. Its a safe expectation that its a trivial change, as far as changes go. The bigger hurdle is deployment. All 240/4 discussions have usually opined that: There is every expectation that if 240/4 reserved distinction is removed that any particular product still being updated would likely have such a change incorporated as part of its normal update process. And that all non supported products that would not get such a change would over time fade away to become a very distinct minority, as they do normally. There is strong evidence that this is an accurate prediction, as even without the removal of reserved status, mere public discussion and debate over the matter has been sufficient that today a large amount of that change has actually occurred, organically so to speak. If IPv6 would have had such a migration strategy it would have been over already. Joe
On Mar 26, 2022, at 06:35 , Abraham Y. Chen <aychen@avinta.com> wrote:
Hi, Owen:
0) Re: Ur. Pt. 2): This topic is such a tongue-twister. Let's put it aside for now, until I can properly convey the EzIP concept and scheme to you.
00) Re: Ur. Pt. 4): Okay, I was concerned about how to decipher this cryptic exchange. So let's put it aside as well.
1) Re: Ur. Pt. 1): Yes, you are correct that the EzIP network architecture looks like that of CG-NAT. In fact, it is exactly the same. This is actually the beauty of the EzIP solution. That is, without touching the hardware, by implementing the EzIP technique (disabling the program code that has been disabling the use of the 240/4 netblock), an existing CG-NAT module becomes a RAN! As to universal peer-to-peer, where is any of such today? On the other hand, upon fully implemented the EzIP proposal (the second phase: making use of the Option Word in RFC791), an IoT in one RAN can directly reach a second IoT in another RAN world-wide. So that the original promise of the Internet will be finally fulfilled and for the long haul.
The fact that we gave up universal peer to peer in the name of survival until we could deploy a protocol with enough addresses doesn’t mean that giving it up is a good long term solution. To me, the goal is to get away from address scarcity as quickly as possible. IPv6 does that. EzIP doesn’t. I have no desire to support prolonging the misery that has existed since NAT became popular. I view it as a disability to the internet and IPv6 eliminates that disability. EzIP arguably makes it even worse. So, what you call beauty is, IMHO, damage.
2) Re: Ur. Pt. 3): Similarly, you probably only recognized the part that EzIP proposes to classify the 240/4 netblock as the fourth private address in RFC1918, but overlooked that such capacity will enable a RAN to cover a geographic area as big as Tokyo Metro, or 75% of smaller countries around the world, even before utilizing the conventional three private netblocks. This puts 240/4 into a different league from the other three conventional private netblocks, although all four have basically the same technical characteristics. Now, visualizing each RAN is tethered from the existing Internet core by one umbilical cord (one IPv4 address), it appears like a private network. So that each RAN can provide Internet services by utilizing existing technologies, while avoiding those undesired. Combining these RANs around the world, an overlay layer of routers (SPRs) can operate in parallel to the current Internet. Under such a configuration, the latter no long is involved with daily local activities, but only carries inter-RAN traffic, very much like the division between national and international telephone networks. This creates quite a different operation landscape. Please have a look at slide # 11 of the below whitepaper for a rough breakdown of the available addresses under the EzIP scheme. Furthermore, if used diligently, (treating IP address as "natural resources" instead of "personal properties"), the assignable "EzIP addresses" can last quite awhile.
I didn’t overlook it, I routed around it as damage in the truest of internet traditions. Geographical-based addressing hierarchies have been proposed before. They have a long history of failing in the face of actual topology and actual operational concerns. This doesn’t look significantly different to me. It’s yet another entirely bad idea which serves only to prolong the IPv4 misery while diverting resources from useful work to enable the deprecation of IPv4 as the lingua franca of the internet backbone.
https://www.avinta.com/phoenix-1/home/EzIPenhancedInternet.pdf <https://www.avinta.com/phoenix-1/home/EzIPenhancedInternet.pdf>
3) Re: Ur. Pts. 5) & 6): I believe that there is a philosophic / logic baseline that we need to sort out, first. That is, we must keep in mind that the Internet community strongly promotes "personal freedom". Assuming that by stopping others from working on IPv4 will shift their energy to IPv6 is totally contradicting such a principle. A project attracts contributors by its own merits, not by relying on artificial barriers to the competitions. Based on my best understanding, IPv6 failed right after the decision of "not emphasizing the backward compatibility with IPv4". It broke one of the golden rules in the system engineering discipline. After nearly three decades, still evading such fact, but defusing IPv6 issues by various tactics is the real impedance to progress, not only to IPv4 but also to IPv6.
I’m not stopping anyone from anything. I’m stating that I believe resources would be better spent deploying IPv6 than being wasted on this project. Anyone who disagrees with me is, of course, free to waste their resources however they see fit. In terms of backwards compatibility, there’s absolutely no way to do it. It’s mathematically impossible to squeeze a 128 bit address into a 32 bit field. Every system needed to be upgraded to handle 128 bit addresses at the OS, application, and all other layers of software. Routers needed upgrades to hardware for fast switching as well. That was inevitable in any increase in the address space. Claiming that IPv6 failed because of this “decision” is pretending that there was a decision to be made which presumes an alternative existed. The only way this could be achieved would be to abandon the end-to-end principle and permanently consign the internet to a fate involving widespread NAT. I’m very glad that decision was deemed unacceptable and I still believe it to be the right one. Owen
Regards,
Abe (2022-03-26 09:35 EDT)
On 2022-03-25 22:17, Owen DeLong wrote:
On Mar 25, 2022, at 18:47 , Abraham Y. Chen <aychen@avinta.com <mailto:aychen@avinta.com>> wrote:
****** Resend to go through NANOG ******
On 2022-03-25 12:24, Abraham Y. Chen wrote:
Dear Owen:
0) You rapid fired a few posts in succession yesterday. Some are interesting and crucial views that I would like to follow-up on. I will start from quoting the earlier ones. I hope that I am picking up the correct leads.
1) " ... 240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4. ... ": Perhaps you have not bothered to scan through a two page whitepaper (URL below, again) that I submitted a week or so ago? It promises simple implementation and significant increase of assignable IPv4 addresses, even extendable to the similar size of IPv6 if we could forgo our mentality about the IP addresses as "Personal Properties", by switching to treat them as "Natural Resources".
https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf <https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf>
It still looks like NAT to me.
NAT is a disgusting hack and destroys the universal peer to peer nature of the internet in favor of a consumer/provider model.
Your proposal perpetuates that problem.
2) " ... so that content providers can start turning off v4 where it’s costing them money to support it. .... " & "... Content providers turning off v4 face competition from content providers that don’t. ... ": These two statements appeared to come from two separate posting of yours. They seemed to be contradicting each other. Did I misread somehow?
No, it is not contradictory at all…
Content providers that have deployed IPv6 are eager to turn off IPv4 as soon as it won’t lose them customers. They are worried about losing customers because competition exists that might not turn off IPv4 at the same time they do. Thus, there is a need for customers to be IPv6 deployed before content providers can start turning off IPv4. Thus, the persistence of IPv4 in clients, especially enterprises, is costing content providers money.
Now from the last post below:
3) " ... 240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4.... ": Please see information provided by Pt. 1) above.
OK, so you want to extend RFC-1918 instead… Arguably even more worthless than reclassifying it as GUA. While it’s true that some very large deployments are short of RFC-1918 space, the reality is that the real shortage is in the GUA realm.
4) " ... I think it should be reclassified from never going to be used into some part of the internet might actually do something with it. Its important that happens now, better late then never ... Please feel free to use it for router IDs in BGP and/or OSPF area numbers. :p ... ": I am in full agreement with you. Our proposal is the solution in Pt. 1) above.
That’s not me. That’s Joe Maimon IIRC. My part was “Pleas feel free to use it for router IDs in BGP and/or OSPF area numbers. :p.
It was mostly a snarky comment since neither BGP Router IDs nor OSPF Area numbers are actually IP addresses.
5) " ... if we continue to waste effort that is better spent deploying IPv6 on bandaids and hacks to make v4 last just a little longer, .... ": This is not a productive opinion. Please do not forget that the Internet heavily promotes personal freedom. One can not force others to do something that they do not believe in. Stopping them from doing one thing does not automatically make them to do what you like. A project must have its own merits that attract contribution. The failure of the IPv6 actually started from when a decision was made to the effect of "not to emphasize backward compatibility with IPv4" which broke one of the golden rules in system engineering. Not recognizing such and focusing to find a way for remedying it, but continuing to force others to migrate to IPv6 camp with various tactics does not foster progress.
We can agree to disagree about that… I think trying to continue to support IPv4 is not a productive opinion.
6) " ... The problem is that we’re not talking about parallel experiments. ... ": EzIP is a parallel experiment to the current Internet (not only IPv4, but also IPv6) operations, because its overlay architecture on the latter demarcates everything happening on it from the Internet. As long as packets exchanged between the two conform to the established Internet protocols, an EzIP deployment (called RAN - Regional Area Network) will appear as innocent as an ordinary private network.
Again, I disagree… You left out the relevant part of my quote where I stated that resources spent developing this mechanism are better used deploying IPv6.
Owen
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon> Virus-free. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link> <x-msg://39/#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
Owen DeLong via NANOG wrote:
It still looks like NAT to me.
Almost all the people, perhaps other than you, accept NAT as is to keep IPv4 Internet or as part of transition plan from IPv4 to IPv6.
NAT is a disgusting hack and destroys the universal peer to peer nature of the internet in favor of a consumer/provider model.
As I repeatedly pointed out, end to end NAT is clean preserving the universal peer to peer nature of the Internet. https://datatracker.ietf.org/doc/html/draft-ohta-e2e-nat-00 The basic idea is to let NAT boxes perform address translations only without adjusting check sums or translating ports and to let end systems perform reverse address translations, which restores correct check sums, and port number restrictions. Masataka Ohta
On Mar 26, 2022, at 8:30 PM, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
Owen DeLong via NANOG wrote:
It still looks like NAT to me.
Almost all the people, perhaps other than you, accept NAT as is to keep IPv4 Internet or as part of transition plan from IPv4 to IPv6.
NAT is a disgusting hack and destroys the universal peer to peer nature of the internet in favor of a consumer/provider model.
As I repeatedly pointed out, end to end NAT is clean preserving the universal peer to peer nature of the Internet.
https://datatracker.ietf.org/doc/html/draft-ohta-e2e-nat-00
The basic idea is to let NAT boxes perform address translations only without adjusting check sums or translating ports and to let end systems perform reverse address translations, which restores correct check sums, and port number restrictions.
Masataka Ohta
I have yet to find an economical way to manage a business merger involving two large rfc1918 networks where end to end peering is required and which partially or fully overlap. Ignoring short-sighted financial management views, the best long term solution is globally unique IPv6 addressing wherever possible. Local islands of IPv4 gatewayed or NATted with local management continue to be possible.
james.cutler@consultant.com wrote:
On Mar 26, 2022, at 8:30 PM, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
Owen DeLong via NANOG wrote:
It still looks like NAT to me. Almost all the people, perhaps other than you, accept NAT as is to keep IPv4 Internet or as part of transition plan from IPv4 to IPv6.
NAT is a disgusting hack and destroys the universal peer to peer nature of the internet in favor of a consumer/provider model. As I repeatedly pointed out, end to end NAT is clean preserving the universal peer to peer nature of the Internet.
https://datatracker.ietf.org/doc/html/draft-ohta-e2e-nat-00
The basic idea is to let NAT boxes perform address translations only without adjusting check sums or translating ports and to let end systems perform reverse address translations, which restores correct check sums, and port number restrictions.
Masataka Ohta I have yet to find an economical way to manage a business merger involving two large rfc1918 networks where end to end peering is required and which partially or fully overlap. Ignoring short-sighted financial management views, the best long term solution is globally unique IPv6 addressing wherever possible. Local islands of IPv4 gatewayed or NATted with local management continue to be possible.
In other words, once its merger time, IPv6 fixes nothing. Can one really incentivize an enterprise to standardize on IPv6 on the basis of it will make a future merger much more economical? And this is well before any such prospect usually exists. Is there any activity that enterprises choose to engage in on that basis? Joe
james.cutler@consultant.com wrote:
I have yet to find an economical way to manage a business merger involving two large rfc1918 networks where end to end peering is required and which partially or fully overlap.
As you mention "overlap", you should mean business merger implies network and office merger, which causes relocation of a office, which, in general, requires provider change and renumbering of globally unique addresses, unless you own /24.
Ignoring short-sighted financial management views, the best long term solution is globally unique IPv6 addressing wherever possible.
See above. Or, if you mean network merger remotely with VPN, small number of hosts requiring E2E transparency may be renumbered, but it is not so painful. Masataka Ohta
On Mar 27, 2022, at 5:00 AM, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
james.cutler@consultant.com wrote:
I have yet to find an economical way to manage a business merger involving two large rfc1918 networks where end to end peering is required and which partially or fully overlap.
As you mention "overlap", you should mean business merger implies network and office merger, which causes relocation of a office,
Overlap here refers to network address space address space, a fundamental part of this discussion. Formerly separate networks containing separately managed rfc1918 spaces are prone to overlap require ingenious solutions for end-to-end traffic without renumbering. Mergers do not cause relocation of an office, which is not germane to this discussion.
which, in general, requires provider change and renumbering of globally unique addresses, unless you own /24.
Moot since we are not discussing office moves. However, renumbering to global IPv6 addressing allows easy coexistence with the global Internet
Ignoring short-sighted financial management views, the best long term solution is globally unique IPv6 addressing wherever possible.
See above.
See previous.
Or, if you mean network merger remotely with VPN, small number of hosts requiring E2E transparency may be renumbered, but it is not so painful.
Nobody mentioned VPN or limiting the number of hosts requiring E2E. “not so painful” is not meaningful metric in this discussion.
Masataka Ohta
james.cutler@consultant.com wrote:
Overlap here refers to network address space address space, a fundamental part of this discussion. Formerly separate networks containing separately managed rfc1918 spaces are prone to overlap require ingenious solutions for end-to-end traffic without renumbering.
If you are not satisfied with static punch holing and require to use many connections with fully dynamically generated port numbers by end systems, then, as I wrote: : The basic idea is to let NAT boxes perform address translations : only without adjusting check sums or translating ports and : to let end systems perform reverse address translations, : which restores correct check sums, and port number ^^^^^^^^^^^ : restrictions. ^^^^^^^^^^^^^ end to end NAT is your solution, because a locally provided port number combined with a globally unique address is a globally unique identifier at the transport layer.
Mergers do not cause relocation of an office, which is not germane to this discussion.
As mergers often cause office mergers, which imply relocations, it is your fault to have failed to clarity details.
Or, if you mean network merger remotely with VPN, small number of hosts requiring E2E transparency may be renumbered, but it is not so painful.
Nobody mentioned VPN or limiting the number of hosts requiring E2E.
It is also your fault not to have considered VPN at all, even though VPN could reduce renumbering efforts a lot.
"not so painful" is not meaningful metric in this discussion.
Then, IPv6 is just painful. PERIOD. Masataka Ohta
According to james.cutler@consultant.com <james.cutler@consultant.com>:
which, in general, requires provider change and renumbering of globally unique addresses, unless you own /24.
Moot since we are not discussing office moves. However, renumbering to global IPv6 addressing allows easy coexistence with the global Internet
Alternatively, if you have network addresses that you want to be sure don't leak to the global Internet, ULAs work well, too. If you pay attention to RFC 4193 and select your Global ID randomly, when you merge two networks there is no meaningful chance that the ULAs will overlap. -- Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
On Mar 26, 2022, at 17:30 , Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
Owen DeLong via NANOG wrote:
It still looks like NAT to me.
Almost all the people, perhaps other than you, accept NAT as is to keep IPv4 Internet or as part of transition plan from IPv4 to IPv6.
NAT is a disgusting hack and destroys the universal peer to peer nature of the internet in favor of a consumer/provider model.
As I repeatedly pointed out, end to end NAT is clean preserving the universal peer to peer nature of the Internet.
Nope… It really isn’t. The problem of audit trail opacity is still a major issue with any form of stateful NAT. Owen
Owen DeLong wrote:
As I repeatedly pointed out, end to end NAT is clean preserving the universal peer to peer nature of the Internet.
Nope… It really isn’t.
Wrong.
The problem of audit trail opacity is still a major issue with any form of stateful NAT.
How poorly you understand NAT. As I wrote in my draft: Depending on how port numbers are shared, there are static and dynamic E2ENAT or combinations of them. With static E2ENAT, an end host is assigned port numbers statically, which is necessary for a server with a stable IP address and a port number. static E2ENAT is not, with your questionable terminology, stateful. It is even possible to construct legacy NAT which dynamically, thus statefully, assign ports only from some static range, which does not need state maintenance, for each private IP address. Masataka Ohta
On Mar 29, 2022, at 17:51 , Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
Owen DeLong wrote:
As I repeatedly pointed out, end to end NAT is clean preserving the universal peer to peer nature of the Internet. Nope… It really isn’t.
Wrong.
The problem of audit trail opacity is still a major issue with any form of stateful NAT.
How poorly you understand NAT.
As I wrote in my draft:
Depending on how port numbers are shared, there are static and dynamic E2ENAT or combinations of them. With static E2ENAT, an end host is assigned port numbers statically, which is necessary for a server with a stable IP address and a port number.
static E2ENAT is not, with your questionable terminology, stateful.
It is even possible to construct legacy NAT which dynamically, thus statefully, assign ports only from some static range, which does not need state maintenance, for each private IP address.
Masataka Ohta
It still suffers from a certain amount of opacity across administrative domains. Owen
Owen DeLong wrote:
It still suffers from a certain amount of opacity across administrative domains.
So, if an IPv6 prefix is assigned to an apartment building and the building has no logging mechanism on how addresses are used within the building, the problem of audit trail opacity is suffered. Thank you very much to have proven IPv6 useless. Masataka Ohta
On Mar 31, 2022, at 20:51, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
Owen DeLong wrote:
It still suffers from a certain amount of opacity across administrative domains.
So, if an IPv6 prefix is assigned to an apartment building and the building has no logging mechanism on how addresses are used within the building, the problem of audit trail opacity is suffered.
Thank you very much to have proven IPv6 useless.
Masataka Ohta
No, the problem of address correlation to end user may still exist, but the address Is transparent. The address in log files at the apartment complex matches the address In log files at intervening networks matches the address in log files at the victim network. Obviously, if the apartment complex has no log files, then yes, it remains relatively useless In your one contrived corner case… That not being the more general and widely deployed Case, I think that calling that proof that IPv6 is worthless proves more about your inane Bias than anything else. Owen
Owen DeLong wrote:
It still suffers from a certain amount of opacity across administrative domains.
is the corner case.
Obviously, if the apartment complex has no log files, then yes, it remains relatively useless
It is completely useless for the opacity required by police.
In your one contrived corner case
That's your problem. Masataka Ohta
On 3/31/22 9:26 PM, Owen DeLong via NANOG wrote:
On Mar 31, 2022, at 20:51, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
Owen DeLong wrote:
It still suffers from a certain amount of opacity across administrative domains. So, if an IPv6 prefix is assigned to an apartment building and the building has no logging mechanism on how addresses are used within the building, the problem of audit trail opacity is suffered.
Thank you very much to have proven IPv6 useless.
Masataka Ohta
No, the problem of address correlation to end user may still exist, but the address Is transparent. The address in log files at the apartment complex matches the address In log files at intervening networks matches the address in log files at the victim network.
Obviously, if the apartment complex has no log files, then yes, it remains relatively useless In your one contrived corner case… That not being the more general and widely deployed Case, I think that calling that proof that IPv6 is worthless proves more about your inane Bias than anything else.
It's really quite something to see 30 year old grudges and foot stamping all because something in the distant past didn't happen in their preferred way. It's nearly impossible to even know what the preferred way actually was because, you know, grudge. I started a thread on what that might be and it was singularly uninformative about what they consider wrong. I'm going to go on a limb and say that an apartment building not logging something sinking 30 years of work and deployment is a little, um, yeah. Mike
On Mar 31, 2022, at 11:51 PM, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
Owen DeLong wrote:
It still suffers from a certain amount of opacity across administrative domains.
So, if an IPv6 prefix is assigned to an apartment building and the building has no logging mechanism on how addresses are used within the building, the problem of audit trail opacity is suffered.
Thank you very much to have proven IPv6 useless.
Masataka Ohta
You appear to attribute to IPv6 a problem due to building management. Please explain how IPv6 is “useless” by some other measure that that of building management errors.
************* Resend to go through NANOG ******** On 2022-03-25 12:24, Abraham Y. Chen wrote:
Dear Owen:
0) You rapid fired a few posts in succession yesterday. Some are interesting and crucial views that I would like to follow-up on. I will start from quoting the earlier ones. I hope that I am picking up the correct leads.
1) " ... 240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4. ... ": Perhaps you have not bothered to scan through a two page whitepaper (URL below, again) that I submitted a week or so ago? It promises simple implementation and significant increase of assignable IPv4 addresses, even extendable to the similar size of IPv6 if we could forgo our mentality about the IP addresses as "Personal Properties", by switching to treat them as "Natural Resources".
https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf
2) " ... so that content providers can start turning off v4 where it’s costing them money to support it. .... " & "... Content providers turning off v4 face competition from content providers that don’t. ... ": These two statements appeared to come from two separate posting of yours. They seemed to be contradicting each other. Did I misread somehow?
Now from the last post below:
3) " ... 240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4.... ": Please see information provided by Pt. 1) above.
4) " ... I think it should be reclassified from never going to be used into some part of the internet might actually do something with it. Its important that happens now, better late then never ... Please feel free to use it for router IDs in BGP and/or OSPF area numbers. :p ... ": I am in full agreement with you. Our proposal is the solution in Pt. 1) above.
5) " ... if we continue to waste effort that is better spent deploying IPv6 on bandaids and hacks to make v4 last just a little longer, .... ": This is not a productive opinion. Please do not forget that the Internet heavily promotes personal freedom. One can not force others to do something that they do not believe in. Stopping them from doing one thing does not automatically make them to do what you like. A project must have its own merits that attract contribution. The failure of the IPv6 actually started from when a decision was made to the effect of "not to emphasize backward compatibility with IPv4" which broke one of the golden rules in system engineering. Not recognizing such and focusing to find a way for remedying it, but continuing to force others to migrate to IPv6 camp with various tactics does not foster progress.
6) " ... The problem is that we’re not talking about parallel experiments. ... ": EzIP is a parallel experiment to the current Internet (not only IPv4, but also IPv6) operations, because its overlay architecture on the latter demarcates everything happening on it from the Internet. As long as packets exchanged between the two conform to the established Internet protocols, an EzIP deployment (called RAN - Regional Area Network) will appear as innocent as an ordinary private network.
Regards,
Abe (2022-03-25 12:24)
On 2022-03-24 21:25, Owen DeLong via NANOG wrote:
On Mar 24, 2022, at 15:49, Joe Maimon<jmaimon@jmaimon.com> wrote:
Owen DeLong wrote:
On Mar 24, 2022, at 03:36 , Joe Maimon<jmaimon@jmaimon.com> wrote:
In my view that takes the form of a multi-pronged strategy.
Do what it takes to keep IPv4 as usable as possible for as long as possible. I think this isn’t so much preempting the vacuum as trying to pretend we can survive on an hour of air for 20 years.
240/4 is way more effort than its proponents want to believe and even if it were reclassified effectively as GUA, it doesn’t buy all that much life for IPv4. I think it should be reclassified from never going to be used into some part of the internet might actually do something with it. Its important that happens now, better late then never. Whether its GUA or not or a mix of whatever, whether it buys months or years will depend greatly on how its actually used if it is ever used. Please feel free to use it for router IDs in BGP and/or OSPF area numbers. :p
You may be right about not being worth it. More importantly, you may be wrong. IPv6 is replete with not only a plethora of wrong predictions, but the same ones over and over again. To be clear, the only effort asked from the unwilling is to support cutting the red tape frustrating the willing. A hearty round of knock yourself out from the right folk in the right place and time and we dont have to debate this particular point ever again. Certainly, if we continue to waste effort that is better spent deploying IPv6 on bandaids and hacks to make v4 last just a little longer, we will continue to fail and further delay IPv6 reaching a level of deployment that allows us to start turning down IPv4 and beginning to recognize the cost savings that come from moving forward.
How are we to ever find out who is right if that never happens? That alone is enough reason for me. The problem is that we’re not talking about parallel experiments. We’re talking about an optional activity which will inherently pull resources away from a necessary activity, thus delaying the necessary activity and becoming somewhat of a self-fulfilling prophecy. Hence I oppose this wasteful experiment in favor of doing what we all know eventually needs to be done.
Personally, that means that although I have long disliked proposals that keep moving to the left of the 128bit space, were I to believe it likely to increase deployment and momentum I would champion it in my own limited fashion much as I do 240/4. Not sure what you mean by “moving to the left of the 128 bit space”. That Ipv6 address allocation schemes and proposals tended to enlarge over time, using up more bits heading from right to left. Meh… I haven’t seen too much of that. I’ve been guilty of a certain amount of it, to be sure, but we’re only recently seeing the two largest RIRs start working through their second /12s even though it’s been years since I pushed for (and achieved) nibble-boundary round-ups as the norm in the ARIN region.
I think that we’re still OK on allocation policies. What I’d like to see is an end to the IPv4-think in large ISPs, such as Comcast’s continued micro allocations to their customers.
Owen
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Owen DeLong wrote:
The goal of IPv6, IMHO, is to become the next lingua franca of the internet, eventually rendering IPv4 unnecessary except in small pockets of legacy support.
Hey Owen, Indeed, having otherwise fallen short of the mark that is what remains.
I agree that has not yet been achieved.
Its encouraging that progress and momentum continues, but there is no way to be 100% confident that IPv6 has unlimited time to obtain dominance.
It was an objective to try and reach that point prior to IPv4 address shortages caused real problems, but we pretty well missed that target when NAT started catching on.
There were still plenty of opportunities to save the day that IPv6 global deployment missed.
I would not say that IPv6 has ben and continues to be a failure so much as IPv6 has not yet achieved its goal. Yes, it failed the (optimistic) objective of achieving it’s goal prior to IPv4 shortages causing real problems, but that happened pretty quickly and pretty early in the lifespan of IPv6 thus far (I view the popularization of NAT as being the first marker of real problems in IPv4 due to address shortage).
There were more mile markers than NAT on the address shortage problem route and IPv6 failed most of those as well. Some of those happened early, some not so much and there are probably more to come. While shortage might have been the main driver of development of NAT, provider independence and abstraction was the clear motivation for end users to adopt it.
Getting IPv6 to near ubiquitous deployment in that short time would have been an impressive accomplishment if it had happened.
Owen
, 20 years ago it was not considered optimistic to expect that there would no longer be threads of this nature, it was essentially treated as heretical to imagine there might be. And there were concrete consequences to that mode of group think. Even a naysayer as myself, back in 2004 really only expected another decade or so of transition to clear dominance. I will note that a decade to make 240/4 usable was cited as a major opposition reason to it. And other ideas. Joe
On 23 Mar 2022, at 1:34 AM, Joe Maimon <jmaimon@jmaimon.com> wrote: ... Since IPv6 was born of the effort to fix the upcoming address shortage visible at the time and to prevent and alleviate the resulting negative effects, the fact that it did not and that globally v4 address shortage is still a problem is a tally of multiple years of failure.
Joe - It all depends on your measure of success; i.e. the victory conditions that one wishes to set. If the victory conditions are “has displaced the previous IP4 protocol”, then we’re certainly not there (and may never achieve at such an outcome for many decades to come…) If the victory conditions are “provide an updated IP protocol that the larger providers can use as an alternative for address their continued growth requirements”, then it is indeed a success - as proof one just has to look at major broadband and mobile network deployments that use IPv6 to enable their continued growth… (and IPv4 on many of those networks is just network application shim to a gateway service that’s present for obsolete software to use.) The fact that the majority of the network operators don’t use IPv6 is irrelevant under such victory conditions, so long as those who needed to have it due to their growth requirements have had it as a viable option. Many of the largest networks out there (service providers, cloud, social media) are running IPv6 as their primary infrastructure because they prefer the long-term economics of that architecture given their needs – so by that measure one can consider definitely a success. That doesn’t meant everyone has to run IPv6 – if your network isn’t growing that much and you’ve got enough IPv4 addresses for your needs then by all means continue to use just IPv4.. However, recognize that IPv6 deployment continues to grow, and that means there could easily be a “tipping point” sometime in your future – i.e. a point in time when your organization needs to support IPv6 because of internal or external requirements – and it’s probably best for networking engineers to be up-to-speed & comfortable with IPv6 by that point (or ready to do something else for a living) Thanks! /John
John Curran wrote:
On 23 Mar 2022, at 1:34 AM, Joe Maimon <jmaimon@jmaimon.com <mailto:jmaimon@jmaimon.com>> wrote: ... Since IPv6 was born of the effort to fix the upcoming address shortage visible at the time and to prevent and alleviate the resulting negative effects, the fact that it did not and that globally v4 address shortage is still a problem is a tally of multiple years of failure.
Joe -
It all depends on your measure of success; i.e. the victory conditions that one wishes to set.
Hi John, That is the crux of my argument.
If the victory conditions are “has displaced the previous IP4 protocol”, then we’re certainly not there (and may never achieve at such an outcome for many decades to come…)
If the victory conditions are “provide an updated IP protocol that the larger providers can use as an alternative for address their continued growth requirements”, then it is indeed a success - as proof one just has to look at major broadband and mobile network deployments that use IPv6 to enable their continued growth… (and IPv4 on many of those networks is just network application shim to a gateway service that’s present for obsolete software to use.)
I define the victory as avoiding the occurrence of the inevitable constraints that v4 shortage was going to have. I also include the negative effects and avoidable investment of time, effort and capex into CGN and the like in to what IPv6 was intended to avoid. Perhaps a better statement of the failure is that the IPv6 deployment failed in its original objective to alleviate IPv4 address shortage before the effects became widespread and significant. I think that is a least common denominator we can mostly all agree on.
The fact that the majority of the network operators don’t use IPv6 is irrelevant under such victory conditions, so long as those who needed to have it due to their growth requirements have had it as a viable option. Many of the largest networks out there (service providers, cloud, social media) are running IPv6 as their primary infrastructure because they prefer the long-term economics of that architecture given their needs – so by that measure one can consider definitely a success.
These are also the network operators who can use all the v4 not spent on infrastructure as well as the gobs of couch cushion v4 they have relative to their overall size to meet customer specific demand. So v6 has mostly helped the large carriers, in increasing their internal supply of v4, in optimizing their use of CGN, in cohesive infrastructure addressing. Is that an overall internet success? The end users and other network players not in similar circumstances have not benefited nearly as much. And they wont until IPv4 becomes optional. Now for many, Global IPv4 is indeed optional, we call them eyeballs and the loser here is the original concept of the end2end internet.
That doesn’t meant everyone has to run IPv6 – if your network isn’t growing that much and you’ve got enough IPv4 addresses for your needs then by all means continue to use just IPv4..
And then take the blame for why IPv6 deployment is not happening fast enough...
However, recognize that IPv6 deployment continues to grow, and that means there could easily be a “tipping point” sometime in your future – i.e. a point in time when your organization needs to support IPv6 because of internal or external requirements – and it’s probably best for networking engineers to be up-to-speed & comfortable with IPv6 by that point (or ready to do something else for a living)
Thanks! /John
Agreed and as you have pointed out, this is our continued hope. That doesnt mean victory is assured and inevitable, the longer this drags out. Always a pleasure, Joe
On 23 Mar 2022, at 3:06 PM, Joe Maimon <jmaimon@jmaimon.com> wrote:
However, recognize that IPv6 deployment continues to grow, and that means there could easily be a “tipping point” sometime in your future – i.e. a point in time when your organization needs to support IPv6 because of internal or external requirements – and it’s probably best for networking engineers to be up-to-speed & comfortable with IPv6 by that point (or ready to do something else for a living)
Thanks! /John
Agreed and as you have pointed out, this is our continued hope. That doesnt mean victory is assured and inevitable, the longer this drags out.
<chuckle> Yes, indeed - although there was a fairly large contingent that felt IPng would just suddenly take off at depletion of the IPv4 free pool if vendors pushed it, and that it’s success was assured even if IPng had no benefit over IPv4 with regard to feature parity (IPv6 AH/EH vis-a-vis IPv4 IPsec, etc.) The reality was that such sudden & rapid deployment occuring at IPv4 runout was unlikely even if we delivered a working protocol with "a straightforward transition plan from the current IPv4” – and it was even more remote without a clear, in-hand working transition strategy. When combined the near inevitable arrival of IPv4 NAT, it made for a particularly poor prognosis for IPng (when compared to IPv4 & NAT.) In 1994, during the IPng process, I penned a warning in this regard <https://www.rfc-editor.org/rfc/rfc1669.txt <https://www.rfc-editor.org/rfc/rfc1669.txt>> - No internetworking vendor (whether host, router, or service vendor) can afford to deploy and support products and services which are not desired in the marketplace. Given the potential proliferation of network address translation devices, it is not clear that IPng will secure sufficient following to attain market viability. In the past, we have seen internetworking protocols fail in the marketplace despite vendor deployment and IPng cannot succeed if it is not deployed by organizations. As currently envisioned, IPng may not be ambitious enough in the delivery of new capabilities to compete against IPv4 and the inevitable arrival of network address translation devices. In order to meet the requirement for "viability in the marketplace', IPng needs to deliver clearly improved functionality over IPv4 while offering some form transparent access between the IPv4 and IPng communities once IPv4 address depletion has occurred. About two decades later, at the time of the IPv4 central free pool runout (Feb 2011), we had neither “clearly improved functionality” nor a straightforward transition plan for "transparent access between the IPv4 and IPng communities” – I do hope I was wrong about the outlook for IPng under such conditions, but we’ll need to wait for another few decades to know for sure one way or the other. Best wishes, /John
John Curran wrote:
About two decades later, at the time of the IPv4 central free pool runout (Feb 2011), we had neither “clearly improved functionality” nor a straightforward transition plan for "transparent access between the IPv4 and IPng communities” – I do hope I was wrong about the outlook for IPng under such conditions, but we’ll need to wait for another few decades to know for sure one way or the other.
Best wishes, /John
Well just because you were right then does not mean you cant be wrong now. Let us both hope so. Best, Joe
On Mar 23, 2022, at 1:33 PM, John Curran <jcurran@istaff.org> wrote:
<chuckle> Yes, indeed - although there was a fairly large contingent that felt IPng would just suddenly take off at depletion of the IPv4 free pool if vendors pushed it, and that it?s success was assured even if IPng had no benefit over IPv4 with regard to feature parity (IPv6 AH/EH vis-a-vis IPv4 IPsec, etc.)
The reality was that such sudden & rapid deployment occuring at IPv4 runout was unlikely even if we delivered a working protocol with "a straightforward transition plan from the current IPv4? ? and it was even more remote without a clear, in-hand working transition strategy. When combined the near inevitable arrival of IPv4 NAT, it made for a particularly poor prognosis for IPng (when compared to IPv4 & NAT.)
In 1994, during the IPng process, I penned a warning in this regard <https://www.rfc-editor.org/rfc/rfc1669.txt <https://www.rfc-editor.org/rfc/rfc1669.txt>> - No internetworking vendor (whether host, router, or service vendor) can afford to deploy and support products and services which are not desired in the marketplace. Given the potential proliferation of network address translation devices, it is not clear that IPng will secure sufficient following to attain market viability. In the past, we have seen internetworking protocols fail in the marketplace despite vendor deployment and IPng cannot succeed if it is not deployed by organizations. As currently envisioned, IPng may not be ambitious enough in the delivery of new capabilities to compete against IPv4 and the inevitable arrival of network address translation devices. In order to meet the requirement for "viability in the marketplace', IPng needs to deliver clearly improved functionality over IPv4 while offering some form transparent access between the IPv4 and IPng communities once IPv4 address depletion has occurred. About two decades later, at the time of the IPv4 central free pool runout (Feb 2011), we had neither ?clearly improved functionality? nor a straightforward transition plan for "transparent access between the IPv4 and IPng communities? ? I do hope I was wrong about the outlook for IPng under such conditions, but we?ll need to wait for another few decades to know for sure one way or the other.
Best wishes, /John
I was going to post a link to your RFC but you beat me to it, lol. Not much I can add here, except to suggest that people ponder the implications of the tussle paper <https://david.choffnes.com/classes/cs4700fa14/papers/tussle.pdf> I posted a link to a few days ago. —gregbo
On 24Mar22, Greg Skinner via NANOG allegedly wrote:
straightforward transition plan
in-hand working transition strategy
nor a straightforward transition
Any such "transition plan" whether "working" or "straightforward" is logically impossible. Why anyone thinks such a mythical plan might yet be formulated some 20+ years after deploying any of ipv6, ipv4++ or ipv6-lite is absurd. The logic goes: we support legacy "do nothing" ipv4 deployments forever. We also expect those same deployments to invest significant effort, cost and risk to move off their perfectly functioning network for no self-serving benefit. There be unicorns and denial of human nature. Mark.
Mark Delany wrote:
On 24Mar22, Greg Skinner via NANOG allegedly wrote:
straightforward transition plan in-hand working transition strategy nor a straightforward transition Any such "transition plan" whether "working" or "straightforward" is logically impossible. Why anyone thinks such a mythical plan might yet be formulated some 20+ years after deploying any of ipv6, ipv4++ or ipv6-lite is absurd.
You are correct that there is no way to represent 128 bits inside of a 32 bit field without modifications. Especially past the point of early adoption when there was still a 1:1 ratio of IPv4 and IPv6 actual addressing possible. However, even transition mechanism that would have relied upon IPv4 modifications would have had a better chance of being rolled out as part of normal update cycle at this point than mass deployment of IPv6 which requires a bit more than normal update cycle.
The logic goes: we support legacy "do nothing" ipv4 deployments forever. We also expect those same deployments to invest significant effort, cost and risk to move off their perfectly functioning network for no self-serving benefit.
No surprise that hasnt happened very quickly. You have that backwards. Legacy ipv4 do-nothing deployments have absolutely no need of support. IPv6 needs their support so that non-legacy deployments of IPv4 wont need continued support.
There be unicorns and denial of human nature.
Mark.
Human nature is that deployment of a technology when the larger benefit is unrealized in the short term by the party expected to expend the costs of the deployment is unlikely to have significant widespread initial momentum and is quite likely to have lingering inability to complete a global deployment. As that is the case, efforts on both protocols are warranted. Joe
Hello Mark:
Any such "transition plan" whether "working" or "straightforward" is logically impossible. Why anyone thinks such a mythical plan might yet be formulated some 20+ years after deploying any of ipv6, ipv4++ or ipv6-lite is absurd.
This is dishonest, considering that I just proved on this very thread that such ideas existed and were published. Unless you prove me that the method I pointed at does not work. It was published exactly 20+ years ago. It does both the tricks of maintaining the IPv4 Internet as is and stateless IPversion translation for smooth transition. I've seen multiple other variations of using IP in IP at the time; none of these ideas emerged, proving more of a lack of desire than a lack of existence.
The logic goes: we support legacy "do nothing" ipv4 deployments forever. We also expect those same deployments to invest significant effort, cost and risk to move off their perfectly functioning network for no self-serving benefit.
There be unicorns and denial of human nature.
There is tussle in the real world, as so well explained in a David Clark's paper already linked in this thread. The technology evolution tussle could be the next section in the paper. Those who desire it, like Africa for lack IP addresses or like Operational Technology for lack of capabilities, vs. those who face a cost and no benefit, IOW, as you say, human nature, with those in need vs. those in a comfort zone. Like the paper says, the tussles in the internet reflect the real world. I see that tussle, rather than the tech or the claimed lack thereof, as a major reason for the stagnation, rather than the lack of capabilities to adapt the technologies, be it v4 or v6. But putting that blame on the technology lacks honesty. Another example: SLAAC (to Eduard's point today on this same thread). I agree that SLAAC is an unfortunate design with the eyes of 2020. But Address Auto Configuration was redesigned 10+ years ago to enable a deterministic knowledge by the network and provide equivalent to better control than DHCP. This would serve the needs that I have seen on this list. My view is that, if there was a desire to deploy any of that it would be done. Keep safe; Pascal
On 24Mar22, Pascal Thubert (pthubert) allegedly wrote:
Hello Mark:
Any such "transition plan" whether "working" or "straightforward" is logically impossible. Why anyone thinks such a mythical plan might yet be formulated some 20+ years after deploying any of ipv6, ipv4++ or ipv6-lite is absurd.
This is dishonest
My point is that if there was a real transition plan it would have been invented and executed by now and we'd all be on ipv6. Yet the reality is that here we are some 20 years later with no plan and no ubiquitous ipv6. How is that observation dishonest?
considering that I just proved on this very thread that such ideas existed
I don't know why you're conflating an idea with a plan - they are about as far away from each other as is possible. Frankly no one cares about ideas, they're a dime a dozen. A plan is an actionable, compelling and logical set of steps towards an end result. Do you have such a thing for moving everyone on the planet to ipv6? Here's a simple test of whether you have a plan or not. I'm connected via my legacy ipv4 ISP router completely oblivous to ipv6. How does your plan incentivise me to upgrade my router to support ipv6? When you have an answer to that, you might have a glimmer of a plan. Mark.
OK so you really did not read my post, even now. The tech I described was pure v4. It would pass your gateway. The only we can talk is that we listen to each other... Quoting the text so you do not need to look it up: " My frustration is that indeed (as a dev guy) we have been trying hard to serve users our best. We proposed a number of things in the IPv4 evolution direction that I see being asked on this list. For larger IPv4 space and smooth migration, I'm personally fond of the IP-in-IP variation that filed in 20+ years ago as US patent 7,356,031. Basically we reserve a /8, say, since it is so popular at this time, 240.0.0./8, and make it the "elevator shaft" between IPv4 realms. Say the current IPv4 Internet is realm 1, that Internet would have IP address 240.0.0.1/8 in the shaft, and would continue operating as is, without a change in hosts and routers for traffic staying inside the current Internet. Now say China builds realm 2; that Internet would have IP address 240.0.0.2/8 in the shaft. A host in the Internet that wants to talk to a host in China would require an update to parse new DNS double-A (realm, address) records to encapsulate the packet IP-in-IP, outer src= 240.0.0.1 outer dest=240.0.0.2. The router that serves the shaft at level 1 attracts 240.0.0.0/8 within realm 1 and routes up the elevator for more specific (host) routes within that prefix. The router that serves the shaft at level 2 attracts 240.0.0.2/32 inside the shaft; upon the said packet it would swap the inner and outer destination and the packet would reach the Chinese address with classical routing within realm 2. Routers serving the shaft need an update, but then, only those do. Obviously the host in China can only reply if its stack is updated to understand the format. But all the other hosts and routers in China can be classical IPv4 as we know them long as their traffic stays in China. To migrate to IPv6 what you can do is map the elevator shaft prefix in, say, 400::/3 (sadly cannot use F00/3 that would map 240 neatly but is already assigned). The current internet would own 400:1::/32, China would own 400:2::/32, etc... You encode the double-A of the host in the prefix, reserve a well known suffix for IPv4 mapped double-A, and you have an IPv6 address that can be mapped both ways statelessly. When migrating to v6, each IPv4 node that owns a public IPv4 address in one realm gets a full IPv6 /64 for free. " Now what? Pascal
-----Original Message----- From: NANOG <nanog-bounces+pthubert=cisco.com@nanog.org> On Behalf Of Mark Delany Sent: jeudi 24 mars 2022 12:45 To: nanog@nanog.org Subject: Re: V6 still not supported
On 24Mar22, Pascal Thubert (pthubert) allegedly wrote:
Hello Mark:
Any such "transition plan" whether "working" or "straightforward" is logically impossible. Why anyone thinks such a mythical plan might yet be formulated some 20+ years after deploying any of ipv6, ipv4++ or ipv6-lite is absurd.
This is dishonest
My point is that if there was a real transition plan it would have been invented and executed by now and we'd all be on ipv6. Yet the reality is that here we are some 20 years later with no plan and no ubiquitous ipv6. How is that observation dishonest?
considering that I just proved on this very thread that such ideas existed
I don't know why you're conflating an idea with a plan - they are about as far away from each other as is possible. Frankly no one cares about ideas, they're a dime a dozen.
A plan is an actionable, compelling and logical set of steps towards an end result. Do you have such a thing for moving everyone on the planet to ipv6?
Here's a simple test of whether you have a plan or not. I'm connected via my legacy ipv4 ISP router completely oblivous to ipv6. How does your plan incentivise me to upgrade my router to support ipv6?
When you have an answer to that, you might have a glimmer of a plan.
Mark.
Pascal Thubert \(pthubert\) via NANOG <nanog@nanog.org> wrote:
I'm personally fond of the IP-in-IP variation that filed in 20+ years ago as US patent 7,356,031.
No wonder -- you are listed as the co-inventor! Just the fact that it is patented (and the patent is still unexpired) would make it a disfavored candidate for an Internet transition technology. It was not nice of y'all to try to get a monopoly over nesting headers for making an overlay network that tunnels things to distant routers. You have to certify that your work is original in order to even apply for a patent. So, nobody had ever thought of that before y'all did? Really? John
Hello John You’ve got something dead wrong about the history of IPR, there’s certainly no idea of monopoly. What we do when there’s market interest is write an RFC and RAND the rights. There is 25 years of IETF history to prove that. Another angle is that the change is in the host stack for the most part and we have no play in it. Without freedom for open source implementation the idea can not succeed. You may wonder why we go through the hassle and cost? The history of MPLS would certainly enlighten you on that. This is not a world where you can live without defensive weapons. No one yet answered me on the technical aspects. That kind of baffles me. Keep safe; Pascal
Le 25 mars 2022 à 03:17, John Gilmore <gnu@toad.com> a écrit :
Pascal Thubert \(pthubert\) via NANOG <nanog@nanog.org> wrote:
I'm personally fond of the IP-in-IP variation that filed in 20+ years ago as US patent 7,356,031.
No wonder -- you are listed as the co-inventor!
Just the fact that it is patented (and the patent is still unexpired) would make it a disfavored candidate for an Internet transition technology.
It was not nice of y'all to try to get a monopoly over nesting headers for making an overlay network that tunnels things to distant routers. You have to certify that your work is original in order to even apply for a patent. So, nobody had ever thought of that before y'all did? Really?
John
A host in the Internet that wants to talk to a host in China would require an update to parse new DNS double-A (realm, address) records to encapsulate the p acket IP-in-IP, outer src= 240.0.0.1 outer dest=240.0.0.2. The router that ser ves the shaft at level 1 attracts 240.0.0.0/8 within realm 1 and routes up the elevator for more specific (host) routes within that prefix. The router that serves the shaft at level 2 attracts 240.0.0.2/32 inside the shaft; upon the s aid packet it would swap the inner and outer destination and the packet would reach the Chinese address with classical routing within realm 2.
Routers serving the shaft need an update, but then, only those do. Obviously t he host in China can only reply if its stack is updated to understand the form at. But all the other hosts and routers in China can be classical IPv4 as we k now them long as their traffic stays in China. To migrate to IPv6 what you can do is map the elevator shaft prefix in, say, 400::/3 (sadly cannot use F00/3 that would map 240 neatly but is already assigned).
The current internet would own 400:1::/32, China would own 400:2::/32, etc... You encode the double-A of the host in the prefix, reserve a well known suffix for IPv4 mapped double-A, and you have an IPv6 address that can be mapped bot h ways statelessly. When migrating to v6, each IPv4 node that owns a public IP v4 address in one realm gets a full IPv6 /64 for free. "
Somehow this sounds a lot like 6to4: packets get routed to special devices in the network and ISPs have little control over this. Not a popular architecture. Or another way to look at it is the resemblance with the ill fated 'Provider-Based Global Unicast Addresses' (RFC 1884, Section 2.4.7). This was not very popular either.
Hello Phil The only far ressemblance with 6to4 is the thing that was actually nice in the design, the automatic word in automatic tunnel. Which for the rest of us means stateless. Compared to CGNATs that is huge. Beyond that the proposal is not a tunnel and more akin to a nat64 since it allows v6 nodes to talk to v4 nodes. The network can be pure v4 or pure v6 if the method is implemented as a bump in the stack at the wrong end. Your response is also missing the capability to extend the IPv4 network a million times. Or drop it completely while maintaining IPv4 applications. 6to4 was meant for early v6 to interconnect islands. A solution for a problem that never really existed. Solutions without a problem aren’t usually popular. Apparently here there’s a real world problem to be solved. Sophisms are of no help. Regards, Pascal
Le 25 mars 2022 à 19:40, Philip Homburg <pch-nanog-2@u-1.phicoh.com> a écrit :
A host in the Internet that wants to talk to a host in China would require an update to parse new DNS double-A (realm, address) records to encapsulate the p acket IP-in-IP, outer src= 240.0.0.1 outer dest=240.0.0.2. The router that ser ves the shaft at level 1 attracts 240.0.0.0/8 within realm 1 and routes up the elevator for more specific (host) routes within that prefix. The router that serves the shaft at level 2 attracts 240.0.0.2/32 inside the shaft; upon the s aid packet it would swap the inner and outer destination and the packet would reach the Chinese address with classical routing within realm 2.
Routers serving the shaft need an update, but then, only those do. Obviously t he host in China can only reply if its stack is updated to understand the form at. But all the other hosts and routers in China can be classical IPv4 as we k now them long as their traffic stays in China. To migrate to IPv6 what you can do is map the elevator shaft prefix in, say, 400::/3 (sadly cannot use F00/3 that would map 240 neatly but is already assigned).
The current internet would own 400:1::/32, China would own 400:2::/32, etc... You encode the double-A of the host in the prefix, reserve a well known suffix for IPv4 mapped double-A, and you have an IPv6 address that can be mapped bot h ways statelessly. When migrating to v6, each IPv4 node that owns a public IP v4 address in one realm gets a full IPv6 /64 for free. "
Somehow this sounds a lot like 6to4: packets get routed to special devices in the network and ISPs have little control over this. Not a popular architecture.
Or another way to look at it is the resemblance with the ill fated 'Provider-Based Global Unicast Addresses' (RFC 1884, Section 2.4.7). This was not very popular either.
The only far ressemblance with 6to4 is the thing that was actually nice in the design, the automatic word in automatic tunnel. Which for the rest of us mean s stateless. Compared to CGNATs that is huge.
Any form of communication with the current IPv4 internet requires some sort of CGNAT. We no longer have enough IPv4 addresses to give each customer an unique one. So some ISPs are forced to map multiple customers to a single IPv4 address. Which results in CGNAT. Technically, A+P (address plus port) mapping is a bit different, but for the customer that doesn't make a lot of difference. And A+P has serious scalability problems.
Beyond that the proposal is not a tunnel and more akin to a nat64 since it all ows v6 nodes to talk to v4 nodes. The network can be pure v4 or pure v6 if the method is implemented as a bump in the stack at the wrong end.
You mostly ignored the routing problems I brought up. With NAT64 each ISP is in full control over all routing. Your problem has routing aspects that are not under control of the ISP.
Your response is also missing the capability to extend the IPv4 network a mill ion times. Or drop it completely while maintaining IPv4 applications.
Extending IPv4 is fine (except for the installed base of IPv6). It is not fine if the extension leads to problem in other areas, like routing. There are other problems to consider. For example, IPv6 can be added transparently to a network with legacy IPv4-only hosts. Hosts can get a public IPv6 address and a RFC 1918 IPv4 address. I wonder how in your approach such a mix of legacy and new hosts will work out.
6to4 was meant for early v6 to interconnect islands. A solution for a problem that never really existed. Solutions without a problem aren?t usually popular.
We seem to have a different recall of history. 6to4 was extremely popular. Popular enough that major content providers did not turn on IPv6 until host stacks were modified to essentially kill 6to4. (in case we are talking about different 6to4 protocols. I meant the one that interconnects with the non-6to4 IPv6 internet. So more than just islands)
Philip Homburg wrote:
Any form of communication with the current IPv4 internet requires some sort of CGNAT.
Any form of communication with the current IPv4/IPv6 mixed internet, except for dual stack, also requires some sort of NAT.
Technically, A+P (address plus port) mapping is a bit different, but for the customer that doesn't make a lot of difference.
A+P is equivalent to end to end NAT, though end to end NAT only needs plain IP routers behind gateways, whereas A+P requires routers with A+P routing capability for large (but not very large) number of hosts. As networks behind the gateways are local and not so large, it can not be a practical problem.
And A+P has serious scalability problems.
No, not at all. Masataka Ohta
Seems that we lost sync. I would not rephrase so I made it a draft to make it easy to socialize: https://www.ietf.org/archive/id/draft-thubert-v6ops-yada-yatt-00.html The goal is NOT to allow any IPv4 host to talk to any IPv6 host. For that I agree you need the traditional transition mechanisms, CG-NATs etc. The plan has 2 phases: - The first phase called YADA extends the reach of IPv4 using a common IPv4 space that is like an elevator shaft. /------------------------------------------------------ / / / |------------| realm 1 / / /. /. / / / . shaft / . (current IPv4 Internet) / / |------------| . / / . . . . / ------------------------------------------------------/ | . | | /-----|------------|--|-------------------------------- / | . | | / / | |---------|--| realm 2 / / | /. | /. / / |/ . shaft |/ . / / |------------| . / / . . . . / ------------------------------------------------------/ | . | | | . | | | | . | | . . . | . . | | . | | /-----|------------|--|-------------------------------- / | . | | / / | |---------|--| realm N / / | / | / / / |/ shaft |/ / / |------------| / / / ------------------------------------------------------/ There's more in the draft as to how forwarding happens. But only a few routers serving the shaft have to do anything and it's dead simple. In that phase, we can now have many realms that are parallel to the IPv4 Internet of today. IPv4 acts as normal in each realm. The phase upgrades IPv4 host to understand an IP in IP format that allows to traverse the shaft. At that time, scale is no more the issue for IPv4. - The second phase called YATT does a stateless translation between a v4 in v4 and a v6 address. No CG-NAT. +-----+---------------+--------------+-----------------------------+ |YATT | Realm | IPv4 | Well-Known | |Space| Address | Address | IID | +-----+- -------------+--------------+-----------------------------+ <- YADA Prefix -> <-------- YATT Prefix ----------> What it does is allow any node that needs to talk to a legacy device, to 1) obtain a YADA address (IPv4 pair), 2) form a YATT address (YADA derived IPv6 address), and talk to the YADA node, across any of v4 or v6 networks. A stateful bump in the stack can NAT the IP pairs into single Ips and back. A bump in the stack on the legacy host can NAT the IP pairs into single Ips as well. In that phase, IPv6 can be seen as the sphere that that encompasses the planes above, and a lot more. Every node that has a YADA address owns a full IPv6 prefix automatically. Nodes and networks can migrate to IPv6 only but the nodes that need to talk to IPv4 nodes need an YATT address for that. There will be corner cases, like well-known IPv4 coded in legacy application payload. For those arguably we'll need a stateful CG-NAT that knows the mapping in advance. But maybe those are not many, and will mostly stay within their realm. Am I being any clearer now? Keep safe; Pascal
-----Original Message----- From: NANOG <nanog-bounces+pthubert=cisco.com@nanog.org> On Behalf Of Philip Homburg Sent: samedi 26 mars 2022 12:24 To: nanog@nanog.org Subject: Re: V6 still not supported
The only far ressemblance with 6to4 is the thing that was actually nice in the design, the automatic word in automatic tunnel. Which for the rest of us mean s stateless. Compared to CGNATs that is huge.
Any form of communication with the current IPv4 internet requires some sort of CGNAT. We no longer have enough IPv4 addresses to give each customer an unique one. So some ISPs are forced to map multiple customers to a single IPv4 address. Which results in CGNAT. Technically, A+P (address plus port) mapping is a bit different, but for the customer that doesn't make a lot of difference. And A+P has serious scalability problems.
Beyond that the proposal is not a tunnel and more akin to a nat64 since it all ows v6 nodes to talk to v4 nodes. The network can be pure v4 or pure v6 if the method is implemented as a bump in the stack at the wrong end.
You mostly ignored the routing problems I brought up. With NAT64 each ISP is in full control over all routing. Your problem has routing aspects that are not under control of the ISP.
Your response is also missing the capability to extend the IPv4 network a mill ion times. Or drop it completely while maintaining IPv4 applications.
Extending IPv4 is fine (except for the installed base of IPv6). It is not fine if the extension leads to problem in other areas, like routing.
There are other problems to consider. For example, IPv6 can be added transparently to a network with legacy IPv4-only hosts. Hosts can get a public IPv6 address and a RFC 1918 IPv4 address. I wonder how in your approach such a mix of legacy and new hosts will work out.
6to4 was meant for early v6 to interconnect islands. A solution for a problem that never really existed. Solutions without a problem aren?t usually popular.
We seem to have a different recall of history. 6to4 was extremely popular. Popular enough that major content providers did not turn on IPv6 until host stacks were modified to essentially kill 6to4. (in case we are talking about different 6to4 protocols. I meant the one that interconnects with the non-6to4 IPv6 internet. So more than just islands)
[cid:image001.png@01D842A4.69CBE6F0] Hmm. -----Original Message----- From: NANOG <nanog-bounces+rkremeier=barryelectric.com@nanog.org> On Behalf Of Pascal Thubert (pthubert) via NANOG Sent: Monday, March 28, 2022 11:55 AM To: Philip Homburg <pch-nanog-2@u-1.phicoh.com>; nanog@nanog.org; 'jordi.palet' (jordi.palet@consulintel.es) <jordi.palet@consulintel.es> Subject: RE: V6 still not supported Seems that we lost sync. I would not rephrase so I made it a draft to make it easy to socialize: https://www.ietf.org/archive/id/draft-thubert-v6ops-yada-yatt-00.html The goal is NOT to allow any IPv4 host to talk to any IPv6 host. For that I agree you need the traditional transition mechanisms, CG-NATs etc. The plan has 2 phases: - The first phase called YADA extends the reach of IPv4 using a common IPv4 space that is like an elevator shaft. /------------------------------------------------------ / / / |------------| realm 1 / / /. /. / / / . shaft / . (current IPv4 Internet) / / |------------| . / / . . . . / ------------------------------------------------------/ | . | | /-----|------------|--|-------------------------------- / | . | | / / | |---------|--| realm 2 / / | /. | /. / / |/ . shaft |/ . / / |------------| . / / . . . . / ------------------------------------------------------/ | . | | | . | | | | . | | . . . | . . | | . | | /-----|------------|--|-------------------------------- / | . | | / / | |---------|--| realm N / / | / | / / / |/ shaft |/ / / |------------| / / / ------------------------------------------------------/ There's more in the draft as to how forwarding happens. But only a few routers serving the shaft have to do anything and it's dead simple. In that phase, we can now have many realms that are parallel to the IPv4 Internet of today. IPv4 acts as normal in each realm. The phase upgrades IPv4 host to understand an IP in IP format that allows to traverse the shaft. At that time, scale is no more the issue for IPv4. - The second phase called YATT does a stateless translation between a v4 in v4 and a v6 address. No CG-NAT. +-----+---------------+--------------+-----------------------------+ |YATT | Realm | IPv4 | Well-Known | |Space| Address | Address | IID | +-----+- -------------+--------------+-----------------------------+ <- YADA Prefix -> <-------- YATT Prefix ----------> What it does is allow any node that needs to talk to a legacy device, to 1) obtain a YADA address (IPv4 pair), 2) form a YATT address (YADA derived IPv6 address), and talk to the YADA node, across any of v4 or v6 networks. A stateful bump in the stack can NAT the IP pairs into single Ips and back. A bump in the stack on the legacy host can NAT the IP pairs into single Ips as well. In that phase, IPv6 can be seen as the sphere that that encompasses the planes above, and a lot more. Every node that has a YADA address owns a full IPv6 prefix automatically. Nodes and networks can migrate to IPv6 only but the nodes that need to talk to IPv4 nodes need an YATT address for that. There will be corner cases, like well-known IPv4 coded in legacy application payload. For those arguably we'll need a stateful CG-NAT that knows the mapping in advance. But maybe those are not many, and will mostly stay within their realm. Am I being any clearer now? Keep safe; Pascal
-----Original Message-----
From: NANOG <nanog-bounces+pthubert=cisco.com@nanog.org<mailto:nanog-bounces+pthubert=cisco.com@nanog.org>> On Behalf Of
Philip Homburg
Sent: samedi 26 mars 2022 12:24
To: nanog@nanog.org<mailto:nanog@nanog.org>
Subject: Re: V6 still not supported
The only far ressemblance with 6to4 is the thing that was actually
nice in the design, the automatic word in automatic tunnel. Which
for the rest of us mean s stateless. Compared to CGNATs that is huge.
Any form of communication with the current IPv4 internet requires some
sort of CGNAT. We no longer have enough IPv4 addresses to give each
customer an unique one. So some ISPs are forced to map multiple
customers to a single IPv4 address. Which results in CGNAT.
Technically,
A+P (address plus port) mapping is a bit different, but for the
A+customer
that doesn't make a lot of difference. And A+P has serious scalability
problems.
Beyond that the proposal is not a tunnel and more akin to a nat64
since it all ows v6 nodes to talk to v4 nodes. The network can be
pure v4 or pure v6 if the method is implemented as a bump in the
stack at the
wrong end.
You mostly ignored the routing problems I brought up. With NAT64 each
ISP is in full control over all routing. Your problem has routing
aspects that are not under control of the ISP.
Your response is also missing the capability to extend the IPv4
network a mill ion times. Or drop it completely while maintaining
IPv4
applications.
Extending IPv4 is fine (except for the installed base of IPv6). It is
not fine if the extension leads to problem in other areas, like routing.
There are other problems to consider. For example, IPv6 can be added
transparently to a network with legacy IPv4-only hosts. Hosts can get
a public IPv6 address and a RFC 1918 IPv4 address. I wonder how in
your approach such a mix of legacy and new hosts will work out.
6to4 was meant for early v6 to interconnect islands. A solution for a
problem that never really existed. Solutions without a problem aren?t
usually popular.
We seem to have a different recall of history. 6to4 was extremely
popular.
Popular enough that major content providers did not turn on IPv6 until
host stacks were modified to essentially kill 6to4. (in case we are
talking about different 6to4 protocols. I meant the one that
interconnects with the
non-6to4 IPv6 internet. So more than just islands)
I think this message is 4 days early. Owen
On Mar 28, 2022, at 11:03 , Ryland Kremeier <rkremeier@barryelectric.com> wrote:
Hmm.
-----Original Message----- From: NANOG <nanog-bounces+rkremeier=barryelectric.com@nanog.org <mailto:nanog-bounces+rkremeier=barryelectric.com@nanog.org>> On Behalf Of Pascal Thubert (pthubert) via NANOG Sent: Monday, March 28, 2022 11:55 AM To: Philip Homburg <pch-nanog-2@u-1.phicoh.com <mailto:pch-nanog-2@u-1.phicoh.com>>; nanog@nanog.org <mailto:nanog@nanog.org>; 'jordi.palet' (jordi.palet@consulintel.es <mailto:jordi.palet@consulintel.es>) <jordi.palet@consulintel.es <mailto:jordi.palet@consulintel.es>> Subject: RE: V6 still not supported
Seems that we lost sync.
I would not rephrase so I made it a draft to make it easy to socialize: https://www.ietf.org/archive/id/draft-thubert-v6ops-yada-yatt-00.html <https://www.ietf.org/archive/id/draft-thubert-v6ops-yada-yatt-00.html>
The goal is NOT to allow any IPv4 host to talk to any IPv6 host. For that I agree you need the traditional transition mechanisms, CG-NATs etc.
The plan has 2 phases:
- The first phase called YADA extends the reach of IPv4 using a common IPv4 space that is like an elevator shaft.
/------------------------------------------------------ / / / |------------| realm 1 / / /. /. / / / . shaft / . (current IPv4 Internet) / / |------------| . / / . . . . / ------------------------------------------------------/ | . | | /-----|------------|--|-------------------------------- / | . | | / / | |---------|--| realm 2 / / | /. | /. / / |/ . shaft |/ . / / |------------| . / / . . . . / ------------------------------------------------------/ | . | | | . | | | | . | | . . . | . . | | . | | /-----|------------|--|-------------------------------- / | . | | / / | |---------|--| realm N / / | / | / / / |/ shaft |/ / / |------------| / / / ------------------------------------------------------/
There's more in the draft as to how forwarding happens. But only a few routers serving the shaft have to do anything and it's dead simple. In that phase, we can now have many realms that are parallel to the IPv4 Internet of today. IPv4 acts as normal in each realm. The phase upgrades IPv4 host to understand an IP in IP format that allows to traverse the shaft. At that time, scale is no more the issue for IPv4.
- The second phase called YATT does a stateless translation between a v4 in v4 and a v6 address. No CG-NAT.
+-----+---------------+--------------+-----------------------------+ |YATT | Realm | IPv4 | Well-Known | |Space| Address | Address | IID | +-----+- -------------+--------------+-----------------------------+ <- YADA Prefix -> <-------- YATT Prefix ---------->
What it does is allow any node that needs to talk to a legacy device, to 1) obtain a YADA address (IPv4 pair), 2) form a YATT address (YADA derived IPv6 address), and talk to the YADA node, across any of v4 or v6 networks. A stateful bump in the stack can NAT the IP pairs into single Ips and back. A bump in the stack on the legacy host can NAT the IP pairs into single Ips as well.
In that phase, IPv6 can be seen as the sphere that that encompasses the planes above, and a lot more. Every node that has a YADA address owns a full IPv6 prefix automatically. Nodes and networks can migrate to IPv6 only but the nodes that need to talk to IPv4 nodes need an YATT address for that.
There will be corner cases, like well-known IPv4 coded in legacy application payload. For those arguably we'll need a stateful CG-NAT that knows the mapping in advance. But maybe those are not many, and will mostly stay within their realm.
Am I being any clearer now?
Keep safe;
Pascal
-----Original Message----- From: NANOG <nanog-bounces+pthubert=cisco.com@nanog.org <mailto:nanog-bounces+pthubert=cisco.com@nanog.org>> On Behalf Of Philip Homburg Sent: samedi 26 mars 2022 12:24 To: nanog@nanog.org <mailto:nanog@nanog.org> Subject: Re: V6 still not supported
The only far ressemblance with 6to4 is the thing that was actually nice in the design, the automatic word in automatic tunnel. Which for the rest of us mean s stateless. Compared to CGNATs that is huge.
Any form of communication with the current IPv4 internet requires some sort of CGNAT. We no longer have enough IPv4 addresses to give each customer an unique one. So some ISPs are forced to map multiple customers to a single IPv4 address. Which results in CGNAT. Technically, A+P (address plus port) mapping is a bit different, but for the A+customer that doesn't make a lot of difference. And A+P has serious scalability problems.
Beyond that the proposal is not a tunnel and more akin to a nat64 since it all ows v6 nodes to talk to v4 nodes. The network can be pure v4 or pure v6 if the method is implemented as a bump in the stack at the wrong end.
You mostly ignored the routing problems I brought up. With NAT64 each ISP is in full control over all routing. Your problem has routing aspects that are not under control of the ISP.
Your response is also missing the capability to extend the IPv4 network a mill ion times. Or drop it completely while maintaining IPv4 applications.
Extending IPv4 is fine (except for the installed base of IPv6). It is not fine if the extension leads to problem in other areas, like routing.
There are other problems to consider. For example, IPv6 can be added transparently to a network with legacy IPv4-only hosts. Hosts can get a public IPv6 address and a RFC 1918 IPv4 address. I wonder how in your approach such a mix of legacy and new hosts will work out.
6to4 was meant for early v6 to interconnect islands. A solution for a problem that never really existed. Solutions without a problem aren?t usually popular.
We seem to have a different recall of history. 6to4 was extremely popular. Popular enough that major content providers did not turn on IPv6 until host stacks were modified to essentially kill 6to4. (in case we are talking about different 6to4 protocols. I meant the one that interconnects with the non-6to4 IPv6 internet. So more than just islands)
Actually, Owen, now the day has come, I can say I love it. No one likes tradeoffs. No one wants to compromise. Ryland just told us we have a near perfect title for a spec that is bound to be hated. Keep safe; Pascal From: Owen DeLong <owen@delong.com> Sent: mercredi 30 mars 2022 22:33 To: Ryland Kremeier <rkremeier@barryelectric.com> Cc: Pascal Thubert (pthubert) <pthubert@cisco.com>; Philip Homburg <pch-nanog-2@u-1.phicoh.com>; nanog@nanog.org; 'jordi.palet' (jordi.palet@consulintel.es) <jordi.palet@consulintel.es> Subject: Re: V6 still not supported I think this message is 4 days early. Owen On Mar 28, 2022, at 11:03 , Ryland Kremeier <rkremeier@barryelectric.com<mailto:rkremeier@barryelectric.com>> wrote: [cid:image001.png@01D842A4.69CBE6F0] Hmm. -----Original Message----- From: NANOG <nanog-bounces+rkremeier=barryelectric.com@nanog.org<mailto:nanog-bounces+rkremeier=barryelectric.com@nanog.org>> On Behalf Of Pascal Thubert (pthubert) via NANOG Sent: Monday, March 28, 2022 11:55 AM To: Philip Homburg <pch-nanog-2@u-1.phicoh.com<mailto:pch-nanog-2@u-1.phicoh.com>>; nanog@nanog.org<mailto:nanog@nanog.org>; 'jordi.palet' (jordi.palet@consulintel.es<mailto:jordi.palet@consulintel.es>) <jordi.palet@consulintel.es<mailto:jordi.palet@consulintel.es>> Subject: RE: V6 still not supported Seems that we lost sync. I would not rephrase so I made it a draft to make it easy to socialize: https://www.ietf.org/archive/id/draft-thubert-v6ops-yada-yatt-00.html The goal is NOT to allow any IPv4 host to talk to any IPv6 host. For that I agree you need the traditional transition mechanisms, CG-NATs etc. The plan has 2 phases: - The first phase called YADA extends the reach of IPv4 using a common IPv4 space that is like an elevator shaft. /------------------------------------------------------ / / / |------------| realm 1 / / /. /. / / / . shaft / . (current IPv4 Internet) / / |------------| . / / . . . . / ------------------------------------------------------/ | . | | /-----|------------|--|-------------------------------- / | . | | / / | |---------|--| realm 2 / / | /. | /. / / |/ . shaft |/ . / / |------------| . / / . . . . / ------------------------------------------------------/ | . | | | . | | | | . | | . . . | . . | | . | | /-----|------------|--|-------------------------------- / | . | | / / | |---------|--| realm N / / | / | / / / |/ shaft |/ / / |------------| / / / ------------------------------------------------------/ There's more in the draft as to how forwarding happens. But only a few routers serving the shaft have to do anything and it's dead simple. In that phase, we can now have many realms that are parallel to the IPv4 Internet of today. IPv4 acts as normal in each realm. The phase upgrades IPv4 host to understand an IP in IP format that allows to traverse the shaft. At that time, scale is no more the issue for IPv4. - The second phase called YATT does a stateless translation between a v4 in v4 and a v6 address. No CG-NAT. +-----+---------------+--------------+-----------------------------+ |YATT | Realm | IPv4 | Well-Known | |Space| Address | Address | IID | +-----+- -------------+--------------+-----------------------------+ <- YADA Prefix -> <-------- YATT Prefix ----------> What it does is allow any node that needs to talk to a legacy device, to 1) obtain a YADA address (IPv4 pair), 2) form a YATT address (YADA derived IPv6 address), and talk to the YADA node, across any of v4 or v6 networks. A stateful bump in the stack can NAT the IP pairs into single Ips and back. A bump in the stack on the legacy host can NAT the IP pairs into single Ips as well. In that phase, IPv6 can be seen as the sphere that that encompasses the planes above, and a lot more. Every node that has a YADA address owns a full IPv6 prefix automatically. Nodes and networks can migrate to IPv6 only but the nodes that need to talk to IPv4 nodes need an YATT address for that. There will be corner cases, like well-known IPv4 coded in legacy application payload. For those arguably we'll need a stateful CG-NAT that knows the mapping in advance. But maybe those are not many, and will mostly stay within their realm. Am I being any clearer now? Keep safe; Pascal
-----Original Message----- From: NANOG <nanog-bounces+pthubert=cisco.com@nanog.org<mailto:nanog-bounces+pthubert=cisco.com@nanog.org>> On Behalf Of Philip Homburg Sent: samedi 26 mars 2022 12:24 To: nanog@nanog.org<mailto:nanog@nanog.org> Subject: Re: V6 still not supported
The only far ressemblance with 6to4 is the thing that was actually nice in the design, the automatic word in automatic tunnel. Which for the rest of us mean s stateless. Compared to CGNATs that is huge.
Any form of communication with the current IPv4 internet requires some sort of CGNAT. We no longer have enough IPv4 addresses to give each customer an unique one. So some ISPs are forced to map multiple customers to a single IPv4 address. Which results in CGNAT. Technically, A+P (address plus port) mapping is a bit different, but for the A+customer that doesn't make a lot of difference. And A+P has serious scalability problems.
Beyond that the proposal is not a tunnel and more akin to a nat64 since it all ows v6 nodes to talk to v4 nodes. The network can be pure v4 or pure v6 if the method is implemented as a bump in the stack at the wrong end.
You mostly ignored the routing problems I brought up. With NAT64 each ISP is in full control over all routing. Your problem has routing aspects that are not under control of the ISP.
Your response is also missing the capability to extend the IPv4 network a mill ion times. Or drop it completely while maintaining IPv4 applications.
Extending IPv4 is fine (except for the installed base of IPv6). It is not fine if the extension leads to problem in other areas, like routing.
There are other problems to consider. For example, IPv6 can be added transparently to a network with legacy IPv4-only hosts. Hosts can get a public IPv6 address and a RFC 1918 IPv4 address. I wonder how in your approach such a mix of legacy and new hosts will work out.
6to4 was meant for early v6 to interconnect islands. A solution for a problem that never really existed. Solutions without a problem aren?t usually popular.
We seem to have a different recall of history. 6to4 was extremely popular. Popular enough that major content providers did not turn on IPv6 until host stacks were modified to essentially kill 6to4. (in case we are talking about different 6to4 protocols. I meant the one that interconnects with the non-6to4 IPv6 internet. So more than just islands)
I had no idea that actually went through. That makes my morning much better knowing someone saw it hahaha. I'm all in on v6. Thank you, -- Ryland ________________________________ From: Pascal Thubert (pthubert) <pthubert@cisco.com> Sent: Friday, April 1, 2022 6:59:19 AM To: Owen DeLong <owen@delong.com>; Ryland Kremeier <rkremeier@barryelectric.com> Cc: Philip Homburg <pch-nanog-2@u-1.phicoh.com>; nanog@nanog.org <nanog@nanog.org>; 'jordi.palet' (jordi.palet@consulintel.es) <jordi.palet@consulintel.es> Subject: RE: V6 still not supported Actually, Owen, now the day has come, I can say I love it. No one likes tradeoffs. No one wants to compromise. Ryland just told us we have a near perfect title for a spec that is bound to be hated. Keep safe; Pascal From: Owen DeLong <owen@delong.com> Sent: mercredi 30 mars 2022 22:33 To: Ryland Kremeier <rkremeier@barryelectric.com> Cc: Pascal Thubert (pthubert) <pthubert@cisco.com>; Philip Homburg <pch-nanog-2@u-1.phicoh.com>; nanog@nanog.org; 'jordi.palet' (jordi.palet@consulintel.es) <jordi.palet@consulintel.es> Subject: Re: V6 still not supported I think this message is 4 days early. Owen On Mar 28, 2022, at 11:03 , Ryland Kremeier <rkremeier@barryelectric.com<mailto:rkremeier@barryelectric.com>> wrote: [cid:image001.png@01D842A4.69CBE6F0] Hmm. -----Original Message----- From: NANOG <nanog-bounces+rkremeier=barryelectric.com@nanog.org<mailto:nanog-bounces+rkremeier=barryelectric.com@nanog.org>> On Behalf Of Pascal Thubert (pthubert) via NANOG Sent: Monday, March 28, 2022 11:55 AM To: Philip Homburg <pch-nanog-2@u-1.phicoh.com<mailto:pch-nanog-2@u-1.phicoh.com>>; nanog@nanog.org<mailto:nanog@nanog.org>; 'jordi.palet' (jordi.palet@consulintel.es<mailto:jordi.palet@consulintel.es>) <jordi.palet@consulintel.es<mailto:jordi.palet@consulintel.es>> Subject: RE: V6 still not supported Seems that we lost sync. I would not rephrase so I made it a draft to make it easy to socialize: https://www.ietf.org/archive/id/draft-thubert-v6ops-yada-yatt-00.html The goal is NOT to allow any IPv4 host to talk to any IPv6 host. For that I agree you need the traditional transition mechanisms, CG-NATs etc. The plan has 2 phases: - The first phase called YADA extends the reach of IPv4 using a common IPv4 space that is like an elevator shaft. /------------------------------------------------------ / / / |------------| realm 1 / / /. /. / / / . shaft / . (current IPv4 Internet) / / |------------| . / / . . . . / ------------------------------------------------------/ | . | | /-----|------------|--|-------------------------------- / | . | | / / | |---------|--| realm 2 / / | /. | /. / / |/ . shaft |/ . / / |------------| . / / . . . . / ------------------------------------------------------/ | . | | | . | | | | . | | . . . | . . | | . | | /-----|------------|--|-------------------------------- / | . | | / / | |---------|--| realm N / / | / | / / / |/ shaft |/ / / |------------| / / / ------------------------------------------------------/ There's more in the draft as to how forwarding happens. But only a few routers serving the shaft have to do anything and it's dead simple. In that phase, we can now have many realms that are parallel to the IPv4 Internet of today. IPv4 acts as normal in each realm. The phase upgrades IPv4 host to understand an IP in IP format that allows to traverse the shaft. At that time, scale is no more the issue for IPv4. - The second phase called YATT does a stateless translation between a v4 in v4 and a v6 address. No CG-NAT. +-----+---------------+--------------+-----------------------------+ |YATT | Realm | IPv4 | Well-Known | |Space| Address | Address | IID | +-----+- -------------+--------------+-----------------------------+ <- YADA Prefix -> <-------- YATT Prefix ----------> What it does is allow any node that needs to talk to a legacy device, to 1) obtain a YADA address (IPv4 pair), 2) form a YATT address (YADA derived IPv6 address), and talk to the YADA node, across any of v4 or v6 networks. A stateful bump in the stack can NAT the IP pairs into single Ips and back. A bump in the stack on the legacy host can NAT the IP pairs into single Ips as well. In that phase, IPv6 can be seen as the sphere that that encompasses the planes above, and a lot more. Every node that has a YADA address owns a full IPv6 prefix automatically. Nodes and networks can migrate to IPv6 only but the nodes that need to talk to IPv4 nodes need an YATT address for that. There will be corner cases, like well-known IPv4 coded in legacy application payload. For those arguably we'll need a stateful CG-NAT that knows the mapping in advance. But maybe those are not many, and will mostly stay within their realm. Am I being any clearer now? Keep safe; Pascal
-----Original Message-----
From: NANOG <nanog-bounces+pthubert=cisco.com@nanog.org<mailto:nanog-bounces+pthubert=cisco.com@nanog.org>> On Behalf Of
Philip Homburg
Sent: samedi 26 mars 2022 12:24
To: nanog@nanog.org<mailto:nanog@nanog.org>
Subject: Re: V6 still not supported
The only far ressemblance with 6to4 is the thing that was actually
nice in the design, the automatic word in automatic tunnel. Which
for the rest of us mean s stateless. Compared to CGNATs that is huge.
Any form of communication with the current IPv4 internet requires some
sort of CGNAT. We no longer have enough IPv4 addresses to give each
customer an unique one. So some ISPs are forced to map multiple
customers to a single IPv4 address. Which results in CGNAT.
Technically,
A+P (address plus port) mapping is a bit different, but for the
A+customer
that doesn't make a lot of difference. And A+P has serious scalability
problems.
Beyond that the proposal is not a tunnel and more akin to a nat64
since it all ows v6 nodes to talk to v4 nodes. The network can be
pure v4 or pure v6 if the method is implemented as a bump in the
stack at the
wrong end.
You mostly ignored the routing problems I brought up. With NAT64 each
ISP is in full control over all routing. Your problem has routing
aspects that are not under control of the ISP.
Your response is also missing the capability to extend the IPv4
network a mill ion times. Or drop it completely while maintaining
IPv4
applications.
Extending IPv4 is fine (except for the installed base of IPv6). It is
not fine if the extension leads to problem in other areas, like routing.
There are other problems to consider. For example, IPv6 can be added
transparently to a network with legacy IPv4-only hosts. Hosts can get
a public IPv6 address and a RFC 1918 IPv4 address. I wonder how in
your approach such a mix of legacy and new hosts will work out.
6to4 was meant for early v6 to interconnect islands. A solution for a
problem that never really existed. Solutions without a problem aren?t
usually popular.
We seem to have a different recall of history. 6to4 was extremely
popular.
Popular enough that major content providers did not turn on IPv6 until
host stacks were modified to essentially kill 6to4. (in case we are
talking about different 6to4 protocols. I meant the one that
interconnects with the
non-6to4 IPv6 internet. So more than just islands)
This huge conversation has been fun to follow. I like my IPv6 transition plan: Instead of moving the mountains and breaking my back to migrate (by myself) my ENTIRE not-so-small organization to IPv6, I keep things going on IPv4 relatively burden-less to my organization till I retire. Then the contractor that comes in after me (certainly a contractor, because the pool of clueful people to hire is small and getting smaller) can execute the transition and make a killing by causing more problems, and draining budgets to fix those problems, which cause more problems, etc... in a nice vicious cycle. I could even decide to be said contractor! My CISO is on my side. He DEMANDS as critical components of his Security Posture: IPv4 NAT, and easier-to-type IPv4 ACL segmentation (clueful people to hire is small)! :) This plan continues to be self-validating. I like my plan. - Matt On Mar 24, 2022, at 5:44 AM, Mark Delany <k3f@november.emu.st<mailto:k3f@november.emu.st>> wrote: On 24Mar22, Pascal Thubert (pthubert) allegedly wrote: Hello Mark: Any such "transition plan" whether "working" or "straightforward" is logically impossible. Why anyone thinks such a mythical plan might yet be formulated some 20+ years after deploying any of ipv6, ipv4++ or ipv6-lite is absurd. This is dishonest My point is that if there was a real transition plan it would have been invented and executed by now and we'd all be on ipv6. Yet the reality is that here we are some 20 years later with no plan and no ubiquitous ipv6. How is that observation dishonest? considering that I just proved on this very thread that such ideas existed I don't know why you're conflating an idea with a plan - they are about as far away from each other as is possible. Frankly no one cares about ideas, they're a dime a dozen. A plan is an actionable, compelling and logical set of steps towards an end result. Do you have such a thing for moving everyone on the planet to ipv6? Here's a simple test of whether you have a plan or not. I'm connected via my legacy ipv4 ISP router completely oblivous to ipv6. How does your plan incentivise me to upgrade my router to support ipv6? When you have an answer to that, you might have a glimmer of a plan. Mark.
On 24 Mar 2022, at 5:19 AM, Mark Delany <k3f@november.emu.st> wrote:
On 24Mar22, Greg Skinner via NANOG allegedly wrote:
straightforward transition plan
in-hand working transition strategy
nor a straightforward transition
The words quoted above are mine, not Greg’s, so let’s send the blame in my direction not his… :-)
Any such "transition plan" whether "working" or "straightforward" is logically impossible.
That entirely depends on what is meant by “straightforward transition plan”… If one means a plan that provides that “Network ABC will transition on this date with this approach, and then Network JKL will transition using this approach, then network XYZ shall transition on this date, etc. ” then you are indeed correct – such a command-and-control approach is not "the Internet way", comrade. If by “straightforward transition plan” one means a clear and rational set of options that allows networks to plan their own migration from IPv4-only to IPv6, while maintaining connectivity to IPv4-only hosts and with a level of effort reasonable comparable to just running IPv4, then I would disagree, as such an "IPng transition plan” was achievable, expected, and we collectively failed to deliver on it (as noted below) The "Technical Criteria for Choosing IP The Next Generation (IPng)” [RFC1726] did have a specific requirement in this regard (see quoted section attached to this email), and that requirement postulated that “there will be IPv4 hosts on the Internet effectively forever. IPng must provide mechanisms to allow these hosts to communicate, even after IPng has become the dominant network layer protocol in the Internet.” It also noted that we must be able to run dual-stack with a comparable level of effort as IPv4-only, but that dual-stack alone was not sufficient and actual interoperability mechanisms would be required between IPv4 and IPng for IPng success. The IPng recommendation [RFC 1752, https://datatracker.ietf.org/doc/html/rfc1752] <https://datatracker.ietf.org/doc/html/rfc1752%5D> proceeded with the SIPP proposal as the basis for IPv6, just noting some weakness with respect to satisfying this IPng transition requirement – The biggest problem the reviewers had with SIPP was with IPAE, SIPP's transition plan. The overwhelming feeling was that IPAE is fatally flawed and could not be made to work reliably in an operational Internet. The work to meet this requirement was punted to a newly-defined IETF IPng Transition (NGTRANS) Working Group - the working group was to design the mechanisms to necessary for a straightforward transition of the Internet from IPv4 to IPv6 and to give advice on what procedures and techniques are preferred. NGTRANS did define a set of dual-stack and tunneling solutions [RFC 4213], but didn’t get to actual interoperability mechanisms or clear roadmap of options that would have met IPng’s requirement for straightforward transition plan. In fact, what happened instead is that dual-stack (aka “Ships in the Night” - both protocols should be able to run on the same host unaware of the others existence) ended up as the de facto IPv6 transition strategy, and anything more was left to be researcher/vendor/user defined… For those who want a really nice summary of the state of affairs on IPv6 transition around 2008 (more than 10 years after the IPng recommendation) I would suggest Geoff Huston’s "IPv6 Transition at IETF 72” summary in the IETF Journal <https://www.ietfjournal.org/ipv6-transition-at-ietf-72/ <https://www.ietfjournal.org/ipv6-transition-at-ietf-72/>> – as usual, Geoff does a great job with a rather complex topic. So instead of having a clear & straightforward menu of options for network operators on how to deploy IPv6 in parallel in their network without breaking anything (i.e. a set of coherent strategies to choose from that would have constituted a “a straightforward transition plan”), we ended up with an explosion of transition approaches in various states of functionality, side-effects, and maturity – the exact opposite of what a network operator wants to face when considering transitioning their production network to IPv6. There was even an attempt to inventory the various solutions - https://www.ietf.org/archive/id/draft-jankiewicz-v6ops-v4v6biblio-03.txt <https://www.ietf.org/archive/id/draft-jankiewicz-v6ops-v4v6biblio-03.txt> – but keeping track of them all is akin to counting tribbles so I don’t believe it was ever published. Luckily, necessity is the mother of invention, and those whose operators experiencing the most significant network growth have figured out the particular protocols and techniques necessary for their transition to IPv6. Of course, that also meant each operator and their vendors have to work out all of the inevitable interactions with other protocols, security aspects, etc. anew with their particular chosen approach and selected technologies – hence why even to this day there is not a standard “cookbook” or “straightforward transition plan” for networks on how to deploy IPv6. I’ll be the first to admit that there are many networks that have sufficient complexity or unique aspects that warrant their own custom plan for IPv6, but disbelieve that the majority of network operators could not benefit from a clear set of standardized transition approaches for IPv6 rollout. (Alas, Internet standards work has generally taken a “let a thousand flowers bloom” approach to such matters, despite the IPng requirement to the contrary.) FYI, /John ==== Excerpt - "Technical Criteria for Choosing IP The Next Generation (IPng)” <https://datatracker.ietf.org/doc/html/rfc1726 <https://datatracker.ietf.org/doc/html/rfc1726>> 5.5 <https://datatracker.ietf.org/doc/html/rfc1726#section-5.5> Transition CRITERION The protocol must have a straightforward transition plan from the current IPv4. DISCUSSION A smooth, orderly, transition from IPv4 to IPng is needed. If we can't transition to the new protocol, then no matter how wonderful it is, we'll never get to it. We believe that it is not possible to have a "flag-day" form of transition in which all hosts and routers must change over at once. The size, complexity, and distributed administration of the Internet make such a cutover impossible. Rather, IPng will need to co-exist with IPv4 for some period of time. There are a number of ways to achieve this co-existence such as requiring hosts to support two stacks, converting between protocols, or using backward compatible extensions to IPv4. Each scheme has its strengths and weaknesses, which have to be weighed. Furthermore, we note that, in all probability, there will be IPv4 hosts on the Internet effectively forever. IPng must provide mechanisms to allow these hosts to communicate, even after IPng has become the dominant network layer protocol in the Internet. The absence of a rational and well-defined transition plan is not acceptable. Indeed, the difficulty of running a network that is transitioning from IPv4 to IPng must be minimized. (A good target is that running a mixed IPv4-IPng network should be no more and preferably less difficult than running IPv4 in parallel with existing non-IP protocols). Furthermore, a network in transition must still be robust. IPng schemes which maximize stability and connectivity in mixed IPv4- IPng networks are preferred. Finally, IPng is expected to evolve over time and therefore, it must be possible to have multiple versions of IPng, some in production use, some in experimental, developmental, or evaluation use, to coexist on the network. Transition plans must address this issue. Partridge and Kastenholz [Page 12] RFC 1726 <https://datatracker.ietf.org/doc/html/rfc1726> IPng Technical Criteria December 1994 The transition plan must address the following general areas of the Internet's infrastructure: Host Protocols and Software Router Protocols and Software Security and Authentication Domain Name System Network Management Operations Tools (e.g., Ping and Traceroute) Operations and Administration procedures The impact on protocols which use IP addresses as data (e.g., DNS, distributed file systems, SNMP and FTP) must be specifically addressed. The transition plan should address the issue of cost distribution. That is, it should identify what tasks are required of the service providers, of the end users, of the backbones and so on. Time Frame A transition plan is required immediately. ===
If by ?straightforward transition plan? one means a clear and rational set of options that allows networks to plan their own migration from IPv4-only to IPv 6, while maintaining connectivity to IPv4-only hosts and with a level of effor t reasonable comparable to just running IPv4, then I would disagree, as such a n "IPng transition plan? was achievable, expected, and we collectively failed to deliver on it (as noted below)
I'm a bit confused about the achievable part. Obviously, the adoption of IPv6 without a clear transition plan was a process failure. However, it is not clear to me that waiting a few years would have brought something much better. And waiting more than a decade would mean that today there would not be a mature IPv6. Transition to IPv6 so far seems to have consisted of 3 phases: 1) Lots of tunnels due lack of a wide spread IPv6 backbone. 2) Early adopters being happy that they can run IPv6 native, usually as dual stack. 3) Lots of people looking into IPv6-only. I'd say 1) mostly worked. 6to4 was a bit of mess. But otherwise tunnels worked. Obviously, deploying IPv6 using tunnels is a lot more complex than deploying native IPv4 without NAT.
From a technical perspective 2) just works. From an operational perspective it is about twice as expensive as IPv4-only. So 2) is popular with people who really want IPv6.
The big issue is 3). If we look at the current internet, there are parties who lack IPv4 addresses and want to switch to IPv6. Obviously, they want to be IPv6-only. The lack of IPv4 address makes dual stack even harder. On the other hand, there are parties who have enough IPv4 addresses and have no reason to switch to IPv6. So we are clearly in the situation of 'migration from IPv4-only to IPv6, while maintaining connectivity to IPv4-only hosts' It should be clear that an IPv4-only host only speaks IPv4. This means that communication with an IPv4-only host has to be IPv4. So either the IPv6-only host or something in the network has to speak IPv4. If the IPv6 host speaks IPv4 then we get dual stack, which has been rejected as a broken solution. Technically, it is also possible to tunnel IPv4 packets, then the host is in some sense dual stack, but most of the network is not. However, automatic tunnel configuration is hard, and tunnels tend to be fragile. So the only option is a device in the network that translates between IPv6 and IPv4. Currently we have such a protocol, NAT64. And from a technical point of view it is a disaster. Looking back, we can say that the only feature of IPv6 that makes people invest in IPv6 is the bigger address space. So it is safe to say that most of the internet would have waited to invest in IPv6 until we were (almost) out of IPv4 addresses. So by its very nature this transation between IPv6 and IPv4 would have NAT component. In my opinion, It is clear that during the time IPv6 was developed, any solution involving NAT would have been rejected. So I'm confused, what transition technology was achievable (also in the political sense) but not delivered? If there is a magical transition technology that allows an IPv6-only host to talk to an IPv4-only host, then let's deploy it.
On 25 Mar 2022, at 2:27 PM, Philip Homburg <pch-nanog-2@u-1.phicoh.com> wrote:
If by ?straightforward transition plan? one means a clear and rational set of options that allows networks to plan their own migration from IPv4-only to IPv 6, while maintaining connectivity to IPv4-only hosts and with a level of effor t reasonable comparable to just running IPv4, then I would disagree, as such a n "IPng transition plan? was achievable, expected, and we collectively failed to deliver on it (as noted below)
I'm a bit confused about the achievable part.
Obviously, the adoption of IPv6 without a clear transition plan was a process failure. However, it is not clear to me that waiting a few years would have brought something much better. And waiting more than a decade would mean that today there would not be a mature IPv6. ... The big issue is 3). If we look at the current internet, there are parties who lack IPv4 addresses and want to switch to IPv6. Obviously, they want to be IPv6-only. The lack of IPv4 address makes dual stack even harder. On the other hand, there are parties who have enough IPv4 addresses and have no reason to switch to IPv6.
So we are clearly in the situation of 'migration from IPv4-only to IPv6, while maintaining connectivity to IPv4-only hosts'
Correct (although I will also point out that having zero IPv4 addresses isn’t really the problem but rather “not enough IPv4 space for their networking needs” – in the ARIN region, for example, organizations can obtain a small amount of IPv4 address space specifically for purposes of IPv6 transition technology use - it’s quite necessary for nearly any IPv6/IPv6 interoperability solution since they need to have an IPv4-facing interfaces)
It should be clear that an IPv4-only host only speaks IPv4. This means that communication with an IPv4-only host has to be IPv4. So either the IPv6-only host or something in the network has to speak IPv4. If the IPv6 host speaks IPv4 then we get dual stack, which has been rejected as a broken solution. Technically, it is also possible to tunnel IPv4 packets, then the host is in some sense dual stack, but most of the network is not. However, automatic tunnel configuration is hard, and tunnels tend to be fragile.
So the only option is a device in the network that translates between IPv6 and IPv4. Currently we have such a protocol, NAT64. And from a technical point of view it is a disaster.
We actually have an abundance of technical solutions that provide some degree of IPv6/IPv4 interoperability, all with various tradeoffs, and which address various deployment scenarios such as whether the network service has involvement in the individual CPE, DNS resolution, ability to alter/profile applications, etc… it’s a rather complex mess, and there’s far more solutions in use that just NAT64.
Looking back, we can say that the only feature of IPv6 that makes people invest in IPv6 is the bigger address space. So it is safe to say that most of the internet would have waited to invest in IPv6 until we were (almost) out of IPv4 addresses. So by its very nature this transation between IPv6 and IPv4 would have NAT component.
<chuckle> Full agreement there… one would have expected a strong focused effort in making a small number of standard NAT-based interoperability protocols for IPng, including working through the transition scenario implications.
In my opinion, It is clear that during the time IPv6 was developed, any solution involving NAT would have been rejected.
Pretty much correct… As you may be aware, there was a large focus on tunnel-bases solutions (so that various islands of IPv6 exploration could be interconnected) but actual NAT-based interoperability wasn’t in the cards.
So I'm confused, what transition technology was achievable (also in the political sense) but not delivered?
Well, I think you’ve hit the nail on the head - we certainly could have delivered on the actual IPng technical requirements for a straightforward transition plan (and ended up with a short finite number of well-tested protocols with far more attention paid to them starting 10 years earlier in the process) rather than present cornucopia of last-minute solutions of various technical strength – alas, taking that path of actually working on NAT-based interoperability solutions did not align with the culture/politics of the IETF.
If there is a magical transition technology that allows an IPv6-only host to talk to an IPv4-only host, then let's deploy it.
DNS64/NAT64, DS-Lite, 6rd, 464XLAT, MAP-T, MAP-E, … pick a transition protocol and see what happens! (with more coming every year...) FYI, /John
If there is a magical transition technology that allows an IPv6-only host t o talk to an IPv4-only host, then let's deploy it.
DNS64/NAT64, DS-Lite, 6rd, 464XLAT, MAP-T, MAP-E, ? pick a transition protocol and see what happens! (with more coming every year...)
The problem with these is that they are not full solutions. That's why we get new ones every year: everybody picks the subset of the problem they want solve. To go over the ones you listed: - 6rd. That's the odd one out here. 6rd privdes IPv6 over an IPv4 infrastructure. Very useful when there was not a lot of IPv6 native. Not a good approach for organisations that lack IPv4 addresses. Also not a good approach if you want to switch off IPv4 at some point. - DS-Lite, MAP-T, MAP-E. Good for connecting CPEs to IPv4aaS over an IPv6-only backbone. Downstream from the CPE is dual stack. For this reason those protocols do not see much use outside ISP networks. Got a great transition technology because hosts will keep IPv4 until the last IPv4 on the internet is gone. It is a bit of an IETF failure that we have so many ways to connect a CPE to IPv4aaS. - NAT64/DNS64. This is the closest to an actual transition technology. Unfortunately it is completely flawed in too many ways. - 464XLAT fixes many issues with NAT64/DNS64. The downside is again that hosts have to have an IPv4 stack until forever and in addition to that a complex IPv4-to-IPv6 translation module. That fails the requirement that an IPv6 stack should have roughly the same complexity as IPv4 and talk to IPv4-only. Basically, there is no solution to the transition problem. There are lots of partial solutions, each with their own advantages and disadvantages. If we could go back in time, then developing NAT64 along with IPv6 and making sure the translation really works including edge cases like IPv4 literals, DNS A records, NAT traversal, etc. would have made a difference. I don't know if such translation gateways were considered, I can't recall much discussion about them. By the time the IPv6 socket API was created it was already too late to get things like IPv4 literals right.
On 26 Mar 2022, at 21:51, Philip Homburg <pch-nanog-2@u-1.phicoh.com> wrote:
If there is a magical transition technology that allows an IPv6-only host t o talk to an IPv4-only host, then let's deploy it.
DNS64/NAT64, DS-Lite, 6rd, 464XLAT, MAP-T, MAP-E, ? pick a transition protocol and see what happens! (with more coming every year...)
The problem with these is that they are not full solutions. That's why we get new ones every year: everybody picks the subset of the problem they want solve.
To go over the ones you listed: - 6rd. That's the odd one out here. 6rd privdes IPv6 over an IPv4 infrastructure. Very useful when there was not a lot of IPv6 native. Not a good approach for organisations that lack IPv4 addresses. Also not a good approach if you want to switch off IPv4 at some point. - DS-Lite, MAP-T, MAP-E. Good for connecting CPEs to IPv4aaS over an IPv6-only backbone. Downstream from the CPE is dual stack. For this reason those protocols do not see much use outside ISP networks. Got a great transition technology because hosts will keep IPv4 until the last IPv4 on the internet is gone. It is a bit of an IETF failure that we have so many ways to connect a CPE to IPv4aaS. - NAT64/DNS64. This is the closest to an actual transition technology. Unfortunately it is completely flawed in too many ways. - 464XLAT fixes many issues with NAT64/DNS64. The downside is again that hosts have to have an IPv4 stack until forever and in addition to that a complex IPv4-to-IPv6 translation module. That fails the requirement that an IPv6 stack should have roughly the same complexity as IPv4 and talk to IPv4-only.
Basically, there is no solution to the transition problem. There are lots of partial solutions, each with their own advantages and disadvantages.
If we could go back in time, then developing NAT64 along with IPv6 and making sure the translation really works including edge cases like IPv4 literals, DNS A records, NAT traversal, etc. would have made a difference.
I don't know if such translation gateways were considered, I can't recall much discussion about them. By the time the IPv6 socket API was created it was already too late to get things like IPv4 literals right.
DS-Lite was designed to be implemented in the node. You can run IPv6-only everywhere in your network. It is simple IPv4 in IPv6 encapsulation. There was a DHCPv6 option to tell the node how to configure the remote IPv6 tunnel end point and everything else had defaults. You could implement this in stack that only presented IPv6 to the application using IPv4 mapped address. You use getaddrinfo with AI_V4MAPPED set for domain names and address literals which should preference IPv6 over mapped IPv4 moving the traffic to IPv6. Yes, you still have a stub IPv4 implementation. All this was available before DNS64/NAT64, MAP-E, MAP-T, and 464XLAT. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Hi Mark and all: Indeed, we have a plethora of IPv4 encapsulation and 4-to-6 techniques. I read somewhere down the threads that we (at IETF) made a "stupendously" bad bet thinking that IPv6 would be generalized quickly thanks to those techniques. Being partially guilty of that (e.g., but not limited to, USPTO 7,443,880 filed in 2004 that became 464XLAT), I can see that the 4-to-6 step involving CG NATs and all was a too big step to be taken. It's not a step, it's a 100m jump. Looking at it from a distance, I came to challenge that it is even a requirement to the transition plan. If we look at it, a stack that is not capable of IPv6 is now a legacy stack. It's ultimate goal is probably to connect a legacy IPv4 client application to a legacy IPv4 server and it will not need anything more in its whole life. For that use case, both app and server can live forever as they are, as far as the plan is concerned, provided that we continue to give them a 464XLAT or a DSlite tunnel, which is not that hard if the numbers are counted. If we accept that connecting that legacy device with any future IPv6-only application is effectively a non-goal, then we open the thought process to a migration that takes several baby steps, each step easy to make, as opposed to the large one that proved unfeasible in 20 years. Instead, what we really want for this plan is to design feasible baby steps, each representing connectivity between a level of evolution and the next, BUT NOT attempting to provide connectivity between the first level (legacy IPv4 only app) and the ultimate level (IPv6-only networks and servers). Something like 1<->2<->..<->N as opposed to 1<->N which proved unfeasible. My view of the steps we'd need to make: - extend the size of public IPv4 addressable realms. I read the ask in many threads in this list - extend that to some IPv6-only end-points leveraging the above - extend that to generic IPv6 With design constraints that make this deployable: - allow IPv4-only network domains - allow IPv6-only network domains - use stateless NATs only - allow the NAT to be anywhere from bump in the stack to X-only realm borders Does this seem desirable to you? If so, yes, we can make that happen. Then we'll see how the IPvx domains play GO together, based on real usefulness vs cost. Pascal
-----Original Message----- From: NANOG <nanog-bounces+pthubert=cisco.com@nanog.org> On Behalf Of Mark Andrews Sent: jeudi 31 mars 2022 1:32 To: NANOG <nanog@nanog.org> Subject: Re: A straightforward transition plan (was: Re: V6 still not supported)
On 26 Mar 2022, at 21:51, Philip Homburg <pch-nanog-2@u-1.phicoh.com> wrote:
If there is a magical transition technology that allows an IPv6-only host t o talk to an IPv4-only host, then let's deploy it.
DNS64/NAT64, DS-Lite, 6rd, 464XLAT, MAP-T, MAP-E, ? pick a transition protocol and see what happens! (with more coming every year...)
The problem with these is that they are not full solutions. That's why we get new ones every year: everybody picks the subset of the problem they want solve.
To go over the ones you listed: - 6rd. That's the odd one out here. 6rd privdes IPv6 over an IPv4 infrastructure. Very useful when there was not a lot of IPv6 native. Not a good approach for organisations that lack IPv4 addresses. Also not a good approach if you want to switch off IPv4 at some point. - DS-Lite, MAP-T, MAP-E. Good for connecting CPEs to IPv4aaS over an IPv6-only backbone. Downstream from the CPE is dual stack. For this reason those protocols do not see much use outside ISP networks. Got a great transition technology because hosts will keep IPv4 until the last IPv4 on the internet is gone. It is a bit of an IETF failure that we have so many ways to connect a CPE to IPv4aaS. - NAT64/DNS64. This is the closest to an actual transition technology. Unfortunately it is completely flawed in too many ways. - 464XLAT fixes many issues with NAT64/DNS64. The downside is again that hosts have to have an IPv4 stack until forever and in addition to that a complex IPv4-to-IPv6 translation module. That fails the requirement that an IPv6 stack should have roughly the same complexity as IPv4 and talk to IPv4-only.
Basically, there is no solution to the transition problem. There are lots of partial solutions, each with their own advantages and disadvantages.
If we could go back in time, then developing NAT64 along with IPv6 and making sure the translation really works including edge cases like IPv4 literals, DNS A records, NAT traversal, etc. would have made a difference.
I don't know if such translation gateways were considered, I can't recall much discussion about them. By the time the IPv6 socket API was created it was already too late to get things like IPv4 literals right.
DS-Lite was designed to be implemented in the node. You can run IPv6-only everywhere in your network. It is simple IPv4 in IPv6 encapsulation. There was a DHCPv6 option to tell the node how to configure the remote IPv6 tunnel end point and everything else had defaults. You could implement this in stack that only presented IPv6 to the application using IPv4 mapped address. You use getaddrinfo with AI_V4MAPPED set for domain names and address literals which should preference IPv6 over mapped IPv4 moving the traffic to IPv6. Yes, you still have a stub IPv4 implementation. All this was available before DNS64/NAT64, MAP-E, MAP-T, and 464XLAT.
Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
I don't think we can say that NAT64 is a disaster. I will say so if we want to keep IPv4 only hosts in the "6" side, of course it doesn't work. However, that's why we moved further with 464XLAT. And the demonstration is that most of the operators are using it. I think in your picture you're missing 2 phases: 4) IPv6-only with IPv4aaS (we have 5 technologies, see RFC8585 for a summary of what is needed in the CPEs), when there is still a significant amount of IPv4 traffic in the customer LANs. 5) IPv6-only with IPv4aaS when IPv4 traffic is residual in most of the customers LANs. How fast we move to this phase depends on more and more devices, and apps using IPv6. The advantage is: a) The job is done in the CPE (no need for a more powerful one, etc.), customers are not aware of it. Part of the job is done in the operators networks, of course, but it is comparable and much cheaper, in terms of OpEx and CapEx, to alternatives such as dual-stack or NAT444/CGN. b) When moving to 5 above, the operators can measure the reduction on the usage of the NAT64 (in the case of 464XLAT), and even in the usage of IPv4 public addresses, so they can transfer them, so laggers can use them for their own transition. On the side of the customers, there is nothing to do. You may remove IPv4, but actually is not costing you "anything" to keep it. Regards, Jordi @jordipalet El 28/3/22, 15:23, "NANOG en nombre de Philip Homburg" <nanog-bounces+jordi.palet=consulintel.es@nanog.org en nombre de pch-nanog-2@u-1.phicoh.com> escribió: >If by ?straightforward transition plan? one means a clear and rational set of >options that allows networks to plan their own migration from IPv4-only to IPv >6, while maintaining connectivity to IPv4-only hosts and with a level of effor >t reasonable comparable to just running IPv4, then I would disagree, as such a >n "IPng transition plan? was achievable, expected, and we collectively failed >to deliver on it (as noted below) I'm a bit confused about the achievable part. Obviously, the adoption of IPv6 without a clear transition plan was a process failure. However, it is not clear to me that waiting a few years would have brought something much better. And waiting more than a decade would mean that today there would not be a mature IPv6. Transition to IPv6 so far seems to have consisted of 3 phases: 1) Lots of tunnels due lack of a wide spread IPv6 backbone. 2) Early adopters being happy that they can run IPv6 native, usually as dual stack. 3) Lots of people looking into IPv6-only. I'd say 1) mostly worked. 6to4 was a bit of mess. But otherwise tunnels worked. Obviously, deploying IPv6 using tunnels is a lot more complex than deploying native IPv4 without NAT. From a technical perspective 2) just works. From an operational perspective it is about twice as expensive as IPv4-only. So 2) is popular with people who really want IPv6. The big issue is 3). If we look at the current internet, there are parties who lack IPv4 addresses and want to switch to IPv6. Obviously, they want to be IPv6-only. The lack of IPv4 address makes dual stack even harder. On the other hand, there are parties who have enough IPv4 addresses and have no reason to switch to IPv6. So we are clearly in the situation of 'migration from IPv4-only to IPv6, while maintaining connectivity to IPv4-only hosts' It should be clear that an IPv4-only host only speaks IPv4. This means that communication with an IPv4-only host has to be IPv4. So either the IPv6-only host or something in the network has to speak IPv4. If the IPv6 host speaks IPv4 then we get dual stack, which has been rejected as a broken solution. Technically, it is also possible to tunnel IPv4 packets, then the host is in some sense dual stack, but most of the network is not. However, automatic tunnel configuration is hard, and tunnels tend to be fragile. So the only option is a device in the network that translates between IPv6 and IPv4. Currently we have such a protocol, NAT64. And from a technical point of view it is a disaster. Looking back, we can say that the only feature of IPv6 that makes people invest in IPv6 is the bigger address space. So it is safe to say that most of the internet would have waited to invest in IPv6 until we were (almost) out of IPv4 addresses. So by its very nature this transation between IPv6 and IPv4 would have NAT component. In my opinion, It is clear that during the time IPv6 was developed, any solution involving NAT would have been rejected. So I'm confused, what transition technology was achievable (also in the political sense) but not delivered? If there is a magical transition technology that allows an IPv6-only host to talk to an IPv4-only host, then let's deploy it. ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
On Mon, Mar 28, 2022 at 6:22 AM Philip Homburg <pch-nanog-2@u-1.phicoh.com> wrote:
If by ?straightforward transition plan? one means a clear and rational set of options that allows networks to plan their own migration from IPv4-only to IPv 6, while maintaining connectivity to IPv4-only hosts and with a level of effor t reasonable comparable to just running IPv4, then I would disagree, as such a n "IPng transition plan? was achievable, expected, and we collectively failed to deliver on it (as noted below)
I'm a bit confused about the achievable part.
Obviously, the adoption of IPv6 without a clear transition plan was a process failure. However, it is not clear to me that waiting a few years would have brought something much better. And waiting more than a decade would mean that today there would not be a mature IPv6.
Transition to IPv6 so far seems to have consisted of 3 phases: 1) Lots of tunnels due lack of a wide spread IPv6 backbone. 2) Early adopters being happy that they can run IPv6 native, usually as dual stack. 3) Lots of people looking into IPv6-only.
I'd say 1) mostly worked. 6to4 was a bit of mess. But otherwise tunnels worked. Obviously, deploying IPv6 using tunnels is a lot more complex than deploying native IPv4 without NAT. From a technical perspective 2) just works. From an operational perspective it is about twice as expensive as IPv4-only. So 2) is popular with people who really want IPv6.
The big issue is 3). If we look at the current internet, there are parties who lack IPv4 addresses and want to switch to IPv6. Obviously, they want to be IPv6-only. The lack of IPv4 address makes dual stack even harder. On the other hand, there are parties who have enough IPv4 addresses and have no reason to switch to IPv6.
So we are clearly in the situation of 'migration from IPv4-only to IPv6, while maintaining connectivity to IPv4-only hosts'
It should be clear that an IPv4-only host only speaks IPv4. This means that communication with an IPv4-only host has to be IPv4. So either the IPv6-only host or something in the network has to speak IPv4. If the IPv6 host speaks IPv4 then we get dual stack, which has been rejected as a broken solution. Technically, it is also possible to tunnel IPv4 packets, then the host is in some sense dual stack, but most of the network is not. However, automatic tunnel configuration is hard, and tunnels tend to be fragile.
So the only option is a device in the network that translates between IPv6 and IPv4. Currently we have such a protocol, NAT64. And from a technical point of view it is a disaster.
I think what you mean to say is you don’t like NAT64. You may also be trying to say you disapprove of how history unfolded. Fair. But it may be worth acknowledge that some small and some very large (100M mobiles, growing FWA broadband business) have happily operated NAT64 for coming on 10 years with no problems or regrets. Yes, we would like the internet to be on a single unified and high scale address family, but we all play the hand we are dealt.
Looking back, we can say that the only feature of IPv6 that makes people invest in IPv6 is the bigger address space. So it is safe to say that most of the internet would have waited to invest in IPv6 until we were (almost) out of IPv4 addresses. So by its very nature this transation between IPv6 and IPv4 would have NAT component.
In my opinion, It is clear that during the time IPv6 was developed, any solution involving NAT would have been rejected.
So I'm confused, what transition technology was achievable (also in the political sense) but not delivered?
If there is a magical transition technology that allows an IPv6-only host to talk to an IPv4-only host, then let's deploy it.
Philip Homburg wrote:
It should be clear that an IPv4-only host only speaks IPv4. This means that communication with an IPv4-only host has to be IPv4.
This did not have to be true, had there been an extension/option standardized at the same time as IPv6 for IPv4 packets to be gateway'd into IPv6 transparently and efficiently (thru any dual stacked host/router), than at this point we would have likely been looking at 4 classes of nodes - IPv4 only, legacy, requires translation to communicate directly with ipv6 - IPv4 only, extended, just needs a gateway to communicate directly with IPv6 - Dual Stack - IPv6 only Such additional functionality, could have been organically updated into most major OS's without any required network topology changes. Joe
Hi John, So, It was assumed that IPv4 depletion would effectively lead to the adoption of IPv6. This has not been the case in the last decade save for a very few countries in the world. It was also assumed that IPv6 only networks would crop all over the place as a result, providing the same interconnectivity benefits enjoyed by the IPv4 internet. Out of curiosity,did the emergency of transfer markets slow IPNG adoption while creating prolonged dependence on IPv4? Cheers, *.**/noah* On Thu, Mar 24, 2022 at 4:03 PM John Curran <jcurran@istaff.org> wrote:
On 24 Mar 2022, at 5:19 AM, Mark Delany <k3f@november.emu.st> wrote:
On 24Mar22, Greg Skinner via NANOG allegedly wrote:
straightforward transition plan
in-hand working transition strategy
nor a straightforward transition
The words quoted above are mine, not Greg’s, so let’s send the blame in my direction not his… :-)
Any such "transition plan" whether "working" or "straightforward" is logically impossible.
That entirely depends on what is meant by “straightforward transition plan”… If one means a plan that provides that “Network ABC will transition on this date with this approach, and then Network JKL will transition using this approach, then network XYZ shall transition on this date, etc. ” then you are indeed correct – such a command-and-control approach is not "the Internet way", comrade.
If by “straightforward transition plan” one means a clear and rational set of options that allows networks to plan their own migration from IPv4-only to IPv6, while maintaining connectivity to IPv4-only hosts and with a level of effort reasonable comparable to just running IPv4, then I would disagree, as such an "IPng transition plan” was achievable, expected, and we collectively failed to deliver on it (as noted below)
The "Technical Criteria for Choosing IP The Next Generation (IPng)” [RFC1726] did have a specific requirement in this regard (see quoted section attached to this email), and that requirement postulated that “there will be IPv4 hosts on the Internet effectively forever. IPng must provide mechanisms to allow these hosts to communicate, even after IPng has become the dominant network layer protocol in the Internet.” It also noted that we must be able to run dual-stack with a comparable level of effort as IPv4-only, but that dual-stack alone was not sufficient and actual interoperability mechanisms would be required between IPv4 and IPng for IPng success.
The IPng recommendation [RFC 1752, https://datatracker.ietf.org/doc/html/rfc1752] proceeded with the SIPP proposal as the basis for IPv6, just noting some weakness with respect to satisfying this IPng transition requirement –
The biggest problem the reviewers had with SIPP was with IPAE, SIPP's transition plan. The overwhelming feeling was that IPAE is fatally flawed and could not be made to work reliably in an operational Internet.
The work to meet this requirement was punted to a newly-defined IETF IPng Transition (NGTRANS) Working Group - the working group was to design the mechanisms to necessary for a straightforward transition of the Internet from IPv4 to IPv6 and to give advice on what procedures and techniques are preferred. NGTRANS did define a set of dual-stack and tunneling solutions [RFC 4213], but didn’t get to actual interoperability mechanisms or clear roadmap of options that would have met IPng’s requirement for straightforward transition plan.
In fact, what happened instead is that dual-stack (aka “Ships in the Night” - both protocols should be able to run on the same host unaware of the others existence) ended up as the de facto IPv6 transition strategy, and anything more was left to be researcher/vendor/user defined… For those who want a really nice summary of the state of affairs on IPv6 transition around 2008 (more than 10 years after the IPng recommendation) I would suggest Geoff Huston’s "IPv6 Transition at IETF 72” summary in the IETF Journal <https://www.ietfjournal.org/ipv6-transition-at-ietf-72/> – as usual, Geoff does a great job with a rather complex topic.
So instead of having a clear & straightforward menu of options for network operators on how to deploy IPv6 in parallel in their network without breaking anything (i.e. a set of coherent strategies to choose from that would have constituted a “a straightforward transition plan”), we ended up with an explosion of transition approaches in various states of functionality, side-effects, and maturity – the exact opposite of what a network operator wants to face when considering transitioning their production network to IPv6. There was even an attempt to inventory the various solutions - https://www.ietf.org/archive/id/draft-jankiewicz-v6ops-v4v6biblio-03.txt – but keeping track of them all is akin to counting tribbles so I don’t believe it was ever published.
Luckily, necessity is the mother of invention, and those whose operators experiencing the most significant network growth have figured out the particular protocols and techniques necessary for their transition to IPv6. Of course, that also meant each operator and their vendors have to work out all of the inevitable interactions with other protocols, security aspects, etc. anew with their particular chosen approach and selected technologies – hence why even to this day there is not a standard “cookbook” or “straightforward transition plan” for networks on how to deploy IPv6. I’ll be the first to admit that there are many networks that have sufficient complexity or unique aspects that warrant their own custom plan for IPv6, but disbelieve that the majority of network operators could not benefit from a clear set of standardized transition approaches for IPv6 rollout. (Alas, Internet standards work has generally taken a “let a thousand flowers bloom” approach to such matters, despite the IPng requirement to the contrary.)
FYI, /John
==== Excerpt - "Technical Criteria for Choosing IP The Next Generation (IPng)” <https://datatracker.ietf.org/doc/html/rfc1726>
5.5 <https://datatracker.ietf.org/doc/html/rfc1726#section-5.5> Transition
CRITERION The protocol must have a straightforward transition plan from the current IPv4.
DISCUSSION A smooth, orderly, transition from IPv4 to IPng is needed. If we can't transition to the new protocol, then no matter how wonderful it is, we'll never get to it.
We believe that it is not possible to have a "flag-day" form of transition in which all hosts and routers must change over at once. The size, complexity, and distributed administration of the Internet make such a cutover impossible.
Rather, IPng will need to co-exist with IPv4 for some period of time. There are a number of ways to achieve this co-existence such as requiring hosts to support two stacks, converting between protocols, or using backward compatible extensions to IPv4. Each scheme has its strengths and weaknesses, which have to be weighed.
Furthermore, we note that, in all probability, there will be IPv4 hosts on the Internet effectively forever. IPng must provide mechanisms to allow these hosts to communicate, even after IPng has become the dominant network layer protocol in the Internet.
The absence of a rational and well-defined transition plan is not acceptable. Indeed, the difficulty of running a network that is transitioning from IPv4 to IPng must be minimized. (A good target is that running a mixed IPv4-IPng network should be no more and preferably less difficult than running IPv4 in parallel with existing non-IP protocols).
Furthermore, a network in transition must still be robust. IPng schemes which maximize stability and connectivity in mixed IPv4- IPng networks are preferred.
Finally, IPng is expected to evolve over time and therefore, it must be possible to have multiple versions of IPng, some in production use, some in experimental, developmental, or evaluation use, to coexist on the network. Transition plans must address this issue.
Partridge and Kastenholz [Page 12]
------------------------------
RFC 1726 <https://datatracker.ietf.org/doc/html/rfc1726> IPng Technical Criteria December 1994
The transition plan must address the following general areas of the Internet's infrastructure:
Host Protocols and Software Router Protocols and Software Security and Authentication Domain Name System Network Management Operations Tools (e.g., Ping and Traceroute) Operations and Administration procedures
The impact on protocols which use IP addresses as data (e.g., DNS, distributed file systems, SNMP and FTP) must be specifically addressed.
The transition plan should address the issue of cost distribution. That is, it should identify what tasks are required of the service providers, of the end users, of the backbones and so on.
Time Frame A transition plan is required immediately.
===
Noah - It was assumed that IPng would include a standard straightforward technological solution to support communication with IPv4 hosts – this was a defined hard requirement. This transition mechanism wasn’t available at the time of the selection of IPng, and instead was left as a future deliverable. The future deliverable was then abandoned, leaving transition mechanisms as an area where service providers had to fill in the gaps years later through their own efforts. The failure to deliver on a standard interoperability method to existing IPv4 hosts (something that major ISPs now commonly do today but only after a decade or so of their own work) is precisely why all early plans and assumptions about IPv6 deployment became moot. Your questions about IPv6 deployment assumptions is a question about assumptions that were known to be invalid the moment that we choose a new IP protocol that lacked the required interoperability. Thanks, /John p.s. Disclaimer: my views alone - objects in the past may be larger than they actually appear.
On Jan 11, 2023, at 6:11 PM, Noah <noah@neo.co.tz> wrote:
Hi John,
So, It was assumed that IPv4 depletion would effectively lead to the adoption of IPv6. This has not been the case in the last decade save for a very few countries in the world.
It was also assumed that IPv6 only networks would crop all over the place as a result, providing the same interconnectivity benefits enjoyed by the IPv4 internet.
Out of curiosity,did the emergency of transfer markets slow IPNG adoption while creating prolonged dependence on IPv4?
Cheers, ./noah
On Thu, Mar 24, 2022 at 4:03 PM John Curran <jcurran@istaff.org <mailto:jcurran@istaff.org>> wrote:
On 24 Mar 2022, at 5:19 AM, Mark Delany <k3f@november.emu.st <mailto:k3f@november.emu.st>> wrote:
On 24Mar22, Greg Skinner via NANOG allegedly wrote:
straightforward transition plan
in-hand working transition strategy
nor a straightforward transition
The words quoted above are mine, not Greg’s, so let’s send the blame in my direction not his… :-)
Any such "transition plan" whether "working" or "straightforward" is logically impossible.
That entirely depends on what is meant by “straightforward transition plan”… If one means a plan that provides that “Network ABC will transition on this date with this approach, and then Network JKL will transition using this approach, then network XYZ shall transition on this date, etc. ” then you are indeed correct – such a command-and-control approach is not "the Internet way", comrade.
If by “straightforward transition plan” one means a clear and rational set of options that allows networks to plan their own migration from IPv4-only to IPv6, while maintaining connectivity to IPv4-only hosts and with a level of effort reasonable comparable to just running IPv4, then I would disagree, as such an "IPng transition plan” was achievable, expected, and we collectively failed to deliver on it (as noted below)
The "Technical Criteria for Choosing IP The Next Generation (IPng)” [RFC1726] did have a specific requirement in this regard (see quoted section attached to this email), and that requirement postulated that “there will be IPv4 hosts on the Internet effectively forever. IPng must provide mechanisms to allow these hosts to communicate, even after IPng has become the dominant network layer protocol in the Internet.” It also noted that we must be able to run dual-stack with a comparable level of effort as IPv4-only, but that dual-stack alone was not sufficient and actual interoperability mechanisms would be required between IPv4 and IPng for IPng success.
The IPng recommendation [RFC 1752, https://datatracker.ietf.org/doc/html/rfc1752] <https://datatracker.ietf.org/doc/html/rfc1752%5D> proceeded with the SIPP proposal as the basis for IPv6, just noting some weakness with respect to satisfying this IPng transition requirement –
The biggest problem the reviewers had with SIPP was with IPAE, SIPP's transition plan. The overwhelming feeling was that IPAE is fatally flawed and could not be made to work reliably in an operational Internet.
The work to meet this requirement was punted to a newly-defined IETF IPng Transition (NGTRANS) Working Group - the working group was to design the mechanisms to necessary for a straightforward transition of the Internet from IPv4 to IPv6 and to give advice on what procedures and techniques are preferred. NGTRANS did define a set of dual-stack and tunneling solutions [RFC 4213], but didn’t get to actual interoperability mechanisms or clear roadmap of options that would have met IPng’s requirement for straightforward transition plan.
In fact, what happened instead is that dual-stack (aka “Ships in the Night” - both protocols should be able to run on the same host unaware of the others existence) ended up as the de facto IPv6 transition strategy, and anything more was left to be researcher/vendor/user defined… For those who want a really nice summary of the state of affairs on IPv6 transition around 2008 (more than 10 years after the IPng recommendation) I would suggest Geoff Huston’s "IPv6 Transition at IETF 72” summary in the IETF Journal <https://www.ietfjournal.org/ipv6-transition-at-ietf-72/> – as usual, Geoff does a great job with a rather complex topic.
So instead of having a clear & straightforward menu of options for network operators on how to deploy IPv6 in parallel in their network without breaking anything (i.e. a set of coherent strategies to choose from that would have constituted a “a straightforward transition plan”), we ended up with an explosion of transition approaches in various states of functionality, side-effects, and maturity – the exact opposite of what a network operator wants to face when considering transitioning their production network to IPv6. There was even an attempt to inventory the various solutions - https://www.ietf.org/archive/id/draft-jankiewicz-v6ops-v4v6biblio-03.txt – but keeping track of them all is akin to counting tribbles so I don’t believe it was ever published.
Luckily, necessity is the mother of invention, and those whose operators experiencing the most significant network growth have figured out the particular protocols and techniques necessary for their transition to IPv6. Of course, that also meant each operator and their vendors have to work out all of the inevitable interactions with other protocols, security aspects, etc. anew with their particular chosen approach and selected technologies – hence why even to this day there is not a standard “cookbook” or “straightforward transition plan” for networks on how to deploy IPv6. I’ll be the first to admit that there are many networks that have sufficient complexity or unique aspects that warrant their own custom plan for IPv6, but disbelieve that the majority of network operators could not benefit from a clear set of standardized transition approaches for IPv6 rollout. (Alas, Internet standards work has generally taken a “let a thousand flowers bloom” approach to such matters, despite the IPng requirement to the contrary.)
FYI, /John
==== Excerpt - "Technical Criteria for Choosing IP The Next Generation (IPng)” <https://datatracker.ietf.org/doc/html/rfc1726>
5.5 <https://datatracker.ietf.org/doc/html/rfc1726#section-5.5> Transition
CRITERION The protocol must have a straightforward transition plan from the current IPv4.
DISCUSSION A smooth, orderly, transition from IPv4 to IPng is needed. If we can't transition to the new protocol, then no matter how wonderful it is, we'll never get to it.
We believe that it is not possible to have a "flag-day" form of transition in which all hosts and routers must change over at once. The size, complexity, and distributed administration of the Internet make such a cutover impossible.
Rather, IPng will need to co-exist with IPv4 for some period of time. There are a number of ways to achieve this co-existence such as requiring hosts to support two stacks, converting between protocols, or using backward compatible extensions to IPv4. Each scheme has its strengths and weaknesses, which have to be weighed.
Furthermore, we note that, in all probability, there will be IPv4 hosts on the Internet effectively forever. IPng must provide mechanisms to allow these hosts to communicate, even after IPng has become the dominant network layer protocol in the Internet.
The absence of a rational and well-defined transition plan is not acceptable. Indeed, the difficulty of running a network that is transitioning from IPv4 to IPng must be minimized. (A good target is that running a mixed IPv4-IPng network should be no more and preferably less difficult than running IPv4 in parallel with existing non-IP protocols).
Furthermore, a network in transition must still be robust. IPng schemes which maximize stability and connectivity in mixed IPv4- IPng networks are preferred.
Finally, IPng is expected to evolve over time and therefore, it must be possible to have multiple versions of IPng, some in production use, some in experimental, developmental, or evaluation use, to coexist on the network. Transition plans must address this issue.
Partridge and Kastenholz [Page 12]
RFC 1726 <https://datatracker.ietf.org/doc/html/rfc1726> IPng Technical Criteria December 1994
The transition plan must address the following general areas of the Internet's infrastructure:
Host Protocols and Software Router Protocols and Software Security and Authentication Domain Name System Network Management Operations Tools (e.g., Ping and Traceroute) Operations and Administration procedures
The impact on protocols which use IP addresses as data (e.g., DNS, distributed file systems, SNMP and FTP) must be specifically addressed.
The transition plan should address the issue of cost distribution. That is, it should identify what tasks are required of the service providers, of the end users, of the backbones and so on.
Time Frame A transition plan is required immediately.
===
It was assumed that IPng would include a standard straightforward technological solution to support communication with IPv4 hosts – this was a defined hard requirement.
This transition mechanism wasn’t available at the time of the selection of IPng, and instead was left as a future deliverable.
three of the promises of ipng which ipv6 did not deliver o compatibility/transition, o security, and o routing & renumbering the real goal of those who made the ipv6 decision was to stop the press from screaming about the end of the internet. in this they succeeded. and the ops community has paid an insane penalty ere since. randy
Randy - Full agreement - nicely said. /John P.s disclaimer: my views alone - do not eat packet.
On Jan 11, 2023, at 7:10 PM, Randy Bush <randy@psg.com> wrote:
It was assumed that IPng would include a standard straightforward technological solution to support communication with IPv4 hosts – this was a defined hard requirement.
This transition mechanism wasn’t available at the time of the selection of IPng, and instead was left as a future deliverable.
three of the promises of ipng which ipv6 did not deliver o compatibility/transition, o security, and o routing & renumbering
the real goal of those who made the ipv6 decision was to stop the press from screaming about the end of the internet. in this they succeeded.
and the ops community has paid an insane penalty ere since.
randy
Randy Bush wrote:
three of the promises of ipng which ipv6 did not deliver o compatibility/transition, o security, and o routing & renumbering
You miss a promise of o ND over ATM/NBMA which caused IPv6 lack a notion of link broadcast. Masataka Ohta
Hello Masataka-san For that issue at least there was some effort. Though ATM and FR appear to be long gone, the problem got even worse with pseudo wires / overlays and wireless. It was tackled in the IoT community 10+ years ago and we ended up with RFC 8505 and 8928. This is implemented in LoWPAN devices and deployed by millions. Allowing IPv6 subnets of thousands on constrained radios. I spent a bit of time explaining the architecture issue (in mild terms) and solutions in https://datatracker.ietf.org/doc/html/draft-thubert-6man-ipv6-over-wireless-.... So far we failed to get those RFCs implemented on the major stacks for WiFi or Ethernet. There’s a new thread at IETF 6MAN just now on adopting just the draft above - not even the solution. It is facing the same old opposition from the same few and a lot of silence. Somehow the group can spend years of heated discussions figuring out if you can insert a header or how you can build a 64 bits IID, but looking at a fundamental architecture issue like the one you point out does not raise much interest. My suggestion is still to fix IPv6 as opposed to drop it, because I don’t see that we have another bullet to fire after that one. For that particular issue of fixing ND, new comments and support at the 6MAN on the draft above may help. All the best; Pascal Le 12 janv. 2023 à 05:34, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> a écrit : Randy Bush wrote: three of the promises of ipng which ipv6 did not deliver o compatibility/transition, o security, and o routing & renumbering You miss a promise of o ND over ATM/NBMA which caused IPv6 lack a notion of link broadcast. Masataka Ohta
Pascal Thubert (pthubert) wrote: Hi,
For that issue at least there was some effort. Though ATM and FR appear to be long gone, the problem got even worse with pseudo wires / overlays and wireless.
It was tackled in the IoT community 10+ years ago and we ended up with RFC 8505 and 8928. This is implemented in LoWPAN devices and deployed by millions. Allowing IPv6 subnets of thousands on constrained radios.
When I mentioned a problem for the first time in IPng or IPv6 (I can't find any archive, are there any?) list, Christian Huitema mentioned it could be solved by ND over NBMA but the problem is not NB but broadcast of Wifi is unreliable. As such, the solutions should be based on a fact that repeated unreliable broadcast is reliable.
I spent a bit of time explaining the architecture issue (in mild terms) and solutions in https://datatracker.ietf.org/doc/html/draft-thubert-6man-ipv6-over-wireless-....
Though you wrote in the draft: Reducing the speed at the physical (PHY) layer for broadcast transmissions can increase the reliability longer packets mean more collision (with hidden terminals) probability and less reliability. A link broadcast domain must be same for all the members of the link and should be defined as set of terminals which can receive broadcast from a central station (or, stations) with certain probability, which is why Wifi broadcast is relayed by a central station.
So far we failed to get those RFCs implemented on the major stacks for WiFi or Ethernet.
Ethernet? Even though its broadcast is reliable? Though Wifi bridged by Ethernet may have its own problems, they are Wifi-specific problems.
There’s a new thread at IETF 6MAN just now on adopting just the draft above - not even the solution. It is facing the same old opposition from the same few and a lot of silence.
You can't expect people still insisting on IPv6 as is much.
My suggestion is still to fix IPv6 as opposed to drop it, because I don’t see that we have another bullet to fire after that one. For that particular issue of fixing ND, new comments and support at the 6MAN on the draft above may help.
It may be more constructive to work for proxy ARP suitable for Wifi, which may be enforced by Wifi alliance. An RFC may be published if Wifi industry request IETF to do so. Masataka Ohta
Hello Masataka-san
When I mentioned a problem for the first time in IPng or IPv6 (I can't find any archive, are there any?) list, Christian Huitema mentioned it could be solved by ND over NBMA but the problem is not NB but broadcast of Wifi is unreliable.
As such, the solutions should be based on a fact that repeated unreliable broadcast is reliable.
Solutions must first avoid broadcast as much as possible, because there's also the cost of it. There's a scale where it hurts any network, and repeating them even more cannot be the answer. And then, I agree with you completely, whatever is broadcast (e.g., beacons for initial discovery) is repeated and, not expected to be reliable. This is in essence RFC 8505. Then you want zerotrust, ND is so easy to attack from inside and even outside. This is RFC 8928.
Reducing the speed at the physical (PHY) layer for broadcast transmissions can increase the reliability
longer packets mean more collision (with hidden terminals) probability and less reliability.
Agreed. The draft tries to look at all angles. It is certainly not pleading to use broadcast. It is pleading to deprecate ND because of its use of broadcast even on networks where it plain does not work. In practice today, DAD is a joke on any large wireless fabric and still you see all those broadcasts in the air. Save the planet!
So far we failed to get those RFCs implemented on the major stacks for WiFi or Ethernet.
Ethernet? Even though its broadcast is reliable?
Ethernet is enterprise networks is largely virtualized. We cannot offer fast and reliable broadcast services on a worldwide overlay. If we filter BUM we end up with so-called "silent nodes" that are effectively disconnected. If we try and serve them broadcast storms are a visible penalty on the overlay. Add to that the desire by the device to own more and more addresses. You end up in a situation where the devices thinks the own an address and are reachable at that address but in fact the network will not serve that address because 1) it missed the creation (a snooped DAD?), 2) it has forgotten about it, or 3) the max count of addresses that the network maintains per host is passed. Note that 3) may be reached because the network ignores that the host deprecated one of the addresses. You want a contract between that the host and the network that the host owns an address and is reachable at that address. Like any contract, that must be a negotiation. ND is not like that. RFC 8505 is exactly that.
It may be more constructive to work for proxy ARP suitable for Wifi, which may be enforced by Wifi alliance. An RFC may be published if Wifi industry request IETF to do so.
This is effectively done already for ND. The draft text in .11me recommends RFC 8929 as the ND proxy. 802.11md had it already since the Bangkok meeting but at the time of the freeze, RFC 8929 was still a draft and the text was removed at the last minute. RFC 8929 describes how RFC 8505 can be used buy the STA to negotiate a contract with the AP so the AP does ND proxy. Then the draft discusses how the AP represents the STA over the wired backbone, how mobility is handled, etc... I guess the design can be easily retrofitted to ARP. ND is really designed exactly as ARP. The differences were for the show, the real steps that should have been made were not. But now with RFC 8505 we have a modern solution. The problem is no more on the standard side, it is adoption. People will not move if it does not hurt enough. And they can bear a lot. All the best Pascal
-----Original Message----- From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Sent: vendredi 13 janvier 2023 6:36 To: Pascal Thubert (pthubert) <pthubert@cisco.com>; nanog@nanog.org Subject: Re: A straightforward transition plan (was: Re: V6 still not supported)
Pascal Thubert (pthubert) wrote:
Hi,
For that issue at least there was some effort. Though ATM and FR appear to be long gone, the problem got even worse with pseudo wires / overlays and wireless.
It was tackled in the IoT community 10+ years ago and we ended up with RFC 8505 and 8928. This is implemented in LoWPAN devices and deployed by millions. Allowing IPv6 subnets of thousands on constrained radios.
When I mentioned a problem for the first time in IPng or IPv6 (I can't find any archive, are there any?) list, Christian Huitema mentioned it could be solved by ND over NBMA but the problem is not NB but broadcast of Wifi is unreliable.
As such, the solutions should be based on a fact that repeated unreliable broadcast is reliable.
I spent a bit of time explaining the architecture issue (in mild terms) and solutions in https://datatracker.ietf.org/doc/html/draft-thubert-6man-ipv6-over- wireless-12.
Though you wrote in the draft:
Reducing the speed at the physical (PHY) layer for broadcast transmissions can increase the reliability
longer packets mean more collision (with hidden terminals) probability and less reliability.
A link broadcast domain must be same for all the members of the link and should be defined as set of terminals which can receive broadcast from a central station (or, stations) with certain probability, which is why Wifi broadcast is relayed by a central station.
So far we failed to get those RFCs implemented on the major stacks for WiFi or Ethernet.
Ethernet? Even though its broadcast is reliable?
Though Wifi bridged by Ethernet may have its own problems, they are Wifi-specific problems.
There’s a new thread at IETF 6MAN just now on adopting just the draft above - not even the solution. It is facing the same old opposition from the same few and a lot of silence.
You can't expect people still insisting on IPv6 as is much.
My suggestion is still to fix IPv6 as opposed to drop it, because I don’t see that we have another bullet to fire after that one. For that particular issue of fixing ND, new comments and support at the 6MAN on the draft above may help.
It may be more constructive to work for proxy ARP suitable for Wifi, which may be enforced by Wifi alliance. An RFC may be published if Wifi industry request IETF to do so.
Masataka Ohta
Pascal Thubert (pthubert) wrote: Hi,
Solutions must first avoid broadcast as much as possible, because there's also the cost of it.
Though I'm not saying all the broadcast must be repeated, if you think moderate broadcast is costly, just say, CATENET. I remember old days when entire network of CERN with thousands of hosts was managed to be a single Ethernet several years after we learned dividing network by routers can prevent various problems caused by broadcast. It was, at least partly, because operating multi-protocol routers is painful. Unlike most sites at that time, non IP protocols such as DECnet was popular at CERN. As IPv4 became dominant, problems went away.
Then you want zerotrust, ND is so easy to attack from inside and even outside. This is RFC 8928.
As many people are saying zerotrust relying on PKI, which blindly trust CAs as TPPs (trusted third parties), which are confirmed-to-be-untrustworthy third parties by Diginotar, zerotrust is not very meaningful beyond marketing hype. Anyway, relying on link broadcast implies that the link is trusted to some extent, which is not ND specific.
Ethernet is enterprise networks is largely virtualized. We cannot offer fast and reliable broadcast services on a worldwide overlay.
Unlike CERN in the past, today, I can see no point to have large Ethernet, though some operators may be hyped to deploy expensive service of telco for nothing.
Add to that the desire by the device to own more and more addresses.
What? How can it happen with IPv4?
You want a contract between that the host and the network that the host owns an address and is reachable at that address. Like any contract, that must be a negotiation. ND is not like that. RFC 8505 is exactly that.
Ignoring poor IPv6, I'm afraid it a property of not ARP but DHCP.
It may be more constructive to work for proxy ARP suitable for Wifi, which may be enforced by Wifi alliance. An RFC may be published if Wifi industry request IETF to do so.
This is effectively done already for ND.
I agree with you but my point is that it is more constructive for ARP.
I guess the design can be easily retrofitted to ARP. ND is really designed exactly as ARP. The differences were for the show, the real steps that should have been made were not. But now with RFC 8505 we have a modern solution. The problem is no more on the standard side, it is adoption. People will not move if it does not hurt enough. And they can bear a lot.
But, for adoption, some formal document, not necessarily a (standard track) rfc, is necessary. Masataka Ohta
The comment looks outdated: Who cares now about ATM? But all wireless (including WiFi) emulate broadcast in a very unsatisfactory way. Hence, the requirement is still very accurate. -----Original Message----- From: NANOG [mailto:nanog-bounces+vasilenko.eduard=huawei.com@nanog.org] On Behalf Of Masataka Ohta Sent: Thursday, January 12, 2023 7:32 AM To: nanog@nanog.org Subject: Re: A straightforward transition plan (was: Re: V6 still not supported) Randy Bush wrote:
three of the promises of ipng which ipv6 did not deliver o compatibility/transition, o security, and o routing & renumbering
You miss a promise of o ND over ATM/NBMA which caused IPv6 lack a notion of link broadcast. Masataka Ohta
On Wed, Jan 11, 2023 at 11:16 PM Vasilenko Eduard via NANOG <nanog@nanog.org> wrote:
The comment looks outdated: Who cares now about ATM?
You may have missed the sarcasm. The 1995 Addison Wesley IPng book spends pages and pages talking about potential IPv6 use in the Navy and interoperability with ATM before it gets around to discussing IPv6 in the enterprise and acceptance on the general Internet. It's an understatement to say their priorities were out of whack. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
On January 12, 2023 at 02:11 noah@neo.co.tz (Noah) wrote:
Hi John,
So, It was assumed that IPv4 depletion would effectively lead to the adoption of IPv6. This has not been the case in the last decade save for a very few countries in the world.
It was also assumed that IPv6 only networks would crop all over the place as a result, providing the same interconnectivity benefits enjoyed by the IPv4 internet.
Out of curiosity,did the emergency of transfer markets slow IPNG adoption while creating prolonged dependence on IPv4?
Probably ten people have said this already but it was more likely due to the success of CGNAT. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
Dear BZS: 1) " ... it was more likely due to the success of CGNAT.": Looking forward from this milestone marker, what would you envision as the possible additions to CG-NAT's characteristics and capabilities for the potential expansion of its services and enhancement to its performances? Thanks, Abe (2023-01-16 10:22) On 2023-01-11 19:33, bzs@theworld.com wrote:
On January 12, 2023 at 02:11noah@neo.co.tz (Noah) wrote:
Hi John,
So, It was assumed that IPv4 depletion would effectively lead to the adoption of IPv6. This has not been the case in the last decade save for a very few countries in the world.
It was also assumed that IPv6 only networks would crop all over the place as a result, providing the same interconnectivity benefits enjoyed by the IPv4 internet.
Out of curiosity,did the emergency of transfer markets slow IPNG adoption while creating prolonged dependence on IPv4?
Probably ten people have said this already but it was more likely due to the success of CGNAT.
-- This email has been checked for viruses by Avast antivirus software. www.avast.com
John Curran wrote:
The fact that the majority of the network operators don’t use IPv6 is irrelevant under such victory conditions,
Then, let's have a victory condition for IPv6 that no one use IPv6 is the victory and all of us are happy. Masataka Ohta
I see the same thing from the other side, being a S/W developer for switching and routing boxes since the early 90's. The PM barrier is a high wall indeed. And yet some techs succeed to pass it. What I'm arguing is that we can pass that wall if we work together with the same objective. I've been monitoring this list for a while, very insightful, very happy with what I learn in the process. But here I feel compelled to react. I read that IPv6 did not succeed in 25 years. But unless I miss something, complaining did not succeed either, did it? My frustration is that indeed (as a dev guy) we have been trying hard to serve users our best. We proposed a number of things in the IPv4 evolution direction that I see being asked on this list. For larger IPv4 space and smooth migration, I'm personally fond of the IP-in-IP variation that filed in 20+ years ago as US patent 7,356,031. Basically we reserve a /8, say, since it is so popular at this time, 240.0.0./8, and make it the "elevator shaft" between IPv4 realms. Say the current IPv4 Internet is realm 1, that Internet would have IP address 240.0.0.1/8 in the shaft, and would continue operating as is, without a change in hosts and routers for traffic staying inside the current Internet. Now say China builds realm 2; that Internet would have IP address 240.0.0.2/8 in the shaft. A host in the Internet that wants to talk to a host in China would require an update to parse new DNS double-A (realm, address) records to encapsulate the packet IP-in-IP, outer src= 240.0.0.1 outer dest=240.0.0.2. The router that serves the shaft at level 1 attracts 240.0.0.0/8 within realm 1 and routes up the elevator for more specific (host) routes within that prefix. The router that serves the shaft at level 2 attracts 240.0.0.2/32 inside the shaft; upon the said packet it would swap the inner and outer destination and the packet would reach the Chinese address with classical routing within realm 2. Routers serving the shaft need an update, but then, only those do. Obviously the host in China can only reply if its stack is updated to understand the format. But all the other hosts and routers in China can be classical IPv4 as we know them long as their traffic stays in China. To migrate to IPv6 what you can do is map the elevator shaft prefix in, say, 400::/3 (sadly cannot use F00/3 that would map 240 neatly but is already assigned). The current internet would own 400:1::/32, China would own 400:2::/32, etc... You encode the double-A of the host in the prefix, reserve a well known suffix for IPv4 mapped double-A, and you have an IPv6 address that can be mapped both ways statelessly. When migrating to v6, each IPv4 node that owns a public IPv4 address in one realm gets a full IPv6 /64 for free. This kind of ideas have existed for long but apparently did not meet their public. So we tried evolving IPv6 instead. And we did. I've witnessed deep evolution in networking technology with, e.g., IoT and SRv6. I've seen both being despised on this list and I'm not asking for more fuel on that fire. I just want to use these techs as a proof that evolution is indeed possible, that it happens in the context of IPv6, and that done in your direction it could make some folks happier than the current state of affairs. On the side, since I see the name, please consider that Cisco ships both techs above, so it is indeed capable of risk taking, the PM wall can indeed be passed, as long as there's enough pressure from both side. For those interested, I'd be happy to chat on how IPv6 ND has evolved (on paper) but is stuck behind the PM wall as well. Keep safe; Pascal Message-----
From: NANOG <nanog-bounces+pthubert=cisco.com@nanog.org> On Behalf Of Michael Thomas Sent: mardi 22 mars 2022 22:37 To: nanog@nanog.org Subject: Re: V6 still not supported
On 3/22/22 5:45 AM, Randy Bush wrote:
john,
fwiw your story matches what is left of my memory. one nuance
That’s not to say that there wasn’t "IETF politics” involved, but rather that such politics were expressed as enormous pressure to “make a decision” my take was that cidr had done a lot to relieve the immediate technical pressure for the short term; but there was a deep fear that the industry press was stirring a major poolpah about the end of the internet due to ipv4 exhaustion. i.e. a seriously flawed technical compromise was pushed on us in reaction to a perception of bad press.
i have learned that, when i am under great pressure to DO SOMETHING, it's time to step back, go make a cup of tea, and think. the ietf did not. and here we are, a quarter of a century later, still trying to clean up the mess.
So are you saying that an ipng that came out in, say, 2000 which was according to you was vastly superior having taken the time to get it right would have had any better chance of being adopted? My experience with Cisco product managers at the time is that they couldn't give a shit about the technical aspects of an ipng. If their silicon forwarding couldn't handle it, they weren't interested unless customers were clamoring for it. I can't see how that negative feedback loop could have ever been prevented other than other ipng being done in, oh say, 1993 when it was all still software forwarding.
Mike
Dear Pascal: 0) So glad to see your recount of the history and the analysis! 1) We have recently formulated a proposal called EzIP (Phonetic for Easy IPv4) that is very much along the line of what you just described below, but with a few twists. I browsed through US patent 7,356,031, but failed to spot the key word "240. It appears to me that it was more a general concept than practice. Did you submit a draft on your work to IETF? Perhaps due to these, our (including patent examiner's) prior art search never came across your work. Although, your patent was granted in the same year as the Normative Reference [2] of our IETF draft. Please have a quick read of the below whitepaper. It provides you an overview of EzIP as well as references to US Pat. No.11,159,425, the current IETF draft and a feasibility demonstration setup. https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf 2) Here is a few quick comparisons between our two teams' work and the outline of EzIP benefits: A. Your "Realm" is very much equivalent to our RAN (Regional Area Network). However, instead of utilizing 240.0.0/8, we propose to use the full 240/4 each to maximize its effectiveness. Each RAN can serve up to 39M population as large as Tokyo Metro, even before utilizing the three private netblocks. B. Your "Elevator Shaft" making use of part of the 240/4 pool is equivalent to our single IPv4 public address to tether a RAN from the Internet core. Ours is a "micro" building block approach that provides more flexibility. For example, up to 75% of the smaller countries around the world need only one IPv4 each to achieve the "Elevator Shaft" configuration. C. Your "Inter-Realm Router" is simply the current Internet core routers in the EzIP scheme. D. Instead of proposing any modification to the IP packet header, EzIP can deploy within the capability of the RFC791. That is, when inter-RAN traffic is needed, the Option Word mechanism is activated to carry the 240/4 addresses within the RAN, leaving the basic source and destination address fields to carry the public IPv4 addresses of the RANs at either end. E. EzIP implementation is very straightforward. We have identified at least one case that only requires "*/disabling/* the program code that has been */disabling/* the use of the 240/4 netblock". With your software expertise, you likely know other configurations. F. EzIP essentially proposes to expand the address pool currently used by CG-NAT without any hardware change. In addition, the simplification in administrating the 240/4 addresses deterministically can mitigate the root cause to the cyber insecurity, thus reducing the OpEx. G. Treating 240/4 as the fourth netblock in RFC1918 allows the RAN to operate pretty much independent of the Internet core. On the other hand, being rejected by current routers enables RANs to be deployed worldwide by themselves without interference in either direction. This forms an */overlay /*network providing Internet-like services while having individualized flexibility per RAN. H. As more and more RANs are deployed, there will be increasing number of IPv4 public addresses becoming "spares". Each can support one RAN to serve other purposes, such as true test beds for experimenting new protocols. I. There probably are a few more parallelisms that we can identify, as we discuss more. I look forward to your thoughts and critiques. Regards, Abe (2022-03-23 11:59 EDT) On 2022-03-23 05:01, Pascal Thubert (pthubert) via NANOG wrote:
I see the same thing from the other side, being a S/W developer for switching and routing boxes since the early 90's. The PM barrier is a high wall indeed. And yet some techs succeed to pass it. What I'm arguing is that we can pass that wall if we work together with the same objective.
I've been monitoring this list for a while, very insightful, very happy with what I learn in the process. But here I feel compelled to react. I read that IPv6 did not succeed in 25 years. But unless I miss something, complaining did not succeed either, did it?
My frustration is that indeed (as a dev guy) we have been trying hard to serve users our best. We proposed a number of things in the IPv4 evolution direction that I see being asked on this list. For larger IPv4 space and smooth migration, I'm personally fond of the IP-in-IP variation that filed in 20+ years ago as US patent 7,356,031. Basically we reserve a /8, say, since it is so popular at this time, 240.0.0./8, and make it the "elevator shaft" between IPv4 realms. Say the current IPv4 Internet is realm 1, that Internet would have IP address 240.0.0.1/8 in the shaft, and would continue operating as is, without a change in hosts and routers for traffic staying inside the current Internet. Now say China builds realm 2; that Internet would have IP address 240.0.0.2/8 in the shaft. A host in the Internet that wants to talk to a host in China would require an update to parse new DNS double-A (realm, address) records to encapsulate the packet IP-in-IP, outer src= 240.0.0.1 outer dest=240.0.0.2. The router that serves the shaft at level 1 attracts 240.0.0.0/8 within realm 1 and routes up the elevator for more specific (host) routes within that prefix. The router that serves the shaft at level 2 attracts 240.0.0.2/32 inside the shaft; upon the said packet it would swap the inner and outer destination and the packet would reach the Chinese address with classical routing within realm 2. Routers serving the shaft need an update, but then, only those do. Obviously the host in China can only reply if its stack is updated to understand the format. But all the other hosts and routers in China can be classical IPv4 as we know them long as their traffic stays in China. To migrate to IPv6 what you can do is map the elevator shaft prefix in, say, 400::/3 (sadly cannot use F00/3 that would map 240 neatly but is already assigned). The current internet would own 400:1::/32, China would own 400:2::/32, etc... You encode the double-A of the host in the prefix, reserve a well known suffix for IPv4 mapped double-A, and you have an IPv6 address that can be mapped both ways statelessly. When migrating to v6, each IPv4 node that owns a public IPv4 address in one realm gets a full IPv6 /64 for free.
This kind of ideas have existed for long but apparently did not meet their public.
So we tried evolving IPv6 instead. And we did. I've witnessed deep evolution in networking technology with, e.g., IoT and SRv6. I've seen both being despised on this list and I'm not asking for more fuel on that fire. I just want to use these techs as a proof that evolution is indeed possible, that it happens in the context of IPv6, and that done in your direction it could make some folks happier than the current state of affairs. On the side, since I see the name, please consider that Cisco ships both techs above, so it is indeed capable of risk taking, the PM wall can indeed be passed, as long as there's enough pressure from both side.
For those interested, I'd be happy to chat on how IPv6 ND has evolved (on paper) but is stuck behind the PM wall as well.
Keep safe;
Pascal
Message-----
From: NANOG<nanog-bounces+pthubert=cisco.com@nanog.org> On Behalf Of Michael Thomas Sent: mardi 22 mars 2022 22:37 To:nanog@nanog.org Subject: Re: V6 still not supported
On 3/22/22 5:45 AM, Randy Bush wrote:
john,
fwiw your story matches what is left of my memory. one nuance
That’s not to say that there wasn’t "IETF politics” involved, but rather that such politics were expressed as enormous pressure to “make a decision” my take was that cidr had done a lot to relieve the immediate technical pressure for the short term; but there was a deep fear that the industry press was stirring a major poolpah about the end of the internet due to ipv4 exhaustion. i.e. a seriously flawed technical compromise was pushed on us in reaction to a perception of bad press.
i have learned that, when i am under great pressure to DO SOMETHING, it's time to step back, go make a cup of tea, and think. the ietf did not. and here we are, a quarter of a century later, still trying to clean up the mess.
So are you saying that an ipng that came out in, say, 2000 which was according to you was vastly superior having taken the time to get it right would have had any better chance of being adopted? My experience with Cisco product managers at the time is that they couldn't give a shit about the technical aspects of an ipng. If their silicon forwarding couldn't handle it, they weren't interested unless customers were clamoring for it. I can't see how that negative feedback loop could have ever been prevented other than other ipng being done in, oh say, 1993 when it was all still software forwarding.
Mike
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Dear Abe: Neat 😊 Did you propose this work at a WG in Vienna this week? Just a few points: * I coined the term elevator shaft for the description below. I just thought that it may help visualize this story; figuring the Internet as a 2-D flat in a building, and the special prefix bring a 3rd dimension to interconnect levels as an elevator shaft does in the building. The 20 year old IPR did not use that term or that example, it was more generic than that, but the lawyer language is hard to parse for the rest of us so I paraphrased and exemplified. * And I just picked 240.0.0.0/8 as an example to show that you can easily build 1000000 parallel Internets because it was discussed in another thread that would provide a lot less value off it, which may hint that the way we use that prefix should be thought carefully. * Now that you’re aware of the possible prior art, I believe you are required by law to notify the USPTO so they determine what to do with the reference. Sorry for the hassle. * I guess we need to continue that discussion on an IETF ML rather than here, unless people in the list ask for more. I’ll read with interest the details of your proposal. The bottom line for NANOG is that the dev guys are willing to help, whether by evolving IPv6 or proposing IPv4 ideas like the ones below. But we need push / support from your side to pass the PM bar. Keep safe; Pascal From: Abraham Y. Chen <aychen@avinta.com> Sent: mercredi 23 mars 2022 16:59 To: Pascal Thubert (pthubert) <pthubert@cisco.com> Cc: Michael Thomas <mike@mtcc.com>; nanog@nanog.org Subject: Re: V6 still not supported Re: 202203231017.AYC Dear Pascal: 0) So glad to see your recount of the history and the analysis! 1) We have recently formulated a proposal called EzIP (Phonetic for Easy IPv4) that is very much along the line of what you just described below, but with a few twists. I browsed through US patent 7,356,031, but failed to spot the key word "240. It appears to me that it was more a general concept than practice. Did you submit a draft on your work to IETF? Perhaps due to these, our (including patent examiner's) prior art search never came across your work. Although, your patent was granted in the same year as the Normative Reference [2] of our IETF draft. Please have a quick read of the below whitepaper. It provides you an overview of EzIP as well as references to US Pat. No. 11,159,425, the current IETF draft and a feasibility demonstration setup. https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf 2) Here is a few quick comparisons between our two teams' work and the outline of EzIP benefits: A. Your "Realm" is very much equivalent to our RAN (Regional Area Network). However, instead of utilizing 240.0.0/8, we propose to use the full 240/4 each to maximize its effectiveness. Each RAN can serve up to 39M population as large as Tokyo Metro, even before utilizing the three private netblocks. B. Your "Elevator Shaft" making use of part of the 240/4 pool is equivalent to our single IPv4 public address to tether a RAN from the Internet core. Ours is a "micro" building block approach that provides more flexibility. For example, up to 75% of the smaller countries around the world need only one IPv4 each to achieve the "Elevator Shaft" configuration. C. Your "Inter-Realm Router" is simply the current Internet core routers in the EzIP scheme. D. Instead of proposing any modification to the IP packet header, EzIP can deploy within the capability of the RFC791. That is, when inter-RAN traffic is needed, the Option Word mechanism is activated to carry the 240/4 addresses within the RAN, leaving the basic source and destination address fields to carry the public IPv4 addresses of the RANs at either end. E. EzIP implementation is very straightforward. We have identified at least one case that only requires "disabling the program code that has been disabling the use of the 240/4 netblock". With your software expertise, you likely know other configurations. F. EzIP essentially proposes to expand the address pool currently used by CG-NAT without any hardware change. In addition, the simplification in administrating the 240/4 addresses deterministically can mitigate the root cause to the cyber insecurity, thus reducing the OpEx. G. Treating 240/4 as the fourth netblock in RFC1918 allows the RAN to operate pretty much independent of the Internet core. On the other hand, being rejected by current routers enables RANs to be deployed worldwide by themselves without interference in either direction. This forms an overlay network providing Internet-like services while having individualized flexibility per RAN. H. As more and more RANs are deployed, there will be increasing number of IPv4 public addresses becoming "spares". Each can support one RAN to serve other purposes, such as true test beds for experimenting new protocols. I. There probably are a few more parallelisms that we can identify, as we discuss more. I look forward to your thoughts and critiques. Regards, Abe (2022-03-23 11:59 EDT) On 2022-03-23 05:01, Pascal Thubert (pthubert) via NANOG wrote: I see the same thing from the other side, being a S/W developer for switching and routing boxes since the early 90's. The PM barrier is a high wall indeed. And yet some techs succeed to pass it. What I'm arguing is that we can pass that wall if we work together with the same objective. I've been monitoring this list for a while, very insightful, very happy with what I learn in the process. But here I feel compelled to react. I read that IPv6 did not succeed in 25 years. But unless I miss something, complaining did not succeed either, did it? My frustration is that indeed (as a dev guy) we have been trying hard to serve users our best. We proposed a number of things in the IPv4 evolution direction that I see being asked on this list. For larger IPv4 space and smooth migration, I'm personally fond of the IP-in-IP variation that filed in 20+ years ago as US patent 7,356,031. Basically we reserve a /8, say, since it is so popular at this time, 240.0.0./8, and make it the "elevator shaft" between IPv4 realms. Say the current IPv4 Internet is realm 1, that Internet would have IP address 240.0.0.1/8 in the shaft, and would continue operating as is, without a change in hosts and routers for traffic staying inside the current Internet. Now say China builds realm 2; that Internet would have IP address 240.0.0.2/8 in the shaft. A host in the Internet that wants to talk to a host in China would require an update to parse new DNS double-A (realm, address) records to encapsulate the packet IP-in-IP, outer src= 240.0.0.1 outer dest=240.0.0.2. The router that serves the shaft at level 1 attracts 240.0.0.0/8 within realm 1 and routes up the elevator for more specific (host) routes within that prefix. The router that serves the shaft at level 2 attracts 240.0.0.2/32 inside the shaft; upon the said packet it would swap the inner and outer destination and the packet would reach the Chinese address with classical routing within realm 2. Routers serving the shaft need an update, but then, only those do. Obviously the host in China can only reply if its stack is updated to understand the format. But all the other hosts and routers in China can be classical IPv4 as we know them long as their traffic stays in China. To migrate to IPv6 what you can do is map the elevator shaft prefix in, say, 400::/3 (sadly cannot use F00/3 that would map 240 neatly but is already assigned). The current internet would own 400:1::/32, China would own 400:2::/32, etc... You encode the double-A of the host in the prefix, reserve a well known suffix for IPv4 mapped double-A, and you have an IPv6 address that can be mapped both ways statelessly. When migrating to v6, each IPv4 node that owns a public IPv4 address in one realm gets a full IPv6 /64 for free. This kind of ideas have existed for long but apparently did not meet their public. So we tried evolving IPv6 instead. And we did. I've witnessed deep evolution in networking technology with, e.g., IoT and SRv6. I've seen both being despised on this list and I'm not asking for more fuel on that fire. I just want to use these techs as a proof that evolution is indeed possible, that it happens in the context of IPv6, and that done in your direction it could make some folks happier than the current state of affairs. On the side, since I see the name, please consider that Cisco ships both techs above, so it is indeed capable of risk taking, the PM wall can indeed be passed, as long as there's enough pressure from both side. For those interested, I'd be happy to chat on how IPv6 ND has evolved (on paper) but is stuck behind the PM wall as well. Keep safe; Pascal Message----- From: NANOG <nanog-bounces+pthubert=cisco.com@nanog.org><mailto:nanog-bounces+pthubert=cisco.com@nanog.org> On Behalf Of Michael Thomas Sent: mardi 22 mars 2022 22:37 To: nanog@nanog.org<mailto:nanog@nanog.org> Subject: Re: V6 still not supported On 3/22/22 5:45 AM, Randy Bush wrote: john, fwiw your story matches what is left of my memory. one nuance That’s not to say that there wasn’t "IETF politics” involved, but rather that such politics were expressed as enormous pressure to “make a decision” my take was that cidr had done a lot to relieve the immediate technical pressure for the short term; but there was a deep fear that the industry press was stirring a major poolpah about the end of the internet due to ipv4 exhaustion. i.e. a seriously flawed technical compromise was pushed on us in reaction to a perception of bad press. i have learned that, when i am under great pressure to DO SOMETHING, it's time to step back, go make a cup of tea, and think. the ietf did not. and here we are, a quarter of a century later, still trying to clean up the mess. So are you saying that an ipng that came out in, say, 2000 which was according to you was vastly superior having taken the time to get it right would have had any better chance of being adopted? My experience with Cisco product managers at the time is that they couldn't give a shit about the technical aspects of an ipng. If their silicon forwarding couldn't handle it, they weren't interested unless customers were clamoring for it. I can't see how that negative feedback loop could have ever been prevented other than other ipng being done in, oh say, 1993 when it was all still software forwarding. Mike [Image removed by sender.]<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon> Virus-free. www.avast.com<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link>
*********** Resend to go through NANOG ************ On 2022-03-23 11:59, Abraham Y. Chen wrote:
Dear Pascal:
0) So glad to see your recount of the history and the analysis!
1) We have recently formulated a proposal called EzIP (Phonetic for Easy IPv4) that is very much along the line of what you just described below, but with a few twists. I browsed through US patent 7,356,031, but failed to spot the key word "240. It appears to me that it was more a general concept than practice. Did you submit a draft on your work to IETF? Perhaps due to these, our (including patent examiner's) prior art search never came across your work. Although, your patent was granted in the same year as the Normative Reference [2] of our IETF draft. Please have a quick read of the below whitepaper. It provides you an overview of EzIP as well as references to US Pat. No.11,159,425, the current IETF draft and a feasibility demonstration setup.
https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf
2) Here is a few quick comparisons between our two teams' work and the outline of EzIP benefits:
A. Your "Realm" is very much equivalent to our RAN (Regional Area Network). However, instead of utilizing 240.0.0/8, we propose to use the full 240/4 each to maximize its effectiveness. Each RAN can serve up to 39M population as large as Tokyo Metro, even before utilizing the three private netblocks.
B. Your "Elevator Shaft" making use of part of the 240/4 pool is equivalent to our single IPv4 public address to tether a RAN from the Internet core. Ours is a "micro" building block approach that provides more flexibility. For example, up to 75% of the smaller countries around the world need only one IPv4 each to achieve the "Elevator Shaft" configuration. C. Your "Inter-Realm Router" is simply the current Internet core routers in the EzIP scheme.
D. Instead of proposing any modification to the IP packet header, EzIP can deploy within the capability of the RFC791. That is, when inter-RAN traffic is needed, the Option Word mechanism is activated to carry the 240/4 addresses within the RAN, leaving the basic source and destination address fields to carry the public IPv4 addresses of the RANs at either end.
E. EzIP implementation is very straightforward. We have identified at least one case that only requires "*/disabling/* the program code that has been */disabling/* the use of the 240/4 netblock". With your software expertise, you likely know other configurations.
F. EzIP essentially proposes to expand the address pool currently used by CG-NAT without any hardware change. In addition, the simplification in administrating the 240/4 addresses deterministically can mitigate the root cause to the cyber insecurity, thus reducing the OpEx.
G. Treating 240/4 as the fourth netblock in RFC1918 allows the RAN to operate pretty much independent of the Internet core. On the other hand, being rejected by current routers enables RANs to be deployed worldwide by themselves without interference in either direction. This forms an */overlay /*network providing Internet-like services while having individualized flexibility per RAN.
H. As more and more RANs are deployed, there will be increasing number of IPv4 public addresses becoming "spares". Each can support one RAN to serve other purposes, such as true test beds for experimenting new protocols.
I. There probably are a few more parallelisms that we can identify, as we discuss more.
I look forward to your thoughts and critiques.
Regards,
Abe (2022-03-23 11:59 EDT)
On 2022-03-23 05:01, Pascal Thubert (pthubert) via NANOG wrote:
I see the same thing from the other side, being a S/W developer for switching and routing boxes since the early 90's. The PM barrier is a high wall indeed. And yet some techs succeed to pass it. What I'm arguing is that we can pass that wall if we work together with the same objective.
I've been monitoring this list for a while, very insightful, very happy with what I learn in the process. But here I feel compelled to react. I read that IPv6 did not succeed in 25 years. But unless I miss something, complaining did not succeed either, did it?
My frustration is that indeed (as a dev guy) we have been trying hard to serve users our best. We proposed a number of things in the IPv4 evolution direction that I see being asked on this list. For larger IPv4 space and smooth migration, I'm personally fond of the IP-in-IP variation that filed in 20+ years ago as US patent 7,356,031. Basically we reserve a /8, say, since it is so popular at this time, 240.0.0./8, and make it the "elevator shaft" between IPv4 realms. Say the current IPv4 Internet is realm 1, that Internet would have IP address 240.0.0.1/8 in the shaft, and would continue operating as is, without a change in hosts and routers for traffic staying inside the current Internet. Now say China builds realm 2; that Internet would have IP address 240.0.0.2/8 in the shaft. A host in the Internet that wants to talk to a host in China would require an update to parse new DNS double-A (realm, address) records to encapsulate the packet IP-in-IP, outer src= 240.0.0.1 outer dest=240.0.0.2. The router that serves the shaft at level 1 attracts 240.0.0.0/8 within realm 1 and routes up the elevator for more specific (host) routes within that prefix. The router that serves the shaft at level 2 attracts 240.0.0.2/32 inside the shaft; upon the said packet it would swap the inner and outer destination and the packet would reach the Chinese address with classical routing within realm 2. Routers serving the shaft need an update, but then, only those do. Obviously the host in China can only reply if its stack is updated to understand the format. But all the other hosts and routers in China can be classical IPv4 as we know them long as their traffic stays in China. To migrate to IPv6 what you can do is map the elevator shaft prefix in, say, 400::/3 (sadly cannot use F00/3 that would map 240 neatly but is already assigned). The current internet would own 400:1::/32, China would own 400:2::/32, etc... You encode the double-A of the host in the prefix, reserve a well known suffix for IPv4 mapped double-A, and you have an IPv6 address that can be mapped both ways statelessly. When migrating to v6, each IPv4 node that owns a public IPv4 address in one realm gets a full IPv6 /64 for free.
This kind of ideas have existed for long but apparently did not meet their public.
So we tried evolving IPv6 instead. And we did. I've witnessed deep evolution in networking technology with, e.g., IoT and SRv6. I've seen both being despised on this list and I'm not asking for more fuel on that fire. I just want to use these techs as a proof that evolution is indeed possible, that it happens in the context of IPv6, and that done in your direction it could make some folks happier than the current state of affairs. On the side, since I see the name, please consider that Cisco ships both techs above, so it is indeed capable of risk taking, the PM wall can indeed be passed, as long as there's enough pressure from both side.
For those interested, I'd be happy to chat on how IPv6 ND has evolved (on paper) but is stuck behind the PM wall as well.
Keep safe;
Pascal
Message-----
From: NANOG<nanog-bounces+pthubert=cisco.com@nanog.org> On Behalf Of Michael Thomas Sent: mardi 22 mars 2022 22:37 To:nanog@nanog.org Subject: Re: V6 still not supported
On 3/22/22 5:45 AM, Randy Bush wrote:
john,
fwiw your story matches what is left of my memory. one nuance
That’s not to say that there wasn’t "IETF politics” involved, but rather that such politics were expressed as enormous pressure to “make a decision” my take was that cidr had done a lot to relieve the immediate technical pressure for the short term; but there was a deep fear that the industry press was stirring a major poolpah about the end of the internet due to ipv4 exhaustion. i.e. a seriously flawed technical compromise was pushed on us in reaction to a perception of bad press.
i have learned that, when i am under great pressure to DO SOMETHING, it's time to step back, go make a cup of tea, and think. the ietf did not. and here we are, a quarter of a century later, still trying to clean up the mess.
So are you saying that an ipng that came out in, say, 2000 which was according to you was vastly superior having taken the time to get it right would have had any better chance of being adopted? My experience with Cisco product managers at the time is that they couldn't give a shit about the technical aspects of an ipng. If their silicon forwarding couldn't handle it, they weren't interested unless customers were clamoring for it. I can't see how that negative feedback loop could have ever been prevented other than other ipng being done in, oh say, 1993 when it was all still software forwarding.
Mike
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
John Curran wrote:
The characterization that the IAB somehow struck back with the IPng decision implies a level of direction over the decision which simply did not exist.
I understand that that is your theory.
That’s not to say that there wasn’t "IETF politics" involved, but rather that such politics were expressed as enormous pressure to "make a decision" rather than IAB/IESG shaping of the various protocol proposals and their technical evolution.
So, your theory is that because IAB/IESG must make decisions, they can make decisions to make IPng a lot worse than IPv4.
The technical teams that submitted each proposal controlled that proposal's evolution, and the IPng Directorate (not the IAB or IESG) made the final IPng protocol selection/recommendation.
Before they were disturbed by IAB, sure. But, as you pointed out, they are politically disturbed to make their proposals merge.
You can confirm all of this rather easily, as the entire set of IPng materials and decisions are here at Scott Bradner’s archive - https://www.sobco.com/ipng/ <https://www.sobco.com/ipng/>
Surely, I can confirm that you actually support my points.
It should also be noted that merger is just political ceremony to pretend IPng were resulted from cooperation of many contributors only to make it bloat by incorporating all the features without technical merits.
Half correct; the final protocol was indeed the result of compromise
That is a lot more than enough, not just half lot.
out of the earnest belief of technical merit of the unproven
No. It is out of the earnest belief of political merit by some committee.
Of course, the problem with including new & unproven features
Wrong. A problem, among many, of IPv6 is that it is bloat to have included a lot of old and proven to be useless/harmful features. Masataka Ohta
I remember in the 80s getting into a rather detailed debate with an OSI fan about how OSI put at least authorization into what we'd call the IP layer roughly, CLNP/CLNS/TP0-4. A lot of it came down to you send me your initial handshake and I first see if you're authorized and if not reject you right there. They were quite obsessed with authorization because they were quite obsessed with, basically, billing for every connection, who do I charge this connection to? Particularly in the 80s it seemed way too much overhead at way too low of a level to me. Almost 40 years later and maybe they were on to something. Unfortunately I still suspect it would have thrown the baby right out with the bathwater. The overhead involved would have limited network nodes (at the time) to big, expensive boxes, like PBX's, with intricate authorization and billing mechanisms rather than what made TCP/IP take off. Even in 1985 you could get a fully functional TCP/IP system running in cheap hardware most anyone with a steady job could afford rather than relegate such systems to SNA-like server/client architectures probably requiring intimate integration into telcos. But we finally have done that with mobile phones! Just try running your own mobile phone network. Yay us! On March 17, 2022 at 18:52 mike@mtcc.com (Michael Thomas) wrote:
On 3/17/22 3:30 AM, borg@uu3.net wrote:
It seems team developing IPv6 had ONE way of doing things, with is actually recipe for disaster. Why? Because they were building an IP protocol. Something that will be using globally by ALL networks around. Not some local IOT (useless) shit used here and there. Thats why such IP protocol should be follow KISS concept and flexibility. Some people have different vision how to run network. And because Inter-net is an AS to AS network they should have right to do so. As somebody who designed IoT things back when v6 was being designed, my only question was whether it would get deployed, not whether it was too complex. It was honestly a lot easier than a completely new protocol stack like appletalk or netware.
In my opinion all that crypto stuff should be put layer upper because crypto is hard, very hard and can get obsolete quickly. I don't see what the OS layer has to do with anything. An operating system that doesn't get patches is even worse than app level code that doesn't.
Its same about other weird things embedded into IPv6 that probably should go layer up. And now people wonder why IPv6 adoption is crap and there is high resistance. IPv4 made mistakes too, but hell, it was the first.
It seems all the market needed was IPv4 with bigger address space. Instead of delivering it, some contraption has been created trying to solve non-existant (or already fixed) problems.
There were tons of things that were slapped onto IP that were basically experimental like ARP and bootp. CIDR didn't even exist back then.
Also: security, for example, was not an already fixed problem. Far from it.
Mike
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
On 3/18/22 6:18 PM, bzs@theworld.com wrote:
I remember in the 80s getting into a rather detailed debate with an OSI fan about how OSI put at least authorization into what we'd call the IP layer roughly, CLNP/CLNS/TP0-4.
A lot of it came down to you send me your initial handshake and I first see if you're authorized and if not reject you right there.
They were quite obsessed with authorization because they were quite obsessed with, basically, billing for every connection, who do I charge this connection to?
Particularly in the 80s it seemed way too much overhead at way too low of a level to me.
Almost 40 years later and maybe they were on to something.
Unfortunately I still suspect it would have thrown the baby right out with the bathwater. The overhead involved would have limited network nodes (at the time) to big, expensive boxes, like PBX's, with intricate authorization and billing mechanisms rather than what made TCP/IP take off.
Even in 1985 you could get a fully functional TCP/IP system running in cheap hardware most anyone with a steady job could afford rather than relegate such systems to SNA-like server/client architectures probably requiring intimate integration into telcos.
I wrote one of the first internet enabled laser printers (maybe the first) a couple of years later. It was work -- mostly TCP -- but it wasn't insurmountable. v6 was pretty ho-hum if it were to become a requirement. That and integrating with LPR which was a shitshow. The IP layer was trivial in comparison. I'm willing to believe that the networking layer was more difficult, but I really question about *how much* more difficult it was. Mike
Michael Thomas <mike@mtcc.com> wrote:
There were tons of things that were slapped onto IP that were basically experimental like ARP and bootp. CIDR didn't even exist back then.
Speaking as one of the co-designers of BOOTP (RFC 951): yes, it was experimental. So why was it "slapped onto" IP? Well, in those days the IP protocol itself (now known as IPv4) was an experiment. The previous method of configuring each computer that was plugged into an IP network, was to have a human-to-human conversation with your network administrator, who would manually write down your new IP address on the local network, and also tell you the IP address of a local gateway. You would type this into a file in /etc and save it on your new computer's local hard drive, and your experimental network would all start working. Then it became 1985, disk drives were small and expensive, flash memory nonexistent. As a cost-reduction measure, Sun built some of the first end-user computers that could operate without any nonvolatile local storage: diskless workstations. They needed a way to boot without having a system administrator (or end user) type in the machine's IP address and the address of their gateway every time it booted. We had a network, why didn't we communicate this over the network? Sun designed and implemented a way of doing this, called RARP (RFC 903). This did not use IP packets; it required accessing the local Ethernet using packets with a unique Ethertype. And it only worked on Ethernet, not on any other possible LAN technology. I was the maintainer of the bootstrap ROMs in Sun workstations. Bill Croft and I thought we could do better. We put our heads together and said, "why can't we use IP broadcast packets for this?" (IP support for broadcast packets was also an experiment at around that time. IP multicast was barely a cloud on the horizon.) You could even write a portable UNIX program to be the BOOTP server or client (unlike for RARP). We got the BOOTP protocol working in prototype. Bill understood the RFC submission process, and we got it published as an experimental RFC. Sun didn't care. Their products shipped using RARP. Bill and I had lots of other things to do, so we ignored BOOTP for years. But Sun had a run of good luck at supporting and creating industry standards like TCP/IP and NFS. 3000 miles away, some competitors hated Sun's success, so they decided to standardize their products on "anything that doesn't work like Sun's". This was the UNIX wars, which distracted all the UNIX vendors. They should've been watching Microsoft, which proceeded to steamroller the computing market and make almost all of them irrelevant. I think it might have been DEC that first adopted BOOTP for actually bootstrapping their products, and others followed suit. I don't actually know why they picked it -- especially because I was co-author and I worked at Sun. But they started using it, and it caught on among that consortium of non-Sun UNIX vendors. And eventually, Mitch Bradley, a hardware designer at Sun with a penchant for FORTH programming, built the boot code for the first SPARC machines, and implemented BOOTP in it, so even Sun started using it. By 1993, others had built DHCP (RFC 1541) on top of BOOTP, and that went onto the standards track at IETF. Everybody who liked the old way was free to continue manually typing human-assigned IP addresses into every new computer on their network and keeping them in local nonvolatile storage. Plugging into an Ethernet used to require inserting an electric drill into a fat yellow coaxial cable in your ceiling (see https://en.wikipedia.org/wiki/10BASE5), and then cleaning out the copper detritis that would short the cable and bring down the whole network, and attaching in a separate transceiver box with a "sting tap" that would touch the center conductor of the coax, then running a separate transceiver cable to your computer. The manual IP address configuration was only a small portion of the pain. But 3Com migrated Ethernet to twist-on BNC connectors (https://en.wikipedia.org/wiki/10BASE2), and users started migrating toward products that worked without bringing in a technician. BOOTP and DHCP offered a "plug and play" experience that those users craved. So what started as experiments eventually became expected parts of the IP standards. ARP was "slapped on" in 1982, long before RARP or BOOTP. The original IP specs required that the LAN address must fit into the low order bits of your IP netblock. This wasn't well thought through, but IP was an experiment and there were very few other experiments for its designers to learn from. It worked ok when ARPANET was your LAN (see the original use of 10/8), and when everybody else had Class A addresses, like the packet radio network or 3-megabit Experimental Ethernet users. But it didn't scale up, and it didn't work at all for 10-megabit industry standard Ethernet, with 48-bit addresses much longer than IP addresses. And Ethernet was cheap -- only hundreds of dollars per node. So when somebody slapped together a protocol that made IP-over-Ethernet work, which was ARP, suddenly it became much cheaper and easier to build an IP network. This created a much bigger market for IP, which led in fits and starts to the creation of NANOG. The rest is history. John
I had completely forgot about RARP! We had similar considerations when I designed the Lantronix terminal servers. We patterned them off of the DEC terminal servers on the DEC side which net loaded images (I want to think that DEC used MOP to download, but I could be wrong), but the combination of bootp and tftp served our purposes for booting IP. The thing about RARP is that getting an IP address is nice, but what about the DNS server address at a minimum? I think we might have even had a boot loader for Netware. Life was much more complicated with all of the competing networking stacks and having no clue which one was going "win". IPv6 in comparison was very familiar ground. To me it seemed that it was ipv4 with bigger addresses and that was about it. But I've never understood all of the strum und drang about ipv6. Mike On 3/19/22 3:30 AM, John Gilmore wrote:
There were tons of things that were slapped onto IP that were basically experimental like ARP and bootp. CIDR didn't even exist back then. Speaking as one of the co-designers of BOOTP (RFC 951): yes, it was experimental. So why was it "slapped onto" IP? Well, in those days
Michael Thomas <mike@mtcc.com> wrote: the IP protocol itself (now known as IPv4) was an experiment.
The previous method of configuring each computer that was plugged into an IP network, was to have a human-to-human conversation with your network administrator, who would manually write down your new IP address on the local network, and also tell you the IP address of a local gateway. You would type this into a file in /etc and save it on your new computer's local hard drive, and your experimental network would all start working.
Then it became 1985, disk drives were small and expensive, flash memory nonexistent. As a cost-reduction measure, Sun built some of the first end-user computers that could operate without any nonvolatile local storage: diskless workstations. They needed a way to boot without having a system administrator (or end user) type in the machine's IP address and the address of their gateway every time it booted. We had a network, why didn't we communicate this over the network?
Sun designed and implemented a way of doing this, called RARP (RFC 903). This did not use IP packets; it required accessing the local Ethernet using packets with a unique Ethertype. And it only worked on Ethernet, not on any other possible LAN technology. I was the maintainer of the bootstrap ROMs in Sun workstations. Bill Croft and I thought we could do better. We put our heads together and said, "why can't we use IP broadcast packets for this?" (IP support for broadcast packets was also an experiment at around that time. IP multicast was barely a cloud on the horizon.) You could even write a portable UNIX program to be the BOOTP server or client (unlike for RARP).
We got the BOOTP protocol working in prototype. Bill understood the RFC submission process, and we got it published as an experimental RFC.
Sun didn't care. Their products shipped using RARP. Bill and I had lots of other things to do, so we ignored BOOTP for years.
But Sun had a run of good luck at supporting and creating industry standards like TCP/IP and NFS. 3000 miles away, some competitors hated Sun's success, so they decided to standardize their products on "anything that doesn't work like Sun's". This was the UNIX wars, which distracted all the UNIX vendors. They should've been watching Microsoft, which proceeded to steamroller the computing market and make almost all of them irrelevant. I think it might have been DEC that first adopted BOOTP for actually bootstrapping their products, and others followed suit. I don't actually know why they picked it -- especially because I was co-author and I worked at Sun. But they started using it, and it caught on among that consortium of non-Sun UNIX vendors. And eventually, Mitch Bradley, a hardware designer at Sun with a penchant for FORTH programming, built the boot code for the first SPARC machines, and implemented BOOTP in it, so even Sun started using it.
By 1993, others had built DHCP (RFC 1541) on top of BOOTP, and that went onto the standards track at IETF. Everybody who liked the old way was free to continue manually typing human-assigned IP addresses into every new computer on their network and keeping them in local nonvolatile storage. Plugging into an Ethernet used to require inserting an electric drill into a fat yellow coaxial cable in your ceiling (see https://en.wikipedia.org/wiki/10BASE5), and then cleaning out the copper detritis that would short the cable and bring down the whole network, and attaching in a separate transceiver box with a "sting tap" that would touch the center conductor of the coax, then running a separate transceiver cable to your computer. The manual IP address configuration was only a small portion of the pain. But 3Com migrated Ethernet to twist-on BNC connectors (https://en.wikipedia.org/wiki/10BASE2), and users started migrating toward products that worked without bringing in a technician. BOOTP and DHCP offered a "plug and play" experience that those users craved. So what started as experiments eventually became expected parts of the IP standards.
ARP was "slapped on" in 1982, long before RARP or BOOTP. The original IP specs required that the LAN address must fit into the low order bits of your IP netblock. This wasn't well thought through, but IP was an experiment and there were very few other experiments for its designers to learn from. It worked ok when ARPANET was your LAN (see the original use of 10/8), and when everybody else had Class A addresses, like the packet radio network or 3-megabit Experimental Ethernet users. But it didn't scale up, and it didn't work at all for 10-megabit industry standard Ethernet, with 48-bit addresses much longer than IP addresses. And Ethernet was cheap -- only hundreds of dollars per node. So when somebody slapped together a protocol that made IP-over-Ethernet work, which was ARP, suddenly it became much cheaper and easier to build an IP network. This created a much bigger market for IP, which led in fits and starts to the creation of NANOG. The rest is history.
John
On Mar 19, 2022, at 2:49 PM, Michael Thomas <mike@mtcc.com> wrote:
IPv6 in comparison was very familiar ground. To me it seemed that it was ipv4 with bigger addresses and that was about it. But I've never understood all of the strum und drang about ipv6.
As one tightly involved in multiprotocol networking in the '90s, I viewed with interest the evolution of IPv6. Nothing about IPv6 changed fundamental physical network design principals, except to remove IPv4 limits on the number of subnetworks. Oh, and the removal of coordinated RFC1918 addressing between members of the ever active merger and acquisition world. Life became much rosier. One could concievably deploy a plant floor with a million IPv6 globally unique device address without kludges required by IPv4. I never ran into Sturm und Drang about IPv6 itself, only about the required investment in people and hardware, which I considered a short term bump with a long term payoff. That, I discovered, was the true barrier to IPv6 planning and deployment — middle management, especial account managers. The basic argument was “The customer must first ask for it and sign a contract, then we will prepare for it.” Too much “not in my cost center” mentality crippled the ability of network implementers to even deploy IPv6 for demonstration purposes, as well as for learning. The idea that “my investment” might also benefit others, even in my own company was anathema. I have never become short sighted enough to endorse such idiocy. As one experience with ‘joys’ of end to end connections between NATted networks with overlapping RFC1918 space, The advent of CGNAT and various pipe dreams (mostly in the US) of extending IPv4 address space offends my business sense and technical sense for wasting time, materials, and money.
On 3/19/22 1:44 PM, James R Cutler wrote:
On Mar 19, 2022, at 2:49 PM, Michael Thomas <mike@mtcc.com> wrote:
IPv6 in comparison was very familiar ground. To me it seemed that it was ipv4 with bigger addresses and that was about it. But I've never understood all of the strum und drang about ipv6. As one tightly involved in multiprotocol networking in the '90s, I viewed with interest the evolution of IPv6. Nothing about IPv6 changed fundamental physical network design principals, except to remove IPv4 limits on the number of subnetworks. Oh, and the removal of coordinated RFC1918 addressing between members of the ever active merger and acquisition world. Life became much rosier. One could concievably deploy a plant floor with a million IPv6 globally unique device address without kludges required by IPv4.
I never ran into Sturm und Drang about IPv6 itself, only about the required investment in people and hardware, which I considered a short term bump with a long term payoff.
There is a surprising amount of it here. I'm trying to understand exactly what the problems are but it's all very vague Some people are still intent to relitigate 30 year old debates. But "doesn't work" or "bloated" or "don't like it" or "second system syndrome" are really unhelpful.
That, I discovered, was the true barrier to IPv6 planning and deployment — middle management, especial account managers. The basic argument was “The customer must first ask for it and sign a contract, then we will prepare for it.” Too much “not in my cost center” mentality crippled the ability of network implementers to even deploy IPv6 for demonstration purposes, as well as for learning. The idea that “my investment” might also benefit others, even in my own company was anathema. I have never become short sighted enough to endorse such idiocy.
Yep, that's pretty much my experience with Steve Deering at Cisco. Software was one thing and since it was semi-centralized with IOS thus could be amortized, but spinning new silicon was a hard no. Even new silicon trying to get them to pay attention was painful because it was custom for whatever platform they were on so they had little incentive to go it alone -- not to mention their designers hadn't dealt with it before so there would be a learning curve. Mike
John Gilmore wrote:
There were tons of things that were slapped onto IP that were basically experimental like ARP and bootp. CIDR didn't even exist back then.
ARP was "slapped on" in 1982, long before RARP or BOOTP. The original IP specs required that the LAN address must fit into the low order bits of your IP netblock. This wasn't well thought through, but IP was an experiment and there were very few other experiments for its designers to learn from.
Like RIP, wasn't the the feature imported from XNS?
It worked ok when ARPANET was your LAN (see the original use of 10/8), and when everybody else had Class A addresses, like the packet radio network or 3-megabit Experimental Ethernet users. But it didn't scale up, and it didn't work at all for 10-megabit industry standard Ethernet, with 48-bit addresses much longer than IP addresses.
Wow! However, even with very long 128bit IPv6 addresses, which was originally specified 10+6 (or 80+48 where '6' means 6*8=48 bits of Ethernet MAC) was not enough when I pointed out that MAC address of IEEE1394 is 64 bits long, after which, IPv6 address became 8+8, which means layering violation to make L3 address format depends on L2 address length. Worse, these days, MAC address is not used for lower part of IPv6 addresses for privacy reasons. So, ARP is not something slapped in but the correct thing to do not to cause serious layering violations so much shunned by OSI. IPv6, along with ND, is something politically slapped in against IETF consensus to ban CLNP without technical/operational reasons and is totally broken. Masataka Ohta
I could offer a more philosophical assessment of IPv6 deployment. Perhaps we're there, we're doing fine. This is how it is going to go. It's out there, it works (glitches aside), those who want it use it tho they can't force others to use it so still need to maintain a dual-stack if that's of importance to them. Perhaps that's a reasonable complaint, the cost and effort of accommodating those who haven't deployed IPv6. Maybe it will take 50 years (we're easily half-way there.) Put another way, by what objective measure is IPv6 deployment seen as failing? Other than individuals' impatience. Was there a generally agreed upon timeline which wasn't lived up to, for example? -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
Put another way, by what objective measure is IPv6 deployment seen as failing? Other than individuals' impatience. Was there a generally agreed upon timeline which wasn't lived up to, for example?
3gpp deployment was going to force it. YouLube enabling ipv6 was going to convert the world. ca by says every grain of sand has ipv6. the religious fantasies go on and on.
Perhaps we're there, we're doing fine. This is how it is going to go.
the problem is that we have to read about interminably. and our bean counters are still seem to remember the costs we incurred deploying it 25 years ago. randy
bzs@theworld.com wrote:
I could offer a more philosophical assessment of IPv6 deployment.
Perhaps we're there, we're doing fine. This is how it is going to go.
It's out there, it works (glitches aside), those who want it use it tho they can't force others to use it so still need to maintain a dual-stack if that's of importance to them. Perhaps that's a reasonable complaint, the cost and effort of accommodating those who haven't deployed IPv6.
If this rather healthy viewpoint was more generally pervasive IPv4 efforts would not be met with such hysteria.
Maybe it will take 50 years (we're easily half-way there.)
Put another way, by what objective measure is IPv6 deployment seen as failing? Other than individuals' impatience. Was there a generally agreed upon timeline which wasn't lived up to, for example? As a protocol and product, IPv6 is a success. It works, its deployed, its utilized.
As the cure and solution to address scarcity experienced by network users and operators, it has already failed in that goal, repetitively and continually. It was supposed to do that using the additional time CIDR bequeathed to IPv4. Fail. It was supposed to do that upon IANA exhaustion. Fail. It was supposed to do that upon RiR exhaustion. Annual Fail. It was supposed to do that prior to commercialization and commoditization of IPv4. Fail. It was supposed to do that before E2E on the internet became a quaint historical footnote. Fail. IPv6 has failed the Internet. Maybe, hopefully, this is the year or decade it finally stops being the perennial failure, but the history of fail induced net-negatives does not get erased by eventual success, and worse, the future will likely continue to contain artifacts of those failures. Its not impossible to envision that IPv4 does not ever go away but actually gets extended in such a way that it obsoletes IPv6. The longer this drags out the less implausible it seems. Joe
At this point I would *love* to see IPv4 get extended, a software patch applied to devices, and IPv6 die a quick painless death.
Its not impossible to envision that IPv4 does not ever go away but actually gets extended in such a way that it obsoletes IPv6. The longer this drags out the less implausible it seems.
Joe
While Im dont like IPv6, I see it as a bad idea.
From my knowledge I dont see a way of extending IPv4 without making it a new protocol. It was not designed that way.
What I would LOVE to see that someone will pop in with new IP protocol that is much more similar to IPv4, just extends address space and fixes some well know issues. (for example remove netmask and use prefixlen/CIDR). Other importand aspect is some kind of IPvX -> IPv4 interop, so you can quickly put clients into new protocol and they have access to entire IPv4 internet out of the box. Also, we need to please enterprises so we need largish RFC1918 space too. Just my 2 cents again ;) ---------- Original message ---------- From: Matt Hoppes <mattlists@rivervalleyinternet.net> To: Joe Maimon <jmaimon@jmaimon.com>, bzs@theworld.com, Tom Beecher <beecher@beecher.cc> Cc: NANOG <nanog@nanog.org> Subject: Re: V6 still not supported Date: Thu, 17 Mar 2022 23:34:19 -0500 At this point I would *love* to see IPv4 get extended, a software patch applied to devices, and IPv6 die a quick painless death.
Its not impossible to envision that IPv4 does not ever go away but actually gets extended in such a way that it obsoletes IPv6. The longer this drags out the less implausible it seems.
Joe
What I would LOVE to see that someone will pop in with new IP protocol that is much more similar to IPv4, just extends address space and fixes some well know issues. (for example remove netmask and use prefixlen/CIDR).
This shows a fundamental lack of understanding… Netmask and Prefixlen/CIDR are just Different ways of representing the exact same thing. While it’s true that prior to CIDR, one COULD implement discontiguous net masks, this was rare in actual practice and had no real use, so nothing was lost in eliminating that capability. Internal to the operating system, regardless of whether presentation is as a CIDR length or a netmask, it’s still stored and compared against addresses as a bitfield.
Other importand aspect is some kind of IPvX -> IPv4 interop, so you can quickly put clients into new protocol and they have access to entire IPv4 internet out of the box.
Client A has a 128 bit address. Client B has a 32 bit address and does not understand packets with 128-bit addresses. Please explain how these two clients interoperate. That is literally what you are asking for here. Math says it doesn’t work.
Also, we need to please enterprises so we need largish RFC1918 space too.
Why? Why does RFC-1918 space need to exist at all? Why not simply use transparent addressing and stop mutilating packet headers? However, if you really think this is important, I will refer you to what is called ULA in IPv6. It’s pretty much all the same problems of RFC1918 minus the high probability of collision when merging two networks.
Just my 2 cents again ;)
I think you have over-valued it. Owen
---------- Original message ----------
From: Matt Hoppes <mattlists@rivervalleyinternet.net> To: Joe Maimon <jmaimon@jmaimon.com>, bzs@theworld.com, Tom Beecher <beecher@beecher.cc> Cc: NANOG <nanog@nanog.org> Subject: Re: V6 still not supported Date: Thu, 17 Mar 2022 23:34:19 -0500
At this point I would *love* to see IPv4 get extended, a software patch applied to devices, and IPv6 die a quick painless death.
Its not impossible to envision that IPv4 does not ever go away but actually gets extended in such a way that it obsoletes IPv6. The longer this drags out the less implausible it seems.
Joe
After a time of transition, all clients would be running 128 bit addresses (or whatever length was determined to be helpful). Just like with IPv6, there would be a transition period, but during that time software updates would very easily bring equipment up to spec much faster and quicker. Eventually, 192.168.0.1 would be represented (for example) as 0.0.0.0.192.168.0.1 (or something similar - I haven't really sketched out the logistics on paper). So, while it's true that a 192.168.0.1 computer couldn't connect to a 43.23.0.0.12.168.0.1 computer, without a software patch - that patch would be very simple and quick to deploy. The number is the same, it simply expands to it (somewhat like an area code split). It would also be extremely easy to perform a translation operations on equipment that required it for some reason since we're still operating in the same basic IPv4 dotted notation system. A computer running at 32.23.0.0.12.168.0.1 wants to access 192.168.0.1. It has no problem sending out the request, since 192.168.0.1 is a subset of the protocol 32.23.0.x has. However, to get back 192.168.0.1 can proxy through an IPv4.1 to IPv4.2 concentration system. This very quickly allows for rapid deployment and upgrading. I suspect if such a system was implemented the uptake would be very very fast. IPv6 deployment is been so slow because it was not carefully thought through from an ISP deployment perspective. (For example, how the DHCPv6 request doesn't send the device MAC address through, thus preventing the ISP from being able to authorize the device or hand out a specific IP range). Yes, this can be gotten around, but you have to have a device which can intercept the traffic, forward it, and direct the DHCPv6. This shouldn't be necessary. The IPv6 protocol took something that worked (but had limited resources) and broke it while a bunch of engineers sat around a table talking. It's time we stopped trying to advance a broken cart, and simply fix the existing, working horse and cart that we have through a very simple extension process. Heck, even allowing hex in the dotted quad would resolve a lot of issue. The issue with IPv6 is NOT the hex. It's the way things were implemented within the protocol stack. On 3/18/22 3:44 PM, Owen DeLong via NANOG wrote:
What I would LOVE to see that someone will pop in with new IP protocol that is much more similar to IPv4, just extends address space and fixes some well know issues. (for example remove netmask and use prefixlen/CIDR).
This shows a fundamental lack of understanding… Netmask and Prefixlen/CIDR are just Different ways of representing the exact same thing. While it’s true that prior to CIDR, one COULD implement discontiguous net masks, this was rare in actual practice and had no real use, so nothing was lost in eliminating that capability.
Internal to the operating system, regardless of whether presentation is as a CIDR length or a netmask, it’s still stored and compared against addresses as a bitfield.
Other importand aspect is some kind of IPvX -> IPv4 interop, so you can quickly put clients into new protocol and they have access to entire IPv4 internet out of the box.
Client A has a 128 bit address. Client B has a 32 bit address and does not understand packets with 128-bit addresses.
Please explain how these two clients interoperate.
That is literally what you are asking for here. Math says it doesn’t work.
Also, we need to please enterprises so we need largish RFC1918 space too.
Why? Why does RFC-1918 space need to exist at all? Why not simply use transparent addressing and stop mutilating packet headers?
However, if you really think this is important, I will refer you to what is called ULA in IPv6. It’s pretty much all the same problems of RFC1918 minus the high probability of collision when merging two networks.
Just my 2 cents again ;)
I think you have over-valued it.
Owen
---------- Original message ----------
From: Matt Hoppes <mattlists@rivervalleyinternet.net> To: Joe Maimon <jmaimon@jmaimon.com>, bzs@theworld.com, Tom Beecher <beecher@beecher.cc> Cc: NANOG <nanog@nanog.org> Subject: Re: V6 still not supported Date: Thu, 17 Mar 2022 23:34:19 -0500
At this point I would *love* to see IPv4 get extended, a software patch applied to devices, and IPv6 die a quick painless death.
Its not impossible to envision that IPv4 does not ever go away but actually gets extended in such a way that it obsoletes IPv6. The longer this drags out the less implausible it seems.
Joe
So, while it's true that a 192.168.0.1 computer couldn't connect to a 43.23.0.0.12.168.0.1 computer, without a software patch - that patch would be very simple and quick to deploy.
Software patches are never simple and quick to deploy. In fact, a common argument from people who don't want to use v6 is that software patches are too much work!!! On Sat, Mar 19, 2022 at 6:45 PM Matt Hoppes < mattlists@rivervalleyinternet.net> wrote:
After a time of transition, all clients would be running 128 bit addresses (or whatever length was determined to be helpful).
Just like with IPv6, there would be a transition period, but during that time software updates would very easily bring equipment up to spec much faster and quicker.
Eventually, 192.168.0.1 would be represented (for example) as 0.0.0.0.192.168.0.1 (or something similar - I haven't really sketched out the logistics on paper).
So, while it's true that a 192.168.0.1 computer couldn't connect to a 43.23.0.0.12.168.0.1 computer, without a software patch - that patch would be very simple and quick to deploy. The number is the same, it simply expands to it (somewhat like an area code split).
It would also be extremely easy to perform a translation operations on equipment that required it for some reason since we're still operating in the same basic IPv4 dotted notation system.
A computer running at 32.23.0.0.12.168.0.1 wants to access 192.168.0.1. It has no problem sending out the request, since 192.168.0.1 is a subset of the protocol 32.23.0.x has. However, to get back 192.168.0.1 can proxy through an IPv4.1 to IPv4.2 concentration system. This very quickly allows for rapid deployment and upgrading.
I suspect if such a system was implemented the uptake would be very very fast.
IPv6 deployment is been so slow because it was not carefully thought through from an ISP deployment perspective. (For example, how the DHCPv6 request doesn't send the device MAC address through, thus preventing the ISP from being able to authorize the device or hand out a specific IP range). Yes, this can be gotten around, but you have to have a device which can intercept the traffic, forward it, and direct the DHCPv6. This shouldn't be necessary. The IPv6 protocol took something that worked (but had limited resources) and broke it while a bunch of engineers sat around a table talking.
It's time we stopped trying to advance a broken cart, and simply fix the existing, working horse and cart that we have through a very simple extension process.
Heck, even allowing hex in the dotted quad would resolve a lot of issue. The issue with IPv6 is NOT the hex. It's the way things were implemented within the protocol stack.
On 3/18/22 3:44 PM, Owen DeLong via NANOG wrote:
What I would LOVE to see that someone will pop in with new IP protocol that is much more similar to IPv4, just extends address space and fixes some well know issues. (for example remove netmask and use
prefixlen/CIDR).
This shows a fundamental lack of understanding… Netmask and
Different ways of representing the exact same thing. While it’s true
COULD implement discontiguous net masks, this was rare in actual
real use, so nothing was lost in eliminating that capability.
Internal to the operating system, regardless of whether presentation is as a CIDR length or a netmask, it’s still stored and compared against addresses as a bitfield.
Other importand aspect is some kind of IPvX -> IPv4 interop, so you can quickly put clients into new protocol and they have access to entire IPv4 internet out of the box.
Client A has a 128 bit address. Client B has a 32 bit address and does not understand packets with 128-bit addresses.
Please explain how these two clients interoperate.
That is literally what you are asking for here. Math says it doesn’t work.
Also, we need to please enterprises so we need largish RFC1918 space too.
Why? Why does RFC-1918 space need to exist at all? Why not simply use
Prefixlen/CIDR are just that prior to CIDR, one practice and had no transparent addressing and stop mutilating packet headers?
However, if you really think this is important, I will refer you to what
is called ULA in IPv6. It’s pretty much all the same problems of RFC1918 minus the high probability of collision when merging two networks.
Just my 2 cents again ;)
I think you have over-valued it.
Owen
---------- Original message ----------
From: Matt Hoppes <mattlists@rivervalleyinternet.net> To: Joe Maimon <jmaimon@jmaimon.com>, bzs@theworld.com, Tom Beecher <beecher@beecher.cc> Cc: NANOG <nanog@nanog.org> Subject: Re: V6 still not supported Date: Thu, 17 Mar 2022 23:34:19 -0500
At this point I would *love* to see IPv4 get extended, a software patch
applied
to devices, and IPv6 die a quick painless death.
Its not impossible to envision that IPv4 does not ever go away but
actually
gets extended in such a way that it obsoletes IPv6. The longer this drags out the less implausible it seems.
Joe
It appears that Matt Hoppes <mattlists@rivervalleyinternet.net> said:
Just like with IPv6, there would be a transition period, but during that time software updates would very easily bring equipment up to spec much faster and quicker.
Eventually, 192.168.0.1 would be represented (for example) as 0.0.0.0.192.168.0.1 (or something similar - I haven't really sketched out the logistics on paper).
Sounds just like an IPv4-mapped IPv6 address, which is ::ffff:192.168.0.1. See RFC 1884, written in 1995, and the other RFCs which update it but don't change this particular aspect. What's the difference? R's, John
On 19Mar22, Matt Hoppes allegedly wrote:
So, while it's true that a 192.168.0.1 computer couldn't connect to a 43.23.0.0.12.168.0.1 computer, without a software patch - that patch would be very simple and quick to deploy
Let's call this ipv4++ Question: How does 192.168.0.1 learn about 43.23.0.0.12.168.0.1? Is that a DNS lookup? How does the DNS support ipv4++ addresses? Is that some extension to the A RR? It better be an extension that doesn't break packet validation rules embeded in most DNS libraries and middleware. You give 'em an A RData longer than 32 bits and they're going to drop it with prejudice. Perhaps you should invent a new ipv4++ address RR to avoid some of these issues? In either case, how does every program on my ipv4 computer deal with these new addresses that come back from a DNS lookup? Do you intend to modify every DNS library to hide these extensions from older programs? How do you do that exactly? What about my home-grown DNS library? Who patches that? Here's a code fragment from my ipv4-only web browser: uint32 ip ip = dnslookup("www.rivervalleyinternet.net", TypeA) socket = connect(ip) What does 'ip' contain if www.rivervalleyinternet.net is ipv4++ compliant and advertises 43.23.0.0.199.34.228.100? Do these magical concentrators sniff out DNS queries and do some form of translation? How does that work with DoH and DoT? Or are you suggesting that www.rivervalleyinternet.net continues to advertise and listen on both 43.23.0.0.199.34.228.100 *and* good ol' 199.34.228.100 until virtually every client and network on the planet transitions to ipv4++? In short, the transition plan is to have www.rivervalleyinternet.net run dual-stacked for many years to come. Yes? Speaking of DNS lookups. If my ipv4++ DNS server is on the same LAN as my laptop, how do I talk to it? You can't ARP for ipv4++ addresses, so you'll have to invent a new ARP protocol type or a new LAN protocol. Is that in your patch too? Make sure the patch applies to network devices running proxy ARP as well, ok? If I connect to an ipv4++ network, how do I acquire my ipv4++ address? If it's DHCP, doesn't that require an extension to the DHCP protocol to support the larger ipv4++ addresses? So DHCP protocol extensions and changes to all DHCP servers and clients are part of the patch too, right? Or perhaps you plan to invent a new DHCP packet which better accomodates all of the ipv4++ addresses that can get returned? Still plenty of code changes. And how do I even do DHCP? Does ipv4++ support broadcast in the same way as ipv4? What of DHCP relays? They will need to be upgraded I presume. So let's say we've solved all the issues with getting on a network, talking over a LAN, acquiring an ipv4++ address, finding our ipv4++ capable router and resolving ipv4++ addresses. My application is ready to send an ipv4++ packet to a remote destionation. But what does an ipv4++ packet look like on the wire? Is it an ipv4 packet with bigger address fields? An ipv4 packet with an extension? Or do you propose inventing a new IP type? Do these packets pass thru ipv4-only routers untainted or must they be "concentrated" beforehand? Won't all the firewalls and router vendors need to change their products to allow such packets to pass? Normally oddball ipv4 packets are dropped of course. As we know, vendor changes can notoriously take decades; just ask the ipv6 crowd. Ok. We've upgraded all our infrastructure to route ipv4++ packets. The packet reached the edge of our network. But how does the edge know that the next hop (our ISP) supports ipv4++ packets? Do routers have to exchange capabilities with each other? How do they do that? For that matter, how does my application know that the whole path thru to the destination supports ipv4++? It only needs one transition across an ipv4-only network somewhere in the path and the packet will be dropped. I think you're going to have to advertise ipv4++ reachability on a per-network basis. Perhaps using BGP? Oh, so that means your patch has to add ipv4++ capabilities to all BGP implementations. Hmm.
However, to get back 192.168.0.1 can proxy through an IPv4.1 to IPv4.2 concentration system.
Sounds like you're proposing a global deployment of reverse CG-NATs (aka concentrators) which need to run for as long as the transition takes. Do you run concentrators on ISP borders where one party is ipv4 and the other party is ipv4++? Not sure a lot of edge/border routers have the memory footprint or CPU grunt to maintain NAT tables that might involve 1,000s or millions of flows. Your patch might have to include a memory upgrade. Will these address ranges fit into 32bit CAM or will routers need to drop back to regular memory and software lookups? That's a pretty nasty performance hit which was an argument against ipv6 for quite a while. One of the bigger problems with your "concentrators" (apart from who implements them and where) is that they mask the address of all incoming connections originating from ipv4++ sources. Lots and lots of products and tools rely on source addresses to uniquely identify friend or foe: VPNs, iptable filters, Rate-limiters, Antispam systems, etc. Can you give an example of how 43.23.0.0.12.168.0.1 collapsed down to an ipv4 address and still allows an ipv4 recipient to uniquely identify the true source? I'm going to suggest it's not possible. These concentrators effectively create false-identification risk for ipv4++ early adopters just as CG-NATs do for clients. You might need to have a think about a global deployment of concentrators. On another front. What of all the IP addresses stored on disk? Every s/w product, program and database which parses or manages IP addresses needs to change to support ipv4++. IPAMs, dhcp configs, access control lists, DNS config parsers, RBL lookups, anti-spam filters, firewall rules, almost all of the 1,000s upon 1,000s of network applications, the myriad private databases, geo-location lookup tools, reporting tools and much more besides. This is a shedload of work. And what of those systems which rely on the address space fitting in memory? I'm embarrassed to say I was involved with one of those in this century - blush. 32bits is tractable on current computers, but 64 bits for ipv4++, not so much. Such applications need a ground-up redesign to cope with the larger addresses. You might argue that tooling and source address management can come later, but it can't. You need at least dhcp, dns, arp, concentrators, router "patches", switch "patches", bgp support, application code changes and inbound protection mechanisms in place before a single production ipv4++ packet can be exchanged. And any decent ISP is going to want far more than those basics in place prior to carrying ipv4++ packets on behalf of their customers: address management, diagnostic tools, training, portals, billing systems, etc. All in all, this doesn't sounds "simple and quick to deploy". Rather, one could argue that ipv4++ effectively recreated much of the work required to get ipv6 running with added complexity in the form of "concentrations" and address masking. And the reason for the similarity is simple: it's the address size increase which creates much of the work. Whether these larger addresses are stashed in minimally augmented ipv4 containers or brand new ipv6 containers is secondary. The whole planet spent decades writing code, designing data structures and building h/w which fundamentally relies on addresses being 32bits long. Add a single bit to that in any way and you pretty much break everything. But here's the real problem with ipv4++. It's a technical solution to an incentive problem. If good ol' ipv4 runs just fine while the internet transitions to your brand new ipv4++, what incentive is there for *any* of the ipv4 crowd to ever upgrade? Won't you end up in exactly the same situation we have today with ipv6? Not enough incentive to adopt? You need a rock solid incentive which more or less compells everyone to move to ipv4++ in a timely manner. You also need to show how that incentive can't be applied to ipv6. Solve both of these and you might be on to something. Mark.
Hi all, Hierarchical addressing when the small zone has a smaller address size, but the bigger zone has a bigger address size Does not make too much sense. Indeed, it is possible to increase the source address from 32bits to something bigger when the packet would go out of the small zone (and decrease when the packet would go in the reverse direction). But it is not possible to do the same for the destination address - it should be long enough (more the 32bits) from the source host to point to another host far away. Hence, the assumption below is optimistic that may be smooth interoperability between smaller and bigger address spaces. It is the same disruptive as the introduction of IPv6. Eduard -----Original Message----- From: NANOG [mailto:nanog-bounces+vasilenko.eduard=huawei.com@nanog.org] On Behalf Of Mark Delany Sent: Sunday, March 20, 2022 7:25 AM To: nanog@nanog.org Subject: Re: V6 still not supported On 19Mar22, Matt Hoppes allegedly wrote:
So, while it's true that a 192.168.0.1 computer couldn't connect to a 43.23.0.0.12.168.0.1 computer, without a software patch - that patch would be very simple and quick to deploy
Let's call this ipv4++ Question: How does 192.168.0.1 learn about 43.23.0.0.12.168.0.1? Is that a DNS lookup? How does the DNS support ipv4++ addresses? Is that some extension to the A RR? It better be an extension that doesn't break packet validation rules embeded in most DNS libraries and middleware. You give 'em an A RData longer than 32 bits and they're going to drop it with prejudice. Perhaps you should invent a new ipv4++ address RR to avoid some of these issues? In either case, how does every program on my ipv4 computer deal with these new addresses that come back from a DNS lookup? Do you intend to modify every DNS library to hide these extensions from older programs? How do you do that exactly? What about my home-grown DNS library? Who patches that? Here's a code fragment from my ipv4-only web browser: uint32 ip ip = dnslookup("www.rivervalleyinternet.net", TypeA) socket = connect(ip) What does 'ip' contain if www.rivervalleyinternet.net is ipv4++ compliant and advertises 43.23.0.0.199.34.228.100? Do these magical concentrators sniff out DNS queries and do some form of translation? How does that work with DoH and DoT? Or are you suggesting that www.rivervalleyinternet.net continues to advertise and listen on both 43.23.0.0.199.34.228.100 *and* good ol' 199.34.228.100 until virtually every client and network on the planet transitions to ipv4++? In short, the transition plan is to have www.rivervalleyinternet.net run dual-stacked for many years to come. Yes? Speaking of DNS lookups. If my ipv4++ DNS server is on the same LAN as my laptop, how do I talk to it? You can't ARP for ipv4++ addresses, so you'll have to invent a new ARP protocol type or a new LAN protocol. Is that in your patch too? Make sure the patch applies to network devices running proxy ARP as well, ok? If I connect to an ipv4++ network, how do I acquire my ipv4++ address? If it's DHCP, doesn't that require an extension to the DHCP protocol to support the larger ipv4++ addresses? So DHCP protocol extensions and changes to all DHCP servers and clients are part of the patch too, right? Or perhaps you plan to invent a new DHCP packet which better accomodates all of the ipv4++ addresses that can get returned? Still plenty of code changes. And how do I even do DHCP? Does ipv4++ support broadcast in the same way as ipv4? What of DHCP relays? They will need to be upgraded I presume. So let's say we've solved all the issues with getting on a network, talking over a LAN, acquiring an ipv4++ address, finding our ipv4++ capable router and resolving ipv4++ addresses. My application is ready to send an ipv4++ packet to a remote destionation. But what does an ipv4++ packet look like on the wire? Is it an ipv4 packet with bigger address fields? An ipv4 packet with an extension? Or do you propose inventing a new IP type? Do these packets pass thru ipv4-only routers untainted or must they be "concentrated" beforehand? Won't all the firewalls and router vendors need to change their products to allow such packets to pass? Normally oddball ipv4 packets are dropped of course. As we know, vendor changes can notoriously take decades; just ask the ipv6 crowd. Ok. We've upgraded all our infrastructure to route ipv4++ packets. The packet reached the edge of our network. But how does the edge know that the next hop (our ISP) supports ipv4++ packets? Do routers have to exchange capabilities with each ipv4++ other? How do they do that? For that matter, how does my application know that the whole path thru to the destination supports ipv4++? It only needs one transition across an ipv4-only network somewhere in the path and the packet will be dropped. I think you're going to have to advertise ipv4++ reachability on a per-network basis. Perhaps using BGP? Oh, so that means your patch has to add ipv4++ capabilities to all BGP implementations. Hmm.
However, to get back 192.168.0.1 can proxy through an IPv4.1 to IPv4.2 concentration system.
Sounds like you're proposing a global deployment of reverse CG-NATs (aka concentrators) which need to run for as long as the transition takes. Do you run concentrators on ISP borders where one party is ipv4 and the other party is ipv4++? Not sure a lot of edge/border routers have the memory footprint or CPU grunt to maintain NAT tables that might involve 1,000s or millions of flows. Your patch might have to include a memory upgrade. Will these address ranges fit into 32bit CAM or will routers need to drop back to regular memory and software lookups? That's a pretty nasty performance hit which was an argument against ipv6 for quite a while. One of the bigger problems with your "concentrators" (apart from who implements them and where) is that they mask the address of all incoming connections originating from ipv4++ sources. Lots and lots of products and tools rely on source addresses to uniquely identify friend or foe: VPNs, iptable filters, Rate-limiters, Antispam systems, etc. Can you give an example of how 43.23.0.0.12.168.0.1 collapsed down to an ipv4 address and still allows an ipv4 recipient to uniquely identify the true source? I'm going to suggest it's not possible. These concentrators effectively create false-identification risk for ipv4++ early adopters just as CG-NATs do for clients. You might need to have a think about a global deployment of concentrators. On another front. What of all the IP addresses stored on disk? Every s/w product, program and database which parses or manages IP addresses needs to change to support ipv4++. IPAMs, dhcp configs, access control lists, DNS config parsers, ipv4++RBL lookups, anti-spam filters, firewall rules, almost all of the 1,000s upon 1,000s of network applications, the myriad private databases, geo-location lookup tools, reporting tools and much more besides. This is a shedload of work. And what of those systems which rely on the address space fitting in memory? I'm embarrassed to say I was involved with one of those in this century - blush. 32bits is tractable on current computers, but 64 bits for ipv4++, not so much. Such applications need a ground-up redesign to cope with the larger addresses. You might argue that tooling and source address management can come later, but it can't. You need at least dhcp, dns, arp, concentrators, router "patches", switch "patches", bgp support, application code changes and inbound protection mechanisms in place before a single production ipv4++ packet can be exchanged. And any decent ISP is going to want far more than those basics in place prior to carrying ipv4++ packets on behalf of their customers: address management, diagnostic tools, training, portals, billing systems, etc. All in all, this doesn't sounds "simple and quick to deploy". Rather, one could argue that ipv4++ effectively recreated much of the work required to get ipv6 ipv4++ running with added complexity in the form of "concentrations" and address masking. And the reason for the similarity is simple: it's the address size increase which creates much of the work. Whether these larger addresses are stashed in minimally augmented ipv4 containers or brand new ipv6 containers is secondary. The whole planet spent decades writing code, designing data structures and building h/w which fundamentally relies on addresses being 32bits long. Add a single bit to that in any way and you pretty much break everything. But here's the real problem with ipv4++. It's a technical solution to an incentive problem. If good ol' ipv4 runs just fine while the internet transitions to your brand new ipv4++, what incentive is there for *any* of the ipv4 crowd to ever upgrade? Won't you end up in exactly the same situation we have today with ipv6? Not enough incentive to adopt? You need a rock solid incentive which more or less compells everyone to move to ipv4++ in a timely manner. You also need to show how that incentive can't be applied to ipv6. Solve both of these and you might be on to something. Mark.
At the IP level, packets are stateless. This means that there is no such thing as a “unidirectional” flow of packets. Virtually every useful flow of packets in one direction requires a relatively symmetrical flow of packets in the other direction. Thus, even if you can “increase the size of the source address at transition” in one direction, this utterly ignores the requirement that this process must be reversible to send replies. Owen
On Mar 21, 2022, at 00:45, Vasilenko Eduard via NANOG <nanog@nanog.org> wrote:
Hi all, Hierarchical addressing when the small zone has a smaller address size, but the bigger zone has a bigger address size Does not make too much sense. Indeed, it is possible to increase the source address from 32bits to something bigger when the packet would go out of the small zone (and decrease when the packet would go in the reverse direction). But it is not possible to do the same for the destination address - it should be long enough (more the 32bits) from the source host to point to another host far away.
Hence, the assumption below is optimistic that may be smooth interoperability between smaller and bigger address spaces. It is the same disruptive as the introduction of IPv6. Eduard -----Original Message----- From: NANOG [mailto:nanog-bounces+vasilenko.eduard=huawei.com@nanog.org] On Behalf Of Mark Delany Sent: Sunday, March 20, 2022 7:25 AM To: nanog@nanog.org Subject: Re: V6 still not supported
On 19Mar22, Matt Hoppes allegedly wrote:
So, while it's true that a 192.168.0.1 computer couldn't connect to a 43.23.0.0.12.168.0.1 computer, without a software patch - that patch would be very simple and quick to deploy
Let's call this ipv4++
Question: How does 192.168.0.1 learn about 43.23.0.0.12.168.0.1? Is that a DNS lookup?
How does the DNS support ipv4++ addresses? Is that some extension to the A RR? It better be an extension that doesn't break packet validation rules embeded in most DNS libraries and middleware. You give 'em an A RData longer than 32 bits and they're going to drop it with prejudice. Perhaps you should invent a new ipv4++ address RR to avoid some of these issues?
In either case, how does every program on my ipv4 computer deal with these new addresses that come back from a DNS lookup? Do you intend to modify every DNS library to hide these extensions from older programs? How do you do that exactly? What about my home-grown DNS library? Who patches that?
Here's a code fragment from my ipv4-only web browser:
uint32 ip ip = dnslookup("www.rivervalleyinternet.net", TypeA) socket = connect(ip)
What does 'ip' contain if www.rivervalleyinternet.net is ipv4++ compliant and advertises 43.23.0.0.199.34.228.100? Do these magical concentrators sniff out DNS queries and do some form of translation? How does that work with DoH and DoT?
Or are you suggesting that www.rivervalleyinternet.net continues to advertise and listen on both 43.23.0.0.199.34.228.100 *and* good ol' 199.34.228.100 until virtually every client and network on the planet transitions to ipv4++? In short, the transition plan is to have www.rivervalleyinternet.net run dual-stacked for many years to come. Yes?
Speaking of DNS lookups. If my ipv4++ DNS server is on the same LAN as my laptop, how do I talk to it? You can't ARP for ipv4++ addresses, so you'll have to invent a new ARP protocol type or a new LAN protocol. Is that in your patch too? Make sure the patch applies to network devices running proxy ARP as well, ok?
If I connect to an ipv4++ network, how do I acquire my ipv4++ address? If it's DHCP, doesn't that require an extension to the DHCP protocol to support the larger ipv4++ addresses? So DHCP protocol extensions and changes to all DHCP servers and clients are part of the patch too, right? Or perhaps you plan to invent a new DHCP packet which better accomodates all of the ipv4++ addresses that can get returned? Still plenty of code changes.
And how do I even do DHCP? Does ipv4++ support broadcast in the same way as ipv4? What of DHCP relays? They will need to be upgraded I presume.
So let's say we've solved all the issues with getting on a network, talking over a LAN, acquiring an ipv4++ address, finding our ipv4++ capable router and resolving ipv4++ addresses. My application is ready to send an ipv4++ packet to a remote destionation.
But what does an ipv4++ packet look like on the wire? Is it an ipv4 packet with bigger address fields? An ipv4 packet with an extension? Or do you propose inventing a new IP type? Do these packets pass thru ipv4-only routers untainted or must they be "concentrated" beforehand? Won't all the firewalls and router vendors need to change their products to allow such packets to pass? Normally oddball ipv4 packets are dropped of course. As we know, vendor changes can notoriously take decades; just ask the ipv6 crowd.
Ok. We've upgraded all our infrastructure to route ipv4++ packets. The packet reached the edge of our network. But how does the edge know that the next hop (our ISP) supports ipv4++ packets? Do routers have to exchange capabilities with each ipv4++ other? How do they do that?
For that matter, how does my application know that the whole path thru to the destination supports ipv4++? It only needs one transition across an ipv4-only network somewhere in the path and the packet will be dropped. I think you're going to have to advertise ipv4++ reachability on a per-network basis. Perhaps using BGP? Oh, so that means your patch has to add ipv4++ capabilities to all BGP implementations. Hmm.
However, to get back 192.168.0.1 can proxy through an IPv4.1 to IPv4.2 concentration system.
Sounds like you're proposing a global deployment of reverse CG-NATs (aka concentrators) which need to run for as long as the transition takes. Do you run concentrators on ISP borders where one party is ipv4 and the other party is ipv4++? Not sure a lot of edge/border routers have the memory footprint or CPU grunt to maintain NAT tables that might involve 1,000s or millions of flows. Your patch might have to include a memory upgrade. Will these address ranges fit into 32bit CAM or will routers need to drop back to regular memory and software lookups? That's a pretty nasty performance hit which was an argument against ipv6 for quite a while.
One of the bigger problems with your "concentrators" (apart from who implements them and where) is that they mask the address of all incoming connections originating from ipv4++ sources. Lots and lots of products and tools rely on source addresses to uniquely identify friend or foe: VPNs, iptable filters, Rate-limiters, Antispam systems, etc. Can you give an example of how 43.23.0.0.12.168.0.1 collapsed down to an ipv4 address and still allows an ipv4 recipient to uniquely identify the true source? I'm going to suggest it's not possible. These concentrators effectively create false-identification risk for ipv4++ early adopters just as CG-NATs do for clients.
You might need to have a think about a global deployment of concentrators.
On another front. What of all the IP addresses stored on disk? Every s/w product, program and database which parses or manages IP addresses needs to change to support ipv4++. IPAMs, dhcp configs, access control lists, DNS config parsers, ipv4++RBL lookups, anti-spam filters, firewall rules, almost all of the 1,000s upon 1,000s of network applications, the myriad private databases, geo-location lookup tools, reporting tools and much more besides. This is a shedload of work.
And what of those systems which rely on the address space fitting in memory? I'm embarrassed to say I was involved with one of those in this century - blush. 32bits is tractable on current computers, but 64 bits for ipv4++, not so much. Such applications need a ground-up redesign to cope with the larger addresses.
You might argue that tooling and source address management can come later, but it can't. You need at least dhcp, dns, arp, concentrators, router "patches", switch "patches", bgp support, application code changes and inbound protection mechanisms in place before a single production ipv4++ packet can be exchanged. And any decent ISP is going to want far more than those basics in place prior to carrying ipv4++ packets on behalf of their customers: address management, diagnostic tools, training, portals, billing systems, etc.
All in all, this doesn't sounds "simple and quick to deploy". Rather, one could argue that ipv4++ effectively recreated much of the work required to get ipv6 ipv4++ running with added complexity in the form of "concentrations" and address masking. And the reason for the similarity is simple: it's the address size increase which creates much of the work. Whether these larger addresses are stashed in minimally augmented ipv4 containers or brand new ipv6 containers is secondary. The whole planet spent decades writing code, designing data structures and building h/w which fundamentally relies on addresses being 32bits long. Add a single bit to that in any way and you pretty much break everything.
But here's the real problem with ipv4++. It's a technical solution to an incentive problem.
If good ol' ipv4 runs just fine while the internet transitions to your brand new ipv4++, what incentive is there for *any* of the ipv4 crowd to ever upgrade? Won't you end up in exactly the same situation we have today with ipv6? Not enough incentive to adopt?
You need a rock solid incentive which more or less compells everyone to move to ipv4++ in a timely manner. You also need to show how that incentive can't be applied to ipv6. Solve both of these and you might be on to something.
Mark.
Owen DeLong via NANOG <nanog@nanog.org> writes:
Virtually every useful flow of packets in one direction requires a relatively symmetrical flow of packets in the other direction.
Packet captures are useful without anything being returned. It's not uncommon to use some sort of unidirectional tunnel to transport captures over an IP-network. Same goes for logging. Traditional udp syslog is a one-way street. And I'm sure there are more examples. Not that I think it matters in this discussion, which appears more circular than bidirectional. Bjørn
On Mar 21, 2022, at 12:21, Bjørn Mork <bjorn@mork.no> wrote:
Owen DeLong via NANOG <nanog@nanog.org> writes:
Virtually every useful flow of packets in one direction requires a relatively symmetrical flow of packets in the other direction.
Packet captures are useful without anything being returned. It's not uncommon to use some sort of unidirectional tunnel to transport captures over an IP-network.
By definition, packet captures can’t be more than 50% of useful traffic and the traffic they are capturing is almost certainly a bidirectional flow of some form. I’m willing to bet that packet captures are well below 1% of all traffic. I’m willing to bet that less than 25% of all packet captures are transported Over unidirectional tunnels, though I admit I could be wrong about this.
Same goes for logging. Traditional udp syslog is a one-way street.
True, but most environments I’m familiar with have been moving away from syslog in favor of some form of guaranteed delivery, which requires a two-way street. Also, if a significant fraction of your traffic is logging, you’re probably doing something wrong. (Note the word “Virtually” in “Virtually all”).
And I'm sure there are more examples.
Perhaps, but I still say that in terms of overall total traffic, they are mostly a rounding error.
Not that I think it matters in this discussion, which appears more circular than bidirectional.
That’s probably fair. Owen
----- On Mar 19, 2022, at 6:44 PM, Matt Hoppes mattlists@rivervalleyinternet.net wrote:
After a time of transition, all clients would be running 128 bit addresses (or whatever length was determined to be helpful).
What you describe is literally IPv6.
Just like with IPv6, there would be a transition period, but during that time software updates would very easily bring equipment up to spec much faster and quicker.
If it is so easy, then why is some software not yet supporting IPv6? What makes you think that lazy software developers would suddenly become interested in this new IP when they don't seem interested in the current standard? I don't get what you are trying to accomplish here that is not already covered by IPv6.
It would also be extremely easy to perform a translation operations on equipment that required it for some reason since we're still operating in the same basic IPv4 dotted notation system.
No, it wouldn't. You have a fundamental misunderstanding about how IP addresses work. Nothing stores IP addresses in the classic (and horrible) IPv4-style dotted notation. IPs are stored as binary numbers, be they 32-bit, or 128-bit. The way they are displayed are just a shorthand to make reading them easier (although, the variable character length of IPv4 is really annoying, but is fixed in IPv6)
A computer running at 32.23.0.0.12.168.0.1 wants to access 192.168.0.1. It has no problem sending out the request, since 192.168.0.1 is a subset of the protocol 32.23.0.x has. However, to get back 192.168.0.1 can proxy through an IPv4.1 to IPv4.2 concentration system. This very quickly allows for rapid deployment and upgrading.
I suspect if such a system was implemented the uptake would be very very fast.
Again, you are basically talking about IPv6. I am still missing where you have some way to accomplish the same goal without having every system have to be re-written (again). Why would we want to start again at 0% when we are a significant portion of the way to full IPv6 deployment?
IPv6 deployment is been so slow because it was not carefully thought through from an ISP deployment perspective. (For example, how the DHCPv6 request doesn't send the device MAC address through, thus preventing the ISP from being able to authorize the device or hand out a specific IP range).
As others have said, this has been fixed. I do agree that leaving out DHCP was shortsighted. But it was relatively easily added (just like it was for IPv4). Just because the current implementation and best practice for a protocol doesn't meet a specific need of yours doesn't mean we should go back to the drawing board and re-implement the entire networking stack again.
Heck, even allowing hex in the dotted quad would resolve a lot of issue. The issue with IPv6 is NOT the hex. It's the way things were implemented within the protocol stack.
As above, I will point out that you seem to have a misunderstanding of what IPv6 is and is not. Hex vs. dotted quad is merely a display standard having nothing to do with anything that really matters (router code, etc). What you seem to be proposing is just a different way to represent 128-bit addresses, which would make them difficult to distinguish from 32-bit addresses. These issues have long been worked out by many very smart people. -Randy
I know its the same, but from UX standpoints looks different. Anyway, that was just one example. As for IPv6 -> IPv4 (note the arrow) its pretty much easy. IPv6 have much bigger address space, so it can embed IPv4 addresses in special interop subnets that are routed to special NAT GW that handle IPv6 -> IPv4 translation. Thats right, its one way. IPv4 -> IPv6 is pretty much impossible. But do we need one? Todays internet is centralized, a lot of traffic goes into cloud, not between users. Also, transition is not 0 -> 1, its gradual. Same about users. Some even dont really understand what they are using, happy that netflix or facebook opens. There are of course power users, so they will go different transition path. Dont put everyone into same bucket. As for content providers (servers) they can stay for IPv4 for a while, become dual stack or even (once a traffic level shifts) provide IPv4 -> IPv6 balancers to handle leftovers of IPv4 traffic. Also, not all services can work via proxying/balacing. Some services needs to be dual stack from the start. As for RFC1918, because why not? Why are you forcing me to run my networks your way? Its mine network and I want to set it up the way I see fit. Not everyone is going to ask RIPE/LIR was address space for his small network. Isnt that too much burden? ---------- Original message ---------- From: Owen DeLong <owen@delong.com> To: borg@uu3.net Cc: nanog@nanog.org Subject: Re: V6 still not supported Date: Fri, 18 Mar 2022 13:44:13 -0700 This shows a fundamental lack of understanding˙˙ Netmask and Prefixlen/CIDR are just Different ways of representing the exact same thing. While it˙˙s true that prior to CIDR, one COULD implement discontiguous net masks, this was rare in actual practice and had no real use, so nothing was lost in eliminating that capability. Internal to the operating system, regardless of whether presentation is as a CIDR length or a netmask, it˙˙s still stored and compared against addresses as a bitfield. Client A has a 128 bit address. Client B has a 32 bit address and does not understand packets with 128-bit addresses. Please explain how these two clients interoperate. That is literally what you are asking for here. Math says it doesn˙˙t work. Why? Why does RFC-1918 space need to exist at all? Why not simply use transparent addressing and stop mutilating packet headers? However, if you really think this is important, I will refer you to what is called ULA in IPv6. It˙˙s pretty much all the same problems of RFC1918 minus the high probability of collision when merging two networks. I think you have over-valued it. Owen
It appears that Matt Hoppes <mattlists@rivervalleyinternet.net> said:
At this point I would *love* to see IPv4 get extended, a software patch applied to devices, and IPv6 die a quick painless death.
The people at the IETF may be shortsighted, but not *that* shortsighted. If adding 16 more /8's would have been enough, they would have done it. But anyone with his or her eyes open knows that's silly. IPv6 certainly has its problems but it's the only bigger address space we've got. R's, John
A very long thread. Face it: everyone is right, and even technically correct. There's no good and evil. We'd know, after 20 years. I live in France and my country has a famous 100-years war in its long history with England. Do we want to beat this here? The plain truth: - IPv4 is here to stay. Some v4-only nodes and functionalities are here to stay. Plenty of reasons for that in this thread. - IPv6 is unavoidable. New devices like phones and IOT need it, many IPv6 only in that space, numbers only growing The things everyone agrees upon: - Dual stack everywhere and forever is the worst of both worlds as it doubles every cost, and that will remain long as the war rages - Stateful NATs the size of the Internet not doable, which in my book says that isolation not only unavoidable but already there. An the illusions: - any-to-any is required. In particular, any IPv4-only to any-IPv6 only. I'm not talking security but plain functionality. And yes, exceptions if they are few can be handled by expensive stateful NATs when the cost is justified - the Internet is a big homogenous thing. The more it expands, the more we see domains forming where specific capabilities are deployed, and because we fail to handle that at L3, we mask the functionalities above UDP. If we agree on the above then a compromise is possible. Ideally, the compromise would: - maintain the current state of v4 affairs for those who want that - scale v4 addresses for those who want that - provide v4 to v6 stateless NATs for this who want that, and - allow networks to be either of the 2 versions for those who want that. SciFi? There's a proposed starting point for that compromise in the yada-yatt draft published at IETF v6ops. The key is to use baby steps between locations (in the transition plan) where people can be at ease and stay as long as they want to, as opposed to enforcing a giant zero-to-hero illusionary step. Are you ready for that, or should we wait another 80 years with dual stack and gigantic stateful NATs? Pascal
Are you ready for that, or should we wait another 80 years with dual stack and gigantic stateful NATs?
That's what this network is going to do: https://www.aa.net.uk/etc/news/ipv6-end-of-trial/ There is something odd about the day this was published, though. Rubens
He he, why do you think YADA starts with yet another? The devil is in the details I guess. AA makes A twice longer, that's the easy piece. But then, what is the story for the A->AA transition? The key piece the concept of the shaft, that enables to transit AA between levels while seeing plain IPv4 in each realm. It is as necessary for parallel planes as RFC 1918 is necessary for the private domains. In fact that could be seen as the reverse. The Internet connects multiple private domains using NATs. The shaft connects multiple internets using IP-in-IP. But it has to be the exact same (assigned) IPv4 footprint at every layer. But for any of that to happen you need at least a IANA assignment and a Linux or two that play ball. We need to think that through before we waste the last IPv4 free land, or assign 240.0.0.0/4 Agreed, the publication for the link below day is incredibly timely. Such is the request to pay for natural resources with a declining currency. Let us assign the YADA prefix and start experiment 2, baby step 1. Keep safe; Pascal
-----Original Message----- From: Rubens Kuhl <rubensk@gmail.com> Sent: vendredi 1 avril 2022 12:32 To: Pascal Thubert (pthubert) <pthubert@cisco.com> Cc: nanog@nanog.org Subject: Re: V6 still not supported
Are you ready for that, or should we wait another 80 years with dual stack and gigantic stateful NATs?
That's what this network is going to do: https://www.aa.net.uk/etc/news/ipv6-end-of-trial/
There is something odd about the day this was published, though.
Rubens
Pascal Thubert (pthubert) via NANOG wrote:
- Stateful NATs the size of the Internet not doable,
Stateful NATs are necessary only near leaf edges of ISPs for hundreds of customers or, may be, a little more than that and is doable. If you make the stateful NATs static, that is, each private address has a statically configured range of public port numbers, it is extremely easy because no logging is necessary for police grade audit trail opacity. Masataka Ohta
On Fri, Apr 1, 2022 at 6:37 AM Masataka Ohta < mohta@necom830.hpcl.titech.ac.jp> wrote:
If you make the stateful NATs static, that is, each private address has a statically configured range of public port numbers, it is extremely easy because no logging is necessary for police grade audit trail opacity.
Masataka Ohta
Hi Masataka, One quick question. If every host is granted a range of public port numbers on the static stateful NAT device, what happens when two customers need access to the same port number? Because there's no way in a DNS NS entry to specify a port number, if I need to run a DNS server behind this static NAT, I *have* to be given port 53 in my range; there's no other way to make DNS work. This means that if I have two customers that each need to run a DNS server, I have to put them on separate static NAT boxes--because they can't both get access to port 53. This limits the effectiveness of a stateful static NAT box to the number of customers that need hard-wired port numbers to be mapped through; which, depending on your customer base, could end up being all of them, at which point you're back to square one, with every customer needing at least 1 IPv4 address dedicated to them on the NAT device. Either that, or you simply tell your customers "so sorry you didn't get on the Internet soon enough; you're all second class citizens that can't run your own servers; if you need to do that, you can go pay Amazon to host your server needs." And perhaps that's not as unreasonable as it first sounds; we may all start running IPv4-IPv6 application gateways on Amazon, so that IPv6-only networks can still interact with the IPv4-only internet, and Amazon will be the great glue that holds it all together. tl;dr -- "if only we'd thought of putting a port number field in the NS records in DNS back in 1983..." Matt
Hi, Matt: 1) The challenge that you described can be resolved as one part of the benefits from the EzIP proposal that I introduced to this mailing list about one month ago. That discussion has gyrated into this thread more concerned about IPv6 related topics, instead. If you missed that introduction, please have a look at the following IETF draft to get a feel of what could be done: https://datatracker.ietf.org/doc/html/draft-chen-ati-adaptive-ipv4-address-s... 2) With respect to the specific case you brought up, consider the EzIP address pool (240/4 netblock with about 256M addresses) as the replacement to that of CG-NAT (100.64/10 netblock with about 4M addresses). This much bigger (2^6 times) pool enables every customer premises to get a static IP address from the 240/4 pool to operate in simple router mode, instead of requesting for a static port number and still operates in NAT mode. Within each customer premises, the conventional three private netblocks may be used to handle the hosts (IoTs). 3) There is a whitepaper that presents an overview of other possibilities based on EzIP approach: https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf Hope the above makes sense to you. Regards, Abe (2022-04-02 23:10) On 2022-04-02 16:25, Matthew Petach wrote:
On Fri, Apr 1, 2022 at 6:37 AM Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
If you make the stateful NATs static, that is, each private address has a statically configured range of public port numbers, it is extremely easy because no logging is necessary for police grade audit trail opacity.
Masataka Ohta
Hi Masataka, One quick question. If every host is granted a range of public port numbers on the static stateful NAT device, what happens when two customers need access to the same port number?
Because there's no way in a DNS NS entry to specify a port number, if I need to run a DNS server behind this static NAT, I *have* to be given port 53 in my range; there's no other way to make DNS work. This means that if I have two customers that each need to run a DNS server, I have to put them on separate static NAT boxes--because they can't both get access to port 53.
This limits the effectiveness of a stateful static NAT box to the number of customers that need hard-wired port numbers to be mapped through; which, depending on your customer base, could end up being all of them, at which point you're back to square one, with every customer needing at least 1 IPv4 address dedicated to them on the NAT device.
Either that, or you simply tell your customers "so sorry you didn't get on the Internet soon enough; you're all second class citizens that can't run your own servers; if you need to do that, you can go pay Amazon to host your server needs."
And perhaps that's not as unreasonable as it first sounds; we may all start running IPv4-IPv6 application gateways on Amazon, so that IPv6-only networks can still interact with the IPv4-only internet, and Amazon will be the great glue that holds it all together.
tl;dr -- "if only we'd thought of putting a port number field in the NS records in DNS back in 1983..."
Matt
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Hi Abraham, I propose you improve EzIP by the advice in the draft on the way how to randomize small sites choice inside 240/4 (like in ULA?). To give the chance for the merge that may be needed for a business. Minimize probability for address duplication inside 240/4 block (that everybody would use). You have not discussed in the document CGNAT case that is typically called NAT444 (double NAT translation). I assume it is possible, but would be a big question how to coordinate one 240/4 distribution between all subscribers. Because address space between Carrier and Subscriber are Private too. I do not see a big difference between EzIP and NAPT that we have right now. Explanation: Initially, the majority of servers on the internet would not be capable to read Ez options (private 240/4 address extension). Hence, the Web server would see just UDP:Public_IP. The gateway (that would be exposing 240/4 options) would need additionally to translate UDP ports to avoid a collision (as usual for NAPT). The gateway could not stop NAPT till the last server on the internet would be capable to read address extension (240/4) in options, because the gateway would not know what server is capable to parse EzIP options. It means NEVER, at least not in this century. Hence, the additional value from EzIP is small, because the primary job would be still done by NAPT. You could try to patch this problem. If the new server would signal to the gateway that it is capable to understand EzIP options then overlapping UDP ports from the same Public IP address would be not a problem, because the server may additionally use private address space for traffic multiplexing. IMHI: it would be a very dirty work-around if servers would need to teach their capabilities to every NAPT device. Sorry, I have not read all 55 pages, but the principal architecture questions are not possible to understand from the first 9 pages. Your first pages are oriented for low-level engineers (“for dummies”). Eduard From: NANOG [mailto:nanog-bounces+vasilenko.eduard=huawei.com@nanog.org] On Behalf Of Abraham Y. Chen Sent: Sunday, April 3, 2022 6:14 AM To: Matthew Petach <mpetach@netflight.com>; Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Cc: nanog@nanog.org Subject: Enhance CG-NAT Re: V6 still not supported Hi, Matt: 1) The challenge that you described can be resolved as one part of the benefits from the EzIP proposal that I introduced to this mailing list about one month ago. That discussion has gyrated into this thread more concerned about IPv6 related topics, instead. If you missed that introduction, please have a look at the following IETF draft to get a feel of what could be done: https://datatracker.ietf.org/doc/html/draft-chen-ati-adaptive-ipv4-address-s... 2) With respect to the specific case you brought up, consider the EzIP address pool (240/4 netblock with about 256M addresses) as the replacement to that of CG-NAT (100.64/10 netblock with about 4M addresses). This much bigger (2^6 times) pool enables every customer premises to get a static IP address from the 240/4 pool to operate in simple router mode, instead of requesting for a static port number and still operates in NAT mode. Within each customer premises, the conventional three private netblocks may be used to handle the hosts (IoTs). 3) There is a whitepaper that presents an overview of other possibilities based on EzIP approach: https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf Hope the above makes sense to you. Regards, Abe (2022-04-02 23:10) On 2022-04-02 16:25, Matthew Petach wrote: On Fri, Apr 1, 2022 at 6:37 AM Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp<mailto:mohta@necom830.hpcl.titech.ac.jp>> wrote: If you make the stateful NATs static, that is, each private address has a statically configured range of public port numbers, it is extremely easy because no logging is necessary for police grade audit trail opacity. Masataka Ohta Hi Masataka, One quick question. If every host is granted a range of public port numbers on the static stateful NAT device, what happens when two customers need access to the same port number? Because there's no way in a DNS NS entry to specify a port number, if I need to run a DNS server behind this static NAT, I *have* to be given port 53 in my range; there's no other way to make DNS work. This means that if I have two customers that each need to run a DNS server, I have to put them on separate static NAT boxes--because they can't both get access to port 53. This limits the effectiveness of a stateful static NAT box to the number of customers that need hard-wired port numbers to be mapped through; which, depending on your customer base, could end up being all of them, at which point you're back to square one, with every customer needing at least 1 IPv4 address dedicated to them on the NAT device. Either that, or you simply tell your customers "so sorry you didn't get on the Internet soon enough; you're all second class citizens that can't run your own servers; if you need to do that, you can go pay Amazon to host your server needs." And perhaps that's not as unreasonable as it first sounds; we may all start running IPv4-IPv6 application gateways on Amazon, so that IPv6-only networks can still interact with the IPv4-only internet, and Amazon will be the great glue that holds it all together. tl;dr -- "if only we'd thought of putting a port number field in the NS records in DNS back in 1983..." Matt [https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif]<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon> Virus-free. www.avast.com<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link>
Hi, Eduard: 0) Appreciate very much for you spending the time to read all 55 pages of our draft and then offering your extensive thoughts. 1) "....Your first pages are oriented for low-level engineers (“for dummies”). ... ": Thanks. I believe that the Abstract, Introduction, etc. at the beginning of a document are intended for "dummies" and those busy high level executives to get a quick overview. Unless, the descriptions are sugar coated to mislead the reader. In general, however, I do admit that we have not done a good job of describing the EzIP solution from the perspectives of colleagues who are used to the current "Internet way". This is because we approached the topic from an outsider's viewpoint, and there are more than a few parameters behind the EzIP scheme that do not follow the current approaches, but the alternatives which could be regarded as opposing techniques. We will need to highlight these to alert the readers of the distinction. If you could treat the EzIP scheme as unorthodox, but patiently review it with a pair of critical eyes, I believe that you will see that the below explanations are realistic. 2) " ... To give the chance for the merge that may be needed for a business. Minimize probability for address duplication inside 240/4 block (that everybody would use). ...how to coordinate one 240/4 distribution between all subscribers. Because address space between Carrier and Subscriber are Private too. ": The implied EzIP address management is by one administrative body per 240/4 netblock with considerations such as static, geolocation and hierarchical. Thus, there will not be issues when businesses merge. This implies that the 240/4 should be respected as "*/natural resources/*", instead of the current treatment of being "*/personal properties/*", actually "*/business property/*". --- This is analogous to how PSTN numbers were handled in the old days. 3) "... You have not discussed in the document CGNAT case that is typically called NAT444 (double NAT translation). ... ": If I understand NAT444 properly, it is a network architecture going from RG-NAT (Residential / Routing Gateway NAT) at one end of a link through CG-NAT (Carrier Grade NAT) in the middle before reaching the public Internet network. What EzIP proposes to do is to replace the CG-NAT with a basic router. This can be achieved by simply assigning a 240/4 address permanently to each subscriber premises that currently makes use of a dynamic port number, without affecting the hardware equipment nor the networking architecture. For software implementation, enabling the use of 240/4 netblock is all what is needed. At least, we have identified a simple case for the inspiration. And, the "IPv4 Unicast Extension" project has found numerous equipment already supporting 240/4. 4) " ... I do not see a big difference between EzIP and NAPT that we have right now. ... ": Precisely! Please see Pt. 3) above. Simply put, EzIP is a numbering plan upgrade for CG-NAT. 5) " ... Initially, the majority of servers on the internet would not be capable to read Ez options (private 240/4 address extension). ... ": Correct. But, this is only needed when we extend EzIP service to include the true end-to-end connectivity between any two premises around the world like the IDDD (International Direct Distance Dialing) of the PSTN. The initial EzIP deployment is only RAN that upgrades the CG-NAT modules in a coordinated process (see Pt. 2) above). Even so, it can be done progressively by individual routers within a CG-NAT operation. That is, enable the root level routers to be able to handle 240/4 addressed packets for simple routing. Then, enable the next level routers to do the same. These are just standby capabilities until each of the lowest level (the subscriber premises) routers (the RGs) is assigned with a static 240/4 address. At that point, the NAT functions in the CG-NAT routers can be retired to standby status. This RAN architecture will last a pretty long time because the Internet is currently predominantly operated in Master/Slave mode by CDNs that are doing well with their Sever/Client model. By the time the end-to-end connectivity between different RANs is needed, either the RANs can designate some of their own routers (the SPRs) for such interconnect function, or certain existing Internet routers have been enabled to handle the Option Words. 6 " ....The gateway (that would be exposing 240/4 options) would need additionally to translate UDP ports to avoid a collision (as usual for NAPT). The gateway could not stop NAPT till the last server on the internet would be capable to read address extension (240/4) in options .... ": The gateway of a RAN cluster (we call it a Sub-Internet) or a CDN module is not expected to make any changes from today's configuration for packet transmission between it and the Internet. For the CDN operation, the gateway has already been performing the address translation between unrelated IP address blocks as a two-port device. For packets going through it, it will continue to perform its NAT function. There is no reason to announce to the world that its internal addresses have been updated to 240/4. 7) "... IMHI: it would be a very dirty work-around if servers would need to teach their capabilities to every NAPT device. ... ": Based on the above description, I hope you will change your conclusion. I look forward to your further thoughts. Regards, Abe (2022-04-04 12:13 EDT) On 2022-04-04 06:32, Vasilenko Eduard wrote:
Hi Abraham,
I propose you improve EzIP by the advice in the draft on the way how to randomize small sites choice inside 240/4 (like in ULA?).
To give the chance for the merge that may be needed for a business. Minimize probability for address duplication inside 240/4 block (that everybody would use).
You have not discussed in the document CGNAT case that is typically called NAT444 (double NAT translation).
I assume it is possible, but would be a big question how to coordinate one 240/4 distribution between all subscribers. Because address space between Carrier and Subscriber are Private too.
I do not see a big difference between EzIP and NAPT that we have right now. Explanation:
Initially, the majority of servers on the internet would not be capable to read Ez options (private 240/4 address extension).
Hence, the Web server would see just UDP:Public_IP.
The gateway (that would be exposing 240/4 options) would need additionally to translate UDP ports to avoid a collision (as usual for NAPT).
The gateway could not stop NAPT till the last server on the internet would be capable to read address extension (240/4) in options, because the gateway would not know what server is capable to parse EzIP options.
It means NEVER, at least not in this century. Hence, the additional value from EzIP is small, because the primary job would be still done by NAPT.
You could try to patch this problem. If the new server would signal to the gateway that it is capable to understand EzIP options then overlapping UDP ports from the same Public IP address would be not a problem, because the server may additionally use private address space for traffic multiplexing.
IMHI: it would be a very dirty work-around if servers would need to teach their capabilities to every NAPT device.
Sorry, I have not read all 55 pages, but the principal architecture questions are not possible to understand from the first 9 pages.
Your first pages are oriented for low-level engineers (“for dummies”).
Eduard
*From:*NANOG [mailto:nanog-bounces+vasilenko.eduard=huawei.com@nanog.org] *On Behalf Of *Abraham Y. Chen *Sent:* Sunday, April 3, 2022 6:14 AM *To:* Matthew Petach <mpetach@netflight.com>; Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> *Cc:* nanog@nanog.org *Subject:* Enhance CG-NAT Re: V6 still not supported
Hi, Matt:
1) The challenge that you described can be resolved as one part of the benefits from the EzIP proposal that I introduced to this mailing list about one month ago. That discussion has gyrated into this thread more concerned about IPv6 related topics, instead. If you missed that introduction, please have a look at the following IETF draft to get a feel of what could be done:
https://datatracker.ietf.org/doc/html/draft-chen-ati-adaptive-ipv4-address-s...
2) With respect to the specific case you brought up, consider the EzIP address pool (240/4 netblock with about 256M addresses) as the replacement to that of CG-NAT (100.64/10 netblock with about 4M addresses). This much bigger (2^6 times) pool enables every customer premises to get a static IP address from the 240/4 pool to operate in simple router mode, instead of requesting for a static port number and still operates in NAT mode. Within each customer premises, the conventional three private netblocks may be used to handle the hosts (IoTs).
3) There is a whitepaper that presents an overview of other possibilities based on EzIP approach:
https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf
Hope the above makes sense to you.
Regards,
Abe (2022-04-02 23:10)
On 2022-04-02 16:25, Matthew Petach wrote:
On Fri, Apr 1, 2022 at 6:37 AM Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
If you make the stateful NATs static, that is, each private address has a statically configured range of public port numbers, it is extremely easy because no logging is necessary for police grade audit trail opacity.
Masataka Ohta
Hi Masataka,
One quick question. If every host is granted a range of public port
numbers on the static stateful NAT device, what happens when
two customers need access to the same port number?
Because there's no way in a DNS NS entry to specify a
port number, if I need to run a DNS server behind this
static NAT, I *have* to be given port 53 in my range;
there's no other way to make DNS work. This means
that if I have two customers that each need to run a
DNS server, I have to put them on separate static
NAT boxes--because they can't both get access to
port 53.
This limits the effectiveness of a stateful static NAT
box to the number of customers that need hard-wired
port numbers to be mapped through; which, depending
on your customer base, could end up being all of them,
at which point you're back to square one, with every
customer needing at least 1 IPv4 address dedicated
to them on the NAT device.
Either that, or you simply tell your customers "so sorry
you didn't get on the Internet soon enough; you're all
second class citizens that can't run your own servers;
if you need to do that, you can go pay Amazon to host
your server needs."
And perhaps that's not as unreasonable as it first sounds;
we may all start running IPv4-IPv6 application gateways
on Amazon, so that IPv6-only networks can still interact
with the IPv4-only internet, and Amazon will be the great
glue that holds it all together.
tl;dr -- "if only we'd thought of putting a port number field
in the NS records in DNS back in 1983..."
Matt
Virus-free. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link>
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Matthew Petach wrote:
Hi Masataka,
Hi,
One quick question. If every host is granted a range of public port numbers on the static stateful NAT device, what happens when two customers need access to the same port number?
I mean static outgoing port number, but your concern should be well known incoming port number, which is an issue not specific to "static stateful" NAT.
Because there's no way in a DNS NS entry to specify a port number, if I need to run a DNS server behind this static NAT, I *have* to be given port 53 in my range; there's no other way to make DNS work.
And SMTP, as is explained in draft-ohta-e2e-nat-00: A server port number different from well known ones may be specified through mechanisms to specify an address of the server, which is the case of URLs. However, port numbers for DNS and SMTP are, in general, implicitly assumed by DNS and are not changeable. Or, a NAT gateway may receive packets to certain ports and behave as an application gateway to end hosts, if request messages to the server contains information, such as domain names, which is the case with DNS, SMTP and HTTP, to demultiplex the request messages to end hosts. However, for an ISP operating the NAT gateway, it may be easier to operate independent servers at default port for DNS, SMTP, HTTP and other applications for their customers than operating application relays. Though the draft is for E2ENAT, situation is same for any kind of NAT.
This means that if I have two customers that each need to run a DNS server, I have to put them on separate static NAT boxes--because they can't both get access to port 53.
See above for other possibilities.
This limits the effectiveness of a stateful static NAT box
For incoming port, static stateful NAT is no worse than dynamic NAT. Both may be configured to map certain incoming ports to certain local ports and addresses statically or dynamically with, say, UPnP. The point of static stateful NAT is for outgoing port that it does not require logging.
tl;dr -- "if only we'd thought of putting a port number field in the NS records in DNS back in 1983..."
And, MX. As named has "-p" option, I think some people were already aware of uselessness of the option in 1983. But, putting a port number field at that time is overkill. Masataka Ohta
Periodically I still do some work on routing protocols. 12? years ago I had kind of given up on ospf and isis, and picked the babel protocol as an IGP for meshy networks because I felt link-state had gone as far as it could and somehow unifying BGP DV with an IGP that was also DV (distance vector) seemed like a path forward. My question for this list is basically, has anyone noticed or fiddled with babel? It's supported in FRR, bird, and a very small standalone daemon. Anyway, after babel hit the ietf, development slowed down a lot, but along the way some useful innovations were made, notably a RTT metric, "source specific routing" for ipv6, HMAC authentication, and most recently, Juliusz's announcement of V4-via-v6 hit the git babeld codebase. To recap that: "V4-via-v6 routing is a routing technique that allows routers with only IPv6 addresses (including link-locals) to forward IPv4 packets. It doesn't involve encapsulation (tunnelling), it doesn't involve translation (NAT), it just works. For details, please see https://datatracker.ietf.org/doc/html/draft-ietf-babel-v4viav6 Short story: v4viav6 is enabled by default if your linux kernel is recent enough. Just upgrade babeld to current master, and you should see your v6-only routers forward IPv4 packets. In order to disable announcing of v4-via-v6 routes, add the following to your configuration file: default v4-via-v6 false Long story. There are two pieces to v4-via-v6: installing IPv4 routes with an IPv6 next hop, and announcing such routes. By default, babeld will: - install v4-via-v6 routes on Linux 5.2 and later; - announce v4-via-v6 routes on Linux 5.13 and later. (backports are available for various stable versions) The former behaviour cannot be overridden -- we always install v4-via-v6 routes if the kernel supports them, and (obviously) never do otherwise. The latter behaviour can be overridden by the interface option 'v4-via-v6'. Feel free to experiment, but be aware that enabling v4-via-v6 on an older kernel might create ICMP blackholes. Please let me know if you feel that it should be possible to completely disable v4-via-v6 even on newer kernels, and whether you feel that v4-via-v6 should be disabled by default. (The "Security Considerations" section of the draft cited above might be interesting.)" Enjoy, -- Juliusz Juliusz Chroboczek via alioth-lists.debian.net Thu, Mar 31, 3:30 PM (3 days ago) to babel-users, Théophile On Fri, Apr 1, 2022 at 2:17 AM Pascal Thubert (pthubert) via NANOG <nanog@nanog.org> wrote:
A very long thread.
Face it: everyone is right, and even technically correct. There's no good and evil. We'd know, after 20 years.
I live in France and my country has a famous 100-years war in its long history with England. Do we want to beat this here?
The plain truth:
- IPv4 is here to stay. Some v4-only nodes and functionalities are here to stay. Plenty of reasons for that in this thread. - IPv6 is unavoidable. New devices like phones and IOT need it, many IPv6 only in that space, numbers only growing
The things everyone agrees upon: - Dual stack everywhere and forever is the worst of both worlds as it doubles every cost, and that will remain long as the war rages - Stateful NATs the size of the Internet not doable, which in my book says that isolation not only unavoidable but already there.
An the illusions:
- any-to-any is required. In particular, any IPv4-only to any-IPv6 only. I'm not talking security but plain functionality. And yes, exceptions if they are few can be handled by expensive stateful NATs when the cost is justified - the Internet is a big homogenous thing. The more it expands, the more we see domains forming where specific capabilities are deployed, and because we fail to handle that at L3, we mask the functionalities above UDP.
If we agree on the above then a compromise is possible. Ideally, the compromise would: - maintain the current state of v4 affairs for those who want that - scale v4 addresses for those who want that - provide v4 to v6 stateless NATs for this who want that, and - allow networks to be either of the 2 versions for those who want that.
SciFi? There's a proposed starting point for that compromise in the yada-yatt draft published at IETF v6ops. The key is to use baby steps between locations (in the transition plan) where people can be at ease and stay as long as they want to, as opposed to enforcing a giant zero-to-hero illusionary step.
Are you ready for that, or should we wait another 80 years with dual stack and gigantic stateful NATs?
Pascal
-- I tried to build a better future, a few times: https://wayforward.archive.org/?site=https%3A%2F%2Fwww.icei.org Dave Täht CEO, TekLibre, LLC
Dave Taht wrote:
Periodically I still do some work on routing protocols. 12? years ago I had kind of given up on ospf and isis, and picked the babel protocol as an IGP for meshy networks because I felt link-state had gone as far as it could and somehow unifying BGP DV with an IGP that was also DV (distance vector) seemed like a path forward.
As DV depends other routers to choose the best path from several candidates updated asynchronously, which means it is against the E2E principle and decisions by other routers are delayed a lot to wait all the candidates are updated, it is hopeless. OTOH, LS only allows routers distribute the current most link states instantaneously and let end systems of individual routers compute the best path, LS converges quickly. BGP is DV because there is no way to describe policies of various domains and, even if it were possible, most, if not all, domains do not want to publish their policies in full detail.
My question for this list is basically, has anyone noticed or fiddled with babel?
No. Masataka Ohta
I'm actually not here to start a debate... happy to learn that the v4 over v6 feature I'm playing with actually exists in another protocol, mainly. I'm critically dependent on source specific routing, also, so I am hoping there's an isis or ospf that can do what I need, or now that I have more routers with enough memory, switch back to an ibgp. Is there a lightweight bgp client worth fiddling with? gobgp looked interesting. Presently I run bird in some places.... On Sun, Apr 3, 2022 at 6:49 AM Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
Dave Taht wrote:
Periodically I still do some work on routing protocols. 12? years ago I had kind of given up on ospf and isis, and picked the babel protocol as an IGP for meshy networks because I felt link-state had gone as far as it could and somehow unifying BGP DV with an IGP that was also DV (distance vector) seemed like a path forward.
As DV depends other routers to choose the best path from several candidates updated asynchronously, which means it is against the E2E principle and decisions by other routers are delayed a lot to wait all the candidates are updated, it is hopeless.
I like to think babel solved most of the problems that RIP had, and while an optimal state is slow to arrive in babel, a working state is immediate, it's loop free, and it had a rtt metric.
OTOH, LS only allows routers distribute the current most link states instantaneously and let end systems of individual routers compute the best path, LS converges quickly.
Ages ago, I'd written a tool to stress out various igps in a scenario where lots of routes were coming and going, called rtod. It pretty much broke all the daemons and protocols I'd had available to me at fairly low levels of churn. https://github.com/dtaht/rtod
BGP is DV because there is no way to describe policies of various domains and, even if it were possible, most, if not all, domains do not want to publish their policies in full detail.
yes, and for smaller networks that are interconnecting, bgp can be too heavyweight also.
My question for this list is basically, has anyone noticed or fiddled with babel?
No.
Masataka Ohta
-- I tried to build a better future, a few times: https://wayforward.archive.org/?site=https%3A%2F%2Fwww.icei.org Dave Täht CEO, TekLibre, LLC
On 4/4/22 03:06, Dave Taht wrote:
I'm actually not here to start a debate... happy to learn that the v4 over v6 feature I'm playing with actually exists in another protocol, mainly. I'm critically dependent on source specific routing, also, so I am hoping there's an isis or ospf that can do what I need, or now that I have more routers with enough memory, switch back to an ibgp.
Are MPLS or SR too heavy a bat?
yes, and for smaller networks that are interconnecting, bgp can be too heavyweight also.
I know tons of small networks using Mikrotik to run their BGP backbone. Seems to work :-). Mark.
On Mon, Apr 4, 2022 at 5:16 AM Mark Tinka <mark@tinka.africa> wrote:
On 4/4/22 03:06, Dave Taht wrote:
I'm actually not here to start a debate... happy to learn that the v4 over v6 feature I'm playing with actually exists in another protocol, mainly. I'm critically dependent on source specific routing, also, so I am hoping there's an isis or ospf that can do what I need, or now that I have more routers with enough memory, switch back to an ibgp.
Are MPLS or SR too heavy a bat?
MPLS was not an option at the time. It might become one. Don't know diddly about the current state of SR. What happened in the mesh wifi market circa 2015 is that eero perfected a superset of (layer 2) 802.11s that scaled well enough (3 hops max) to create a market. the eero 5 was great, the 6 a step backwards, I'm rather impressed by their new 6E product... on paper. It was bridging ethernet multicast to wifi multicast that was a real killer to performance then. Various solutions have appeared to lighten that load, arp proxying (don't know about ND), and a version of mdns that can upgrade to unicast, and fq_codel for wifi is out there on a lot of products now, like the ath9k, ath10k, pretty much all of intel and mediateks chips, iOS and OSX. Trying to revisit a few assumptions as to where the real problems are now.
yes, and for smaller networks that are interconnecting, bgp can be too heavyweight also.
I know tons of small networks using Mikrotik to run their BGP backbone. Seems to work :-).
BGP may end up what I switch to, but I note I have other requirements than just a robust routing protocol. middlebox fq_codel solutions like preseem's are now pretty common in that market, but the rightest answer was to move good queue management to every fast->slow transition as close to the hw as possible (rfc7567). Mikrotik only recently added fq_codel and cake support. There's some marvelous pictures of how well that's working if you login here: https://forum.mikrotik.com/viewtopic.php?t=179307#p885613 Regrettably their IPv6 support was broken entirely when I last checked a month or two back, I don't think they have the fq_codel native for wifi code operational either. Now that ISP rates are so much better than before, WiFi has become the bloated bottleneck for many. There's a real cliff for range, I was recently at a large apartment building where the usable range was under 8 feet due to all the APs competing. Sells more APs though... One of my holy grails from a working combination of fq_codel for wifi/ethernet meshes and a good routing protocol was a workable RTT, as opposed to loss based, metric. I was kind of agnostic as to the underlying routing protocol, but I really wanted it to fit in memory and scale well past 3 hops. Since then I mostly gave up on homenet's ideas, am revisiting older ones (like ospf and RPL) to see what progress was made there. It's a little OT for nanog, aside from a goal being better e2e connectivity and simplicity. I'll take another look at the current state of ospfv3, isis, and mpls.
Mark.
-- I tried to build a better future, a few times: https://wayforward.archive.org/?site=https%3A%2F%2Fwww.icei.org Dave Täht CEO, TekLibre, LLC
Dave Taht wrote:
Are MPLS or SR too heavy a bat?
MPLS was not an option at the time. It might become one.
MPLS with nested labels, which is claimed to scale because nesting represents route hierarchy, just does not scale because source hosts are required to provide nested labels, which means the source hosts have the current most routing table at destinations, which requires flat routing without hierarchy or on demand, that is, flow driven, look up of detailed routing tables of destinations at a distance. Masataka Ohta
On 4/4/22 15:45, Masataka Ohta wrote:
MPLS with nested labels, which is claimed to scale because nesting represents route hierarchy, just does not scale because source hosts are required to provide nested labels, which means the source hosts have the current most routing table at destinations, which requires flat routing without hierarchy or on demand, that is, flow driven, look up of detailed routing tables of destinations at a distance.
This detail is limited to PE devices (ingress/egress). You don't need to carry a BGP table in the P devices (core), as only label swapping is required. Fair point, it is a little heavy for an edge box, but I imagine nearly any feature of consequence is going to be high-touch, high-impact, for the edge. Those who have solved this problem with SR can comment, as we don't run it. We did experiment with IS-IS hierarchy (L1 within the data centre and L2 between them), but Route Leaking (copying L2 routes into L1) was a requirement in order to facilitate FEC creation (/32 for IPv4, /128 for IPv6). In the end, having a flat L2 domain was just simpler. It's been years, and on today's hardware, we've never ran into an issue carrying thousands of IS-IS IPv4/IPv6 routes this way. Mark.
Mark Tinka wrote:
MPLS with nested labels, which is claimed to scale because nesting represents route hierarchy, just does not scale because source hosts are required to provide nested labels, which means the source hosts have the current most routing table at destinations, which requires flat routing without hierarchy or on demand, that is, flow driven, look up of detailed routing tables of destinations at a distance.
This detail is limited to PE devices (ingress/egress).
As it requires
flat routing without hierarchy or on demand, that is, flow driven, look up of detailed routing tables of destinations at a distance.
MPLS is just broken.
You don't need to carry a BGP table in the P devices (core), as only label swapping is required.
So?
Fair point, it is a little heavy for an edge box,
Requiring
flat routing without hierarchy
means it is fatally heavy for intermediate boxes.
or on demand, that is, flow driven, look up of detailed routing tables of destinations at a distance.
means it is fatally heavy for edge boxes.
In the end, having a flat L2 domain was just simpler.
That's totally against the CATENET model. Why, do you think, NHRP was abandoned?
we've never ran into an issue carrying thousands of IS-IS IPv4/IPv6 routes this way.
Thousands of? Today with so powerful CPUs, that is a small network. So? Masataka Ohta
Hello Ohta-san
it is hopeless.
If you look at it, LS - as OSPF and ISIS use it - depends on the fact that all nodes get the same information and react the same way. Isn't that hopeless too? Clearly, the above limits LS applicability to stable links and topologies, and powered devices. This is discussed at length in https://datatracker.ietf.org/doc/html/draft-ietf-roll-protocols-survey. OLSRv2 pushes the model to its limit, don't drive it any faster. We have a panel of protocols and it's probably a question of selecting the best fit for a use case. And yes, probably for most people in this list, learning a stable topology with a link state protocol is the best choice available. To the point of this thread, BABEL thinks inside the same box as its DV predecessors, so I expect that the reasons for selecting LS inside your network would still apply. RIFT (https://datatracker.ietf.org/doc/draft-ietf-rift-rift/) shows that evolution outside that box is possible. RIFT develops anisotropic routing concepts (arguably from RPL) and couples DV and LS to get the best of both worlds. So it's not definitely either/or LS/DV after all. But none of the above allow an source router to decide once and for all what it will get. Because the routing decision is made again at each hop in a fashion that may contradict one of the previous hops. From there, it's either micro-loops or freezing, and in both cases, transient interruption of service. Isn't that hopeless too? The real issues of that thinking inside the ususal box are 1) that packets should "follow the arrows" along a path which certainly leads to loss when one link or node is broken along the arrows, and 2) greediness. All the protocols above are greedy, meaning that every hop that a packet made has to be progress towards the destination, and this dramatically reduces the opportunity to forward packets to destination. When you drive and the street is blocked, you can U-turn around the block and rapidly restore the shortest path. The protocols above will not do that; this is why technologies such as LFA were needed on top. But then the redundancy is an add-on as opposed to a native feature of the protocol. Thinking outside that box would then mean: - To your end-to-end principle point, let the source decide the packet treatment (including path) based on packet needs - congruence with shortest path when there is no breakage - neither micro-loop nor freeze when there's a breakage, - something like LFA-inside to survive one breakage, and possibly multiple ones, along the way While DV is capable to form Non-ECMP DAGs while inside-the-box LS is not, I will agree with you that DV is quite hopeless to achieve the goals above. This is why my personal favorite can be classified as an LS protocol done differently. What it does is: - use the LSDB as is - reverse SPF so the destination computes the tree "towards self" as opposed to "towards everybody else" - this just means use the incoming metric - tweak SPF to stitch selected branches in the tree to build "LFA-like" alternates, forming arcs that end in other arcs till destination, as opposed to arrows to be followed - add a step where the destination injects the path towards self along that path but reversed, using source routing in the control plane and tweaked to transport a serialized graph. Yet another sleeping beauty on the other side of the PM wall, waiting for the kiss of a sizable market. Hint, it's not the ill-fated U-Turn protocol, that one had its own issues. Keep safe; Pascal
-----Original Message----- From: NANOG <nanog-bounces+pthubert=cisco.com@nanog.org> On Behalf Of Masataka Ohta Sent: dimanche 3 avril 2022 15:46 To: nanog@nanog.org Subject: Re: V4 via V6 and IGP routing protocols
Dave Taht wrote:
Periodically I still do some work on routing protocols. 12? years ago I had kind of given up on ospf and isis, and picked the babel protocol as an IGP for meshy networks because I felt link-state had gone as far as it could and somehow unifying BGP DV with an IGP that was also DV (distance vector) seemed like a path forward.
As DV depends other routers to choose the best path from several candidates updated asynchronously, which means it is against the E2E principle and decisions by other routers are delayed a lot to wait all the candidates are updated, it is hopeless.
OTOH, LS only allows routers distribute the current most link states instantaneously and let end systems of individual routers compute the best path, LS converges quickly.
BGP is DV because there is no way to describe policies of various domains and, even if it were possible, most, if not all, domains do not want to publish their policies in full detail.
My question for this list is basically, has anyone noticed or fiddled with babel?
No.
Masataka Ohta
Pascal Thubert (pthubert) wrote:
Hello Ohta-san
Hi,
it is hopeless.
If you look at it, LS - as OSPF and ISIS use it -
My team developed our own. Hierarchical QoS Link Information Protocol (HQLIP) https://datatracker.ietf.org/doc/draft-ohta-ric-hqlip/ which support 256 levels of hierarchy with hierarchical thinning of link information, including available QoS.
depends on the fact that all nodes get the same information and react the same way. Isn't that hopeless too?
If you insist on OSPF or ISIS, yes.
Clearly, the above limits LS applicability to stable links and topologies, and powered devices. This is discussed at length in https://datatracker.ietf.org/doc/html/draft-ietf-roll-protocols-survey. OLSRv2 pushes the model to its limit, don't drive it any faster.
RIFT (https://datatracker.ietf.org/doc/draft-ietf-rift-rift/) shows that evolution outside that box is possible. OK. RIFT is "for Clos and fat-tree network topologies" of data
You don't have to say "low power" to notice OSPF not so good. With just a quick look at OSPF, I noticed OSPF effectively using link local reliable multicast hopeless (as a basis to construct hierarchical QoS routing system). Worse, minimum hello interval of OSPF is too long for quick recovery (low power is not required, for example, at backbone), which is why additional complication to have an optical layer were considered useful. centers.
RIFT develops anisotropic routing concepts (arguably from RPL) and couples DV and LS to get the best of both worlds.
It usually results in the worst of both, I'm afraid.
But none of the above allow an source router to decide once and for all what it will get.
As there are not so many alternative routes with Clos and fat-tree network topologies of data centers, pure source routing combined with some transport protocol to simultaneously try multiple routes should be the best solution, IMO, because avoiding link saturation is an important goal.
When you drive and the street is blocked, you can U-turn around the block and rapidly restore the shortest path. The protocols above will not do that; this is why technologies such as LFA were needed on top. But then the redundancy is an add-on as opposed to a native feature of the protocol.
What if network is not very large and minimum hello interval of OSPF is 1ms?
Thinking outside that box would then mean: - To your end-to-end principle point, let the source decide the packet treatment (including path) based on packet needs
To apply the E2E argument for LS routing, all the routers are *dumb* intermediate systems to quickly flood LS. At the same time, all the routers are ends to initiate flooding of local LS, to receive flooded LS and to compute the best route to destinations in a way consistent with other routers because they share same flooded LS except during short transition periods. Masataka Ohta
On 4/3/22 13:55, Dave Taht wrote:
Periodically I still do some work on routing protocols. 12? years ago I had kind of given up on ospf and isis, and picked the babel protocol as an IGP for meshy networks because I felt link-state had gone as far as it could and somehow unifying BGP DV with an IGP that was also DV (distance vector) seemed like a path forward.
To scale the IGP, we only carry Loopbacks and interfaces (backbone infrastructure) in the IGP. Many operators have been doing this, for some time now, as a best pratice. Customer routes as well as the DFZ is carried in iBGP. The only issue we have hit with this design is hardware that ships with limited FIB (you're talking 4,000 slots or less). While this can be mitigated with things like 6PE and RFC 3107, there are, now, tons of hardware shipping without this physical restriction. For me, the simpler, the better.
My question for this list is basically, has anyone noticed or fiddled with babel? It's supported in FRR, bird, and a very small standalone daemon.
Never heard of it as an IGP until now :-). Googl'ing: https://en.wikipedia.org/wiki/Babel_(protocol)
To recap that:
"V4-via-v6 routing is a routing technique that allows routers with only IPv6 addresses (including link-locals) to forward IPv4 packets. It doesn't involve encapsulation (tunnelling), it doesn't involve translation (NAT), it just works. For details, please see
Since around Junos 9 (2007), OSPFv3 shipped with the ability to carry IPv4 NLRI over an IPv6-only network. We never did implement that, as IS-IS integrated both protocols already. But it's been there for a while for OSPFv3. I don't know when (or if) other vendors implemented the same thing for OSPFv3. That said, nearly any OSPF house I'm aware of still runs both OSPFv2 and OSPFv3 side-by-side. I guess folk are probably unprepared to use OSPFv3 for IPv4 NLRI. Mark.
On Sun, Apr 3, 2022 at 12:04 PM Mark Tinka <mark@tinka.africa> wrote:
On 4/3/22 13:55, Dave Taht wrote:
Periodically I still do some work on routing protocols. 12? years ago I had kind of given up on ospf and isis, and picked the babel protocol as an IGP for meshy networks because I felt link-state had gone as far as it could and somehow unifying BGP DV with an IGP that was also DV (distance vector) seemed like a path forward.
To scale the IGP, we only carry Loopbacks and interfaces (backbone infrastructure) in the IGP. Many operators have been doing this, for some time now, as a best pratice.
Customer routes as well as the DFZ is carried in iBGP.
The only issue we have hit with this design is hardware that ships with limited FIB (you're talking 4,000 slots or less). While this can be mitigated with things like 6PE and RFC 3107, there are, now, tons of hardware shipping without this physical restriction. For me, the simpler, the better.
My question for this list is basically, has anyone noticed or fiddled with babel? It's supported in FRR, bird, and a very small standalone daemon.
Never heard of it as an IGP until now :-).
We'd somewhat foolishly made it a requirement in ietf homenet. it was how hard adding source specific routing to isis turned out to be that turned me. At the time I needed simple means to get ipv6 working on multiple consumer uplinks. That later spawned a now mostly dead attempt to unify ipv4 and ipv6 address distribution called hnet. I'm fiddling with the new ipv4 over ipv6 stuff now in trying to interconnect several ipv4 networks over multiple p2p links.
Googl'ing:
https://en.wikipedia.org/wiki/Babel_(protocol)
To recap that:
"V4-via-v6 routing is a routing technique that allows routers with only IPv6 addresses (including link-locals) to forward IPv4 packets. It doesn't involve encapsulation (tunnelling), it doesn't involve translation (NAT), it just works. For details, please see
Since around Junos 9 (2007), OSPFv3 shipped with the ability to carry IPv4 NLRI over an IPv6-only network. We never did implement that, as IS-IS integrated both protocols already. But it's been there for a while for OSPFv3.
I don't know when (or if) other vendors implemented the same thing for OSPFv3.
That said, nearly any OSPF house I'm aware of still runs both OSPFv2 and OSPFv3 side-by-side. I guess folk are probably unprepared to use OSPFv3 for IPv4 NLRI.
I'm sad to hear that those two still have to co-exist. I'd given up on how static both routing protocols had become in light of my wireless requirements way back then, also memory requirements. Babel had turned out to be the only way to get teeny routers to route a few thousand ipv6 routes as well as ipv4 over wifi mesh networks. I figured it had made zero penetration outside of that world despite our efforts to get it into frr, bird, etc.
Mark.
-- I tried to build a better future, a few times: https://wayforward.archive.org/?site=https%3A%2F%2Fwww.icei.org Dave Täht CEO, TekLibre, LLC
Hello Dave: There's RFC 8950 in the context of BGP. That's a refresher of RFC 5589 which is the one we typically refer to internally. I glanced at homenet too early, and then too late. Too early, it seemed that the protocol would be OSPFv3; no discussion. So I left till too late, when the choice was between ISIS and BABEL, and the group would not even consider arguments. RPL seemed to do the trick without the need to define anything new, in my book. It supports multihoming by defining as many topologies, no need for source/destination, radios, IoT, mobility, things you'll find at home. But hey, those of us who understand RPL were not there at the right time and there we get yet another fragmentation. Not the IETF at its best. Nothing against BABEL, it's neat. Well written specs, much better than we did with RPL. A modernized DV, addressing the same space as RIP or EIGRP - though I really like the DUAL piece in EIGRP. More of a core technology than of an edge/mobile like RPL, they could be complementary. And then BABEL has a nice dynamic community including openWRT developers, that's a huge strength. Not sure you'll find it in your usual vendor hardware though. Keep safe; Pascal
-----Original Message----- From: NANOG <nanog-bounces+pthubert=cisco.com@nanog.org> On Behalf Of Dave Taht Sent: lundi 4 avril 2022 2:56 To: Mark Tinka <mark@tinka.africa> Cc: NANOG <nanog@nanog.org> Subject: Re: V4 via V6 and IGP routing protocols
On Sun, Apr 3, 2022 at 12:04 PM Mark Tinka <mark@tinka.africa> wrote:
On 4/3/22 13:55, Dave Taht wrote:
Periodically I still do some work on routing protocols. 12? years ago I had kind of given up on ospf and isis, and picked the babel protocol as an IGP for meshy networks because I felt link-state had gone as far as it could and somehow unifying BGP DV with an IGP that was also DV (distance vector) seemed like a path forward.
To scale the IGP, we only carry Loopbacks and interfaces (backbone infrastructure) in the IGP. Many operators have been doing this, for some time now, as a best pratice.
Customer routes as well as the DFZ is carried in iBGP.
The only issue we have hit with this design is hardware that ships with limited FIB (you're talking 4,000 slots or less). While this can be mitigated with things like 6PE and RFC 3107, there are, now, tons of hardware shipping without this physical restriction. For me, the simpler, the better.
My question for this list is basically, has anyone noticed or fiddled with babel? It's supported in FRR, bird, and a very small standalone daemon.
Never heard of it as an IGP until now :-).
We'd somewhat foolishly made it a requirement in ietf homenet.
it was how hard adding source specific routing to isis turned out to be that turned me. At the time I needed simple means to get ipv6 working on multiple consumer uplinks.
That later spawned a now mostly dead attempt to unify ipv4 and ipv6 address distribution called hnet.
I'm fiddling with the new ipv4 over ipv6 stuff now in trying to interconnect several ipv4 networks over multiple p2p links.
Googl'ing:
https://en.wikipedia.org/wiki/Babel_(protocol)
To recap that:
"V4-via-v6 routing is a routing technique that allows routers with only IPv6 addresses (including link-locals) to forward IPv4 packets. It doesn't involve encapsulation (tunnelling), it doesn't involve translation (NAT), it just works. For details, please see
Since around Junos 9 (2007), OSPFv3 shipped with the ability to carry IPv4 NLRI over an IPv6-only network. We never did implement that, as IS-IS integrated both protocols already. But it's been there for a while for OSPFv3.
I don't know when (or if) other vendors implemented the same thing for OSPFv3.
That said, nearly any OSPF house I'm aware of still runs both OSPFv2 and OSPFv3 side-by-side. I guess folk are probably unprepared to use OSPFv3 for IPv4 NLRI.
I'm sad to hear that those two still have to co-exist. I'd given up on how static both routing protocols had become in light of my wireless requirements way back then, also memory requirements. Babel had turned out to be the only way to get teeny routers to route a few thousand ipv6 routes as well as ipv4 over wifi mesh networks.
I figured it had made zero penetration outside of that world despite our efforts to get it into frr, bird, etc.
Mark.
-- I tried to build a better future, a few times: https://wayforward.archive.org/?site=https%3A%2F%2Fwww.icei.org
Dave Täht CEO, TekLibre, LLC
On 4/4/22 02:55, Dave Taht wrote:
it was how hard adding source specific routing to isis turned out to be that turned me. At the time I needed simple means to get ipv6 working on multiple consumer uplinks.
I suppose the presence of MPLS (and SR) for many operators is probably why this use-case was not pushed hard by that community in the IGP.
I'm sad to hear that those two still have to co-exist. I'd given up on how static both routing protocols had become in light of my wireless requirements way back then, also memory requirements. Babel had turned out to be the only way to get teeny routers to route a few thousand ipv6 routes as well as ipv4 over wifi mesh networks.
Given a good number of boxes are now based on x86 platforms, control plane management of the "classic" IGP's is not a major drama for a few thousand entries. One is more likely to run into FIB issues (as we have done). It's possible that at least one operator is using OSPFv3 for both IPv4 and IPv6, but they haven't come out publicly to announce this :-). We (and many others) have been running IS-IS for both IP protocols, without major issue over the years.
I figured it had made zero penetration outside of that world despite our efforts to get it into frr, bird, etc.
You're certainly right about that one... Mark.
The other question for this list I'd basically had was this:
https://datatracker.ietf.org/doc/html/draft-ietf-babel-v4viav6
Please let me know if you feel that it should be possible to completely disable v4-via-v6 even on newer kernels, and whether you feel that v4-via-v6 should be disabled by default. (The "Security Considerations" section of the draft cited above might be interesting.)"
I'll mention, as I often do at this point in this conversation over the past few decades, that nothing stops you from designing and implementing such a network and, for demonstration / proof of concept purposes at least, floating it on top of IP. Build a better mouse trap... On March 17, 2022 at 23:34 mattlists@rivervalleyinternet.net (Matt Hoppes) wrote:
At this point I would *love* to see IPv4 get extended, a software patch applied to devices, and IPv6 die a quick painless death.
Its not impossible to envision that IPv4 does not ever go away but actually gets extended in such a way that it obsoletes IPv6. The longer this drags out the less implausible it seems.
Joe
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
On Sat, 19 Mar 2022 at 03:32, <bzs@theworld.com> wrote:
I'll mention, as I often do at this point in this conversation over the past few decades, that nothing stops you from designing and implementing such a network and, for demonstration / proof of concept purposes at least, floating it on top of IP.
Build a better mouse trap...
I'm taking some liberties here. I suspect Joe implied it as an undesirable outcome which may happen organically unless some unspecified actions are taken. And Matt suggested some unspecified IPv4.1 as a desirable outcome. Anyone pushing on fixing IPv4 likely has complete confusion why IPv6 adoption is struggling. IPv6 is kind of terrible, but a lot of that terribleness is now paid with heavy cost. The ship has sailed for something meaningfully better. Trying to deliver some strategic fix now throws all those investments to trash and there is little guarantee whatever we'd deliver instead would be meaningfully better, and high risk we'd just make it yet worse. IPv6 is shit, but we can make it go, and we need the address space. We don't need IPv4. If I understood Joe right, I share that sentiment. I want single stack IP, IPv6 is the only option, and I'm afraid it might not happen.
On March 17, 2022 at 23:34 mattlists@rivervalleyinternet.net (Matt Hoppes) wrote:
At this point I would *love* to see IPv4 get extended, a software patch applied to devices, and IPv6 die a quick painless death.
Its not impossible to envision that IPv4 does not ever go away but actually gets extended in such a way that it obsoletes IPv6. The longer this drags out the less implausible it seems.
Joe
-- ++ytti
Matt Hoppes wrote:
At this point I would *love* to see IPv4 get extended, a software patch applied to devices, and IPv6 die a quick painless death.
A problem is that, a software patch is enough to upgrade an IPv4 host IPv6 capable. :-) Anyway, with TUPLE (TCP and UDP with Port Length Extension, not TUBA) using 32bit port numbers, which is easier to deploy than full QUIC, an IPv4 address can be shared by 2^24 hosts each having 256 port number ranges. It should be noted that, with static End to End NAT https://datatracker.ietf.org/doc/html/draft-ohta-e2e-nat-00 where port number collisions are prevented not by stateful NAT GW but end systems, state maintenance at the NAT GW is not necessary, while enjoying full end to end transparency. Masataka Ohta
----- On Mar 9, 2022, at 4:46 PM, Josh Luthman josh@imaginenetworksllc.com wrote:
ISP here. Deploying gigabit FTTH. No IPv6. Customers have 0 complaints about IPv6. 0 Complaints since 2006.
Don't you think there is a responsibility on those who know the technical details to do things on behalf of those who do not know any better? You don't seriously think that the only reason anything should ever be done is because a customer specifically asked for it, do you? This attitude is why IPv6 is not universal yet. For what it is worth, both of the providers available to me in our small town have been IPv6 for well over a decade. One is Spectrum (formerly Time Warner). Residential support lagged a bit from our DIA circuits, but has still been solid for a very long time. In my specific use case, IPv6 connections from my home to my office are much faster than IPv4. -Randy
On 3/9/22 12:01 PM, Jay Hennigan wrote:
It's not just equipment vendors, it's ISPs. Here in Oregon, Frontier was recently acquired by Ziply. They're doing massive infrastructure work and recently started offering symmetrical gigabit FTTH. This is a brand new greenfield PON deployment. No IPv6. It took being transferred three times to reach a person who even knew what it was.
Likewise the Wave Broadband cable operator. No IPv6, no plans for it.
The big guys in my area - Charter and AT&T - can do IPv6. But I understand that not every ISP has the talent to deploy IPv6. A lot of people simply refuse to learn new things as they get older. The smaller the company gets it can go either way: steadfast refusal to learn new things, or jumps at the chance to learn something new. The former will try to say customers don't want it or no business case to hide their knowledge gap.
On Wed, 9 Mar 2022 09:46:41 -0800 David Conrad <drc@virtualized.org> wrote:
Tim,
On Mar 9, 2022, at 9:09 AM, Tim Howe <tim.h@bendtel.com> wrote:
Some of our biggest vendors who have supposedly supported v6 for over a decade have rudimentary, show-stopping bugs.
Not disagreeing (and not picking on you), but despite hearing this with some frequency, I haven’t seen much data to corroborate these sorts of statements.
Heh :) This is kind of funny for me since I am usually far more likely to be accused of not being able to shut up about it. I don't like to throw vendors under the bus publicly, but I will instead name some positive actors whose efforts I appreciate: Juniper fixed their DHCPv6 relay server when I was able to show them it was not working correctly; they have also had other bugs that were DHCPv6 related and provided work-arounds and fixes (they still have a few bugs that appear to be the result of incomplete fixes for related issues). I'm still not sure if they ever fixed the fact that SRX routers can't dynamically add the default v6 route (I still had to hard code this last time I tested on SRX320; the bug is documented). Of course, it still feels like not-that-long-ago when Juniper wanted me to buy a special license for each switch that I wanted to use OSPFv3 on. That's no longer a thing, but it made me pretty mad at the time. ZyXel has been very responsive to adding support, fixing functionality, and working with me on in-depth and long term testing of issues. I'm not sure I have ever worked with a vendor that was so responsive to my requests and reports. This is in sharp contrast to one of their competitors who basically told me they have no interest in adding the IPv6 support they had previously told me they could add. Adtran is the only vendor I know of that has DHCPv6 option-18 support in their gpon/xgspon OLT cards. They have also fixed v6 DNS issues that we have reported on their 5000 chassis. If it weren't for their OLTs I would probably not know what "working" looks like. They are also the only vendor that has ever handed me a Broadcom based CPE to test that worked out of the box. Sadly, I have problems with most of their current gen; the 515ac is a bright spot - someone important must be buying these who insisted on v6 support. There are still some minor issues with MAC tables on the OLTs that have only revealed themselves over time, but nothing show-stopping (just requires minor manual intervention in some cases). The ISC's Kea DHCP server is a must have for us; this org deserves more recognition and support from the community. We use it for prefix delegation and option-18 (basically all dhcpv6 is relayed there). I have still not seen an ACS that has equiv v6 support, but I will say that both Adtran and Calix appear to be making /very recent/ efforts and have shown progress in this regard. Ubiquiti Edge routers have pretty decent IPv6 support at the CLI, but the web GUIs expose little to none of it. Of course shout out to Microsoft Windows for great support going back a long way; I wouldn't use it, but the efforts help us all. The OpenBSD team are also rock stars. --TimH
I am going to attend the WISPA conference in New Orleans next week. (anyone going?). I don't see any topics related to ipv6 there, nor as requirements for broadband grants. I first tried to deploy ipv6 at my wisp 14 years ago, and failed utterly. Since then, I've kept track of that market, and most of the ipv6 support from the vendors that serve it, has been faltering. In particular, I've been working on improving mikrotik's fq_codel and cake support only to be completely stymied by several bugs in their ipv6 implementation. ( https://www.youtube.com/watch?v=TWViGcBlnm0 ). This week, I've been trying to get a cerowrt box with a hurricane ipv6 tunnel upgraded to modern openwrt, but am running into issues with the default deny firewall. Cisco Meraki only recently got a first release of ipv6 out the door. Tomorrow I hope to take a look at a new ubnt 60ghz outdoor radio, which I'm told "HAS WORKING IPV6!!", and hoping for the best, because it has a SDN stack I have no visibility into.
On Wed, Mar 09, 2022 at 09:46:41AM -0800, David Conrad wrote:
Tim,
On Mar 9, 2022, at 9:09 AM, Tim Howe <tim.h@bendtel.com> wrote:
Some of our biggest vendors who have supposedly supported v6 for over a decade have rudimentary, show-stopping bugs.
Not disagreeing (and not picking on you), but despite hearing this with some frequency, I haven???t seen much data to corroborate these sorts of statements.
Fine. We could start at the top, with protocols that are defective by design, such as OSPFv3, which lack built-in authentication and rely on IPsec. That's great if you have a system where this is all tightly and neatly integrated, but smaller scale networks may be built on Linux or BSD platforms, and this can quickly turn into a trainwreck of loosely cooperating but separate subsystems, maintaining IPsec with one set of tools and the routing with another. Or ... FreeBSD's firewall has a DEFAULT_TO_DENY option for IPv4 but not for IPv6. Perhaps not a show-stopping bug, granted. But, wait, if you really want end-to-end IPv6 (without something like NAT in between doing its "faux-firewalling") endpoints, wouldn't you really want a firewall that defaults to deny, just in case something went awry? If I've got a gateway host that normally does stateful firewalling but it fails to load due to a typo, I'd really like it to die horribly not packet forwarding anything, because someone will then notice that. But if it fails open, that's pretty awful because it may not be noticed for months or years. So that's a show-stopper. As exciting as it would be to go all-in on v6, it's already quite a bit of a challenge to build everything dual-stack and get to feature parity. The gratuitous differences feel like arrogant protocol developers who know what's best for you and are going to make you comply with their idea of how the world should work, complexity be damned. I really never thought it'd be 2022 and my networks would be still heavily v4. Mind boggling. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov
On Wed, 9 Mar 2022 at 21:00, Joe Greco <jgreco@ns.sol.net> wrote:
I really never thought it'd be 2022 and my networks would be still heavily v4. Mind boggling.
Same. And if we don't voluntarily agree to do something to it, it'll be the same in 2042, we fucked up and those who come after us pay the price of the insane amount of work and cost dual stack causes. It is solvable, easily and cheaply, like most problems (energy, climate), but not when so many poor leaders participate in decision making. -- ++ytti
Saku Ytti wrote:
Same. And if we don't voluntarily agree to do something to it, it'll be the same in 2042, we fucked up and those who come after us pay the price of the insane amount of work and cost dual stack causes.
Indeed, we don't need IPv6 at all at least for the next 20 years, which is long enough to have 32bit port length for TCP and UDP to make NAT save address space more efficiently. Masataka Ohta
On Thu, 10 Mar 2022, 11:22 Masataka Ohta, <mohta@necom830.hpcl.titech.ac.jp> wrote:
Saku Ytti wrote:
Same. And if we don't voluntarily agree to do something to it, it'll be the same in 2042, we fucked up and those who come after us pay the price of the insane amount of work and cost dual stack causes.
Indeed, we don't need IPv6 at all at least for the next 20 years, which is long enough to have 32bit port length for TCP and UDP to make NAT save address space more efficiently.
Rather than fudging it at the transport layer, there's always a network layer solution. NAT with port overload got us this far, but it requires state to be stored in the forwarding path. MAP-T limits the range of ports at the CPE, allowing simple algorithmic translation without any stored state in the provider network. That sufficiently kicks down the eyeball side for some considerable time, but there's still no decent reason to go dual-stack on the content side, except for resource starvation costs in address heavy environments like container clouds etc. What you end up with is NAT overload islands there too, with gateways/proxies providing the dual-stack, and using TLS SNI for virtual hosting where protocols don't otherwise support it, and the strong discouragement of putting network layer information inside protocols (things requiring ALGs like FTP etc). That's kinda where we are today anyway. Honestly, I can not see IPv4 dipping below 90% of hosts addressed with it in this decade. That doesn't mean IPv6 is <10%, that means IPv4 remains a near-mandatory service requirement for the bulk of addressable hosts. Oh and before I get flamed by a certain person -- if you refuse to support IPv4 and label people fools for not supporting IPv6, you'll just end up with someone crazy like the ITU-T taking over IPv4 maintenance. No-one wants that. Carrot, not just stick. M
I am deeply concerned by the onrushing move to udp for QUIC, with udp the former province of voip, gaming, request/response and videoconferencing traffic. I certainly see natted udp ports get used up rapidly by various tools, and also see timeouts for reuse often below 30sec. IMHO, QUIC should also one day become its own protocol number also, and with the 64 bit identifier seems plausible to nat thoroughly. One day all of google could anycast 8.8.8.0/24 just for quic traffic and retire other ip addresses. UDPLite is also easily nat-able and widely available. It's original use case is now gone, but it would be straightforward to just treat it as another UDP. Lastly, if we were to look at using up some more protocol space in the next 20 years, adding 16 or more udp-like protocols would extend things also.
On Thu, Mar 10, 2022 at 11:43 AM Dave Taht <dave.taht@gmail.com> wrote:
I am deeply concerned by the onrushing move to udp for QUIC, with udp the former province of voip, gaming, request/response and videoconferencing traffic.
Hi Dave, Since QUIC is without value unless it works with widely deployed NAT there's not exactly an alternative. Glad to see that they, at least, have learned from the IPv6 deployment debacle. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/
On Thu, 10 Mar 2022, 19:41 Dave Taht, <dave.taht@gmail.com> wrote:
I am deeply concerned by the onrushing move to udp for QUIC,
IMO, it's a fad that will die away. IMHO, QUIC should also one day become its own protocol number also,
If that was feasible, we would likely be using SCTP by now. TCP, UDP, and ICMP are likely to be the only reliable IP protocols for the foreseeable future on the internet. (As in, inter-domain) and with the 64 bit identifier seems plausible to nat thoroughly. So long as you're doing a proper three tuple NAT, there shouldn't be any need to expand the address space of the transport layer -- the MAP-T approach of constraining it down to e.g. 256 ports seems the most compatible. UDPLite is also easily nat-able and widely available. It's original
use case is now gone, but it would be straightforward to just treat it as another UDP.
Given enough time, seemingly everything becomes HTTP :S (slightly facetious there) Lastly, if we were to look at using up some more protocol space in the
next 20 years, adding 16 or more udp-like protocols would extend things also.
We've got tens of thousands of good ports on each of TCP and UDP already. No need for making more room when the existing ones work. In fact, I'd wager most people wouldn't notice if only TCP/80 and TCP/443 were working, with a DNS resolver at the NAT border. Even NTP is becoming more and more obsolete, as I understand it there are an increasing number of systems that just pull the time and date from the Date header of an HTTP request. M
On 10/03/2022 21:03, Matthew Walster wrote:
If that was feasible, we would likely be using SCTP by now. TCP, UDP, and ICMP are likely to be the only reliable IP protocols for the foreseeable future on the internet. (As in, inter-domain)
But QUIC runs on UDP - it is not a new protocol, we are just using stupid UDP. UDP nat is as old as nat itself. And anyway QUIC is dead and all the development goes now over its successor - HTTP/3. -- Grzegorz Janoszka
On Thu, Mar 10, 2022 at 09:55:42AM +0200, Saku Ytti wrote:
On Wed, 9 Mar 2022 at 21:00, Joe Greco <jgreco@ns.sol.net> wrote:
I really never thought it'd be 2022 and my networks would be still heavily v4. Mind boggling.
Same. And if we don't voluntarily agree to do something to it, it'll be the same in 2042, we fucked up and those who come after us pay the price of the insane amount of work and cost dual stack causes.
It is solvable, easily and cheaply, like most problems (energy, climate), but not when so many poor leaders participate in decision making.
I am reading your response as to imply that this is somehow my fault (for my networks) and that I am a poor leader for not having embraced v6. If that's not what you meant, great, because I feel like there's been systemic issues. There are several ASN's I run infrastructure for, on an (as you put it) "voluntary" basis, for organizations that run critical bits of Internet infrastructure but which aren't funded like they are critical bits. The problem is that I really don't have the ability to donate more of my time, since I am already 150% booked, and I'm not willing to hire someone just to donate their time. I have no idea what it is I can agree to do to make something happen here that is accomplished "easily and cheaply". From my perspective, IPv4+6 is many times the effort to deploy as just IPv4, somewhere between 5x-10x as much work depending on the specifics. I love many of the ideas behind v6, but adoption seems tepid. I had to fight years ago to get IPv6 via broadband, and most common end-user gear still does not seem to support it, or enable it by default. Looking at the results, I think we've screwed this up. Just like the e-mail ecosystem was screwed up by poor design and then stupid bolt-on fixes, so we've finally arrived at a point where people just don't even want to deal with the problem. At least with e-mail, you can plausibly outsource it if you're not masochistic. I feel like IPv6 is that same sort of problem, except you can't outsource it. You can avoid it by throwing some more IPv4 NAT and proxies into the mix though. And tragically, that seems to be what's happened. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov
On Thu, 10 Mar 2022 at 16:01, Joe Greco <jgreco@ns.sol.net> wrote:
I am reading your response as to imply that this is somehow my fault (for my networks) and that I am a poor leader for not having embraced v6. If that's not what you meant, great, because I feel like there's been systemic issues.
No, I meant us as the community of people building the internet in the last 20 years. Poor state of IPv6+IPv4 not any individual's fault, some share more fault than others, but we're all culpable. My apologies, I didn't intend it to read as I'm blaming you. You can't go IPV6 only in your own network, you have other networks to talk to, other applications to use to, things to buy which you assert little control over. -- ++ytti
On Wed, Mar 9, 2022 at 11:56 PM Saku Ytti <saku@ytti.fi> wrote:
On Wed, 9 Mar 2022 at 21:00, Joe Greco <jgreco@ns.sol.net> wrote:
I really never thought it'd be 2022 and my networks would be still heavily v4. Mind boggling.
Same. And if we don't voluntarily agree to do something to it, it'll be the same in 2042, we fucked up and those who come after us pay the price of the insane amount of work and cost dual stack causes.
It is solvable, easily and cheaply, like most problems (energy, climate), but not when so many poor leaders participate in decision making.
-- ++ytti
Ah, the quarterly ipv6 thread… where i remind you all… most of the USA is on ipv6 (all your smartphone, many of your home router, a growing amount of your clouds [i see you aws]) https://www.worldipv6launch.org/measurements/ Google sees over 40% of their users on ipv6, with superior latency https://www.google.com/intl/en/ipv6/statistics.html
Google sees over 40% of their users on ipv6,* with superior latency *
Uncle Geoff generally debunked this years ago. https://www.youtube.com/watch?v=Lt-Xx2CmuQE&ab_channel=NANOG On Thu, Mar 10, 2022 at 11:01 AM Ca By <cb.list6@gmail.com> wrote:
On Wed, Mar 9, 2022 at 11:56 PM Saku Ytti <saku@ytti.fi> wrote:
On Wed, 9 Mar 2022 at 21:00, Joe Greco <jgreco@ns.sol.net> wrote:
I really never thought it'd be 2022 and my networks would be still heavily v4. Mind boggling.
Same. And if we don't voluntarily agree to do something to it, it'll be the same in 2042, we fucked up and those who come after us pay the price of the insane amount of work and cost dual stack causes.
It is solvable, easily and cheaply, like most problems (energy, climate), but not when so many poor leaders participate in decision making.
-- ++ytti
Ah, the quarterly ipv6 thread… where i remind you all… most of the USA is on ipv6 (all your smartphone, many of your home router, a growing amount of your clouds [i see you aws])
https://www.worldipv6launch.org/measurements/
Google sees over 40% of their users on ipv6, with superior latency
On Wed, Mar 9, 2022 at 9:11 AM Tim Howe <tim.h@bendtel.com> wrote:
On Wed, 9 Mar 2022 11:22:49 -0500 Tom Beecher <beecher@beecher.cc> wrote:
It doesn't take any OS upgrades for "getting everything to work on IPv6". All the OS's and routers have supported IPv6 for more than a decade.
There are lots of vendors, both inside and outside the networking space, that have consistently released products with non-existant or broken IPv6 implementations. That includes smaller startups, as well as very big names. An affirmative choice is often made to make sure v4 works , get the thing out the door, and deal with v6 later, or if a big client complains.
This a thousand times. Don't believe the claims of IPv6 support until you have fully tested it. Almost no vendor is including any IPv6 testing in their QA process and nobody is including it in any of their support staff training. Their labs may not even have v6 capability. Some of our biggest vendors who have supposedly supported v6 for over a decade have rudimentary, show-stopping bugs. The support staff at these vendors have often never even seen a customer using v6, and they have no idea what it looks like on their own gear.
I have worked really hard to make sure ipv6 "just works" (still) in the upcoming openwrt 22.03 release, treating it as *my* primary ip stack, at least. But I spent most of my time fixing a string of fq-codel & ATF wifi regressions on the mt76 chips and (especially) not on testing the various encapsulations, and am out of time. If y'all care about ipv6, please lean in, test, and file bugs on these last release candidates before it goes final? https://downloads.openwrt.org/releases/22.03.0-rc6/targets/ The network you save may be your own.
A subset of these vendors will listen to you and fix the problems. Give them your support and loyalty. I want to name names so bad...
--TimH
-- FQ World Domination pending: https://blog.cerowrt.org/post/state_of_fq_codel/ Dave Täht CEO, TekLibre, LLC
On Wed, 9 Mar 2022, John Gilmore wrote:
Major networks are already squatting on the space internally, because they tried it and it works.
Sounds like an excellent reason not to try to use it for global unicast. Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
On Mar 9, 2022, at 10:08 AM, John R. Levine <johnl@iecc.com> wrote:
On Wed, 9 Mar 2022, John Gilmore wrote:
Major networks are already squatting on the space internally, because they tried it and it works. Sounds like an excellent reason not to try to use it for global unicast.
When did squatting become a justification for not allocating addresses? Regards, -drc
It appears that David Conrad <drc@virtualized.org> said:
-=-=-=-=-=-
On Mar 9, 2022, at 10:08 AM, John R. Levine <johnl@iecc.com> wrote:
On Wed, 9 Mar 2022, John Gilmore wrote:
Major networks are already squatting on the space internally, because they tried it and it works. Sounds like an excellent reason not to try to use it for global unicast.
When did squatting become a justification for not allocating addresses?
Um, when can I register my .corp and .home domains? R's, John
John, On Mar 9, 2022, at 10:45 AM, John Levine <johnl@iecc.com> wrote:
When did squatting become a justification for not allocating addresses? Um, when can I register my .corp and .home domains?
Um, are you suggesting there is sufficiently heavy use of 240/4 to result in a significant security/stability issue if the address space is allocated? I thought you were arguing too many systems would have to be updated to even send/receive packets with 240/4 in the source or destination field. You’re equating the use of address space explicitly reserved “for future use” (or for multicast use) with unallocated name space. A more reasonable (but still flawed) analogy to .corp and .home would be the squatting on 1/8. I was at IANA when we allocated 1/8 to APNIC and recall the gnashing of teeth that resulted. Yet we have a demonstration proof that 1/8 could be made usable. I don’t really have a dog in this fight and my intuition suggests that trying to make 240/4 global unicast wouldn’t be worth the effort, but I remain of the belief that it would be better to have actual data on what breaks if there was an attempt to use it than to come up with specious arguments like “but it might annoy squatters”. Regards, -drc
Um, are you suggesting there is sufficiently heavy use of 240/4 to result in a significant security/stability issue if the address space is allocated? I thought you were arguing too many systems would have to be updated to even send/receive packets with 240/4 in the source or destination field.
Both, actually. A few messages back someone said a cloud provider was using 240/4 for private address space, which is easy to believe since they have their own versions of the system software they run, e.g., Amazon's own distro of linux for use within AWS. So first you have to figure out all of the random computers that need network stack upgrades, and then, oh, you can't talk to Google or whoever. At this point, either buying a chunk of real IPv4 space or getting IPv6 working looks quite attractive. Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
On Wed, 9 Mar 2022 10:38:20 -0800 David Conrad <drc@virtualized.org> wrote:
When did squatting become a justification for not allocating addresses?
Isn't this essentially the same thing as the DNS name collision problem ICANN has been studying and discussing? Perhaps scale and potential for harm is different, but I think the essence of the challenge is essentially the same. In the name space we are unlikely to see .home (for example) allocated any time soon if ever thanks to what some might describe as a form of squatting. I would look to that work for some perspective on when or why something like this might, or might not be justified. <https://www.icann.org/en/announcements/details/icann-publishes-name-collision-analysis-project-ncap-study-2-documents-27-1-2022-en> John
John, On Mar 9, 2022, at 10:48 AM, John Kristoff <jtk@dataplane.org> wrote:
Isn't this essentially the same thing as the DNS name collision problem ICANN has been studying and discussing?
Not really (IMHO). As mentioned to Mr. Levine, what ICANN is concerned about is really the security/stability implications of delegating previously undelegated but otherwise unconstrained name space, not name space that has been designated with “for future use” status. That designation has resulted in code that prohibits its use and to make use of 240/4, the code has to be fixed. The name collision problem ICANN is studying is the result of traffic hitting the root for names like CORP and HOME. As far as I know (which isn’t very far), 240/4 isn’t sourcing or sinking significant traffic on the Internet. Regards, -drc
It appears that David Conrad <drc@virtualized.org> said:
isn’t very far), 240/4 isn’t sourcing or sinking significant traffic on the Internet.
FWIW, my tiny server sees about 20 packets/day from that range. It's not very much but it's hard to imagine why I'm seeing any at all. It's more than I see from 0/8, less than what I see from 192.168.0.0/16. R's, John
John Gilmore wrote:
Whatever the IPv6 transition might require, it isn't comparable to the small effort needed to upgrade a few laggard OS's to support 240/4 and to do some de-bogonization in the global Internet, akin to what CloudFlare did for 1.1.1.1.
It may be a good idea to offer 127/8 for relocation. Even if the range may be used internally by some devices (though, for double NAT, rfc6598 shared address should be used), it is a local problem for people using bogon addresses. Masataka Ohta
On 3/7/22 2:14 PM, Abraham Y. Chen wrote:
The cost of this software engineering should be minimal.
So basically no solution is offered to what is the showstopper for this proposal, only a hand wave that it "should be" easy to fix (but that's everyone else's problem). I mean, I believe this has been discussed to death many times over in the past and yet here we still are.
On Wed, Mar 9, 2022 at 10:31 AM Seth Mattinen <sethm@rollernet.us> wrote:
On 3/7/22 2:14 PM, Abraham Y. Chen wrote:
The cost of this software engineering should be minimal.
So basically no solution is offered to what is the showstopper for this proposal, only a hand wave that it "should be" easy to fix (but that's everyone else's problem). I mean, I believe this has been discussed to death many times over in the past and yet here we still are.
Hi Seth, AFAICT, the core of Abraham's proposal is to deploy 240/4 as an addition to RFC1918 space, to be used as folks' equipment permits. Activity beyond that (associated with IoT) appears to have no inter-domain application that need fall within the standards development space at this time. Would you care to articulate the showstopper problem you see for the standards-relevant portion of the proposal? Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/
participants (70)
-
Abraham Y. Chen
-
Andy Ringsmuth
-
Anne Mitchell
-
ant+nanog.org@antiphase.net
-
Bjørn Mork
-
borg@uu3.net
-
Brandon Butterworth
-
Bryan Fields
-
bzs@theworld.com
-
Ca By
-
Christian de Larrinaga
-
christian de larrinaga
-
Christopher Morrow
-
Dave Bell
-
Dave Taht
-
David Bass
-
David Conrad
-
Fred Baker
-
Gary E. Miller
-
George Michaelson
-
Grant Taylor
-
Greg Skinner
-
Grzegorz Janoszka
-
James R Cutler
-
james.cutler@consultant.com
-
Jay Hennigan
-
Joe Greco
-
Joe Maimon
-
John Curran
-
John Gilmore
-
John Kristoff
-
John Levine
-
John R. Levine
-
JORDI PALET MARTINEZ
-
Josh Luthman
-
Joshua Mallad
-
Mark Andrews
-
Mark Delany
-
Mark Tinka
-
Masataka Ohta
-
Matt Hoppes
-
Matthew Craig
-
Matthew Huff
-
Matthew Petach
-
Matthew Walster
-
Michael Thomas
-
Nathan Angelacos
-
netElastic Systems
-
Noah
-
Owen DeLong
-
Pascal Thubert (pthubert)
-
Paul Rolland
-
Philip Homburg
-
Randy Bush
-
Randy Carpenter
-
Robert L Mathews
-
Rubens Kuhl
-
Ryland Kremeier
-
Saku Ytti
-
Seth David Schoen
-
Seth Mattinen
-
surfer@mauigateway.com
-
Tim Howe
-
Tom Beecher
-
Tom Hill
-
Tom Ivar Helbekkmo
-
Tony Wicks
-
Vasilenko Eduard
-
William Allen Simpson
-
William Herrin