Re: IPv6 and CDN's

[Scott Morizot]

On Fri, Nov 26, 2021 at 6:51 PM Oliver O'Boyle 
wrote:

> They're getting better at it, at least. They also recently added v6
> support in their NLBs and you can get a /56 for every VPC for direct
> access. I don't think they offer BYO v6 yet, as they do for v4, but it will
> come.
>

Since we are deploying BYO IPv6 in AWS, I can assure you they do offer it
now. That was a blocker for us.

Scott

Re: DANE of SMTP Survey

[Scott Morizot]

On Wed, Jun 2, 2021 at 8:54 AM Bjørn Mork  wrote:

> Jeroen Massar via NANOG  writes:
>
> > For many organisations DNSSEC is 'scary' and a burden as it feels
> > 'fragile' for them.
>
> For "many"?  Can you name one that doesn't feel like that?
>
> https://www.arin.net/vault/announcements/2019/20190204.html
>
> https://www.ripe.net/support/service-announcements/dnssec-validation-problem-with-ripe.net
>
> DNSSEC *is* scary, fragile and a burden.  The question is whether the
> alternatives are worse.
>

Certainly. It's probably not even difficult. My large organization doesn't
find DNSSEC 'scary' or a burden and didn't even when we started in 2011. It
was simply a technical challenge that needed to be designed and integrated.
We have authoritative DNSSEC signing and recursive DNSSEC validation in
place. Public and internal authoritative DNS is mostly signed and
validation is enforced throughout our multi-layered recursive
infrastructure. A number of other organizations also do DNSSEC and have
been doing it.

I know our Internet email team is aware of the use of DANE for SMTP TLS and
are considering it, but DNSSEC is not a factor at all in their evaluation.
It's a given, just part of the DNS infrastructure they use. And I'm not
aware of any "alternative" that does what DNSSEC does. The only choice is
whether you care about verifiable DNS response integrity or not. As far as
'fragile' goes, I assume that would be implementation dependent. There's no
inherent reason an architecture would be 'fragile'. Or if you mean failure
to properly maintain your zones will break your DNS, that would be true for
any strong integrity assurance mechanism that could possibly be designed.
Integrity assurance means if things are supposed to be secured and cannot
be validated they will not resolve. That's an underlying requirement any
mechanism would have to meet or it's not providing integrity assurance.

Scott

Re: DOD prefixes and AS8003 / GRSCORP

[Scott Morizot]

On Mon, Apr 26, 2021 at 12:19 PM John Curran  wrote:

> I provide all of the above in the spirit of maximal transparency, but
> there are indeed some practical limits to what can be provided.  The
> community should know that there was no special deal – only a clarification
> that the USG sought that was both appropriate under the circumstances and
> comparable to our handling other organizations that wished to move address
> space around internally.
>

Thanks for that expanded clarification about the DoD agreement, John. I'll
note that although my agency did not go so far as an additional signed
agreement, we did confirm we retained the ability to move portions of our
IPv4 networks, including networks we had not previously used publicly, as
required to contracted services acting on our behalf or other bureaus in
our department as operationally needed. I understand the DoD desire for
clarification.

Thanks again,

Scott

Re: DOD prefixes and AS8003 / GRSCORP

[Scott Morizot]

On Mon, Apr 26, 2021 at 10:19 AM Bryan Fields  wrote:

> On 3/15/21 4:01 PM, Christopher Morrow wrote:
> > is it possible that the DoD:
> >   1) signed a lRSA (or really just an RSA)
>
> Just re-read this; I don't think the Federal Government is required to sign
> the standard ARIN agreement.  I believe they have a different agreement
> with
> ARIN.  I did some searching, but can't find this easily on their website.
>

Unrelated to DoD, but as the member representative for a different Federal
agency with both an LRSA and an RSA, I can definitely say that's not the
case. There are no special rules for the US Federal Government.

Scott

Re: Microsoft Exchange zero day

[Scott Morizot]

On Fri, Mar 5, 2021 at 4:26 PM Eric Kuhnke  wrote:

> ISPs/NSPs with customers running self hosted or on-premises Exchange may
> want to be aware of this.
>
>
>
> https://krebsonsecurity.com/2021/03/at-least-3-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/
>
>
> https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
>

Yes, and CISA released an alert and an emergency directive.

https://us-cert.cisa.gov/ncas/current-activity/2021/03/03/cisa-issues-emergency-directive-and-alert-microsoft-exchange

Re: Gaming Consoles and IPv4

[Scott Morizot]

On Mon, Sep 28, 2020 at 8:30 AM Jeremy Bresley  wrote:

> I'm outside of Tampa (18th largest MSA in the US).  The two providers
> here, Spectrum (former Brighthouse area) and Frontier (bought out Verizon's
> FIOS offering) are both IPv4 only (including on their SOHO/SMB offerings).
>
> So I'm stuck with doing an HE tunnel still for my IPv6 access.  If anybody
> has a petition to change this with these providers, let me know, happy to
> sign it.
>

I empathize. My home provider, Suddenlink, is one of the laggards. Spectrum
here in the Austin area, though, is fully IPv6 enabled. Last year I did a
fair amount of testing at my younger son's apartment. It's frustrating.

I don't have any sort of detailed breakdown because that's not our primary
focus, but my very large organization has been supporting a daily average
of between 50k-60k VPN remote workers from around the country in all sorts
of locations. Because of COVD-19, it's been a significant percentage
increase, though our normal levels are quite large. We see about a quarter
of those incoming connections over IPv6. Most of our remote workers are
non-technical so that's an indication of not just ISP deployment but
penetration into their home networks. Again, we don't have any breakdown
since that's not our primary focus, but it does provide a high level
perspective.

Scott

Draft of the next US Federal Government IPv6 guidance to civilian agencies memo released

[Scott Morizot]

Hello all,

Since it's been released for comment on the Federal Register this week and
it's something that potentially has ripple effects to network and equipment
providers in the US especially, I thought some here might be interested in
the following.

Request for Comments on Updated Guidance for Completing the Transition to
the Next Generation Internet Protocol, Internet Protocol Version 6 (IPv6)

https://www.federalregister.gov/documents/2020/03/02/2020-04202/request-for-comments-on-updated-guidance-for-completing-the-transition-to-the-next-generation


The draft memo itself is not necessarily straightforward to locate, but it
is published on the Federal CIO website.

https://www.cio.gov/assets/resources/internet-protocol-version6-draft.pdf

The memo outlines the next mandated IPv6 transition step for US civilian
agencies and establishes reporting requirements on their progress toward
those mandated goals.

The comment process is outlined in the Federal Register notice should
anyone have comments they would like to submit.

Scott

Re: D'oH III: In 3-D! Plot Twist from Google/Chrome, Vixie approves?

[Scott Morizot]

+1

On Wed, Oct 30, 2019 at 11:03 AM Todd Underwood  wrote:

> the relevant sentiment is:  thanks for whitelisting a fixed number of them
> so i can block them.
>

Re: DNS Qtypes and class values are a social construct

[Scott Morizot]

On Fri, Apr 5, 2019 at 8:34 AM Cynthia Revström  wrote:

Hello Phillip,

I feel like I have to say this, saying stuff like that "#triggered" is
insensitive and as Alfie said, pretty tone deaf.

Some of us live with and are working to better manage PTSD from complex
trauma. I agree with Cynthia and can assure you "triggered" is not a joke
or laughing matter for us.

I also agree with Alfie and Cynthia regarding the original content.

Scott

Re: Companies using public IP space owned by others for internal routing

[Scott Morizot]

On Sun, Dec 17, 2017 at 8:49 PM, Robert Webb  wrote:

> > From: Mark Andrews [mailto:ma...@isc.org]
> > > On 18 Dec 2017, at 1:20 pm, Robert Webb  wrote:
> > >
> > > Where I work I have the opposite issue. They have a lot of public IPv4
> > > space and only use it internally never be advertised to the internet.
> > > Something I have never agreed With doing.
> >
> > Why?  This is a perfectly legitimate use of the IP addresses.  The
> purpose of
> > assigning addresses is so that they are unique WORLD WIDE in whatever
> > context you wish to use them in.
>


> I going to guess you were talking about the use internally of public IP
> addresses..
>
> But there are rules governing what to use where. So it is OK to hoard
> publicly addressable IPv4 IP's for internal
> use that will never reach the outside world? No the way I have been taught.
>
> Maybe I just lack that big picture..
>
>
I think the big picture here is that they helped fund the development of IP
and received
large enough v4 allocations at the outset that they haven't had to use
kludges like RFC1918
as much as most others have. It's not "hoarding" IPs if you're using them,
whether or
not you choose to advertise and make them accessible to other networks.

It's the world everyone gets to live in with the current version of IP.

Scott

Re: IPv6 deployment excuses - IPv6 only resources

[Scott Morizot]

On Mon, Jul 4, 2016 at 11:55 AM, Jacques Latour 
wrote:

>
> Is there a list of IPv6 only ISP or services?  I'd be curious to trend
> that somehow, by geography, service type, etc... if any.
>

Since "IPv6 only" right now is primarily about those portions of the
network that are under a single organization's control, the rest of us will
only know about them, for the most part, from reports from those
organizations. As such, I doubt there's a list, per se, though somebody may
be collecting one.

Off the top of my head, Facebook has reported moving to IPv6 only below
their edge. T-Mobile's cellular data is IPv6 only for newer handset and
will become fully IPv6-only when the older handsets age off. IPv4 Internet
access is provided through some combination of NAT64/DNS64/464xlat. Comcast
isn't (to the best of my knowledge) hasn't yet made any moves in that
direction, but have presented on moving to IPv6 only offering IPv4 as a
service on top of it. Starting this past June 1 (from what I've heard)
Apple is requiring all apps submitted to their app store to support IPv6
only networks. The US Federal CIO is expanding IPv6 transition focus to
government enterprise networks from the previous, more Internet-based focus.

Again, those are just a handful of the large-scale efforts I've personally
heard about. But those are all some pretty significant players on the
Internet. And there are likely to be many more who aren't publicizing their
efforts. Of course, I happen to mostly pay attention to activity in the US,
so there's that selection bias in play as well.

Scott

Re: IPv6 deployment excuses

[Scott Morizot]

On Mon, Jul 4, 2016 at 11:28 AM, Matt Hoppes <
mattli...@rivervalleyinternet.net> wrote:

> Except the lady will eventually downsize. The college student will want
> more and lease the space.
>
> Also, the 49,000 Sq ft office space that has been leased for 10 years and
> never occupied will be taken back and released to someone who will actually
> develop it.
>

I'm not particularly fond of metaphors using physical resources like land
because physical changes do tend to happen slowly and carry substantial
inertia. As a result such metaphors break down pretty quickly. Internet
numbers are an abstraction with no physical component. As such, their
utility depends on how all the different players on the Internet behave.
Given that, it becomes a classic game theory problem.

It makes little practical difference if there are "enough" IPv4 numbers
theoretically available to serve the demand if only better allocated or
not. I agree with those who believe there aren't given the demands on the
infrastructure and the rate of growth, but that's largely irrelevant. Even
if there theoretically were 'enough' legacy numbers to fit some definition
of 'enough', do you actually believe the many and varied players on the
Internet will converge on that optimal utilization?

I certainly don't.

Nor is that the behavior we're seeing. We see players who have 'more than
enough' by some theoretical optimum utilization scheme conserving the
resources they have for transition. We see large players, who have the most
influence on the direction software and hardware makers move, somewhere in
transition to IPv6. Some are very advanced in their deployment, others are
earlier in it, but pretty much all of them are moving in that direction.

Given that reality and the way the Internet works, at some point in the not
too distant future we're more likely to see the Internet tip toward IPv6
than not. Nothing's certain, but that seems to be where the game is headed.
Once that happens, those caught behind the curve are more likely to suffer
loss than not. The safe bet is to be prepared beforehand, especially since
it's neither particularly difficult nor expensive to deploy IPv6. It's a
comparatively low cost hedge.

Of course, as more people hedge their bets that way, the likelihood that
IPv6 will also turn out to be the 'winning' bet increases, so it starts to
become a self-fulfilling prophecy.

But some people prefer risky bets. It's not clear to me what you actually
gain if you bet the farm on IPv4 and its utility remains more or less the
same for a decade. Any cost-savings over deploying IPv6 are likely going to
be more than consumed in renumbering efforts, purchasing IPv4 number
resources, and deploying/administering CGN equipment. So it actually looks
like a lose/lose scenario to me. But if you see some hypothetical advantage
you wish to pursue, go for it.

But if that hypothetical advantage depends on getting everyone on the
Internet to play along with your scheme for optimal IPv4 number
utilization? Well, good luck with that one.

Scott

Re: IPv6 deployment excuses

[Scott Morizot]

On Mon, Jul 4, 2016 at 7:44 AM, Matt Hoppes <
mattli...@rivervalleyinternet.net> wrote:

> I disagree. Any data center or hosting provider is going to continue to
> offer IPv4 lest they island themselves from subscribers who have IPv4 only
> - which no data center is going to do.
>
> Thus, as an ISP you can safely continue to run IPv4. Ipv4 won't be going
> away for at least ten years or more - if ever.
>

That's an interesting "bet the business" decision for an ISP to make. It's
not one a large ISP can make simply because they want to continue growing
their subscriber base and that's a losing proposition as far as profits go.
That's why all the big ISPs are either implementing IPv6 or actively
working to deploy it. So it seems you're saying that a small to medium
sized ISP can delay 10 or more years because all the content their
customers want will be available over IPv4.

And that's pretty much betting the entire business on what is basically
nothing more than a crystal ball. I don't know about you, but I think back
to the mid to late 80s and most ideas I saw about where technology would be
by the mid to late 90s were pretty inaccurate. Jump to the mid 2000s and
past projections were pretty off-base again. Shortly after that, mobile
computing really hit and the world today looks very little like it did
then. Do you really think someone should bet their entire business on your
ability to make Internet forecasts 10 years into the future?

Now, that's not to say I expect IPv4 to necessarily be mostly gone (from
the Internet, not private networks) in 10 years, though it wouldn't
particularly shock me either if things did work out that way. But I do
expect a tipping point will be reached well before then that reduces the
utility of IPv4. Technology changes on the Internet have not traditionally
been steady, gradual processes. Rather, they've had some sort of fairly
long lead time, a rapid spike of uptake, and then a flip from a 'new'
technology to something expected. There's then often something of a long
tail, but it can be pretty unpleasant to be forced to exist in that tail.
The attitude quickly switches to one of, "Oh, you're still using 'x'? You
should use 'y' instead. It's working fine." And issues with 'x' get lower
priority attention. And that 'flip', when it happens, tends to happy
relatively quickly.

Often, it can be difficult to predict if a new technology will overtake and
supplant an older one. The IPv6 transition, however, is being forced by
IPv4 exhaustion. That's putting a lot of technological and financial
pressure on most of the parties involved. As someone who works at an
enterprise that sees a lot of traffic, primarily from the US, we were
seeing a steady increase in IPv6 traffic from end users from practically
nothing in 2012 to around 15% in 2015. This year we've seen it spike to
25%-30%. So in the US, we may very well reach that tipping point within the
next couple of years. If we do, the utility of IPv4 will probably start to
degrade pretty rapidly as more attention and focus is placed on IPv6
connectivity. If that happens and you're still an IPv4 only edge/access
network that hasn't even begun planning an IPv6 deployment? That's apt to
be an uncomfortable experience.

But again, I'm not a prognosticator. I wouldn't have correctly guessed the
timing for any of the transitions I've seen in the past, though I did
sometimes come close to guessing the outcome. (That's one of the reasons I
started a small scale production deployment of Linux at my place of
employment back in the mid-90s, something we now have running on platforms
all the way up to our mainframes.) It looks to me like, in the US at least,
we're on the 'rapid uptake' slope of adoption. If that's the case, then
that tipping point is probably coming a lot sooner than 10 years out. You
could be right and everything will be fine for IPv4-only customers and
networks in 10 years. But that is most definitely a high stakes bet to
make. I certainly wouldn't be willing to make such a gamble.

I also want to note that enterprise or data center networks moving to IPv6
only does not necessarily involve NAT64 or any sort of translation. For any
large internet service, inbound connections are typically terminated at the
edge. A new connection is then established from the point of termination to
the data center resources. So Facebook, for instance, only needs to
dual-stack its edge. And if you use a 3rd part CDN for the edge, you don't
even have to do that. That's what other posters were pointing out.
Depending on its security profile, a large enterprise network might also
'proxy' outbound Internet traffic (primarily web, mail, DNS) already for
its internal users. If that's the case (as it is where I work) very little
outbound translation is required as well and only the outbound perimeter
services need to be dual-stacked long-term. So if an enterprise or data
center network operator isn't already thinking in terms of where they can
go 

Re: Netflix VPN detection - actual engineer needed

[Scott Morizot]

Nonsense. That is hardly their only option as many others have pointed out.
It's a deliberate and technically lazy choice to block 6in4 tunnels. Those
are not even vaguely the same thing as a VPN. They've decided to break
normal IPv6 support and do so in a way that does not even fall back to
IPv4. They deserve all the bad publicity that comes with such a
anti-customer decision and the blame for their implementation choices
cannot be passed back to the content providers.

Scott

On Mon, Jun 6, 2016 at 9:59 AM, Matthew Huff <mh...@ox.com> wrote:

> Netflix IS acting in their user's best interest. In order to provide
> content that the user's want, the content providers have mandated that they
> do their due diligence to block out of region users including VPN and open
> tunnel access. As Hulu and Amazon prime become more popular and their
> contracts with the content provides come due, they will have to also.
>
> You can argue about the content provides business model all you want, but
> Netflix has to do what they are doing. They aren't blocking IPv6 users,
> they are blocking users that are using VPNs and/or tunnels since their
> currently is no practical way of providing GEOIP information about that
> users that the content providers require.
>
>
> 
> Matthew Huff | 1 Manhattanville Rd
> Director of Operations   | Purchase, NY 10577
> OTA Management LLC   | Phone: 914-460-4039
> aim: matthewbhuff| Fax:   914-694-5669
>
> > -Original Message-
> > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Scott Morizot
> > Sent: Monday, June 6, 2016 10:50 AM
> > To: Mark Tinka <mark.ti...@seacom.mu>
> > Cc: NANOG list <nanog@nanog.org>
> > Subject: Re: Netflix VPN detection - actual engineer needed
> >
> > I have Hulu Plus and Amazon Prime. The only thing I would miss from
> > Netflix
> > is their Marvel original series. And I can live with that. I can't live
> > without my IPv6 enabled home network and Internet connection since
> > that's
> > an essential part of my job. (I'm the IPv6 transition technical lead
> > for a
> > large organization.) While I actually manage my home internet gateway
> > through a linux server and have fine-grained control over the firewall
> > rules, I'm still debating whether I care enough about a handful of
> > series
> > to continue paying a company that is deliberately acting against its
> > users'
> > interests. Right now I'm leaning toward no. But I'll discuss it with my
> > wife before making a final decision.
> >
> > Scott
> >
> > On Mon, Jun 6, 2016 at 8:03 AM, Mark Tinka <mark.ti...@seacom.mu>
> > wrote:
> >
> > >
> > >
> > > On 6/Jun/16 01:45, Damian Menscher wrote:
> > >
> > > >
> > > > Who are these non-technical Netflix users who accidentally stumbled
> > into
> > > > having a HE tunnel broker connection without their knowledge?  I
> > wasn't
> > > > aware this sort of thing could happen without user consent, and
> > would
> > > like
> > > > to know if I'm wrong.  Only thing I can imagine is if ISPs are
> > using HE
> > > as
> > > > a form of CGN.
> > >
> > > There are several networks around the world that rely on 6-in-4
> > because
> > > their local provider does not offer IPv6.
> > >
> > > Mark.
> > >
>

Re: Netflix VPN detection - actual engineer needed

[Scott Morizot]

I have Hulu Plus and Amazon Prime. The only thing I would miss from Netflix
is their Marvel original series. And I can live with that. I can't live
without my IPv6 enabled home network and Internet connection since that's
an essential part of my job. (I'm the IPv6 transition technical lead for a
large organization.) While I actually manage my home internet gateway
through a linux server and have fine-grained control over the firewall
rules, I'm still debating whether I care enough about a handful of series
to continue paying a company that is deliberately acting against its users'
interests. Right now I'm leaning toward no. But I'll discuss it with my
wife before making a final decision.

Scott

On Mon, Jun 6, 2016 at 8:03 AM, Mark Tinka  wrote:

>
>
> On 6/Jun/16 01:45, Damian Menscher wrote:
>
> >
> > Who are these non-technical Netflix users who accidentally stumbled into
> > having a HE tunnel broker connection without their knowledge?  I wasn't
> > aware this sort of thing could happen without user consent, and would
> like
> > to know if I'm wrong.  Only thing I can imagine is if ISPs are using HE
> as
> > a form of CGN.
>
> There are several networks around the world that rely on 6-in-4 because
> their local provider does not offer IPv6.
>
> Mark.
>

Re: Netflix NOC? VPN Mismarked?

[Scott Morizot]

Well, I live in the US and this is a North American specific list (NANOG)
and IPv6 is the resolution of those issues for us. I'm not particularly
familiar with the state of networking in the rest of the world, so have no
idea how much of an issue it is for them.

And yes, TVs stick around for a long time, but Smart TV (the kind that does
its own streaming) is relatively new category. I haven't personally
encountered one that doesn't do IPv6. I'm sure there are some models that
don't, but I'm wondering if there's any actual data available on that
question.
On Jan 28, 2016 11:46, "Chris Knipe"  wrote:

> On Thu, Jan 28, 2016 at 7:40 PM, Mike Hammett  wrote:
>
> > There's little reason to buy a newer TV more than every 5 - 10 years, so
> > many TVs will be stranded until (if) they have some unifying firmware.
> >
> >
> Well the TV is also meaningless if the CPE, and (at the very least) service
> provider don't support IPv6.  And yes, that is unfortunately reality.   If
> you look beyond the US and EU, and maybe Brazil, the rest of the world,
> unfortunately, is FAR from IPv6 adoption, and that *is* reality.
>
> Hence my initial comments... It's going to be many more years, before IPv6
> is the "fix" for any real problems currently experienced with IPv4.  Sad,
> but unfortunately, true.
>
> --
> Chris.
>

Re: Netflix NOC? VPN Mismarked?

[Scott Morizot]

On Jan 28, 2016 12:27, "Mikael Abrahamsson" <swm...@swm.pp.se> wrote:
>
> On Thu, 28 Jan 2016, Scott Morizot wrote:
>
>> Which brands are the ones that aren't supporting IPv6?
>
>
> I just checked a Samsung "smart TV", it's new enough to have 5GHz wifi, I
believe the model is 3 years old.
>

I must have just lucked out on the Sony and LG TVs I bought (2014 and
2015). IPv6 was not one of my purchasing criteria. It was just a pleasant
surprise.

I could have sworn the two Samsung TVs I set up for extended family last
year had IPv6 options, but they didn't have v6 running on their home
networks, so I didn't pay that much attention.

An odd coincidence, though, especially if most brands/models still don't
support v6.

Scott

Re: Netflix NOC? VPN Mismarked?

[Scott Morizot]

On Jan 28, 2016 08:21, "Mark Tinka"  wrote:
> On 28/Jan/16 15:46, Bacon Zombie wrote:
>
> > Do all "smart" TVs and Game consoles fully support IPv6 out of the box?
>
> The number is not non-zero, but it's not worth talking about based on
> the small sample I did in 2015.

I'm curious how you conducted this sample. I happened to have set up a
number of Smart TVs at home and for extended family over the past couple of
years. They've all supported IPv6 out of the box. It's not a 'feature' any
of them listed on their feature list. It was just part of their networking.
My home is IPv6 enabled and my TVs are running it just fine.

My personal, purely anecdotal experience is limited to Sony, Samsung, and
LG smart TVs. But that's a much larger than simply 'non-zero' segment of
the smart TV market. And smart TVs as a category aren't all that old.

Which brands are the ones that aren't supporting IPv6?

Scott

Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

[Scott Morizot]

On Fri, Oct 2, 2015 at 1:35 PM, Owen DeLong  wrote:

>
> > On Oct 1, 2015, at 21:47 , Rob McEwen  wrote:
> > Also, it seems so bizarre that in order to TRY to solve this, we have to
> make sure that MASSIVE numbers of individual IPv6 IP addresses.. that equal
> numbers that my calculate can't reach (too many digits)... would all be
> allocated to one single combined usage scenario. Then allocating only /48s
> multiples that number by 65K. Mind boggling
>
> You’ll get over that eventually. Once you get some experience with the
> conveniences and other advantages it brings, it’s actually pretty easy to
> wrap your head around.
>
>
I agree with Owen (and the others who have chimed in) on that one. As long
as you're thinking and talking about individual addresses you're stuck in
an IPv4 mindset. One of the points in having 64 bits reserved for the host
portion of the address is that you never need to think or worry about
individual addresses. IPv6 eliminates the address scarcity issue. There's
no reason to ever think about how many individual addresses are available
on any network. The answer is always more than enough. Instead you think
about networks and network size.

Also, good luck trying to shove the IPv6 genie back into the bottle. I
doubt you're going to have much success. I know my large organization has
seen the percentage of email traffic on our edge MTAs using IPv6 steadily
grow since we dual-stacked them back in 2012. It's been a while since I
checked with the organization responsible for them, but I believe it's
somewhere north of 10% of all email traffic now. (I know our heavily used
website has reached roughly 20% IPv6 traffic now.) So it's best to just
keep working on ways to manage spam in an IPv6 world since that's the
present reality.

Scott

Re: How long will it take to completely get rid of IPv4 or will it happen at all?

[Scott Morizot]

On Sat, Jun 27, 2015 at 9:38 AM, Bob Evans b...@fiberinternetcenter.com
wrote:

 What will come first ?
 A) the earths future core rotation changes altering the ionosphere in such
 a way that we are all exposed to continuous x-rays that shorten our
 lifespan
  OR
 B) the last IPv4 computer running will be reconfigured to IPv6

 Thank You
 Bob Evans
 CTO


At least from a large enterprise perspective, I don't really care when IPv4
is removed from that last computer. Instead, I care about how long it will
take us to eliminate IPv4 from most or all of our internal network and
confine its continued support to our dual-stacked public resources and
legacy support at our perimeter. In particular, our plans right now focus
on transitioning to a native IPv6-only wide area network providing legacy
protocol support where needed using LISP. (We already have LISP configured
and deployed to our largest sites.) We're in the process of ensuring all
clients are dual-stacked and deploying IPv6 to internal applications. We
are testing and developing a process to create IPv4 enclaves in our data
centers for applications that cannot timely transition fronted by NAT64 so
we can start removing IPv4 from our many smaller access network sites.

It's not really our problem or concern how long some people choose to keep
IPv4-only systems running, even as those systems increasingly become
second-class citizens on the network. Running a large, fully dual-stacked
enterprise network is overly-complex, increases costs, and imposes
limitations. As time proceeds, I expect most enterprises that haven't
already done so will reach a similar conclusion.

I've never worked at a carrier or ISP, so I have no particular insight into
the drivers pushing those sorts of networks. But the presentation by
Comcast on possible plans to provide long term legacy IPv4 support as an
overlay service suggest to me that the drivers are not completely
dissimilar from their perspective.

So it really doesn't matter that much how long IPv4 continues to exist in
one sense or another. It's the tipping point where much of the Internet
begins to treat it as a second-class citizen that really matters. I would
suggest most people will not like ending up on the wrong side of that curve.

My perspective, anyway.

Scott