Have we failed as IPv6 Working Group?
Hi, the description of the working group says: "The IPv6 Working Group is for anyone with an interest in the next generation Internet Protocol. The activities of the WG include education and outreach, sharing deployment experiences and discussing and fixing operational issues." I know we do all of this at RIPE Meetings and maybe other times as well, but still ... ... the default network at RIPE Meetings is the dual-stack network, with the IPv6-only (NAT64) network as a barely used extra which is "supported on a best effort basis". With the effect that almost no-one except a few "ipv6 zealots" uses it. This tells me that a significant part of the RIPE community does not only consider this setup "not production ready" but expects an amount of breakage so huge that it's not acceptable to try it out and see what would actually break (while still offering a dual-stack network as a fallback, of course). ... the results of the RIPE NCC survey published today lists the scarcity of IPv4 addresses as one of the largest challenges facing the participants in the survey. At the same time, about one quarter of participants has no plans for deploying IPv6, with the most common reason given as "there is no business requirement for IPv6". This tells me that a significant part of the RIPE community does not view a migration to IPv6 as a useful way to deal with the shortage of available IPv4 address space. These two examples both concern the RIPE community, a group of people that are highly interested and knowledgeable in the field of internet operations. Now think about what the situation might look like at your friendly neighbourhood IT shop or network department. I maybe wouldn't call the IPv6 WG "failed", but it clearly still has a long way to go until we can claim "mission accomplished". Wolfgang
Wolfgang Zenker wrote : ... the results of the RIPE NCC survey published today lists the scarcity of IPv4 addresses as one of the largest challenges facing the participants in the survey.
The participants in the RIPE NCC survey are not representative of the market. Here in the USA we have a saying : "You can lead a horse to water, but you can't make it drink". As well as in the ARIN region, the strategy of the IPv4ever camp has been for quite a few years that the IPv6 zealots are doing a better job to discredit themselves. People will get tired of the failed FUD. We don't do anything to torpedo IPv6, you are digging your own grave. You have not failed as a working group. The failure was not yours. As I once did, you have done your best to promote IPv6. I did IPv6 20 years ago, and now I don't do it anymore. I was on the 6bone. I taught IPv6 at the University of California 15 years ago. I had my own ASN at home to multi-home with 2 tunnels. On aDSL. And now I'm IPv4 only. Why ? it does not do any good to me. None of my customers have it. None of my supply chain have it. The failure is in the original design of IPv6, the FUD that has been going on for 20 years, and the lack of an actual problem to solve. For the established ISPs, IPv4 scarcity is not a problem, it's a blessing. Besides other difficulties, IPv4 favors a monopoly of established players, who have been doing everything to keep it that way. The failure of the IPv6 design was that it did not understand market forces nor money incentives. IPv6 cannot succeed when more than half of the big players actively torpedo it to preserve their monopolies.
"there is no business requirement for IPv6".
There is none for me or my company. Dual-stack is a nightmare that I don't have the resources to implement. Why should I bring it to the C-level, while I do not see any ROI for 10 years ? The RIRs and the ISPs do not decide for the market. Large ISPs may influence which protocol they force-feed to their residential suppliers, but not to the enterprise.
This tells me that a significant part of the RIPE community does not view a migration to IPv6 as a useful way to deal with the shortage of available IPv4 address space.
For one good reason : they understand that NAT466464 requires as much logging as plain old NAT444, so why bother ?
I maybe wouldn't call the IPv6 WG "failed"
You have done good, but the deck was not stacked into your favor. If you are smart, you will understand that IPv6 is not going to replace IPv4 in the next 20 years. We are in the end of 2019, I live and work in California, and my ISP does not offer IPv6. Why ? because nobody asks for it. In the ARIN region, we ran out of IP addresses in 2015, 4 years ago than you guys are about to get to. The Internet has not stopped. In 4 years, in the RIPE region, after you run out, it will still be up, too. Oh, and now some troll food :
Jens Link wrote : after now almost 12 years using, working and teaching IPv6 I've come to the conclusion that IPv6 is a mistake and will not work.
I'm afraid that I have to agree with this. Your ideas are technically flawed, that being said. And you are not taking it to the right place. Try the IETF. Michel.
Michel, On Fri, Oct 04, 2019 at 03:23:55AM +0000, Michel Py wrote:
Wolfgang Zenker wrote : ... the results of the RIPE NCC survey published today lists the scarcity of IPv4 addresses as one of the largest challenges facing the participants in the survey.
The participants in the RIPE NCC survey are not representative of the market. Here in the USA we have
... an IPv6 deployment rate of > 50%, see https://twitter.com/Enno_Insinuator/status/1179974955502428161.
We are in the end of 2019, I live and work in California, and my ISP does not offer IPv6.
That is, in all seriousness, regrettable. I live and work in California, too, not far away from Sacramento. My ISP brings IPv6 to my home, I have it on my phones and I hear that the companies of people I meet over lunch serve terabytes of data over IPv6 every single day. It seems California is a quite diverse place, in many regards...
Your ideas are technically flawed, that being said. And you are not taking it to the right place. Try the IETF.
that was funny. I mean both sentences are heavily flawed but at least the second gave me a good laugh. cheers Enno
Enno Rey wrote : That is, in all seriousness, regrettable. I live and work in California, too, not far away from Sacramento. My ISP brings IPv6 to my home, I have it on my phones and I hear that the companies of people I meet over lunch serve terabytes of data over IPv6 every single day. It seems California is a quite diverse place, in many regards...
It is indeed. I do not hear, but I happen to run the network for a multi-billion campus, and your resume just got a static route to null0 for the next 20 years. Congratulations. Michel.
Hi WG, We have to acknowledge "IPv6 zealots" are real. Disclaimer: i think i was part of that group some years ago. I guess i understood i wasn't in that group anymore when i tried to help fix IPv4 distribution policies, while hearing some others say: "Don't touch that, let it burn fast! IPv4 burning fast will be good for v6". I then realized usability and the end-users are what needs to be protected, not IP version X or IP version Z just by the sake of technology coolness. We also have to acknowledge "IPv4 zealots" are real. I don't think i'm going to enter that group anytime soon, though. IMHO, Mr.Py has a point about monopolies & torpedoes. But Mr.Rey's reference about IPv6 deployment rates also makes a good point! I believe markets change. In some countries there is more regulation than others. And people in key positions also change companies, which sometimes impact what their old and new companies actually do/decide. I also don't think the WG has failed. 3 years ago i went to a RIPE meeting (in Madrid) with a (a less technical) colleague. On Thursday he told me that _ONE_ application didn't work/connect. That application was well-know to be IPv4-only and disliking translation mechanisms, so after 5 minutes of debugging the conclusion was easy: he had been connected to the IPv6-only meeting network since Monday and everything worked seamlessly. Some years ago i also did a local test by removing the IPv4 address from my laptop to see if i could bear with a full day of work without it. I couldn't. After two hours i placed it back, but at the time i already had a list of "things to fix", with stuff which was only accessible by IPv4. If you have the time, i recommend you to do it. It's also a way of advancing IPv6 deployment, if you have the time/patience. Regards, Carlos On Fri, 4 Oct 2019, Enno Rey wrote:
Michel,
On Fri, Oct 04, 2019 at 03:23:55AM +0000, Michel Py wrote:
Wolfgang Zenker wrote : ... the results of the RIPE NCC survey published today lists the scarcity of IPv4 addresses as one of the largest challenges facing the participants in the survey.
The participants in the RIPE NCC survey are not representative of the market. Here in the USA we have
... an IPv6 deployment rate of > 50%, see https://twitter.com/Enno_Insinuator/status/1179974955502428161.
We are in the end of 2019, I live and work in California, and my ISP does not offer IPv6.
That is, in all seriousness, regrettable. I live and work in California, too, not far away from Sacramento. My ISP brings IPv6 to my home, I have it on my phones and I hear that the companies of people I meet over lunch serve terabytes of data over IPv6 every single day. It seems California is a quite diverse place, in many regards...
Your ideas are technically flawed, that being said. And you are not taking it to the right place. Try the IETF.
that was funny. I mean both sentences are heavily flawed but at least the second gave me a good laugh.
cheers
Enno
Hi, I think it boils down to a) deploy IPv6 where it makes sense for you to do so. b) remove IPv4 where it makes sense for you to do so. What “makes sense” for different people, organisations, and communities will differ. Stratgies at say Facebook and TalkTalk differ wildly. Tim On 4 Oct 2019, at 07:55, Carlos Friaças via ipv6-wg <ipv6-wg@ripe.net<mailto:ipv6-wg@ripe.net>> wrote: Hi WG, We have to acknowledge "IPv6 zealots" are real. Disclaimer: i think i was part of that group some years ago. I guess i understood i wasn't in that group anymore when i tried to help fix IPv4 distribution policies, while hearing some others say: "Don't touch that, let it burn fast! IPv4 burning fast will be good for v6". I then realized usability and the end-users are what needs to be protected, not IP version X or IP version Z just by the sake of technology coolness. We also have to acknowledge "IPv4 zealots" are real. I don't think i'm going to enter that group anytime soon, though. IMHO, Mr.Py has a point about monopolies & torpedoes. But Mr.Rey's reference about IPv6 deployment rates also makes a good point! I believe markets change. In some countries there is more regulation than others. And people in key positions also change companies, which sometimes impact what their old and new companies actually do/decide. I also don't think the WG has failed. 3 years ago i went to a RIPE meeting (in Madrid) with a (a less technical) colleague. On Thursday he told me that _ONE_ application didn't work/connect. That application was well-know to be IPv4-only and disliking translation mechanisms, so after 5 minutes of debugging the conclusion was easy: he had been connected to the IPv6-only meeting network since Monday and everything worked seamlessly. Some years ago i also did a local test by removing the IPv4 address from my laptop to see if i could bear with a full day of work without it. I couldn't. After two hours i placed it back, but at the time i already had a list of "things to fix", with stuff which was only accessible by IPv4. If you have the time, i recommend you to do it. It's also a way of advancing IPv6 deployment, if you have the time/patience. Regards, Carlos On Fri, 4 Oct 2019, Enno Rey wrote: Michel, On Fri, Oct 04, 2019 at 03:23:55AM +0000, Michel Py wrote: Wolfgang Zenker wrote : ... the results of the RIPE NCC survey published today lists the scarcity of IPv4 addresses as one of the largest challenges facing the participants in the survey. The participants in the RIPE NCC survey are not representative of the market. Here in the USA we have ... an IPv6 deployment rate of > 50%, see https://twitter.com/Enno_Insinuator/status/1179974955502428161. We are in the end of 2019, I live and work in California, and my ISP does not offer IPv6. That is, in all seriousness, regrettable. I live and work in California, too, not far away from Sacramento. My ISP brings IPv6 to my home, I have it on my phones and I hear that the companies of people I meet over lunch serve terabytes of data over IPv6 every single day. It seems California is a quite diverse place, in many regards... Your ideas are technically flawed, that being said. And you are not taking it to the right place. Try the IETF. that was funny. I mean both sentences are heavily flawed but at least the second gave me a good laugh. cheers Enno
Tim, Thanks for your thoughts. But I think you just got that slightly wrong: Am Fri, 04 Oct 2019 schrieb Tim Chown:
I think it boils down to a) deploy IPv6 where it makes sense for you to do so. b) remove IPv4 where it makes sense for you to do so.
Let me correct that for you: a) deploy IPv6 everywhere. Otherwise you are not reaching the whole internet. There are networks out there, which you are currently missing. If you think otherwise, drop me a note at bbu@penguin.de b) Hide all your legacy cruft behind some layers of NAT or Dualstack Application Proxies, if it please you and remove IPv4 where it makes sense for you to do so. Cheers, Bjørn
Hi, Thus wrote Bjoern Buerger (b.buerger@penguin.de):
a) deploy IPv6 where it makes sense for you to do so. a) deploy IPv6 everywhere. Otherwise you are not reaching
Am Fri, 04 Oct 2019 schrieb Tim Chown: the whole internet.
For a sufficient number of networks that is a feature, not a bug. Not every net aspires to be Internet :) regards, spz
Hi Carlos,
Carlos Friaças wrote : We have to acknowledge "IPv6 zealots" are real. Disclaimer: i think i was part of that group some years ago.
Indeed, and so was I. WAS.
But Mr.Rey's reference about IPv6 deployment rates also makes a good point!
Nobody cares about deployment rates. What good does it do, if people don't use it ? This is more realistic : https://www.google.com/intl/en/ipv6/statistics.html During the week, we are below 25%.
We also have to acknowledge "IPv4 zealots" are real.
And they are the ones with the money. The lobbyists. The connections. The banana peels. The 75% market share. The IPv4 zealots have not always been there; they have been created as a reaction to the nonsense of the IPv6 zealots. IPv6 replacing IPv4 is a delusion. 3 months ago, I turned DECNET off on my network. It was actually not even an IT/network decision; customer decided they were done with a product, and we de-commissioned the tools with DECNET. Business decision. We run OS/2 Warp, MS-DOS, Windows 95, HPUX, Solaris, Windows 2000, and I probably forget some. In 20 years, I will still need IPv4. And I have enough IPv4 on my hands for the foreseeable future. I bought some recently, just in case. I encourage the WG group to read this : https://www.internetgovernance.org/2019/02/20/report-on-ipv6-get-ready-for-a... And the full text : https://www.internetgovernance.org/wp-content/uploads/IPv6-Migration-Study-f... Serious work, paid by ICANN. Michel.
On Fri, 4 Oct 2019, Michel Py wrote:
Hi Carlos,
Carlos Friaças wrote : We have to acknowledge "IPv6 zealots" are real. Disclaimer: i think i was part of that group some years ago.
Indeed, and so was I. WAS.
But Mr.Rey's reference about IPv6 deployment rates also makes a good point!
Nobody cares about deployment rates. What good does it do, if people don't use it ? This is more realistic : https://www.google.com/intl/en/ipv6/statistics.html During the week, we are below 25%.
So...? Things move slowly, but they are moving. IPv6 in terms of volume is still a long way behind IPv4.
We also have to acknowledge "IPv4 zealots" are real.
And they are the ones with the money. The lobbyists. The connections. The banana peels. The 75% market share. The IPv4 zealots have not always been there; they have been created as a reaction to the nonsense of the IPv6 zealots.
Admitting that "zealotism" is not a got thing might be a good 1st step.
IPv6 replacing IPv4 is a delusion.
Same can be said about the oil-driven economy, however...
3 months ago, I turned DECNET off on my network. It was actually not even an IT/network decision; customer decided they were done with a product, and we de-commissioned the tools with DECNET. Business decision. We run OS/2 Warp, MS-DOS, Windows 95, HPUX, Solaris, Windows 2000, and I probably forget some.
So, hardly any IPv6 there :-)
In 20 years, I will still need IPv4.
Sure, if IPv6 doesn't become dominant.
And I have enough IPv4 on my hands for the foreseeable future. I bought some recently, just in case.
The "foreseeable future" is also a bit uncertain :-) If a new project pops up that will need 10x the public address space you have... good luck. But yes, a thick wallet might solve it... Cheers, Carlos
I encourage the WG group to read this : https://www.internetgovernance.org/2019/02/20/report-on-ipv6-get-ready-for-a... And the full text : https://www.internetgovernance.org/wp-content/uploads/IPv6-Migration-Study-f... Serious work, paid by ICANN.
Michel.
Carlos Friaças wrote : Admitting that "zealotism" is not a got thing might be a good 1st step.
I did not create the IPv4 zealots, I joined their ranks by economic necessity. I do not like it, but I need the IPv4 ecosystem for 20 more years and I am not going to let the IPv6 zealots destroy my business.
3 months ago, I turned DECNET off on my network. It was actually not even an IT/network decision; customer decided they were done with a product, and we de-commissioned the tools with DECNET. Business decision. We run OS/2 Warp, MS-DOS, Windows 95, HPUX, Solaris, Windows 2000, and I probably forget some.
So, hardly any IPv6 there :-)
100% IPv4 :-)
If a new project pops up that will need 10x the public address space you have... good luck.
I already have several times more public space than I need. And, $20/IP is nothing in the cost of a new project. Michel.
Hi, On Sat, 5 Oct 2019, Michel Py wrote:
Carlos Friaças wrote : Admitting that "zealotism" is not a got thing might be a good 1st step.
I did not create the IPv4 zealots, I joined their ranks by economic necessity. I do not like it, but I need the IPv4 ecosystem for 20 more years and I am not going to let the IPv6 zealots destroy my business.
Can you let everyone know which ASN or ASNs do you run...? :-)
3 months ago, I turned DECNET off on my network. It was actually not even an IT/network decision; customer decided they were done with a product, and we de-commissioned the tools with DECNET. Business decision. We run OS/2 Warp, MS-DOS, Windows 95, HPUX, Solaris, Windows 2000, and I probably forget some.
So, hardly any IPv6 there :-)
100% IPv4 :-)
OK, so you meant *old* Solaris :-)))
If a new project pops up that will need 10x the public address space you have... good luck.
I already have several times more public space than I need. And, $20/IP is nothing in the cost of a new project.
Sure. And you are sitting in the 2nd largest economy in the world? (or the 1st? i lost track...). And what about everyone else, sitting in different continents, in developing regions, where $20/IP is really a show-stopper...? The Internet is supposed to be global, right? Carlos
Michel.
Dear Michel, On 04/10/2019 17:16, Michel Py wrote:
3 months ago, I turned DECNET off on my network. It was actually not even an IT/network decision; customer decided they were done with a product, and we de-commissioned the tools with DECNET. Business decision. We run OS/2 Warp, MS-DOS, Windows 95, HPUX, Solaris, Windows 2000, and I probably forget some.
I don't mean to be criticising in any way, but running services on obsolete operating systems is a risk in itself, if the computer is connected to the Internet. For example, Windows 2000 end of support was as far back as July 13, 2010. https://blogs.technet.microsoft.com/education/2009/11/10/windows-2000-end-of... That means no security updates. With today's Internet being nothing like the Internet back in 2000, is this really reasonable? Unless, of course, the hardware is behind some modern firewalls. Everything has a sell by date. All hardware becomes obsolete too. Kindest regards, Olivier
Olivier MJ Crépin-Leblond wrote : I don't mean to be criticising in any way, but running services on obsolete operating systems is a risk in itself, if the computer is connected to the Internet.
We are well-aware of the risks. None of the production computers have Internet access. Most of the time, there is no DNS either, the USB ports (if recent enough) are disabled, there usually is a mouse or trackball or lightpen but not always a keyboard. Somehow, that data will eventually end up somewhere on an Internet portal that customers can access, but there are complex processes in between.
Everything has a sell by date. All hardware becomes obsolete too.
We are painfully aware of that, too. And we have spares dating back to the 486 area. We machine or 3D print some parts. We replace surface-mount ICs if required. I'm trying to VM these, but they often require some proprietary hardware that can't even be VM'ed. Because everyone has asked, why don't I just e-waste these pieces of antique junk ? because they drive a multi-ton multi-million tool that will take a year to replace with a team of two dozen people. Just the man hours are several hundred thousand dollars or possibly over a million, not to mention the cost of the tool. And even if the new tool runs on newer hardware and OS that could support IV6, the proprietary app probably won't in the first place. Michel.
Am 04.10.2019 um 08:56 schrieb Carlos Friaças via ipv6-wg <ipv6-wg@ripe.net>:
Some years ago i also did a local test by removing the IPv4 address from my laptop to see if i could bear with a full day of work without it. I couldn't. After two hours i placed it back, but at the time i already had a list of "things to fix", with stuff which was only accessible by IPv4. If you have the time, i recommend you to do it. It's also a way of advancing IPv6 deployment, if you have the time/patience.
Same thing I’ve also tried several weeks ago The problem comes when trying to fix issues outside your reach. For example: try to access Github. Even Cisco Website. Try to login. The intermediate step of the Pingfed solution doing the SSO login is IPv4-only. This is very frustrating. The biggest network vendor isn’t fully reachable via IPv6-only. - Alex This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith. Click http://www.merckgroup.com/disclaimer to access the German, French, Spanish and Portuguese versions of this disclaimer.
Hi Alexander, All, Github is now owned by Microsoft. Someone from Microsoft reading this? Maybe Veronika from Microsoft and the UK IPv6 Council? Cisco: just saw a post from Eric Vyncke. :-)) Maybe the WG can grow the list of gaps, so they can (possibly?) start to be addressed...? Regards, Carlos On Sat, 5 Oct 2019, Alexander Koeppe wrote:
Am 04.10.2019 um 08:56 schrieb Carlos Friaças via ipv6-wg <ipv6-wg@ripe.net>:
Some years ago i also did a local test by removing the IPv4 address from my laptop to see if i could bear with a full day of work without it. I couldn't. After two hours i placed it back, but at the time i already had a list of "things to fix", with stuff which was only accessible by IPv4. If you have the time, i recommend you to do it. It's also a way of advancing IPv6 deployment, if you have the time/patience.
Same thing I?ve also tried several weeks ago The problem comes when trying to fix issues outside your reach.
For example: try to access Github. Even Cisco Website. Try to login. The intermediate step of the Pingfed solution doing the SSO login is IPv4-only.
This is very frustrating. The biggest network vendor isn?t fully reachable via IPv6-only.
- Alex
This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith.
Click http://www.merckgroup.com/disclaimer to access the German, French, Spanish and Portuguese versions of this disclaimer.
Carlos Friaças via ipv6-wg <ipv6-wg@ripe.net> writes:
Hi Alexander, All,
Github is now owned by Microsoft. Someone from Microsoft reading this? Maybe Veronika from Microsoft and the UK IPv6 Council?
Cisco: just saw a post from Eric Vyncke. :-))
twitter, slack, amazon, stackexchange, redhat (registration does not work on v6 only), .... And from my Linux from Scratch experiment, see my presentation at RIPE76[1], all or at least some hosts from these domains dont support v6; astron.com github.com greenwoodsoftware.com infodrom.org linuxfromscratch.org mpfr.org sourceforge.net sourceware.org tukaani.org zlib.net Jens [1] https://ripe76.ripe.net/wp-content/uploads/presentations/146-we_dont_need_ip... -- ---------------------------------------------------------------------------- | Delbrueckstr. 41 | 12051 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@quux.de | --------------- | ----------------------------------------------------------------------------
Hi, Fine, i get it: It's not only Microsoft and Cisco. But this WG goes way beyond Eric and Veronika... so we might have someone who can actually help already in the WG, or we (collectively) need to find those who can make a difference. But, imho, such list of 'gaps' is very, very useful! Cheers, Carlos On Sun, 6 Oct 2019, Jens Link wrote:
Carlos Friaças via ipv6-wg <ipv6-wg@ripe.net> writes:
Hi Alexander, All,
Github is now owned by Microsoft. Someone from Microsoft reading this? Maybe Veronika from Microsoft and the UK IPv6 Council?
Cisco: just saw a post from Eric Vyncke. :-))
twitter, slack, amazon, stackexchange, redhat (registration does not work on v6 only), ....
And from my Linux from Scratch experiment, see my presentation at RIPE76[1], all or at least some hosts from these domains dont support v6;
astron.com github.com greenwoodsoftware.com infodrom.org linuxfromscratch.org mpfr.org sourceforge.net sourceware.org tukaani.org zlib.net
Jens [1] https://ripe76.ripe.net/wp-content/uploads/presentations/146-we_dont_need_ip... -- ---------------------------------------------------------------------------- | Delbrueckstr. 41 | 12051 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@quux.de | --------------- | ----------------------------------------------------------------------------
Carlos Friaças via ipv6-wg <ipv6-wg@ripe.net> writes:
Hi,
Fine, i get it: It's not only Microsoft and Cisco.
I don't think Microsoft is involved how GitHub operates it's network.
But, imho, such list of 'gaps' is very, very useful!
See my presentations. the update slide to my last presentation would look like this (in the source} \begin{frame} \frameritle{Update RIPE 77} \end{frame} What would such a list accomplish? I put answers in three categories: 1 - No answer at all, e.g. Twitter 2 - Your call is very important to us. We are working on it. 3 - Got away we'll never do IPv6 I think that 1 and 3 are the most honest answers you'll get at that 2 is just a polite form of answer 3. BTW: You'll will often get answers including the phrase "You are the first one to ask." Jens -- ---------------------------------------------------------------------------- | Delbrueckstr. 41 | 12051 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@quux.de | --------------- | ----------------------------------------------------------------------------
Replying to the Subject question. . . The WG has done good work. RIPE-554 in particular I think is good work. This WG isn't a marketing organization. That's appropriate. One way to look at the problem is that IPv4 exhaustion is a problem of externalities: my network is growing, and it costs me more now because you don't support IPv6. As an economic problem, then, think about how to shift your costs to those who have only IPv4. IPv6 deployment in your network means cutting your NAT expense in half. More, as more sites deploy. IPv6 deployment in your network might mean you can sell some of your IPv4 addresses, a clever way I've seen to fund the transition. IPv6 deployment on your web site means improving your page load time, and therefore SEO, and therefore revenue. At NANOG I showed quotes that IPv6 increases revenue by 0.2%-7%.[1] The cost to deploy IPv6 is not high: it's mostly labor, and people who complain that there's no training are ignoring the hundreds of tutorials, books, articles, videos, and web sites available to them for free, not to mention the thousands of friendly engineers. To everyone who sees a high cost, I ask whether you know the value of NAT reduction and web site speed (and avoiding buying addresses, or selling addresses), in $LOCAL_CURRENCY, so you can evaluate every obstacle you might encounter. For instance, "Our web conferencing doesn't support IPv6, and it'll cost us $9,000 a year to change. But IPv6 will save us $30,000." The decision is easy. In another message on this thread I noted that small ISPs are squeezed between CPE and IPv4 purchases. They can't get CPE that supports IPv6, or that supports MAP or 464xlat, because they don't buy enough, so they have to pay to buy addresses. That's easily solved by collective action: 100 small ISPs can get the features they want (at a better discount) than one acting alone. In the mean time, this WG keeps having fascinating presentations, which I keep using when talking about IPv6 to enterprise IT departments. Keep it up. Lee [1] https://youtu.be/aTi4fia5s-k?t=4386
Hi,
One way to look at the problem is that IPv4 exhaustion is a problem of externalities: my network is growing, and it costs me more now because you don't support IPv6. As an economic problem, then, think about how to shift your costs to those who have only IPv4.
"We only do settlement-free peering on IPv6" ? Cheers, Sander
Lee Howard <lee@asgard.org> writes:
Replying to the Subject question. . .
The WG has done good work. RIPE-554 in particular I think is good work.
This WG isn't a marketing organization. That's appropriate.
I'm not normally part of this wg, I just got sucked in because a poster cited a bunch of unicast extensions project work out of context.
One way to look at the problem is that IPv4 exhaustion is a problem of externalities: my network is growing, and it costs me more now because you don't support IPv6. As an economic problem, then, think about how to shift your costs to those who have only IPv4.
IPv6 deployment in your network means cutting your NAT expense in half. More, as more sites deploy.
There's no fungable or measureable "NAT expense". NAT generally saves money. Look at the container market for one recent example.
IPv6 deployment in your network might mean you can sell some of your IPv4 addresses, a clever way I've seen to fund the transition.
That I agree with. But I see no sign anyone is actually doing that. It's saner to horde at the moment.
IPv6 deployment on your web site means improving your page load time, and therefore SEO, and therefore revenue. At NANOG I showed quotes that IPv6 increases revenue by 0.2%-7%.[1]
BS. Happy eyeballs costs time.
The cost to deploy IPv6 is not high: it's mostly labor, and people who
BS. It needs to be implemented first in a deployable state.
complain that there's no training are ignoring the hundreds of tutorials, books, articles, videos, and web sites available to them for free, not to mention the thousands of friendly engineers.
To everyone who sees a high cost, I ask whether you know the value of NAT reduction and web site speed (and avoiding buying addresses, or
I note that port exhaustion is a real thing on ipv4 networks today that more should measure. In one recent set of "coffee shop tests", I had an over 30% initial syn failure rate. I don't know why (we were also testing ecn) at the moment, but that was a shocking number. ipv4 dns with udp was already using up a lot of udp port space. with quic eating up a lot of udp more, I'm not happy. JUST deploying dns over IPv6 as I did saved tons of udp port space under nat. That was a win.
selling addresses), in $LOCAL_CURRENCY, so you can evaluate every obstacle you might encounter. For instance, "Our web conferencing doesn't support IPv6, and it'll cost us $9,000 a year to change. But IPv6 will save us $30,000." The decision is easy.
That last number is pure BS. It's not a single cost. It's that last dangling set of apps that can't be converted to ipv6 that's the infinite cost.
In another message on this thread I noted that small ISPs are squeezed between CPE and IPv4 purchases. They can't get CPE that supports IPv6, or that supports MAP or 464xlat, because they don't buy enough, so they have to pay to buy addresses.
They can't get cheap CPE that has those features. ALL that code runs great in openwrt. And ipv4 addresses are needed until ipv6 hits 100% deployment.
That's easily solved by collective action: 100 small ISPs can get the features they want (at a better discount) than one acting alone.
Great. Is there an ISP association trying to do that already?
In the mean time, this WG keeps having fascinating presentations, which I keep using when talking about IPv6 to enterprise IT departments. Keep it up.
Dave That wrote : That last number is pure BS. It's not a single cost. It's that last dangling set of apps that can't be converted to ipv6 that's the infinite cost.
It's not only the apps, it's the tools and the entire business process that is behind. I am not going to replace a ten million dollar tool to make it IPv6 compatible. Michel.
Hi Wolfgang, On Fri, Oct 4, 2019 at 5:41 AM Wolfgang Zenker <zenker@punkt.de> wrote:
... the default network at RIPE Meetings is the dual-stack network, with the IPv6-only (NAT64) network as a barely used extra which is "supported on a best effort basis". With the effect that almost no-one except a few "ipv6 zealots" uses it. This tells me that a significant part of the RIPE community does not only consider this setup "not production ready" but expects an amount of breakage so huge that it's not acceptable to try it out and see what would actually break (while still offering a dual-stack network as a fallback, of course).
I'm not sure I can follow the logic here. What you are saying about 'do not consider production ready' would have been true if users made a decision which SSID to connect every time (and that decision took into account the protocol version). But it's clearly not the case. First time attendees connect to whatever SSID is specified in the booklet and/or has the most intuitive name. Returning attendees let their laptops/phones connect to SSID their devices remember. There is an SSID which has been there for years, which is printed on the booklets etc and it's name matches the meeting name. And there are other SSIDs - which are not listed in the booklet, their names are longer (which for MacOS at least might mean that they are shown *below* the main one in the list) etc. I'm sure that even if all of them were dual-stack, the main one would have attracted the vast majority of the userbase.
... the results of the RIPE NCC survey published today lists the scarcity of IPv4 addresses as one of the largest challenges facing the participants in the survey. At the same time, about one quarter of participants has no plans for deploying IPv6, with the most common reason given as "there is no business requirement for IPv6".
The survey says: "Over half of respondents indicated that they will need more IPv4 address space in the short term." I read it as '~50% of respondents do not need IPv4 in the short term". And only 1/4 do not see the business requirements for IPv6". Twice less that I'd have expected then.. Another quote: "A further 44% of respondents who indicate they will not need more IPv4 stated that their organisation has/will have deployed IPv6. " I'd not call it a failure.
This tells me that a significant part of the RIPE community does not view a migration to IPv6 as a useful way to deal with the shortage of available IPv4 address space.
Yet.
I maybe wouldn't call the IPv6 WG "failed", but it clearly still has a long way to go until we can claim "mission accomplished".
I do not think anyone promised it's going to be easy ;) On a more serious note, two things: 1) I quickly checked the 2013 survey. It does not even mention IPv6. Are you still calling it 'no progress' and 'failure'? ;) 2) By lucky coincidence we have a slot in Rotterdam to discuss the working group strategy and future. Let's talk about it. -- SY, Jen Linkova aka Furry
Hi Jen, * Jen Linkova <furry13@gmail.com> [191005 03:46]:
On Fri, Oct 4, 2019 at 5:41 AM Wolfgang Zenker <zenker@punkt.de> wrote:
... the default network at RIPE Meetings is the dual-stack network, with the IPv6-only (NAT64) network as a barely used extra which is "supported on a best effort basis". With the effect that almost no-one except a few "ipv6 zealots" uses it. This tells me that a significant part of the RIPE community does not only consider this setup "not production ready" but expects an amount of breakage so huge that it's not acceptable to try it out and see what would actually break (while still offering a dual-stack network as a fallback, of course).
I'm not sure I can follow the logic here. What you are saying about 'do not consider production ready' would have been true if users made a decision which SSID to connect every time (and that decision took into account the protocol version). But it's clearly not the case. First time attendees connect to whatever SSID is specified in the booklet and/or has the most intuitive name. Returning attendees let their laptops/phones connect to SSID their devices remember.
There is an SSID which has been there for years, which is printed on the booklets etc and it's name matches the meeting name. And there are other SSIDs - which are not listed in the booklet, their names are longer (which for MacOS at least might mean that they are shown *below* the main one in the list) etc. I'm sure that even if all of them were dual-stack, the main one would have attracted the vast majority of the userbase.
I guess you misunderstood what I was trying to say here. For years we have had the "default network" (dual stack) and the "experimental?" network (ipv6 + NAT64). And for years some people have asked to make the ipv6/nat64 network the "default network" and give a different SSID to the dual stack network, with the intention to see real usage on the ipv6-only network (which would happen because people are lazy). That should enable us to find any remaining problems quickly, and should hopefully show to the users that IPv6 is something that works and is nothing to be afraid of. Also for many years, we don't actually do it. And whoever it is that decides not to do it, is certainly part of the RIPE community. The only reason I can see is that at least that part of the RIPE community does not consider IPv6-only + NAT64 to be "production ready".
[..] I maybe wouldn't call the IPv6 WG "failed", but it clearly still has a long way to go until we can claim "mission accomplished".
I do not think anyone promised it's going to be easy ;)
On a more serious note, two things: 1) I quickly checked the 2013 survey. It does not even mention IPv6. Are you still calling it 'no progress' and 'failure'? ;) 2) By lucky coincidence we have a slot in Rotterdam to discuss the working group strategy and future. Let's talk about it.
Seeing that timeslot on the agenda was actually one reason for me to start this thread, to get discussions started ahead of the meeting. Greetings, Wolfgang
On Sun, 6 Oct 2019, Wolfgang Zenker wrote:
Also for many years, we don't actually do it. And whoever it is that decides not to do it, is certainly part of the RIPE community. The only reason I can see is that at least that part of the RIPE community does not consider IPv6-only + NAT64 to be "production ready".
On Android/iOS I'd say it's production ready. On classic desktop OSes like MacOS, Windows and Linux it's not. The difference is the presence of widely available 464XLAT support. -- Mikael Abrahamsson email: swmike@swm.pp.se
* Mikael Abrahamsson (swmike@swm.pp.se) [191007 12:45]:
On Android/iOS I'd say it's production ready.
Yes.
On classic desktop OSes like MacOS, Windows and Linux it's not. The difference is the presence of widely available 464XLAT support.
From my observation, that's correct.
Theoretically, there may be better solutions, but 464XLAT ist just fine and does the job. Bjørn
If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and also fix their bufferbloat) - I'll consider my participation in this thread a success.
Dear Dave, On Mon, Oct 7, 2019 at 4:04 PM Dave Taht <dave.taht@gmail.com> wrote:
If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and also fix their bufferbloat) - I'll consider my participation in this thread a success.
That may be how you measure success yourself, however I measure differently: I consider your input in this thread insightful and valuable, regardless of the coffee shop's connectivity. Influencing the connectivity of any public place (bar, coffee shop, or mall) who don't consider their internet access service their core business, can be really tricky. Any anecdotal data gleaned from that experience is just that, anecdotal. Kind regards, Job
On Mon, Oct 7, 2019 at 9:16 AM Job Snijders <job@instituut.net> wrote:
Dear Dave,
On Mon, Oct 7, 2019 at 4:04 PM Dave Taht <dave.taht@gmail.com> wrote:
If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and also fix their bufferbloat) - I'll consider my participation in this thread a success.
That may be how you measure success yourself, however I measure differently: I consider your input in this thread insightful and valuable, regardless of the coffee shop's connectivity.
:blush: I have some feedback on a couple other things that have gone by on these threads that I guess you just encouraged me to write. You might regret encouraging me, but here's something that just poured out.
Influencing the connectivity of any public place (bar, coffee shop, or mall) who don't consider their internet access service their core business, can be really tricky. Any anecdotal data gleaned from that experience is just that, anecdotal.
Every journey begins with a single step. *enough* anecdotal experience (and a unified set of questions to ask) gathered this way turns into scientific evidence and a plan for making things better along this portion of the edge. It's less complicated to turn your local coffee shop owner on than it is to convince an enterprise. (besides, it's fun - I work 2 days a week out of coffee shops - and in my (our!) best interest to make the coffee shop's internet work as good as possible. For all I know the gig will turn into money - if only my patreon was about 10x higher (https://www.patreon.com/dtaht) I could stop working on "pets.com" stuff to stay alive - and try to work on more difficult issues more regularly) So like I said, it would be great if more folk fixed their local coffee shop and got first hand experience at low scale with the real issues remaining with ipv6 deployment. I've worked on a few "newer" ipv6 related technologies that might help speed deployment. as well as observed a few things about networks along the edge. Since I'm new around here, for those that don't know - I used to live in Nicaragua, where I first volunteered for the OLPC project. I fell in love with life down there, until my wifi failed in the rainy season due to bufferbloat (if anyone here wants more of that origin story for how cerowrt came to be, see: https://www.youtube.com/watch?v=Wksh2DPHCDI ). There was zero IPv6 deployed there along the edge when I was last there (and given the political situation, it's unlikely I'll go back soon). There was no local place to tunnel, either. The fiber along the highway between nicaragua and coasta rica had been cut years prior and nobody was moving to replace it. Still, from 2006- 2011 we went from adhoc wifi links going over the mountain to a cable and fiber deployment that sort of worked. The fiber deployment was *weird* single channel stuff, and the cable deployment typically was 5Mbit/1mbit when I was last there (2016). The ISPs cheaped out greatly on all the gear, all the gear was not rated for high temp and humidity and failed a lot, and I have pictures of what your typical electrical and network cabling look like down there that will make you shudder.... Anyway... Multiple small coffee shops and hotels down in SJDS have the most debloated internet possible - 'cause I talked folk into turning stuff on (between surfing excursions and boat drinks) they already had. Over the years I used that distance to test in the real world codel's (and BBR's) response to longer RTTs, and most recently sch_cake ( https://arxiv.org/pdf/1804.07617.pdf ) - (The other major place we test long RTTs is on the island of mauritus) Anyway, my mission #1 is to upgrade the middleboxes worldwide, to fix bufferbloat. While we're doing that it would pay to try and deploy newer stuff like ipv6, DNSSEC, mo' ipv4, observe what users outside the english speaking community are doing, and so on. Here's some traceroutes, please let me talk to them: http://blog.cerowrt.org/post/nicaragua/ All the classic ipv6 over ipv4 tunnelling technologies failed. I was able to get stuff over udp4 to be fairly reliable, but not to any standard anyone here is used to. Power often flickers 6+ times a day, and hitting reload on websites massively common - try to nail up a tcp or ssh connection and good luck for more than a few hours. This was kind of the advantage to trying to do ipv6 tunnels as my ssh connections would survive a blink. But who cares about ssh in a web world? Now, based on some of those experiences - I tended to regard reliable power distribution as a key starting point. Education - in spanish - the next one. How much ipv6 training is there in spanish? Getting ipv4 to work at all is a high demand item due to the tourist trade, and things like skype and whatsapp are the big tourist applications, whatsapp and yourube (due to the literacy problem) the big apps for locals. Cell rolled out *amazinging* in 2011-2016. Everybody - in a country of 1000GDP per head - managed to get a phone with internet on it and used the first applications they were handed. (email is *dead*). I have a funny photo of the local milkman with an ox-drawn cart, tapping away on his phone... Anyway.... I've worked on means to make routing native ipv6 over unnumbered interfaces far, far easier with the babel protocol, and worked on securing it and the RFCs for that are final. The *code* doesn't scale well but at least it works over wireless links better than anything else I know. I tend to regard the ipv6 prefix distribution problem over such a mess of RFC1918 as the biggest problem we have in networks such this. Even with tunnels it's very problematic, even static. DHCPv6-pd over relays? don't make me laugh. like this (In fact, I'd really like to be able somehow get more ipv4 prefixes out to the edge on such networks also. It doesn't make any sense to backhaul everything up to managua over tin cans and string if it were possible to bring up a whole town) Anyway, total aside...
Kind regards,
Job
-- Dave Täht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-205-9740
Congratulations on your contribution to success Dave! Regards Bob Sent from my local coffee shop - using my EE Mobile over native IPv6 -----Original Message----- From: ipv6-wg <ipv6-wg-bounces@ripe.net> On Behalf Of Dave Taht Sent: 07 October 2019 17:04 To: Bjoern Buerger <b.buerger@penguin.de> Cc: ipv6-wg@ripe.net IPv6 <ipv6-wg@ripe.net> Subject: Re: [ipv6-wg] Have we failed as IPv6 Working Group? If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and also fix their bufferbloat) - I'll consider my participation in this thread a success.
Bob, not meaning to spoil the party but while we're at it, and out of genuine interest: can you give us an update on the status of IPv6 in the Non-EE part of BT Consumer? thanks Enno On Mon, Oct 07, 2019 at 04:27:00PM +0000, bob.sleigh@bt.com wrote:
Congratulations on your contribution to success Dave!
Regards
Bob
Sent from my local coffee shop - using my EE Mobile over native IPv6
-----Original Message----- From: ipv6-wg <ipv6-wg-bounces@ripe.net> On Behalf Of Dave Taht Sent: 07 October 2019 17:04 To: Bjoern Buerger <b.buerger@penguin.de> Cc: ipv6-wg@ripe.net IPv6 <ipv6-wg@ripe.net> Subject: Re: [ipv6-wg] Have we failed as IPv6 Working Group?
If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and also fix their bufferbloat) - I'll consider my participation in this thread a success.
-- Enno Rey Cell: +49 173 6745902 Twitter: @Enno_Insinuator
Hi Enno Not off the top of my head, but I'll ask around... Regards Bob -----Original Message----- From: Enno Rey <erey@ernw.de> Sent: 07 October 2019 17:36 To: Sleigh,R,Bob,VQI R <bob.sleigh@bt.com> Cc: dave.taht@gmail.com; b.buerger@penguin.de; ipv6-wg@ripe.net Subject: Re: [ipv6-wg] Have we failed as IPv6 Working Group? Bob, not meaning to spoil the party but while we're at it, and out of genuine interest: can you give us an update on the status of IPv6 in the Non-EE part of BT Consumer? thanks Enno On Mon, Oct 07, 2019 at 04:27:00PM +0000, bob.sleigh@bt.com wrote:
Congratulations on your contribution to success Dave!
Regards
Bob
Sent from my local coffee shop - using my EE Mobile over native IPv6
-----Original Message----- From: ipv6-wg <ipv6-wg-bounces@ripe.net> On Behalf Of Dave Taht Sent: 07 October 2019 17:04 To: Bjoern Buerger <b.buerger@penguin.de> Cc: ipv6-wg@ripe.net IPv6 <ipv6-wg@ripe.net> Subject: Re: [ipv6-wg] Have we failed as IPv6 Working Group?
If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and also fix their bufferbloat) - I'll consider my participation in this thread a success.
-- Enno Rey Cell: +49 173 6745902 Twitter: @Enno_Insinuator
Am Mo., 7. Okt. 2019 um 18:04 Uhr schrieb Dave Taht <dave.taht@gmail.com>:
If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and
Please start by eating your own dog food and make future RIPE meetings IPv6 only. Best Martin
* Martin Schröder (martin@oneiros.de) [191007 19:13]:
Am Mo., 7. Okt. 2019 um 18:04 Uhr schrieb Dave Taht <dave.taht@gmail.com>:
If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and
Please start by eating your own dog food and make future RIPE meetings IPv6 only.
+1 Bjørn
Hi, On Mon, Oct 07, 2019 at 08:05:18PM +0200, Bjoern Buerger wrote:
* Martin Schr?der (martin@oneiros.de) [191007 19:13]:
Am Mo., 7. Okt. 2019 um 18:04 Uhr schrieb Dave Taht <dave.taht@gmail.com>:
If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and
Please start by eating your own dog food and make future RIPE meetings IPv6 only.
+1
Bj?rn
we should definitely have a discussion about this in the 'open mic' slot in the wg in Rotterdam. Let's identify who to talk to, from the meetings' NOC and other circles within RIPE NCC, beforehand. cheers Enno -- Enno Rey theinternetprotocol.blog Twitter: @Enno_Insinuator
On Mon, Oct 07, 2019 at 08:11:41PM +0200, Enno Rey wrote:
On Mon, Oct 07, 2019 at 08:05:18PM +0200, Bjoern Buerger wrote:
* Martin Schr?der (martin@oneiros.de) [191007 19:13]:
Am Mo., 7. Okt. 2019 um 18:04 Uhr schrieb Dave Taht <dave.taht@gmail.com>:
If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and
Please start by eating your own dog food and make future RIPE meetings IPv6 only.
+1
Bj?rn
we should definitely have a discussion about this in the 'open mic' slot in the wg in Rotterdam. Let's identify who to talk to, from the meetings' NOC and other circles within RIPE NCC, beforehand.
If folks are serious about killing dual-stack ... Wouldn't it make more sense to first move this mailing list to an actual ipv6-only environment? Perhaps the WG could RIPE NCC to register a domain like ripe-ipv6-only-wg.org. This domain would have authoritative nameservers only reachable via IPv6, an MTA that doesn't have any IPv4 connectivity & a webserver with the charter, CoC, and mailing list archive only accessible via IPv6. Much like how Marco David's dnslabs.nl is set up? Kind regards, Job
* Job Snijders (job@ntt.net) [191008 05:37]:
If folks are serious about killing dual-stack ...
Hmm, I would rephrase that to: "If folks are serious about IPv6 and are willing to set a real incentive for this community to have a reality check and test their own infrastructure in a safe environment with losts of experts around..." Nobody wants to kill Dualstack right now. There will always be a legacy network as backup, like on every other RIPE meeting. But you won't see most of the common misconfigurations in a Dualstack Environment and it's time to move out of your comfort zone now. Manually switching from default SSID to some legacy fallback should not be a problem for those people with intentionally old infrastructure. People who still run Windows 95 in 2019 will clearly have the expertise to klick on a button, right?
Wouldn't it make more sense to first move this mailing list to an actual ipv6-only environment?
Bold move, but yes - why not? By now, everybody with fairly recent infrastructure should have at least Dualstack on their mailservers, so this shouldn't impose any problem, right?
Perhaps the WG could RIPE NCC to register a domain like ripe-ipv6-only-wg.org. This domain would have authoritative nameservers only reachable via IPv6, an MTA that doesn't have any IPv4 connectivity & a webserver with the charter, CoC, and mailing list archive only accessible via IPv6. Much like how Marco David's dnslabs.nl is set up?
Nice idea. You would have my support for this. Bjørn
* Job Snijders <job@ntt.net> [191008 05:29]:
On Mon, Oct 07, 2019 at 08:11:41PM +0200, Enno Rey wrote:
On Mon, Oct 07, 2019 at 08:05:18PM +0200, Bjoern Buerger wrote:
* Martin Schr?der (martin@oneiros.de) [191007 19:13]:
Am Mo., 7. Okt. 2019 um 18:04 Uhr schrieb Dave Taht <dave.taht@gmail.com>:
If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and
Please start by eating your own dog food and make future RIPE meetings IPv6 only.
+1
we should definitely have a discussion about this in the 'open mic' slot in the wg in Rotterdam. Let's identify who to talk to, from the meetings' NOC and other circles within RIPE NCC, beforehand.
If folks are serious about killing dual-stack ...
Wouldn't it make more sense to first move this mailing list to an actual ipv6-only environment?
Perhaps the WG could RIPE NCC to register a domain like ripe-ipv6-only-wg.org. This domain would have authoritative nameservers only reachable via IPv6, an MTA that doesn't have any IPv4 connectivity & a webserver with the charter, CoC, and mailing list archive only accessible via IPv6. Much like how Marco David's dnslabs.nl is set up?
I think both suggested measures (going 100% ipv6-only on the meeting network and on this mailing list) are a pretty bad idea. It might be useful if we want to congratulate ourselfes how cool we are and how good we can work in an IPv6-only environment, but it would have no use whatsoever to help the RIPE community and the internet at large to migrate towards a world where IPv6 is the "normal" protocol. On the other hand, switching the "default" meeting SSID to IPv6-only/NAT64 while still providing the dual stack network as a fallback, preferably combined with a helpdesk staffed by volunteers ready to analyze any problems that attendees might have, strikes me as a pretty good opportunity to raise awareness and to find problems where further work is needed. Wolfgang have,
On the other hand, switching the "default" meeting SSID to IPv6-only/NAT64 while still providing the dual stack network as a fallback, preferably combined with a helpdesk staffed by volunteers ready to analyze any problems that attendees might have, strikes me as a pretty good opportunity to raise awareness and to find problems where further work is needed.
From a host perspective, NAT64 directly on wifi is not attractive: it will require an address translation component in every host to deal with legacy applications that handle IPv4 literals.
NAT64 is also not attractive from a backward compatibility point of view: IPv4-only devices and hosts that are dual stack but lack the 464XLAT component will fail. Considering those issues, why does it make sense to subject attendees of a RIPE meeting to such a network? Anybody who wants to test can do that in the current setup. Why trick other people into connecting to a network that they are unlikely to encounter anywhere else?
Hi, On Tue, Oct 08, 2019 at 08:47:37PM +0200, Philip Homburg wrote:
Considering those issues, why does it make sense to subject attendees of a RIPE meeting to such a network?
"Raise awareness" comes to mind... Like "did your firewall vendor tell you that if you do VPN to your dual-stacked firewall over IPv6, you will only be able to reach IPv6 hosts on the inside"? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
* Philip Homburg <pch-ripeml@u-1.phicoh.com> [191008 20:47]:
On the other hand, switching the "default" meeting SSID to IPv6-only/NAT64 while still providing the dual stack network as a fallback, preferably combined with a helpdesk staffed by volunteers ready to analyze any problems that attendees might have, strikes me as a pretty good opportunity to raise awareness and to find problems where further work is needed.
From a host perspective, NAT64 directly on wifi is not attractive: it will require an address translation component in every host to deal with legacy applications that handle IPv4 literals.
As I have used the NAT64 network at the last couple of meetings without any problems, I don't think there are that many applications around that woukd be used from the meeting network. Switching to NAT64 might help to get an impression of how widespread this kind of problem really is.
NAT64 is also not attractive from a backward compatibility point of view: IPv4-only devices and hosts that are dual stack but lack the 464XLAT component will fail.
We are still talking about the default SSID at the RIPE meeting, right? I guess IPv4-only devices will be kind of rare as a client in that network, but of course that is only me guessing. As for dual-stack hosts: the NAT64 network comes with DNS64, so you will get a synthesised IPv6 address for IPv4-only targets and connect via that address. Maybe I misunderstood your point?
Considering those issues, why does it make sense to subject attendees of a RIPE meeting to such a network? Anybody who wants to test can do that in the current setup. Why trick other people into connecting to a network that they are unlikely to encounter anywhere else?
"Trick other people" is not the intention, of course this would have to be made public together with the SSID of the dual-stack network still running as a fallback, and whom to contact in case of problems. It makes sense because the people interested to test this have already done so to the point of seeing no problems for themself. But that group is biased, probably running their services at home like vpn gateways at dual stack or IPv6-only already and therefore they might simply not encounter problems that might otherwise still be common. As IPv4 scarcity is a reality now, public wifi installations might want to use NAT64 networks eventually. So it makes sense to find out what would break and should be fixed before this is deployed unto an unsuspecting public. A community of highly qualified networking experts appears to be the right group of people to have for a test audience. Wolfgang
It makes sense because the people interested to test this have already done so to the point of seeing no problems for themself. But that group is biased, probably running their services at home like vpn gateways at dual stack or IPv6-only already and therefore they might simply not encounter problems that might otherwise still be common. As IPv4 scarcity is a reality now, public wifi installations might want to use NAT64 networks eventually. So it makes sense to find out what would break and should be fixed before this is deployed unto an unsuspecting public. A community of highly qualified networking experts appears to be the right group of people to have for a test audience.
A common complaint about IPv6 is that IPv6 is not just "IPv4 with longer addresses", but made all kinds of changes that come back to bite us. Another complaint is that there are almost always two ways of doing something and sometimes many more. So If we compare NAT64 on wifi with dual stack then we see both complaints in action. Dual stack is perfectly compatible with IPv4-only devices. In fact, it works so well that nobody even notices that they are connecting to a dual stack network. In contrast NAT64 breaks existing systems in lots of subtle (and not so subtle) ways. We cannot use NAT64 if we expect IPv4-only devices. We cannot use DNS64 if we expect IPv4 literals or local DNSSEC validation. The 464XLAT component is complicated did cause signficant operational problems in the past. The net result is that with dual stack and NAT64 we now have two options of providing IPv6+IPv4 on a network. This is confusing to everybody who is not a network engineer. Does dual stack require more IPv4 addresses? No, there are (of course multiple) ways to provide dual stack on wifi without consuming additional public IPv4 addresses. Plenty of ISPs provide consumers with dual stack wifi at home while maintaining an IPv6-only access network.
Hi Philip,
In contrast NAT64 breaks existing systems in lots of subtle (and not so subtle) ways. We cannot use NAT64 if we expect IPv4-only devices.
I would expect such devices mostly in a home network (gaming consoles etc). On a business meeting network like RIPE the number of IPv4-only devices is negligible.
We cannot use DNS64 if we expect IPv4 literals or local DNSSEC validation.
I am sure the few of us who run local DNSSEC validation would love the opportunity to make it work. Finding IPv4 literals and fixing them is a feature :)
The 464XLAT component is complicated did cause signficant operational problems in the past.
The net result is that with dual stack and NAT64 we now have two options of providing IPv6+IPv4 on a network. This is confusing to everybody who is not a network engineer.
This _is_ a RIPE meeting...
Does dual stack require more IPv4 addresses? No, there are (of course multiple) ways to provide dual stack on wifi without consuming additional public IPv4 addresses. Plenty of ISPs provide consumers with dual stack wifi at home while maintaining an IPv6-only access network.
There is also more and more live deployment of IPv6-only with NAT64. I am honestly surprised by the back pressure in the RIPE community. If production networks can deploy this for millions of users, why should a small conference network with a huge number of network engineers be any problem? Cheers, Sander
I would expect such devices mostly in a home network (gaming consoles etc). On a business meeting network like RIPE the number of IPv4-only devices is negligible.
I'm confused how it can be a good thing to use a different way to connect to a RIPE meeting network then the one you would use at the office or at home.
I am sure the few of us who run local DNSSEC validation would love the opportunity to make it work. Finding IPv4 literals and fixing them is a feature :)
There is an experimental NAT64 network. That should be enough for people who love to fix something. I'm very happy with dual stack. It is a technology that just works and doesn't need fixes on the host. Network configuration on hosts is complicated enough. We don't need more options.
The net result is that with dual stack and NAT64 we now have two options of providing IPv6+IPv4 on a network. This is confusing to everybody who is not a network engineer.
This _is_ a RIPE meeting...
I assumed that the point of testing this at a RIPE meeting is to deploy it in other locations. In those locations, most people are not network engineers but still have to deal with the fact that suddenly some devices/software don't work on some wifi networks. And they have no clue why not, other than that it has something to do with IPv6.
I am honestly surprised by the back pressure in the RIPE community. If production networks can deploy this for millions of users, why should a small conference network with a huge number of network engineers be any problem?
There is quite a lot of NAT64 in mobile networks. As far as I know there is very little NAT64 on wifi. But I might be wrong. Any pointers to wide scale NAT64 on wifi?
Hi, On Wed, Oct 09, 2019 at 06:26:18PM +0200, Philip Homburg wrote:
I would expect such devices mostly in a home network (gaming consoles etc). On a business meeting network like RIPE the number of IPv4-only devices is negligible.
I'm confused how it can be a good thing to use a different way to connect to a RIPE meeting network then the one you would use at the office or at home.
Having "different network types" is, in itself, not a useful thing. But it's reality - you'll end up being in any sort of network when travelling. So exposing *network people* to the possible breakages of "oh, if I have no native IPv4 on wifi anymore, my multi-million VPN solution stops working" is a useful information. And much more useful than having your CEO call you at 3am from a wifi network in China with "I HAVE ONLY IPV6 HERE AND VPN IS NOT WORKING! GO FIX! NOW!". IPv6 does break things. They all need fixing. To *know* what is broken in the gazillion of different combinations of operating systems, vendors, applications needs exposure. Leaving comfort zone. [..]
I'm very happy with dual stack. It is a technology that just works and doesn't need fixes on the host. Network configuration on hosts is complicated enough. We don't need more options.
Dual-stack is a pile of shit. It requires dual the amount of monitoring to *ensure* both protocols are both working correctly, dual the amount of firewall rules, etc. Worse, things like HE hide breakage in one protocol, so you "assume" you have a working dual-stack network, "because nobody is complaining"... Core networks need to run dual-stack for a long time to go, and it is a pain in the behind. Dual monitoring, dual routing protocols, dual filtering, ... (unless you do tricks with "two AFIs over one session", but peers usually do not support that). Inside edge networks, single-stack is the only thing that really makes sense - either hide in an IPv4 island behind a dual-stack application gateway, or go IPv6-only with DNS64/NAT64 (and possibly 464xlat) or with an dual-stack ALG to reach those IPv4-only services out there. [..]
I am honestly surprised by the back pressure in the RIPE community. If production networks can deploy this for millions of users, why should a small conference network with a huge number of network engineers be any problem?
There is quite a lot of NAT64 in mobile networks. As far as I know there is very little NAT64 on wifi. But I might be wrong. Any pointers to wide scale NAT64 on wifi?
Troopers runs their main conference wifi with NAT64. If I'm not mistaken, so does FOSDEM. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
* Gert Doering (gert@space.net) [191009 19:57]:
Troopers runs their main conference wifi with NAT64. If I'm not mistaken, so does FOSDEM.
True. FOSDEM was Dualstack till 2013 and then switched to IPv6-only in 2014. Bjørn
In your letter dated Thu, 10 Oct 2019 23:56:12 +0200 you wrote:
* Gert Doering (gert@space.net) [191009 19:57]:
Troopers runs their main conference wifi with NAT64. If I'm not mistaken, so does FOSDEM.
True. FOSDEM was Dualstack till 2013 and then switched to IPv6-only in 2014.
FOSDEM is similar to the RIPE meeting in that they have both a dual stack SSID and a NAT64 SSID. The difference is that FOSDEM promotes the NAT64 SSID as the main one and the dual stack SSID as the fallback.
*knock knock* is this mic on ? Once upon a time during the FOSDEM post-conference gathering with organizers I challenged the notion that the dual stack was the state of the art. The organizers, being themselves in various tech roles, agreed. It was interesting to get to those days bleeding edge. Of course with NAT64. Thus FOSDEM became the very first large-ish (above 5K clients) WiFi setups in the world to go with IPv6-only+NAT64 in the default SSID. The announcement was made during the opening session, which everyone attended. We maybe had 20% clients remaining on the default “bleeding edge”. Which is a testament to the immense power of human laziness aka the law of the default: it was several hundred times more compared to the previous year when they SSID was “on the side”. Mind you, this was the time when Android still wasn’t able to connect to IPv6 only on WiFi, and when iOS was flapping WiFi every minute, if connected to v6-only access. That time is long gone - every subsequent year the %% participation on the default IPv6-only access SSID nearly doubled. Were there complaints ? In single digits, sure. (And about complaints in general: no temperature in the room can help avoid having complaints about it being too cold or too hot. Some of those complaints came from dual stack SSID and general confusion that happened first year) - if there is anyone from rest of the FOSDEM network crew of those years reading this, please correct me if I am missing anything. But the overall feedback from the participants was overwhelmingly positive. And there was a lot of bug reports, questions, etc. directed at makers and vendors that didn’t support IPv6. Since then it’s business as usual and no one is even asking. So, IPv6-only access with NAT64 was a good thing to do for a technology-focused gathering of people. For an unrelated business-focused gathering that would not have been a useful idea. RIPE and IETF (and the vendor conferences for that matter) - being the mix of the two, are tricky to decide. To me it all depends on an answer to a simple question: “do we want to lead the trends or do we want to follow them, and which ones ?” NB: both are valid business strategies. What you care about with an IPv6 only access network at a short event is not necessarily just testing the apps. You care about the lasting memory and perception of that event that will be projected outward. It stopped being purely technical several years ago. I hear “but there are non-technical people who just wanna get their job done”. Ironically from my experience they are the least ones to have problems, because they don’t use fancy outdated VPNs. And even if they do - they are empathetic enough to understand the modern 20-year technology still has kinks to iron, and smart enough to switch over to “-fallback” SSID or similar. Would you not be in their position ? If no, I am sorry for you. If yes - why would you think of them as lesser capable humans? I hear “but if people experience problems with IPv6, it gives it a bad rap”. To which I reply - the opposite of love is not hate, its irrelevance and indifference. Make it the best possible experience and let the glitches drive the improvement. This is the same way everywhere - business, relationships, knowledge. I hear “but dualstack works fine”. Sure, but for a 4-day long event so does, from a layman’s practical standpoint, pure IPv4-only. Those in dire need of 128-bit address can use their corp VPN or - if they don’t have it - Cloudflare’s Warp+. The latter works beautifully over any legacy - and accelerates the web experience too! [shoutout to Mahtin. Thank you so much!] When I look at today’s application architectures and latest trends, I see a lot of parallels between today’s IPv4 Internet and PSTN from 30 years ago. It’s fascinating to imagine how it all looks in 30 years from now, in another perspective, when it inevitably changes again. Provided that whole climate thing still allows us to hang around :-) Thanks for listening if you made it till here. Sometimes I wish I could make a sequel to my now probably biggest career contribution (“NATs are good” video), but ironically that startup is no more, they got bought, and it’s all now a serious business, no kidding. —a
On 11 Oct 2019, at 09:30, Philip Homburg <pch-ripeml@u-1.phicoh.com> wrote:
In your letter dated Thu, 10 Oct 2019 23:56:12 +0200 you wrote:
* Gert Doering (gert@space.net) [191009 19:57]:
Troopers runs their main conference wifi with NAT64. If I'm not mistaken, so does FOSDEM.
True. FOSDEM was Dualstack till 2013 and then switched to IPv6-only in 2014.
FOSDEM is similar to the RIPE meeting in that they have both a dual stack SSID and a NAT64 SSID.
The difference is that FOSDEM promotes the NAT64 SSID as the main one and the dual stack SSID as the fallback.
* Philip Homburg (pch-ripeml@u-1.phicoh.com) [191011 09:31]:
Troopers runs their main conference wifi with NAT64. If I'm not mistaken, so does FOSDEM.
True. FOSDEM was Dualstack till 2013 and then switched to IPv6-only in 2014.
FOSDEM is similar to the RIPE meeting in that they have both a dual stack SSID and a NAT64 SSID.
The difference is that FOSDEM promotes the NAT64 SSID as the main one and the dual stack SSID as the fallback.
Yes. Which is exactly what we ask for . Just switch the default and see what happens. https://blogs.cisco.com/developer/fosdem-2019-a-new-view-from-the-noc Bjørn
The difference is that FOSDEM promotes the NAT64 SSID as the main one and the dual stack SSID as the fallback.
Yes. Which is exactly what we ask for . Just switch the default and see what happens.
https://blogs.cisco.com/developer/fosdem-2019-a-new-view-from-the-noc
Maybe there is another question this working group can answer: Does this working group recommend wifi deployments as NAT64? (of course only NAT64, not paired with dual stack on another SSID) - Is it recommended for a coffee shop or restaurant - Is it recommended for an office lan, - for a home situation - for just a random conference? The cisco report on FOSDEM 2019 has an interesting statistic: "There were more clients on the IPv6 native network then on the IPv4 network, "with on Sunday afternoon ~3330 IPv4 DHCP clients against ~4300 reachable "IPv6-only clients and ~1300 IPv6 clients on the dual stack network. That suggests that 3330 'clients' picked the non-default dual stack network compared to 4300 'clients' that used the default SSID.
Hi, On Fri, Oct 11, 2019 at 01:46:16PM +0200, Philip Homburg wrote:
Maybe there is another question this working group can answer: Does this working group recommend wifi deployments as NAT64? (of course only NAT64, not paired with dual stack on another SSID) - Is it recommended for a coffee shop or restaurant - Is it recommended for an office lan, - for a home situation - for just a random conference?
Given that doing dual-stack anywhere is "dual work", my recommendation for anything that needs proper monitoring would be "go single-stack if all possible". Which nowadays for "random visitor networks" can mean "NAT64+DNS64", given that this already nicely works in mobile networks and more and more "mobile internet usage" stuff is "iOS/Android clients or all-https" anyway. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Sander Steffann <sander@steffann.nl> writes:
I would expect such devices mostly in a home network (gaming consoles etc). On a business meeting network like RIPE the number of IPv4-only devices is negligible.
I guess there will be quite a few devices were people disable IPv6.
We cannot use DNS64 if we expect IPv4 literals or local DNSSEC validation.
I am sure the few of us who run local DNSSEC validation would love the opportunity to make it work. Finding IPv4 literals and fixing them is a feature :)
And finding hosts in DNSSEC signed zones not supporting IPv6. I know at least one. Jens -- ---------------------------------------------------------------------------- | Delbrueckstr. 41 | 12051 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@quux.de | --------------- | ----------------------------------------------------------------------------
Let me first start with an alternative suggestion, and then delve into Sander's message itself. At IETF meetings there are numerous experiments going on at any given time too. Popping up an SSID for each experiment is not ideal, ever changing SSID names, or having too many SSIDs is not productive. So... one of the ideas to be explored is that there is a only a *single* SSID, but through WPA-802.1X let the username decide what 'profile' you want. It could be set up in such a way that depending on whether folks type in username "ipv4" or "dual" or "ipv6", they get an IPv4-only, Dualstack, or IPv6-only experience. If this approach is considered all flavors of wifi are equal, perhaps pacifying all factions attending RIPE. Ok, back to bickering: On Wed, Oct 09, 2019 at 05:06:09PM +0200, Sander Steffann wrote:
I am sure the few of us who run local DNSSEC validation would love the opportunity to make it work. Finding IPv4 literals and fixing them is a feature :)
"DNSSEC to the host" might be the path forward as an alternative method to accomplish some of the desirable properties of DoH. If your goal is to find IPv4 literals, go ahead, find them. Perhaps other people have other priorities during the meeting and would like to focus on those instead. Perhaps, when I find an IPv4 literal, I can't fix it because it is outside my administrative domain. Then what?
The 464XLAT component is complicated did cause signficant operational problems in the past.
The net result is that with dual stack and NAT64 we now have two options of providing IPv6+IPv4 on a network. This is confusing to everybody who is not a network engineer.
This _is_ a RIPE meeting...
Thank you for the clarification, so we agree it is not the "IPv6 Only Meeting".
Does dual stack require more IPv4 addresses? No, there are (of course multiple) ways to provide dual stack on wifi without consuming additional public IPv4 addresses. Plenty of ISPs provide consumers with dual stack wifi at home while maintaining an IPv6-only access network.
There is also more and more live deployment of IPv6-only with NAT64. I am honestly surprised by the back pressure in the RIPE community. If production networks can deploy this for millions of users, why should a small conference network with a huge number of network engineers be any problem?
For instance, it interferes with having a proper debugging experience on what happens when RPKI Invalids are dropped for both address families. I personally think that routing security in general is more important than this ipv6 project. DNS folks might also have their own agenda. RIPE is more than IPv6. There ALREADY is an IPv6-only+NAT64 Wifi SSID. Use it if you want to. If there aren't enough users on it, go back to the drawing board and explore why that is. I maintain, let's first move this mailing list to an IPv6 only environment, if that is a success, perhaps we can reconsider. If the argument is "but then the rest of the world can't talk to us"... exactly. Kind regards, Job
On Thu, Oct 10, 2019 at 12:06 PM Job Snijders <job@ntt.net> wrote:
So... one of the ideas to be explored is that there is a only a *single* SSID, but through WPA-802.1X let the username decide what 'profile' you want.
[skip]
There ALREADY is an IPv6-only+NAT64 Wifi SSID. Use it if you want to. If there aren't enough users on it, go back to the drawing board and explore why that is.
We do know why. The profile approach you suggested would work just *slightly* better than two SSIDs. Users do not care. They connect to the SSID their device remembered and if there are multiple 'known' SSIDs nobody would pay attention to which SSID their device is connected to. Imagine a WiFi network with a few thousands of users. Step 1. Opt-in. You ask them to 'try IPv6-only' SSID - you must be *very* lucky if you get more than 3-5% of users moving. Not because smth does not work for them but because they are lazy. Some of those who moved will be going back and forth between SSIDs w/o even knowing it - here the 802.1x profile might help. Step 2: Opt-out. You make the 'primary' SSID Ipv6-only and advise those who are seeing issues to use another SSID. In that case I'd expect to see between 70-85% of users stay on Ipv6-only (the number does depend on mobile/laptop ratio on the network). For exactly the same reason only 5% moves if you do opt-in: users are lazy and do not care which SSID they connect to if it works. ...writing this email from IPv6-only WiFi...
I maintain, let's first move this mailing list to an IPv6 only environment, if that is a success, perhaps we can reconsider.
I might be missing smth here: what does SMTP over IPv6 to do with the ability of running an IPv6-only meeting WiFi network?
If the argument is "but then the rest of the world can't talk to us"... exactly.
Oh then please clarify what exactly do you mean by 'moving the mailing list to Ipv6-only environment'. Running the mail server in an IPv6-only DC which has SIIT? *That* would work. Removing all Ipv4 MXes/A? No it would not and the proper analogy would be 'making the RIPE WiFi Ipv6-only w/o providing NAT64'. -- SY, Jen Linkova aka Furry
Hi, On Thu, 10 Oct 2019, Jen Linkova wrote: (...)
...writing this email from IPv6-only WiFi...
Just out of plain curiosity: home environment, corporate environment, or something else (i.e. 3rd party-managed, like an airport, coffee-shop)? Cheers, Carlos
On Thu, Oct 10, 2019 at 6:35 PM Carlos Friaças <cfriacas@fccn.pt> wrote:
...writing this email from IPv6-only WiFi...
Just out of plain curiosity: home environment, corporate environment, or something else (i.e. 3rd party-managed, like an airport, coffee-shop)?
Corporate. -- SY, Jen Linkova aka Furry
By the way: *single* SSID, What is the reason to provide "ripemtg" and "ripemtg-2.4-79"? Outside of Ripemeetings I don't see different IDs for the different wifi frequencies. e.g. the eduroam in Munich, with daily 50000 Users in peak, works fine without two separate SSIDs
Hi, On Thu, Oct 10, 2019 at 09:53:29AM +0200, Thomas Schäfer wrote:
By the way: *single* SSID,
What is the reason to provide "ripemtg" and "ripemtg-2.4-79"?
Somewhat wrong forum :-) - I think the issue was "band steering and funky wifi drivers", and people could move their 2.4GHz-only-devices to this SSID if they had problems in the dual-frequency SSID. Not sure if this is still a thing. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Philip Homburg <pch-ripeml@u-1.phicoh.com> writes:
NAT64 is also not attractive from a backward compatibility point of view:
At the last meeting Enno talked[1] about plans for a large wireless deployment running v6 only + NAT64 / DNS64. As I know which "Supermarket" Enno is talking about: If this would be deployed in the next 6 month many participants of RIPE 80 would use such a network. Jens [1] https://ripe78.ripe.net/wp-content/uploads/presentations/117-RIPE78_ERNW_IPv... -- ---------------------------------------------------------------------------- | Delbrueckstr. 41 | 12051 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@quux.de | --------------- | ----------------------------------------------------------------------------
Am 08.10.19 um 18:14 schrieb Wolfgang Zenker:
On the other hand, switching the "default" meeting SSID to IPv6-only/NAT64 while still providing the dual stack network as a fallback, preferably combined with a helpdesk staffed by volunteers ready to analyze any problems that attendees might have, strikes me as a pretty good opportunity to raise awareness and to find problems where further work is needed.
I would be a volunteer at ripe80, provided the DNS64/NAT64-Gateway isn't overbooked. That should be easy to ask 10 people. (the other 890 will not have problems at all) Do you want to investigate the problem? Do you want just switch to the classic network? Nobody will be without network and "we" would get an overview, where the problems are. Regards, Thomas -- There’s no place like ::1 Thomas Schäfer (Systemverwaltung) Ludwig-Maximilians-Universität Centrum für Informations- und Sprachverarbeitung Oettingenstraße 67 Raum C109 80538 München ☎ +49/89/2180-9706 ℻ +49/89/2180-9701
In your letter dated Mon, 7 Oct 2019 19:12:37 +0200 you wrote:
Please start by eating your own dog food and make future RIPE meetings IPv6 only.
I'm curious, who's dog food is that? None of the networks I connect to using wifi is 'IPv6-only'. I would love to drop IPv4 support in the code I write, but reality will be that I will have to support IPv4 for a long time.
* Dave Taht (dave.taht@gmail.com) [191007 18:04]:
If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and also fix their bufferbloat) - I'll consider my participation in this thread a success.
[done] make Daves participation a success by helping local community downstairs to be IPv6 enabled. Actually, did that multiple times, not only with local coffeeshops. Also Hotels on the list. I guess, that converts me into a certified IPv6 zealot. Sorry about that ;-) [ ./. ] Bufferbloat .... well. This is the IPv6 working group. Maybe ask somewhere else... Bjørn
Dave Taht <dave.taht@gmail.com> writes: Dave,
If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and also fix their bufferbloat) - I'll consider my participation in this thread a success.
you have to be strong now. Your participation in this list is not a success. I know at least two places I'd count as coffee shop (besides coffee they also server real breakfast, lunch, dinner, cocktails, ...) who I don't need to convince to do IPv6. They just do it. I get a RFC1918 address and a global IPv6 address. And they don't mangle DNS, they don't have any strange portal where you have to accept an unknown usage policy. You just sit down, connect to the wireless and can work. One of those stores is just a couple of hundred meters from my current hotel so I consider it "local". And as they have around 90 franchise partners in Germany probably there are more then two offer 2 shops offering this service. Jens -- ---------------------------------------------------------------------------- | Delbrueckstr. 41 | 12051 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@quux.de | --------------- | ----------------------------------------------------------------------------
At Brussels Midi station... Did I win anything ? [cid:image001.png@01D57DDB.312EFB10] On 07/10/2019, 18:04, "ipv6-wg on behalf of Dave Taht" <ipv6-wg-bounces@ripe.net on behalf of dave.taht@gmail.com> wrote: If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and also fix their bufferbloat) - I'll consider my participation in this thread a success.
No you didn’t, that’s too easy ;-) Any random cafe in Brussels will do ;-) --a
On 8 Oct 2019, at 13:21, Eric Vyncke (evyncke) via ipv6-wg <ipv6-wg@ripe.net> wrote:
At Brussels Midi station...
Did I win anything ? <image001.png> On 07/10/2019, 18:04, "ipv6-wg on behalf of Dave Taht" <ipv6-wg-bounces@ripe.net on behalf of dave.taht@gmail.com> wrote:
If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and also fix their bufferbloat) - I'll consider my participation in this thread a success.
Hi, there have been many great points made from the perspective of "edge / leaf networks" and end-user connectivity. An equally important is the serving side. One aspect often discussed are the availability of CDNs and major services. But another aspect are various SaaS and other non-infrastructure cloud deployments. Since I did XS26 20 years ago, I now found myself managing a growing set of cloud deployments on the SaaS side. And IPv6 is definitely not a first-class citizen, typically not configured by default, and often actually just unsupported. The current de-facto standard for modern deployments are Kubernetes clusters. And interestingly, I don't even have that clear an idea about how well it supports IPv6 given how completely irrelevant to our daily business life that is (even though I'm personally still subscribed e.g. to this mailing list). Apparently, K8s gained support for IPv6 just in the last year(!), but currently you have choice just between IPv4-only and IPv6-only and work on dualstack is still ongoing. Meanwhile, Docker+Kubernetes is *the* way to deploy cloud services everywhere right now, so that's a pretty tell-tale signal. And who knows what issues one will hit when at least the basic infrastructure is finally in place and can be enabled easily (or even becomes enabled by default). It's also not just about the technical capabilities, but also about the UX. Just replacing IPv4 with IPv6 in the addresses listed in the list of instances / pods / containers would have a huge influence on the mindset of the developers, but this by itself will need to overcome a huge friction. Also, entirely new major UX improvements will likely need to be developed, like having a DNS hostname autoconfiguration for every cluster unit so that you don't need to actually work with IP addresses manually anymore. So it's just not about using DNS for the fileserver (and every workstation) in your office LAN, but also about having one for each of the 1000 pods you have deployed in your microservice-oriented cluster in the cloud. Just wanted to add this perspective, from the cloud side - both the cloud providers, major cloud infrastructure frameworks and numerous other services still have ways to go to (A) support IPv6 at all, (B) support it without friction (esp. w/o endangering IPv4), (C) have first-class UX for IPv6 otherwise the mindset of users will be still IPv4-oriented. Kind regards, -- Petr Baudis, Rossum.ai Creating a world without manual data entry
participants (26)
-
Alexander Koeppe -
Andrew 👽 Yourtchenko -
Bjoern Buerger -
bob.sleigh@bt.com -
Carlos Friaças -
Dave Taht -
Enno Rey -
Eric Vyncke (evyncke) -
Gert Doering -
Jen Linkova -
Jens Link -
Job Snijders -
Job Snijders -
Lee Howard -
Martin Schröder -
Michel Py -
Mikael Abrahamsson -
Olivier MJ Crépin-Leblond -
Petr Baudis -
Philip Homburg -
Rob Evans -
S.P.Zeidler -
Sander Steffann -
Thomas Schäfer -
Tim Chown -
Wolfgang Zenker