[ipv6-wg] Re: Discussion about "Why Is This IPv6 Transition Taking So long?"
Christian Seitz wrote: > What do you think about Geoffs presentation? Did the Internet change and do > we have to adjust our expectations? Do you agree to the fact that we now have > "A Network of Names" and are using a lot of CDNs to bring content to the End > Users and therefore perhaps do not need to do more IPv6 migration or do you > think we all should find a way to somehow speed up the IPv6 migration around > the world to enable end-to-end communication between all devices again? I can't argue too much with Geoff's results. This is not the first talk of his that points to this result; it's been a trend of many such results in a variety of different ways. They don't make me happy, and I know Geoff isn't particularly happy the results, so I feel sad. I wonder (hope?) that this might be a blip in a much longer history (yet to be written) where end to end becomes more important again. If it makes sense due to Moore's law to push content to the nearest data center, maybe it will make even more sense to push it even closer to me. But, on the intellectual side, I think that there are some things that we can do that would be useful. Specifically, let's put away our emotions for a moment and imagine that this CDN-focused architecture was always our goal, and consider how we would really do this properly for IPv4. For instance, 1) 0.0.0.0/1 is for eyeball networks only, and is repeated RFC1918-style into every jurisdiction, or part of a jurisdiction. (forget about how we get there) 2) 128.0.0.0/2 is for content. Not sure if it's globally unique or not. 3) 192.0.0.0/3 is for global infrastrastructure. [4) IPv6 is for global infrastructure] This would be a table-top game, and the goal is to find out what works, where the fillable gaps are, and what gaps can not be filled. What do we break? I imagine this to be weekend-before-RIPE hackathon-like (OARC-like) event. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS* signature.asc Description: PGP signature - To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/ipv6-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
Re: [ipv6-wg] IPv4-mapped addresses in AAAA records (was: RIPE 88, presentations and a co chair change..)
My take home from this github incident is that one should do IPv6 deployment first, and then treat IPv4 as a subset via mapped IPv4 addresses. (Open)SSH had been using the mapped addresses for ages, and they showed up that way for ages. It has stopped for unknown reasons. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS* signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
Re: [ipv6-wg] A strange idea
Jens Link wrote: >> > What if we put together an "advent of IPv6" just like > >> https://adventofcode.com/ or https://tryhackme.com/r/christmas >> >> He.net had a certification system: >> https://ipv6.he.net/certification/cert-main.php > I know. "Certification Level: Sage earned at 2011-12-17 02:56:52" Is it still useful? The time excuse is really just about priorities. (It's not an excuse by itself, is my point) -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
Re: [ipv6-wg] Question about how I handle web sites in my IPv6 survey
Mark Prior via ipv6-wg wrote: > The cases where it gets to a 200 are fine as that's "success" but there are > some failure modes that I can't really make my mind up on so having some > feedback would be potentially useful. What percentage are these failures? Maybe it's just noise. > In all these cases I see a site with A and records so I connect on port > 80 of the IPv6 address(es). What if they have only ? > 1. If the connection fails should I just report that or should I do anything > more? For example see if the site responds via IPv4. The site could just be down/broken. So checking with v4 kinda makes sense. > 2. If the connection succeeds (so I assume there should be a working IPv6 > based web server) but after querying it with a HTTP/1.1 message sees the site > resets the connection (or fails in some other manner). That sounds like it's behind a v6-capable/enthusiastic CDN, and the origin web site is broken. > 3. The connection succeeds as does the query and I get a 301 redirect to a > location that fails to connect (typically it's the https port but could be > another domain name). Again is this enough or should it do something > else? I think that this is the biggest question. I'd mark it as down for now. > Finally in some cases I'll get a HTTP status code such as 403, 429 or 503 > rather than 200 and these are reported with a background of either light > green or light red depending on whether it occurred on an IPv6 or IPv4 > connection. Should these be blue rather than a different green/red? Keep them green/red. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
Re: [ipv6-wg] The Candidates for the IPv6-wg Co-chair position
Christian Seitz wrote: > I would be happy to be one of the co-chairs of the IPv6 working group I think Christian would make a really great co-chair! -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS* signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
Re: [ipv6-wg] Clear Guidance for Enterprises
Xuo Guoto via ipv6-wg wrote: > 1. How will we assign address to routers? Like will we should be > assigning 2001:db8:2000::1/35 or 2001:db8:2000::1/64 for router No. Each router needs a /128 as a loopback address to use. I assign them all from a single /64 for that purpose. The /128s go into the your IGP. Many of your p2p ethernet links between sites/routers might not need prefixes at all. > interface? 2. How will we be assigning static address to (DNS?) > servers? I don't understand the question. > 2.1 One IP from /35? 2.2 An IP from the /64 assigned to No. Why would you be throwing /35s around? If your DNS servers participate in IGP, then a /128 on a loopback interface, assuming they have multiple interfaces works. Otherwise a static allocation from the /64 that the routers provide. > We have three interfaces in the router with one facing upstream and is > using a /127 assigned by the up stream provider, of the other two one > iface is for servers and another for BNGs. How are ipv6 address > allocated in these interfaces. Statically? -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS* signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
Re: [ipv6-wg] Clear Guidance for Enterprises
Wilhelm Boeddinghaus wrote: > We have often wondere why enterprises do not migrate to IPv6. One > possible answer is: They have no time and they lack knowledge. Many IT > departments don't have any spare time for reading RFCs. They have no management mandate on spending their time on it. > From my understanding these IT departments don't need papers explaining > the many possibilites to choose from. They need very clear guidance and > examples. It's true that they need clear guidance, but since one size does not fit all, that doesn't help much. > I am looking for 3 to 4 people who would like to start working on this > with me. I suggest in order to be successful, one really needs an iterative approach. One needs to include actual IT departments, take their feedback, and iterate. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS* signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
Re: [ipv6-wg] [Snac] [v6ops] "router cascade with DHCPv6-PD"
Ole Trøan wrote: >>>> The lack of a standardized way to communicate DHCPv6-server PD to >>>> DHCPv6-relay, and the expectation that the relay would just *snoop* = >>>> on the >>>> DHCPv6-PD contents has bugged me for a long time. If we are going to >>>> recommend that they act as relays, then I'd like to fix that. >>> If DHCP is used for prefix assignment inside of a site, the relay does >>> not need to do route injection for the requesting router. The RR can >>> simply advertise the assigned prefix in routing. >> >> a) it's actually cross-site. > Elaborate please. We have three entities. 1) the STUB router or other downstream "home" router. 2) the CPE router which is at the "north" side of the home LAN, and on the south side of the WAN/DSL/CMTS link. 3) The ISP DHCP server which is somewhere inside the ISP, with a DHCP relay at the BMS or Cable Head end to send to it. If (2) treats a DHCP-PD request from (1) as a relay, then it would relay to (3), which would allocate a new prefix. That message would back through (3) [where it gets snooped on, and maybe, yes, injected into the ISP routing system]. Then it would relayed to (2), which would then relay it to (1). (2) has to do something to route the prefix to (1), which today, means snooping on the results. But, even if the (2) is operated by the ISP, it's not part of the ISPs site. The south side of (2) belongs to the home owner. The prefix needs to be routed from (2) to (1). There is no routing protocol in the home at this time(alas!), so there is nothing to "inject" it into. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
Re: [ipv6-wg] [Snac] [v6ops] "router cascade with DHCPv6-PD"
Ole Trøan wrote: >> The lack of a standardized way to communicate DHCPv6-server PD to >> DHCPv6-relay, and the expectation that the relay would just *snoop* on the >> DHCPv6-PD contents has bugged me for a long time. If we are going to >> recommend that they act as relays, then I'd like to fix that. > If DHCP is used for prefix assignment inside of a site, the relay does > not need to do route injection for the requesting router. The RR can > simply advertise the assigned prefix in routing. a) it's actually cross-site. > Ah, you don’t want to run a routing protocol? Well, there’s your problem. b) If you can find a way to deploy OSPFv3 (or BABEL) in every home network, then I'm game. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
Re: [ipv6-wg] [Snac] [v6ops] "router cascade with DHCPv6-PD"
(Hi Martin, I'm just the messenger, your questions are all pretty good. For others, I think it was not obvious that they are about draft-winters-v6ops-cpe-lan-pd-00. But, more than my brain can handle right now) Ted Lemon wrote: >> Why not honor the IA_PD size requested by the requesting router? Do you >> expect that possible another cascade router would be switched to DHCPv6 >> relay mode? > What’s the use case for this behavior? And yes, we expect routers to act as > DHCPv6 relays. I think that actually we've created an ambiguity about whether they are DHCPv6 relays or if they are full DHCPv6 servers. There are arguments both ways, and in some cases the choice is transparent to the end system, but in other ways it is not. The lack of a standardized way to communicate DHCPv6-server PD to DHCPv6-relay, and the expectation that the relay would just *snoop* on the DHCPv6-PD contents has bugged me for a long time. If we are going to recommend that they act as relays, then I'd like to fix that. Either way, Tim's v6ops draft-winters-v6ops-cpe-lan-pd-00 should clarify. LPD-1 suggests the IPv6 CE Router is a server, not a relay. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
Re: [ipv6-wg] "router cascade with DHCPv6-PD"
Timothy Winters wrote: > Thanks for sending this along, one of things when I read this article was > the firewall not allowing PD traffic thru. I will be adding that was a > requirement to this draft. The other concept was that of PPPoE passthrough, which I was aware occured when the "first" router was some kind of closed IPTV appliance. I have seen a device that does PPPoE passthrough *and* also provides service on the "LAN" I think, back in 1995, that the telcos originally had the notion that every desktop would do PPP with them :-) -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
[ipv6-wg] "router cascade with DHCPv6-PD"
(I guess the article is in German, but google translate did a good job on it) This relates to the desire to amend RFC7084 to support "southbound" DHCPv6-PD: https://datatracker.ietf.org/doc/draft-winters-v6ops-cpe-lan-pd/ >https://www.heise.de/select/ct/2023/2/2230709000622055021 > >Alexander Traud tested 29 CPEs and tried to understand how they react to >prefix changes. Router cascade with DHCPv6-PD With routers connected in a cascade, the internal network can be divided into several zones. This is useful, for example, in shared apartments that want to share an Internet connection, but each resident should still have their own (W)LAN. To do this, the front router, which is directly connected to the Internet, must pass on part of the prefix it received from the provider (DHCPv6-PD, prefix delegation) and its DHCPv6 server must ideally be able to use DHCPv6 reconfigure. Only AVM and Wavlink offered both in the test field. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
Re: [ipv6-wg] IPv6 for Dutch email servers
Jeroen Massar wrote: > But this is a relevant government website: > https://www.forumstandaardisatie.nl/ipv6 > which contains the details, in Dutch, but apple/google translate handle > that better than babelfish. So, it seems from reading this that the effort was largely successful? There seemed to be quite a lot of pushback at the time... so maybe there is a success storey to tell... -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
[ipv6-wg] IPv6 for Dutch email servers
A few years ago there was a presentation about getting IPv6 MX setup for various Dutch entities: Municipalities, Hospitals, etc. I couldn't find this in the agendas for the past ten RIPE meetings for IPv6. Maybe it was in a plenary. I think it was pre-pandemic. I wondered (I am suggesting) that maybe an update on this effort would be timely? -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- signature.asc Description: PGP signature -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
