Not something I'd typically use this list for but I have an opportunity to host a debate of sorts on IPv6 where I'm taking a very pro IPv6 stance and I need someone who wants to argue the other side - effectively that most people don't need to worry about it for a long time still or until someone makes them. Any takers feel free to ping me directly... Thanks, Josh
i'm an IPv6 pragmatist. I've used IPv6 from its very beginings. i am not a zelot, like so many are. IPv6 has its uses - but most of the actual value in IPv6 has been stripped. for most practical, current use, IPv4 will meet your needs now and for the forseeable future. NAT is your lifeline here. IF (a big one) there are actual changes in regulatory models, transmission models, and reduced dependence on centralized control, IPv6 has a chance to shine and truely become the "next generation". Until then - same old, same old... 96 more bits - no majik. --bill On Wed, Feb 09, 2011 at 06:46:11PM +0000, Stephens, Josh wrote:
Not something I'd typically use this list for but I have an opportunity to host a debate of sorts on IPv6 where I'm taking a very pro IPv6 stance and I need someone who wants to argue the other side - effectively that most people don't need to worry about it for a long time still or until someone makes them.
Any takers feel free to ping me directly...
Thanks, Josh
well, i've argued new gtld registry operators in general do not benefit from a manditory v6 reachability requirement at transition to delegation, a position unpopular with v6 evangelicals and others who suppose that new gtld registry operators will exist to serve "the next billion users" rather than to offer alternate name space views to the existing {b,m}illions of v4 addressed spindles. related, i've argue that new gtld registry operators in general do not benefit from a manditory dnssec requirement, a position unpopular with dnssec evangelicals and others who suppose that new gtld registry operators will exist to serve ecommerce with sufficient generality, persistence, and volume to make them more attractive targets for rational economic exploits than existing, unsigned zones. for those not keeping track, icann's laundry list of mandatory to implements includes v6 reachibility, and dnssec, shortly after the date of contract, so significantly prior to the operator acquiring operational experience, and of course, cctlds, and existing gtlds, are under no obligation to sign their zones. i don't think of these positions as "naysaing" either v6 or dnssec, just the it-must-be-done-now claims of urgency and universality of some of the respective advocates for "sensible stuff", who because they hold the right opinion, inform icann's ssac. -e
On Feb 9, 2011, at 11:06 AM, Eric Brunner-Williams wrote:
well, i've argued new gtld registry operators in general do not benefit from a manditory v6 reachability requirement at transition to delegation, a position unpopular with v6 evangelicals and others who suppose that new gtld registry operators will exist to serve "the next billion users" rather than to offer alternate name space views to the existing {b,m}illions of v4 addressed spindles.
I disagree... I think that offering alternate name space views to the existing {b,m}illions of v4 addressed spindles requires IPv6 reachability as well since those will also be adding IPv6 capabilities in the next year or two. It's not that I think you only serve the future. It's that we think you are failing to recognize that IPv6 is now and that what is IPv4 today will be at least dual-stack tomorrow.
related, i've argue that new gtld registry operators in general do not benefit from a manditory dnssec requirement, a position unpopular with dnssec evangelicals and others who suppose that new gtld registry operators will exist to serve ecommerce with sufficient generality, persistence, and volume to make them more attractive targets for rational economic exploits than existing, unsigned zones.
for those not keeping track, icann's laundry list of mandatory to implements includes v6 reachibility, and dnssec, shortly after the date of contract, so significantly prior to the operator acquiring operational experience, and of course, cctlds, and existing gtlds, are under no obligation to sign their zones.
The latter part of that paragraph is an unfortunate artifact of a pre-existing contract without those requirements. I would expect those requirements to be added at contract renewal.
i don't think of these positions as "naysaing" either v6 or dnssec, just the it-must-be-done-now claims of urgency and universality of some of the respective advocates for "sensible stuff", who because they hold the right opinion, inform icann's ssac.
I think that the requirements are reasonable and that it is unfortunate that they cannot be added to the existing GTLD contracts. Owen
I disagree... I think that offering alternate name space views to the existing {b,m}illions of v4 addressed spindles requires IPv6 reachability as well since those will also be adding IPv6 capabilities in the next year or two.
so your claim is that to have a .cat, serving registrants currently using v4 provisioned hosting services, and end-users currently using v4 provisioned eyeball networks, and initially address and resources (but not names) currently extant in the com/net/org/biz/info namespaces [1], the .cat registry first has to be v6 reachable. and this claim is true because the webhosting operators, primarily in Catalonia, who have v4 now, will themselves be v6 reachable in the next year or two ... i think this requires either the existing hosting operators abandon vhosting as a service model or abandon their existing v4 allocations. now rinse and repeat for .nyc. the claim is somehow that the market for hosting operators (ok, the hosting lines of business of godaddy, tucows, enom, netsol, ... and their downstream resellers, which is statistically likely to have 51% of all .nyc registrations), and/or (your choice) the eyeball network operators for the tri-state area, are going to either abandon vhosting as a service model or abandon their existing v4 allocations ... where the v6 ab initio convinces me some is the area i currently work on -- developing economies. nigeria is a good example, fewer than 10^^5 computers, a population of 15x10^^7, and cell phone penetration rate approaching 1 in 3. even so, the number of v6 prefixes in afnic's inventory of allocations is ... very small ... for all of africa as a region.
It's not that I think you only serve the future. It's that we think you are failing to recognize that IPv6 is now and that what is IPv4 today will be at least dual-stack tomorrow.
if the window for applications opens 4 months after icann-41 (amman, jordan), in q42011, then delegations will occur as soon as q32012. is your claim that registry operators where v6 is _sparce_, and/or where v6 eyeball networks are _sparce_, two years from today, are properly failed for technical reasons, two years from today, for lack of v6 capability? if your claim is that v6 is mandatory to implement sometime soon, i'm fine with that rather flexible temporal requirement, but icann's current rules of the road are an application that isn't v6 ready at transition to delegation (roughly two years from now) fails. pessimally, the requirement is present at the date when applications are submitted, that is, a year from today. now there's still 24 months for icann legal staff to acquire clue, and for last week's press event to galvanize operators everywhere, so perhaps this (and its cognate, dnssec at transition to delegation) can be elided, but it is irresponsible to assert [2], independent of the purpose and position of a registry, that it must have a feature due to the universalist claims of advocates for a particular technology. thanks for your difference, -e [1] after four years of operation, more than half of the new .cat registrations are for names which do not exist in the cnobi (& .es) set of name spaces. [2] except for evangelicals who's job is to sell something.
On Feb 9, 2011, at 3:08 PM, Eric Brunner-Williams wrote:
I disagree... I think that offering alternate name space views to the existing {b,m}illions of v4 addressed spindles requires IPv6 reachability as well since those will also be adding IPv6 capabilities in the next year or two.
so your claim is that to have a .cat, serving registrants currently using v4 provisioned hosting services, and end-users currently using v4 provisioned eyeball networks, and initially address and resources (but not names) currently extant in the com/net/org/biz/info namespaces [1], the .cat registry first has to be v6 reachable.
My claim is that about the time these zones are rolling out, the registrants currently using v4 provisioned hosting services and end users currently using v4 provisioned eyeball networks will also, at least in some cases, be using dual stack and/or v6 services.
and this claim is true because the webhosting operators, primarily in Catalonia, who have v4 now, will themselves be v6 reachable in the next year or two ... i think this requires either the existing hosting operators abandon vhosting as a service model or abandon their existing v4 allocations.
You do not have to abandon v4 to deploy v6. That's an absurd claim.
now rinse and repeat for .nyc. the claim is somehow that the market for hosting operators (ok, the hosting lines of business of godaddy, tucows, enom, netsol, ... and their downstream resellers, which is statistically likely to have 51% of all .nyc registrations), and/or (your choice) the eyeball network operators for the tri-state area, are going to either abandon vhosting as a service model or abandon their existing v4 allocations ...
Again, the need for v6 is not predicated on the abandonment of v4.
where the v6 ab initio convinces me some is the area i currently work on -- developing economies. nigeria is a good example, fewer than 10^^5 computers, a population of 15x10^^7, and cell phone penetration rate approaching 1 in 3. even so, the number of v6 prefixes in afnic's inventory of allocations is ... very small ... for all of africa as a region.
I believe AfriNIC has a /12 like any other RIR. I'm not sure what you are saying here.
It's not that I think you only serve the future. It's that we think you are failing to recognize that IPv6 is now and that what is IPv4 today will be at least dual-stack tomorrow.
if the window for applications opens 4 months after icann-41 (amman, jordan), in q42011, then delegations will occur as soon as q32012.
Yes.
is your claim that registry operators where v6 is _sparce_, and/or where v6 eyeball networks are _sparce_, two years from today, are properly failed for technical reasons, two years from today, for lack of v6 capability?
I'm not sure what you mean by _sparce_. My claim is that by 4q2012, I expect we will see much much wider IPv6 deployment and potentially eyeball networks that are primarily or exclusively IPv6 with at best limited or degraded IPv4 support through multiple layers of NAT. As such, I think that registries spinning up in 3q2012 should be required to have IPv6 support. yes.
if your claim is that v6 is mandatory to implement sometime soon, i'm fine with that rather flexible temporal requirement, but icann's current rules of the road are an application that isn't v6 ready at transition to delegation (roughly two years from now) fails.
If you define soon as prior to 2q2012, then, yes, I'm fine with that. However, that seems to be about a quarter earlier than you think these things will be starting up. Since you seem to be claiming they should get some period beyond that where they don't need to run IPv6 (I'm not sure where they're supposed to get their addresses to run on IPv4 by then, frankly), I think your definition of soon and mine are probably not compatible.
pessimally, the requirement is present at the date when applications are submitted, that is, a year from today.
I don't think that 1q2012 is especially out of line given a 2q2012 target date.
now there's still 24 months for icann legal staff to acquire clue, and for last week's press event to galvanize operators everywhere, so perhaps this (and its cognate, dnssec at transition to delegation) can be elided, but it is irresponsible to assert [2], independent of the purpose and position of a registry, that it must have a feature due to the universalist claims of advocates for a particular technology.
I think it is irresponsible at this point to consider deploying any major network infrastructure without requiring IPv6 capabilities at deployment. IANA is already out of IPv4. If you expect these systems to start getting deployed in 3q2012, then, you're talking about a time which is likely to be well past RIR exhaustion in most cases. I suppose they can get a /22 from APNIC, but, other than that, where do you expect these organizations to even get IPv4 to work with?
thanks for your difference, -e
Any time. Owen
On 2/9/11 10:32 PM, Owen DeLong wrote:
On Feb 9, 2011, at 3:08 PM, Eric Brunner-Williams wrote:
I disagree... I think that offering alternate name space views to the existing {b,m}illions of v4 addressed spindles requires IPv6 reachability as well since those will also be adding IPv6 capabilities in the next year or two.
so your claim is that to have a .cat, serving registrants currently using v4 provisioned hosting services, and end-users currently using v4 provisioned eyeball networks, and initially address and resources (but not names) currently extant in the com/net/org/biz/info namespaces [1], the .cat registry first has to be v6 reachable.
My claim is that about the time these zones are rolling out, the registrants currently using v4 provisioned hosting services and end users currently using v4 provisioned eyeball networks will also, at least in some cases, be using dual stack and/or v6 services.
"in some cases" is a poor motivation for a general mandatory-to-implement requirement. a "v6 where required (by other market actors than icann's legal staff in marina del rey)" form would be appropriate -- but you're making a universal claim, so on we go... inter alia, that both ends of the chain of resolution (stub resolver on an eyeball network and mapped resource in a hosting provider rack) may be using dual-stack fails to motivate why the authoritative name to address resolver must be v6 reachable.
and this claim is true because the webhosting operators, primarily in Catalonia, who have v4 now, will themselves be v6 reachable in the next year or two ... i think this requires either the existing hosting operators abandon vhosting as a service model or abandon their existing v4 allocations.
You do not have to abandon v4 to deploy v6. That's an absurd claim.
yet it is the claim you are making. the resource must be v6 reachable, and you're not offering arbitrary capriciousness of some evangelically unbalanced lawyers in a high-rise in marina del ray as a rational, so you must have a material necessity rational.
now rinse and repeat for .nyc. the claim is somehow that the market for hosting operators (ok, the hosting lines of business of godaddy, tucows, enom, netsol, ... and their downstream resellers, which is statistically likely to have 51% of all .nyc registrations), and/or (your choice) the eyeball network operators for the tri-state area, are going to either abandon vhosting as a service model or abandon their existing v4 allocations ...
Again, the need for v6 is not predicated on the abandonment of v4.
you've managed to elide responding to both (a) an actual new (in 2005) registry, with existing v4 provisioning, and (b) a pending new (in 2012) registry, again with existing v4 provisioning. i look forward to learning why .cat failed for lack of v6, and why .nyc will fail, for lack of v6, in a sentence that doesn't contain a reference to lawyers in a high-rise in marina del ray.
where the v6 ab initio convinces me some is the area i currently work on -- developing economies. nigeria is a good example, fewer than 10^^5 computers, a population of 15x10^^7, and cell phone penetration rate approaching 1 in 3. even so, the number of v6 prefixes in afnic's inventory of allocations is ... very small ... for all of africa as a region.
I believe AfriNIC has a /12 like any other RIR. I'm not sure what you are saying here.
try looking beyond what the iana has allocated to a rir, and look at what prefixes the rir has allocated. alternatively, something along the lines of trivial pursuits, name the data centers and/or eyeball networks in africa in which v6 was deployed in q42010.
It's not that I think you only serve the future. It's that we think you are failing to recognize that IPv6 is now and that what is IPv4 today will be at least dual-stack tomorrow.
if the window for applications opens 4 months after icann-41 (amman, jordan), in q42011, then delegations will occur as soon as q32012.
Yes.
is your claim that registry operators where v6 is _sparce_, and/or where v6 eyeball networks are _sparce_, two years from today, are properly failed for technical reasons, two years from today, for lack of v6 capability?
I'm not sure what you mean by _sparce_.
See africa, v6 availability, above.
My claim is that by 4q2012, I expect we will see much much wider IPv6 deployment and potentially eyeball networks that are primarily or exclusively IPv6 with at best limited or degraded IPv4 support through multiple layers of NAT.
now that is an interesting claim. suppose it is true and there is "at best limited or degraded IPv4" on eyeball networks. why is a once per session trip up and down the chain of resolution sufficient to motivate anything? further, why do you suppose that new gtld registries, but not existing gtld registries, have an affirmative duty to be v6 reachable from resolvers on v6-only eyeball networks? what is the point of partitioning content along "legacy v4 provisioned content, and its v4 provisioned access demographic" and "new gtld mapped content and its v6 provisioned access demographic"? to be really convincing, it would help if you'd make the case that existing v4-reachable-only registries must be v6 reachable or fail, just as you'd fail a new gtld applicant lacking v6.
As such, I think that registries spinning up in 3q2012 should be required to have IPv6 support. yes.
see above.
if your claim is that v6 is mandatory to implement sometime soon, i'm fine with that rather flexible temporal requirement, but icann's current rules of the road are an application that isn't v6 ready at transition to delegation (roughly two years from now) fails.
If you define soon as prior to 2q2012, then, yes, I'm fine with that. However, that seems to be about a quarter earlier than you think these things will be starting up. Since you seem to be claiming they should get some period beyond that where they don't need to run IPv6 (I'm not sure where they're supposed to get their addresses to run on IPv4 by then, frankly), I think your definition of soon and mine are probably not compatible.
first, refer to the statistical likelihood date of v4 exhaustion in the afnic region. there's a nice graph available that shows very broad shoulders, several years of availability. second, registries are critical internet infrastructure, and in the arin region prop 125, which you know about having commented on it, there exists a policy of reserve for ci requirements, and 125 provides for three (3) years of resource availability to the allocation receiving ci requester. requesting a 125-similar policy for the rir with the next most proximal statistical likelihood date of v4 exhaustion, the ripe region, is on my todo list. note however, that few applications for registries located in the arin or ripe regions, where the statistical likelihood date of v4 exhaustion is both most proximal, and the confidence level narrowest, are likely to meet the general reading of the icann board of directors' resolution #20 (nairobi), expressing an interest in forms of cost-reduction assistance to needy applicants, e.g., from "developing countries".
pessimally, the requirement is present at the date when applications are submitted, that is, a year from today.
I don't think that 1q2012 is especially out of line given a 2q2012 target date.
now there's still 24 months for icann legal staff to acquire clue, and for last week's press event to galvanize operators everywhere, so perhaps this (and its cognate, dnssec at transition to delegation) can be elided, but it is irresponsible to assert [2], independent of the purpose and position of a registry, that it must have a feature due to the universalist claims of advocates for a particular technology.
I think it is irresponsible at this point to consider deploying any major network infrastructure without requiring IPv6 capabilities at deployment. IANA is already out of IPv4. If you expect these systems to start getting deployed in 3q2012, then, you're talking about a time which is likely to be well past RIR exhaustion in most cases. I suppose they can get a /22 from APNIC, but, other than that, where do you expect these organizations to even get IPv4 to work with?
just how many endpoint identifiers do you think a registry requires? i don't think this is your best argument, as it requires a suspension of belief that there is a market, or markets, in allocations sufficient to provision anything from a half-rack to multiple racks in a standard cage, and the margin on a registry footprint is lower than the margin on most other hosting operations. if you're going to swing for the fence, don't try to argue lack of something that can still be bought for some time to come. make the claim that registrants (other than ppc registrants, that's a separate case you may want to make, and if so, don't forget the eyeball network operator as a beneficiary from systemic synthetic return, a la verisign's sitefinder) demand that their resources be resolvable by v6 only paths because there is sufficient revenue in v6 reachability, or that v6 only registrations will, in the twelve quarters of operation, provide more revenue, or at least enough to cover costs and reduce the likelihood of registry failure, than the v4 only registrations. having made any case based upon benefit, it would be illuminating to opine why no existing registry operator is experiencing v6 uptake by its registrants supporting a registrant beneficiary theory.
thanks for your difference, -e
Any time.
less religion, more near-term numbers. t.i.a. -e
On Feb 10, 2011, at 7:00 AM, Eric Brunner-Williams wrote:
On 2/9/11 10:32 PM, Owen DeLong wrote:
On Feb 9, 2011, at 3:08 PM, Eric Brunner-Williams wrote:
I disagree... I think that offering alternate name space views to the existing {b,m}illions of v4 addressed spindles requires IPv6 reachability as well since those will also be adding IPv6 capabilities in the next year or two.
so your claim is that to have a .cat, serving registrants currently using v4 provisioned hosting services, and end-users currently using v4 provisioned eyeball networks, and initially address and resources (but not names) currently extant in the com/net/org/biz/info namespaces [1], the .cat registry first has to be v6 reachable.
My claim is that about the time these zones are rolling out, the registrants currently using v4 provisioned hosting services and end users currently using v4 provisioned eyeball networks will also, at least in some cases, be using dual stack and/or v6 services.
"in some cases" is a poor motivation for a general mandatory-to-implement requirement. a "v6 where required (by other market actors than icann's legal staff in marina del rey)" form would be appropriate -- but you're making a universal claim, so on we go...
I said "at least in some cases". Since we know that it will be a monotonically increasing set of "some cases" which will rapidly grow to a very high fraction of "some cases", yes, it is a good motivation for a general mandatory-to-implement requirement.
inter alia, that both ends of the chain of resolution (stub resolver on an eyeball network and mapped resource in a hosting provider rack) may be using dual-stack fails to motivate why the authoritative name to address resolver must be v6 reachable.
We can agree to disagree about this.
and this claim is true because the webhosting operators, primarily in Catalonia, who have v4 now, will themselves be v6 reachable in the next year or two ... i think this requires either the existing hosting operators abandon vhosting as a service model or abandon their existing v4 allocations.
You do not have to abandon v4 to deploy v6. That's an absurd claim.
yet it is the claim you are making. the resource must be v6 reachable, and you're not offering arbitrary capriciousness of some evangelically unbalanced lawyers in a high-rise in marina del ray as a rational, so you must have a material necessity rational.
No, it is not. I am claiming that you need to have IPv6 capabilities on critical internet infrastructure because: + The internet is moving to IPv6. + We will be out of free IPv4 addresses by the time these services are being deployed. + A monotonically increasing number of clients will have no or limited/degraded IPv4 access at or soon after deployment of these new GTLDs.
now rinse and repeat for .nyc. the claim is somehow that the market for hosting operators (ok, the hosting lines of business of godaddy, tucows, enom, netsol, ... and their downstream resellers, which is statistically likely to have 51% of all .nyc registrations), and/or (your choice) the eyeball network operators for the tri-state area, are going to either abandon vhosting as a service model or abandon their existing v4 allocations ...
Again, the need for v6 is not predicated on the abandonment of v4.
you've managed to elide responding to both (a) an actual new (in 2005) registry, with existing v4 provisioning, and (b) a pending new (in 2012) registry, again with existing v4 provisioning.
i look forward to learning why .cat failed for lack of v6, and why .nyc will fail, for lack of v6, in a sentence that doesn't contain a reference to lawyers in a high-rise in marina del ray.
I never claimed that .cat failed because of lack of IPv6 as I have no first hand knowledge of the failure of .cat. I never claimed that .nyc would fail because of lack of IPv6. I don't know whether either of those claims is true. If either claim is true, then, certainly, it would be evidence that we need IPv6 for new deployments of critical infrastructure that it is a valid requirement for new GTLDs. However, even if both claims are false, it does not eliminate the need for new GTLDs to provide support for IPV6. There are no lawyers in Marina Del Rey in these statements: + The internet is moving to IPv6. + We will be out of free IPv4 addresses by the time these services are being deployed. + A monotonically increasing number of clients will have no or limited/degraded IPv4 access at or soon after deployment of these new GTLDs. + In a world where there are IPv4 only, IPv4/IPv6 dual stack and IPv6 only hosts, critical infrastructure such as GTLD services should be required to be dual-stack.
where the v6 ab initio convinces me some is the area i currently work on -- developing economies. nigeria is a good example, fewer than 10^^5 computers, a population of 15x10^^7, and cell phone penetration rate approaching 1 in 3. even so, the number of v6 prefixes in afnic's inventory of allocations is ... very small ... for all of africa as a region.
I believe AfriNIC has a /12 like any other RIR. I'm not sure what you are saying here.
try looking beyond what the iana has allocated to a rir, and look at what prefixes the rir has allocated. alternatively, something along the lines of trivial pursuits, name the data centers and/or eyeball networks in africa in which v6 was deployed in q42010.
I guess your point is that AfriNIC and Africa in general is behind the rest of the world in IPv6 deployment? I'm not sure how that is relevant to the fact that IPv6 is a valid requirement for new GTLD infrastructure other than to say that dropping this requirement might impact Africa less than other parts of the world.
It's not that I think you only serve the future. It's that we think you are failing to recognize that IPv6 is now and that what is IPv4 today will be at least dual-stack tomorrow.
if the window for applications opens 4 months after icann-41 (amman, jordan), in q42011, then delegations will occur as soon as q32012.
Yes.
is your claim that registry operators where v6 is _sparce_, and/or where v6 eyeball networks are _sparce_, two years from today, are properly failed for technical reasons, two years from today, for lack of v6 capability?
I'm not sure what you mean by _sparce_.
See africa, v6 availability, above.
Oh, you mean sparse and the_..._ is for emphasis. I thought it was offsetting some special word. Sorry for the misunderstanding. My claim is that if you are running GTLD services, then, you are dealing not with any particular region, but, with providing global infrastructure. The sparseness of IPv6 infrastructure in Africa is not particularly relevant to the question of whether or not global infrastructure needs to support IPv6 going forward.
My claim is that by 4q2012, I expect we will see much much wider IPv6 deployment and potentially eyeball networks that are primarily or exclusively IPv6 with at best limited or degraded IPv4 support through multiple layers of NAT.
now that is an interesting claim. suppose it is true and there is "at best limited or degraded IPv4" on eyeball networks. why is a once per session trip up and down the chain of resolution sufficient to motivate anything?
Are you serious? If it's not, then we don't really need GTLDs at all, do we?
further, why do you suppose that new gtld registries, but not existing gtld registries, have an affirmative duty to be v6 reachable from resolvers on v6-only eyeball networks?
I never said existing gtld registries don't have such an affirmative duty. I think ICANN severely erred in not including IPv6 in the provisions of earlier contracts. I have said that before this topic ever came up. The fact that ICANN made a mistake previously does not mean we should expand that mistake or continue making that mistake.
what is the point of partitioning content along "legacy v4 provisioned content, and its v4 provisioned access demographic" and "new gtld mapped content and its v6 provisioned access demographic"?
What? I'm not trying to partition anything. I'm trying to make sure that any new GTLDs support access from the entire internet and not just the limited and diminishing proportion of the internet that has IPv4 going forward.
to be really convincing, it would help if you'd make the case that existing v4-reachable-only registries must be v6 reachable or fail, just as you'd fail a new gtld applicant lacking v6.
I absolutely think that existing v4-reachable-only registries must be v6 reachable or fail. They may not fail quite so immediately, but, again, I absolutely believe ICANN erred in not making this a requirement for those registries. I certainly don't see using a previous mistake as a reason that we should extend or expand that mistake to new registries.
As such, I think that registries spinning up in 3q2012 should be required to have IPv6 support. yes.
see above.
See answers above.
if your claim is that v6 is mandatory to implement sometime soon, i'm fine with that rather flexible temporal requirement, but icann's current rules of the road are an application that isn't v6 ready at transition to delegation (roughly two years from now) fails.
If you define soon as prior to 2q2012, then, yes, I'm fine with that. However, that seems to be about a quarter earlier than you think these things will be starting up. Since you seem to be claiming they should get some period beyond that where they don't need to run IPv6 (I'm not sure where they're supposed to get their addresses to run on IPv4 by then, frankly), I think your definition of soon and mine are probably not compatible.
first, refer to the statistical likelihood date of v4 exhaustion in the afnic region. there's a nice graph available that shows very broad shoulders, several years of availability.
We're talking about GTLD registries, not African CCTLD registries. GTLDs are GLOBAL. Look at the v4 exhaustion graphs for APNIC, ARIN, and RIPE. The fact that you can point to a single region that some prognosticators say will have space for a few years longer than everyone else really isn't a relevant argument against the need for GTLDs to support IPv6.
second, registries are critical internet infrastructure, and in the arin region prop 125, which you know about having commented on it, there exists a policy of reserve for ci requirements, and 125 provides for three (3) years of resource availability to the allocation receiving ci requester. requesting a 125-similar policy for the rir with the next most proximal statistical likelihood date of v4 exhaustion, the ripe region, is on my todo list.
Again, not seeing relevance here. I have no belief that registries don't need IPv4 support. GTLD registries should absolutely be required to support both protocols until such time as IPv4 can be deprecated in general.
note however, that few applications for registries located in the arin or ripe regions, where the statistical likelihood date of v4 exhaustion is both most proximal, and the confidence level narrowest, are likely to meet the general reading of the icann board of directors' resolution #20 (nairobi), expressing an interest in forms of cost-reduction assistance to needy applicants, e.g., from "developing countries".
I really don't see how that is relevant to whether GTLD registries should be required to have IPv6 support or not. Regardless of where the registry is based, they are providing a global service. They should be required to support the global internet.
pessimally, the requirement is present at the date when applications are submitted, that is, a year from today.
I don't think that 1q2012 is especially out of line given a 2q2012 target date.
now there's still 24 months for icann legal staff to acquire clue, and for last week's press event to galvanize operators everywhere, so perhaps this (and its cognate, dnssec at transition to delegation) can be elided, but it is irresponsible to assert [2], independent of the purpose and position of a registry, that it must have a feature due to the universalist claims of advocates for a particular technology.
I think it is irresponsible at this point to consider deploying any major network infrastructure without requiring IPv6 capabilities at deployment. IANA is already out of IPv4. If you expect these systems to start getting deployed in 3q2012, then, you're talking about a time which is likely to be well past RIR exhaustion in most cases. I suppose they can get a /22 from APNIC, but, other than that, where do you expect these organizations to even get IPv4 to work with?
just how many endpoint identifiers do you think a registry requires?
I don't know. I presume that they need a handful for DNS servers, some for web servers, some for miscellaneous infrastructure.
i don't think this is your best argument, as it requires a suspension of belief that there is a market, or markets, in allocations sufficient to provision anything from a half-rack to multiple racks in a standard cage, and the margin on a registry footprint is lower than the margin on most other hosting operations.
You're right. For the time being, it probably won't be hard for them to obtain IPv4 resources and that really isn't relevant to whether or not they need to provide services over IPv6. The relevant part is the number of potential people trying to use their services that may not have IPv4 access.
if you're going to swing for the fence, don't try to argue lack of something that can still be bought for some time to come. make the claim that registrants (other than ppc registrants, that's a separate case you may want to make, and if so, don't forget the eyeball network operator as a beneficiary from systemic synthetic return, a la verisign's sitefinder) demand that their resources be resolvable by v6 only paths because there is sufficient revenue in v6 reachability, or that v6 only registrations will, in the twelve quarters of operation, provide more revenue, or at least enough to cover costs and reduce the likelihood of registry failure, than the v4 only registrations.
As I said. I think that registries should be required to support both protocols as a simple matter of compatibility with the state of the global internet during the time of their service. It would be absurd to allow a registry with support only for IPX. A such, in the internet that will exist during the terms of these contracts, it would be absurd to allow a registry without support for both IPv4 and IPv6. However, I can see the possibility of a case where a registry is actually unable to get sufficient IPv4 resources during the contract period. In such a case, I do not believe that inability should be held against them. However, with regards to IPv6, there is no such excuse.
having made any case based upon benefit, it would be illuminating to opine why no existing registry operator is experiencing v6 uptake by its registrants supporting a registrant beneficiary theory.
The case for benefit is not there yet. However, as you pointed out, everything we're talking about is 18-24 months away from operations, so, the case will change a lot in that time. The case that is there now is the fact that we all know the internet is changing and that IPv4 addresses are becoming scarce. Deployment of critical infrastructure without dual stack (or at least IPv6) support at this point is irresponsible going forward.
thanks for your difference, -e
Any time.
less religion, more near-term numbers. t.i.a.
No problem. Owen
owen, at several points you assert that gtlds are "global", which i suggest is an error on your part. gtlds are whatever the controlling contract (icann) requires, and that currently lacks an external to the point of service performance measurement, and whatever the registrants require, with some filtering through the marginal interests of registrars. the icann contract for the .cat registry is "sponsored", and the interest of the registry, and its registrants, is marginal outside of catalonia. the icann contract for some municipality or region, assuming the new gtld program results in new contracts, may be "standard" or "community-based", but the intersts of the registry, and its registrants, may also be marginal outside of that municipality or region. you can decide for yourself if your preference for the policy and profit margins for .nyc are controlling, or if the preferences of the city administration, the registry operator, and, using either the .cat or the .nl rates of adoption, a quarter of a million or four million new yorkers are controlling. if there is a registry the operations for which you are familiar enough to discuss, we can discuss the necessity and utility of a v6 reachibility requirement, though the prior to delegation requirement is unique to the proposed contract for new registries. -e
On Feb 14, 2011, at 7:12 AM, Eric Brunner-Williams wrote:
owen,
at several points you assert that gtlds are "global", which i suggest is an error on your part.
TLDs come in two flavors. GTLD -- Global Top Level Domain -- A domain which contains records for entities not restricted to a particular geographical area. CCTLD -- Country Code Top Level Domain -- A domain which is under the control of a particular national government represented by the corresponding 2-letter ISO country code. The G in GTLD is Global... I'm not asserting anything, it's flat out in the term.
gtlds are whatever the controlling contract (icann) requires, and that currently lacks an external to the point of service performance measurement, and whatever the registrants require, with some filtering through the marginal interests of registrars.
Your point being?
the icann contract for the .cat registry is "sponsored", and the interest of the registry, and its registrants, is marginal outside of catalonia.
Interest in .cat may or may not be marginal. Doesn't matter. The nature of any policy regarding GTLDs is that it relates to more GTLDs than just ".cat". GTLDs are, by definition, global in scope on the internet and any policy about them should be viewed in that light.
the icann contract for some municipality or region, assuming the new gtld program results in new contracts, may be "standard" or "community-based", but the intersts of the registry, and its registrants, may also be marginal outside of that municipality or region.
Your point being?
you can decide for yourself if your preference for the policy and profit margins for .nyc are controlling, or if the preferences of the city administration, the registry operator, and, using either the .cat or the .nl rates of adoption, a quarter of a million or four million new yorkers are controlling.
First, I think giving all of these random things a GTLD to begin with is an absurd process fraught with peril to satisfy ICANN's greed. However, that's not my decision. If ICANN is going to move forward with this mess, the least we can do is try to have consistent policy for all GTLDs. While I recognize that ICANN lacked the foresight to make it possible to apply updated technical requirements to existing GTLD operators until their contract comes up for renewal, that is no reason we should not have reasonable and current requirements for new GTLDs.
if there is a registry the operations for which you are familiar enough to discuss, we can discuss the necessity and utility of a v6 reachibility requirement, though the prior to delegation requirement is unique to the proposed contract for new registries.
All operators should be required to support IPv6. If ICANN had done their job properly, this requirement would be applied to existing operators too. Unfortunately, ICANN dropped the ball and the contracts don't allow that. The fact that ICANN dropped the ball on existing registries isn't a reason to drop the ball on new ones. Owen
On Mon, Feb 14, 2011 at 12:30:31PM -0800, Owen DeLong wrote:
GTLD -- Global Top Level Domain -- A domain which contains records for entities not restricted to a particular geographical area.
s/Global/Generic/
The G in GTLD is Global... I'm not asserting anything, it's flat out in the term.
No, it isn't.
All operators should be required to support IPv6. If ICANN had done their job properly, this requirement would be applied to existing operators too.
That I agree to. :-) Domain stuff is all about making money with labels, not "doing it the right way" though. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
On 2/14/11 3:30 PM, Owen DeLong wrote:
On Feb 14, 2011, at 7:12 AM, Eric Brunner-Williams wrote:
owen,
at several points you assert that gtlds are "global", which i suggest is an error on your part.
TLDs come in two flavors.
GTLD -- Global Top Level Domain -- A domain which contains records for entities not restricted to a particular geographical area.
CCTLD -- Country Code Top Level Domain -- A domain which is under the control of a particular national government represented by the corresponding 2-letter ISO country code.
The G in GTLD is Global... I'm not asserting anything, it's flat out in the term.
ok. we've reached the point where your subject matter expertise is obviously greater than mine. i've been working in icann policy and registry technology since ... well, since the nic contract was one floor below my office in sri's e-building. and you _know_ that "g" means "global". -e
The G in GTLD is Global... I'm not asserting anything, it's flat out in the term.
I believe the "g" is for "generic." -- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
I'd argue that all TLD registries should be reachable over IPv6 by now and all TLD should be reachable over IPv6 by now. It's not that hard nor is it any more expensive. It just requires will to turn it on. Requiring that new TLDs and the registry infrastucture be reachable over IPv6 from day one is perfectly reasonable. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
IPv6 for some ISPs will be extraordinarily painful because of legacy layer 2 gear (usually DSLAMs that drop any frame with IPv6 in the EtherType field), inability to upgrade customer gear efficiently (again mainly a DSL problem where TR-069 isn't in use), and the requirement to replace PPPoE/oA termination gear (like Redback SMSs) means that a small telco (say 3000 DSL lines) could be facing a multi-million dollar expense to enable IPv6 for customers. For ISPs in this circumstance the choice will be CGNAT rather than IPv6 for a number of years because the cost is much lower and according to the vendors selling CGNAT solutions the impact to end users is (almost) unnoticeable. On 2/9/2011 1:46 PM, Stephens, Josh wrote:
Not something I'd typically use this list for but I have an opportunity to host a debate of sorts on IPv6 where I'm taking a very pro IPv6 stance and I need someone who wants to argue the other side - effectively that most people don't need to worry about it for a long time still or until someone makes them.
Any takers feel free to ping me directly...
Thanks, Josh
-- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
according to the vendors selling CGNAT solutions the impact to end users is (almost) unnoticeable.
And according to a used car salesman, this here pickup truck was only gently driven by a little old lady to the shop once a week. There's going to be a lot of snake oil in the next couple years as very small ISPs struggle to implement native IPv6 over those aging DSLAMs and GPON systems that don't and won't support it. Nathan
On Feb 9, 2011, at 2:38 PM, Nathan Eisenberg wrote:
according to the vendors selling CGNAT solutions the impact to end users is (almost) unnoticeable.
And according to a used car salesman, this here pickup truck was only gently driven by a little old lady to the shop once a week. There's going to be a lot of snake oil in the next couple years as very small ISPs struggle to implement native IPv6 over those aging DSLAMs and GPON systems that don't and won't support it.
LOL just try your cell phone... Mine works fine over office wifi but not over cellular. Its not just small ISPs; its tier1's as well. Tom
Scott Helms <khelms@ispalliance.net> writes:
IPv6 for some ISPs will be extraordinarily painful because of legacy layer 2 gear
I don't feel sorry for them. We know that IPv6 is coming for how long? 15years? 10year? 5years? Well if you only read the mainstream media you should have read something about this new Internet thing about two years ago. And still many people fear IPv6 or think the can still wait for another couple of years.
For ISPs in this circumstance the choice will be CGNAT rather than IPv6 for a number of years because the cost is much lower and according to the vendors selling CGNAT solutions the impact to end users is (almost) unnoticeable.
Cost's might be lower but service will be worse. NAT breaks a lot of applications file sharing will not work properly and running your own web server at home will not work properly. Well you always get what you pay for and people will buy any crap if it is cheap enough. Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@guug.de | ------------------- | -------------------------------------------------------------------------
I don't know. We're pretty far down the road now, but there might be things that could have done with NAT/PAT to make them suck less, at least for eyeball networks. Just being the devils advocate here. What if dynamic address assignment by eyeball ISPs had been modified to allow a "fractional" IP address reservation. 1/2 IP, 1/4 IP, ..., 1/16 IP, down to maybe 1/256 IP. Each one would represent a range of ports, dividing up the available port range in 2^k pieces. This wouldn't really represent a layer of NAT, just an agreement by the CPE device to only use a specific range of ports within the assigned routable IP address (this is the fractional IP part). Of course, the upstream router could enforce that port restriction. The "low" fraction in each IP would tend to have the standard server ports available, so one server on standard ports could be accomodated per routable IP, but eyeball boxes shouldn't care that much, and everybody would have a fixed port range, so P2P services that are port flexible could still have ports to map in through. Ok, it's kind of ugly, but the PC's inside it wouldn't feel much worse off than they do today. the CPE could even map static ports all the way through to pc's on the lan... On Wed, Feb 9, 2011 at 2:44 PM, Jens Link <lists@quux.de> wrote:
Scott Helms <khelms@ispalliance.net> writes:
IPv6 for some ISPs will be extraordinarily painful because of legacy layer 2 gear
I don't feel sorry for them. We know that IPv6 is coming for how long? 15years? 10year? 5years? Well if you only read the mainstream media you should have read something about this new Internet thing about two years ago. And still many people fear IPv6 or think the can still wait for another couple of years.
For ISPs in this circumstance the choice will be CGNAT rather than IPv6 for a number of years because the cost is much lower and according to the vendors selling CGNAT solutions the impact to end users is (almost) unnoticeable.
Cost's might be lower but service will be worse. NAT breaks a lot of applications file sharing will not work properly and running your own web server at home will not work properly. Well you always get what you pay for and people will buy any crap if it is cheap enough.
Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@guug.de | ------------------- | -------------------------------------------------------------------------
On Wed, 9 Feb 2011, Jens Link wrote:
Scott Helms <khelms@ispalliance.net> writes:
IPv6 for some ISPs will be extraordinarily painful because of legacy layer 2 gear
I don't feel sorry for them. We know that IPv6 is coming for how long? 15years? 10year? 5years? Well if you only read the mainstream media you
And at what point during that time did they have any vendor gear they could purchase that -would- support v6? At -best- during the last 5 years, but I'd put money on that even today they can't purchase gear with adequate v6 support. -- david raistrick http://www.netmeister.org/news/learn2quote.html drais@icantclick.org http://www.expita.com/nomime.html
On 2/9/2011 2:00 PM, david raistrick wrote:
And at what point during that time did they have any vendor gear they could purchase that -would- support v6? At -best- during the last 5 years, but I'd put money on that even today they can't purchase gear with adequate v6 support.
Supply and demand. There was no demand (most of my vendors didn't get any requests/questions concerning IPv6 until roughly 6 months ago). J and C have had considerable support (though still a work in progress) for some time, though I'd agree that 5 years sounds about right (it takes 1 large core network to push C/J into implementing base IPv6, but it was originally around that customer's desires and not multipurpose). Jack
On 02/09/2011 12:08 PM, Jack Bates wrote:
On 2/9/2011 2:00 PM, david raistrick wrote:
And at what point during that time did they have any vendor gear they could purchase that -would- support v6? At -best- during the last 5 years, but I'd put money on that even today they can't purchase gear with adequate v6 support.
Supply and demand. There was no demand (most of my vendors didn't get any requests/questions concerning IPv6 until roughly 6 months ago). J and C have had considerable support (though still a work in progress) for some time, though I'd agree that 5 years sounds about right (it takes 1 large core network to push C/J into implementing base IPv6, but it was originally around that customer's desires and not multipurpose).
Ultimately vendors only kneejerk when they're told to kneejerk. It's not like we didn't know about it 10 years ago too, but when the feature mill was prioritized... around the merry-go-round we go. So let's lay blame where everybody can agree: suits. Mike
david raistrick <drais@icantclick.org> writes:
And at what point during that time did they have any vendor gear they could purchase that -would- support v6? At -best- during the last 5 years, but I'd put money on that even today they can't purchase gear with adequate v6 support.
Another chicken and egg problem here. Customers have no demand for IPv6, vendors don't implement it. Vendors don't implement it, customers don't use it. Sad but true. Right now I have two TAC request open with Cisco regarding IPv6 problems on the ASA. Ever tried traceroute to a dual-stacked or IPv6 only host? ;-) Jens BTW: No need to cc me I'm reading the list. -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@guug.de | ------------------- | -------------------------------------------------------------------------
On Feb 9, 2011, at 12:00 PM, david raistrick wrote:
On Wed, 9 Feb 2011, Jens Link wrote:
Scott Helms <khelms@ispalliance.net> writes:
IPv6 for some ISPs will be extraordinarily painful because of legacy layer 2 gear
I don't feel sorry for them. We know that IPv6 is coming for how long? 15years? 10year? 5years? Well if you only read the mainstream media you
And at what point during that time did they have any vendor gear they could purchase that -would- support v6? At -best- during the last 5 years, but I'd put money on that even today they can't purchase gear with adequate v6 support.
This is largely the result of the fact that they did not demand it from their vendors during that time. Owen
On 2/9/2011 5:48 PM, Owen DeLong wrote:
On Feb 9, 2011, at 12:00 PM, david raistrick wrote:
On Wed, 9 Feb 2011, Jens Link wrote:
Scott Helms<khelms@ispalliance.net> writes:
IPv6 for some ISPs will be extraordinarily painful because of legacy layer 2 gear I don't feel sorry for them. We know that IPv6 is coming for how long? 15years? 10year? 5years? Well if you only read the mainstream media you And at what point during that time did they have any vendor gear they could purchase that -would- support v6? At -best- during the last 5 years, but I'd put money on that even today they can't purchase gear with adequate v6 support.
This is largely the result of the fact that they did not demand it from their vendors during that time.
Owen
Absolutely, just as the ISPs didn't see demand, and don't today, from their users and thus the circle of blame is complete :) -- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
On 2/9/2011 14:55, Scott Helms wrote:
Absolutely, just as the ISPs didn't see demand, and don't today, from their users and thus the circle of blame is complete :)
And they never will. Their users demand "the internets", not a specific version of some protocol that users don't care about. ~Seth
In message <4D531B52.70404@ispalliance.net>, Scott Helms writes:
On Feb 9, 2011, at 12:00 PM, david raistrick wrote:
On Wed, 9 Feb 2011, Jens Link wrote:
Scott Helms<khelms@ispalliance.net> writes:
IPv6 for some ISPs will be extraordinarily painful because of legacy layer 2 gear I don't feel sorry for them. We know that IPv6 is coming for how long? 15years? 10year? 5years? Well if you only read the mainstream media you And at what point during that time did they have any vendor gear they coul d purchase that -would- support v6? At -best- during the last 5 years, but I'd put money on that even today they can't purchase gear with adequate v6 su
On 2/9/2011 5:48 PM, Owen DeLong wrote: pport.
This is largely the result of the fact that they did not demand it from the ir vendors during that time.
Owen
Absolutely, just as the ISPs didn't see demand, and don't today, from their users and thus the circle of blame is complete :)
And some of their customers have been asking for IPv6 all along. I started asking my ISP at home in 2003. I suspect if all the ISPs here were honest they would say that they have had a trickle of IPv6 requests for the last 8 years. Mark Date: Mon, 16 Jun 2003 09:54:05 +1000 To: Mark_Andrews@isc.org From: cablesupport@optusnet.com.au Subject: Re: [TT#6556559] HELPDESK Feedback Form - Mon Jun 16 09:52:50 2003 Return-Path: nobody@pts.optusnet.com.au Delivery-Date: Mon Jun 16 10:00:00 2003 Return-Path: <nobody@pts.optusnet.com.au> X-Original-To: marka@farside.isc.org Delivered-To: marka@farside.isc.org X-Loop: pts Reply-To: cablesupport@optusnet.com.au Hello, Thank you for your email regarding the OptusNet Cable service. At the moment there are no plans for any IPv6 deployment, when this is due to happen we will notify all customers. Regards, Alex OptusNet Cable Technical Support -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On 2/9/2011 7:22 PM, Mark Andrews wrote:
And some of their customers have been asking for IPv6 all along.
I started asking my ISP at home in 2003. I suspect if all the ISPs here were honest they would say that they have had a trickle of IPv6 requests for the last 8 years.
Mark
Mark, I don't doubt that but request levels have to rise to a certain point. I still get a trickle of requests for UUCP service along with other very low volume features/products. Its the same thing as when you guys get a feature request for BIND or ISC DHCP that only a tiny fraction of your customers will use. Everyone has to prioritize and given that all of the tech folks who wanted to get an IPv6 connection could do so via tunneling there has been absolutely 0 pressure from residential customers and very very little from commercial customers. The federal government's requirement generated a few months of interest until everyone figured out they could satisfy their requirements by setting a tunnel with HE. -- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
In message <4D53FD00.40900@ispalliance.net>, Scott Helms writes:
On 2/9/2011 7:22 PM, Mark Andrews wrote:
And some of their customers have been asking for IPv6 all along.
I started asking my ISP at home in 2003. I suspect if all the ISPs here were honest they would say that they have had a trickle of IPv6 requests for the last 8 years.
Mark
Mark, I don't doubt that but request levels have to rise to a certain point. I still get a trickle of requests for UUCP service along with other very low volume features/products. Its the same thing as when you guys get a feature request for BIND or ISC DHCP that only a tiny fraction of your customers will use. Everyone has to prioritize and given that all of the tech folks who wanted to get an IPv6 connection could do so via tunneling there has been absolutely 0 pressure from residential customers and very very little from commercial customers. The federal government's requirement generated a few months of interest until everyone figured out they could satisfy their requirements by setting a tunnel with HE.
We sometime react on a single request. Also IPv6 is not something that only a few of our customers will ever use. Close to 100% of our customers will use IPv6. We put IPv6 support, transport and records, into BIND over a decade ago. F was running and answering on IPv6 addresses for years before the AAAA were added. We have been using IPv6 for production services for nearly a decade now. I've had a IPv6 tunnel from home to HE for 7 or 8 years and have been reaching the work machines over that for just as long. ISPs know it takes years to move a customer base. They should have been ready years ago. They still arn't ready. I was asking for what features to look for in a new CPE so that it won't need to be replaced when they turn on IPv6 and got this as a answer. It really isn't helpful. Mark Subject IPv6 support Discussion Thread Response Via Email (Russell) 07/02/2011 02.04 PM Dear Mark, Thank you for your email. IPv6 deployment within Optus has not been broadly discussed. At this point in time Optus has no immediate plans for implementation. Kind Regards, Optus Technical Support -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
ISPs know it takes years to move a customer base. They should have been ready years ago. They still arn't ready. I was asking for what features to look for in a new CPE so that it won't need to be replaced when they turn on IPv6 and got this as a answer. It really isn't helpful. Mark,
I certainly wasn't trying to be flip or short and for that I apologize. To answer the specific question on a CPE that depends both on what kind of access network you're connecting to as well as if its a service provider installed/supported device or one that a technical end user can support him/herself as those are very different use cases. The point I am trying to communicate is that CPE issue not simple, straightforward, or cheap because in almost all of the non-DOCSIS cases we're looking at forklift upgrades. -- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
On Feb 11, 2011, at 6:38 AM, Scott Helms wrote:
ISPs know it takes years to move a customer base. They should have been ready years ago. They still arn't ready. I was asking for what features to look for in a new CPE so that it won't need to be replaced when they turn on IPv6 and got this as a answer. It really isn't helpful. Mark,
I certainly wasn't trying to be flip or short and for that I apologize. To answer the specific question on a CPE that depends both on what kind of access network you're connecting to as well as if its a service provider installed/supported device or one that a technical end user can support him/herself as those are very different use cases.
The point I am trying to communicate is that CPE issue not simple, straightforward, or cheap because in almost all of the non-DOCSIS cases we're looking at forklift upgrades.
Yes, but, let's look at why that is... The Broadband Forum sat on its ass and ignored IPv6. They failed to publish IPv6 standards until November of last year. This delayed the implementations in PON and DSL systems. DOCSIS required forklift upgrades, too. The difference is that Cable Labs got out in front of the issue and IPv6 was one of many features that required an upgrade to DOCSIS 3. It's not like Broadband Forum didn't have this option. Sorry... I have little sympathy on that one. Owen
On Fri, Feb 11, 2011 at 11:49 AM, Owen DeLong <owen@delong.com> wrote:
On Feb 11, 2011, at 6:38 AM, Scott Helms wrote:
ISPs know it takes years to move a customer base. They should have been ready years ago. They still arn't ready. I was asking for what features to look for in a new CPE so that it won't need to be replaced when they turn on IPv6 and got this as a answer. It really isn't helpful. Mark,
I certainly wasn't trying to be flip or short and for that I apologize. To answer the specific question on a CPE that depends both on what kind of access network you're connecting to as well as if its a service provider installed/supported device or one that a technical end user can support him/herself as those are very different use cases.
The point I am trying to communicate is that CPE issue not simple, straightforward, or cheap because in almost all of the non-DOCSIS cases we're looking at forklift upgrades.
Yes, but, let's look at why that is...
The Broadband Forum sat on its ass and ignored IPv6. They failed to publish IPv6 standards until November of last year.
This delayed the implementations in PON and DSL systems.
DOCSIS required forklift upgrades, too. The difference is that Cable Labs got out in front of the issue and IPv6 was one of many features that required an upgrade to DOCSIS 3.
It's not like Broadband Forum didn't have this option.
Sorry... I have little sympathy on that one.
3GPP was in front of it too, IPv6 was accounted for 10 years ago... but IPv6 3G will require new handsets for all (excluding Nokia, in some cases) due to the OEMs. For us in mobile, the issue right now is largely one of handset availability. Now that Nokia is married to Windows Phone 7, i am concerned they are taking a step backwards since Windows Phone 7 does not support cellular IPv6. Cameron ++++++++ http://groups.google.com/group/tmoipv6beta ++++++++
On Wed, 9 Feb 2011, Owen DeLong wrote:
I don't feel sorry for them. We know that IPv6 is coming for how long? 15years? 10year? 5years? Well if you only read the mainstream media you
And at what point during that time did they have any vendor gear they could purchase that -would- support v6? At -best- during the last 5 years, but I'd put money on that even today they can't purchase gear with adequate v6 support.
This is largely the result of the fact that they did not demand it from their vendors during that time.
I was purchasing for and building small SP networks during that time. Requiring v6 of our vendors would have meant we just never got anything, so we'd have never provided service. Come to think if it, maybe it -would- have been better for everyone involved (except those of us who just got paychecks and experience out of it) to just simply not do it - but we didn't know that at the time 15 years ago! Vendor C and J don't provide gear that fits into all network topologies (WISPs, MTU DSL, and smallish ADSL roll outs come to mind, certain during the time period in question. Sure, they eventually bought products in those markets...but even still, I had sub 6 figure budgets to build with - I certainly had no leverage). -- david raistrick http://www.netmeister.org/news/learn2quote.html drais@icantclick.org http://www.expita.com/nomime.html
On Feb 9, 2011, at 3:16 PM, david raistrick wrote:
On Wed, 9 Feb 2011, Owen DeLong wrote:
I don't feel sorry for them. We know that IPv6 is coming for how long? 15years? 10year? 5years? Well if you only read the mainstream media you
And at what point during that time did they have any vendor gear they could purchase that -would- support v6? At -best- during the last 5 years, but I'd put money on that even today they can't purchase gear with adequate v6 support.
This is largely the result of the fact that they did not demand it from their vendors during that time.
I was purchasing for and building small SP networks during that time.
Requiring v6 of our vendors would have meant we just never got anything, so we'd have never provided service. Come to think if it, maybe it -would- have been better for everyone involved (except those of us who just got paychecks and experience out of it) to just simply not do it - but we didn't know that at the time 15 years ago!
Requiring it delivered day one, sure. Putting in a requirement for "Will support" so that they are required to provide an upgrade path, OTOH, to me seemed like it was basic good business sense. It worked out pretty well for the organizations I was working for back then. We got upgradeable hardware and the vendors got awareness of the demand. Admittedly, I wasn't working in the last mile arena. However, pressuring vendors is possible without sacrificing immediate needs.
Vendor C and J don't provide gear that fits into all network topologies (WISPs, MTU DSL, and smallish ADSL roll outs come to mind, certain during the time period in question. Sure, they eventually bought products in those markets...but even still, I had sub 6 figure budgets to build with - I certainly had no leverage).
I don't think that networks with sub-6-figure buildouts are the ones we're too worried about right now. They can probably upgrade for sub-6-figure amounts. Owen
On 2/9/2011 6:10 PM, Owen DeLong wrote:
I don't think that networks with sub-6-figure buildouts are the ones we're too worried about right now. They can probably upgrade for sub-6-figure amounts.
sub-6-figure buildouts 15 years ago, is most likely over 6 figures today. 7 figures probably won't get you much out of C and J today. The small to middle guys are at the mercy of the large guys applying pressure to vendors. In addition, there's a lot of finger crossing that those large guys deploy something similar to your setup so the vendor will support that layout. I've had to re-engineer a lot of my networks for IPv6 support due to limited vendor support. You may not worry about my network (and I'll admit that I'm still worried about the core networks), but me and every other small to middle network has to worry about their own network. I know. I know. Forget us. All our users should just go to the big networks. :P Jack
On 02/09/2011 07:32 PM, Jack Bates wrote:
The small to middle guys are at the mercy of the large guys applying pressure to vendors.
I'm gonna just pick on this one thing. This just isn't true. I've always worked in small to middle sized shops, and I have always found that I've been able to yell and scream about IPv6 (and other features) loud enough, and long enough that I get heard by someone in a decision making position for product features (usually along the lines of a product manager or so). And every time I've made the effort to do that (admittedly, not a small effort), that product or line of product has had IPv6 available for it within about a year or so (if not sooner). Every single time. Were the big guys pushing as well? Perhaps, but I *know* that my voice gets heard when I put the effort into it. If you're not being heard by your vendor, you're not yelling loud enough. You're the customer, if your question/concern/request/demand about IPv6 gets blown off by your rep, talk to their boss, and keep demanding to talk to bosses until you get to someone that can give you a solid answer one way or the other, and if the answer is, "no, we won't support IPv6" run, don't walk, away from that vendor. It is absolutely doable, and I would argue that if you haven't reached this point in your purchasing decisions, you're being negligent. -- Jeff
If you're not being heard by your vendor, you're not yelling loud enough.
Or you aren't big enough of a customer. I was at one manufacturer within the past few months and asked about the lack of v6 support at layer 3 in one of their product lines as I had an application for that line but the lack of v6 layer 3 disqualified that solution. I was told that $HUGE_CUSTOMER had placed $HUGE_ORDER and was needing layer 2 features as their highest priority and so that is where they were focusing right now and that layer 3 ipv6 would be out later this year. They did say that it was getting more difficult to sell the gear without the layer 3 features and that the "real soon now" excuse was having trouble getting any traction with potential customers but right now the largest dollar amount of business hinged on layer 2 features.
On 02/09/2011 08:38 PM, George Bonser wrote:
If you're not being heard by your vendor, you're not yelling loud enough.
Or you aren't big enough of a customer. I was at one manufacturer within the past few months and asked about the lack of v6 support at layer 3 in one of their product lines as I had an application for that line but the lack of v6 layer 3 disqualified that solution. I was told that $HUGE_CUSTOMER had placed $HUGE_ORDER and was needing layer 2 features as their highest priority and so that is where they were focusing right now and that layer 3 ipv6 would be out later this year.
They did say that it was getting more difficult to sell the gear without the layer 3 features and that the "real soon now" excuse was having trouble getting any traction with potential customers but right now the largest dollar amount of business hinged on layer 2 features.
That's at least an honest and significant answer. At that point, its up to you whether you're willing to wait. At this point, I'm not willing to, but 2 years ago, I probably would have. My main point is that, if you're getting answers like, "We don't hear any customers asking about it." then you need to push harder. I found its very easy to ask about IPv6, get that answer, and then ask again in 6 months and still get the same answer. My response then would be, "<explitive>, I asked about it 6 months ago, you're just not paying attention, now get me a product manager on the phone so that I can bend their ear and make sure that I'm heard this time." -- Jeff
On Wed, Feb 9, 2011 at 5:49 PM, Jeff McAdams <jeffm@iglou.com> wrote:
My response then would be, "<explitive>, I asked about it 6 months ago,
you're just not paying attention, now get me a product manager on the phone so that I can bend their ear and make sure that I'm heard this time."
-- Jeff
What I can't believe is that not one single $VENDOR_OF_CHOICE has realized the potential windfall that is NANOG. They have a captive audience here of 1,000's of the most influential technical people here who would I'm sure encourage any Vendor who came forward and said "WE WILL" to the IPV6/IPV4 situation. The depth of technical knowledge available here that could be utilized to develop a standard home CPE Unit or variations for example is huge. Not to mention the opportunity to become the "BigBlue" of the 20Teens. I still remember when it was "safe" for any IT career to go "BigBlue" no matter what technical situation you were in (If only I'd listened back then and stayed away from this Linux/Unix stuff). :) Ah well, back to trying to get my IPV6 working inside a NATed IPV4 only ISP (They will at least give you a real IPV4 IP if you wish to do you'r own NATing, default now is NAT from them). Cheers Jeff
On Wed, Feb 9, 2011 at 5:49 PM, Jeff McAdams <jeffm@iglou.com> wrote:
My response then would be, "<explitive>, I asked about it 6 months ago,
you're just not paying attention, now get me a product manager on the phone so that I can bend their ear and make sure that I'm heard this time."
-- Jeff
What I can't believe is that not one single $VENDOR_OF_CHOICE has realized the potential windfall that is NANOG. They have a captive audience here of 1,000's of the most influential technical people here who would I'm sure encourage any Vendor who came forward and said "WE WILL" to the IPV6/IPV4 situation. The depth of technical knowledge available here that could be utilized to develop a standard home CPE Unit or variations for example is huge. Not to mention the opportunity to become the "BigBlue" of the 20Teens. I still remember when it was "safe" for any IT career to go "BigBlue" no matter what technical situation you were in (If only I'd listened back then and stayed away from this Linux/Unix stuff). :) Ah well, back to trying to get my IPV6 working inside a NATed IPV4 only ISP (They will at least give you a real IPV4 IP if you wish to do you'r own NATing, default now is NAT from them). Cheers Jeff
On 10 feb 2011, at 1:52, Jeff McAdams wrote:
I've always worked in small to middle sized shops, and I have always found that I've been able to yell and scream about IPv6 (and other features) loud enough, and long enough that I get heard by someone in a decision making position for product features (usually along the lines of a product manager or so). And every time I've made the effort to do that (admittedly, not a small effort), that product or line of product has had IPv6 available for it within about a year or so (if not sooner).
About 10 years ago I was involved in a project where we were looking for one or two dozen or so gigabit ethernet switches. That order would have barely broken into six figure territory. One sales engineer came around with their product and I remarked "no jumboframe support? your competitors all do 9000 bytes!" A week later, he was back with a newer version of the same box... with 64000-byte jumboframe support. :-)
In message <alpine.BSF.2.00.1102091459200.15471@murf.icantclick.org>, david rai strick writes:
On Wed, 9 Feb 2011, Jens Link wrote:
Scott Helms <khelms@ispalliance.net> writes:
IPv6 for some ISPs will be extraordinarily painful because of legacy layer 2 gear
I don't feel sorry for them. We know that IPv6 is coming for how long? 15years? 10year? 5years? Well if you only read the mainstream media you
And at what point during that time did they have any vendor gear they could purchase that -would- support v6? At -best- during the last 5 years, but I'd put money on that even today they can't purchase gear with adequate v6 support.
And who's fault is that? The ISP's and the vendors. The ISP's could have been requesting IPv6 support. The ISP's could have been running trials and providing feedback to the vendors. The vendors could have asked the ISP's to trail their IPv6 products. We have been saying for years "make sure you are ready". That means buying and testing equipment. Lots of those that tested went on to production years ago. As a vendor we like feedback on our products, good or bad. It's hard to work in a vacuum. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On 2011/02/09 2:44 PM, Jens Link wrote:
IPv6 for some ISPs will be extraordinarily painful because of legacy
layer 2 gear I don't feel sorry for them. We know that IPv6 is coming for how long? 15years? 10year? 5years? Well if you only read the mainstream media you should have read something about this new Internet thing about two years ago. And still many people fear IPv6 or think the can still wait for another couple of years.
I'm not sure about your part of the world, but the economy has been terrible in mine. Even in a good economy, DSL margins don't afford the ability to replace your network every two years. In fact, spending on new gear all but halted for us over the last 6 years. While everyone is still figuring out best practices for IPv6 rollout today, how difficult would it have been to plan and purchase the exact equipment that long ago? Was the right equipment even available for a production environment? Not only that, but cheap CPE equipment that supports IPv6 still hardly exists today, and all of that will need replacing. In addition, what about IP phones and the customer that just replaced their entire phone system? Are they going to want to do that all over again by the end of the year? No, IPv6 rollout is going to be extremely expensive and will likely put a number of smaller operations out of business. -- /Jason
Jason Bertoch <jason@i6ix.com> writes:
I'm not sure about your part of the world, but the economy has been terrible in mine. Even in a good economy, DSL margins don't afford the ability to replace your network every two years.
Same thing here in Germany. DSL providers fighting for the lowest price and customers thinking that free service is still too expensive.
In fact, spending on new gear all but halted for us over the last 6 years. While everyone is still figuring out best practices for IPv6 rollout today, how difficult would it have been to plan and purchase the exact equipment that long ago?
Yeah. But they could have made plans and demanded working equipment from the vendors.
Was the right equipment even available for a production environment?
No, an in some case it is still not available today.
Not only that, but cheap CPE equipment that supports IPv6 still hardly exists today, and all of that will need replacing.
In Europe: Fritzbox from AVM. Almost all the big vendors have their own branded version of it. And the latter versions do support IPv6 quite well.
In addition, what about IP phones and the customer that just replaced their entire phone system? Are they going to want to do that all over again by the end of the year?
You don't have to replace everything at once. But you have to start somewhere.
No, IPv6 rollout is going to be extremely expensive and will likely put a number of smaller operations out of business.
I know several smaller ISPs which offer IPV6 for years. Sure the eyeball providers can hardly beat the cheap prices of the big players. But they do offer individual and good service. Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@guug.de | ------------------- | -------------------------------------------------------------------------
----- Original Message -----
From: "Jason Bertoch" <jason@i6ix.com> To: nanog@nanog.org Sent: Thursday, 10 February, 2011 9:09:16 AM Subject: Re: Looking for an IPv6 naysayer... On 2011/02/09 2:44 PM, Jens Link wrote:
No, IPv6 rollout is going to be extremely expensive and will likely put a number of smaller operations out of business.
You put your finger exactly on the reasons for advocating IPv6. If you look at the OECD report and some others... You have to move to IPv6, not because it has new features, not because it is great, but because if you don't, you will loose your economical advantage over your competitors (and other economies). Who spoke about the SEC requiring mandatory fillings re state of IPv6 deployment for business continuity plan requirements?
Cost's might be lower but service will be worse. NAT breaks a lot of applications file sharing will not work properly and running your own web server at home will not work properly. Well you always get what you pay for and people will buy any crap if it is cheap enough.
Jens
While that is true, it is no worse than the situation right now. In the US, the vast majority of users are already behind a NAT (I would say over 90% of them are) so they are already experiencing this breakage.
On 9 feb 2011, at 21:23, George Bonser wrote:
While that is true, it is no worse than the situation right now. In the US, the vast majority of users are already behind a NAT (I would say over 90% of them are) so they are already experiencing this breakage.
There's a big difference between being able to have uPNP IGD or NAT-PMP open up holes in the NAT (or do it manually) and being 100% incapable of getting any and all incoming sessions. And between having 64k ports for a home and having 64k ports for 100, 1000, 10000 ? homes.
"George Bonser" <gbonser@seven.com> writes:
While that is true, it is no worse than the situation right now. In the US, the vast majority of users are already behind a NAT (I would say over 90% of them are) so they are already experiencing this breakage.
I never thought it was that bad. In some 3G/wireless networks in Germany the providers use NAT and transparent HTTP-proxy. But this is only wireless. I'm not aware of any DSL or Cable provider NATing their customers. Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@guug.de | ------------------- | -------------------------------------------------------------------------
I never thought it was that bad. In some 3G/wireless networks in Germany the providers use NAT and transparent HTTP-proxy. But this is only wireless. I'm not aware of any DSL or Cable provider NATing their customers.
Jens
Practically all broadband providers NAT their customers in the US. If you look at the largest ones which are probably Comcast, Verizon, and AT&T, you have the majority of US broadband subscribers right there.
On 2/9/2011 3:50 PM, George Bonser wrote:
Practically all broadband providers NAT their customers in the US. If you look at the largest ones which are probably Comcast, Verizon, and AT&T, you have the majority of US broadband subscribers right there.
Hmm, I am not aware of Comcast (or any other large MSO) doing any NAT on large scale. Having said that almost all of the DSL customers in the US are being NAT'ed, but on the edge device (DSL modem) rather than in the core. -- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
Hmm, I am not aware of Comcast (or any other large MSO) doing any NAT on large scale. Having said that almost all of the DSL customers in the US are being NAT'ed, but on the edge device (DSL modem) rather than in the core.
-- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum
How many instances of 10/8 did they say they were running? I was behind a NAT when I had Comcast service. I am behind a NAT currently with my AT&T service. Note that the NAT was done on the "cable modem" in both cases and not further in to their network. That said, from my reading of some industry large scale NAT devices (the A10 AX series is one which I am familiar with), they do things such as full cone NAT so it will still work with many applications that might break with conventional overload dynamic NAT.
George, Comcast, like all(?) DOCSIS systems uses 10/8 or one of the other defined non-routable blocks for cable modems, which (if its a DOCSIS certified device) will be a bridge only and will not do NAT. If you we're NAT'ed on a cable modem system it must have been a proprietary system, of which there once was a ton before DOCSIS caught on, that Comcast hadn't phased out. I don't believe that any of the large MSO's (and none of the small ones I know) are doing NAT on edge devices or the core at this point, however your point is still valid since virtually all of the ADSL lines deployed are being NAT'ed at the modem level and that means that millions of people are being NAT'ed without a choice. That also means that a lot of people are already going through two NAT translations since they have plugged in a small router behind their DSL modem and both are NAT'ing their buggy little hearts out. We also have to think about the tremendous number of people on all kinds of networks that are voluntarily, like me, NAT'ing through one device of their own (usually not educated) choice.
How many instances of 10/8 did they say they were running? I was behind a NAT when I had Comcast service. I am behind a NAT currently with my AT&T service.
Note that the NAT was done on the "cable modem" in both cases and not further in to their network. That said, from my reading of some industry large scale NAT devices (the A10 AX series is one which I am familiar with), they do things such as full cone NAT so it will still work with many applications that might break with conventional overload dynamic NAT.
-- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
Comcast, like all(?) DOCSIS systems uses 10/8 or one of the other defined non-routable blocks for cable modems, which (if its a DOCSIS certified device) will be a bridge only and will not do NAT. If you we're NAT'ed on a cable modem system it must have been a proprietary system, of which there once was a ton before DOCSIS caught on, that Comcast hadn't phased out.
I don't believe that any of the large MSO's (and none of the small
ones
I know) are doing NAT on edge devices or the core at this point, however your point is still valid since virtually all of the ADSL lines
I can log in to the Two Wire device on my AT&T Uverse service and see the NAT configuration. It has a global IP on the Internet side and it has a DHCP server handing out RFC1918 addresses on the inside network. I can also configure some settings which allow certain applications inside to map to specific ports on the global IP. When I had Comcast, I am not positive where the NAT was being done, but my computer got an RFC1918 IP when it did DHCP.
I believe all the CM vendors make at least one cable modem that has an embedded router that does NAT (Motorola SBG901, 901, 940, 941; Arris WTM552, etc). Some MSOs may deploy more or less of those. Frank -----Original Message----- From: Scott Helms [mailto:khelms@ispalliance.net] Sent: Wednesday, February 09, 2011 3:28 PM To: George Bonser Cc: nanog@nanog.org Subject: Re: Looking for an IPv6 naysayer... George, Comcast, like all(?) DOCSIS systems uses 10/8 or one of the other defined non-routable blocks for cable modems, which (if its a DOCSIS certified device) will be a bridge only and will not do NAT. If you we're NAT'ed on a cable modem system it must have been a proprietary system, of which there once was a ton before DOCSIS caught on, that Comcast hadn't phased out. I don't believe that any of the large MSO's (and none of the small ones I know) are doing NAT on edge devices or the core at this point, however your point is still valid since virtually all of the ADSL lines deployed are being NAT'ed at the modem level and that means that millions of people are being NAT'ed without a choice. That also means that a lot of people are already going through two NAT translations since they have plugged in a small router behind their DSL modem and both are NAT'ing their buggy little hearts out. We also have to think about the tremendous number of people on all kinds of networks that are voluntarily, like me, NAT'ing through one device of their own (usually not educated) choice.
How many instances of 10/8 did they say they were running? I was behind a NAT when I had Comcast service. I am behind a NAT currently with my AT&T service.
Note that the NAT was done on the "cable modem" in both cases and not further in to their network. That said, from my reading of some industry large scale NAT devices (the A10 AX series is one which I am familiar with), they do things such as full cone NAT so it will still work with many applications that might break with conventional overload dynamic NAT.
-- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
On 2/9/2011 3:17 PM, George Bonser wrote:
Hmm, I am not aware of Comcast (or any other large MSO) doing any NAT on large scale. Having said that almost all of the DSL customers in the US are being NAT'ed, but on the edge device (DSL modem) rather than in the core.
-- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum
How many instances of 10/8 did they say they were running? I was behind a NAT when I had Comcast service. I am behind a NAT currently with my AT&T service.
Note that the NAT was done on the "cable modem" in both cases and not further in to their network.
10/8 is the management network on my cable modem. The cable modem bridges your wan 'real' ip(s) through to your PC or router. At least that's how Suddenlink does it here. The customer is normally 'locked out' of the cable modem, unlike a dsl modem. The largest NATs are presumably w/mobile carriers. I've never been behind NAT (except one I controlled) on a consumer dsl or cable link in the US. Ken That said, from my reading of some
industry large scale NAT devices (the A10 AX series is one which I am familiar with), they do things such as full cone NAT so it will still work with many applications that might break with conventional overload dynamic NAT.
-- Ken Anderson Pacific Internet - http://www.pacific.net
On 2/9/2011 4:36 PM, Ken A wrote:
10/8 is the management network on my cable modem. The cable modem bridges your wan 'real' ip(s) through to your PC or router. At least that's how Suddenlink does it here. The customer is normally 'locked out' of the cable modem, unlike a dsl modem. The largest NATs are presumably w/mobile carriers. I've never been behind NAT (except one I controlled) on a consumer dsl or cable link in the US. Ken
Agreed on the cable side (DOCSIS at least) but most of the DSL systems I've seen are doing NAT on virtually all of the end user gear. Bell South, SBC, Verizon, and Pac Bell are all doing or in the recent past did most/all of their DSL installs this way. Bell South tried using a brouter (only one I've seen in the wild) that did PPPoE on the WAN side and then handed out the same address it was assigned via DHCP on the LAN interface, but it was problematic (imagine that) and they stopped using it some years before the AT&T purchase/merger. The smaller telcos are almost universally doing NAT as well providers like Alltel, Centurytel, Frontier, Finepoint, as well as the smaller ILEC's simply don't do bridging on their CPE gear since they seldom had their DSLAMs set up to deal with Q-in-Q or isolation methods. That's not to say I don't know some that are the exception since I do know of a few telcos that run PPPoE clients on the client PC and a handful that did get port isolation working but they are not the norm in the US. -- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
On 2/9/2011 3:50 PM, Scott Helms wrote:
The smaller telcos are almost universally doing NAT as well providers like Alltel, Centurytel, Frontier, Finepoint, as well as the smaller ILEC's simply don't do bridging on their CPE gear since they seldom had their DSLAMs set up to deal with Q-in-Q or isolation methods. That's not to say I don't know some that are the exception since I do know of a few telcos that run PPPoE clients on the client PC and a handful that did get port isolation working but they are not the norm in the US.
Yeah, but CPE NAT with uPNP and other protocols is a far cry from LSN. Don't get me wrong, I love the fact that over 90% of my network is bridged (even have some cpe's bridging 802.11 in, which really through the vendors for a loop, but they did it). However, LSN doesn't have a lot of the capabilities that CPEs have for dealing with NAT breakage. Jack
On 2/9/2011 3:50 PM, Scott Helms wrote:
On 2/9/2011 4:36 PM, Ken A wrote:
10/8 is the management network on my cable modem. The cable modem bridges your wan 'real' ip(s) through to your PC or router. At least that's how Suddenlink does it here. The customer is normally 'locked out' of the cable modem, unlike a dsl modem. The largest NATs are presumably w/mobile carriers. I've never been behind NAT (except one I controlled) on a consumer dsl or cable link in the US. Ken
Agreed on the cable side (DOCSIS at least) but most of the DSL systems I've seen are doing NAT on virtually all of the end user gear.
End user gear = gear I control.. so I can 'make it work', poke holes where needed, no worries, 64k ports, etc. I thought we were talking about CGNAT taking over the world due to v4 scarcity. Ken Bell
South, SBC, Verizon, and Pac Bell are all doing or in the recent past did most/all of their DSL installs this way. Bell South tried using a brouter (only one I've seen in the wild) that did PPPoE on the WAN side and then handed out the same address it was assigned via DHCP on the LAN interface, but it was problematic (imagine that) and they stopped using it some years before the AT&T purchase/merger.
The smaller telcos are almost universally doing NAT as well providers like Alltel, Centurytel, Frontier, Finepoint, as well as the smaller ILEC's simply don't do bridging on their CPE gear since they seldom had their DSLAMs set up to deal with Q-in-Q or isolation methods. That's not to say I don't know some that are the exception since I do know of a few telcos that run PPPoE clients on the client PC and a handful that did get port isolation working but they are not the norm in the US.
-- Ken Anderson Pacific Internet - http://www.pacific.net
Practically all broadband providers NAT their customers in the US. If you look at the largest ones which are probably Comcast, Verizon, and AT&T, you have the majority of US broadband subscribers right there.
You mean they provide CPE which does NAT? Or the CPE actually has a RFC1918 address on the WAN?
On Wed, Feb 9, 2011 at 3:50 PM, George Bonser <gbonser@seven.com> wrote:
I never thought it was that bad. In some 3G/wireless networks in Germany the providers use NAT and transparent HTTP-proxy. But this is only wireless. I'm not aware of any DSL or Cable provider NATing their customers.
Jens
Practically all broadband providers NAT their customers in the US. If you look at the largest ones which are probably Comcast, Verizon, and AT&T, you have the majority of US broadband subscribers right there.
Are you sure about that - I'm a comcast subscriber and see no signs that I am being natted? Thanks, -- Josh Smith KD8HRX email/jabber: juicewvu@gmail.com phone: 304.237.9369(c)
On Wed, Feb 9, 2011 at 4:18 PM, George Bonser <gbonser@seven.com> wrote:
Are you sure about that - I'm a comcast subscriber and see no signs that I am being natted?
Josh, maybe it is different in different markets. When I had Comcast, I was behind a NAT.
George, Perhaps I misunderstood you - I am not behind any sort of large scale NAT, however my CPE, self supplied router (actually an old sun blade 100 running openbsd) does provide nat for the other devices on my home LAN. Thanks, Josh Smith KD8HRX email/jabber: juicewvu@gmail.com phone: 304.237.9369(c)
On Feb 9, 2011, at 12:50 PM, George Bonser wrote:
I never thought it was that bad. In some 3G/wireless networks in Germany the providers use NAT and transparent HTTP-proxy. But this is only wireless. I'm not aware of any DSL or Cable provider NATing their customers.
Jens
Practically all broadband providers NAT their customers in the US. If you look at the largest ones which are probably Comcast, Verizon, and AT&T, you have the majority of US broadband subscribers right there.
No. Almost none of the broadband providers in the US NAT their customers. Most of them provide a single public IP address to their residential customers. Most broadband customers use their own NAT to extend that single public IP address from the provider to multiple addresses within the site. This is a very very different thing from LSN with a lot less breakage. Owen
Almost none of the broadband providers in the US NAT their customers.
Well, I suppose I have been unlucky then because every single one I have had has NATed me. I had a "real" IP when I had dialup, but I got NAT when I went broadband. I have a friend that has another service and she is NATed too. Boot up in her network and you get 192.168.1.x
Almost none of the broadband providers in the US NAT their
customers.
Well, I suppose I have been unlucky then because every single one I have had has NATed me. I had a "real" IP when I had dialup, but I got NAT when I went broadband. I have a friend that has another service and she is NATed too. Boot up in her network and you get 192.168.1.x
In other words, the broadband provider provides a single global IP to the "always up" CPE. That CPE does DHCP to user stations and hands out 1918 addresses and NATs them to the single global IP. I have had 3 broadband providers over the past 10 years, all three have done that. I have a friend on a fourth provider that also does that. I have yet to see a broadband provider that configures a network so that individual nodes in the home network get global IPs.
On 2/9/2011 5:47 PM, George Bonser wrote:
I have yet to see a broadband provider that configures a network so that individual nodes in the home network get global IPs. Bridge only CPE's given off this node.
1043 IP addresses handed out 1024 Unique interfaces Looks like customers aren't always big on more than 1 IP. :) Jack
On 2/9/2011 4:00 PM, Jack Bates wrote:
On 2/9/2011 5:47 PM, George Bonser wrote:
I have yet to see a broadband provider that configures a network so that individual nodes in the home network get global IPs. Bridge only CPE's given off this node.
1043 IP addresses handed out 1024 Unique interfaces
Looks like customers aren't always big on more than 1 IP. :)
Jack
And meanwhile Comcast has announced one /64-per-household service for IPv6... guess they didn't get the memo from Owen about how every class of home appliances will need its own subnet. Matthew Kaufman
On 2/9/2011 6:27 PM, Matthew Kaufman wrote:
And meanwhile Comcast has announced one /64-per-household service for IPv6... guess they didn't get the memo from Owen about how every class of home appliances will need its own subnet.
I wonder if their RIR justification was for /64 to household or /48. :) Jack
On Feb 9, 2011, at 4:27 PM, Matthew Kaufman wrote:
On 2/9/2011 4:00 PM, Jack Bates wrote:
On 2/9/2011 5:47 PM, George Bonser wrote:
I have yet to see a broadband provider that configures a network so that individual nodes in the home network get global IPs. Bridge only CPE's given off this node.
1043 IP addresses handed out 1024 Unique interfaces
Looks like customers aren't always big on more than 1 IP. :)
Jack
And meanwhile Comcast has announced one /64-per-household service for IPv6... guess they didn't get the memo from Owen about how every class of home appliances will need its own subnet.
Matthew Kaufman
Actually Comcast is willing to give out more than a /64 to a home, they're waiting for the CPE to catch up. I've had some very good discussions with John Brzozowski on the subject. While we don't see completely eye-to-eye on the matter, I think that Comcast is trying to do reasonably well by their customers in the IPv6 addressing realm. I expect that they will eventually come around to giving out /48s, but, for now they seem to feel they need to see the use case develop before they deploy it. It's not ideal in my opinion, but, it's much better than it could be. FWIW, Comcast is transporting the /48 from my home nicely, even if they don't know they're doing it. Owen
On Wed, Feb 09, 2011 at 04:42:01PM -0800, Owen DeLong wrote:
Actually Comcast is willing to give out more than a /64 to a home, they're waiting for the CPE to catch up.
Catch up to what? Are there dualstack CPE routers out there only able to handle /64 prefix delegation?
I expect that they will eventually come around to giving out /48s, but, for now they seem to feel they need to see the use case develop before they deploy it.
Well-known (in Germany) CPE router vendor AVM supports running WiFi in either bridged or routed mode. In routed mode, LAN ports get the first /64 from the DHCPv6-PD delegated prefix, and the WiFi domain gets the second /64. Et voila, there is the first use case. ;-) This is also why their 6RD implementation doesn't accept anything less than a /63. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
On 02/09/2011 07:27 PM, Matthew Kaufman wrote:
And meanwhile Comcast has announced one /64-per-household service for IPv6... guess they didn't get the memo from Owen about how every class of home appliances will need its own subnet.
Huh? I don't think Comcast has stated what their plans on household allocation is. I merely noted (in response to a bogus claim that they'd be allocating *less* than a /64, that the current allocation in their 6rd trial, as observed by me, is a /64. - Jim
In message <5A6D953473350C4B9995546AFE9939EE0BC139A0@RWC-EX1.corp.seven.com>, " George Bonser" writes:
=20
Almost none of the broadband providers in the US NAT their customers. =20 Well, I suppose I have been unlucky then because every single one I have had has NATed me. I had a "real" IP when I had dialup, but I got NAT when I went broadband. I have a friend that has another service and she is NATed too. Boot up in her network and you get 192.168.1.x
In other words, the broadband provider provides a single global IP to the "always up" CPE. That CPE does DHCP to user stations and hands out 1918 addresses and NATs them to the single global IP.
I have had 3 broadband providers over the past 10 years, all three have done that. I have a friend on a fourth provider that also does that.
I have yet to see a broadband provider that configures a network so that individual nodes in the home network get global IPs.
It's only because they delivered the service using a integrated modem/router to save the customer buying a seperate NAT box. I suspect that you could request a actual modem and connect you own equipment to if you want if you don't like the box they supplied. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Wed, Feb 9, 2011 at 6:11 PM, Fred Richards <fredr@geexology.org> wrote:
On Wed, Feb 9, 2011 at 6:47 PM, George Bonser <gbonser@seven.com> wrote:
I have yet to see a broadband provider that configures a network so that individual nodes in the home network get global IPs.
One huge reason to adopt ipv6.
Any of the ones I've used at home do provide global IPv4s to the home networks. I'm kinda selective, though. -- -george william herbert george.herbert@gmail.com
On 2/10/2011 3:19 PM, George Herbert wrote:
On Wed, Feb 9, 2011 at 6:11 PM, Fred Richards<fredr@geexology.org> wrote:
On Wed, Feb 9, 2011 at 6:47 PM, George Bonser<gbonser@seven.com> wrote:
I have yet to see a broadband provider that configures a network so that individual nodes in the home network get global IPs.
One huge reason to adopt ipv6.
Maybe Roku will add the "ipv6 tunnel endpoint channel" next? Seems like an opportunity? Ken
Any of the ones I've used at home do provide global IPv4s to the home networks.
I'm kinda selective, though.
-- Ken Anderson Pacific Internet - http://www.pacific.net
I have yet to see a broadband provider that configures a network so that individual nodes in the home network get global IPs.
On the residential properties that $EMPLOYER provides triple play to, the nodes behind each CPE can maintain up to 5 leases. And there are a few homes that actually use them - mostly homes that have webcams on them. But most homes go the overloaded NAT route and just translate different ports to different RFC1918 addresses... But at least in theory, what you're saying you haven't seen, is done up to some limit already at some ISPs. Nathan
On Wed, 09 Feb 2011 18:47:34 -0500, George Bonser <gbonser@seven.com> wrote:
In other words, the broadband provider provides a single global IP to the "always up" CPE. That CPE does DHCP to user stations and hands out 1918 addresses and NATs them to the single global IP.
Correct. The distinction you seem unware of (or unwilling to accept) is that the ISP did not assign you a private address. Your CPE did. The ISP gave you a single public IPv4 address. With the notable exception of Uverse, you can put that address on any device you want. But you only have the one public address, so you'll have to resort to NAT inside your network to support more than one machine. (DSL and cable modems can be set to pure bridged mode, thus turning off their routing/NAT engine. You cannot do that with Uverse due to their authentication method.) This is *very* different from the ISP doing the NAT... one device doing NAT for thousands of customers, vs. a device in the customer's hands doing the NAT.
I have yet to see a broadband provider that configures a network so that individual nodes in the home network get global IPs.
Open your eyes. Many cable networks will sell you access to more than one address -- TW (RR) has done this for over a decade. AT&T Uverse will provide a /29 for free. --Ricky
On Wed, 09 Feb 2011 18:47:34 -0500, George Bonser <gbonser@seven.com> wrote:
In other words, the broadband provider provides a single global IP
to
the "always up" CPE. That CPE does DHCP to user stations and hands out 1918 addresses and NATs them to the single global IP.
Correct. The distinction you seem unware of (or unwilling to accept) is that the ISP did not assign you a private address. Your CPE did. The ISP gave you a single public IPv4 address. --Ricky
My comment was addressed to a poster from Europe who seemed surprised that there were home users behind a NAT at all.
"George Bonser" <gbonser@seven.com> writes:
In other words, the broadband provider provides a single global IP to the "always up" CPE. That CPE does DHCP to user stations and hands out 1918 addresses and NATs them to the single global IP.
Ah there is the misunderstanding. Same her in good old Europe. If you pay for it you'll get more than one public IP. I though you were talking about the CPE getting an RFC1918 address and than hand out RFC1918 addresses to the inside as well and (maybe) another instance of NAT along the way. Well yes, there are providers which are already doing this. Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@guug.de | ------------------- | -------------------------------------------------------------------------
On 02/09/2011 03:47 PM, George Bonser wrote:
I have yet to see a broadband provider that configures a network so that individual nodes in the home network get global IPs.
The big providers probably categorise a static IP in their "enterprise/business" offerings. But both my provider here (Cruzio) as well as xs4all back in the Netherlands provide a static IP with configurable rDNS. For no fee or a minimal fee. I guess it depends more on which type of provider you choose and their lousy el cheapo offerings. There are more providers than comcast, verizon and at&t. And I bet the majority of them are more knowledgeable (and less likely to do nasty things with your traffic). Regards, Jeroen -- http://goldmark.org/jeff/stupid-disclaimers/ http://linuxmafia.com/~rick/faq/plural-of-virus.html
George Bonser wrote:
I have yet to see a broadband provider that configures a network so that individual nodes in the home network get global IPs.
When I switched to ADSL I'm pretty sure I was offered the choice of a single public IP address on the outside of my router, or a /29 public range for my home network (and presumably also a public address for the external interface of my router). I chose the former and don't regret having done so. I can do a mixture of static and dynamic NAT to allow things from the outside into particular internal hosts if I want do. This was in 2005, and I can very well believe this choice was not available some time later.
When I switched to ADSL I'm pretty sure I was offered the choice of a single public IP address on the outside of my router, or a /29 public range for my home network (and presumably also a public address for
the
external interface of my router). I chose the former and don't regret having done so. I can do a mixture of static and dynamic NAT to allow things from the outside into particular internal hosts if I want do.
This was in 2005, and I can very well believe this choice was not available some time later.
I had a similar setup at one time, I believe it was from Speakeasy but I can't remember, might have been a Covad beta with another provider that my late wife was working for when ADSL was brand new. Not saying it can't be or isn't done; just that for the vast majority (probably something like 90% or more) it isn't. George
On Sat, 12 Feb 2011 09:02:32 GMT, Adam Atkinson said:
When I switched to ADSL I'm pretty sure I was offered the choice of a single public IP address on the outside of my router, or a /29 public range for my home network (and presumably also a public address for the external interface of my router). I chose the former and don't regret having done so. I can do a mixture of static and dynamic NAT to allow things from the outside into particular internal hosts if I want do.
This was in 2005, and I can very well believe this choice was not available some time later.
It's more a business question. If you're an ADSL provider, you probably want to save "multiple public IP" as a feature so you can upsell customers to "business class". There's little business case for doing it by default for Joe Sixpack (especially in a world where public IP's are getting scarce). Fortunately, in IPv6 the bit boundaries have moved, so there's no scarcity issue and "give everybody a /48 (or at least a /56)" is a no-brainer.
On 2/9/11 3:43 PM, George Bonser wrote:
Almost none of the broadband providers in the US NAT their customers.
Well, I suppose I have been unlucky then because every single one I have had has NATed me. I had a "real" IP when I had dialup, but I got NAT when I went broadband. I have a friend that has another service and she is NATed too. Boot up in her network and you get 192.168.1.x
The the cpe... In all likelihood it has a public ip on the outside.
On Feb 9, 2011, at 6:21 PM, Owen DeLong wrote:
On Feb 9, 2011, at 12:50 PM, George Bonser wrote:
I never thought it was that bad. In some 3G/wireless networks in Germany the providers use NAT and transparent HTTP-proxy. But this is only wireless. I'm not aware of any DSL or Cable provider NATing their customers.
Jens
Practically all broadband providers NAT their customers in the US. If you look at the largest ones which are probably Comcast, Verizon, and AT&T, you have the majority of US broadband subscribers right there.
No.
Almost none of the broadband providers in the US NAT their customers.
Most of them provide a single public IP address to their residential customers.
Most broadband customers use their own NAT to extend that single public IP address from the provider to multiple addresses within the site.
This is a very very different thing from LSN with a lot less breakage.
Owen This maybe true of all the big boys but I can tell you that rural telcos providing internet connectivity (personal experience in Northern MN) do and heavily. They may run fiber to the house but they do LSN big time. Tom
Jens Link wrote:
I never thought it was that bad. In some 3G/wireless networks in Germany the providers use NAT and transparent HTTP-proxy. But this is only wireless. I'm not aware of any DSL or Cable provider NATing their customers.
I guess in the early days of DSL and Cable internet this was more common (until clue sinked in). I know xs4all in the Netherlands used some NAT flavour or another. Although come to think of it, it was probably the telco (KPN) who did that and the ISP just had to abide. They quickly got rid of that whole idea. It's a strange idea that the telco provides NAT'ing on DSL but I am pretty sure it was that way for a while. KPN since bought xs4all, but that's another story. -- http://goldmark.org/jeff/stupid-disclaimers/ http://linuxmafia.com/~rick/faq/plural-of-virus.html
In message <5A6D953473350C4B9995546AFE9939EE0BC1397D@RWC-EX1.corp.seven.com>, " George Bonser" writes:
Cost's might be lower but service will be worse. NAT breaks a lot of applications file sharing will not work properly and running your own web server at home will not work properly. Well you always get what you pay for and people will buy any crap if it is cheap enough. =20 Jens
While that is true, it is no worse than the situation right now. In the US, the vast majority of users are already behind a NAT (I would say over 90% of them are) so they are already experiencing this breakage. =20
But for the most part they can work around breakages with a single NAT. Double NAT prevents most of the work arounds working. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Thu, Feb 10, 2011 at 11:07:26AM +1100, Mark Andrews wrote:
Double NAT prevents most of the work arounds working.
And quite important for residential ISPs of some size: have fun teaching your call centers diagnosing double-NAT failure modes. NAT444 is a hell I don't want to visit really. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Daniel Roesen <dr@cluenet.de> writes:
And quite important for residential ISPs of some size: have fun teaching your call centers diagnosing double-NAT failure modes.
NAT444 is a hell I don't want to visit really.
No it's great! It's secure! It's easy to implement! It's the only way to do it right! Till the end of the month I'm working for a rather large enterprise customer and they use NAT, NAT NAT, NAT NAT NAT, and even even NAT NAT NAT NAT connections for their VPN. They claim that it's easy. I think it isn't and I relay need to get drunk after troubleshooting such a problem. So I must be stupid, because NAT is so *easy*. On the other hand, when you tell them about IPv6 they say it's to complicated and that they don't need it. Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@guug.de | ------------------- | -------------------------------------------------------------------------
On 2/9/2011 1:21 PM, Scott Helms wrote:
IPv6 for some ISPs will be extraordinarily painful because of legacy layer 2 gear (usually DSLAMs that drop any frame with IPv6 in the EtherType field), inability to upgrade customer gear efficiently (again mainly a DSL problem where TR-069 isn't in use), and the requirement to replace PPPoE/oA termination gear (like Redback SMSs) means that a small telco (say 3000 DSL lines) could be facing a multi-million dollar expense to enable IPv6 for customers.
Oh, that's not the WORST of it. ... 3+ years ago ... IPv6 is coming. All gear needs to support it. Here are the basic models of security from the router that we can use and pros and cons for each. You do NOT want DSLAMs which enforce their own security. ... each year after ... *repeat* ... 1 year ago ... Engineer: I disapprove of that DSLAM. It has IPv4 security measures you can't disable (PPPoE and DHCP security! Wow!), doesn't support enough q-in-q support to use an isolation model, and doesn't have IPv6 support itself to make up for what it breaks. Telco: Well, we're buying millions of dollars worth, so we'll just have to make it work. Vendor says it'll be IPv6 ready later this year. ... 1 year later .... Telco: Why did we do this? They say it will be ready later this year. The problems we've had with this vendor have been awful. We should have used someone else. Engineer: No worries. I'm sure they'll get the support ready for you in time. I'll have my side sitting here waiting on them or worst case you'll spend some money to work around/replace them. *snickers* Jack
On Wed, 9 Feb 2011, Scott Helms wrote:
For ISPs in this circumstance the choice will be CGNAT rather than IPv6 for a number of years because the cost is much lower and according to the vendors selling CGNAT solutions the impact to end users is (almost) unnoticeable.
Anyone care to define CGNAT? Google results for this are either unrelated or "CGNAT will save us" or "CGNAT doesnt count" - no rfcs, no explainations, nothing.... -- david raistrick http://www.netmeister.org/news/learn2quote.html drais@icantclick.org http://www.expita.com/nomime.html
On 2/9/2011 1:58 PM, david raistrick wrote:
Anyone care to define CGNAT? Google results for this are either unrelated or "CGNAT will save us" or "CGNAT doesnt count" - no rfcs, no explainations, nothing....
CGNAT, CGN (carrier grade nat, technically a marketing term), LSN (large scale NAT), NAT44[4..].... Jack
Try looking for the expanded terms: Large Scale NAT Carrier Grade NAT NAT444 Owen On Feb 9, 2011, at 11:58 AM, david raistrick wrote:
On Wed, 9 Feb 2011, Scott Helms wrote:
For ISPs in this circumstance the choice will be CGNAT rather than IPv6 for a number of years because the cost is much lower and according to the vendors selling CGNAT solutions the impact to end users is (almost) unnoticeable.
Anyone care to define CGNAT? Google results for this are either unrelated or "CGNAT will save us" or "CGNAT doesnt count" - no rfcs, no explainations, nothing....
-- david raistrick http://www.netmeister.org/news/learn2quote.html drais@icantclick.org http://www.expita.com/nomime.html
On 9 feb 2011, at 20:21, Scott Helms wrote:
IPv6 for some ISPs will be extraordinarily painful because of legacy layer 2 gear (usually DSLAMs that drop any frame with IPv6 in the EtherType field), inability to upgrade customer gear efficiently
[...]
For ISPs in this circumstance the choice will be CGNAT rather than IPv6 for a number of years because the cost is much lower and according to the vendors selling CGNAT solutions the impact to end users is (almost) unnoticeable.
The good thing is that as an ISP, you don't have to give everyone the same thing. For the content people, it's either an AAAA record in the DNS or no AAAA record in the DNS. But as an ISP, you can keep your existing customers on existing IPv4 using existing hardware, while you roll out CGNAT + IPv6 for new customers using new gear. (Yes, that's still going to be annoying, but annoying in the sort of "I wish I didn't have to but I guess I do" kind of way rather than the "this will bankrupt the company" kind of way.) As long as your "legacy" users have an IPv4 address they can always use tunneling to get IPv6 (you may want to set up a tunnel termination box for this) if they need IPv6. But they won't really _need_ IPv6 (at least not very soon) because they can set up port mappings etc and everything they need can work over IPv4. For the new users, there are no port mappings behind the CGNAT so they do need IPv6 for hosting services and for VoIP and peer-to-peer file sharing. They also can't get a protocol 41 tunnel so you, their ISP, has to provide them with IPv6. But just CGNAT with no IPv6 is going to be very bad. Maybe 95% of your users won't notice, but do you really want the other 5% to tie up your support lines?
On 2/9/2011 2:17 PM, Iljitsch van Beijnum wrote:
But just CGNAT with no IPv6 is going to be very bad. Maybe 95% of your users won't notice, but do you really want the other 5% to tie up your support lines?
Yes, as that will cause them to produce an IPv6 product for those customers (even if it's a specialized CPE they ship to those 5% that does a tunnel back to an ISP server which connects to native IPv6). You must have demand and pressure to push companies to spend money. Helpdesk calls count. Let the phones ring. The suits will listen then. Jack
Scott Helms <khelms@ispalliance.net> writes:
IPv6 for some ISPs will be extraordinarily painful because of legacy layer 2 gear (usually DSLAMs that drop any frame with IPv6 in the EtherType field), inability to upgrade customer gear efficiently (again mainly a DSL problem where TR-069 isn't in use), and the requirement to replace PPPoE/oA termination gear (like Redback SMSs) means that a small telco (say 3000 DSL lines) could be facing a multi-million dollar expense to enable IPv6 for customers.
For ISPs in this circumstance the choice will be CGNAT rather than IPv6
Or 6rd and go native on their permanent prefix as the forklift upgrade schedule allows. Oh well, it's better than nothing or Crummier Grade NAT. -r
In message <4D532AEA.2090505@brightok.net>, Jack Bates writes:
On 2/9/2011 5:56 PM, Robert E. Seastrom wrote:
Or 6rd and go native on their permanent prefix as the forklift upgrade schedule allows. Oh well, it's better than nothing or Crummier Grade NAT.
ds-lite tends to be friendlier LSN from various tests, and is native v6.
Jack
DS-Lite over 6rd using RFC 1918 / multi-use ISP assigned block (I'd love to be able to say class E here) provides a single NAT translation for IPv4 and public IPv6. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Mark Andrews <marka@isc.org> writes:
DS-Lite over 6rd using RFC 1918 / multi-use ISP assigned block (I'd love to be able to say class E here) provides a single NAT translation for IPv4 and public IPv6.
Okay, it's 10:15 in the morning and I really want a drink know. ;-) Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@guug.de | ------------------- | -------------------------------------------------------------------------
Jens Link <lists@quux.de> writes:
Okay, it's 10:15 in the morning and I really want a drink know. ;-)
s/know/now/ I think I'll need more coffee. Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@guug.de | ------------------- | -------------------------------------------------------------------------
On Feb 9, 2011, at 6:01 PM, Jack Bates wrote:
On 2/9/2011 5:56 PM, Robert E. Seastrom wrote:
Or 6rd and go native on their permanent prefix as the forklift upgrade schedule allows. Oh well, it's better than nothing or Crummier Grade NAT.
ds-lite tends to be friendlier LSN from various tests, and is native v6.
DS-lite is still CGN. You may be thinking of the comparison versus NAT444 described in draft-donley-nat444-impacts (https://datatracker.ietf.org/doc/draft-donley-nat444-impacts/). But you should read the criticisms of that draft on the BEHAVE mailing list, http://www.ietf.org/mail-archive/web/behave/current/msg09027.html and http://www.ietf.org/mail-archive/web/behave/current/msg09030.html. Cheers, -Benson
On Feb 10, 2011, at 9:53 AM, Jack Bates wrote:
On 2/10/2011 8:36 AM, Benson Schliesser wrote:
DS-lite is still CGN.
It is still LSN, but it is not NAT444, and the failure rate reduces because of that. Also, DS-Lite guarantees that you have IPv6 connectivity. NAT444 makes no such assertion.
DS-lite *uses* IPv6 connectivity, it doesn't provide it. That's like saying 6rd or 6to4 "guarantees you have IPv4 connectivity". As for NAT444 (or double-NAT): One could just as easily deploy DS-lite with a NAT444 configuration. Or deploy CGN without NAT444 (e.g. CGN44, by managing subnets delegated to each subscriber). The two topics are related but separate. In terms of CGN44 versus NAT444, I'd like to see evidence of something that breaks in NAT444 but not CGN44. People seem to have a gut expectation that this is the case, and I'm open to the possibility. But testing aimed at demonstrating that breakage hasn't been very scientific, as discussed in the URLs I posted with my previous message. Cheers, -Benson
On 2/10/2011 10:05 AM, Benson Schliesser wrote:
DS-lite *uses* IPv6 connectivity, it doesn't provide it. That's like saying 6rd or 6to4 "guarantees you have IPv4 connectivity".
Who in their right mind would feed IPv6 to a CPE, deploy a CPE that supports DS-Lite, and NOT give out prefixes?
In terms of CGN44 versus NAT444, I'd like to see evidence of something that breaks in NAT444 but not CGN44. People seem to have a gut expectation that this is the case, and I'm open to the possibility. But testing aimed at demonstrating that breakage hasn't been very scientific, as discussed in the URLs I posted with my previous message.
To even determine your public IP address, you must ask someone on the other side of the NAT, this applies also when you are doing udp hole punches. So what happens when you try and talk to you neighbor? Who's going to tell you what you need to know between your NAT and the providers NAT? This is one way that NAT444 breaks more than NAT44 (even in LSN configurations) And yes, I find that neighbors do like to play with one another, and most LSNs don't support hair pinning translations between customers (most NAT in general won't support that). Jack
On Feb 10, 2011, at 8:05 AM, Benson Schliesser wrote:
On Feb 10, 2011, at 9:53 AM, Jack Bates wrote:
On 2/10/2011 8:36 AM, Benson Schliesser wrote:
DS-lite is still CGN.
It is still LSN, but it is not NAT444, and the failure rate reduces because of that. Also, DS-Lite guarantees that you have IPv6 connectivity. NAT444 makes no such assertion.
DS-lite *uses* IPv6 connectivity, it doesn't provide it. That's like saying 6rd or 6to4 "guarantees you have IPv4 connectivity".
As for NAT444 (or double-NAT): One could just as easily deploy DS-lite with a NAT444 configuration. Or deploy CGN without NAT444 (e.g. CGN44, by managing subnets delegated to each subscriber). The two topics are related but separate.
I think that at the point where you go to NAT444 instead of tunneling the IPv4, it's Dual-Stack, but, not Dual-Stack-Lite.
In terms of CGN44 versus NAT444, I'd like to see evidence of something that breaks in NAT444 but not CGN44. People seem to have a gut expectation that this is the case, and I'm open to the possibility. But testing aimed at demonstrating that breakage hasn't been very scientific, as discussed in the URLs I posted with my previous message.
Technologies which depend on a rendezvous host that can know about both sides of both NATs in a private->public->private scenario will break in a private->private2->public->private2->private scenario. There are technologies and applications which depend on this. (I believe, among others, that's how many of the p2p systems work, no?) Owen
On Feb 10, 2011, at 2:58 PM, Owen DeLong wrote:
In terms of CGN44 versus NAT444, I'd like to see evidence of something that breaks in NAT444 but not CGN44. People seem to have a gut expectation that this is the case, and I'm open to the possibility. But testing aimed at demonstrating that breakage hasn't been very scientific, as discussed in the URLs I posted with my previous message.
Technologies which depend on a rendezvous host that can know about both sides of both NATs in a private->public->private scenario will break in a private->private2->public->private2->private scenario. There are technologies and applications which depend on this. (I believe, among others, that's how many of the p2p systems work, no?)
This is an oft-repeated rumor, but as I stated in my recent message: the evidence doesn't support the theory. NAT traversal architectures that leverage "public" rendezvous such as STUN, etc, should continue to work and testing demonstrates this. The tiering of NAT does mean that "neighborhood-local" traffic must traverse the CGN, which is sub-optimal but not broken. Dynamic control protocols like UPNP are the only source of problems I'm aware of. Frequently, the solution for a given app is as simple as turning off UPNP. But in the near future, PCP will replace and/or augment UPNP and is more scalable. If you have more experience (not including rumors) that suggests otherwise, I'd very much like to hear about it. I'm open to the possibility that NAT444 breaks stuff - that feels right in my gut - but I haven't found any valid evidence of this. Regardless, I think we can agree that IPv6 is the way to avoid NAT-related growing pains. We've known this for a long time. Cheers, -Benson
On Thu, Feb 10, 2011 at 14:17, Benson Schliesser <bensons@queuefull.net> wrote:
If you have more experience (not including rumors) that suggests otherwise, I'd very much like to hear about it. I'm open to the possibility that NAT444 breaks stuff - that feels right in my gut - but I haven't found any valid evidence of this.
In case you have not already found this: http://tools.ietf.org/html/draft-donley-nat444-impacts-01 Cheers, ~Chris
Regardless, I think we can agree that IPv6 is the way to avoid NAT-related growing pains. We've known this for a long time.
Cheers, -Benson
_______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact info@arin.net if you experience any issues.
-- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.theIPv6experts.net www.coisoc.org
-----Original Message----- From: arin-ppml-bounces@arin.net [mailto:arin-ppml-bounces@arin.net] On Behalf Of Chris Grundemann Sent: Thursday, February 17, 2011 5:55 PM To: Benson Schliesser Cc: NANOG list; ARIN-PPML List Subject: Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6 naysayer...)
On Thu, Feb 10, 2011 at 14:17, Benson Schliesser <bensons@queuefull.net> wrote:
If you have more experience (not including rumors) that suggests otherwise, I'd very much like to hear about it. I'm open to the possibility that NAT444 breaks stuff - that feels right in my gut - but I haven't found any valid evidence of this.
In case you have not already found this: http://tools.ietf.org/html/draft-donley-nat444-impacts-01
That document conflates problems of NAT444 with problems of NAT44 with problems of bandwidth starvation with problems of CGN. For details, see my comments at http://www.ietf.org/mail-archive/web/behave/current/msg09027.html and see Reinaldo Penno's comments at http://www.ietf.org/mail-archive/web/behave/current/msg09030.html -d
Cheers, ~Chris
Regardless, I think we can agree that IPv6 is the way to avoid NAT-
related growing pains. We've known this for a long time.
Cheers, -Benson
_______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact info@arin.net if you experience any issues.
-- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.theIPv6experts.net www.coisoc.org _______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact info@arin.net if you experience any issues.
On Feb 21, 2011, at 12:37 PM, Dan Wing wrote:
-----Original Message----- From: arin-ppml-bounces@arin.net [mailto:arin-ppml-bounces@arin.net] On Behalf Of Chris Grundemann Sent: Thursday, February 17, 2011 5:55 PM To: Benson Schliesser Cc: NANOG list; ARIN-PPML List Subject: Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6 naysayer...)
On Thu, Feb 10, 2011 at 14:17, Benson Schliesser <bensons@queuefull.net> wrote:
If you have more experience (not including rumors) that suggests otherwise, I'd very much like to hear about it. I'm open to the possibility that NAT444 breaks stuff - that feels right in my gut - but I haven't found any valid evidence of this.
In case you have not already found this: http://tools.ietf.org/html/draft-donley-nat444-impacts-01
That document conflates problems of NAT444 with problems of NAT44 with problems of bandwidth starvation with problems of CGN.
For details, see my comments at http://www.ietf.org/mail-archive/web/behave/current/msg09027.html and see Reinaldo Penno's comments at http://www.ietf.org/mail-archive/web/behave/current/msg09030.html
-d
The document describes problems that will exist in NAT444 environments. It does not state that these problems would be specific to NAT444, but, NAT444 will cause or exacerbate each of the problems described. Yes, the problems may have other underlying root causes, but, they will all be present in a NAT444 environment, even if they were not present in the same environment prior to deployment of NAT444. Let me put it this way... IPv4 has a TITANIC lack of numeric addresses and has been stretched beyond its limits for some time now. IPv6 is a life boat. NAT is a seat cushion used for floatation. NAT444 (and other NAT-based extensions) are deck chairs. Attempting to improve them beyond their current states is an effort to rearrange the deck chairs. Owen
-----Original Message----- From: Owen DeLong [mailto:owen@delong.com] Sent: Monday, February 21, 2011 12:59 PM To: Dan Wing Cc: 'Chris Grundemann'; 'Benson Schliesser'; 'NANOG list'; 'ARIN-PPML List' Subject: Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6 naysayer...)
On Feb 21, 2011, at 12:37 PM, Dan Wing wrote:
-----Original Message----- From: arin-ppml-bounces@arin.net [mailto:arin-ppml-bounces@arin.net] On Behalf Of Chris Grundemann Sent: Thursday, February 17, 2011 5:55 PM To: Benson Schliesser Cc: NANOG list; ARIN-PPML List Subject: Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6 naysayer...)
On Thu, Feb 10, 2011 at 14:17, Benson Schliesser <bensons@queuefull.net> wrote:
If you have more experience (not including rumors) that suggests otherwise, I'd very much like to hear about it. I'm open to the possibility that NAT444 breaks stuff - that feels right in my gut - but I haven't found any valid evidence of this.
In case you have not already found this: http://tools.ietf.org/html/draft-donley-nat444-impacts-01
That document conflates problems of NAT444 with problems of NAT44 with problems of bandwidth starvation with problems of CGN.
For details, see my comments at http://www.ietf.org/mail-archive/web/behave/current/msg09027.html and see Reinaldo Penno's comments at http://www.ietf.org/mail-archive/web/behave/current/msg09030.html
-d
The document describes problems that will exist in NAT444 environments. It does not state that these problems would be specific to NAT444, but, NAT444 will cause or exacerbate each of the problems described.
To the contrary. Its title, filename, abstract, and introduction all say the problems are specific to NAT444. Which is untrue.
Yes, the problems may have other underlying root causes, but, they will all be present in a NAT444 environment, even if they were not present in the same environment prior to deployment of NAT444.
Let me put it this way...
IPv4 has a TITANIC lack of numeric addresses and has been stretched beyond its limits for some time now.
IPv6 is a life boat.
NAT is a seat cushion used for floatation.
NAT444 (and other NAT-based extensions) are deck chairs.
Attempting to improve them beyond their current states is an effort to rearrange the deck chairs.
-d
On Mon, Feb 21, 2011 at 19:08, Dan Wing <dwing@cisco.com> wrote:
Its title, filename, abstract, and introduction all say the problems are specific to NAT444. Which is untrue.
I just re-read the filename, abstract and introduction, and I disagree that any of those say that the problems are specific to NAT444. They all do state that these problems are present in NAT444, but not that it's the only technology/scenario/configuration where you might find them. More importantly, I am unsure the point of this argument. Are you trying to say that the items listed as broken in the draft are not actually broken? Because in my experience they are. IMHO, the fact that they are also broken in other (similar) scenarios is not evidence that they are not broken in this one. On the contrary, this scenario seems to be evidence to the brokenness in the others (until we get a chance to test and document them all - are you volunteering? ;). Cheers, ~Chris
-d
-- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.theIPv6experts.net www.coisoc.org
On Feb 21, 2011, at 10:16 PM, Chris Grundemann wrote:
On Mon, Feb 21, 2011 at 19:08, Dan Wing <dwing@cisco.com> wrote:
Its title, filename, abstract, and introduction all say the problems are specific to NAT444. Which is untrue.
I just re-read the filename, abstract and introduction, and I disagree that any of those say that the problems are specific to NAT444. They all do state that these problems are present in NAT444, but not that it's the only technology/scenario/configuration where you might find them.
Let's at least agree that the text isn't precise. I've had a large number of conversations in which relatively intelligent people advocated other (non-NAT444) scenarios involving CGN, built on the premise that NAT444 is broken and draft-donley-nat444-impacts is evidence. Either the draft is perfectly clear and all of these people are stupid, or the draft is misleading (intentionally or unintentionally).
More importantly, I am unsure the point of this argument. Are you trying to say that the items listed as broken in the draft are not actually broken? Because in my experience they are. IMHO, the fact that they are also broken in other (similar) scenarios is not evidence that they are not broken in this one. On the contrary, this scenario seems to be evidence to the brokenness in the others (until we get a chance to test and document them all - are you volunteering? ;).
There seems to be a position, taken by others on these lists, that IPv6 is the only address family that matters. Interestingly, this position seems to be most pronounced from people not involved in operating production networks. But, regardless, if I were to accept this position then I might also agree that it doesn't matter whether or not draft-donley-nat444-impacts is misleading. On the contrary: While I emphatically agree that IPv6 is the path forward, I don't accept the notion that IPv4 no longer matters. IPv4 is the present-day Internet, and IPv4 connectivity is demanded by present-day paying customers - you don't burn the bridge until *after* you've crossed it. Further, given that IPv4 does matter yet has an exhausted address supply, there exists a need for IPv4 address sharing technology. Fundamentally, this means that we need to discuss and engineer the best possible address sharing technology. It may never be as good as native end-to-end IPv6, but sub-optimal is not the same thing as "broken" as others have claimed, and sub-optimal might be acceptable if it's the only alternative. Of course, we can also rely on an IPv4 address market to avoid NAT in the more sensitive situations (i.e. situations with more sensitive users). But that's a different conversation. Cheers, -Benson
[ arin cesspool removed from cc: as i can not post there anyway ]
There seems to be a position, taken by others on these lists, that IPv6 is the only address family that matters. Interestingly, this position seems to be most pronounced from people not involved in operating production networks.
excuse me! randy
On Feb 22, 2011, at 3:14 AM, Randy Bush wrote:
There seems to be a position, taken by others on these lists, that IPv6 is the only address family that matters. Interestingly, this position seems to be most pronounced from people not involved in operating production networks.
excuse me!
Hi, Randy. I didn't mean to deny you exist; you apparently do. ;) But in my sampling, operators with the opinion that 'IPv4 doesn't matter' represent the minority. Of course, it also depends on how you define "doesn't matter". I think that ongoing operation matters, especially when "ongoing" means a continued expectation of both existing and new customers. It's easy to say, "burn the IPv4 bridge" so we're forced to migrate to IPv6. But it's another thing to actually do it, when you're competing for customers that want IPv4 connectivity. That said, we're not forced to choose only one: IPv4 vs. IPv6. We should migrate to IPv6 because it makes sense - IPv4 is going to become more expensive and painful (to use and support). That doesn't preclude us from patching IPv4 together long enough to cross the bridge first. Thoughts? Cheers, -Benson
Benson Schliesser wrote:
On Feb 22, 2011, at 3:14 AM, Randy Bush wrote:
There seems to be a position, taken by others on these lists, that IPv6 is the only address family that matters. Interestingly, this position seems to be most pronounced from people not involved in operating production networks.
excuse me!
Hi, Randy. I didn't mean to deny you exist; you apparently do. ;) But in my sampling, operators with the opinion that 'IPv4 doesn't matter' represent the minority. Of course, it also depends on how you define "doesn't matter". I think that ongoing operation matters, especially when "ongoing" means a continued expectation of both existing and new customers. It's easy to say, "burn the IPv4 bridge" so we're forced to migrate to IPv6. But it's another thing to actually do it, when you're competing for customers that want IPv4 connectivity.
That said, we're not forced to choose only one: IPv4 vs. IPv6. We should migrate to IPv6 because it makes sense - IPv4 is going to become more expensive and painful (to use and support). That doesn't preclude us from patching IPv4 together long enough to cross the bridge first.
Thoughts?
The patching started in 1994 with RFC 1627.... how much time is needed??? Seriously, some people will not move until the path they are on is already burning, which is why they did nothing over the last 5 years despite knowing that the IANA pool was exhausting much faster than they had wanted to believe. It took getting within months of exhausting the IANA pool before the crowd woke up and noticed the path was on fire. Now you want 'just a little more'... after which it will be 'just a little more'. Fortunately Randy and a few others took action and demonstrated that 'this is not hard', it just takes some effort. Pouring more effort into hack upon hack is not making progress, it is stalling for the sake of stalling. Consumers don't want IPv4, they want connectivity to their favorite content. Hacks in the network to make that content appear to be available will be expensive to maintain, and irrelevant as soon as the content has realized the mess that has been made between them and their customers. More energy into moving content and apps will result in less energy wasted in deploying short lived hacks. Tony
Cheers, -Benson
On Feb 22, 2011, at 4:42 PM, Tony Hain wrote:
Seriously, some people will not move until the path they are on is already burning, which is why they did nothing over the last 5 years despite knowing that the IANA pool was exhausting much faster than they had wanted to believe. It took getting within months of exhausting the IANA pool before the crowd woke up and noticed the path was on fire. Now you want 'just a little more'... after which it will be 'just a little more'.
This won't go on forever. The "price" of IPv4 has been kept artificially low for the past decade, through a RIR-based system of rationing. There was never an immediate incentive to migrate. If we really wanted to motivate people before they reached the precipice, we should have increasingly raised the cost of an IPv4 address. Now, IPv4 exhaustion has effectively raised that cost for us, and people are motivated to migrate to IPv6. But since we didn't force this situation sooner, we now also have to deal with the effects of exhaustion. That's all I'm talking about. IPv4 hacks will not be better or cheaper than IPv6, and they're nothing to fear in terms of IPv6 adoption. Cheers, -Benson
On Feb 22, 2011, at 1:36 PM, Benson Schliesser wrote:
On Feb 22, 2011, at 3:14 AM, Randy Bush wrote:
There seems to be a position, taken by others on these lists, that IPv6 is the only address family that matters. Interestingly, this position seems to be most pronounced from people not involved in operating production networks.
excuse me!
Hi, Randy. I didn't mean to deny you exist; you apparently do. ;) But in my sampling, operators with the opinion that 'IPv4 doesn't matter' represent the minority. Of course, it also depends on how you define "doesn't matter". I think that ongoing operation matters, especially when "ongoing" means a continued expectation of both existing and new customers. It's easy to say, "burn the IPv4 bridge" so we're forced to migrate to IPv6. But it's another thing to actually do it, when you're competing for customers that want IPv4 connectivity.
We may be the minority, but, we have a lot more address space and no shortage of IP addresses. How many IPv4 providers can say that?
That said, we're not forced to choose only one: IPv4 vs. IPv6. We should migrate to IPv6 because it makes sense - IPv4 is going to become more expensive and painful (to use and support). That doesn't preclude us from patching IPv4 together long enough to cross the bridge first.
Thoughts?
Patching the deck chairs does not change the fact that the boat is sinking. I suggest focusing on getting in a life boat. Deck chairs don't float very well. IPv6 is a life boat. NAT444 and other IPv4 preservation hacks are deck chairs. You can rearrange them all you want. Owen
There seems to be a position, taken by others on these lists, that IPv6 is the only address family that matters. Interestingly, this position seems to be most pronounced from people not involved in operating production networks.
excuse me!
Hi, Randy. I didn't mean to deny you exist; you apparently do. ;) But in my sampling, operators
benson, vendors saying what operators want went *seriously* out of fashion a couple of years back. we can speak for ourselves, tyvm. randy
On Feb 22, 2011, at 6:29 PM, Randy Bush wrote:
There seems to be a position, taken by others on these lists, that IPv6 is the only address family that matters. Interestingly, this position seems to be most pronounced from people not involved in operating production networks.
excuse me!
Hi, Randy. I didn't mean to deny you exist; you apparently do. ;) But in my sampling, operators
benson,
vendors saying what operators want went *seriously* out of fashion a couple of years back. we can speak for ourselves, tyvm.
I agree completely. I'm responding to what I've heard from operators. Cheers, -Benson
On Feb 22, 2011, at 12:29 AM, Benson Schliesser wrote:
On Feb 21, 2011, at 10:16 PM, Chris Grundemann wrote:
On Mon, Feb 21, 2011 at 19:08, Dan Wing <dwing@cisco.com> wrote:
Its title, filename, abstract, and introduction all say the problems are specific to NAT444. Which is untrue.
I just re-read the filename, abstract and introduction, and I disagree that any of those say that the problems are specific to NAT444. They all do state that these problems are present in NAT444, but not that it's the only technology/scenario/configuration where you might find them.
Let's at least agree that the text isn't precise. I've had a large number of conversations in which relatively intelligent people advocated other (non-NAT444) scenarios involving CGN, built on the premise that NAT444 is broken and draft-donley-nat444-impacts is evidence. Either the draft is perfectly clear and all of these people are stupid, or the draft is misleading (intentionally or unintentionally).
I would point out to them that the fact that their technology choice isn't NAT 444 does not mean that they don't have the same problems, merely that their technology wasn't part of the testing documented in the draft. I think the draft is perfectly clear and that humans, even intelligent humans often have problems with this level of logic. If A is a subset of B, it does not mean that A is not a subset of C. Therefore, a draft that states that technology B has problem A is not and cannot be logically construed as a statement that technology C does not have problem A, no matter how common it is for seemingly intelligent humans to make the mistake of doing so.
More importantly, I am unsure the point of this argument. Are you trying to say that the items listed as broken in the draft are not actually broken? Because in my experience they are. IMHO, the fact that they are also broken in other (similar) scenarios is not evidence that they are not broken in this one. On the contrary, this scenario seems to be evidence to the brokenness in the others (until we get a chance to test and document them all - are you volunteering? ;).
There seems to be a position, taken by others on these lists, that IPv6 is the only address family that matters. Interestingly, this position seems to be most pronounced from people not involved in operating production networks. But, regardless, if I were to accept this position then I might also agree that it doesn't matter whether or not draft-donley-nat444-impacts is misleading.
I don't think anyone has said that IPv6 is the only address family that matters. What I think people, myself included, have been saying is that IPv6 is the only way forward that does not involve many of these problems. (See my earlier Titanic post). As to whether or not it matters that people misinterpred draft-donly..., I'm not sure whether it actually does or not. There is no flavor of NAT that is particularly desirable. It's a matter of choosing the one that is least damaging to your environment where least damage may boil down to a choice between 5% and 3% remaining functionality.
On the contrary: While I emphatically agree that IPv6 is the path forward, I don't accept the notion that IPv4 no longer matters. IPv4 is the present-day Internet, and IPv4 connectivity is demanded by present-day paying customers - you don't burn the bridge until *after* you've crossed it. Further, given that IPv4 does matter yet has an exhausted address supply, there exists a need for IPv4 address sharing technology. Fundamentally, this means that we need to discuss and engineer the best possible address sharing technology. It may never be as good as native end-to-end IPv6, but sub-optimal is not the same thing as "broken" as others have claimed, and sub-optimal might be acceptable if it's the only alternative.
I don't think anyone is saying IPv4 no longer matters. I think we are saying that effort spent attempting to make the deteriorating IPv4 situation deteriorate less is both futile and better spent on making the IPv6 deployment situation better.
Of course, we can also rely on an IPv4 address market to avoid NAT in the more sensitive situations (i.e. situations with more sensitive users). But that's a different conversation.
Only if you expect that you can rely on a supply side in such a market. I am unconvinced that such will be reliable, especially after about 6 months of trading. This also presumes that more sensitive users can be defined in terms of what those users are willing (or able) to pay. Owen (who is very glad he has provider-independent addresses in both families as we approach this iceberg)
On Feb 22, 2011, at 3:40 AM, Owen DeLong wrote:
There seems to be a position, taken by others on these lists, that IPv6 is the only address family that matters. Interestingly, this position seems to be most pronounced from people not involved in operating production networks. But, regardless, if I were to accept this position then I might also agree that it doesn't matter whether or not draft-donley-nat444-impacts is misleading.
I don't think anyone has said that IPv6 is the only address family that matters. What I think people, myself included, have been saying is that IPv6 is the only way forward that does not involve many of these problems. (See my earlier Titanic post).
I agree completely: IPv6 is the only way forward that avoids these problems. In fact, an understanding of CGN impacts should be enough motivation for operators and users to start deploying IPv6 immediately.
As to whether or not it matters that people misinterpred draft-donly..., I'm not sure whether it actually does or not. There is no flavor of NAT that is particularly desirable. It's a matter of choosing the one that is least damaging to your environment where least damage may boil down to a choice between 5% and 3% remaining functionality.
I agree with your sentiment, that we should choose the least damaging solutions. Call it the "lesser evil" if you'd like. However, I think your estimates (5% vs 3%) are backwards. CGN-based solutions work for the vast majority of network traffic today - it's the stuff in the margin that breaks, according to all test reports I've seen.
I don't think anyone is saying IPv4 no longer matters. I think we are saying that effort spent attempting to make the deteriorating IPv4 situation deteriorate less is both futile and better spent on making the IPv6 deployment situation better.
It's not an exclusive situation - we can roll out IPv6 while continuing to maintain our existing IPv4 connectivity, support new customers with IPv4 needs, etc. As I mentioned before, we have to support the bridge we're crossing (crumbling IPv4 infrastructure) until we're on the other side (fertile IPv6 farmland).
Of course, we can also rely on an IPv4 address market to avoid NAT in the more sensitive situations (i.e. situations with more sensitive users). But that's a different conversation.
Only if you expect that you can rely on a supply side in such a market. I am unconvinced that such will be reliable, especially after about 6 months of trading. This also presumes that more sensitive users can be defined in terms of what those users are willing (or able) to pay.
This is an interesting discussion, because the timeframe is central to everything I've commented above. Considering RIR exhaustion (4-12 months) plus ISP exhaustion (TBD, but let's say anywhere from 1 month to 5+ years after RIR exhaustion), I expect some network providers to struggle with IPv4 address exhaustion before the 3rd quarter of 2011. On the other hand, other network providers will have enough resources to last for years - let's call that "excess supply". By all realistic estimates, any network provider that hasn't deployed IPv6 support into their infrastructure will need anywhere from 3 months to 3 years or more - let's generously say around 18 months to the point where 60% - 80% of hosts have reached IPv6 connectivity. Just considering these facts, I think we can see why some ISPs might be interested in acquiring more addresses through 2012. And those with excess supply might be motivated (financially) by a marketplace to share their resources, to meet this need. Further, let's consider that some network services (such as content / hosting) will need IPv4 connectivity longer than others, in order to reach the long-tail. For this category, I can see why some networks might be interested in acquiring more addresses through 2013 - 2016. Fortunately, on the other side of 2012 prices should decrease because supply goes up (as some people give up IPv4). Thus the market value of an address probably can be represented by a curve peaking in a couple years and then declining to zero a few years after that. Feedback on this would be appreciated - but my current belief is that it's realistic to plan for a couple years of trading rather than "about 6 months". (Side note: If we really wanted people to move to IPv6 before now, we should have instituted increasing prices for RIR-provided addresses. I posit that we just didn't have the collective balls to do this.) Cheers, -Benson
On Tue, 22 Feb 2011 02:29:23 CST, Benson Schliesser said:
There seems to be a position, taken by others on these lists, that IPv6 is the only address family that matters. Interestingly, this position seems to be most pronounced from people not involved in operating production networks.
"most pronounced from people not involved in operating production networks that are way behind the planning curve for IPv6 deployment". There, fixed that for you. (Full disclosure - yesterday's MRTG graphs show our border routers averaging 4Gbit/sec of IPv4 traffic and 150 Mbits/sec of IPv6 - so 4% or so of our production off-campus traffic is already IPv6)
On Feb 22, 2011, at 3:54 PM, Valdis.Kletnieks@vt.edu wrote:
On Tue, 22 Feb 2011 02:29:23 CST, Benson Schliesser said:
There seems to be a position, taken by others on these lists, that IPv6 is the only address family that matters. Interestingly, this position seems to be most pronounced from people not involved in operating production networks.
"most pronounced from people not involved in operating production networks that are way behind the planning curve for IPv6 deployment".
There, fixed that for you.
My original text remains true, because I tend to hear IPv6-only advocacy from vendors and policy folks more than operators - even more so versus operators of commercial ISP networks. But I take your point, that operators ahead of the IPv6 deployment curve are most likely to stand up with that opinion. Of course, the "network effect" being what it is... Your network being 100% IPv6 doesn't solve the overall problem of reachability. I think your example of 4% traffic from VT is applicable - you will have to worry about IPv4 connectivity, in one form or another, until it diminishes significantly. It's a bit like a tragedy of the commons. Cheers, -Benson
-----Original Message----- From: Chris Grundemann [mailto:cgrundemann@gmail.com] Sent: Monday, February 21, 2011 8:17 PM To: Dan Wing Cc: Owen DeLong; Benson Schliesser; NANOG list; ARIN-PPML List Subject: Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6 naysayer...)
On Mon, Feb 21, 2011 at 19:08, Dan Wing <dwing@cisco.com> wrote:
Its title, filename, abstract, and introduction all say the problems are specific to NAT444. Which is untrue.
I just re-read the filename, abstract and introduction, and I disagree that any of those say that the problems are specific to NAT444. They all do state that these problems are present in NAT444, but not that it's the only technology/scenario/configuration where you might find them.
More importantly, I am unsure the point of this argument.
My point is that: NAT breaks things, but NAT444 is /not/ the only case where breakage occurs.
Are you trying to say that the items listed as broken in the draft are not actually broken? Because in my experience they are. IMHO, the fact that they are also broken in other (similar) scenarios is not evidence that they are not broken in this one. On the contrary, this scenario seems to be evidence to the brokenness in the others (until we get a chance to test and document them all - are you volunteering? ;).
Vendor test results don't carry much value. The authors of draft-donley-nat444-impacts did testing, and I sincerely hope will publish results that split the impacts of access bandwidth starvation from home NAT from CGN from NAT444. -d
Cheers, ~Chris
-d
-- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.theIPv6experts.net www.coisoc.org
http://tools.ietf.org/html/draft-donley-nat444-impacts-01 That document conflates problems of NAT444 with problems of NAT44 with problems of bandwidth starvation with problems of CGN.
it may require a delicate palate to differentiate the different flavors of <bleep> randy
http://tools.ietf.org/html/draft-donley-nat444-impacts-01 That document conflates problems of NAT444 with problems of NAT44 with problems of bandwidth starvation with problems of CGN.
it may require a delicate palate to differentiate the different flavors of <bleep>
Running out of bandwidth for Netflix is pretty distinct from the flavor of fried gNAT. -d
On Wed, Feb 9, 2011 at 1:46 PM, Stephens, Josh <Josh.Stephens@solarwinds.com> wrote:
Not something I'd typically use this list for but I have an opportunity to host a debate of sorts on IPv6 where I'm taking a very pro IPv6 stance and I need someone who wants to argue the other side - effectively that most people don't need to worry about it for a long time still or until someone makes them.
http://bill.herrin.us/network/ipxl.html Joking, but only half joking. What kind of debate? Live debate doesn't work for me; I have the answers 15 minutes later. Personally, I'm leaning IPv6, but I can tell you the arguments opposed.... * Timing means we have to do carrier NAT anyway. Why go to both expenses? * Carrier NAT buys us enough years to build an IPv4 successor that actually solves some of the intractable IPv4 problems. Deploying IPv6 as it exists today requires massive amounts of manpower yet solves none of IPv4's problems save for the larger address space. Worse, it even doesn't appear to create the opportunity to solve those problems. * High disruption risk deploying IPv6 as implemented. May be smarter to wait until we have a protocol without the design errors that make IPv6 such a high deployment risk. * Will have learned enough in an aborted IPv6 transition to do the next one with minimal disruption. Things like host and network level configuration of protocol priorities so we have a better ability to stagger the cut-over process. * IPv6 remains half-baked with key technologies like enterprise NAT missing from the products. It isn't really ready for wide deployment; it's only being driven by IPv4 address exhaustion -- which we can defer for a couple decades through carrier NAT and other address reclamation enablers. * Next protocol should really be designed to support interoperability with the old one from the bottom up. IPv6 does not, requiring expensive and indefinite dual stack. * Can solve the multihoming/mobility problems we see in v4 if we ditch TCP with the next protocol and build something with multilevel dynamic addressing at the heart. Those problems remain intractable if we don't... and for IPv6 we didn't. and so on. -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On 9 feb 2011, at 20:53, William Herrin wrote:
* Carrier NAT buys us enough years to build an IPv4 successor
You're kidding, right? How long did it take exactly to get where we are now with IPv6? 18, 19 years? And yet there's still all kinds of stuff that isn't really ready for prime time yet.
* Next protocol should really be designed to support interoperability with the old one from the bottom up. IPv6 does not
That's because it's not the headers that aren't incompatible (the protocol translation is ok even though it could have been a bit better) but the addresses. A system that knows about 32-bit addresses will just not talk to a system with a 128-bit address. Once we're at 128-bit addresses then we can migrate to IPvA (7 - 9 are already taken) without much trouble. But then, 32-bit ASes interoperate with 16-bit ones with no trouble and still after a decade the support for that is not nearly good enough, either.
On Wed, Feb 9, 2011 at 12:05 PM, Iljitsch van Beijnum <iljitsch@muada.com> wrote:
[...] Once we're at 128-bit addresses then we can migrate to IPvA (7 - 9 are already taken) without much trouble. But then, 32-bit ASes interoperate with 16-bit ones with no trouble and still after a decade the support for that is not nearly good enough, either.
I know about IPv8 (sigh), and the Chinese abortive IPv9 claim, but when did 7 happen? There's a Google hit on Tim Wilson posting about IPv4 replacements in an informational RFC from 1993 using IPv7, but that's all I found. -- -george william herbert george.herbert@gmail.com
On 9 feb 2011, at 21:17, George Herbert wrote:
Once we're at 128-bit addresses then we can migrate to IPvA (7 - 9 are already taken) without much trouble.
I know about IPv8 (sigh), and the Chinese abortive IPv9 claim, but when did 7 happen?
RFC 1475, apparently: http://www.iana.org/assignments/version-numbers/version-numbers.xhtml
On Wed, Feb 9, 2011 at 3:05 PM, Iljitsch van Beijnum <iljitsch@muada.com> wrote:
On 9 feb 2011, at 20:53, William Herrin wrote:
* Carrier NAT buys us enough years to build an IPv4 successor
You're kidding, right? How long did it take exactly to get where we are now with IPv6? 18, 19 years?
Tech like carrier NAT theoretically yeilds address reclamation in excess of 80%. Internet-facing servers must consume IP address. It's convenient for client computers to do so as well, but not critical to the general function of the Internet. 20 years is about what that level of reclamation buys before we're out of addresses again. As you say -- enough time to develop a protocol and get it into the software and hardware.
* Next protocol should really be designed to support interoperability with the old one from the bottom up. IPv6 does not
That's because it's not the headers that aren't incompatible (the protocol translation is ok even though it could have been a bit better) but the addresses.
No, it's because decisions were made to try to abandon the old DFZ table along with IPv4 and institute /64 as a standard subnet mask. But for those choices, you could directly translate the IPv4 and IPv6 headers back and forth, at least until one of the addresses topped 32 bits. The transition to IPv6 could be little different than the transition to 32-bit AS numbers -- a nuisance, not a crisis. You recompile your software with the new IN_ADDR size and add IP header translation to the routers, but there's no configuration change, no new commands to learn, etc. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On 9 feb 2011, at 21:26, William Herrin wrote:
You're kidding, right? How long did it take exactly to get where we are now with IPv6? 18, 19 years?
Tech like carrier NAT theoretically yeilds address reclamation in excess of 80%.
Most IPv4 space is unused anyway, but it's not being reclaimed much despite that. (How many IP addresses does the US federal government need? Few people would think ~ 10 /8s. Especially since many of them aren't even lit up.)
* Next protocol should really be designed to support interoperability with the old one from the bottom up. IPv6 does not
That's because it's not the headers that aren't incompatible (the protocol translation is ok even though it could have been a bit better) but the addresses.
No, it's because decisions were made to try to abandon the old DFZ table along with IPv4 and institute /64 as a standard subnet mask. But for those choices, you could directly translate the IPv4 and IPv6 headers back and forth, at least until one of the addresses topped 32 bits. The transition to IPv6 could be little different than the transition to 32-bit AS numbers -- a nuisance, not a crisis. You recompile your software with the new IN_ADDR size and add IP header translation to the routers, but there's no configuration change, no new commands to learn, etc.
It's not that simple. But I agree on one thing: it could have been better. What needs to be done to move from IPv4 to IPv6 is three things: 1. the headers 2. the addresses 3. the applications Today, only IPv6 applications can use IPv6 addresses and only when IPv6 applications use IPv6 addresses will there be IPv6 headers. It would have been better to roll out the headers first. That would have meant changes to routers, because routers touch the headers. But if translating between IPv6 with 32-bit addresses and IPv4 can be done with low overhead (which is more or less the case today, BTW) then it would have been possible to upgrade from IPv4 to IPv6 subnet by subnet. This way, there wouldn't have had to be any dual stack, and once people had deployed IPv6 they would have kept using it. Today, and especially some years ago, IPv6 would/will often atrophy after having been deployed initially because of lack of use. Apps could have been upgraded the same way they have now, with the only difference that using an IPv4-mapped IPv6 address meant generating an IPv6 packet, not an IPv4 packet as is done today. Once 128-bit addresses are being used going from an IPv6 subnet to an IPv4 subnet becomes problematic, but this can be solved with stateful translation so most stuff keeps working anyway. And remember, servers and apps that can't work through a stateful translator can still get 32-bit addresses so everything keeps working without trouble. However, it's easy to come up with all of this in 2011. In 1993 the world was very different, and many things we take for granted today were still open questions then. It's very illuminating to read up on the mailinglist discussions from back then. People complained about IPv6 a decade or half a decade ago, too. Back then there may have been a chance to come up with a different protocol as a successor for IPv4, but it's way too late for that now. Anyway, most non-legacy applications support 128-bit addresses now and we have a pretty decent NAT64 spec sitting in the RFC editor queue (even if I do say so myself) so it's just a matter of sitting tight until we're through the painful part of the transition.
Most IPv4 space is unused anyway, but it's not being reclaimed much despite that. (How many IP addresses does the US federal government need? Few people would think ~ 10 /8s. Especially since many of them aren't even lit up.)
What do you mean, lit up? You mean they're not in the routing tables that you get from your carriers? I'd argue that's no indication of whether they're in use or not.
On 2/9/11 1:42 PM, Nathan Eisenberg wrote:
Most IPv4 space is unused anyway, but it's not being reclaimed much despite that. (How many IP addresses does the US federal government need? Few people would think ~ 10 /8s. Especially since many of them aren't even lit up.)
What do you mean, lit up? You mean they're not in the routing tables that you get from your carriers? I'd argue that's no indication of whether they're in use or not.
Especially given that they're know to be in use. e.g. it's not a secret, they just don't appear in your internet.
On Wed, 09 Feb 2011 16:42:14 -0500, Nathan Eisenberg <nathan@atlasnetworks.us> wrote:
What do you mean, lit up? You mean they're not in the routing tables that you get from your carriers? I'd argue that's no indication of whether they're in use or not.
That's pretty much the definition of "in use". If they don't appear in the global routing table, then they aren't being used. I cannot send traffic to them; they cannot send traffic to me. In my recent probe of route servers, I found 22 legacy /8's that were partly or completely unused. I'm a little surprised ARIN/ICANN thinks it's a waste of time to even try to reclaim them. --Ricky
In my recent probe of route servers, I found 22 legacy /8's that were partly or completely unused. I'm a little surprised ARIN/ICANN thinks it's a waste of time to even try to reclaim them.
How long would that be tied up in legal issues before they were freed?
In message <alpine.BSF.2.00.1102092156050.16359@goat.gigo.com>, Jason Fesler wri tes:
In my recent probe of route servers, I found 22 legacy /8's that were partly
or completely unused. I'm a little surprised ARIN/ICANN thinks it's a waste
of time to even try to reclaim them.
Because it is a waste of time and money.
How long would that be tied up in legal issues before they were freed?
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On 10/02/2011, at 4:39 PM, Mark Andrews wrote:
In message <alpine.BSF.2.00.1102092156050.16359@goat.gigo.com>, Jason Fesler wri tes:
In my recent probe of route servers, I found 22 legacy /8's that were partly
or completely unused. I'm a little surprised ARIN/ICANN thinks it's a waste
of time to even try to reclaim them.
Because it is a waste of time and money.
That's an assertion I've heard, but has anyone quantified it? How much time and money would it take? Has anyone just asked the 22 /8 holders mentioned above nicely if they might just like to give them back for some good publicity? You know, US DoD migrates to IPv6 and returns X /8s for the good of the American people (assume ARIN) so that broadband might continue to grow and thrive in the land of the free? MMC
On Thu, 10 Feb 2011 06:35:42 GMT, Matthew Moyle-Croft said:
That's an assertion I've heard, but has anyone quantified it? How much time and money would it take? Has anyone just asked the 22 /8 holders mentioned above nicely if they might just like to give them back for some good publicity?
There's only two minor problems with the idea: 1) How long will 22 /8's delay the inevitable if they were all available immediately? How much good will they do if only 3 or 4 actually return their /8? How much good will any of them do if they take 6 or 12 months to become available? If you get 2 a quarter from 4Q11 till 3Q13, how much does that change the basic point that people really should be deploying IPv6 rather than rearranging the deck chairs on the Titanic? 2) "Little Red Hen, Inc just completed a multi-hundred-thousand dollar project to renumber their entire network to return a /8 to benefit the lamb, the cat, and the pig, while Ant Co completed their own renumbering to return a /8 to benefit the grasshopper. The lamb, cat, pig, and grasshopper were all grateful for the ability to avoid deploying IPv6 even longer". Is that the sort of publicity you really want, and is it good enough to justify the cost of renumbering your entire network? At least in the current US climate, if a corporation has a /8 allocation, it's really hard to make the business case that you should spend money to renumber out of it, to the benefit of your competitors who then get to *not* spend money deploying IPv6.
On Feb 9, 2011, at 10:35 PM, Matthew Moyle-Croft wrote:
On 10/02/2011, at 4:39 PM, Mark Andrews wrote:
In message <alpine.BSF.2.00.1102092156050.16359@goat.gigo.com>, Jason Fesler wri tes:
In my recent probe of route servers, I found 22 legacy /8's that were partly
or completely unused. I'm a little surprised ARIN/ICANN thinks it's a waste
of time to even try to reclaim them.
Because it is a waste of time and money.
That's an assertion I've heard, but has anyone quantified it? How much time and money would it take? Has anyone just asked the 22 /8 holders mentioned above nicely if they might just like to give them back for some good publicity? You know, US DoD migrates to IPv6 and returns X /8s for the good of the American people (assume ARIN) so that broadband might continue to grow and thrive in the land of the free?
MMC
Multiple times. The most optimistic estimates are on the order of 4 years. The most optimistic estimates of the return rate are on the order of 6-8 /8s (not the 100% of 22 /8s you are postulating). The legal expenses would be extreme. So, for $ALOT and 4 years of effort, you might get back as much as 4 months of address space. Next? Owen
On Thu, 10 Feb 2011 01:35:42 -0500, Matthew Moyle-Croft <mmc@internode.com.au> wrote:
Because it is a waste of time and money.
That's an assertion I've heard, but has anyone quantified it? ...
Not that I've ever seen. All the bitching I've seen here and elsewhere boils down to it being more involved than sending an email, so they won't bother. To be fair, it *is* a lot more work than sending an email. For starters, just finding out *who* to email. Many companies that were given assignments have been sold or went out of business. Determining the proper holder can be as much work as getting the space back. Given the current state of affairs, getting any legacy holders to hand over the space is "not going to happen." That space is now worth more than anti-matter. Had they started the process a deacde ago instead of complaining that it's too much work, not worth it, etc., etc., then some of it might have been reclaimed by now. (and at current ARIN rates, a /8 is worth ~1.2mil/yr. on the open market, it's worth much more than that. esp. since legacy holders don't pay ANYTHING for it.) --Ricky
On Feb 10, 2011, at 11:46 AM, Ricky Beam wrote:
Had they started the process a deacde ago instead of complaining that it's too much work, not worth it, etc., etc., then some of it might have been reclaimed by now.
How about 15 years ago: http://tools.ietf.org/html/rfc1917 Regards, -drc
On 10/02/2011 06:15, Ricky Beam wrote:
On Wed, 09 Feb 2011 16:42:14 -0500, Nathan Eisenberg <nathan@atlasnetworks.us> wrote:
What do you mean, lit up? You mean they're not in the routing tables that you get from your carriers? I'd argue that's no indication of whether they're in use or not.
That's pretty much the definition of "in use". If they don't appear in the global routing table, then they aren't being used. I cannot send traffic to them; they cannot send traffic to me.
I don't think that this is a correct definition. The question should be if there is a need for a globally unique number for a device.
In my recent probe of route servers, I found 22 legacy /8's that were partly or completely unused. I'm a little surprised ARIN/ICANN thinks it's a waste of time to even try to reclaim them.
If all 22 /8 that aren't in use would be reclaimed, that would only postpone the problem by a few years, it would not solve problem that IPv4 address space is limited and we will, sooner or later, run out. Reclaiming will take a considerable amount of time and effort from everybody, I think this is better spent working on a solution that will solve the problem forever. Henk (Speaking for myself, not for my employer). -- ------------------------------------------------------------------------------ Henk Uijterwaal Email: henk.uijterwaal(at)ripe.net RIPE Network Coordination Centre http://www.xs4all.nl/~henku P.O.Box 10096 Singel 258 Phone: +31.20.5354414 1001 EB Amsterdam 1016 AB Amsterdam Fax: +31.20.5354445 The Netherlands The Netherlands Mobile: +31.6.55861746 ------------------------------------------------------------------------------ I confirm today what I denied yesterday. Anonymous Politician.
On Feb 10, 2011, at 12:15 AM, Ricky Beam wrote:
On Wed, 09 Feb 2011 16:42:14 -0500, Nathan Eisenberg <nathan@atlasnetworks.us> wrote:
What do you mean, lit up? You mean they're not in the routing tables that you get from your carriers? I'd argue that's no indication of whether they're in use or not.
That's pretty much the definition of "in use". If they don't appear in the global routing table, then they aren't being used. I cannot send traffic to them; they cannot send traffic to me.
In my recent probe of route servers, I found 22 legacy /8's that were partly or completely unused. I'm a little surprised ARIN/ICANN thinks it's a waste of time to even try to reclaim them.
--Ricky
This dead horse keep coming back for another beating. The purpose of a global registry of numbers is to provide a common source for unique numbers. The definition of "in use" by internet registries does not require appearance in your routing tables or even in the route servers. Not only that, the "users" may not even want or need to exchange traffic with you. As a survivor of many network consolidations due to corporate acquisitions, I have many scars from trying to get separate RFC 1918 islands to interwork properly. That is the reason that even so-called private networks need unique IP addressing. And now, since IPv6 is actually being deployed and used, there is absolutely no economic incentive to continue to fight the "IPv4 addresses not in my routing table are not 'in use'" battle any more. It is a waste of time and money. James R. Cutler james.cutler@consultant.com
On 2/10/11 5:31 AM, Cutler James R wrote:
On Feb 10, 2011, at 12:15 AM, Ricky Beam wrote:
On Wed, 09 Feb 2011 16:42:14 -0500, Nathan Eisenberg <nathan@atlasnetworks.us> wrote:
What do you mean, lit up? You mean they're not in the routing tables that you get from your carriers? I'd argue that's no indication of whether they're in use or not.
That's pretty much the definition of "in use". If they don't appear in the global routing table, then they aren't being used. I cannot send traffic to them; they cannot send traffic to me.
In my recent probe of route servers, I found 22 legacy /8's that were partly or completely unused. I'm a little surprised ARIN/ICANN thinks it's a waste of time to even try to reclaim them.
--Ricky
This dead horse keep coming back for another beating. The purpose of a global registry of numbers is to provide a common source for unique numbers. The definition of "in use" by internet registries does not require appearance in your routing tables or even in the route servers. Not only that, the "users" may not even want or need to exchange traffic with you.
As a survivor of many network consolidations due to corporate acquisitions, I have many scars from trying to get separate RFC 1918 islands to interwork properly. That is the reason that even so-called private networks need unique IP addressing.
more to the point, every partner / customer integration exercise that involves backend networks has rfc 1918 somewhere, e.g. it's not justd M&A and the pain doesn't go away. intersecticing address assignments for hundreds and potentiatly thousands of hosts when it comes to public cloud integration are a signficant drag on opertations, involve not just nat but additional split horizons and so fourth... This is not just speculation, this stuff happens in our environment virtually every-day.
And now, since IPv6 is actually being deployed and used, there is absolutely no economic incentive to continue to fight the "IPv4 addresses not in my routing table are not 'in use'" battle any more. It is a waste of time and money.
James R. Cutler james.cutler@consultant.com
On 2/9/2011 9:15 PM, Ricky Beam wrote:
On Wed, 09 Feb 2011 16:42:14 -0500, Nathan Eisenberg <nathan@atlasnetworks.us> wrote:
What do you mean, lit up? You mean they're not in the routing tables that you get from your carriers? I'd argue that's no indication of whether they're in use or not.
That's pretty much the definition of "in use". If they don't appear in the global routing table, then they aren't being used.
There is no one universal "global routing table". They probably appear in someone's routing table, somewhere... just not yours. If Cogent stops peering with you (I picked them, because that's not out of the question) and you stop seeing all their downstream routes, did those addresses suddenly become available for reassignment?
I cannot send traffic to them; they cannot send traffic to me.
That's true of almost all addresses these days, what with firewalls and all.
In my recent probe of route servers, I found 22 legacy /8's that were partly or completely unused. I'm a little surprised ARIN/ICANN thinks it's a waste of time to even try to reclaim them.
How many days do you think a single /8 lasts at current assignment rates? How would ARIN/ICANN go about reclaiming addresses that someone believes they are using but that you don't think are in use? Matthew Kaufman
On Thu, 10 Feb 2011 11:43:50 -0500, Matthew Kaufman <matthew@matthew.at> wrote:
There is no one universal "global routing table". They probably appear in someone's routing table, somewhere... just not yours.
Using public address space for private networking is a gross misuse of the resource. Go to any registry and ask for address space for your private networking that you do not intend to announce to the internet. They will laugh at you, and point you to RFC1918. (and likely flag you as someone to whom address space should never be assigned.) The only reason legacy holders get away with such crap is because there's no clear contract governing their assignment.
How many days do you think a single /8 lasts at current assignment rates?
APNIC says the last 2 /8's they were assigned (triggering the dead-man clause) would last ~6mo. With responsible use, 22 /8's would last several years. (3-5 best guess. Of course, there could be a land-rush and all of it disappear next week -- see also: responsible use)
How would ARIN/ICANN go about reclaiming addresses that someone believes they are using but that you don't think are in use?
First off, someone will have to do a lot more than 5 minutes of poking router-servers to see just how sparsely used ("announced") the space really is. That includes digging through BGP histories to see if it's ever been announced. Then research who should be in control of the space (announced or not.) Then send out nasty sounding letters informing whomever that X address space has not been announced to the public internet in Y years; on Z date, the space will reenter the IANA/ICANN free pool for reassignment. (cue lawyers :-)) They'd also be highly motivated to return unused space if they were being billing for it. As the powers that be have drug their feet for over a decade already, I really doubt they'll even take 5 minutes to look at *a single* route server. As for this "not fixing the problem", IPv4 is going to be a problem for MANY years to come. IPv6 deployment is glacially slow. IPv4 being "out of space" is getting news attention now, but will fade from the spotlight shortly. The people who have space will continue to have it and generally not notice the lack of availablity. The likes of Facebook, etc., have jumped on IPv6 because they have a reason to... they have volumes of IPv6 connected eyeballs. Yet the likes of Amazon and Akamai, aren't supporting IPv6 (and have no published plans to.) Almost all of the major ISPs in the country still don't fully support IPv6 -- the few that do embrace v6 make it a pain in the ass to get it setup. I don't support IPv6 (since elink killed their experiment); I can get everywhere I care to go, and everyone who cares to get to me does. I, like many/most others, will fix that problem when it *is* a problem. (For the record... TWTC: not supported, Speakeasy: not supported, VZB: not recommended for an existing connection (if you want it to stay working)) --Ricky
On 2/10/2011 9:46 PM, Ricky Beam wrote:
On Thu, 10 Feb 2011 11:43:50 -0500, Matthew Kaufman <matthew@matthew.at> wrote:
There is no one universal "global routing table". They probably appear in someone's routing table, somewhere... just not yours.
Using public address space for private networking is a gross misuse of the resource. Go to any registry and ask for address space for your private networking that you do not intend to announce to the internet. They will laugh at you, and point you to RFC1918. (and likely flag you as someone to whom address space should never be assigned.) The only reason legacy holders get away with such crap is because there's no clear contract governing their assignment.
https://www.arin.net/policy/nrpm.html#four35 Encourages use of RFC1918, but does not require it, especially when private peering with other networks is involved.
How many days do you think a single /8 lasts at current assignment rates?
APNIC says the last 2 /8's they were assigned (triggering the dead-man clause) would last ~6mo. With responsible use, 22 /8's would last several years. (3-5 best guess. Of course, there could be a land-rush and all of it disappear next week -- see also: responsible use)
If all 22 /8's were free to use, yes, 3-5 years. However, it violates existing RIR policies if those addresses are in use, even if not routed publicly.
First off, someone will have to do a lot more than 5 minutes of poking router-servers to see just how sparsely used ("announced") the space really is. That includes digging through BGP histories to see if it's ever been announced. Then research who should be in control of the space (announced or not.) Then send out nasty sounding letters informing whomever that X address space has not been announced to the public internet in Y years; on Z date, the space will reenter the IANA/ICANN free pool for reassignment. (cue lawyers :-)) They'd also be highly motivated to return unused space if they were being billing for it.
All of this would have to be accomplished in less than 6-9 months, but no one is going to wait in the hopes it might be accomplished, as failure would mean ruin. So the networks will deploy counter measures before the 6-9 month mark. They are already in the process.
As for this "not fixing the problem", IPv4 is going to be a problem for MANY years to come. IPv6 deployment is glacially slow. IPv4 being "out of space" is getting news attention now, but will fade from the spotlight shortly. The people who have space will continue to have it and generally not notice the lack of availablity. The likes of Facebook, etc., have jumped on IPv6 because they have a reason to... they have volumes of IPv6 connected eyeballs. Yet the likes of Amazon and Akamai, aren't supporting IPv6 (and have no published plans to.) Almost all of the major ISPs in the country still don't fully support IPv6 -- the few that do embrace v6 make it a pain in the ass to get it setup. I don't support IPv6 (since elink killed their experiment); I can get everywhere I care to go, and everyone who cares to get to me does. I, like many/most others, will fix that problem when it *is* a problem.
IPv4 will not be a problem for MANY years to come. If it survives 5 years in the DFZ, I'll be shocked. Errr, wasn't it this list that Akamai said they were testing and working on IPv6 deployments less than a week ago? Also, just because I have space (currently a /19 free), only means I have until that space runs out (assigning a /22 to a telco tomorrow morning as they just hit 98% utilization tonight, technically 100%, but I managed to free up a few). After that, IPv4 requires CGN or IPv6 with NAT64/DNS64. Neither option is pretty. Jack
As for this "not fixing the problem", IPv4 is going to be a problem for MANY years to come. IPv6 deployment is glacially slow. IPv4 being "out of space" is getting news attention now, but will fade from the spotlight shortly
I don't know about that. Yes, v4 will be around for a long time but considering the oligopolies we have in both eyeball and content networks, ones a dozen or so very large networks switch, there is the vast majority of Internet traffic right there. It will be around for a very long time handling a tiny bit of traffic. Facebook alone accounts for 25% of internet traffic in the US. Netflix is estimated to be over 20% and YouTube at 10%. So that's 55% of Internet traffic right there. At the other end of the transaction you have AT&T with 15.7 million, Comcast at 15.9 million, Verizon at 9.2 million and Time Warner at 8.9 million (early 2010 numbers). That's 50 million of the estimated 83 million US broadband subscribers. So once three content providers and four subscriber nets switch, that is over 25% of US internet traffic on v6 (more than half the users and more than half the content they look at). I don't think the growth of v6 traffic is going to be gradual, I think it will increase in steps. You will wake up one morning to find your v6 traffic doubled and some other morning it will double again.
I don't know about that. Yes, v4 will be around for a long time but considering the oligopolies we have in both eyeball and content networks, ones a dozen or so very large networks switch, there is the vast majority of Internet traffic right there. It will be around for a very long time handling a tiny bit of traffic.
Facebook alone accounts for 25% of internet traffic in the US. Netflix is estimated to be over 20% and YouTube at 10%. So that's 55% of Internet traffic right there. At the other end of the transaction you have AT&T with 15.7 million, Comcast at 15.9 million, Verizon at 9.2 million and Time Warner at 8.9 million (early 2010 numbers). That's 50 million of the estimated 83 million US broadband subscribers. So once three content providers and four subscriber nets switch, that is over 25% of US internet traffic on v6 (more than half the users and more than half the content they look at). Comcast, nor the other large MSOs, are not as monolithic as they may appear from the outside. In most cases the large MSOs are divided into regions that are more or less autonomous and that doesn't count the outlier properties that haven't been brought into the fold of the region
Agreed, V4 traffic levels are likely to drop and stay at low levels for decades. they are in for various, usually cost related, reasons so don't expect a large block of any of those guys to suddenly be at 60% of their users can get IPv6 addresses. While Facebook working over IPv6 will be a big deal you won't get all of their traffic since a significant fraction of that traffic is from mobile devices which are going to take much longer than PCs to get to using IPv6 in large numbers. Also, Netflix is even more problematic since the bulk of their traffic, and the fastest growing segment as well, is coming from Xboxes, Tivos, other gaming consoles, and TVs with enough embedded brains to talk directly. Those devices will also seriously lag behind PCs in IPv6 support.
I don't think the growth of v6 traffic is going to be gradual, I think it will increase in steps. You will wake up one morning to find your v6 traffic doubled and some other morning it will double again.
They'll be jumps, but they will be fairly smallish jumps since both the content maker, the ISP, and the device consuming the content all have to be ready. Since I don't imagine we will see any pure IPv6 deployments any time soon many/most of the IPv6 deploys will be dual stack and so we are still at the mercy of the AAAA record returning before the A record does.
-- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
On Friday 11 February 2011 15:00:57 Scott Helms wrote:
While Facebook working over IPv6 will be a big deal you won't get all of their traffic since a significant fraction of that traffic is from mobile devices which are going to take much longer than PCs to get to using IPv6 in large numbers. Also, Netflix is even more problematic since the bulk of their traffic, and the fastest growing segment as well, is coming from Xboxes, Tivos, other gaming consoles, and TVs with enough embedded brains to talk directly. Those devices will also seriously lag behind PCs in IPv6 support
Recommendation: if you're doing some sort of under-the-TV device, if it does 6to4 or some other kind of IPv6 tunnelling (like Apple Airports), colocate your relay/vpn host/tunnel exit points with content CDN servers rather than sending everything via your head office location. If you're snooping on the traffic, you can always configure the nodes to do that:-{0 -- The only thing worse than e-mail disclaimers...is people who send e-mail to lists complaining about them
On Fri, Feb 11, 2011 at 10:00 AM, Scott Helms <khelms@ispalliance.net> wrote:
Agreed, V4 traffic levels are likely to drop and stay at low levels for decades.
I seriously doubt v4 traffic is going to fall off a cliff. That would require IPv6 adoption on a large scale over a relatively short period. To date, nothing in the v6 verse has happened *quickly*. Replacement or software upgrades to millions of CPEs in hundreds of network is not something that will happen overnight. Even then, that will not instantly switch everyone and every device to IPv6. How many "connected" devices do you think there are in the average home? TV? DVR (stb)? Game console(s)? Netflix streaming thing? If you're using Windows 7, you're already "IPv6 connected"... IPv6 is installed by default (and in fact cannot be uninstalled) and configured with Teredo. So a lot of people could be using v6 already and not even know it.
Facebook ... So that's 55% of Internet traffic right there.
and making a dent in it means residential transition. 50mil (or 83mil) devices is a lot of shit to replace or reprogram. Not to forget the thousands of devices that feed them.
... mobile devices
i.e. cellphones... the two largest groups there (iPhone and Android) support IPv6 already. (in certain versions) I was saying the same thing about netflix. PC based streaming can already be done via IPv6. (ipv6.netflix.com?) I'm not sure any of my media devices (tv, consoles, tivo) can do IPv6. I'd be disappointed if SONY didn't have the PS3 doing v6. Tivo doesn't do v6 -- unless the premier does. DTV receiver doesn't. DISH doesn't. (Wii, don't care. :-)) --Ricky
On Fri, Feb 11, 2011 at 10:00 AM, Scott Helms wrote:
Agreed, V4 traffic levels are likely to drop and stay at low levels for decades.
I seriously doubt v4 traffic is going to fall off a cliff. That would require IPv6 adoption on a large scale over a relatively short period.
The thing is that a very few networks account for a very large amount of traffic. So it depends on what you mean by "adoption on a large scale". <1% of the networks account for >50% of the traffic. If a handful of networks move to v6, then we have a very large amount of v6 traffic and a significant decrease in v4 traffic. It depends on if you mean large numbers of different endpoints or large numbers of packets when you say "adoption on a large scale". Joe's Fish Farm might and all the other Fish Farms might stay v4 for a decade or more but that traffic accounts for an insignificant portion of traffic in the context of internet traffic as a whole.
To date, nothing in the v6 verse has happened *quickly*. Replacement or software upgrades to millions of CPEs in hundreds of network is not something that will happen overnight.
What is the natural "churn" rate for CPE for one of the large MSOs? What portion of the MSOs have v6 capable CPE in place right now but v6 just isn't in use but is planned to go into v6 service soon? You don't need to migrate "hundreds" of networks to account for the majority of eyeball internet traffic in North America, you only need about five. It could be that v6 capable CPE has been in the process of being rolled out already and has been for months to possibly years.
Even then, that will not instantly switch everyone and every device to IPv6. How many "connected" devices do you think there are in the average home? TV? DVR (stb)? Game console(s)? Netflix streaming thing?
Ok, we have been watching our DNS servers for who is requesting AAAA records. The vast majority of our connections come from a very small number of networks. We are seeing requests for AAAA records. The next step is to put a v6 only DNS server into whois but hand out only A records for a while. But the idea is to see what of the requests for AAAA records actually arrive via IPv6. Once we profile that for a while, we will return AAAA records for the largest requester but only for requests arriving by IPv6 requesting AAAA records. The next step is to see that the requests actually result in connections to the service address handed out by the AAAA records and let that "bake" for a while and see if any service oddities are noticed. We happen to be in a unique position in that requests from different remote networks request a unique service address for that remote network and most others don't have that luxury. So if one remote network is v6 clean, we can change one IP address to AAAA records and "migrate" that remote network to v6 without impacting others simply by changing the DNS record for their service IP. If another network has issues, is requesting AAAA records but can't really talk over v6, we can roll back to A records for that service IP associated with that particular remote network. Other providers don't have that luxury and I understand that. But still, once two of those remote networks switch to v6, that is a very significant portion of our traffic. It will be possible, depending on which remote networks migrate and at what speed, for traffic to migrate in "chunks" as we migrate those AAAA records. We might go from 0% of traffic on v6 to 25% of traffic on v6 in less than a calendar quarter depending on the behavior of the remote nets. Also, once THEY see more successful traffic migration to v6, it gives impetus for them to move faster in that direction for additional services.
Facebook ... So that's 55% of Internet traffic right there.
and making a dent in it means residential transition. 50mil (or 83mil) devices is a lot of shit to replace or reprogram. Not to forget the thousands of devices that feed them.
Yes, and I mentioned that. So once you have >50% of the potential content sources v6 capable and >50% of the potential eyeballs v6 capable, you have potentially 25% of internet traffic on v6. And that can be done with the migration of enough networks to count on your fingers. So again, are we talking number of networks or number of packets when we say "large scale adoption"?
... mobile devices
i.e. cellphones... the two largest groups there (iPhone and Android) support IPv6 already. (in certain versions)
And are already being given native v6 IP addresses in some markets. Some markets are already doing NAT64 or something to get these devices to v4 content. George
On Fri, 11 Feb 2011 12:20:59 -0500, George Bonser <gbonser@seven.com> wrote:
The thing is that a very few networks account for a very large amount of traffic.
Traffic has to have two end points. Just because the content source supports IPv6 does not mean the content request will be. That's the "millions of eyeballs" (aka sheep.) You don't seem to grasp the full picture... There are 4 parts to the equation: 1. Content Source 2. Transit network(s) 3. CPE 4. Content Consumer Fixing the source (be it Facebook, Youtube, or netflix) is rather simple in concept -- it's just one network, and doesn't require touching millions of devices. Transit networks are hit-n-miss, but is becoming less of a burden. The CPE on the other hand is a whole other mess... there are thousands (into millions) that will need firmware upgrades or complete replacement to support IPv6. (That's the cablemodems, dsl modem, Uverse RGs, FiOS ONTs, and linksys's and netgears of the world.) And *then* the device that actually wants the content has to have support. (that'd be you roku, blu-ray player, console, laptop, cellphone, picture frame, etc.)
What is the natural "churn" rate for CPE for one of the large MSOs?
How often MSO's replace CPE gear? "When it breaks" and "when it's no longer compat" I don't know about your cable company, but TW doesn't replace anything unless it's broken. I've had the same SB5100 for nearly a decade. (they did replace the SB3100/4100's a few years back, but they were no longer compatible with the network.) AT&T DSL also doesn't replace CPE's unless they break. (or you buy a new one.) In bridge mode, any modem will do. It's when the modem is also the router (which is most cases today) that it will need attention to support IPv6. (in bridge mode, you'll have to fix whatever it's plugged into, but that's the customer's problem... off to Best Buy for an IPv6 capable D-Link.)
What portion of the MSOs have v6 capable CPE in place right now...
Unknown. I've not known any MSO to publish those numbers. Any sane MSO is handing out D3 modems even if they are still running a D2 network, so new connections (or replacements) should be D3.
you only need about five
If you're thinking of five major cable operators, they aren't each "one network" but are a group of franchises/markets running more or less independent of each other.
Yes, and I mentioned that. So once you have >50% of the potential content sources v6 capable and >50% of the potential eyeballs v6 capable, you have potentially 25% of internet traffic on v6. And that can be done with the migration of enough networks to count on your fingers.
Heh. No it can't. You grossly underestimate the work necessary to get the eyeballs v6 capable. If Comcast has to replace as little as 10% of their modems, that'd be over 1mil. That's not going to happen overnight. (or even a month.) --Ricky
On 2/11/2011 3:41 PM, Ricky Beam wrote:
In bridge mode, any modem will do. It's when the modem is also the router (which is most cases today) that it will need attention to support IPv6. (in bridge mode, you'll have to fix whatever it's plugged into, but that's the customer's problem... off to Best Buy for an IPv6 capable D-Link.)
I just finished discussing with the one telco in my network that deployed PPPoE. All customers will bring their modem into the office, where the front desk ladies will flash the config to bridge mode. It was that or replace thousands of CPE that never will support IPv6 in routed mode. Have a nice day. Jack
Fine approach as long as the DSLAMs and CPE allow ether type 0x86DD to pass. Frank -----Original Message----- From: Jack Bates [mailto:jbates@brightok.net] Sent: Friday, February 11, 2011 4:01 PM To: Ricky Beam Cc: nanog@nanog.org Subject: Re: IPv6 mistakes, was: Re: Looking for an IPv6 naysayer... On 2/11/2011 3:41 PM, Ricky Beam wrote:
In bridge mode, any modem will do. It's when the modem is also the router (which is most cases today) that it will need attention to support IPv6. (in bridge mode, you'll have to fix whatever it's plugged into, but that's the customer's problem... off to Best Buy for an IPv6 capable D-Link.)
I just finished discussing with the one telco in my network that deployed PPPoE. All customers will bring their modem into the office, where the front desk ladies will flash the config to bridge mode. It was that or replace thousands of CPE that never will support IPv6 in routed mode. Have a nice day. Jack
Luckily, they do. Only the smart DSLAMs had issues, and they even blocked IP protocol 41. haha On 2/13/2011 4:44 PM, Frank Bulk wrote:
Fine approach as long as the DSLAMs and CPE allow ether type 0x86DD to pass.
Fixing the source (be it Facebook, Youtube, or netflix) is rather simple in concept -- it's just one network, and doesn't require touching millions of devices. Transit networks are hit-n-miss, but is becoming less of
a
burden. The CPE on the other hand is a whole other mess... there are thousands (into millions) that will need firmware upgrades or complete replacement to support IPv6.
I would venture to say that it is likely that most of the CPE deployed over the past couple of years is capable of supporting v6 even if v6 is not currently deployed on that CPE. (That's the cablemodems, dsl modem, Uverse
RGs, FiOS ONTs, and linksys's and netgears of the world.) And *then* the device that actually wants the content has to have support. (that'd be you roku, blu-ray player, console, laptop, cellphone, picture frame, etc.)
You are "frame dragging" what I said into something I didn't say. What I said was that it will take v6 deployment in only a tiny portion of the number of networks to account for a large amount of the traffic. There is a lot of v6 capability that is just sitting there at the moment. I never said v4 support would go away, in fact, I said it would be around for decades.
What is the natural "churn" rate for CPE for one of the large MSOs?
How often MSO's replace CPE gear?
That is a different question. People are always moving, for example, turning in their old CPE and getting new. Old ones break and need to be replaced with a new one. Let's say the gear they have been handing out over the past couple of years has had v6 capability. So not only have all new deployments had the capability for v6 once the provider turns it up, a good number of legacy installations have been gaining v6 capability as old gear is changed out for new. How many CPE units does Comcast go through in a month? That would be about the rate of v6 capability being deployed out there even if v6 isn't turned up on it.
"When it breaks" and "when it's no longer compat" I don't know about your cable company, but TW doesn't replace anything unless it's broken.
Correct, and a certain number of those break every month. With every passing month the amount of CPE out there that isn't v6 capable declines.
I've had the same SB5100 for nearly a decade.
This isn't about you or me. It is about "the net" in aggregate. V4 will continue to work, and those with older stuff will get v4. But at some point there are going to be people who decide to deploy a site that is v6 only. It will be "cool" and only "certain" people will be able to get to the content. Probably college kids and aging hipsters. Then other people will start hearing about it and want access to it ... and will demand their ISP get them on v6 pronto ;)
Heh. No it can't. You grossly underestimate the work necessary to get the eyeballs v6 capable. If Comcast has to replace as little as 10% of their modems, that'd be over 1mil. That's not going to happen overnight. (or even a month.)
--Ricky
They are constantly replacing them, all the time. Every day they replace a few more. Someone moves, turns in their old cable box, gets a new one at the new place. Kid spills milk in it, it gets dropped, whatever. Old CPE attritions out of the installed base every day, I just don't know what the annual churn rate is. But I do believe that if IPv6 were enabled in a market today on some carrier, there would be an installed base of gear right now that could handle it on day one that would represent an amount of traffic that is not insignificant.
On Fri, 11 Feb 2011 14:21:49 PST, George Bonser said:
That is a different question. People are always moving, for example, turning in their old CPE and getting new. Old ones break and need to be replaced with a new one. Let's say the gear they have been handing out over the past couple of years has had v6 capability.
So riddle me this - what CPE stuff were they giving out in 2009 that was already v6-able? (and actually *tested* as being v6-able, rather than "It's supposed to work but since we don't do v6 on the live net, nobody's ever actually *tried* it...")
So riddle me this - what CPE stuff were they giving out in 2009 that was already v6-able? (and actually *tested* as being v6-able, rather than "It's supposed to work but since we don't do v6 on the live net, nobody's ever actually *tried* it...")
I would venture to say the same as today's CPE if they are issuing today the same CPE to new customers that they were issuing in 2009. I do know that in my area it has changed since 2007. But I don't know when they started issuing the current CPE.
On Friday, February 11, 2011 05:33:37 pm Valdis.Kletnieks@vt.edu wrote:
So riddle me this - what CPE stuff were they giving out in 2009 that was already v6-able? (and actually *tested* as being v6-able, rather than "It's supposed to work but since we don't do v6 on the live net, nobody's ever actually *tried* it...")
Well, while no one that I know 'gave out' Linksys WRT54G's capable of running OpenWRT or similar (Sveasoft firmware, too), a WRT54G of the right (read: old enough) version can run the IPv6 modules (ipkg's) for OpenWRT, and there was at least one version of the Sveasoft WRT firmware that could do IPv6. While I have a few WRT54G's lying around, I've never tried IPv6 on them, and would find it interesting if anyone has. Owen, in particular, should know, because one of the HOWTO's I found was posted on an HE forum.....back in April of 2009. I found a few other HOWTO's, some in 2006, some in 2005, detailing IPv6 setup for the WRT54G running either Sveasoft or OpenWRT (one was for DD-WRT, and another for Tomato). Yeah, only the tech-savvy customers will be able to use this, unless the ISP sets up a 'Golden' CPE firmware image and recycles all those WRT54G's into useful things.... and then, of course, the DSL/Cable gateway needs to be in bridge mode. I'm sure there are other Linux-based firmwares for other CPE that can run Linux and IPv6; they just need enough flash and RAM to do it. vxWorks boxen, not so sure. And then there's all the Zoom stuff out there..... My own Netgear DG834G can, too, with some interesting tinkering involved. So the firmware is out there to do this, it just requires flashing and configuring.
On 02/12/2011 09:26 AM, Lamar Owen wrote:
While I have a few WRT54G's lying around, I've never tried IPv6 on them, and would find it interesting if anyone has.
http://www.tunnelbroker.net/forums/index.php?topic=106.0 -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/
On Sat, Feb 12, 2011 at 9:26 AM, Lamar Owen <lowen@pari.edu> wrote:
While I have a few WRT54G's lying around, I've never tried IPv6 on them, and would find it interesting if anyone has.
I used a WRT54G running DD-WRT for some time with a HE IPv6 tunnel (now replaced with a Cisco 877, but not due to any failing of the Linksys/DD-WRT) IPv6 support is actually broken in the latest version of DD-WRT, and it's been that way for some time (measured in years), however with some hacking you can get it to work. It's not at all user friendly, and definitely not consumer ready, but once it's working it's pretty much rock solid. All up I'd say I probably spent less time getting IPv6 working on DD-WRT than on my Cisco 877W (Hint: IOS 12.x doesn't support IPv6 on the bridge interface, the IOS 15.x Advanced Security feature set doesn't support IPv6 at all, and the flash requirements listed for 15.1 Advanced IP are wrong. Go Cisco!) Keep in mind that not all WRT54G's support DD-WRT. Linksys moved from Linux to Vxworks but kept the model number the same (the version did change). The WRT54GL along with various other devices do support it - details are on the DD-WRT website. Scott.
On 02/12/2011 02:32 PM, Scott Howard wrote:
On Sat, Feb 12, 2011 at 9:26 AM, Lamar Owen<lowen@pari.edu> wrote:
While I have a few WRT54G's lying around, I've never tried IPv6 on them, and would find it interesting if anyone has.
I used a WRT54G running DD-WRT for some time with a HE IPv6 tunnel (now replaced with a Cisco 877, but not due to any failing of the Linksys/DD-WRT)
IPv6 support is actually broken in the latest version of DD-WRT, and it's been that way for some time (measured in years), however with some hacking you can get it to work. It's not at all user friendly, and definitely not consumer ready, but once it's working it's pretty much rock solid.
All up I'd say I probably spent less time getting IPv6 working on DD-WRT than on my Cisco 877W (Hint: IOS 12.x doesn't support IPv6 on the bridge interface, the IOS 15.x Advanced Security feature set doesn't support IPv6 at all, and the flash requirements listed for 15.1 Advanced IP are wrong. Go Cisco!)
Keep in mind that not all WRT54G's support DD-WRT. Linksys moved from Linux to Vxworks but kept the model number the same (the version did change). The WRT54GL along with various other devices do support it - details are on the DD-WRT website.
OpenWRT will run IPv6 fine; Comcast posted patches some months back to enable some 6rd configuration mods needed for Comcast's IPv6 trial. From the Comcast beta forum, it's clear that some people have succeeded at merging those 6rd patches into OpenWRT, though there may be some rough edges. I haven't had time to take them for a spin. - Jim
On Feb 11, 2011, at 1:41 PM, Ricky Beam wrote:
On Fri, 11 Feb 2011 12:20:59 -0500, George Bonser <gbonser@seven.com> wrote:
The thing is that a very few networks account for a very large amount of traffic.
Traffic has to have two end points. Just because the content source supports IPv6 does not mean the content request will be. That's the "millions of eyeballs" (aka sheep.)
You don't seem to grasp the full picture... There are 4 parts to the equation: 1. Content Source 2. Transit network(s) 3. CPE 4. Content Consumer
Fixing the source (be it Facebook, Youtube, or netflix) is rather simple in concept -- it's just one network, and doesn't require touching millions of devices. Transit networks are hit-n-miss, but is becoming less of a burden. The CPE on the other hand is a whole other mess... there are thousands (into millions) that will need firmware upgrades or complete replacement to support IPv6. (That's the cablemodems, dsl modem, Uverse RGs, FiOS ONTs, and linksys's and netgears of the world.) And *then* the device that actually wants the content has to have support. (that'd be you roku, blu-ray player, console, laptop, cellphone, picture frame, etc.)
The CPE is an expected problem that most providers have been doing some level of planning for. I'm quite certain it will get solved in one of the following ways: 1. Provider ships replacement box. 2. Provider tells customer "As of X date, your current CPE will no longer be supported. Go buy one of these:" followed by a list of qualified CPE devices. 3. Provider finds some other way to get CPE to customers.
What is the natural "churn" rate for CPE for one of the large MSOs?
How often MSO's replace CPE gear? "When it breaks" and "when it's no longer compat" I don't know about your cable company, but TW doesn't replace anything unless it's broken. I've had the same SB5100 for nearly a decade. (they did replace the SB3100/4100's a few years back, but they were no longer compatible with the network.)
When the provider needs their customers to be IPv6 compatible, then IPv4 gear will be "broken" for all practical purposes in the above sentence. This will happen much faster than you expect.
AT&T DSL also doesn't replace CPE's unless they break. (or you buy a new one.) In bridge mode, any modem will do. It's when the modem is also the router (which is most cases today) that it will need attention to support IPv6. (in bridge mode, you'll have to fix whatever it's plugged into, but that's the customer's problem... off to Best Buy for an IPv6 capable D-Link.)
See above.
What portion of the MSOs have v6 capable CPE in place right now...
Unknown. I've not known any MSO to publish those numbers. Any sane MSO is handing out D3 modems even if they are still running a D2 network, so new connections (or replacements) should be D3.
Yes... All D3 modems are required to be IPv6 ready. So, any plant where the customers have D3, it's a configuration issue to provide IPv6 once the rest of the network is ready.
you only need about five
If you're thinking of five major cable operators, they aren't each "one network" but are a group of franchises/markets running more or less independent of each other.
Not so much as you think on the IP side of things.
Yes, and I mentioned that. So once you have >50% of the potential content sources v6 capable and >50% of the potential eyeballs v6 capable, you have potentially 25% of internet traffic on v6. And that can be done with the migration of enough networks to count on your fingers.
Heh. No it can't. You grossly underestimate the work necessary to get the eyeballs v6 capable. If Comcast has to replace as little as 10% of their modems, that'd be over 1mil. That's not going to happen overnight. (or even a month.)
No, you grossly underestimate the motivation that will exist to get the eyeball networks v6 capable. Comcast has over 20 million subscribers. Their subscribers fall into two categories: 1. Subscribers with their own gear: Comcast will probably send them a note that tells them it's time to buy new gear with specifications on what to buy. 2. Subscribers that pay Comcast a monthly fee to "rent" that gear: Comcast will probably swap out their gear. Yes, it may be over a $million, but, Comcast collects $millions per month in gear rental fees from which that can easily be covered. There will be no real problem in terms of the cost here. On the flip side of the equation, all of them are going to have to start delivering new services on IPv6 equipment with IPv6 support pretty soon anyway. As such, bringing the existing customers forward becomes a cost reduction measure because it's always cheaper to manage a network were everyone is on a limited set of hardware choices than a more diverse network. Things that reduce costs are strong motivation in narrow-margin services like residential broadband. Owen
On 2/11/2011 5:34 PM, Owen DeLong wrote:
No, you grossly underestimate the motivation that will exist to get the eyeball networks v6 capable.
eyeball networks... we hack and patch them together. Silly putty is very useful. IPv6 rollouts are no different. Just more silly putty. IPv4 support for all the applications and appliances that don't support IPv6 is what will suck. So, don't worry about the ISP. Core networks are gearing up super fast (they've actually been at it for years, just not rolled it out), eyeballs will hack and patch easy enough (CPEs aren't that large a deal, and 6rd even gets us around internal v4 only problems in those isolated areas), many standard services on the net are v6 capable. Those which aren't, that's their own fault. They've had decades. :) Jack
On Fri, Feb 11, 2011 at 16:02, Ricky Beam <jfbeam@gmail.com> wrote:
i.e. cellphones... the two largest groups there (iPhone and Android) support IPv6 already.
No they don't. Only Symbian and Maemo (MeeGo?) supports IPv6 *on the mobile side*. Not android, not iphone. Unless this has changed in the last month, it's still the case. Neither of the two have any public plans to support IPv6 either. Really. -- typedef struct me_s { char name[] = { "Thomas Habets" }; char email[] = { "thomas@habets.pp.se" }; char kernel[] = { "Linux" }; char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt" }; char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" }; char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" }; } me_t;
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My Milestone (android 2.1) uses IPv6 when connecting to a WLAN with stateless auto configuration enabled... (well at least basic connectivity when browsing web pages... Not sure about the rest...) Am 12.02.2011 16:49, schrieb Thomas Habets:
On Fri, Feb 11, 2011 at 16:02, Ricky Beam <jfbeam@gmail.com> wrote:
i.e. cellphones... the two largest groups there (iPhone and Android) support IPv6 already.
No they don't. Only Symbian and Maemo (MeeGo?) supports IPv6 *on the mobile side*.
Not android, not iphone.
Unless this has changed in the last month, it's still the case.
Neither of the two have any public plans to support IPv6 either.
Really.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1WtpcACgkQHTGv6cAMp2iYGQCgmY7LZLOCyaj0SloiyObyBHx+ Ts8AnAvnyRurC9a3eZgwV0BRJ2oiAvJe =+mZr -----END PGP SIGNATURE-----
On 2/12/2011 10:34 AM, Andre Keller wrote:
My Milestone (android 2.1) uses IPv6 when connecting to a WLAN with stateless auto configuration enabled...
Am 12.02.2011 16:49, schrieb Thomas Habets:
*on the mobile side*.
On Sat, 12 Feb 2011, Thomas Habets wrote:
Really.
Exactly. Can we PLEASE kill the myth that Android and iPhone has IPv6 support for mobile side. PLEASE. None do, and there are no publically available roadmaps when this might happen on either OSes. There are exactly two types of devices (afaik) that support IPv6 for mobile, and that's Nokia phones using Symbian and Maemo (afaik only N900). No other vendor has any IPv6 mobile side support, and even though Microsoft did the right thing for IPv6 on Vista and Win7, they've dropped the ball on Windows Phone 7 and have no IPv6 support there. I was very disappointed when I learnt that fact. I've been told it's to some extent a Qualcomm baseband issue. There are also no USB dongles with IPv6 support that I am aware of. This means that the incentive for mobile operators to support IPv6 is very close to zero even though a lot of them could do it fairly easily. I have native IPv6 in my Nokia N900, it works just fine within "my" own network, ie without roaming. -- Mikael Abrahamsson email: swmike@swm.pp.se
On Sat, Feb 12, 2011 at 8:53 AM, Mikael Abrahamsson <swmike@swm.pp.se> wrote:
On Sat, 12 Feb 2011, Thomas Habets wrote:
Really.
Exactly. Can we PLEASE kill the myth that Android and iPhone has IPv6 support for mobile side. PLEASE. None do, and there are no publically available roadmaps when this might happen on either OSes.
There are exactly two types of devices (afaik) that support IPv6 for mobile, and that's Nokia phones using Symbian and Maemo (afaik only N900).
No other vendor has any IPv6 mobile side support, and even though Microsoft did the right thing for IPv6 on Vista and Win7, they've dropped the ball on Windows Phone 7 and have no IPv6 support there. I was very disappointed when I learnt that fact. I've been told it's to some extent a Qualcomm baseband issue. There are also no USB dongles with IPv6 support that I am aware of.
I completely agree with this note from Mikael, but as Joel pointed out and I have confirmed before, Verizon Wireless does have dual-stack USB sticks for LTE. But it is only working on their itty bitty LTE network ... LTE is still developing a market and the economies of scale are not there, so things like this happen where small supply exceeds the growing demand. I believe the chipset cost for LTE are around $100 while they are $15 for HSPA ... (foggy memory) But, LTE is not the issue here. GSM/UMTS/HSPA+ all support IPv6 just as well as LTE. The issue is mobile OSs don't support IPv6 aside from Nokia. Mikael and I both have 3G networks with demonstrated IPv6 capabilities, perhaps people should request Google drive Android IPv6 support. Please point your IPv6 interest here http://code.google.com/p/android/issues/detail?id=3389 and comment and try and drive the IPv6 support for mobile into Android. Cameron
This means that the incentive for mobile operators to support IPv6 is very close to zero even though a lot of them could do it fairly easily.
I have native IPv6 in my Nokia N900, it works just fine within "my" own network, ie without roaming.
-- Mikael Abrahamsson email: swmike@swm.pp.se
On Sat, 2011-02-12 at 09:37 -0800, Cameron Byrne wrote:
Mikael and I both have 3G networks with demonstrated IPv6 capabilities, perhaps people should request Google drive Android IPv6 support. Please point your IPv6 interest here http://code.google.com/p/android/issues/detail?id=3389 and comment and try and drive the IPv6 support for mobile into Android.
Looks like cyanogenmod supports ipv6: http://forum.cyanogenmod.com/topic/1286-ipv6-on-cm-508-ds/ Laurent
That is on WiFi, NOT cellular. On Sat, Feb 12, 2011 at 2:44 PM, Laurent GUERBY <laurent@guerby.net> wrote:
On Sat, 2011-02-12 at 09:37 -0800, Cameron Byrne wrote:
Mikael and I both have 3G networks with demonstrated IPv6 capabilities, perhaps people should request Google drive Android IPv6 support. Please point your IPv6 interest here http://code.google.com/p/android/issues/detail?id=3389 and comment and try and drive the IPv6 support for mobile into Android.
Looks like cyanogenmod supports ipv6:
http://forum.cyanogenmod.com/topic/1286-ipv6-on-cm-508-ds/
Laurent
On Feb 11, 2011, at 7:00 AM, Scott Helms wrote:
I don't know about that. Yes, v4 will be around for a long time but considering the oligopolies we have in both eyeball and content networks, ones a dozen or so very large networks switch, there is the vast majority of Internet traffic right there. It will be around for a very long time handling a tiny bit of traffic.
Agreed, V4 traffic levels are likely to drop and stay at low levels for decades.
I don't think it will be just a drop in traffic levels. I think that it will not be long before the internet is an IPv6 ocean with islands of IPv4, much like it was an ocean of IPv4 with islands of IPv6 years ago.
Facebook alone accounts for 25% of internet traffic in the US. Netflix is estimated to be over 20% and YouTube at 10%. So that's 55% of Internet traffic right there. At the other end of the transaction you have AT&T with 15.7 million, Comcast at 15.9 million, Verizon at 9.2 million and Time Warner at 8.9 million (early 2010 numbers). That's 50 million of the estimated 83 million US broadband subscribers. So once three content providers and four subscriber nets switch, that is over 25% of US internet traffic on v6 (more than half the users and more than half the content they look at). Comcast, nor the other large MSOs, are not as monolithic as they may appear from the outside. In most cases the large MSOs are divided into regions that are more or less autonomous and that doesn't count the outlier properties that haven't been brought into the fold of the region they are in for various, usually cost related, reasons so don't expect a large block of any of those guys to suddenly be at 60% of their users can get IPv6 addresses.
I think you'll be in for a surprise here.
While Facebook working over IPv6 will be a big deal you won't get all of their traffic since a significant fraction of that traffic is from mobile devices which are going to take much longer than PCs to get to using IPv6 in large numbers. Also, Netflix is even more problematic since the bulk of their traffic, and the fastest growing segment as well, is coming from Xboxes, Tivos, other gaming consoles, and TVs with enough embedded brains to talk directly. Those devices will also seriously lag behind PCs in IPv6 support.
I think you'll be in for a surprise here, too. The 4G transition is already underway. For the vendors where 4G means LTE, IPv6 is the native protocol and IPv4 requires a certain amount of hackery to operate. In the WiMax case (Gee, thanks, SPRINT), things are a bit murkier, but, I think you will see WiMax go IPv6 pretty quickly as well. Yes, it will take a little longer to retire the 3G system(s) than many other parts of the internet, but, I think you will see most of it going away in the 5-7 year range.
I don't think the growth of v6 traffic is going to be gradual, I think it will increase in steps. You will wake up one morning to find your v6 traffic doubled and some other morning it will double again.
They'll be jumps, but they will be fairly smallish jumps since both the content maker, the ISP, and the device consuming the content all have to be ready. Since I don't imagine we will see any pure IPv6 deployments any time soon many/most of the IPv6 deploys will be dual stack and so we are still at the mercy of the AAAA record returning before the A record does.
You misunderstand how getaddrinfo() works under the hood. The code itself first does an AAAA lookup and then does an A lookup. DNS does not return both record sets at once. If there is an AAAA record, it will return first. Some OS have modified things to resort the getaddrinfo() returns based on the perceived type of IPv6 and IPv4 connectivity available as an attempt to reduce certain forms of brokenness. However, even in those cases, you should get the AAAA first if you have real IPv6 connectivity. Owen
Comcast, nor the other large MSOs, are not as monolithic as they may appear from the outside. In most cases the large MSOs are divided into regions that are more or less autonomous and that doesn't count the outlier properties that haven't been brought into the fold of the region they are in for various, usually cost related, reasons so don't expect a large block of any of those guys to suddenly be at 60% of their users can get IPv6 addresses.
I think you'll be in for a surprise here. We'll see, I have reasons to be (deeply) skeptical, but I hope you're right. Care to speculate on a time frame for when we might get a
While Facebook working over IPv6 will be a big deal you won't get all of their traffic since a significant fraction of that traffic is from mobile devices which are going to take much longer than PCs to get to using IPv6 in large numbers. Also, Netflix is even more problematic since the bulk of their traffic, and the fastest growing segment as well, is coming from Xboxes, Tivos, other gaming consoles, and TVs with enough embedded brains to talk directly. Those devices will also seriously lag behind PCs in IPv6 support.
I think you'll be in for a surprise here, too. The 4G transition is already underway. For the vendors where 4G means LTE, IPv6 is the native protocol and IPv4 requires a certain amount of hackery to operate. LTE won't be "real" for the vast majority of subs until the they have an LTE handset, which won't happen until they replace their existing 3G
In the WiMax case (Gee, thanks, SPRINT), things are a bit murkier, but, I think you will see WiMax go IPv6 pretty quickly as well.
Yes, it will take a little longer to retire the 3G system(s) than many other parts of the internet, but, I think you will see most of it going away in the 5-7 year range. 3G will be around in substantial amounts for at least 10 years outside of the top 20 metro markets. You misunderstand how getaddrinfo() works under the hood. The code itself first does an AAAA lookup and then does an A lookup. DNS does not return both record sets at once. If there is an AAAA record, it will return first.
Some OS have modified things to resort the getaddrinfo() returns based on the perceived type of IPv6 and IPv4 connectivity available as an attempt to reduce certain forms of brokenness. However, even in those cases, you should get the AAAA first if you have real IPv6 connectivity. I haven't looked at the code so that it is entirely possible, but I am more concerned with what the content providers do. Does MS implement
pleasant surprise? phone. That won't happen unless Verizon and AT&T decide to suddenly give people upgrade credits before their contract would allow. What's worse the whole LTE isn't really 4G and will be replaced by LTE+ makes this worse. If you're a phone maker you're likely trying to decide if you've gone to far to delay your product launch or if you can wait for LTE+ chipsets before releasing your new phone. the POSIX function? I don't know, but if not whatever Win(XP-7) does is much more important to traffic than what all of the BSD and Linux variants do. Right now you can have a completely working dual stack set up and if your ISP's name server isn't on Google's (and a host of others) white list you'll never get the AAAA record no matter what order your client resolver code asks for the addresses in. http://tools.ietf.org/html/draft-ietf-v6ops-v6-aaaa-whitelisting-implication... http://arstechnica.com/web/news/2010/03/yahoo-wants-two-faced-dns-to-aid-ipv... The point here is that there are multiple hoops that have to navigated and if any one of them is missed the client will work over v4 and that will keep the ramp up of v6 traffic modest for a long time to come. BTW, I don't want to be right here but I know intimately how ISPs, CPE vendors, and customers behave.
-- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
On Fri, Feb 11, 2011 at 11:56 AM, Owen DeLong <owen@delong.com> wrote:
On Feb 11, 2011, at 7:00 AM, Scott Helms wrote:
I don't know about that. Yes, v4 will be around for a long time but considering the oligopolies we have in both eyeball and content networks, ones a dozen or so very large networks switch, there is the vast majority of Internet traffic right there. It will be around for a very long time handling a tiny bit of traffic.
Agreed, V4 traffic levels are likely to drop and stay at low levels for decades.
I don't think it will be just a drop in traffic levels. I think that it will not be long before the internet is an IPv6 ocean with islands of IPv4, much like it was an ocean of IPv4 with islands of IPv6 years ago.
Facebook alone accounts for 25% of internet traffic in the US. Netflix is estimated to be over 20% and YouTube at 10%. So that's 55% of Internet traffic right there. At the other end of the transaction you have AT&T with 15.7 million, Comcast at 15.9 million, Verizon at 9.2 million and Time Warner at 8.9 million (early 2010 numbers). That's 50 million of the estimated 83 million US broadband subscribers. So once three content providers and four subscriber nets switch, that is over 25% of US internet traffic on v6 (more than half the users and more than half the content they look at). Comcast, nor the other large MSOs, are not as monolithic as they may appear from the outside. In most cases the large MSOs are divided into regions that are more or less autonomous and that doesn't count the outlier properties that haven't been brought into the fold of the region they are in for various, usually cost related, reasons so don't expect a large block of any of those guys to suddenly be at 60% of their users can get IPv6 addresses.
I think you'll be in for a surprise here.
While Facebook working over IPv6 will be a big deal you won't get all of their traffic since a significant fraction of that traffic is from mobile devices which are going to take much longer than PCs to get to using IPv6 in large numbers. Also, Netflix is even more problematic since the bulk of their traffic, and the fastest growing segment as well, is coming from Xboxes, Tivos, other gaming consoles, and TVs with enough embedded brains to talk directly. Those devices will also seriously lag behind PCs in IPv6 support.
I think you'll be in for a surprise here, too. The 4G transition is already underway. For the vendors where 4G means LTE, IPv6 is the native protocol and IPv4 requires a certain amount of hackery to operate.
In the WiMax case (Gee, thanks, SPRINT), things are a bit murkier, but, I think you will see WiMax go IPv6 pretty quickly as well.
Yes, it will take a little longer to retire the 3G system(s) than many other parts of the internet, but, I think you will see most of it going away in the 5-7 year range.
This is not quite the case. 2G / 3G / 4G largely refers to radio interface aspects, and the packet core that moves IP packets is largely the same. I have a 5 year old 2G/GSM Nokia phone that support IPv6 over cellular just fine on my network today. There are several LTE deployments around the world that are IPv4 only. There is no hackery require to make IPv4 work in LTE. LTE supports IPv4, IPv6, and IPv4v6 bearers all the same... its just an option from the core perspective, handset / chipset makers like to limit the options to keep cost and variability down. The pressure needs to be applied to the handset makers, they are squarely the "long pole in the tent" here. Cameron ====== http://groups.google.com/group/tmoipv6beta ======
I don't think the growth of v6 traffic is going to be gradual, I think it will increase in steps. You will wake up one morning to find your v6 traffic doubled and some other morning it will double again.
They'll be jumps, but they will be fairly smallish jumps since both the content maker, the ISP, and the device consuming the content all have to be ready. Since I don't imagine we will see any pure IPv6 deployments any time soon many/most of the IPv6 deploys will be dual stack and so we are still at the mercy of the AAAA record returning before the A record does.
You misunderstand how getaddrinfo() works under the hood. The code itself first does an AAAA lookup and then does an A lookup. DNS does not return both record sets at once. If there is an AAAA record, it will return first.
Some OS have modified things to resort the getaddrinfo() returns based on the perceived type of IPv6 and IPv4 connectivity available as an attempt to reduce certain forms of brokenness. However, even in those cases, you should get the AAAA first if you have real IPv6 connectivity.
Owen
I think you'll be in for a surprise here, too. The 4G transition is already underway. For the vendors where 4G means LTE, IPv6 is the native protocol and IPv4 requires a certain amount of hackery to operate.
In the WiMax case (Gee, thanks, SPRINT), things are a bit murkier, but, I think you will see WiMax go IPv6 pretty quickly as well.
Yes, it will take a little longer to retire the 3G system(s) than many other parts of the internet, but, I think you will see most of it going away in the 5-7 year range.
This is not quite the case. 2G / 3G / 4G largely refers to radio interface aspects, and the packet core that moves IP packets is largely the same. I have a 5 year old 2G/GSM Nokia phone that support IPv6 over cellular just fine on my network today.
Sure, there are some 3G systems that support IPv6, but, most carriers will probably roll IPv6 out as part of their 4G upgrade from what I have seen.
There are several LTE deployments around the world that are IPv4 only.
I think if you look under the hood, they may only provide internet routing for IPv4, but, I don't think they are IPv4 only across the radio.
There is no hackery require to make IPv4 work in LTE. LTE supports IPv4, IPv6, and IPv4v6 bearers all the same... its just an option from the core perspective, handset / chipset makers like to limit the options to keep cost and variability down.
My understanding (admittedly second hand, so perhaps the engineer explaining it to me was mistaken) was that LTE was IPv6 and that IPv4 was implemented on the radio side essentially as a 4in6 tunnel with a very very short-term DHCP lease for the v4 address.
The pressure needs to be applied to the handset makers, they are squarely the "long pole in the tent" here.
Yep. In the US, at least, the carriers have an unfortunately large ability to do that. In this case, it will prove helpful. In most cases, it has proven to be rather strongly contrary to the consumer's best interests. Owen
On Fri, Feb 11, 2011 at 1:00 PM, Owen DeLong <owen@delong.com> wrote:
I think you'll be in for a surprise here, too. The 4G transition is already underway. For the vendors where 4G means LTE, IPv6 is the native protocol and IPv4 requires a certain amount of hackery to operate.
In the WiMax case (Gee, thanks, SPRINT), things are a bit murkier, but, I think you will see WiMax go IPv6 pretty quickly as well.
Yes, it will take a little longer to retire the 3G system(s) than many other parts of the internet, but, I think you will see most of it going away in the 5-7 year range.
This is not quite the case. 2G / 3G / 4G largely refers to radio interface aspects, and the packet core that moves IP packets is largely the same. I have a 5 year old 2G/GSM Nokia phone that support IPv6 over cellular just fine on my network today.
Sure, there are some 3G systems that support IPv6, but, most carriers will probably roll IPv6 out as part of their 4G upgrade from what I have seen.
Yep, 4G projects should add IPv6, most people agree about this.
There are several LTE deployments around the world that are IPv4 only.
I think if you look under the hood, they may only provide internet routing for IPv4, but, I don't think they are IPv4 only across the radio.
Nope.
There is no hackery require to make IPv4 work in LTE. LTE supports IPv4, IPv6, and IPv4v6 bearers all the same... its just an option from the core perspective, handset / chipset makers like to limit the options to keep cost and variability down.
My understanding (admittedly second hand, so perhaps the engineer explaining it to me was mistaken) was that LTE was IPv6 and that IPv4 was implemented on the radio side essentially as a 4in6 tunnel with a very very short-term DHCP lease for the v4 address.
Nope, it does not work this way. There are tunnels for mobility, and it is possible that IPv4 user plane packet get carried in IPv6 GTP packets but that is the same case for IPv6 user plane also being in IPv6 GTP packets.... but LTE generally does not use any DHCP to the user. Key point: LTE does not imply any mandatory IPv6 networks infrastructure or services, but it does work with IPv6 and should be deployed with IPv6. Cameron (who works in mobile, everyday)
There is no hackery require to make IPv4 work in LTE. LTE supports IPv4, IPv6, and IPv4v6 bearers all the same... its just an option from the core perspective, handset / chipset makers like to limit the options to keep cost and variability down.
My understanding (admittedly second hand, so perhaps the engineer explaining it to me was mistaken) was that LTE was IPv6 and that IPv4 was implemented on the radio side essentially as a 4in6 tunnel with a very very short-term DHCP lease for the v4 address.
Nope, it does not work this way. There are tunnels for mobility, and it is possible that IPv4 user plane packet get carried in IPv6 GTP packets but that is the same case for IPv6 user plane also being in IPv6 GTP packets.... but LTE generally does not use any DHCP to the user.
Key point: LTE does not imply any mandatory IPv6 networks infrastructure or services, but it does work with IPv6 and should be deployed with IPv6.
Cameron (who works in mobile, everyday)
OK... Thanks for the clarification. So did the other guy who gave me the other story. I won't pretend to be a mobile expert. Owen
On Fri, Feb 11, 2011 at 2:56 PM, Owen DeLong <owen@delong.com> wrote:
I think you'll be in for a surprise here, too. The 4G transition is already underway. For the vendors where 4G means LTE, IPv6 is the native protocol and IPv4 requires a certain amount of hackery to operate.
I'm writing an article where I want to say that but I can't find an article I can reference to back it up. I don't want to accidentally encourage an urban legend or rumor. (For example, I can't find verification to the rumor that ARIN rejected a request from LTE providers for IPv4 space and instead told them to go straight to IPv6. I do others in this thread saying that native IPv4 on LTE is common, so unless someone can give me evidence, I'll have to update that part of the article. OMG i'd love to make that point; anyone have proof?). I could, instead, write, "most carriers will probably roll IPv6 out as part of their 4G upgrade" but that sounds wishy-washy. Thanks in advance, Tom -- http://EverythingSysadmin.com -- my blog (new posts Mon and Wed) http://www.TomOnTime.com -- my advice (more videos coming soon)
On Fri, 11 Feb 2011, Tom Limoncelli wrote:
On Fri, Feb 11, 2011 at 2:56 PM, Owen DeLong <owen@delong.com> wrote:
I think you'll be in for a surprise here, too. The 4G transition is already underway. For the vendors where 4G means LTE, IPv6 is the native protocol and IPv4 requires a certain amount of hackery to operate.
I'm writing an article where I want to say that but I can't find an article I can reference to back it up.
We're an LTE operator and this is the first time I've heard about this. LTE supports IPv4 and IPv6 and as far as I can discern, that is a requirement, and there is no "hackery" to get IPv4 running. We have yet to see any LTE terminals (USB dongels so far) that support IPv6. There are a lot of other kinks to work out first, going IPv6 only here is definitely not the place. Remember, a lot of people buying this service is taking the USB dongle and attaching it to their corporate XP laptop. -- Mikael Abrahamsson email: swmike@swm.pp.se
On 2/11/11 6:31 PM, Mikael Abrahamsson wrote:
On Fri, 11 Feb 2011, Tom Limoncelli wrote:
On Fri, Feb 11, 2011 at 2:56 PM, Owen DeLong <owen@delong.com> wrote:
I think you'll be in for a surprise here, too. The 4G transition is already underway. For the vendors where 4G means LTE, IPv6 is the native protocol and IPv4 requires a certain amount of hackery to operate.
I'm writing an article where I want to say that but I can't find an article I can reference to back it up.
We're an LTE operator and this is the first time I've heard about this. LTE supports IPv4 and IPv6 and as far as I can discern, that is a requirement, and there is no "hackery" to get IPv4 running.
3gpp release 8 and later does not throw out the baby with the bathwater. v6 only contexts are certainly supported however and we know for a fact that there are certain entities that will use that in short order.
We have yet to see any LTE terminals (USB dongels so far) that support IPv6. There are a lot of other kinks to work out first, going IPv6 only here is definitely not the place. Remember, a lot of people buying this service is taking the USB dongle and attaching it to their corporate XP laptop.
The current verizon lte sticks (sourced lg and pantech) do in fact provide v6 connectivity as do some of the embedded mini pci-e cards. I note with some entertainment for the future of mobile walled gardens the last bullet point on this page everytime I see it: https://www.lte.vzw.com/About4GLTE/VerizonWireless4GLTENetwork/tabid/6003/De...
On Feb 11, 2011, at 8:29 PM, Tom Limoncelli wrote:
I don't want to accidentally encourage an urban legend or rumor. (For example, I can't find verification to the rumor that ARIN rejected a request from LTE providers for IPv4 space and instead told them to go straight to IPv6.
Not quite correct - A while back we did explain the policies regarding slow-start and the potential for operators to run into IPv4 depletion while still early in capital depreciation for their nextgen network. That's not rejection, just fair warning... :-) /John John Curran President and CEO ARIN
On Fri, Feb 11, 2011 at 8:29 PM, Tom Limoncelli <tal@whatexit.org> wrote:
On Fri, Feb 11, 2011 at 2:56 PM, Owen DeLong <owen@delong.com> wrote:
I think you'll be in for a surprise here, too. The 4G transition is already underway. For the vendors where 4G means LTE, IPv6 is the native protocol and IPv4 requires a certain amount of hackery to operate.
I'm writing an article where I want to say that but I can't find an article I can reference to back it up.
I don't want to accidentally encourage an urban legend or rumor. (For example, I can't find verification to the rumor that ARIN rejected a request from LTE providers for IPv4 space and instead told them to go straight to IPv6. I do others in this thread saying that native IPv4 on LTE is common, so unless someone can give me evidence, I'll have to update that part of the article. OMG i'd love to make that point; anyone have proof?).
I could, instead, write, "most carriers will probably roll IPv6 out as part of their 4G upgrade" but that sounds wishy-washy.
Thanks in advance, Tom
-- http://EverythingSysadmin.com -- my blog (new posts Mon and Wed) http://www.TomOnTime.com -- my advice (more videos coming soon)
The article I mentioned I was writing has been published and is now available on-line here: http://queue.acm.org/detail.cfm?id=1959015 Thanks for all the assistance both on this mailing list and the private email I received! Tom Limoncelli http://www.EverythingSysadmin.com -- Sign up for my new class "Advanced Time Mgmt: Team Efficiency" at PICC! April 29-30, New Jersey, LOPSA PICC: www.picconf.org Dec 4-9, Boston, Usenix LISA, www.usenix.org/event/lisa11 Dec 4-5, Boston, ACM CHIMIT, chimit.acm.org "Call for papers and talk proposals" open at LISA and CHIMIT!
Now that is what Baldrick* would call "a cunning plan!" And interesting examples. Christian *Apologies to Tony Robinson and Blackadder On 12 Mar 2011, at 18:52, Tom Limoncelli wrote:
On Fri, Feb 11, 2011 at 8:29 PM, Tom Limoncelli <tal@whatexit.org> wrote:
On Fri, Feb 11, 2011 at 2:56 PM, Owen DeLong <owen@delong.com> wrote:
I think you'll be in for a surprise here, too. The 4G transition is already underway. For the vendors where 4G means LTE, IPv6 is the native protocol and IPv4 requires a certain amount of hackery to operate.
I'm writing an article where I want to say that but I can't find an article I can reference to back it up.
I don't want to accidentally encourage an urban legend or rumor. (For example, I can't find verification to the rumor that ARIN rejected a request from LTE providers for IPv4 space and instead told them to go straight to IPv6. I do others in this thread saying that native IPv4 on LTE is common, so unless someone can give me evidence, I'll have to update that part of the article. OMG i'd love to make that point; anyone have proof?).
I could, instead, write, "most carriers will probably roll IPv6 out as part of their 4G upgrade" but that sounds wishy-washy.
Thanks in advance, Tom
-- http://EverythingSysadmin.com -- my blog (new posts Mon and Wed) http://www.TomOnTime.com -- my advice (more videos coming soon)
The article I mentioned I was writing has been published and is now available on-line here:
http://queue.acm.org/detail.cfm?id=1959015
Thanks for all the assistance both on this mailing list and the private email I received!
Tom Limoncelli http://www.EverythingSysadmin.com
-- Sign up for my new class "Advanced Time Mgmt: Team Efficiency" at PICC! April 29-30, New Jersey, LOPSA PICC: www.picconf.org Dec 4-9, Boston, Usenix LISA, www.usenix.org/event/lisa11 Dec 4-5, Boston, ACM CHIMIT, chimit.acm.org "Call for papers and talk proposals" open at LISA and CHIMIT!
On Fri, 2011-02-11 at 11:56 -0800, Owen DeLong wrote:
I think that it will not be long before the internet is an IPv6 ocean with islands of IPv4
My company made up some t-shirts for a conference last year. We brainstormed the texts. I ended up with a sort of haiku: out of the puddle into the ocean IPv6 Sadly I realised too late that it should have had a footnote: "not to scale" :-) Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob) GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687 Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
On Feb 11, 2011, at 7:18 PM, Karl Auer wrote:
On Fri, 2011-02-11 at 11:56 -0800, Owen DeLong wrote:
I think that it will not be long before the internet is an IPv6 ocean with islands of IPv4
My company made up some t-shirts for a conference last year. We brainstormed the texts. I ended up with a sort of haiku:
out of the puddle into the ocean IPv6
Sadly I realised too late that it should have had a footnote: "not to scale" :-)
True. If you want to compare masses, IPv4 = 7 liters of water. IPv6 = EARTH, including all rocks, trees, oceans, lakes, puddles, etc. Put another way, if subnets (IPv4 /24s, IPv6 /64s) were Almond M&Ms, IPv4 would cover approximately 70 yards of a regulation American Football field in a single layer of M&Ms. IPv6 would fill the great lakes. All of the great lakes. To the rim. In terms of host addresses per subnet, IPv4 gives you a large bag of M&Ms. IPv6 gives you the great lakes full of M&Ms. All of the great lakes. To the rim. Owen Disclaimer: Do not attempt to eat a /64 worth of any form of M&Ms as adverse health results are likely.
On 2/11/2011 9:31 PM, Owen DeLong wrote:
If you want to compare masses, IPv4 = 7 liters of water. IPv6 = EARTH, including all rocks, trees, oceans, lakes, puddles, etc.
Was trying to explain things to a telco VP today. Finally settled on, "The Internet is out of 10 digit phone numbers. We're upgrading to 40 digit phone numbers. Unfortunately, the two can't dial each other directly." After 51+ years in the telco industry, I think he gets that problem. Jack
----- Original Message -----
From: "Jack Bates" <jbates@brightok.net>
On 2/11/2011 9:31 PM, Owen DeLong wrote:
If you want to compare masses, IPv4 = 7 liters of water. IPv6 = EARTH, including all rocks, trees, oceans, lakes, puddles, etc.
Was trying to explain things to a telco VP today. Finally settled on,
"The Internet is out of 10 digit phone numbers. We're upgrading to 40 digit phone numbers. Unfortunately, the two can't dial each other directly."
http://www.lincmad.com/future.html Cheers, -- jra
On 2/11/2011 9:54 PM, Jay Ashworth wrote:
----- Original Message -----
From: "Jack Bates"<jbates@brightok.net> On 2/11/2011 9:31 PM, Owen DeLong wrote:
If you want to compare masses, IPv4 = 7 liters of water. IPv6 = EARTH, including all rocks, trees, oceans, lakes, puddles, etc. Was trying to explain things to a telco VP today. Finally settled on,
"The Internet is out of 10 digit phone numbers. We're upgrading to 40 digit phone numbers. Unfortunately, the two can't dial each other directly." http://www.lincmad.com/future.html
Bah, I substitute your short sighted 12 digits with 40 digit dialing! However, because the numbers are too long to remember, you only have to speak or type in the name of someone you want to call, and 15 digits can be assigned to every household or business site, and the phones will automatically number themselves, so if you plug your phone in somewhere else, only the first 25 digits change. Jack (hmm, I think the VP will be giving me funny looks now)
On 2/11/2011 10:17 PM, Jack Bates wrote:
Bah, I substitute your short sighted 12 digits with 40 digit dialing! However, because the numbers are too long to remember, you only have to speak or type in the name of someone you want to call, and 15 digits can be assigned to every household or business site, and the phones will automatically number themselves, so if you plug your phone in somewhere else, only the first 25 digits change.
Jack (hmm, I think the VP will be giving me funny looks now)
My apologies for the error, it will actually be a 32 digit system, and we're switching to base-16, so all phones will have to be replaced with phones supporting 0-9A-F. Jack
On 2/11/2011 11:28 PM, Jack Bates wrote:
My apologies for the error, it will actually be a 32 digit system, and we're switching to base-16, so all phones will have to be replaced with phones supporting 0-9A-F.
Well, they already do, you just need a military phone or a linesman's handset to get the last 4 to actually dial :-) (Who needs the freakin' "*" and "#" anyway) Jeff
On 2/11/11 8:59 PM, Jeff Kell wrote:
On 2/11/2011 11:28 PM, Jack Bates wrote:
My apologies for the error, it will actually be a 32 digit system, and we're switching to base-16, so all phones will have to be replaced with phones supporting 0-9A-F.
Well, they already do, you just need a military phone or a linesman's handset to get the last 4 to actually dial :-)
(Who needs the freakin' "*" and "#" anyway)
you do need : and / joel
Jeff
On Feb 10, 2011, at 5:46 PM, Ricky Beam wrote:
On Thu, 10 Feb 2011 11:43:50 -0500, Matthew Kaufman <matthew@matthew.at> wrote:
There is no one universal "global routing table". They probably appear in someone's routing table, somewhere... just not yours. Using public address space for private networking is a gross misuse of the resource.
Amusingly enough, I personally (along with others) made arguments along these lines back in 1995 or so when the IAB was coming out with http://www.ietf.org/rfc/rfc1814.txt. Given the publication of 1814, you can probably guess how far those arguments fared.
Go to any registry and ask for address space for your private networking that you do not intend to announce to the internet. They will laugh at you, and point you to RFC1918. (and likely flag you as someone to whom address space should never be assigned.) The only reason legacy holders get away with such crap is because there's no clear contract governing their assignment.
I haven't looked recently but I believe all the RIRs have policies that requires them to allocate unique numbers regardless of whether those addresses will be used on the Internet, as long as the requester documents appropriate utilization.
Then send out nasty sounding letters informing whomever that X address space has not been announced to the public internet in Y years; on Z date, the space will reenter the IANA/ICANN free pool for reassignment. (cue lawyers :-))
I gather you're volunteering to pay higher fees to cover the increased legal costs? Regards, -drc
On Fri, 11 Feb 2011 00:31:21 -0500, David Conrad <drc@virtualized.org> wrote:
Amusingly enough, I personally (along with others) made arguments along these lines back in 1995 or so when the IAB was coming out with http://www.ietf.org/rfc/rfc1814.txt. Given the publication of 1814, you can probably guess how far those arguments fared.
You missed the "anticipates external connectivity to the Internet" part. Networks that never touch the internet have RFC1918 address space to use. (and that works 99.999% of the time.)
I haven't looked recently but I believe all the RIRs have policies that requires them to allocate unique numbers regardless of whether those addresses will be used on the Internet, as long as the requester documents appropriate utilization.
Per the wording of ARIN's policy, they require justification for such an allocation. (i.e. a damn good reason 1918 addresses aren't going to work for you.) --Ricky
On 11 Feb 2011, at 04:51, Ricky Beam wrote:
On Fri, 11 Feb 2011 00:31:21 -0500, David Conrad <drc@virtualized.org> wrote:
Amusingly enough, I personally (along with others) made arguments along these lines back in 1995 or so when the IAB was coming out with http://www.ietf.org/rfc/rfc1814.txt. Given the publication of 1814, you can probably guess how far those arguments fared.
You missed the "anticipates external connectivity to the Internet" part. Networks that never touch the internet have RFC1918 address space to use. (and that works 99.999% of the time.)
Except in acquisitions and private peering. as
On Fri, Feb 11, 2011 at 6:07 AM, Arturo Servin <arturo.servin@gmail.com> wrote:
On 11 Feb 2011, at 04:51, Ricky Beam wrote:
On Fri, 11 Feb 2011 00:31:21 -0500, David Conrad <drc@virtualized.org> wrote:
Amusingly enough, I personally (along with others) made arguments along these lines back in 1995 or so when the IAB was coming out with http://www.ietf.org/rfc/rfc1814.txt. Given the publication of 1814, you can probably guess how far those arguments fared.
You missed the "anticipates external connectivity to the Internet" part. Networks that never touch the internet have RFC1918 address space to use. (and that works 99.999% of the time.)
Except in acquisitions and private peering.
as
Especially during acquisitions, my $EMPLOYEER has made several acquisitions recently and every one of them was wrought with painful RFC1918 overlap problems. Thanks, Josh Smith KD8HRX email/jabber: juicewvu@gmail.com phone: 304.237.9369(c)
Lucky you. .as On 11 Feb 2011, at 11:42, Josh Smith wrote:
On Fri, Feb 11, 2011 at 6:07 AM, Arturo Servin <arturo.servin@gmail.com> wrote:
On 11 Feb 2011, at 04:51, Ricky Beam wrote:
On Fri, 11 Feb 2011 00:31:21 -0500, David Conrad <drc@virtualized.org> wrote:
Amusingly enough, I personally (along with others) made arguments along these lines back in 1995 or so when the IAB was coming out with http://www.ietf.org/rfc/rfc1814.txt. Given the publication of 1814, you can probably guess how far those arguments fared.
You missed the "anticipates external connectivity to the Internet" part. Networks that never touch the internet have RFC1918 address space to use. (and that works 99.999% of the time.)
Except in acquisitions and private peering.
as
Especially during acquisitions, my $EMPLOYEER has made several acquisitions recently and every one of them was wrought with painful RFC1918 overlap problems.
Thanks, Josh Smith KD8HRX email/jabber: juicewvu@gmail.com phone: 304.237.9369(c)
On Feb 10, 2011, at 7:46 PM, Ricky Beam wrote:
On Thu, 10 Feb 2011 11:43:50 -0500, Matthew Kaufman <matthew@matthew.at> wrote:
There is no one universal "global routing table". They probably appear in someone's routing table, somewhere... just not yours.
Using public address space for private networking is a gross misuse of the resource. Go to any registry and ask for address space for your private networking that you do not intend to announce to the internet. They will laugh at you, and point you to RFC1918. (and likely flag you as someone to whom address space should never be assigned.) The only reason legacy holders get away with such crap is because there's no clear contract governing their assignment.
Um... From the ARIN NRPM: 4.3.5. Non-connected Networks End-users not currently connected to an ISP and/or not planning to be connected to the Internet are encouraged to use private IP address numbers reserved for non-connected networks (see RFC 1918). When private, non-connected networks require interconnectivity and the private IP address numbers are ineffective, globally unique addresses may be requested and used to provide this interconnectivity. Notice how it specifically allows a non-connected network to request and use globally unique addresses? If you think that should be changed, then, you need to get on PPML and submit a policy proposal to change that. For now, no, they will not laugh at you (at least not at ARIN), they will actually issue the numbers if you approach them with an appropriate justification.
How many days do you think a single /8 lasts at current assignment rates?
APNIC says the last 2 /8's they were assigned (triggering the dead-man clause) would last ~6mo. With responsible use, 22 /8's would last several years. (3-5 best guess. Of course, there could be a land-rush and all of it disappear next week -- see also: responsible use)
That's 1 of 5 RIRs, so, even if you consider them a straw-man model, that's 20 /8s per year. Please tell me how a consumption rate of 20 /8s per year can take 3-5 years to consume 22 /8s You seem to be particularly bad at math or you don't understand the RIR system. I'm not sure which. Also, note that at the time APNIC got their last 2 /8s all of the other RIRs were 2 or more months ahead of them in exhausting their last IANA allocations.
How would ARIN/ICANN go about reclaiming addresses that someone believes they are using but that you don't think are in use?
First off, someone will have to do a lot more than 5 minutes of poking router-servers to see just how sparsely used ("announced") the space really is. That includes digging through BGP histories to see if it's ever been announced. Then research who should be in control of the space (announced or not.) Then send out nasty sounding letters informing whomever that X address space has not been announced to the public internet in Y years; on Z date, the space will reenter the IANA/ICANN free pool for reassignment. (cue lawyers :-)) They'd also be highly motivated to return unused space if they were being billing for it.
As multiple people have pointed out to you, never announced in a visible way is not the same as not in use. ARIN policy specifically allows use for non-connected networks. If you don't like that fact, you can attempt to change ARIN policy. Such a change being applied retro-actively, however, is unlikely to succeed IMHO. If you can't apply it retroactively, then, the existing networks that are using unique addresses on their private networks will not be forced to return them.
As the powers that be have drug their feet for over a decade already, I really doubt they'll even take 5 minutes to look at *a single* route server.
This isn't foot-dragging. This is recognizing the art of the possible and understanding the reality of the situation. I realize you are apparently loathe to do so.
As for this "not fixing the problem", IPv4 is going to be a problem for MANY years to come. IPv6 deployment is glacially slow. IPv4 being "out of space" is getting news attention now, but will fade from the spotlight shortly. The
IPv4 will be a problem for a few years. This will not improve that fact. IPv6 deployment has been glacially slow, but, is accelerating rapidly, especially since 1/31.
people who have space will continue to have it and generally not notice the lack of availablity. The likes of
People who have space may not notice a need for space on their networks, but, they will absolutely notice a need for access to or from up and coming IPv6-only networks where users have limited, degraded, or no connectivity to IPv4.
Facebook, etc., have jumped on IPv6 because they have a reason to... they have volumes of IPv6 connected eyeballs. Yet the likes of Amazon and Akamai, aren't supporting IPv6 (and have no published plans to.) Almost all of
http://www.akamai.com/ipv6 Looks like a public announcement on IPv6 from Akamai to me. I am not sure about Amazon. I couldn't find anything in a quick google search. Certainly it would be good if they had a plan and better if they announced it.
the major ISPs in the country still don't fully support IPv6 -- the few that do embrace v6 make it a pain in the ass to get it setup. I don't support IPv6 (since elink killed their experiment); I can get everywhere I care to go, and everyone who cares to get to me does. I, like many/most others, will fix that problem when it *is* a problem.
Actually, the major ISPs do support IPv6 on some level. There are several providers, Hurricane Electric included, where you can get IPv6 easily set up and it is relatively painless, actually. There are others that are still debugging their business processes around IPv6. I suspect this will rapidly improve in the coming months.
(For the record... TWTC: not supported, Speakeasy: not supported, VZB: not recommended for an existing connection (if you want it to stay working))
For the record: TWTC: Supported, TWC: Working on it. VZB: Actually, I know a few people that have working dual-stack connections with VZB and did not have any major issues with the conversion from IPv4 to dual stack. This is by no means any sort of exhaustive list of major providers or even a top 3. It's a rather odd choice of 3 as near as I can tell. A somewhat out of date, but, more detailed perspective is here: http://en.wikipedia.org/wiki/IPv6_deployment There are a number of providers offering Native IPv6 not listed there. Owen
On Thu, Feb 10, 2011 at 10:46 PM, Ricky Beam <jfbeam@gmail.com> wrote:
On Thu, 10 Feb 2011 11:43:50 -0500, Matthew Kaufman <matthew@matthew.at> wrote:
There is no one universal "global routing table". They probably appear in someone's routing table, somewhere... just not yours.
Using public address space for private networking is a gross misuse of the resource.
Ricky, One example I heard was a generic financial exchange connected to perhaps a hundred other companies. Those companies also connect to the Internet but the exchange itself does not. It's valuable for the exchange to use addressing which will not conflict with any of its customers' RFC1918 use or overlap any Internet destinations they want to access. This is why ULA in IPv6 has statistical uniqueness -- so that organizations with similar requirements don't need to use Internet-routable addresses. We can't backport ULA into IPv4 private addressing; there aren't enough addresses for the math to work. So we either make such folks jump through all kinds of hoops to get their networks to function, or we assign addresses that could otherwise be used on the big-I Internet. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
One example I heard was a generic financial exchange connected to perhaps a hundred other companies. Those companies also connect to the Internet but the exchange itself does not. It's valuable for the exchange to use addressing which will not conflict with any of its customers' RFC1918 use or overlap any Internet destinations they want to access.
Sounds like SFTI in New York http://www.nyse.com/technologies/sfti/1223635951074.html In turn, SFTI is connected to the Radianz global IP network which allows financial industry companies in other countries to access the NYSE services on SFTI. And the Radianz global IP network has over 15,000 sites connected to it in some 200 countries. Probably all of the companies connected to Radianz also have an Internet connection, but nobody passes packets between Radianz and the Internet. Radianz is an example of a COIN (Community of Interest Network). Outside the Financial Services industry there are similar COINs in the air traffic industry (SITA) and the auto manufacturing industry. If you diagrammed these COINs on a typical Internet diagram, they would be a thin layer, one AS thick, wrapped around some portion of the cloud's perimeter. Invisible to most because they connect but do not exchange transit traffic. Zoom in an look at ASCustomer which peers with three ISP ASnumbers and also peers with ASRadianz. But the traffic from ASRadianz is controlled by firewalls and internal routing in ASCustomer so that it only goes to the trading workstations, while the Internet traffic is allowed pretty much everywhere. You could make various biological analogies such as the specialised layers of human skin cells or the micturating membrane in amphibians. --Michael Dillon
On 11 feb 2011, at 17:51, William Herrin wrote:
We can't backport ULA into IPv4 private addressing; there aren't enough addresses for the math to work. So we either make such folks jump through all kinds of hoops to get their networks to function, or we assign addresses that could otherwise be used on the big-I Internet.
Not that it matters because it's too late now and it would only give us a few more months, but: Does the US government really need more than 150 million addresses, of which about half are not publically routed? Non-publically routed addresses can be reused by others as long as the stuff both users connect to doesn't overlap.
On Feb 17, 2011, at 7:39 AM, Iljitsch van Beijnum wrote:
Not that it matters because it's too late now and it would only give us a few more months, but:
Does the US government really need more than 150 million addresses, of which about half are not publically routed? Non-publically routed addresses can be reused by others as long as the stuff both users connect to doesn't overlap.
Again, I note that we've collectively allocated the 95%+ of the address space which was made available outside of DoD's original blocks, and then considering that US DoD additionally returned 2 more /8's for the community (noted here: <http://blog.icann.org/2008/02/recovering-ipv4-address-space/>), I believe they've shown significant consideration to the Internet community. The fact that any particular prefix today isn't in your particular routing table does not imply that global uniqueness isn't desired. Rather than saying 240/4 is unusable for another three years, perhaps the service provider community could make plain that this space needs to be made usable (ala http://tools.ietf.org/html/draft-fuller-240space-02 or http://tools.ietf.org/html/draft-wilson-class-e-00, etc.) on a priority basis and work with the operating system and vendor community actually to make this happen? There's a chance that it could be made usable with sufficient focus to make that happen, but it is assured not to be usable if eternally delayed because it is "too hard" to accomplish. /John (my views alone; 100% recycled electrons used in this message)
In message <54CC2B0D-EAE0-4B79-AF19-20BBD233A581@istaff.org>, John Curran writes:
On Feb 17, 2011, at 7:39 AM, Iljitsch van Beijnum wrote:
Not that it matters because it's too late now and it would only give = us a few more months, but: =20 Does the US government really need more than 150 million addresses, of = which about half are not publically routed? Non-publically routed = addresses can be reused by others as long as the stuff both users = connect to doesn't overlap.
Again, I note that we've collectively allocated the 95%+ of the address=20=
space which was made available outside of DoD's original blocks, and = then considering that US DoD additionally returned 2 more /8's for the = community=20 (noted here: = <http://blog.icann.org/2008/02/recovering-ipv4-address-space/>),=20 I believe they've shown significant consideration to the Internet = community. The fact that any particular prefix today isn't in your particular = routing=20 table does not imply that global uniqueness isn't desired.
Rather than saying 240/4 is unusable for another three years, perhaps = the service provider community could make plain that this space needs to be=20=
made usable (ala http://tools.ietf.org/html/draft-fuller-240space-02 or=20=
http://tools.ietf.org/html/draft-wilson-class-e-00, etc.) on a priority=20=
basis and work with the operating system and vendor community actually to make this happen? There's a chance that it could be made usable with=20=
sufficient focus to make that happen, but it is assured not to be usable if eternally delayed because it is "too hard" to accomplish.
/John
(my views alone; 100% recycled electrons used in this message)
It's not usable as general purpose unicast. Both those drafts attempt to do that. It would be possible to use it as restricted purpose unicast, i.e. to connect from a cpe border router to a 6rd and/or LSN with the cpe border router signaling that it support the use of class E addresses when it requests a address from upstream. The upsteam only returns a class E address when it is sure that the network between the LSN/6rd supports class E traffic. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Mark Andrews <marka@isc.org> writes:
It's not usable as general purpose unicast. Both those drafts attempt to do that.
http://tools.ietf.org/html/draft-wilson-class-e-00 does not. Recommend you re-read.
It would be possible to use it as restricted purpose unicast, i.e. to connect from a cpe border router to a 6rd and/or LSN with the cpe border router signaling that it support the use of class E addresses when it requests a address from upstream.
The upsteam only returns a class E address when it is sure that the network between the LSN/6rd supports class E traffic.
The contemporary discussions we had on this subject centered around management infrastructure for MSOs, not 6rd (which was still a twinkle in the Bad Idea Fairy's eye at the time). Not speaking for Paul here, but it was not our intention to box in possible use of this space, only to mark it as sufficiently toxic that end users and normal enterprises would stay away. Would be great for 6rd if that's what folks wanted to use it for and could get the CPE vendors to cooperate. -r
On Thu, 17 Feb 2011 08:08:50 EST, John Curran said:
Rather than saying 240/4 is unusable for another three years, perhaps the service provider community could make plain that this space needs to be made usable
In other words, you're going to tell Granny she needs to upgrade to Windows 8 and/or replace her CPE because you couldn't get your act together and deploy IPv6 - even though her friends at the bridge club who are customers of your clued competitor didn't have to do a thing. And then she has to do something *else* 9 months later when you need to deploy IPv6 *anyhow*. I encourage my competitors to design their business plans that way. :)
On Feb 17, 2011, at 9:32 AM, Valdis.Kletnieks@vt.edu wrote:
On Thu, 17 Feb 2011 08:08:50 EST, John Curran said:
Rather than saying 240/4 is unusable for another three years, perhaps the service provider community could make plain that this space needs to be made usable
In other words, you're going to tell Granny she needs to upgrade to Windows 8 and/or replace her CPE because you couldn't get your act together and deploy IPv6 - even though her friends at the bridge club who are customers of your clued competitor didn't have to do a thing.
Not, what I'm saying is that we've been considering this matter for more than 10 years, and as old as her machine is, it would have been patched once since then if we had bothered to note that "Reserved for Future Use" should be treated as unicast space. The same argument applies now: unless there is a reason to save 240/8, it should at least be redefined to be usable in some manner so that we don't repeat the same argument 5 years from now. /John
On Feb 17, 2011, at 9:44 04AM, John Curran wrote:
On Feb 17, 2011, at 9:32 AM, Valdis.Kletnieks@vt.edu wrote:
On Thu, 17 Feb 2011 08:08:50 EST, John Curran said:
Rather than saying 240/4 is unusable for another three years, perhaps the service provider community could make plain that this space needs to be made usable
In other words, you're going to tell Granny she needs to upgrade to Windows 8 and/or replace her CPE because you couldn't get your act together and deploy IPv6 - even though her friends at the bridge club who are customers of your clued competitor didn't have to do a thing.
Not, what I'm saying is that we've been considering this matter for more than 10 years, and as old as her machine is, it would have been patched once since then if we had bothered to note that "Reserved for Future Use" should be treated as unicast space.
The same argument applies now: unless there is a reason to save 240/8, it should at least be redefined to be usable in some manner so that we don't repeat the same argument 5 years from now.
John, my usual rule of thumb for something like this is 8-10 years -- 3-5 years for the next major version of Windows, plus (at least) 5 for enough old machines to die off. There are just too many machines that don't listen to Windows Upgrade; you can't roll out a major change that way. We won't even talk about things like home NATs and cable/DSL/fiber modems, which tend to be longer-lived. If we'd started this 10 years ago, as you suggest in a later note, maybe it would be present in Windows 7, possibly even Vista. So we'd be set -- Windows XP is gone by now, right? Oh, yeah, it isn't... And as Valdis points out, it just doesn't buy us that much time. It might be worth doing for ISP backbones, and for things like tunnel endpoints. For anything else, it's not worth the effort -- and I suspect never was. --Steve Bellovin, http://www.cs.columbia.edu/~smb
On 2/17/2011 10:24 AM, Steven Bellovin wrote:
It might be worth doing for ISP backbones, and for things like tunnel endpoints. For anything else, it's not worth the effort -- and I suspect never was.
I think several people's point is that it may be useful for the CGN/LSN numbering and other special case scenarios where a CPE might be compliant and the windows box would be ignorant. Jack
On Feb 17, 2011, at 11:28 AM, Jack Bates wrote:
On 2/17/2011 10:24 AM, Steven Bellovin wrote:
It might be worth doing for ISP backbones, and for things like tunnel endpoints. For anything else, it's not worth the effort -- and I suspect never was.
I think several people's point is that it may be useful for the CGN/LSN numbering and other special case scenarios where a CPE might be compliant and the windows box would be ignorant.
Jack - There's numerous applications, including expanding internal applications such as virtualized servers for which the address space might be useful, if it was actually defined as usable as unicast. Apparently, it is also the case that the operator community wouldn't recognize the usage restrictions that might apply due to the recent reclassification, and would badly hurt themselves by making use of the space inappropriately. Thus, it is deemed better that nobody have use of the 1/16 of the IPv4 space (even if your internal use is perfectly compatible) because some who won't understand might get hurt... ;-) /John
In other words, you're going to tell Granny she needs to upgrade to Windows 8 and/or replace her CPE because you couldn't get your act together and deploy IPv6 - even though her friends at the bridge club who are customers of your clued competitor didn't have to do a thing.
Or tell her to run "Windows Update" and get the latest update for her existing OS which has the patch.
And then she has to do something *else* 9 months later when you need to deploy IPv6 *anyhow*.
Maybe, maybe not. It depends on how it is deployed. That "something else" might be as simple as "reboot the computer".
I encourage my competitors to design their business plans that way. :)
Considering v4 is likely to be around for another decade or two, getting Class E into general use seems easy enough to do.
On Feb 17, 2011, at 8:35 AM, George Bonser wrote:
In other words, you're going to tell Granny she needs to upgrade to Windows 8 and/or replace her CPE because you couldn't get your act together and deploy IPv6 - even though her friends at the bridge club who are customers of your clued competitor didn't have to do a thing.
Or tell her to run "Windows Update" and get the latest update for her existing OS which has the patch.
Because that certainly solved the DNS resolver over IPv6 problems for all the WinXP users out there.
And then she has to do something *else* 9 months later when you need to deploy IPv6 *anyhow*.
Maybe, maybe not. It depends on how it is deployed. That "something else" might be as simple as "reboot the computer".
Unlikely unless she has IPv6 compliant CPE.
I encourage my competitors to design their business plans that way. :)
Considering v4 is likely to be around for another decade or two, getting Class E into general use seems easy enough to do.
I'd much rather see the resources required go into improving IPv6 support and deployment. Owen
On 17 feb 2011, at 17:35, George Bonser wrote:
Considering v4 is likely to be around for another decade or two, getting Class E into general use seems easy enough to do.
You really think people will be communicating over the public internet using IPv4 in 2031? It will take a long time before the first people are going to turn off IPv4, but once that starts there will be no stopping it and IPv4 will be gone very, very quickly. (Of course there will be legacy stuff, just like some people are still running IPX or AppleTalk today. I'm talking about the public internet here.) Today people are complaining how annoying it is to have to learn new things to be able to run IPv6, but that doesn't compare to how annoying it is to have to learn OLD things to keep running a protocol that is way past its sell by date. I still need to teach class A/B/C despite the fact that CIDR is old enough to drink in most countries because without knowing that you can't configure a Cisco router. That's annoying now. Think about how insane that will be in the 2020s when the notion of requesting IPv4 addresses from an RIR is ancient history and young people don't know any better than having a /64 on every LAN that is big enough to connect all ethernet NICs ever made. Speaking of class E: this address space could be usable for NAT64 translators. That way, only servers and routers need to be upgraded to work with class E, not CPEs or client OSes.
On Feb 18, 2011, at 2:50 AM, Iljitsch van Beijnum wrote:
On 17 feb 2011, at 17:35, George Bonser wrote:
Considering v4 is likely to be around for another decade or two, getting Class E into general use seems easy enough to do.
You really think people will be communicating over the public internet using IPv4 in 2031?
For some minimal definition of two endpoints both of which are IPv4, sure. It'll be across 4in6 tunnels or something like that, but, I'm sure there will still be die-hard legacy systems doing that in 2031. As to whether IPv4 will still be generally routed on the internet? I actually suspect that will end before 2021 and might start winding down as early as 2014. Many people think that is overly optimistic, but, I look at the scaling problems IPv4 routing will face in a post depletion world and I suspect the motivations to deprecate IPv4 will come on strong and fast as a result. Before you ask, no, I'm not going to promise to eat my column. (Hi Bob!)
It will take a long time before the first people are going to turn off IPv4, but once that starts there will be no stopping it and IPv4 will be gone very, very quickly.
Define long time. I'm thinking 3 to 5 years, maybe.
(Of course there will be legacy stuff, just like some people are still running IPX or AppleTalk today. I'm talking about the public internet here.)
Today people are complaining how annoying it is to have to learn new things to be able to run IPv6, but that doesn't compare to how annoying it is to have to learn OLD things to keep running a protocol that is way past its sell by date. I still need to teach class A/B/C despite the fact that CIDR is old enough to drink in most countries because without knowing that you can't configure a Cisco router. That's annoying now. Think about how insane that will be in the 2020s when the notion of requesting IPv4 addresses from an RIR is ancient history and young people don't know any better than having a /64 on every LAN that is big enough to connect all ethernet NICs ever made.
I am not convinced you can't configure a cisco router without knowing about classful addressing. True, you will have to understand classful routing for the way Cisco displays routes to make sense to you, but, if you don't, all that happens is you wonder why they display things so strangely, grouping these octet-bounded collections of routes. Owen
On Thu, Feb 17, 2011 at 5:08 AM, John Curran <jcurran@istaff.org> wrote:
On Feb 17, 2011, at 7:39 AM, Iljitsch van Beijnum wrote:
Not that it matters because it's too late now and it would only give us a few more months, but:
Does the US government really need more than 150 million addresses, of which about half are not publically routed? Non-publically routed addresses can be reused by others as long as the stuff both users connect to doesn't overlap.
Again, I note that we've collectively allocated the 95%+ of the address space which was made available outside of DoD's original blocks, and then considering that US DoD additionally returned 2 more /8's for the community (noted here: <http://blog.icann.org/2008/02/recovering-ipv4-address-space/>), I believe they've shown significant consideration to the Internet community. The fact that any particular prefix today isn't in your particular routing table does not imply that global uniqueness isn't desired.
Rather than saying 240/4 is unusable for another three years, perhaps the service provider community could make plain that this space needs to be made usable (ala http://tools.ietf.org/html/draft-fuller-240space-02 or http://tools.ietf.org/html/draft-wilson-class-e-00, etc.) on a priority basis and work with the operating system and vendor community actually to make this happen? There's a chance that it could be made usable with sufficient focus to make that happen, but it is assured not to be usable if eternally delayed because it is "too hard" to accomplish.
+1 If you want to go on a wild goose chase, start chasing down 240/4 and you might make some progress. As i have mentioned before, it was only after i gave up on 240/4 for private network numbering that i really earnestly took on IPv6-only as a strategy. Seeing 240/4 actually work would be nice, but i have already concluded it does not fit my exhaustion timeline given how many edge devices will never support it. If i have to fork lift, it should be for ipv6. Cameron ======= http://groups.google.com/group/tmoipv6beta =======
/John
(my views alone; 100% recycled electrons used in this message)
If you want to go on a wild goose chase, start chasing down 240/4 and you might make some progress.
As i have mentioned before, it was only after i gave up on 240/4 for private network numbering that i really earnestly took on IPv6-only as a strategy. Seeing 240/4 actually work would be nice, but i have already concluded it does not fit my exhaustion timeline given how many edge devices will never support it.
If i have to fork lift, it should be for ipv6.
240/4 has been enabled in Linux since 2.6.25 (applied on January 21, 2008 by David Miller) so that's like three years already.
On Thu, Feb 17, 2011 at 9:46 AM, George Bonser <gbonser@seven.com> wrote:
If you want to go on a wild goose chase, start chasing down 240/4 and you might make some progress.
As i have mentioned before, it was only after i gave up on 240/4 for private network numbering that i really earnestly took on IPv6-only as a strategy. Seeing 240/4 actually work would be nice, but i have already concluded it does not fit my exhaustion timeline given how many edge devices will never support it.
If i have to fork lift, it should be for ipv6.
240/4 has been enabled in Linux since 2.6.25 (applied on January 21, 2008 by David Miller) so that's like three years already.
Yep, and that's great. Let me know when a Cisco 7600 will route a packet like this. Cameron
On Feb 17, 2011, at 12:48 PM, Cameron Byrne wrote:
240/4 has been enabled in Linux since 2.6.25 (applied on January 21, 2008 by David Miller) so that's like three years already.
Yep, and that's great. Let me know when a Cisco 7600 will route a packet like this.
So, it won't work for you. Is there any reason that it shouldn't be defined as unicast or private use (with warnings) rather than "Future Use", so that those who might have a use for it can do so? /John
On Thu, Feb 17, 2011 at 9:51 AM, John Curran <jcurran@istaff.org> wrote:
On Feb 17, 2011, at 12:48 PM, Cameron Byrne wrote:
240/4 has been enabled in Linux since 2.6.25 (applied on January 21, 2008 by David Miller) so that's like three years already.
Yep, and that's great. Let me know when a Cisco 7600 will route a packet like this.
So, it won't work for you. Is there any reason that it shouldn't be defined as unicast or private use (with warnings) rather than "Future Use", so that those who might have a use for it can do so?
I am 100% pro making Class E defined as private unicast space. My only point is that people need to be realistic about the near term benefit. Yes, some linux may work. But, Microsoft and Cisco don't work today. Let's move it to not-reserved, but don't bet the farm on 240/4 solving any of your problems or in any way changing the need to for IPv6 migration. This is where the slipperly slope and expectation settings start. Cameron
I am 100% pro making Class E defined as private unicast space.
My only point is that people need to be realistic about the near term benefit. Yes, some linux may work. But, Microsoft and Cisco don't work today. Let's move it to not-reserved, but don't bet the farm on 240/4 solving any of your problems or in any way changing the need to for IPv6 migration. This is where the slipperly slope and expectation settings start.
Cameron
Considering the amount of linux-based CPE and other network hardware out there (including some Cisco gear), the extent to which it might be usable today could be surprising.
George Bonser expunged (gbonser@seven.com):
Considering the amount of linux-based CPE and other network hardware out there (including some Cisco gear), the extent to which it might be usable today could be surprising.
An how many of those embedded linux devices are running a 2.4 kernel? Just look at xx-wrt as an example. If you have a certain chipset, 2.4 is your only option. -Steve
In message <20110217203639.GA3702@mara.org>, Steve Meuse writes:
George Bonser expunged (gbonser@seven.com):
Considering the amount of linux-based CPE and other network hardware out there (including some Cisco gear), the extent to which it might be usable today could be surprising.
An how many of those embedded linux devices are running a 2.4 kernel? Just lo ok at xx-wrt as an example. If you have a certain chipset, 2.4 is your only o ption.
And the work to patch that kernel is minimal if it doesn't already support it. It would take less time to fix the kernel than to argue over whether to fix it.
-Steve -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Feb 17, 2011, at 4:57 PM, Mark Andrews wrote:
In message <20110217203639.GA3702@mara.org>, Steve Meuse writes:
George Bonser expunged (gbonser@seven.com):
Considering the amount of linux-based CPE and other network hardware out there (including some Cisco gear), the extent to which it might be usable today could be surprising.
An how many of those embedded linux devices are running a 2.4 kernel? Just lo ok at xx-wrt as an example. If you have a certain chipset, 2.4 is your only o ption.
And the work to patch that kernel is minimal if it doesn't already support it. It would take less time to fix the kernel than to argue over whether to fix it.
-Steve -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
But way way way more time to deploy the patched kernel than to forklift the devices with IPv6 capable ones which don't require patching the kernel, either. The kernel patch is, at best, an expensive stop gap. At worst, it is a counter productive waste of time. At best it's slightly short of break-even. At worst, it's a huge $negative. Owen
But way way way more time to deploy the patched kernel than to
forklift
the devices with IPv6 capable ones which don't require patching the kernel, either.
The kernel patch is, at best, an expensive stop gap. At worst, it is a counter productive waste of time. At best it's slightly short of break-even. At worst, it's a huge $negative.
Owen
I don't think anyone was proposing it as an alternative to v6. It is more along the lines of keeping the existing v4 net working as people migrate over. Freeing up WAN IPs can make them available for v6 migration purposes. The ironic thing about v6 is that it will require some additional v4 addresses during the migration period.
Mark Andrews expunged (marka@isc.org):
An how many of those embedded linux devices are running a 2.4 kernel? Just lo ok at xx-wrt as an example. If you have a certain chipset, 2.4 is your only o ption.
And the work to patch that kernel is minimal if it doesn't already support it. It would take less time to fix the kernel than to argue over whether to fix it.
The point is just because it's "running linux" doesn't make it any more likely to get upgraded than joe six pack is going to update/patch his windows XP. -Steve
In message <20110218020622.GA10995@mara.org>, Steve Meuse writes:
Mark Andrews expunged (marka@isc.org):
An how many of those embedded linux devices are running a 2.4 kernel? Jus t lo ok at xx-wrt as an example. If you have a certain chipset, 2.4 is your on ly o ption.
And the work to patch that kernel is minimal if it doesn't already support it. It would take less time to fix the kernel than to argue over whether to fix it.
The point is just because it's "running linux" doesn't make it any more likel y to get upgraded than joe six pack is going to update/patch his windows XP.
Joe 6 pack does upgrade his XP box. It companies that don't. There too worried about things breaking.
-Steve
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
In message <32ECC9CD-D927-4407-914C-751316C59966@istaff.org>, John Curran write s:
On Feb 17, 2011, at 12:48 PM, Cameron Byrne wrote:
240/4 has been enabled in Linux since 2.6.25 (applied on January 21, 2008 by David Miller) so that's like three years already.
Yep, and that's great. Let me know when a Cisco 7600 will route a packet like this.
So, it won't work for you. Is there any reason that it shouldn't be defined as unicast or private use (with warnings) rather than "Future Use", so that those who might have a use for it can do so?
/John
Or to ask CISCO to fix the box so it can route it? In many cases it is a minimal change. I don't know whether it is in Cisco 7600 but it can't hurt to ask the vendors if it is technically possible. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Mark Andrews expunged (marka@isc.org):
Or to ask CISCO to fix the box so it can route it? In many cases it is a minimal change. I don't know whether it is in Cisco 7600
They are in the business of selling new gear, not enabling features on EOL equipment :) -Steve
In message <20110217203922.GB3702@mara.org>, Steve Meuse writes:
Mark Andrews expunged (marka@isc.org):
Or to ask CISCO to fix the box so it can route it? In many cases it is a minimal change. I don't know whether it is in Cisco 7600
They are in the business of selling new gear, not enabling features on EOL eq uipment :)
-Steve
Sometime the good will generated is worth the minor expense. Remember a lot of this problem is the direct result of vendors not acting soon enough and that includes CISCO. Asking those vendors to do a bit of work to fixup the results of their bad decisions is not unreasonable. They can't fix hardware limitations but they can definitely fix software limitations. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Mark Andrews expunged (marka@isc.org):
Remember a lot of this problem is the direct result of vendors not acting soon enough and that includes CISCO. Asking those vendors to do a bit of work to fixup the results of their bad decisions is not unreasonable. They can't fix hardware limitations but they can definitely fix software limitations.
Vendors have finite resources. I'm not going to ask them to waste time fixing something that buys us a short amount of time vs. asking them to work on a feature that has immediate impact to my ability to generate revenue. Yah, I'm one of those dirty capitalists. What's Randy's quote? "I highly recommend my competitors do this..." -Steve
240/4 has been enabled in Linux since 2.6.25 (applied on January 21, 2008 by David Miller) so that's like three years already.
Yep, and that's great. Let me know when a Cisco 7600 will route a packet like this.
Cameron
Considering how small of a change it is, simply removing that net from the "black list", they could do it at any time with a code update to any version of IOS, provided that black list isn't burned into hardware. George
On Thu, Feb 17, 2011 at 9:52 AM, George Bonser <gbonser@seven.com> wrote:
240/4 has been enabled in Linux since 2.6.25 (applied on January 21, 2008 by David Miller) so that's like three years already.
Yep, and that's great. Let me know when a Cisco 7600 will route a packet like this.
Cameron
Considering how small of a change it is, simply removing that net from the "black list", they could do it at any time with a code update to any version of IOS, provided that black list isn't burned into hardware.
I asked 2 years ago, and i was told it was not feasible. I escalated, still no-go, it was a "deep" problem. And they pointed to the IETF saying no on the above drafts as reason to not dig into the microcode or whatever to fix it. This is where i turned to the IPv6-only reality of the future near-term internet. I suggest you do the same. Cisco is just one example. The fact is it will likely not work in cell phones, home gateways, windows PCs, Mac's, .... I understand some progress has been made... but choose your scope wisely and pick your battles and know that the weight of the world is against you (cisco and msft) Let me remind you, i believe opening 240/4 for private unicast was a good ideas years ago. It is still not a bad idea, what's the harm? But ... the answer you will hear is that IPv6 has momentum, go with the flow. Using 240/4 is much better than providing a public allocation to private networks. It properly makes folks consider the reality of staying with broken ipv4 or making the much better long term investment in IPv6. @George Please don't speculating on when Cisco or Microsoft will support 240/4 on this list. Ask your account rep, then report back with facts. Arm-chair engineering accounts for too many emails on this list. Cameron ===== http://groups.google.com/group/tmoipv6beta =====
On Thu, Feb 17, 2011 at 1:05 PM, Cameron Byrne <cb.list6@gmail.com> wrote:
On Thu, Feb 17, 2011 at 9:52 AM, George Bonser <gbonser@seven.com> wrote:
240/4 has been enabled in Linux since 2.6.25 (applied on January 21, 2008 by David Miller) so that's like three years already.
Yep, and that's great. Let me know when a Cisco 7600 will route a packet like this.
Cameron
Considering how small of a change it is, simply removing that net from the "black list", they could do it at any time with a code update to any version of IOS, provided that black list isn't burned into hardware.
I asked 2 years ago, and i was told it was not feasible. I escalated, still no-go, it was a "deep" problem. And they pointed to the IETF saying no on the above drafts as reason to not dig into the microcode or whatever to fix it.
This is where i turned to the IPv6-only reality of the future near-term internet. I suggest you do the same.
Cisco is just one example. The fact is it will likely not work in cell phones, home gateways, windows PCs, Mac's, .... I understand some progress has been made... but choose your scope wisely and pick your battles and know that the weight of the world is against you (cisco and msft)
Let me remind you, i believe opening 240/4 for private unicast was a good ideas years ago. It is still not a bad idea, what's the harm? But ... the answer you will hear is that IPv6 has momentum, go with the flow.
Using 240/4 is much better than providing a public allocation to private networks. It properly makes folks consider the reality of staying with broken ipv4 or making the much better long term investment in IPv6.
@George
Please don't speculating on when Cisco or Microsoft will support 240/4 on this list. Ask your account rep, then report back with facts. Arm-chair engineering accounts for too many emails on this list.
Cameron ===== http://groups.google.com/group/tmoipv6beta =====
IPv6's momentum is a lot like a beach landing at Normandy. -- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
On 2/17/2011 1:31 PM, Jeffrey Lyon wrote:
IPv6's momentum is a lot like a beach landing at Normandy.
As in, "large, dedicated, and nigh unstoppable, but fraught with peril and with a lot of mess and destruction to get through before it is done," or as in "mainly opposed by aging crazy Nazis who should have seen it coming but kept their attention in the wrong place?"
On Thu, Feb 17, 2011 at 2:14 PM, Owen DeLong <owen@delong.com> wrote:
IPv6's momentum is a lot like a beach landing at Normandy.
?? Inevitably going to succeed, but, not without heavy losses in the process?
Owen
Yes, and also with mass fear and confusion at the beginning. -- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
On 2/17/2011 1:25 PM, Jeffrey Lyon wrote:
On Thu, Feb 17, 2011 at 2:14 PM, Owen DeLong<owen@delong.com> wrote:
IPv6's momentum is a lot like a beach landing at Normandy.
?? Inevitably going to succeed, but, not without heavy losses in the process?
Owen
Yes, and also with mass fear and confusion at the beginning.
Given the heavy losses and chaotic nature of the event, wasn't mass fear and confusion to be expected? Jack
On Thu, Feb 17, 2011 at 2:48 PM, Jack Bates <jbates@brightok.net> wrote:
On 2/17/2011 1:25 PM, Jeffrey Lyon wrote:
On Thu, Feb 17, 2011 at 2:14 PM, Owen DeLong<owen@delong.com> wrote:
IPv6's momentum is a lot like a beach landing at Normandy.
?? Inevitably going to succeed, but, not without heavy losses in the process?
Owen
Yes, and also with mass fear and confusion at the beginning.
Given the heavy losses and chaotic nature of the event, wasn't mass fear and confusion to be expected?
Jack
At Normandy or on 2/3/11? -- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
I asked 2 years ago, and i was told it was not feasible. I escalated, still no-go, it was a "deep" problem. And they pointed to the IETF saying no on the above drafts as reason to not dig into the microcode or whatever to fix it.
Ok, so that implies that it is burned into hardware and as it is ASIC-based hardware and not FPGA, they can't reprogram the hardware with a code update (one of the advantages of FPGA-based hardware).
Cisco is just one example. The fact is it will likely not work in cell phones, home gateways, windows PCs, Mac's, .... I understand some progress has been made... but choose your scope wisely and pick your battles and know that the weight of the world is against you (cisco and msft)
I don't think I had general usage in mind, more along the lines of the "middle 4" in NAT444 that will be rolled out in many networks to conserve IP space.
@George
Please don't speculating on when Cisco or Microsoft will support 240/4 on this list. Ask your account rep, then report back with facts. Arm-chair engineering accounts for too many emails on this list.
The usage I have in mind would be transparent to the end stations and, frankly, someone who produces provider gear and CPE that can take advantage of that space is going to have a great selling point. There is some gold under there for someone. 240/4 is a great big "dig here" sign if they want some of it.
Cisco is just one example. The fact is it will likely not work in cell phones, home gateways, windows PCs, Mac's, .... I understand some progress has been made... but choose your scope wisely and pick your battles and know that the weight of the world is against you (cisco and msft)
I don't think I had general usage in mind, more along the lines of the "middle 4" in NAT444 that will be rolled out in many networks to conserve IP space.
Infeasible. NAT444 is primarily needed to avoid doing a CPE forklift for nearly every subscriber. To deploy these addresses in that space would require a CPE forklift for nearly every subscriber.
@George
Please don't speculating on when Cisco or Microsoft will support 240/4 on this list. Ask your account rep, then report back with facts. Arm-chair engineering accounts for too many emails on this list.
The usage I have in mind would be transparent to the end stations and, frankly, someone who produces provider gear and CPE that can take advantage of that space is going to have a great selling point. There is some gold under there for someone. 240/4 is a great big "dig here" sign if they want some of it.
Maybe, but, CPE is rarely a unified solution, even within the same carrier. Owen
In message <5F90644C-5457-460F-9BC3-70802B13A270@delong.com>, Owen DeLong write s:
Cisco is just one example. The fact is it will likely not work in cell phones, home gateways, windows PCs, Mac's, .... I understand some progress has been made... but choose your scope wisely and pick your battles and know that the weight of the world is against you (cisco and msft)
I don't think I had general usage in mind, more along the lines of the "middle 4" in NAT444 that will be rolled out in many networks to conserve IP space.
Infeasible. NAT444 is primarily needed to avoid doing a CPE forklift for nearly every subscriber. To deploy these addresses in that space would require a CPE forklift for nearly every subscriber.
Firstly it is entirely possible to do this incrementally. Secondly it doesn't require a fork lift upgrade. A minimal upgrade is all that is required. For modern Linux boxes just setting a DHCP option would be enough. A two line fix in a config file.
@George
Please don't speculating on when Cisco or Microsoft will support 240/4 on this list. Ask your account rep, then report back with facts. Arm-chair engineering accounts for too many emails on this list.
The usage I have in mind would be transparent to the end stations and, frankly, someone who produces provider gear and CPE that can take advantage of that space is going to have a great selling point. There is some gold under there for someone. 240/4 is a great big "dig here" sign if they want some of it.
Maybe, but, CPE is rarely a unified solution, even within the same carrier.
Owen -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Feb 17, 2011, at 4:52 PM, Mark Andrews wrote:
In message <5F90644C-5457-460F-9BC3-70802B13A270@delong.com>, Owen DeLong write s:
Cisco is just one example. The fact is it will likely not work in cell phones, home gateways, windows PCs, Mac's, .... I understand some progress has been made... but choose your scope wisely and pick your battles and know that the weight of the world is against you (cisco and msft)
I don't think I had general usage in mind, more along the lines of the "middle 4" in NAT444 that will be rolled out in many networks to conserve IP space.
Infeasible. NAT444 is primarily needed to avoid doing a CPE forklift for nearly every subscriber. To deploy these addresses in that space would require a CPE forklift for nearly every subscriber.
Firstly it is entirely possible to do this incrementally. Secondly it doesn't require a fork lift upgrade. A minimal upgrade is all that is required. For modern Linux boxes just setting a DHCP option would be enough. A two line fix in a config file.
Whether you do it incrementally or not, you have to upgrade every affected device eventually. You can roll out IPv6 incrementally, too. Most CPE is _NOT_ within the description of "modern linux boxes" so does not apply to the discussion of the middle 4 in NAT444. It may not require an actual forklift upgrade, but, in the real world, it will require ISP efforts that are equivalent to a forklift upgrade, so, if you're going to that much trouble, it's cheaper (and in many cases easier) to go ahead and forklift your way to IPv6. Ideally in the next round of CPE, the need for NAT444 is a non-issue. It should support at least DS-Lite or 6rd. Anything earlier than the next round of equipment will need to be at least re-flashed. Owen
In message <AANLkTi=UzEQB2DYKxHVrxaKfasPHGfDmXJp1p-GJ0FCf@mail.gmail.com>, Came ron Byrne writes:
On Thu, Feb 17, 2011 at 5:08 AM, John Curran <jcurran@istaff.org> wrote:
On Feb 17, 2011, at 7:39 AM, Iljitsch van Beijnum wrote:
Not that it matters because it's too late now and it would only give us = a few more months, but:
Does the US government really need more than 150 million addresses, of w= hich about half are not publically routed? Non-publically routed addresses = can be reused by others as long as the stuff both users connect to doesn't = overlap.
Again, I note that we've collectively allocated the 95%+ of the address space which was made available outside of DoD's original blocks, and then considering that US DoD additionally returned 2 more /8's for the communi= ty (noted here: <http://blog.icann.org/2008/02/recovering-ipv4-address-space= />), I believe they've shown significant consideration to the Internet communi= ty. The fact that any particular prefix today isn't in your particular routin= g table does not imply that global uniqueness isn't desired.
Rather than saying 240/4 is unusable for another three years, perhaps the service provider community could make plain that this space needs to be made usable (ala http://tools.ietf.org/html/draft-fuller-240space-02 or http://tools.ietf.org/html/draft-wilson-class-e-00, etc.) on a priority basis and work with the operating system and vendor community actually to make this happen? =A0There's a chance that it could be made usable wit= h sufficient focus to make that happen, but it is assured not to be usable if eternally delayed because it is "too hard" to accomplish.
+1
If you want to go on a wild goose chase, start chasing down 240/4 and you might make some progress.
As i have mentioned before, it was only after i gave up on 240/4 for private network numbering that i really earnestly took on IPv6-only as a strategy. Seeing 240/4 actually work would be nice, but i have already concluded it does not fit my exhaustion timeline given how many edge devices will never support it.
If i have to fork lift, it should be for ipv6.
You can reflash CPE devices to support this that you can't reflash to support IPv6 as there is no space in the flash for the extra code. This should be minimal. A extra PPP/DHCP option and a check box to enable (default) / disable setting it. It can be deployed incrementally. It enables IPv6 to be deployed over intermediate hardware that doesn't support IPv4. You still need lots of IPv4 to do that. It doesn't however have to be globally unique and it shouldn't be RFC 1918. Leave RFC 1918 for customers. You add IPv6 support to CPE devices where you can. It doesn't require the world to upgrade. It gives a well defined range that you don't use with 6to4. We also don't need all of class E. The first half would be more than enough for even the biggest ISP. It's big enough to give customers stable IPv6 addresses via 6rd. Mark
Cameron =3D=3D=3D=3D=3D=3D=3D http://groups.google.com/group/tmoipv6beta =3D=3D=3D=3D=3D=3D=3D
/John
(my views alone; 100% recycled electrons used in this message)
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
You can reflash CPE devices to support this that you can't reflash to support IPv6 as there is no space in the flash for the extra code. This should be minimal. A extra PPP/DHCP option and a check box to enable (default) / disable setting it.
Reflashing most CPE amounts to forklifting. The difference between having them bring their CPE in to be reflashed or rolling a truck to do same vs. replacing the CPE will, in most cases, actually render replacing the CPE cheaper.
It can be deployed incrementally.
So can replacing the CPE, but, neither is a particularly attractive alternative for many providers. Owen
In message <1DBDCA5F-16EC-428D-BC46-3BD59A6F4CDB@delong.com>, Owen DeLong write s:
You can reflash CPE devices to support this that you can't reflash to support IPv6 as there is no space in the flash for the extra code. This should be minimal. A extra PPP/DHCP option and a check box to enable (default) / disable setting it.
Reflashing most CPE amounts to forklifting. The difference between having them bring their CPE in to be reflashed or rolling a truck to do same vs. replacing the CPE will, in most cases, actually render replacing the CPE cheaper.
It depends on the CPE device. Lots of CPE devices can be re-flashed in place. It just requires the will to make the images available.
It can be deployed incrementally.
So can replacing the CPE, but, neither is a particularly attractive alternative for many providers.
And further indecision is going to make this worse not better.
Owen
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Feb 17, 2011, at 5:18 PM, Mark Andrews wrote:
In message <1DBDCA5F-16EC-428D-BC46-3BD59A6F4CDB@delong.com>, Owen DeLong write s:
You can reflash CPE devices to support this that you can't reflash to support IPv6 as there is no space in the flash for the extra code. This should be minimal. A extra PPP/DHCP option and a check box to enable (default) / disable setting it.
Reflashing most CPE amounts to forklifting. The difference between having them bring their CPE in to be reflashed or rolling a truck to do same vs. replacing the CPE will, in most cases, actually render replacing the CPE cheaper.
It depends on the CPE device. Lots of CPE devices can be re-flashed in place. It just requires the will to make the images available.
Who do you think is going to do this reflashing? If you think that Grandma is going to download an image and reflash her linksys, you're at least slightly divorced from reality. If you think she's going to do it and not have about a 10% brick rate (10% of devices going from router to brick) as a result, then, you're optimistic to say the least.
It can be deployed incrementally.
So can replacing the CPE, but, neither is a particularly attractive alternative for many providers.
And further indecision is going to make this worse not better.
On this we agree... Which is why we should decide to move to IPv6 and get on with it instead of continuing to pursue rat-holes like 240/4. Owen
In message <C02476CE-0544-430E-BB70-B752406AD3A8@delong.com>, Owen DeLong write s:
On Feb 17, 2011, at 5:18 PM, Mark Andrews wrote:
=20 In message <1DBDCA5F-16EC-428D-BC46-3BD59A6F4CDB@delong.com>, Owen = DeLong write s:
=20 You can reflash CPE devices to support this that you can't reflash to support IPv6 as there is no space in the flash for the extra code. This should be minimal. A extra PPP/DHCP option and a check box to enable (default) / disable setting it. =20 Reflashing most CPE amounts to forklifting. The difference between having them bring their CPE in to be reflashed or rolling a truck to do same vs. replacing the CPE will, in most cases, actually render replacing the CPE cheaper. =20 It depends on the CPE device. Lots of CPE devices can be re-flashed in place. It just requires the will to make the images available. =20 Who do you think is going to do this reflashing? If you think that = Grandma is going to download an image and reflash her linksys, you're at least slightly divorced from reality.
I think grandma is quite capable of doing it. She just needs to be informed that it needs to be done. Most people that are scared of doing it themselves have someone that they can call on to do it for them. It also doesn't have to be 100%.
If you think she's going to do it and not have about a 10% brick rate (10% of devices going from router to brick) as a result, then, you're optimistic to say the least.
Reflashing with manufacture supplied images doesn't have a 10% brick rate.
It can be deployed incrementally. =20 So can replacing the CPE, but, neither is a particularly attractive alternative for many providers. =20 And further indecision is going to make this worse not better. =20
On this we agree...
Which is why we should decide to move to IPv6 and get on with it instead of continuing to pursue rat-holes like 240/4.
240/4 is actually an enabler for IPv6. It allows the operator to give the customer a stable IPv4 address which can be used for stable IPv6 addresses via 6rd. Different parts upgrade at different times and we need to de-couple all those upgrades if we can. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
You're invited to work my helpdesk for a week. I'd even pay you. It's not just flashing, it's reconfiguring every wireless device in the home (printer, Wii, Kindle, laptop (that's not home right, will be when Sally visits for the weekend), etc). If you can come up with an online tool that downloads the correct firmware image, backs up the settings, upgrades the firmware, and restores the configuration, with 99% success, I'd consider buying it to the tune $10/upgraded device. Frank -----Original Message----- From: Mark Andrews [mailto:marka@isc.org] Sent: Thursday, February 17, 2011 7:56 PM To: Owen DeLong Cc: NANOG list; John Curran Subject: Re: IPv6 mistakes, was: Re: Looking for an IPv6 naysayer... <snip> I think grandma is quite capable of doing it. She just needs to be informed that it needs to be done. Most people that are scared of doing it themselves have someone that they can call on to do it for them. It also doesn't have to be 100%. <snip> Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
In message <00bc01cbcf19$8b3f13d0$a1bd3b70$@iname.com>, "Frank Bulk" writes:
You're invited to work my helpdesk for a week. I'd even pay you.
It's not just flashing, it's reconfiguring every wireless device in the home (printer, Wii, Kindle, laptop (that's not home right, will be when Sally visits for the weekend), etc).
Every device doesn't need to know the address. The CPE device still uses RFC 1918 internally. This is for the external address.
If you can come up with an online tool that downloads the correct firmware image, backs up the settings, upgrades the firmware, and restores the configuration, with 99% success, I'd consider buying it to the tune $10/upgraded device.
Frank -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Feb 17, 2011, at 4:39 AM, Iljitsch van Beijnum wrote:
On 11 feb 2011, at 17:51, William Herrin wrote:
We can't backport ULA into IPv4 private addressing; there aren't enough addresses for the math to work. So we either make such folks jump through all kinds of hoops to get their networks to function, or we assign addresses that could otherwise be used on the big-I Internet.
Not that it matters because it's too late now and it would only give us a few more months, but:
Does the US government really need more than 150 million addresses, of which about half are not publically routed? Non-publically routed addresses can be reused by others as long as the stuff both users connect to doesn't overlap.
The DoD does not seem particularly anxious to announce or explain their usage of those blocks to the rest of the community. They have much larger quantities of significantly more sophisticated armaments than ARIN. I agree it would be nice if they would voluntarily return whatever is appropriate to the community, but, as you say, there is little upside to them doing so anyway. Certainly not enough to make the risks of attempting to obtain it through any means other than voluntary return feasible or even worthy of consideration. Owen
Owen DeLong <owen@delong.com> writes:
The DoD does not seem particularly anxious to announce or explain their usage of those blocks to the rest of the community.
They have much larger quantities of significantly more sophisticated armaments than ARIN.
I agree it would be nice if they would voluntarily return whatever is appropriate to the community, but,
You mean like they already did with 49/8, 50/8 (both formerly Joint Technical Command), 10/8 (formerly ARPAnet), and 7/8 (DNIC)? As the biggest returner of IPv4 space by a fair margin, notwithstanding their current holdings I think the DoD is quite justified in saying "I gave at the office" and hanging up. -r
On Feb 17, 2011, at 12:46 PM, Robert E. Seastrom wrote:
Owen DeLong <owen@delong.com> writes:
... I agree it would be nice if they would voluntarily return whatever is appropriate to the community, but,
You mean like they already did with 49/8, 50/8 (both formerly Joint Technical Command), 10/8 (formerly ARPAnet), and 7/8 (DNIC)?
As the biggest returner of IPv4 space by a fair margin, notwithstanding their current holdings I think the DoD is quite justified in saying "I gave at the office" and hanging up.
Actually, as I have noted before, the US DoD has contractually agreed to return to ARIN unneeded IPv4 address space if/when such becomes available, so that it may be used by the Internet community. /John John Curran President and CEO ARIN
On Feb 17, 2011, at 9:57 AM, John Curran wrote:
On Feb 17, 2011, at 12:46 PM, Robert E. Seastrom wrote:
Owen DeLong <owen@delong.com> writes:
... I agree it would be nice if they would voluntarily return whatever is appropriate to the community, but,
You mean like they already did with 49/8, 50/8 (both formerly Joint Technical Command), 10/8 (formerly ARPAnet), and 7/8 (DNIC)?
As the biggest returner of IPv4 space by a fair margin, notwithstanding their current holdings I think the DoD is quite justified in saying "I gave at the office" and hanging up.
As they are also the biggest consumer of IPv4 space by a fair margin, that statement rings a bit hollow.
Actually, as I have noted before, the US DoD has contractually agreed to return to ARIN unneeded IPv4 address space if/when such becomes available, so that it may be used by the Internet community.
This statement, on the other hand, is a good thing. Owen
On 17 feb 2011, at 18:57, John Curran wrote:
Actually, as I have noted before, the US DoD has contractually agreed to return to ARIN unneeded IPv4 address space if/when such becomes available, so that it may be used by the Internet community.
How can they "return" stuff to ARIN that they got from IANA in the first place? ARIN seems to be getting the very long end of the legacy stick.
On Feb 18, 2011, at 5:54 AM, Iljitsch van Beijnum wrote:
On 17 feb 2011, at 18:57, John Curran wrote:
Actually, as I have noted before, the US DoD has contractually agreed to return to ARIN unneeded IPv4 address space if/when such becomes available, so that it may be used by the Internet community.
How can they "return" stuff to ARIN that they got from IANA in the first place?
ARIN seems to be getting the very long end of the legacy stick.
Agreed. But last time I checked, the United States is in the ARIN region. And ARIN did not exist when the US DoD got its space. (In fact, I do believe the reason "IP space" exists is because the DoD paid someone to come up with the idea? :) If the US DoD wants more space, it has to ask ARIN, right? Are you suggesting it should deal with a different organization depending on which direction the IP addresses flow? Supposed it was space ARIN assigned the DoD? -- TTFN, patrick
On 18 feb 2011, at 12:00, Patrick W. Gilmore wrote:
How can they "return" stuff to ARIN that they got from IANA in the first place?
ARIN seems to be getting the very long end of the legacy stick.
But last time I checked, the United States is in the ARIN region. And ARIN did not exist when the US DoD got its space. (In fact, I do believe the reason "IP space" exists is because the DoD paid someone to come up with the idea? :)
True, but how is all of that relevant?
If the US DoD wants more space, it has to ask ARIN, right? Are you suggesting it should deal with a different organization depending on which direction the IP addresses flow?
Supposed it was space ARIN assigned the DoD?
Policies like giving each RIR one of the final five /8s were carefully created to give each RIR equal access to address space. Automatically giving legacy space to the RIR for the region that the holder of the legacy space is in is incompatible with that, and means that ARIN will get virtually all of it. To me, it seems both natural and fair that legacy space (especially /8s) is returned to IANA and then redistributed over the RIRs. By the way, IANA only deals in /8s. However, a lot of people got legacy /16s or other non-/8 sizes, so some /8s that are marked "legacy" actually contain a lot of unused space. Each of those /8 is "administered" by a RIR, but it's unclear (to me at least) whether that means that RIR gets to give out that space in its region or not. And if not, what is supposed to happen with this space. It's a significant amount, about half the size of the class E space: RIR Administerd by Delegated Free afrinic 33.55 M 8.71 M 24.85 M apnic 100.66 M 77.95 M 22.72 M arin 671.09 M 592.04 M 79.05 M ripencc 67.11 M 63.01 M 4.10 M
* Iljitsch van Beijnum
By the way, IANA only deals in /8s. However, a lot of people got legacy /16s or other non-/8 sizes, so some /8s that are marked "legacy" actually contain a lot of unused space. Each of those /8 is "administered" by a RIR, but it's unclear (to me at least) whether that means that RIR gets to give out that space in its region or not.
The unused space in the ERX blocks were divided evenly between the RIRs a couple of years ago, see: http://www.icann.org/correspondence/wilson-to-conrad-28jan08-en.pdf http://bgp.potaroo.net/stats/nro/various.html I believe «administered by» simply means that the RIR is the one providing reverse DNS services for the block in question. Regards, -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com Tel: +47 21 54 41 27
On 18 feb 2011, at 12:36, Tore Anderson wrote:
Each of those /8 is "administered" by a RIR, but it's unclear (to me at least) whether that means that RIR gets to give out that space in its region or not.
The unused space in the ERX blocks were divided evenly between the RIRs a couple of years ago, see:
http://www.icann.org/correspondence/wilson-to-conrad-28jan08-en.pdf
"Please find attached a summary spreadsheet (Excel format) providing the agreed distribution of administrative responsibility" This still leaves the question of which RIR gets to give out which parts of the unused legacy space unanswered.
* Iljitsch van Beijnum
http://www.icann.org/correspondence/wilson-to-conrad-28jan08-en.pdf
"Please find attached a summary spreadsheet (Excel format) providing the agreed distribution of administrative responsibility"
Hit your Page Down button a couple of times, it's included right there in the PDF. Regards, -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com Tel: +47 21 54 41 27
Iljitsch, In deed there were ERX unused space that were divided among RIRs, I think it is referred as "various ERX" (pointed out by Tore). http://bgp.potaroo.net/stats/nro/various.html There were also ERX space transferred from ARIN DB (used to be in InterNIC's) to RIRs because legacy holders were in the RIR region: http://www.lacnic.net/en/erx.html When you talk about "unused" legacy space are you talking about the "various" space or to the legacy space that is currently assigned but the holders just require part of it? Regards, -as On 18 Feb 2011, at 09:36, Tore Anderson wrote:
* Iljitsch van Beijnum
By the way, IANA only deals in /8s. However, a lot of people got legacy /16s or other non-/8 sizes, so some /8s that are marked "legacy" actually contain a lot of unused space. Each of those /8 is "administered" by a RIR, but it's unclear (to me at least) whether that means that RIR gets to give out that space in its region or not.
The unused space in the ERX blocks were divided evenly between the RIRs a couple of years ago, see:
http://www.icann.org/correspondence/wilson-to-conrad-28jan08-en.pdf http://bgp.potaroo.net/stats/nro/various.html
I believe «administered by» simply means that the RIR is the one providing reverse DNS services for the block in question.
Regards, -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com Tel: +47 21 54 41 27
On 18 feb 2011, at 14:10, Arturo Servin wrote:
When you talk about "unused" legacy space are you talking about the "various" space or to the legacy space that is currently assigned but the holders just require part of it?
Legacy space (A) = all the /8s marked as "legacy" by IANA. Used legacy space (B): addresses allocated/assigned according to one of the RIRs which falls within A. Unused legacy space (C): A - B. Examples: lots of class B networks, either they were never given out or they were returned. And 45/8 minus 45.0.0.0/15.
On Feb 18, 2011, at 6:16 AM, Iljitsch van Beijnum wrote:
On 18 feb 2011, at 12:00, Patrick W. Gilmore wrote:
How can they "return" stuff to ARIN that they got from IANA in the first place?
ARIN seems to be getting the very long end of the legacy stick.
But last time I checked, the United States is in the ARIN region. And ARIN did not exist when the US DoD got its space. (In fact, I do believe the reason "IP space" exists is because the DoD paid someone to come up with the idea? :)
True, but how is all of that relevant?
The first seems relevant because it was not possible for the US DoD to get space from ARIN. It's not like they chose to go around ARIN. The second seems relevant because ARIN is the successor, created by the IANA (Dr. Postel himself) specifically to take over the duties of address management in the geographic region where the DoD exists. When someone comes up with an idea (or pays someone to come up with an idea), they tend to get to use that idea before others. If you honestly cannot fathom why that is relevant, then I am not going to attempt to explain it to you. Now that I've answered your question, mind if I ask why you are asking? Or do you just prefer to troll?
If the US DoD wants more space, it has to ask ARIN, right? Are you suggesting it should deal with a different organization depending on which direction the IP addresses flow?
Supposed it was space ARIN assigned the DoD?
Policies like giving each RIR one of the final five /8s were carefully created to give each RIR equal access to address space. Automatically giving legacy space to the RIR for the region that the holder of the legacy space is in is incompatible with that, and means that ARIN will get virtually all of it.
Then perhaps you should work through the process to change that?
To me, it seems both natural and fair that legacy space (especially /8s) is returned to IANA and then redistributed over the RIRs.
It may seem that way to many. Posting it to NANOG is not going to help you achieve what you deem to be fair & natural. -- TTFN, patrick
On Feb 18, 2011, at 3:16 AM, Iljitsch van Beijnum wrote:
On 18 feb 2011, at 12:00, Patrick W. Gilmore wrote:
How can they "return" stuff to ARIN that they got from IANA in the first place?
ARIN seems to be getting the very long end of the legacy stick.
But last time I checked, the United States is in the ARIN region. And ARIN did not exist when the US DoD got its space. (In fact, I do believe the reason "IP space" exists is because the DoD paid someone to come up with the idea? :)
True, but how is all of that relevant?
If the US DoD wants more space, it has to ask ARIN, right? Are you suggesting it should deal with a different organization depending on which direction the IP addresses flow?
Supposed it was space ARIN assigned the DoD?
Policies like giving each RIR one of the final five /8s were carefully created to give each RIR equal access to address space. Automatically giving legacy space to the RIR for the region that the holder of the legacy space is in is incompatible with that, and means that ARIN will get virtually all of it.
To me, it seems both natural and fair that legacy space (especially /8s) is returned to IANA and then redistributed over the RIRs.
By the way, IANA only deals in /8s. However, a lot of people got legacy /16s or other non-/8 sizes, so some /8s that are marked "legacy" actually contain a lot of unused space. Each of those /8 is "administered" by a RIR, but it's unclear (to me at least) whether that means that RIR gets to give out that space in its region or not. And if not, what is supposed to happen with this space. It's a significant amount, about half the size of the class E space:
RIR Administerd by Delegated Free
afrinic 33.55 M 8.71 M 24.85 M apnic 100.66 M 77.95 M 22.72 M arin 671.09 M 592.04 M 79.05 M ripencc 67.11 M 63.01 M 4.10 M
To the best of my knowledge, any RIR is free to allocate or assign any space it administers according to the policies set by that RIRs policy development process. If you feel that legacy resources returned to ARIN should be fed back to IANA, you are welcome to submit an appropriate policy to the ARIN policy development process in order to encourage such an action. Absent such a policy, I think your odds of achieving what you consider natural and fair are limited. I think that what is considered natural and fair by some is not considered so by others. Owen
On Feb 18, 2011, at 2:54 AM, Iljitsch van Beijnum wrote:
On 17 feb 2011, at 18:57, John Curran wrote:
Actually, as I have noted before, the US DoD has contractually agreed to return to ARIN unneeded IPv4 address space if/when such becomes available, so that it may be used by the Internet community.
How can they "return" stuff to ARIN that they got from IANA in the first place?
ARIN seems to be getting the very long end of the legacy stick.
The same way people have returned to ARIN resources obtained from: SRI Internic Network Solutions Internic ARIN is the successor registry and maintains the whois and in-addr data for the blocks. An attempt to return them to IANA directly would probably be met with a "go return these to ARIN" response. I don't know that for sure, but, that is what I would expect. As to ARIN getting the long end of the legacy stick, well, the ARIN region got the long end of the costs of developing and making the early deployments of the Internet, so, many of the legacy allocations and assignments are within the ARIN region. This is simple historical fact. I'm not sure why anyone feels we should attempt to revise history. Owen
Using public address space for private networking is a gross misuse of the resource.
No it is not. IP was invented to enable internetworking. The IPv4 address registry was set up so that anyone who wanted to use IP for internetworking could get unique addresses. The key here, is internetworking, which refers to exchanging packets with other networks. It is possible to internetwork without ever exchanging packets with the public Internet.
Go to any registry and ask for address space for your private networking that you do not intend to announce to the internet. They will laugh at you, and point you to RFC1918. (and likely flag you as someone to whom address space should never be assigned.)
Not true. Two of my former employers went to ARIN every year or two and received blocks around a /16 in size, specifically for use on global IP networks that did not intend to ever announce those addresses on the Internet. There are several other companies which operate somewhat similar networks. Also, "announce to the Internet" doesn't mean what you think it does. First of all there is no Internet to announce to, only peers, There are a lot of smaller networks which do announce routes to a small number of regional peers, but those routes are NOT transitively announced to the rest of the public Internet. These networks *ARE* connected to the Internet, but you won't see their routes in any of the major views (routeviews, ris, etc) which are considered as the global routing table.
The only reason legacy holders get away with such crap is because there's no clear contract governing their assignment.
All of the companies that I am aware of who get RIR addresses with no intention of announcing it on the Internet, are paid up members in good standing of one or more RIRs. Legacy holders really don't play in this game except for the DOD.
First off, someone will have to do a lot more than 5 minutes of poking router-servers to see just how sparsely used ("announced") the space really is. That includes digging through BGP histories to see if it's ever been announced. Then research who should be in control of the space (announced or not.) Then send out nasty sounding letters informing whomever that X address space has not been announced to the public internet in Y years; on Z date, the space will reenter the IANA/ICANN free pool for reassignment. (cue lawyers :-)) They'd also be highly motivated to return unused space if they were being billing for it.
First of all, tools like RIPE's RIS make checking BGP history child's play. Secondly, you left out the court cases where the companies all get injunctions against ARIN because ARIN did regularly give them addresses under ARIN policy and nothing has changed to justify pulling the addresses back. These addresses are in use, i.e. configured in devices that provide a commercial internetworking service with packets flowing 24 hours a day. --Michael Dillon
On Feb 11, 2011, at 3:44 PM, Michael Dillon wrote:
Not true. Two of my former employers went to ARIN every year or two and received blocks around a /16 in size, specifically for use on global IP networks that did not intend to ever announce those addresses on the Internet. There are several other companies which operate somewhat similar networks.
Also, "announce to the Internet" doesn't mean what you think it does.
Exactly. Further, just because it's announced doesn't mean it's reachable or even connected. Cheers, -Benson
From: William Herrin [mailto:bill@herrin.us]
* Carrier NAT...
I spend most of my days fighting with "carriers" to actually carry bits from point A to point B like they're paid to do. I'm sick and tired of them blaming CPE for circuit bounces and outages that are magically "fixed" without us doing anything to CPE. I have absolutely ZERO confidence that the carriers can implement NAT on a global scale such that it works and actually provides decent customer service. (realizing that this broad characterization is probably unfair to many smaller carriers who actually give a crap; my daily pain is generally caused by the "Tier 1" guys)
participants (72)
-
Adam Atkinson
-
Alexander Harrowell
-
Andre Keller
-
Arturo Servin
-
Benson Schliesser
-
bmanning@vacation.karoshi.com
-
Cameron Byrne
-
Chris Grundemann
-
Christian de Larrinaga
-
Cutler James R
-
Dan Wing
-
Daniel Roesen
-
David Conrad
-
David Israel
-
david raistrick
-
Dorn Hetzel
-
Doug Barton
-
Eric Brunner-Williams
-
Franck Martin
-
Frank Bulk
-
Fred Richards
-
George Bonser
-
George Herbert
-
Henk Uijterwaal
-
Iljitsch van Beijnum
-
Jack Bates
-
Jason Bertoch
-
Jason Fesler
-
Jay Ashworth
-
Jeff Johnstone
-
Jeff Kell
-
Jeff McAdams
-
Jeffrey Lyon
-
Jens Link
-
Jeroen van Aart
-
Jim Gettys
-
Joel Jaeggli
-
John Curran
-
John Curran
-
Josh Smith
-
Karl Auer
-
Ken A
-
Lamar Owen
-
Laurent GUERBY
-
Mark Andrews
-
Matthew Kaufman
-
Matthew Moyle-Croft
-
Michael Dillon
-
Michael Thomas
-
Mikael Abrahamsson
-
Nathan Eisenberg
-
Owen DeLong
-
Patrick W. Gilmore
-
Philip Dorr
-
R. Benjamin Kessler
-
Randy Bush
-
Ricky Beam
-
Robert E. Seastrom
-
Scott Helms
-
Scott Howard
-
Seth Mattinen
-
Stephen Davis
-
Stephens, Josh
-
Steve Meuse
-
Steven Bellovin
-
Thomas Habets
-
Tom Limoncelli
-
Tony Hain
-
Tore Anderson
-
TR Shaw
-
Valdis.Kletnieks@vt.edu
-
William Herrin