Let me first start with an alternative suggestion, and then delve into Sander's message itself. At IETF meetings there are numerous experiments going on at any given time too. Popping up an SSID for each experiment is not ideal, ever changing SSID names, or having too many SSIDs is not productive. So... one of the ideas to be explored is that there is a only a *single* SSID, but through WPA-802.1X let the username decide what 'profile' you want. It could be set up in such a way that depending on whether folks type in username "ipv4" or "dual" or "ipv6", they get an IPv4-only, Dualstack, or IPv6-only experience. If this approach is considered all flavors of wifi are equal, perhaps pacifying all factions attending RIPE. Ok, back to bickering: On Wed, Oct 09, 2019 at 05:06:09PM +0200, Sander Steffann wrote:
I am sure the few of us who run local DNSSEC validation would love the opportunity to make it work. Finding IPv4 literals and fixing them is a feature :)
"DNSSEC to the host" might be the path forward as an alternative method to accomplish some of the desirable properties of DoH. If your goal is to find IPv4 literals, go ahead, find them. Perhaps other people have other priorities during the meeting and would like to focus on those instead. Perhaps, when I find an IPv4 literal, I can't fix it because it is outside my administrative domain. Then what?
The 464XLAT component is complicated did cause signficant operational problems in the past.
The net result is that with dual stack and NAT64 we now have two options of providing IPv6+IPv4 on a network. This is confusing to everybody who is not a network engineer.
This _is_ a RIPE meeting...
Thank you for the clarification, so we agree it is not the "IPv6 Only Meeting".
Does dual stack require more IPv4 addresses? No, there are (of course multiple) ways to provide dual stack on wifi without consuming additional public IPv4 addresses. Plenty of ISPs provide consumers with dual stack wifi at home while maintaining an IPv6-only access network.
There is also more and more live deployment of IPv6-only with NAT64. I am honestly surprised by the back pressure in the RIPE community. If production networks can deploy this for millions of users, why should a small conference network with a huge number of network engineers be any problem?
For instance, it interferes with having a proper debugging experience on what happens when RPKI Invalids are dropped for both address families. I personally think that routing security in general is more important than this ipv6 project. DNS folks might also have their own agenda. RIPE is more than IPv6. There ALREADY is an IPv6-only+NAT64 Wifi SSID. Use it if you want to. If there aren't enough users on it, go back to the drawing board and explore why that is. I maintain, let's first move this mailing list to an IPv6 only environment, if that is a success, perhaps we can reconsider. If the argument is "but then the rest of the world can't talk to us"... exactly. Kind regards, Job