Re: Creating demand for IPv6, and saving the planet
On Thu, October 4, 2007 6:49 am, Mike Leber wrote: As the data at http://bgp.he.net/ipv6-progress-report.cgi shows for the IPv6 and IPv4 nameserver tests, some of the time IPv6 connectivity is *faster* than IPv4 connectivity (66 out of 264 test cases), because of network topology differences due to different peering and transit relationships between IPv4 and IPv6. Just as a odd data point, I see this for the only IPv6 test-bed I have available now, including tunnels. Home DSL (UK) - EU tunnel broker - IPv6 cloud - US tunnel broker - hosted server (California) is consistently 10-20ms lower than home - IPv4 upstream - IPv4 cloud - server. Regards, Tim.
Re: Creating demand for IPv6
On 4/10/2007, at 11:07 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I haven't dug too deep into NAT-PT, but an obvious question comes to mind: Why would an ISP deliver an IPv6-only connection plus NAT-PT (and all the likely problems) with a surcharge for IPv4 instead of delivering RFC1918 IPv4 + NAT with a surcharge for routable IPv4? Why is it an either/or situation? Given the fact that PC's have supported IPv6 for quite a while now crazy rambling This last sentence (fragment) with NAT-PT above it made me ponder a bit. NAT-PT and whatever other solutions we're considering are all aiming to give transparent access to hosts on the IPv4 network from hosts on the IPv6 network (or vice-versa). It probably doesn't have to be so transparent - why couldn't there be some kind of NATv4-over-v6 hack that let it happen? Would GRE (over v6) with DHCP, and NAT on the concentrator work? Maybe L2TP (over v6) or something? OSes don't support this now (as I just pulled it out of thin air), but there's no reason they couldn't be made to, or something like it. Upside down Teredo + NAT. Sure it means we have to have NATs in the way - but as many people have suggested, NAT is an existing issue for most applications, and they work around it just fine. The advantage of doing this as opposed to handing customers' CPEs RFC1918 addresses is, they can do end-to- end over v6 if they want to. /crazy rambling One does wonder if doing IPv6 and RFC1918 IPv4 at the same time might be easier. Do the IPv6 PPP things let you run IPv6 and IPv4 at the same time? (Maybe not RFC1918, maybe take a single non-RFC1918 /24 and assign those addresses to customers, and then re-use that /24 many many times, each behind a different non-RFC1918 address. To avoid address conflicts with people who NAT their address, etc.) The difference between the two things above is that the former is single NAT, the latter is double. The former is much more complicated, though. -- Nathan Ward
Re: Creating demand for IPv6
On 10/3/07, Mark Smith [EMAIL PROTECTED] wrote: The value of network perimeterisation as a security measure, of which NAT is a method, is being questioned significantly by network security people. Mark, The discussion at hand is whether the absence of NAT creates a drag on IPv6 deployment. and how much of a drag it creates. Your points about the relative merits of NAT as a security mechanism are entirely irrelevant to that discussion. On 10/3/07, Iljitsch van Beijnum [EMAIL PROTECTED] wrote: On 3-okt-2007, at 5:20, William Herrin wrote: 1. End the insanity of having software prefer IPv6 if available ( records over A records). Insanity? Yes, Iljitsch, insanity. Trying IPv6 first is asking folks to disable it on their PCs the second or third time they can't get to a web site because the IPv6 path isn't working. Its also asking web site operators not to offer IPv6 addresses in the first place so as not to inconvenience folks who have Ipv6 turned on without a reliable connection. That's counterproductive. We want people on both sides to turn it on and leave it on. We don't need every PC in the world to be a beta tester for our new Internet. We do need them to turn it on. Regards, Bill -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr.Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Creating demand for IPv6
On 10/3/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: However, if there was a reasonable translation mechanism available which allowed IPv6-only end systems to access IPv4-only content, I think the picture would look quite different. Doesn't deploying a 6to4 relay in the content provider network, along with IPv6 access to the content provider network, exactly meet this requirement? Michael, Not in any way, shape or form, no. 6to4 allows folks whose upstream provider is IPv4 only to connect their IPv6 hosts to other IPv6 hosts via IPv6. It does exactly that and nothing else. If you run a web site and only have IPv6 access via 6to4, you SHOULD NOT publish a record. 6to4 has very few gateways and they get clogged at various times of the day. If you publish a record, every user who has IPv6 will first try to connect to you via IPv6 and experience a -long- delay. Perhaps the assignment of IPv4 addresses to end users could become a premium service available to those who need them, leaving cheaper, IPv6-only service for everybody else. I'm quite sure that this WILL happen within a year or so. Lots of ISPs have already gotten their IPv6 through the trial phase and already offer IPv6 access service, or are about to offer it. If you care to wager, I'll take some of that action. Without a relatively transparent mechanism for IPv6-only hosts to access IPv4-only sites this isn't going to happen. We don't have such a mechanism built and won't have it deployed in 12 months. Regards, Bill Herrin -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr.Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Creating demand for IPv6
[EMAIL PROTECTED] (Joe Abley) wrote: 6to4 (for content- or access-focussed networks) is surely a solution to the problem of I have no good way to acquire IPv6 transit; It solves another problem as well, like I cannot go v6 to my servers because my load balancing and packet filtering black boxes don't do it yet. Elmar.
Re: Creating demand for IPv6
On 10/3/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: If you care to wager, I'll take some of that action. Without a relatively transparent mechanism for IPv6-only hosts to access IPv4-only sites this isn't going to happen. We don't have such a mechanism built and won't have it deployed in 12 months. What about these two? http://www.getipv6.info/index.php/Transitioning:_6to4 Michael, As mentioned, 6to4 doesn't do what you seem to think it does. Its not a solution to the problem of IPv6 endpoints trying to talk to IPv4 endpoints. http://www.getipv6.info/index.php/Transitioning:_NAT-PT Looks interesting. There's some version 0.4 user-space software for Linux which claims to do it and Cisco claims to do it in IOS 12.4 advanced enterprise. Let me know how it works out for you when you try it in many to one mode. That is, many IPv6 addresses behind 1 IPv4 address, what Cisco still insists on calling port address translation. Regards, Bill Herrin -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr.Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Creating demand for IPv6
On 10/3/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: As mentioned, 6to4 doesn't do what you seem to think it does. Its not a solution to the problem of IPv6 endpoints trying to talk to IPv4 endpoints. I see that you did not change anything on that page. Specifically what is wrong with the wording below? Michael, I could quibble about the description that it requests dynamic tunnels. Nothing is requested. Its comepletely stateless. There's no setup or teardown. It just sends packets that get encapsulated and decapsulated as they're received. But the description is not unreasonable. Where in the description you posted did you read anything that suggests it allows IPv6 endpoints to communicate with IPv4 endpoints? Looks interesting. There's some version 0.4 user-space software for Linux which claims to do You know, you could have added that to the page yourself. In any case, I added a pointer to a Cisco product brief that mentions they have upgraded NAT-PT to CEF in 12.4. I generally wait until I've seen something actually work before documenting how it works. I haven't dug too deep into NAT-PT, but an obvious question comes to mind: Why would an ISP deliver an IPv6-only connection plus NAT-PT (and all the likely problems) with a surcharge for IPv4 instead of delivering RFC1918 IPv4 + NAT with a surcharge for routable IPv4? Without looking decades ahead to the waning days of IPv4 when its desirable to minimize the IPv4 footprint in your network, I haven't been able to come up with an answer. When I do, I'll take another look at NAT-PT. Regards, Bill Herrin -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr.Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Creating demand for IPv6, and saving the planet
At 08:04 PM 10/3/2007, Stephen Sprunk wrote: Thus spake Daniel Senie [EMAIL PROTECTED] A number of people have bemoaned the lack of any IPv6-only killer-content that would drive a demand for IPv6. I've thought about this, and about the government's push to make IPv6 a reality. What occurred to me is there is a satellite sitting in storage that would provide such content: http://en.wikipedia.org/wiki/Triana_(satellite) Al Gore pushed for this satellite, Triana, to provide those on earth with a view of the planet among its scientific goals. The Republicans referred to it as an overpriced screen saver, though the effect even of just the camera component on people's lives and how they treat the planet could be considerable. By combining the launch of Triana with feeding the still images and video from servers only connected to native IPv6 bandwidth, the government would provide both a strong incentive for end users to want to move to IPv6, and a way to get the people of this planet to stop from time to time and ponder the future of the earth. Here's a simple question that applies to every killer app that's been proposed for IPv6: if you're going to the trouble of making a killer app and giving/selling it to the public, why wouldn't you include support for IPv4? The US Government has stated an intention to have all equipment supplied to it be capable of IPv6, and networks to run IPv6. (http://www.whitehouse.gov/omb/egov/b-1-information.html#IPV6) That being the case, this would be an opportunity for the government to use something to push that goal along. Clearly there's nothing about a screen saver image from L1 that requires IPv6, but the government owns Triana, and the government wants to push IPv6 (OK, so the government also pushed OSI in the form of GOSIP, and we all know how well that worked out). Virtually every unique feature of IPv6, except the number of bits in the address, has been back-ported to IPv4. There is simply no other advantage left, and thus no room for apps that require IPv6. Agree all the way around. There's no technological reason to tie these items together. There is a political reason, as it fits with the agenda of the government to push IPv6 development and deployment. How the government would prevent proxying of this content into IPv4, well, that's another matter. Perhaps the IPv6 evangelists will be able to convince Congress to outlaw that at the same time as they approve the launch of Triana and provide for the server farm to serve the images. BTW, thanks for bringing this thread back to the question of creating demand for IPv6. There's plenty of anti-NAT activity on other threads. Some constructive discussion over ways to create incentives to deploy IPv6 is worthwhile. The most common argument for deployment of IPv6 is fear, as in the sky is falling. Yeah, we all heard that, and have for a decade. Got it. Now, is there some POSITIVE reason to push IPv6? Fear is not a positive force. Dan
Re: Creating demand for IPv6, and saving the planet
On Wed, 3 Oct 2007, Daniel Senie wrote: BTW, thanks for bringing this thread back to the question of creating demand for IPv6. There's plenty of anti-NAT activity on other threads. Some constructive discussion over ways to create incentives to deploy IPv6 is worthwhile. The most common argument for deployment of IPv6 is fear, as in the sky is falling. Yeah, we all heard that, and have for a decade. Got it. Now, is there some POSITIVE reason to push IPv6? Fear is not a positive force. Ok, I'll bite and throw out a wacky idea I've been mulling over. As the data at http://bgp.he.net/ipv6-progress-report.cgi shows for the IPv6 and IPv4 nameserver tests, some of the time IPv6 connectivity is *faster* than IPv4 connectivity (66 out of 264 test cases), because of network topology differences due to different peering and transit relationships between IPv4 and IPv6. So you could write a download accelerator for your browser that checked IPv6 vs IPv4 connectivity and used whichever was faster. With only 3 percent of neworks running IPv6 this idea is a little early, still it would be a hilarious browser plug-in. You could imagine it might even have a little IPv6 accelerator icon that shows up in your status bar when you've switched on the nitro. (hehehe, shaving off that extra few ms of latency, yo!) Mike. +- H U R R I C A N E - E L E C T R I C -+ | Mike Leber Wholesale IPv4 and IPv6 Transit 510 580 4100 | | Hurricane Electric Web Hosting Colocation AS6939 | | [EMAIL PROTECTED] http://he.net | +---+
Re: Creating demand for IPv6
On 10/2/07, Jon Lewis [EMAIL PROTECTED] wrote: On Tue, 2 Oct 2007, William Herrin wrote: At the customer level, #1 has been thoroughly mitigated by NAT, eliminating demand. Indeed, the lack of IPv6 NAT creates a negative demand: folks used to NAT don't want to give it up. At the internet access customer level perhaps. As a hosting provider, try telling your customers here's your IPv4 /32. If you need more IPs, just use NAT. and see how many customers you retain. Jon, Let me spin you a tale. More of a nightmare really. During early phase of free pool exhaustion, when you can't deliver more IPv4 addresses to your customers you lose the customer to a hosting provider who still has addresses left. So sorry. Those will be some nasty years. Unless you're Cogent, Level3 or one of the others sitting pretty on a /8. They'll be in phat city. What should you do about it? Buy stock. And make no mistake: it will drag on and on. Even when everybody is well and truly out, there are a heck of a lot of addresses that can be reclaimed in dialup pools, residential DSL pools and other uses retroactively deemed wasteful by converting them to NAT. And with NAT inbound you can load a lot of functions on a single IP address. How long will it drag on? I'm not that great an oracle. But let me offer you a mild heresy: when you combine aggressive CIDR with double and triple NAT do you really believe that 4B addresses can't be enough for the pushing 7B people on Earth? Must it ever truly end? IPv4 forever. One possible price for failing to deliver an IPv6 that customers want today. Regards, Bill Herrin -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr.Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Creating demand for IPv6
On 10/2/07, Randy Bush [EMAIL PROTECTED] wrote: During early phase of free pool exhaustion, when you can't deliver more IPv4 addresses to your customers you lose the customer to a hosting provider who still has addresses left. So sorry. Those will be some nasty years. Unless you're Cogent, Level3 or one of the others sitting pretty on a /8. They'll be in phat city. this is a very real and significant problem. a very small fraction of the arin membership holds the vast majority of the address space. it would be interesting to ask arin to give us the cdf of this. Randy, It would be nice if it was that simple. Those /8's arise from legacy assignments that fall more or less directly under IANA without any form of agreement in place that could allow policy change. Barring government action, they're effectively the unrecoverable property of those organizations. They can even act as mini-registries and auction addresses off to the highest bidder if they're so inclined. given that, the scenario you present is likely to be very real. but what do we do about it? Unless something brilliant arrives out of left field, the only thing we can do is deploy and get customers to deploy IPv6 -before- IPv4 free pool exhaustion starts to hit. That's really not on track right now. Some things which might help get it back on track are: 1. End the insanity of having software prefer IPv6 if available ( records over A records). That's a commonly cited reason that folks who tried IPv6 stopped using it. I might make some of my stuff available via 6to4 but 6to4 is pretty meager so there's no way I'd consider it when stacks will prefer trying to communicate with IPv6. 2. Figure out a PI solution for IPv6 capable of scaling to the equivalent of hundreds of millions of routes in the core at a per-route cost two orders of magnitude less than it is today. RRG is working on this but there aren't enough people involved, they're not focused on a solution that delivers that degree of scalability, they're not in a hurry and AFAIK they're not well funded. This seems self-defeating given how much money rides on a useful answer coming out of the IETF. 3. Produce IPv6 NAT. Folks are used to NAT. They're comfortable with the security they believe NAT provides. They might eventually switch away from NAT if some desirable new application requires it but they won't refactor their network security policies as a prerequisite to deploying IPv6. On 10/2/07, Mark Smith [EMAIL PROTECTED] wrote: Have you used a NAT free Internet? Mark, I maintain a /23 in the swamp and have since '94. For the record, I didn't even like NAT back when it was still called circuit level proxying. I'd love to have an Internet where all firewalls were packet filters. But that's not my call. That's the call of hundreds of thousands of network security officers who have NAT written in stone at the core of their security process. Tying NAT's abandonment to IPv6's deployment won't change their minds but it will doom IPv6. So if more addresses was thoroughly mitigated by NAT, when were these problems that NAT creates fixed? http://www.cs.utk.edu/~moore/what-nats-break.html Many of those never were meaningful problems and most of the rest have been obsoleted by the changing reality of network security on the Internet. Things like controlling the source port meant something once upon a time, but they have no place in a modern security infrastructure. That would be true with or without NAT. The -real- problems with NAT can be summed up in two statements: 1. NAT makes it more difficult to engage in certain popular activities that strictly speaking are against the TOS. 2. NAT makes logging and accountability more difficult. Regards, Bill Herrin -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr.Web: http://bill.herrin.us/ Falls Church, VA 22042-3004