Re: An Internet IPv6 Transition Plan
Scott Francis wrote: On 7/29/07, Peter Dambier [EMAIL PROTECTED] wrote: Ways have been found to drill holes into NAT-routers and firewalls, but they are working only as long as it is only you who wants to break out of the NAT. As soon as the mainstream has only left rfc 1918 addresses p2p will stop. really? http://samy.pl/chownat/ NAT stops nothing. The concept in the above script (which has been around for several years) would be trivial for any P2P software to implement if it detects it is behind a NAT; in fact, this method may well be in use already. I have read that is what skype is doing and probably some troyans. Still you have to talk to your NAT-router and the other party has to talk to their NAT-router to make those two NAT-routers talk to each other. When those two router cannot see each other because they too are living behind NAT then you have got a problem. I guess you can solve it but the number of ports is limited and things get a lot trickier. When you try to get out of the big NAT (china) then the number of available ports versus the number of users who want to get out - is the limit. Kind regards Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/
Re: An Internet IPv6 Transition Plan
On Tue, Jul 31, 2007 at 10:12:28PM +0200, Peter Dambier wrote: Scott Francis wrote: On 7/29/07, Peter Dambier [EMAIL PROTECTED] wrote: Ways have been found to drill holes into NAT-routers and firewalls, but they are working only as long as it is only you who wants to break out of the NAT. As soon as the mainstream has only left rfc 1918 addresses p2p will stop. really? http://samy.pl/chownat/ NAT stops nothing. The concept in the above script (which has been around for several years) would be trivial for any P2P software to implement if it detects it is behind a NAT; in fact, this method may well be in use already. I have read that is what skype is doing and probably some troyans. Still you have to talk to your NAT-router and the other party has to talk to their NAT-router to make those two NAT-routers talk to each other. When those two router cannot see each other because they too are living behind NAT then you have got a problem. I guess you can solve it but the number of ports is limited and things get a lot trickier. When you try to get out of the big NAT (china) then the number of available ports versus the number of users who want to get out - is the limit. Firstly, all p2p nets use some process to register with the network. It is simple to imagine a way to ensure these superpeers are publically addressed and let them coordinate the NATted hosts. Secondly, there is no big NAT in china. And even if there was, very large private networks should flourish for p2p sharing amongst each other. I think you're trying to demonstrate NAT to be a security mechanism and its long been known that that is not the case. Steve
Re: An Internet IPv6 Transition Plan
Stephen Wilcox wrote: ... Firstly, all p2p nets use some process to register with the network. It is simple to imagine a way to ensure these superpeers are publically addressed and let them coordinate the NATted hosts. e.g. dyndns (no-ip.com) or OpenDHD and other not so wellknown. Bots very often use IRC channels, also not strictly p2p, sometimes. You may not like them (I dont) but they still are p2p applications, if not the most popular. Secondly, there is no big NAT in china. China is meant as a bad example. They will be the first to grow out of IPv4 space and their IPv9 is kind of a big NAT. And even if there was, very large private networks should flourish for p2p sharing amongst each other. Indeed if the island is becomming big enough. But there is no communication to the outside. I think you're trying to demonstrate NAT to be a security mechanism and its long been known that that is not the case. No, I think NAT is a pain in the backside and should never have been. Indeed a lot of fools get tricked into believing NAT is kind of a firewall. It is like closing your eyes so the attacker cannot see you. Talking about spam and malware going away with NAT behind NAT ... I meant communication via email would go away in the first place. I should have marked that as sarkasm. Kind regards Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/
Re: An Internet IPv6 Transition Plan
On 7/29/07, Peter Dambier [EMAIL PROTECTED] wrote: Ways have been found to drill holes into NAT-routers and firewalls, but they are working only as long as it is only you who wants to break out of the NAT. As soon as the mainstream has only left rfc 1918 addresses p2p will stop. really? http://samy.pl/chownat/ NAT stops nothing. The concept in the above script (which has been around for several years) would be trivial for any P2P software to implement if it detects it is behind a NAT; in fact, this method may well be in use already. -- [EMAIL PROTECTED],darkuncle.net} || 0x5537F527 encrypted email to the latter address please http://darkuncle.net/pubkey.asc for public key
Re: An Internet IPv6 Transition Plan
On Jul 29, 2007, at 5:02 AM, Peter Dambier wrote: I am pessimistic. The malware will find its way. It is port 25 smtp that goes away and takes part of the spam away too. IPv6:25 will not work, or will not be accepted? There are IPv6 translators that dynamically share IPv4 address space. Ways have been found to drill holes into NAT-routers and firewalls, but they are working only as long as it is only you who wants to break out of the NAT. As soon as the mainstream has only left rfc 1918 addresses p2p will stop. I see lots of p2p-ers already communicating via IPv6 tunnels. They are prepared. An ISP must provide at least some flavor of IP address, even addresses that might be shared. Dealing with shared IP address space by tunneling with IPv6 addresses is a feature built into Windows Vista, where XP can be updated to provide this as well. With Vista being remarkably slow, who can tell when a delay might be due to malware. These systems will always chat with Internet peers to keep NAT holes open. Knowing when network traffic is abnormal has become a new problem. IPv4 address space shortages will not reduce spam or malware. Expect even greater amounts of nefarious network traffic. IPv6 and a massive amount of tunneling is likely to overwhelm efforts to monitor nefarious traffic. It seems doubtful IPv6 address black-hole lists will adequately deal with a future of such complex topology. Will the Internet become fragmented into the Internets? Perhaps bang addressing will see a comeback. -Doug
Re: An Internet IPv6 Transition Plan
Stephen Wilcox wrote: Now, if you suddenly charge $2.50/mo to have a public IP or $15/mo for a /28 it does become a consideration to the customer as to if they _REALLY_ need it Where would this money go to? Pete
Re: An Internet IPv6 Transition Plan
Petri Helenius wrote: Stephen Wilcox wrote: Now, if you suddenly charge $2.50/mo to have a public IP or $15/mo for a /28 it does become a consideration to the customer as to if they _REALLY_ need it Where would this money go to? To ip-squatters. Get your allocation now and turn it into gold tommorow. p2p people will be happy if they can get rid of their tunnels. With rfc 1918 addresses for all there will be no more filesharing, voip, spam and troyans. Cheers Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/
Re: An Internet IPv6 Transition Plan
On Sun, Jul 29, 2007 at 10:50:10AM +0200, Peter Dambier wrote: Petri Helenius wrote: Stephen Wilcox wrote: Now, if you suddenly charge $2.50/mo to have a public IP or $15/mo for a /28 it does become a consideration to the customer as to if they _REALLY_ need it Where would this money go to? you could subsidise all those v6 rollouts everyone is talking about ;p seriously, figuring out what to do with some spare money shouldnt be a big concern.. if we dont pool it centrally under collective authority then what pete says below will happen: To ip-squatters. Get your allocation now and turn it into gold tommorow. p2p people will be happy if they can get rid of their tunnels. With rfc 1918 addresses for all there will be no more filesharing, voip, spam and troyans. really? because p2p doesnt work behind NAT, and computers behind NAT dont get infected? this is the Internet today and NAT has no effect on the above. Steve
Re: An Internet IPv6 Transition Plan
Stephen Wilcox wrote: On Sun, Jul 29, 2007 at 10:50:10AM +0200, Peter Dambier wrote: p2p people will be happy if they can get rid of their tunnels. With rfc 1918 addresses for all there will be no more filesharing, voip, spam and troyans. really? because p2p doesnt work behind NAT, and computers behind NAT dont get infected? this is the Internet today and NAT has no effect on the above. I am pessimistic. The malware will find its way. It is port 25 smtp that goes away and takes part of the spam away too. Ways have been found to drill holes into NAT-routers and firewalls, but they are working only as long as it is only you who wants to break out of the NAT. As soon as the mainstream has only left rfc 1918 addresses p2p will stop. I see lots of p2p-ers already communicating via IPv6 tunnels. They are prepared. Kind regards Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/
Re: An Internet IPv6 Transition Plan
On Wed, Jul 25, 2007 at 06:15:23PM -0500, Iljitsch van Beijnum wrote: On 25-jul-2007, at 6:30, Stephen Wilcox wrote: I think the combined effect of these things means - we will not be running into a wall at any time - availability of IPs will slowly decrease over time (as cost slowly increases) I have to disagree here. 10% of the requests are for 90% of the 170 - 200 million IPv4 addresses given out per year. These are going to large broadband ISPs in blocks of a quarter million or (much) larger, upto /8. At some point, the RIRs will be out of large enough blocks to satisfy these requests. Nothing to be done about that. um, so thats consistent with what i said.. in fact it implies only a very small number of organisations need to pay close attention and those are the ones best suited to implementing policy changes to ensure their users continue to have a good service this means 90% of orgs can probably wait and see what the 10% do first.. Steve
Re: An Internet IPv6 Transition Plan
At 2:01 PM +0100 7/26/07, Stephen Wilcox wrote: well, the empirical data which is confirmed here is saying that those 10% are burning most of the v4 addresses and we are not seeing them rollout v6 whether they 'need to' or not Wow... you mean that they're not announcing general IPv6 availability two years before they have to? I'm so surprised. ;-) so you sound right in theory, but in practice your data doesnt show that is occuring and it also suggests those 10% are actively supporting 'the wall' approach. The number of major backbone operators looking into IPv6 is already quite high, and will likely approach 100%. The alternative is carriers having to explain to the analyst community that they lack a business plan for new data customer growth once large IPv4 blocks are no longer generally available. /John
Re: An Internet IPv6 Transition Plan
--- David Freedman [EMAIL PROTECTED] wrote: I dont feel this sort of behaviour is helpful, I can understand asking for licensing fees for L2VPN/L3VPN technologies since these are products that service providers can levvy a reasonable charge for, but to charge for IPv6 routing capability alone, at the time where the discussion of which has never been so serious, leaves a bit of a bad taste in one's mouth. Not all equipment vendors do this, and this could be used as a discriminator between them when selecting new equipment (or could be a spur toward considering different platforms when upgrading). -David Barak David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games. http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow
Re: An Internet IPv6 Transition Plan
On Thu, Jul 26, 2007 at 06:21:59AM -0400, John Curran wrote: At 11:18 AM +0100 7/26/07, Stephen Wilcox wrote: um, so thats consistent with what i said.. in fact it implies only a very small number of organisations need to pay close attention and those are the ones best suited to implementing policy changes to ensure their users continue to have a good service this means 90% of orgs can probably wait and see what the 10% do first.. Completely incorrect. In order that we can continue to have reasonable routing growth during new customer add, those 10% need to move to IPv6. While you don't have to move your entire infrastructure to IPv6, you need to add IPv6 to the public-facing servers that you'd like to still be Internet connected. well, the empirical data which is confirmed here is saying that those 10% are burning most of the v4 addresses and we are not seeing them rollout v6 whether they 'need to' or not so you sound right in theory, but in practice your data doesnt show that is occuring and it also suggests those 10% are actively supporting 'the wall' approach. Steve
Re: An Internet IPv6 Transition Plan
At 11:18 AM +0100 7/26/07, Stephen Wilcox wrote: um, so thats consistent with what i said.. in fact it implies only a very small number of organisations need to pay close attention and those are the ones best suited to implementing policy changes to ensure their users continue to have a good service this means 90% of orgs can probably wait and see what the 10% do first.. Completely incorrect. In order that we can continue to have reasonable routing growth during new customer add, those 10% need to move to IPv6. While you don't have to move your entire infrastructure to IPv6, you need to add IPv6 to the public-facing servers that you'd like to still be Internet connected. /John
Re: An Internet IPv6 Transition Plan
At 01:22 PM 7/26/2007, you wrote: Let us not forget that network vendors are now capitalising on the requirement to purchase expensive licensing for such features as native IPv6 routing and 6PE, on their mid to high end kit. I dont feel this sort of behaviour is helpful, I can understand asking for licensing fees for L2VPN/L3VPN technologies since these are products that service providers can levvy a reasonable charge for, but to charge for IPv6 routing capability alone, at the time where the discussion of which has never been so serious, leaves a bit of a bad taste in one's mouth. This is one reason we moved to the Foundry XMR. Their purchase price includes all features such as ISIS, BGP, MPLS, IPv6, etc. Since other vendors charge too much (imho) for licensing, some projects like MPLS enabling a network or moving to IPv6 will not happen right away. New services will not be added which will not lead to new gear being purchased to help keep up with the growth of new services. If a few engineers want to play with some features or add a new service for a single client or two as a trial, but it is a multi-million dollar exercise in licensing, it won't happen until there is a business case and by then you are following the herd and not leading it. By that time your people are 2-3 years behind their peers in learning how to implement and support the new technology and you've lost potential clients and services too. Just my $.02. -R Tellurian Networks - Global Hosting Solutions Since 1995 http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 Well done is better than well said. - Benjamin Franklin
Re: An Internet IPv6 Transition Plan
On Thu, Jul 26, 2007 at 01:25:51PM -0400, John Curran wrote: At 2:01 PM +0100 7/26/07, Stephen Wilcox wrote: well, the empirical data which is confirmed here is saying that those 10% are burning most of the v4 addresses and we are not seeing them rollout v6 whether they 'need to' or not Wow... you mean that they're not announcing general IPv6 availability two years before they have to? I'm so surprised. ;-) they need to be announcing availability well in advance of a forced need to transition and based on the projected timescales 2 yrs in advance has already passed them by so you sound right in theory, but in practice your data doesnt show that is occuring and it also suggests those 10% are actively supporting 'the wall' approach. The number of major backbone operators looking into IPv6 is already quite high, and will likely approach 100%. The alternative is carriers having to explain to the analyst community that they lack a business plan for new data customer growth once large IPv4 blocks are no longer generally available. ah yes of course.. looking into, producing reports. but where are they at really? : - how many of those have obtained address space sufficient to cover their customer base already? - how many of those networks have made the trivial step of announcing their v6 blocks in BGP? - how many of them have already got native v6 running in their backbones and on their services (mail, dns etc).. fundemental advance prerequisites to any complicated end user deployment i think the number with one of the above is a reasonable percentage, with two of the above is small and three of the above.. are there any? Steve
Re: An Internet IPv6 Transition Plan
James R. Cutler wrote: Cost of operating v4/v6 combined for some time includes, among other things: 1. Help Desk calls resulting from confused customers wanting configuration help. 2. Memory for Routing Information for IPv4 plus IPv6. 3. Help Desk calls resulting from errors by confused engineers trying to work both protocols on too many devices. 4. Cost of documentation and training for Help Desk personnel. 5. Cost of Linksys WRT54G-IP6 or equivalent because of increased memory and programming requirements. 6. Cost of software maintenance for network core router software -- didn't we just go through getting rid of DECnet, SNA, IPX/SPX, and AppleTalk because of this, among other reasons?? 7. Marketing cost of being perceived as obsolete. 8. Opportunity cost due to more complex delivery configurations slowing down sales. 9. Cost of IP Naming and Addressing Management due to multiple protocol complexity -- didn't we just go through getting rid of DECnet, SNA, IPX/SPX, and AppleTalk because of this, among other reasons?? Let us not forget that network vendors are now capitalising on the requirement to purchase expensive licensing for such features as native IPv6 routing and 6PE, on their mid to high end kit. I dont feel this sort of behaviour is helpful, I can understand asking for licensing fees for L2VPN/L3VPN technologies since these are products that service providers can levvy a reasonable charge for, but to charge for IPv6 routing capability alone, at the time where the discussion of which has never been so serious, leaves a bit of a bad taste in one's mouth. Dave.
RE: An Internet IPv6 Transition Plan
You posit that running out of bread (ipv4 address space) encourages people to bake more bread. Unfortunately it often makes them scream for bread lines (rationing, central control, privilege.) It'd be nice if there were a more positive reason to go ipv6 than getting out of the bread lines, but the killer ipv6 app remains elusive. -- -Barry Shein The World | [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: An Internet IPv6 Transition Plan
On Tue, Jul 24, 2007 at 09:34:01PM +0100, [EMAIL PROTECTED] wrote: However, what I'm trying to understand is why the motivation to rapidly go from v4 to v6 only? What are the factors I'm missing in operating v4/v6 combined for some time? Growth. Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light. What exactly will cease to grow tho? The 4 billion IPs that have always been around will continue to be. I think you overestimate the effects.. All the existing big businesses can operate with what they already have, Google and Yahoo are not going to face any sort of crisis for the foreseeable future. And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them. Steve
Re: An Internet IPv6 Transition Plan
At 11:52 AM +0100 7/25/07, Stephen Wilcox wrote: On Tue, Jul 24, 2007 at 09:34:01PM +0100, [EMAIL PROTECTED] wrote: However, what I'm trying to understand is why the motivation to rapidly go from v4 to v6 only? What are the factors I'm missing in operating v4/v6 combined for some time? Growth. Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light. What exactly will cease to grow tho? The 4 billion IPs that have always been around will continue to be. I think you overestimate the effects.. All the existing big businesses can operate with what they already have, Google and Yahoo are not going to face any sort of crisis for the foreseeable future. And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them. Steve - Putting them back into circulation doesn't work unless its done in very large chucks to major ISPs. If this isn't the model followed, then we will see a lot more routes for the equivalent number of new customers. People complaining about the ability to carry both IPv6 and IPv4 routing need to think carefully about how long we'll actually last if the ISP's are injecting thousands of unaggregatable routes from recovered address space each day. Additionally, the run rate for IPv4 usage approximates 10 /8 equivalents per year and increasing. Even given great legacy recovery, you've only gained a few more years and then still have to face the problem. /John
RE: An Internet IPv6 Transition Plan
Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light. What exactly will cease to grow tho? The 4 billion IPs that have always been around will continue to be. I think you overestimate the effects.. I think you misunderstand the dictionary definition of growth. Yes, the IPv4 addresses, and much of the network infrastructure using them, will continue to be. But growth is about expansion, adding more, increasing the size and scope of the network. Few businesses are satisfied with collecting the same monthly recurring revenue from the same customer base. They either want to grow the customer base or grow the monthly revenue per customer. In the Internet business the main engine of revenue growth is growing the customer base by growing the network and adding more customers. All the existing big businesses can operate with what they already have, Google and Yahoo are not going to face any sort of crisis for the foreseeable future. I disagree. In reality, the customer base of a business is never static. If the company does not grow their base, they certainly will see that base shrink through attrition, churn, etc. Customers will die, move to another town/country, and switch suppliers for some reason or other. In order to keep from fading away, a company has to grow its base, and if there are hard geographic limits to growth because of IPv4 exhaustion, that makes it complex (and therefore expensive) to maintain a steady state. And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them. And when your Internet supplier tells you that there will be a $10 per month increase in fees to cover the increase cost of IPv4 addresses, will you be happy? Will you start shopping for an IPv6 Internet supplier? When IPv6 Internet access is cheaper due to IPv4 address costs, then ISPs face a wholesale loss of their customer base. Of course, most business managers are smart enough to see this coming and resist paying for IPv4 addresses in the first place. Let's face it, the majority of ISP and telecom executives in place today, have spent their careers navigating through a period of growth and abundant resources. They don't know how to manage through scarcity and constraints and shortages. Many of them realize this and will steer their businesses to avoid scarcity and constraints and shortages. That means that most of them will see IPv6 as an opportunity to see who can race the fastest and build market share before the competition does. They know how to do this, and the investment bankers also understand this model of business. When the IPv4 shortage begins to bite, then you will see enormous amounts of money and effort put into IPv6 conversions (and new IPv6 startups who intend to unseat Google, Yahoo, etc.). There's another killer application of IPv6. --Michael Dillon
Re: An Internet IPv6 Transition Plan
On Wed, Jul 25, 2007 at 07:14:49AM -0400, John Curran wrote: At 11:52 AM +0100 7/25/07, Stephen Wilcox wrote: On Tue, Jul 24, 2007 at 09:34:01PM +0100, [EMAIL PROTECTED] wrote: However, what I'm trying to understand is why the motivation to rapidly go from v4 to v6 only? What are the factors I'm missing in operating v4/v6 combined for some time? Growth. Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light. What exactly will cease to grow tho? The 4 billion IPs that have always been around will continue to be. I think you overestimate the effects.. All the existing big businesses can operate with what they already have, Google and Yahoo are not going to face any sort of crisis for the foreseeable future. And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them. Steve - Putting them back into circulation doesn't work unless its done in very large chucks to major ISPs. If this isn't the model followed, then we will see a lot more routes for the equivalent number of new customers. People complaining about the ability to carry both IPv6 and IPv4 routing need to think carefully about how long we'll actually last if the ISP's are injecting thousands of unaggregatable routes from recovered address space each day. Additionally, the run rate for IPv4 usage approximates 10 /8 equivalents per year and increasing. Even given great legacy recovery, you've only gained a few more years and then still have to face the problem. Hi John, I fully agree on that.. but I am disagreeing as to the timescales. There is some opinion that when IANA hands out the last of its IP blocks things will change overnight, and I dont see any reason for that to be the case. I think there are a lot of IPs currently allocated to ISPs but as yet unassigned to customers, and I think there will be a lot of policy changes to make more efficient use of the space that is already out there - I specifically think that will come from ISPs reusing IPs and setting costs that ensure they continually have IPs available to customers willing to pay for them. I think the combined effect of these things means - we will not be running into a wall at any time - availability of IPs will slowly decrease over time (as cost slowly increases) - adoption of NAT and v6 will be an ongoing trend with no sudden increase This means no end of the world as we know it, and no overnight adoption of new technology.. just business as usual in an evolving environment. Steve
Re: An Internet IPv6 Transition Plan
At 12:30 PM +0100 7/25/07, Stephen Wilcox wrote: Hi John, I fully agree on that.. but I am disagreeing as to the timescales. There is some opinion that when IANA hands out the last of its IP blocks things will change overnight, and I dont see any reason for that to be the case. I think there are a lot of IPs currently allocated to ISPs but as yet unassigned to customers, and I think there will be a lot of policy changes to make more efficient use of the space that is already out there - I specifically think that will come from ISPs reusing IPs and setting costs that ensure they continually have IPs available to customers willing to pay for them. In the ARIN region, we've got major ISP's coming back every 6 months with high utilization rates seeking their next block to allow customer growth. While I'm certain that some internal recovery is possible, there's a realistic limit of how long any ISP can make their air supply last. I think the combined effect of these things means - we will not be running into a wall at any time - availability of IPs will slowly decrease over time (as cost slowly increases) - adoption of NAT and v6 will be an ongoing trend with no sudden increase Unless the policy changes you suggest somehow dramatically change the current usage rate, we're going to have a very serious rate of change when the IANA/RIR pool hits zero. That sort of defines hitting a wall, by my definition. Please propose the magical policy changes asap... we need to get them through the public process and adopted in record time to have any affect on the usage rate. This means no end of the world as we know it, and no overnight adoption of new technology.. just business as usual in an evolving environment. Note: I'm not advocating an overnight technology deployment; just advising those folks who presently rely on continuous availability of new address blocks from the RIR's that we're going to see a change. At present, there's a few years for these folks to switch to IPv6 for their growth. It requires cooperation from the Internet, in that we all need to recognize that there will be IPv6 customers out there soon, and even if you don't plan on having those, please make your public facing servers IPv6 reachable in the next few years. /John
Re: An Internet IPv6 Transition Plan
On Wed, Jul 25, 2007, Stephen Wilcox wrote: Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light. What exactly will cease to grow tho? The 4 billion IPs that have always been around will continue to be. I think you overestimate the effects.. All the existing big businesses can operate with what they already have, Google and Yahoo are not going to face any sort of crisis for the foreseeable future. And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them. I'm not sure what your definition of really tiny is, but out here IPs are a dollar or two each a year from APNIC. I'm sure ARIN's IP charges aren't $0.00. Adrian
Re: An Internet IPv6 Transition Plan
On Wed, Jul 25, 2007 at 07:52:19PM +0800, Adrian Chadd wrote: On Wed, Jul 25, 2007, Stephen Wilcox wrote: Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light. What exactly will cease to grow tho? The 4 billion IPs that have always been around will continue to be. I think you overestimate the effects.. All the existing big businesses can operate with what they already have, Google and Yahoo are not going to face any sort of crisis for the foreseeable future. And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them. I'm not sure what your definition of really tiny is, but out here IPs are a dollar or two each a year from APNIC. I'm sure ARIN's IP charges aren't $0.00. RIPE is a couple thousands Euros to be an LIR which gets you all the IPs you need.. $1/yr is like 8c/month - well into the realm of being sunk into the cost when you provide a hosting service or DSL line. Its close enough to zero to be lost in the overheads of any business operation. Now, if you suddenly charge $2.50/mo to have a public IP or $15/mo for a /28 it does become a consideration to the customer as to if they _REALLY_ need it Steve
Re: An Internet IPv6 Transition Plan
John, On Jul 25, 2007, at 1:14 PM, John Curran wrote: All the existing big businesses can operate with what they already have, Google and Yahoo are not going to face any sort of crisis for the foreseeable future. And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them. Putting them back into circulation doesn't work unless its done in very large chucks to major ISPs. If this isn't the model followed, then we will see a lot more routes for the equivalent number of new customers. People complaining about the ability to carry both IPv6 and IPv4 routing need to think carefully about how long we'll actually last if the ISP's are injecting thousands of unaggregatable routes from recovered address space each day. Been there, done that, got several t-shirts. Longer prefixes _will_ hit the routing system. ISPs will react by (re-)implementing prefix length filters. Many people will whine. Additionally, the run rate for IPv4 usage approximates 10 /8 equivalents per year and increasing. Even given great legacy recovery, you've only gained a few more years and then still have to face the problem. This assumes consumption patterns remain the same which is, I believe, naive. In a world where you have to pay non-trivial amounts for address space utilization, people will only use the address space they actually need and you'll see even more proliferation of NAT for client-only services. Rgds, -drc
Re: An Internet IPv6 Transition Plan
At 2:02 PM +0200 7/25/07, David Conrad wrote: This assumes consumption patterns remain the same which is, I believe, naive. In a world where you have to pay non-trivial amounts for address space utilization, people will only use the address space they actually need and you'll see even more proliferation of NAT for client-only services. I believe that we'll see extensive use of NAT for client-only services (just look at many broadband residential services today), but that won't help business customers who want a block for the DMZ servers. They'll pay, but the question is whether they can afford the actual global cost of routing table entry, or whether it will even be accountable. ISP's can figure out the cost of obtaining IPv4 blocks, but the imputed cost of injecting these random blocks into the DFZ routing table is harder to measure and inflicted on everyone else. /John
Re: An Internet IPv6 Transition Plan
At 1:15 PM +0100 7/25/07, Stephen Wilcox wrote: At present, there's a few years for these folks to switch to IPv6 for their growth. It requires cooperation from the Internet, in that we all need to recognize that there will be IPv6 customers out there soon, and even if you don't plan on having those, please make your public facing servers IPv6 reachable in the next few years. I'm not sure there is time for v6 to be ready before companies find different ways to manage this. There are many things that need to happen to enable v6 and I dont think any of them are happening in a big way. Whether the large CDNs deploy v6, if v6 can be purchased in volume as transit are likely to be the major factors.. Steve - Are you unable to make your public facing servers IPv6-reachable? /John
Re: An Internet IPv6 Transition Plan
On Wed, Jul 25, 2007 at 12:21:04PM +0100, [EMAIL PROTECTED] wrote: Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light. What exactly will cease to grow tho? The 4 billion IPs that have always been around will continue to be. I think you overestimate the effects.. I think you misunderstand the dictionary definition of growth. Yes, the IPv4 addresses, and much of the network infrastructure using them, will continue to be. But growth is about expansion, adding more, increasing the size and scope of the network. Few businesses are satisfied with collecting the same monthly recurring revenue from the same customer base. They either want to grow the customer base or grow the monthly revenue per customer. In the Internet business the main engine of revenue growth is growing the customer base by growing the network and adding more customers. I dont think paypal's growth is tied to how many IPs they have... I think it relates to how many hits www.paypal.com receives and what their products look like. IP availability is unlikely to ever have more than the briefest mention in the boardroom and probably only in response to a news article quoting the end of the internet being imminent. And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them. And when your Internet supplier tells you that there will be a $10 per month increase in fees to cover the increase cost of IPv4 addresses, will you be happy? Will you start shopping for an IPv6 Internet supplier? When IPv6 Internet access is cheaper due to IPv4 address costs, then ISPs face a wholesale loss of their customer base. Of course, most business managers are smart enough to see this coming and resist paying for IPv4 addresses in the first place. I'll sell you v6 today for 1/4 of the price of v4. Providing you understand theres not a lot out there. I agree on your cost comparison, but consider what investment and costs are needed to be able to get to that point. this model of business. When the IPv4 shortage begins to bite, then you will see enormous amounts of money and effort put into IPv6 conversions (and new IPv6 startups who intend to unseat Google, Yahoo, etc.). You will just see redeployment of existing budgets.. why would you pay more to see the same webpage be delivered just because of some techno mumbo jumbo Any investor would be crazy to invest in a v6 competitor to Google.. enter a mature market using a new technology that 99% of the planet cant get to? The only folks getting into v6 are the ones controlling the v4 market with enough spare RD cash currently. Steve
Re: An Internet IPv6 Transition Plan
On Wed, Jul 25, 2007 at 07:50:05AM -0400, John Curran wrote: At 12:30 PM +0100 7/25/07, Stephen Wilcox wrote: Hi John, I fully agree on that.. but I am disagreeing as to the timescales. There is some opinion that when IANA hands out the last of its IP blocks things will change overnight, and I dont see any reason for that to be the case. I think there are a lot of IPs currently allocated to ISPs but as yet unassigned to customers, and I think there will be a lot of policy changes to make more efficient use of the space that is already out there - I specifically think that will come from ISPs reusing IPs and setting costs that ensure they continually have IPs available to customers willing to pay for them. In the ARIN region, we've got major ISP's coming back every 6 months with high utilization rates seeking their next block to allow customer growth. While I'm certain that some internal recovery is possible, there's a realistic limit of how long any ISP can make their air supply last. I think the combined effect of these things means - we will not be running into a wall at any time - availability of IPs will slowly decrease over time (as cost slowly increases) - adoption of NAT and v6 will be an ongoing trend with no sudden increase Unless the policy changes you suggest somehow dramatically change the current usage rate, we're going to have a very serious rate of change when the IANA/RIR pool hits zero. That sort of defines hitting a wall, by my definition. Well, you already say you have major ISPs submitting requests every 6 months, and I guess that is your high water mark so everyone else should be longer (at lease here under RIPE you are supposed to be allocated space for 2 yrs at a time). So, we have IANA out of space at eof 2009.. that will then take the RIRs 12 to 24 mo to allocate that out before there is any impact on ISPs. Once that occurs we still have your 6mo-2yr+ period that ISPs have in their allocated and unused pool to be giving to customers. Add all that together and you have 18mo-4yrs of 'greyness', no overnight wall. And I'm saying each of the events plus that grey period will cause evolution in the market place to occur such that there are no walls or catastraphies from a continuity or economical point of view. Please propose the magical policy changes asap... we need to get them through the public process and adopted in record time to have any affect on the usage rate. Well, thats a different story. Inflating the price of IPs would have been a good thing but I think that horse has already bolted now. This means no end of the world as we know it, and no overnight adoption of new technology.. just business as usual in an evolving environment. Note: I'm not advocating an overnight technology deployment; just advising those folks who presently rely on continuous availability of new address blocks from the RIR's that we're going to see a change. Indeed they will, but it wont happen to everyone at the same time (as they all have months or years of IPs left) and they have plenty of time to figure out how to adapt their products and business models. At present, there's a few years for these folks to switch to IPv6 for their growth. It requires cooperation from the Internet, in that we all need to recognize that there will be IPv6 customers out there soon, and even if you don't plan on having those, please make your public facing servers IPv6 reachable in the next few years. I'm not sure there is time for v6 to be ready before companies find different ways to manage this. There are many things that need to happen to enable v6 and I dont think any of them are happening in a big way. Whether the large CDNs deploy v6, if v6 can be purchased in volume as transit are likely to be the major factors.. Steve
Re: An Internet IPv6 Transition Plan
On Wed, Jul 25, 2007 at 08:18:30AM -0400, John Curran wrote: At 1:15 PM +0100 7/25/07, Stephen Wilcox wrote: At present, there's a few years for these folks to switch to IPv6 for their growth. It requires cooperation from the Internet, in that we all need to recognize that there will be IPv6 customers out there soon, and even if you don't plan on having those, please make your public facing servers IPv6 reachable in the next few years. I'm not sure there is time for v6 to be ready before companies find different ways to manage this. There are many things that need to happen to enable v6 and I dont think any of them are happening in a big way. Whether the large CDNs deploy v6, if v6 can be purchased in volume as transit are likely to be the major factors.. Steve - Are you unable to make your public facing servers IPv6-reachable? Well, I wear a few hats these days :) but.. I think the short answer is yes, I'm unable. Most stuff I am involved in is modern enough that the servers have a v6 stack so that could be enabled. But the apps themselves are not all v6 so they would either need to be upgraded or fixed. We would of course need to configure these and ensure all dependncies are v6 capable, particularly if we're sending address info back to customers we dont want to switch them in and out of v4/v6. Then the network gear tends to be v6 enabled in the core and not at the edges where older gear has been redeployed. And a lot of the gear that claims to be v6 doesnt handle hardware switching properly so that needs investigating and would be an issue. Then we'd need to make sure all security and policies are uniform and working equally across v6. Assuming we sort it tho then we need to bring up v6 transit, more v6 peers and drop any v4 tunnels as they cant be expected to handle production load. I guess theres abstraction to fix too - my CMS, monitoring, allocation, much of which is automated and all of which relies on storing address info would all need to be rewritten to allow v6 addresses on hosts, interfaces, customers etc So fix all that and yes we could have v6 servers, but you also said reachable and according to my BGPv6 table theres very little reachable out there right now - about 700 prefixes when compared to 25000 v4 ASNs that should each be visible. So you can break this into two elements - stuff I control and stuff I dont. For the stuff I control I think the summary is that I'd need to build an ISP from scratch essentially (if not in terms of capex purchases then certainly in terms of design and implementation). And the stuff I dont control, well.. I cant do much about that. Steve
Re: An Internet IPv6 Transition Plan
At 1:15 PM +0100 7/25/07, Stephen Wilcox wrote: I'm not sure there is time for v6 to be ready before companies find different ways to manage this. There are many things that need to happen to enable v6 and I dont think any of them are happening in a big way. Let's agree on 18mo-4yrs of 'greyness' (as you put it), and that indeed different companies find different ways to manage this... Some of the companies are going to select IPv6 because it's has some level of support in existing end systems and network gear (even considering the various implementation flaws, lack of hardware support, etc), and because it supports a generally hierarchical addressing/routing model which works (again, despite recognition that the routing system has some serious long-term scalability questions which need to be looked into). For their choice to work, it's necessary that your public-facing servers accept IPv6 connections. It's really not a hard concept, and it's based on the simple premise stated by Jon: In general, an implementation should be conservative in its sending behavior, and liberal in its receiving behavior. You've stated a long list of items that need to be changed, but that's if you want to serve as an ISP using IPv6 for customers, and change your internal infrastructure to IPv6, and that's not required. You've already said you are going to take another path to manage things, and that's cool. The question is whether you still recognize the need to deploy IPv6 on the very edge of your network for your public services such as web and email. You could even have someone host this for you, it's not that hard, and there's two to 4 years to get it done. If you're saying that no one at all needs to use IPv6, so you aren't going to worry about IPv6 connectivity for your public facing servers, then it would be best to explain how global routing is supposed to work when ISP's aren't using predominantly hierarchical address assignments for their growth. /John
Re: An Internet IPv6 Transition Plan
John, On Jul 25, 2007, at 2:13 PM, John Curran wrote: I believe that we'll see extensive use of NAT for client-only services (just look at many broadband residential services today), but that won't help business customers who want a block for the DMZ servers. Well yes. However there are likely to be far fewer devices in the DMZ that need numbers. In addition, renumbering DMZ servers is a whole lot less painful than renumbering your entire network, so perhaps PA space would be more acceptable. I can easily imagine a world where ISPs migrate their internal infrastructure that is currently numbering in IPv4 space over to IPv6, thereby freeing up a large amount of IPv4 space that could then be used for customer DMZ servers. My point is that once you associate a non-trivial cost per address, people will tend to use address space more efficiently (either by reusing space more efficiently or reducing the amount of space they need). As such address consumption rates will change. They'll pay, but the question is whether they can afford the actual global cost of routing table entry, or whether it will even be accountable. It never has been. Not sure why this would change. As we've seen in the past, it's much easier to do prefix length filters when it becomes an issue. ISP's can figure out the cost of obtaining IPv4 blocks, but the imputed cost of injecting these random blocks into the DFZ routing table is harder to measure and inflicted on everyone else. http://en.wikipedia.org/wiki/Tragedy_of_the_commons Rgds, -drc
Re: An Internet IPv6 Transition Plan
On 25 Jul 2007, at 14:15, Stephen Wilcox wrote: [...] Well, you already say you have major ISPs submitting requests every 6 months, and I guess that is your high water mark so everyone else should be longer (at lease here under RIPE you are supposed to be allocated space for 2 yrs at a time). A recent policy change means that The RIPE NCC allocates enough address space to LIRs to meet their needs for a period of up to 12 months. http://www.ripe.net/ripe/docs/ipv4-policies.html#5 So, we have IANA out of space at eof 2009.. that will then take the RIRs 12 to 24 mo to allocate that out before there is any impact on ISPs. If there isn't a run on the bank. Leo
Re: An Internet IPv6 Transition Plan
Hi Stephen, I have run many times in the kind of problems that you describe, and always was able to find a suitable alternative solution, at least a temporary one (for instance until specific hardware can be upgrades, such as L3 switches, and the solution was working fine at least for initial small IPv6 traffic). For example, I've been able to use with IPv6 many applications that don't support it, but means of using portproxy. I'm probably able to help you (and/or other folks) with more specific examples, so if you're interested, write me offline. Regards, Jordi De: Stephen Wilcox [EMAIL PROTECTED] Responder a: [EMAIL PROTECTED] Fecha: Wed, 25 Jul 2007 13:41:57 +0100 Para: John Curran [EMAIL PROTECTED] CC: nanog@merit.edu Asunto: Re: An Internet IPv6 Transition Plan On Wed, Jul 25, 2007 at 08:18:30AM -0400, John Curran wrote: At 1:15 PM +0100 7/25/07, Stephen Wilcox wrote: At present, there's a few years for these folks to switch to IPv6 for their growth. It requires cooperation from the Internet, in that we all need to recognize that there will be IPv6 customers out there soon, and even if you don't plan on having those, please make your public facing servers IPv6 reachable in the next few years. I'm not sure there is time for v6 to be ready before companies find different ways to manage this. There are many things that need to happen to enable v6 and I dont think any of them are happening in a big way. Whether the large CDNs deploy v6, if v6 can be purchased in volume as transit are likely to be the major factors.. Steve - Are you unable to make your public facing servers IPv6-reachable? Well, I wear a few hats these days :) but.. I think the short answer is yes, I'm unable. Most stuff I am involved in is modern enough that the servers have a v6 stack so that could be enabled. But the apps themselves are not all v6 so they would either need to be upgraded or fixed. We would of course need to configure these and ensure all dependncies are v6 capable, particularly if we're sending address info back to customers we dont want to switch them in and out of v4/v6. Then the network gear tends to be v6 enabled in the core and not at the edges where older gear has been redeployed. And a lot of the gear that claims to be v6 doesnt handle hardware switching properly so that needs investigating and would be an issue. Then we'd need to make sure all security and policies are uniform and working equally across v6. Assuming we sort it tho then we need to bring up v6 transit, more v6 peers and drop any v4 tunnels as they cant be expected to handle production load. I guess theres abstraction to fix too - my CMS, monitoring, allocation, much of which is automated and all of which relies on storing address info would all need to be rewritten to allow v6 addresses on hosts, interfaces, customers etc So fix all that and yes we could have v6 servers, but you also said reachable and according to my BGPv6 table theres very little reachable out there right now - about 700 prefixes when compared to 25000 v4 ASNs that should each be visible. So you can break this into two elements - stuff I control and stuff I dont. For the stuff I control I think the summary is that I'd need to build an ISP from scratch essentially (if not in terms of capex purchases then certainly in terms of design and implementation). And the stuff I dont control, well.. I cant do much about that. Steve ** The IPv6 Portal: http://www.ipv6tf.org Bye 6Bone. Hi, IPv6 ! http://www.ipv6day.org This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
Re: An Internet IPv6 Transition Plan
Thus spake Adrian Chadd [EMAIL PROTECTED] I'm not sure what your definition of really tiny is, but out here IPs are a dollar or two each a year from APNIC. I'm sure ARIN's IP charges aren't $0.00. The 73 Xtra Large LIRs that consume 79% of ARIN's v4 space today are paying no more than USD 0.03 per IP per year. That's not quite zero, but it's close enough the effect is the same. Until the cost of v4 space to these folks is more than a rounding error, they have absolutely no incentive to conserve. It doesn't matter what the other 2550 LIRs do because they're insignificant factors in overall consumption. S Stephen Sprunk Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do. K5SSS --Isaac Asimov
Re: An Internet IPv6 Transition Plan
On Tue, Jul 24, 2007 at 10:01:44AM -0400, Chad Oleary wrote: DHCPv6 doesn't even hand out addresses. I wasn't going to say anything because Alain already said something. But we've gotten this question from at least two other sources in the last two days who read this and wanted to ask us what that was about. What were they thinking? It does seem pretty weird. So hopefully it will help people who don't have a geek to ask if I were to explain what's going on here: There are 'stateless' and 'stateful' ways to implement DHCPv6. You don't get address assignment unless you do 'stateful' DHCPv6 (and then it's complicated by wether you mean 'normal' addresses, 'temporary' addresses which change every renew, or 'prefix delegation'). But DHCPv6 does give out addresses. The easy way to think of DHCPv6 stateful vs stateless is to realize we have the same relationship in DHCPv4 - you can get an address like people normally do with DHCPv4, or you can use a DHCPINFORM if you already have one...so you can get configuration values like nameservers and such without allocating an address. That's all stateless DHCPv6 is. What Alain said is that until 12-18 months prior to today, there have not been very many sources of stateful DHCPv6 implementations. There are several implementations out now, many appearing enabled by default on production software you probably already have in your networks. -- Ash bugud-gul durbatuluk agh burzum-ishi krimpatul. Why settle for the lesser evil? https://secure.isc.org/store/t-shirt/ -- David W. HankinsIf you don't do it right the first time, Software Engineeryou'll just have to do it again. Internet Systems Consortium, Inc. -- Jack T. Hankins pgpjg14h4FrXY.pgp Description: PGP signature
Re: An Internet IPv6 Transition Plan
On 25-jul-2007, at 6:30, Stephen Wilcox wrote: I think the combined effect of these things means - we will not be running into a wall at any time - availability of IPs will slowly decrease over time (as cost slowly increases) I have to disagree here. 10% of the requests are for 90% of the 170 - 200 million IPv4 addresses given out per year. These are going to large broadband ISPs in blocks of a quarter million or (much) larger, upto /8. At some point, the RIRs will be out of large enough blocks to satisfy these requests. Nothing to be done about that. The decrease over time / address market stuff only applies to the 90% of requests for very smal blocks that together only use 17 - 20 million addresses per year. Those can be satisfied from reclaimed address space for years to come.
Re: An Internet IPv6 Transition Plan
I believe that we'll see extensive use of NAT for client-only services (just look at many broadband residential services today), but that won't help business customers who want a block for the DMZ servers. think a few million /27s or /29s with publicly accessible services on one of those addresses. randy
Re: An Internet IPv6 Transition Plan
On 24-jul-2007, at 0:41, Durand, Alain wrote: 1) What is the IPv6 'service'? For example, is it reasonable to define a 'basic' level service as web+mail and an 'extended' service as everything else? Random ideas include for example offering a lower cost 'basic' service with v6 that would be 'proxied' to the rest of the v4 Internet I would say that IPv6 service is the ability to send packets to and receive packets from other systems also using the IPv6 service by being connected to the global IPv6 cloud. This means that if there is filtering, this must be under the control of the user. Interconnection with IPv4 is a separate problem, and I'm certainly in favor of proxying to achieve that for users who don't need to run more complex protocols over IPv4: http://www.ietf.org/internet-drafts/draft-van-beijnum-v6ops-connect- method-00.txt Hopefully, this will make it possible to start removing IPv4 from select parts of the network: http://arstechnica.com/news.ars/post/20070704-the-declaration-of-ipv6- independence.html 2) What is the connectivity model in IPv6 for the residential customer? 1 address versus prefix delegation? Prefix of course. what prefix size? /48 is a nice round number, but even /64 will do the job for residential users. is this prefix 'stable' or 'variable' over time? (ie renumbering is expected) (note: the answer to this question has huge implications) As a residential ISP, you have to build the network, so you tell us. As long as the prefixes don't change too often and everything is done carefully, user impact is negligible. What types of devices are connected? PCs or appliances or sensors? Nobody knows, and why should you care? What is the management model in the home? Mostly: N/A. Are there 'servers' (ie things that answers connections from the outside) in the home? Of course. Is there any kind of DNS delegation happening to the home? You can't just give every address a name like with IPv4 and you don't really know what addresses customers are going to use. Solution: dynamic DNS. Problem: the authentication. Solution: set up a zone per customer that can be modified with DDNS from the addresses given out to the customer. Bonus: web interface for removing old crap. 3) What is the security model of all this? Javascript is enabled, so: broken. I just listened today half mistified to a presentation at IETF that was saying that the 'recommended' deployment model in the home is to put a NAT-like stateful firewall in the home gateway... This would mean that IPv6 would have to inherit all the NAT- traversal technologies from IPv4 to work... Is this really what we want? No, but how do we avoid it? Vendors need to build good stuff and let the customer make their own decisions in the end, when security stuff gets in the way it WILL be disabled or worked around. 4) What about the 'legacy' devices that cannot upgrade to IPv6? What kind of service is expected for those? Does defining an 80% type solution as in 1) take care of them? Start charging more for IPv4 / less for IPv6, smart users will have a garage sale and buy new stuff, conservative ones do nothing and pay you the extra couple of bucks until 2023.
RE: An Internet IPv6 Transition Plan
John, Thank you for writing this down, this will help start the discussion. One of the things that is missing IMHO is that there is no clear vision of what the IPv6 Internet will/should looks like. Let me focus on the residential broadband for a minute, I'm fully aware there are other cases, but let's start somewhere. 1) What is the IPv6 'service'? For example, is it reasonable to define a 'basic' level service as web+mail and an 'extended' service as everything else? Random ideas include for example offering a lower cost 'basic' service with v6 that would be 'proxied' to the rest of the v4 Internet 2) What is the connectivity model in IPv6 for the residential customer? 1 address versus prefix delegation? what prefix size? is this prefix 'stable' or 'variable' over time? (ie renumbering is expected) (note: the answer to this question has huge implications) What types of devices are connected? PCs or appliances or sensors? What is the management model in the home? (how much all of this has to be controlable by the user vs made automatic?) Are there 'servers' (ie things that answers connections from the outside) in the home? Is there any kind of DNS delegation happening to the home? 3) What is the security model of all this? I just listened today half mistified to a presentation at IETF that was saying that the 'recommended' deployment model in the home is to put a NAT-like stateful firewall in the home gateway... This would mean that IPv6 would have to inherit all the NAT-traversal technologies from IPv4 to work... Is this really what we want? 4) What about the 'legacy' devices that cannot upgrade to IPv6? What kind of service is expected for those? Does defining an 80% type solution as in 1) take care of them? IMHO, until there is a better understanding of the answers to those questions (and many more I'm sure) to describe what the brave new world of IPv6 looks like, it will be difficult to define any Internet scale transition plan... My $.02 - Alain. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Curran Sent: Monday, July 23, 2007 11:56 PM To: nanog Subject: An Internet IPv6 Transition Plan Folks - There's quite a few IPv6 transition technologies, each with its own camp of supporters based on particular world view of the hardest easiest system elements to change. One of the challenges this poses is that it's very easy to get caught up in the various transition approaches and miss the high-level view of what needs to be accomplished. In an effort to communicate one possible transition plan in a technology agnostic manner, I've written an Internet draft which highlights the expectations that organizations could face over the next few years: http://www.ietf.org/internet-drafts/draft-jcurran-v6transition plan-00.txt I'd be interested in hearing any and all feedback from the NANOG community on this draft; feel free to send such privately if you'd prefer a degree of anonymity, or have the urge to use language inappropriate in public... ;-) Thanks! /John
RE: An Internet IPv6 Transition Plan
Alain - Present residential broadband Internet service is provide the customer with access to/from any public-facing IPv4-based resource Around 2011 (date for discussion purpose only) residential broadband Internet service is provide the customer with access to/from any public-facing IPv6-based Internet resource The specific vision of how to provide such service is left to the provider. The Internet/IAB/IETF/ICANN/ISOC/... history does not proscribe such items as prefix size, static versus dynamic addressing, management models, minimal security, or much else for that matter... It's entirely left to the service provider. There's certainly suggestions, both direct (such as filtering for end-site devices) and indirect (embedding a /48 endsite assumption into the addressing scheme), but at the end of the day its up to the service provider to make their own design tradeoffs and let the market decide if they're right. This overall transition plan simply states that you might want to provide customers with access to sites which are served by IPv6-only sometime around 1 Jan 2011. The will be particularly useful to ISP's who may (for lack of any choice) be using IPv6- only to provide Internet service, and would prefer to be making faithful representations that sites connected in this manner are reachable by everyone out there. This isn't a very hard concept. ISP's will not have access to the previously deep pool of IPv4 address blocks that have allowed their ongoing growth in the past. Continuation of the ISP industry is predicated on enabling IPv6 for public-facing sites over the next few years. /John At 1:41 AM -0400 7/24/07, Durand, Alain wrote: John, Thank you for writing this down, this will help start the discussion. One of the things that is missing IMHO is that there is no clear vision of what the IPv6 Internet will/should looks like. Let me focus on the residential broadband for a minute, I'm fully aware there are other cases, but let's start somewhere. 1) What is the IPv6 'service'? For example, is it reasonable to define a 'basic' level service as web+mail and an 'extended' service as everything else? Random ideas include for example offering a lower cost 'basic' service with v6 that would be 'proxied' to the rest of the v4 Internet 2) What is the connectivity model in IPv6 for the residential customer? 1 address versus prefix delegation? what prefix size? is this prefix 'stable' or 'variable' over time? (ie renumbering is expected) (note: the answer to this question has huge implications) What types of devices are connected? PCs or appliances or sensors? What is the management model in the home? (how much all of this has to be controlable by the user vs made automatic?) Are there 'servers' (ie things that answers connections from the outside) in the home? Is there any kind of DNS delegation happening to the home? 3) What is the security model of all this? I just listened today half mistified to a presentation at IETF that was saying that the 'recommended' deployment model in the home is to put a NAT-like stateful firewall in the home gateway... This would mean that IPv6 would have to inherit all the NAT-traversal technologies from IPv4 to work... Is this really what we want? 4) What about the 'legacy' devices that cannot upgrade to IPv6? What kind of service is expected for those? Does defining an 80% type solution as in 1) take care of them? IMHO, until there is a better understanding of the answers to those questions (and many more I'm sure) to describe what the brave new world of IPv6 looks like, it will be difficult to define any Internet scale transition plan... My $.02 - Alain.
Re: An Internet IPv6 Transition Plan
On Tue, Jul 24, 2007 at 01:41:18AM -0400, Durand, Alain wrote: John, Thank you for writing this down, this will help start the discussion. One of the things that is missing IMHO is that there is no clear vision of what the IPv6 Internet will/should looks like. Let me focus on the residential broadband for a minute, I'm fully aware there are other cases, but let's start somewhere. 1) What is the IPv6 'service'? For example, is it reasonable to define a 'basic' level service as web+mail and an 'extended' service as everything else? actually, for some of us there is the thought that before the basic service of web+email can work at all, one needs to have a couple of other infrastructure pieces in play, namely DNS and NTP... Oh, and the routing to knit these services together. --bill
RE: An Internet IPv6 Transition Plan
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Oleary Sent: Tuesday, July 24, 2007 10:02 AM To: nanog@merit.edu Subject: Re: An Internet IPv6 Transition Plan Personally, I see v6 as something that needed and desired by the certain groups. However, when looking at the enterprise, for example, better solutions are needed for things like multi-homing, last I checked. It is just the same multi-homing as v4. No better for sure. Perhaps the biggest challenge, IMO, in this much more dynamic network, is DNS. How do I (or my new vendor) readdress every node at my site, and actually know what device has what address? rtadvd doesn't do DNS updates. DHCPv6 doesn't even hand out addresses. This is not correct. DHCPv6 does hand out addresses. The status of DHCPv6 implemenations has improved dramatically over what it was 12-18 months ago. See the article in the IETF journal about the DHCPv6 bake-off we did at RIPE-NCC last March. DNSSEC comes to mind, but that's a whole different story. Add, since a host can have many preferred addresses, which to use? How do deprecated addresses get withdrawn from DNS? This is a very good point. Having multiple addresses per interface introduce a lot a complexity that is not well understood today. However, nothing forces you there. If you do not run ULA, but run PA or PI space, you can very well manage only one v6 address per interface. - Alain.
RE: An Internet IPv6 Transition Plan
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 1) What is the IPv6 'service'? For example, is it reasonable to define a 'basic' level service as web+mail and an 'extended' service as everything else? actually, for some of us there is the thought that before the basic service of web+email can work at all, one needs to have a couple of other infrastructure pieces in play, namely DNS and NTP... Oh, and the routing to knit these services together. Sure, this is very important... but I was talking about the user experience. - Alain.
RE: An Internet IPv6 Transition Plan
-Original Message- From: John Curran [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 24, 2007 7:20 AM To: Durand, Alain Cc: nanog Subject: RE: An Internet IPv6 Transition Plan Alain - Present residential broadband Internet service is provide the customer with access to/from any public-facing IPv4-based resource Around 2011 (date for discussion purpose only) residential broadband Internet service is provide the customer with access to/from any public-facing IPv6-based Internet resource The specific vision of how to provide such service is left to the provider. The Internet/IAB/IETF/ICANN/ISOC/... history does not proscribe such items as prefix size, static versus dynamic addressing, management models, minimal security, or much else for that matter... It's entirely left to the service provider. Yes, this this correct. However, there is a fairly 'common' expectation today about what the 'user experience' is. Sure, YMMV, but very often the v4 story is a direct PC connected behind a modem or a v4 NAT box + all the NAT traversal baggage + a bunch of device in the home that may have different 'upgrade path' to v6... So, even though this is not written by any I*, this is where we are starting from. Now my question is: where do we land? Simply saying: provide the customer with access to/from any public-facing IPv6-based Internet resource is not sufficient, IMHO, to describe a transition plan effectively. - Alain.
Re: An Internet IPv6 Transition Plan
On Tue, Jul 24, 2007 at 10:59:34AM -0400, Durand, Alain wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 1) What is the IPv6 'service'? For example, is it reasonable to define a 'basic' level service as web+mail and an 'extended' service as everything else? actually, for some of us there is the thought that before the basic service of web+email can work at all, one needs to have a couple of other infrastructure pieces in play, namely DNS and NTP... Oh, and the routing to knit these services together. Sure, this is very important... but I was talking about the user experience. - Alain. good point. there are levels of basic services. i suspect that the network operations folks would want to have working viable v6 (naming, timestamps, audit, measurement) running -before- turning up production basic service for the user experience. assuming that is the case, what things to these assembled operators think are critical for operational stability in bringing online a new address family? Randy had a non-exaustive list at the last IEPG. To memory: MIB, , DNS, NTP, SYSLOG, DHCP, RADIUS, CALEA, etc. --bill
RE: An Internet IPv6 Transition Plan
On Tue, 24 Jul 2007, Durand, Alain wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Oleary Sent: Tuesday, July 24, 2007 10:02 AM To: nanog@merit.edu Subject: Re: An Internet IPv6 Transition Plan Personally, I see v6 as something that needed and desired by the certain groups. However, when looking at the enterprise, for example, better solutions are needed for things like multi-homing, last I checked. It is just the same multi-homing as v4. No better for sure. yup, and see below for a bug-a-boo DNSSEC comes to mind, but that's a whole different story. Add, since a host can have many preferred addresses, which to use? How do deprecated addresses get withdrawn from DNS? This is a very good point. Having multiple addresses per interface introduce a lot a complexity that is not well understood today. However, nothing forces you there. If you do not run ULA, but run PA or PI space, you can very well manage only one v6 address per interface. I think you mean 'PI' not 'PA or PI' because if you have PA and multihome you'll have 2 addresses then have to play the 'which one is 'best' game...
RE: An Internet IPv6 Transition Plan
On Tue, 24 Jul 2007, Durand, Alain wrote: One of the things that is missing IMHO is that there is no clear vision of what the IPv6 Internet will/should looks like. Let me focus on the 'look like'... there are mostly ipv4 paths from each ipv4 endpoint to each other ipv4 endpoint (keeping ourselves to the 'global internet' here). I think it makes sense that the 'ipv6 internet' will look very similar (v6 connectivity from endpoint to endpoint). Now, the tricky parts are the mean time where some ipv4-only host (due to it's network infrastructure not being upgraded to dual-stack capabilities) needs to access some 'important' ipv6-only content. Or the reverse situation as well... (yes, there are firewalls and things that block some end-to-end connectivity those are mostly not important for the 'looks like' discussion) residential broadband for a minute, I'm fully aware there are other cases, but let's start somewhere. 1) What is the IPv6 'service'? I think that in the near term 'all' dsl/cable/dial folks will have to offer dual-stack environments. There is little hope of gateways being successful in larger deployments. (imho) 2) What is the connectivity model in IPv6 for the residential customer? 1 address versus prefix delegation? what prefix size? I had thought it was 1 prefix, I had thought it was a /64 or a /56 someone keeps moving the classful boundaries :( but pick one. Maybe it'd be helpful to be able to subnet that, we ought to think about that too I suppose. is this prefix 'stable' or 'variable' over time? (ie renumbering is expected) renumbering is 'free' in ipv6 right? why not stick to your 7 day leases? Surely you'll want to keep the ability to move netspace around as capacity issues arise? What types of devices are connected? PCs or appliances or sensors? what types exist today? pc's, appliances, sensors... I suspect phones as well. What is the management model in the home? call grandson? I am probably missing your question here... Are there 'servers' (ie things that answers connections from the outside) in the home? my personal opinion is 'yes'... there are a number of things today that do this sort of function, in the IETF v6ops meeting slingbox was mentioned as a specific example. 3) What is the security model of all this? I just listened today half mistified to a presentation at IETF that was saying that the 'recommended' deployment model in the home is to put a NAT-like stateful firewall in the home gateway... This would mean that IPv6 would have to inherit all the NAT-traversal technologies from IPv4 to work... Is this really what we want? I think that NAT is coming, regardless of anyone's want to avoid it, we'll have to plan for that. I think that if we get the chance to start over, let's do it 'right' or 'righter' or 'more correctly/securely' if at all possible, eh? Less direct pc-internet more pc-firewally-thingy-internet. (imho) 4) What about the 'legacy' devices that cannot upgrade to IPv6? What kind of service is expected for those? Does defining an 80% type solution as in 1) take care of them? won't they have ipv4 'forever'? at some point the traffic will flip (more v6 than v4) but for the near term v4 seemingly will dominate and thus remain strong. -Chris
Re: An Internet IPv6 Transition Plan
Cost of operating v4/v6 combined for some time includes, among other things: 1. Help Desk calls resulting from confused customers wanting configuration help. 2. Memory for Routing Information for IPv4 plus IPv6. 3. Help Desk calls resulting from errors by confused engineers trying to work both protocols on too many devices. 4. Cost of documentation and training for Help Desk personnel. 5. Cost of Linksys WRT54G-IP6 or equivalent because of increased memory and programming requirements. 6. Cost of software maintenance for network core router software -- didn't we just go through getting rid of DECnet, SNA, IPX/SPX, and AppleTalk because of this, among other reasons?? 7. Marketing cost of being perceived as obsolete. 8. Opportunity cost due to more complex delivery configurations slowing down sales. 9. Cost of IP Naming and Addressing Management due to multiple protocol complexity -- didn't we just go through getting rid of DECnet, SNA, IPX/SPX, and AppleTalk because of this, among other reasons?? Of course, this is just a smattering. Note also that, although hardware costs for the router core are driven primarily by speed and port count, memory costs can be substantial. At 7/24/2007 11:50 AM -0400, Chad Oleary wrote: snip/ However, what I'm trying to understand is why the motivation to rapidly go from v4 to v6 only? What are the factors I'm missing in operating v4/v6 combined for some time? Chad - James R. Cutler [EMAIL PROTECTED]
Re: An Internet IPv6 Transition Plan
Chris, I think those are very sane opinions and very well stated at that. There is no reason for there to be a fundamental shift here, there is nothing all that revolutionary about IPv6 that breaks existing model (policy decisions around MH, dreaming about NAT / PAT-less Internet, etc aside). Once businesses decide that it's time to adopt, this should be a normal process like any other adoption. Best Regards, Christian --Original Message-- From: Chris L. Morrow Sender: [EMAIL PROTECTED] To: Durand, Alain Cc: John Curran Cc: nanog Sent: Jul 24, 2007 12:11 PM Subject: RE: An Internet IPv6 Transition Plan On Tue, 24 Jul 2007, Durand, Alain wrote: One of the things that is missing IMHO is that there is no clear vision of what the IPv6 Internet will/should looks like. Let me focus on the 'look like'... there are mostly ipv4 paths from each ipv4 endpoint to each other ipv4 endpoint (keeping ourselves to the 'global internet' here). I think it makes sense that the 'ipv6 internet' will look very similar (v6 connectivity from endpoint to endpoint). Now, the tricky parts are the mean time where some ipv4-only host (due to it's network infrastructure not being upgraded to dual-stack capabilities) needs to access some 'important' ipv6-only content. Or the reverse situation as well... (yes, there are firewalls and things that block some end-to-end connectivity those are mostly not important for the 'looks like' discussion) residential broadband for a minute, I'm fully aware there are other cases, but let's start somewhere. 1) What is the IPv6 'service'? I think that in the near term 'all' dsl/cable/dial folks will have to offer dual-stack environments. There is little hope of gateways being successful in larger deployments. (imho) 2) What is the connectivity model in IPv6 for the residential customer? 1 address versus prefix delegation? what prefix size? I had thought it was 1 prefix, I had thought it was a /64 or a /56 someone keeps moving the classful boundaries :( but pick one. Maybe it'd be helpful to be able to subnet that, we ought to think about that too I suppose. is this prefix 'stable' or 'variable' over time? (ie renumbering is expected) renumbering is 'free' in ipv6 right? why not stick to your 7 day leases? Surely you'll want to keep the ability to move netspace around as capacity issues arise? What types of devices are connected? PCs or appliances or sensors? what types exist today? pc's, appliances, sensors... I suspect phones as well. What is the management model in the home? call grandson? I am probably missing your question here... Are there 'servers' (ie things that answers connections from the outside) in the home? my personal opinion is 'yes'... there are a number of things today that do this sort of function, in the IETF v6ops meeting slingbox was mentioned as a specific example. 3) What is the security model of all this? I just listened today half mistified to a presentation at IETF that was saying that the 'recommended' deployment model in the home is to put a NAT-like stateful firewall in the home gateway... This would mean that IPv6 would have to inherit all the NAT-traversal technologies from IPv4 to work... Is this really what we want? I think that NAT is coming, regardless of anyone's want to avoid it, we'll have to plan for that. I think that if we get the chance to start over, let's do it 'right' or 'righter' or 'more correctly/securely' if at all possible, eh? Less direct pc-internet more pc-firewally-thingy-internet. (imho) 4) What about the 'legacy' devices that cannot upgrade to IPv6? What kind of service is expected for those? Does defining an 80% type solution as in 1) take care of them? won't they have ipv4 'forever'? at some point the traffic will flip (more v6 than v4) but for the near term v4 seemingly will dominate and thus remain strong. -Chris -- Sent from my BlackBerry.
RE: An Internet IPv6 Transition Plan
However, what I'm trying to understand is why the motivation to rapidly go from v4 to v6 only? What are the factors I'm missing in operating v4/v6 combined for some time? Growth. Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light. By offering pure IPv6 edge services, you can continue to grow the network unhampered by IPv4 exhaustion. For instance, offering consumer Internet connectivity using pure IPv6 from your edge router/DSLAM/termserver to the customer. If the customer sends you IPv4 packets, you drop them because you only route IPv6 for them. At the very least this will involve running some kind of proxy farm so that IPv6-only customers can still access IPv4-only Internet services. And it will also require fully functional IPv6 peering and transit agreements so that the IPv6 traffic can get to and from the IPv6 Internet effectively. You will be running a mixed v4/v6 network for the next 25 years, because IPv4 is not going away but if you refuse to add commercial IPv6 capability to your network, then you are putting the brakes on growth. Pure and simple. --Michael Dillon P.S. I think this is the real IPv6 killer app, i.e. helping the CEO keep market analysts happy and keeping the company alive through the IPv4 exhaustion crisis. A lot of telecoms companies will not survive this crisis.
Re: An Internet IPv6 Transition Plan
wilbur: we need to fly though the air! orville: easy, let's make a machine, and we can call it an airplane wilbur: that's cute, but HOW WILL IT WORK?
Re: An Internet IPv6 Transition Plan
At 10:59 PM -0500 7/23/07, Randy Bush wrote: wilbur: we need to fly though the air! orville: easy, let's make a machine, and we can call it an airplane wilbur: that's cute, but HOW WILL IT WORK? In the references section, you'll find a number of RFC's and ID's which propose answers on how will this work for particular sites (such as enterprise, campus, etc). The reality is that the world is far more diverse than a few RFC's can depict, and further that we don't have a lot of folks with real world experience (yet) who can provide feedback on the viability of these plans. Rumor has it that this will change over time... /John
Re: An Internet IPv6 Transition Plan
http://rip.psg.com/~randy/070722.v6-op-reality.pdf
