Re: IPv6 and CDN's
On Fri, Nov 26, 2021 at 6:51 PM Oliver O'Boyle wrote: > They're getting better at it, at least. They also recently added v6 > support in their NLBs and you can get a /56 for every VPC for direct > access. I don't think they offer BYO v6 yet, as they do for v4, but it will > come. > Since we are deploying BYO IPv6 in AWS, I can assure you they do offer it now. That was a blocker for us. Scott
Re: DANE of SMTP Survey
On Wed, Jun 2, 2021 at 8:54 AM Bjørn Mork wrote: > Jeroen Massar via NANOG writes: > > > For many organisations DNSSEC is 'scary' and a burden as it feels > > 'fragile' for them. > > For "many"? Can you name one that doesn't feel like that? > > https://www.arin.net/vault/announcements/2019/20190204.html > > https://www.ripe.net/support/service-announcements/dnssec-validation-problem-with-ripe.net > > DNSSEC *is* scary, fragile and a burden. The question is whether the > alternatives are worse. > Certainly. It's probably not even difficult. My large organization doesn't find DNSSEC 'scary' or a burden and didn't even when we started in 2011. It was simply a technical challenge that needed to be designed and integrated. We have authoritative DNSSEC signing and recursive DNSSEC validation in place. Public and internal authoritative DNS is mostly signed and validation is enforced throughout our multi-layered recursive infrastructure. A number of other organizations also do DNSSEC and have been doing it. I know our Internet email team is aware of the use of DANE for SMTP TLS and are considering it, but DNSSEC is not a factor at all in their evaluation. It's a given, just part of the DNS infrastructure they use. And I'm not aware of any "alternative" that does what DNSSEC does. The only choice is whether you care about verifiable DNS response integrity or not. As far as 'fragile' goes, I assume that would be implementation dependent. There's no inherent reason an architecture would be 'fragile'. Or if you mean failure to properly maintain your zones will break your DNS, that would be true for any strong integrity assurance mechanism that could possibly be designed. Integrity assurance means if things are supposed to be secured and cannot be validated they will not resolve. That's an underlying requirement any mechanism would have to meet or it's not providing integrity assurance. Scott
Re: DOD prefixes and AS8003 / GRSCORP
On Mon, Apr 26, 2021 at 12:19 PM John Curran wrote: > I provide all of the above in the spirit of maximal transparency, but > there are indeed some practical limits to what can be provided. The > community should know that there was no special deal – only a clarification > that the USG sought that was both appropriate under the circumstances and > comparable to our handling other organizations that wished to move address > space around internally. > Thanks for that expanded clarification about the DoD agreement, John. I'll note that although my agency did not go so far as an additional signed agreement, we did confirm we retained the ability to move portions of our IPv4 networks, including networks we had not previously used publicly, as required to contracted services acting on our behalf or other bureaus in our department as operationally needed. I understand the DoD desire for clarification. Thanks again, Scott
Re: DOD prefixes and AS8003 / GRSCORP
On Mon, Apr 26, 2021 at 10:19 AM Bryan Fields wrote: > On 3/15/21 4:01 PM, Christopher Morrow wrote: > > is it possible that the DoD: > > 1) signed a lRSA (or really just an RSA) > > Just re-read this; I don't think the Federal Government is required to sign > the standard ARIN agreement. I believe they have a different agreement > with > ARIN. I did some searching, but can't find this easily on their website. > Unrelated to DoD, but as the member representative for a different Federal agency with both an LRSA and an RSA, I can definitely say that's not the case. There are no special rules for the US Federal Government. Scott
Re: Microsoft Exchange zero day
On Fri, Mar 5, 2021 at 4:26 PM Eric Kuhnke wrote: > ISPs/NSPs with customers running self hosted or on-premises Exchange may > want to be aware of this. > > > > https://krebsonsecurity.com/2021/03/at-least-3-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/ > > > https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ > Yes, and CISA released an alert and an emergency directive. https://us-cert.cisa.gov/ncas/current-activity/2021/03/03/cisa-issues-emergency-directive-and-alert-microsoft-exchange
Re: Gaming Consoles and IPv4
On Mon, Sep 28, 2020 at 8:30 AM Jeremy Bresley wrote: > I'm outside of Tampa (18th largest MSA in the US). The two providers > here, Spectrum (former Brighthouse area) and Frontier (bought out Verizon's > FIOS offering) are both IPv4 only (including on their SOHO/SMB offerings). > > So I'm stuck with doing an HE tunnel still for my IPv6 access. If anybody > has a petition to change this with these providers, let me know, happy to > sign it. > I empathize. My home provider, Suddenlink, is one of the laggards. Spectrum here in the Austin area, though, is fully IPv6 enabled. Last year I did a fair amount of testing at my younger son's apartment. It's frustrating. I don't have any sort of detailed breakdown because that's not our primary focus, but my very large organization has been supporting a daily average of between 50k-60k VPN remote workers from around the country in all sorts of locations. Because of COVD-19, it's been a significant percentage increase, though our normal levels are quite large. We see about a quarter of those incoming connections over IPv6. Most of our remote workers are non-technical so that's an indication of not just ISP deployment but penetration into their home networks. Again, we don't have any breakdown since that's not our primary focus, but it does provide a high level perspective. Scott
Draft of the next US Federal Government IPv6 guidance to civilian agencies memo released
Hello all, Since it's been released for comment on the Federal Register this week and it's something that potentially has ripple effects to network and equipment providers in the US especially, I thought some here might be interested in the following. Request for Comments on Updated Guidance for Completing the Transition to the Next Generation Internet Protocol, Internet Protocol Version 6 (IPv6) https://www.federalregister.gov/documents/2020/03/02/2020-04202/request-for-comments-on-updated-guidance-for-completing-the-transition-to-the-next-generation The draft memo itself is not necessarily straightforward to locate, but it is published on the Federal CIO website. https://www.cio.gov/assets/resources/internet-protocol-version6-draft.pdf The memo outlines the next mandated IPv6 transition step for US civilian agencies and establishes reporting requirements on their progress toward those mandated goals. The comment process is outlined in the Federal Register notice should anyone have comments they would like to submit. Scott
Re: D'oH III: In 3-D! Plot Twist from Google/Chrome, Vixie approves?
+1 On Wed, Oct 30, 2019 at 11:03 AM Todd Underwood wrote: > the relevant sentiment is: thanks for whitelisting a fixed number of them > so i can block them. >
Re: DNS Qtypes and class values are a social construct
On Fri, Apr 5, 2019 at 8:34 AM Cynthia Revström wrote: Hello Phillip, I feel like I have to say this, saying stuff like that "#triggered" is insensitive and as Alfie said, pretty tone deaf. Some of us live with and are working to better manage PTSD from complex trauma. I agree with Cynthia and can assure you "triggered" is not a joke or laughing matter for us. I also agree with Alfie and Cynthia regarding the original content. Scott
Re: Companies using public IP space owned by others for internal routing
On Sun, Dec 17, 2017 at 8:49 PM, Robert Webbwrote: > > From: Mark Andrews [mailto:ma...@isc.org] > > > On 18 Dec 2017, at 1:20 pm, Robert Webb wrote: > > > > > > Where I work I have the opposite issue. They have a lot of public IPv4 > > > space and only use it internally never be advertised to the internet. > > > Something I have never agreed With doing. > > > > Why? This is a perfectly legitimate use of the IP addresses. The > purpose of > > assigning addresses is so that they are unique WORLD WIDE in whatever > > context you wish to use them in. > > I going to guess you were talking about the use internally of public IP > addresses.. > > But there are rules governing what to use where. So it is OK to hoard > publicly addressable IPv4 IP's for internal > use that will never reach the outside world? No the way I have been taught. > > Maybe I just lack that big picture.. > > I think the big picture here is that they helped fund the development of IP and received large enough v4 allocations at the outset that they haven't had to use kludges like RFC1918 as much as most others have. It's not "hoarding" IPs if you're using them, whether or not you choose to advertise and make them accessible to other networks. It's the world everyone gets to live in with the current version of IP. Scott
Re: IPv6 deployment excuses - IPv6 only resources
On Mon, Jul 4, 2016 at 11:55 AM, Jacques Latourwrote: > > Is there a list of IPv6 only ISP or services? I'd be curious to trend > that somehow, by geography, service type, etc... if any. > Since "IPv6 only" right now is primarily about those portions of the network that are under a single organization's control, the rest of us will only know about them, for the most part, from reports from those organizations. As such, I doubt there's a list, per se, though somebody may be collecting one. Off the top of my head, Facebook has reported moving to IPv6 only below their edge. T-Mobile's cellular data is IPv6 only for newer handset and will become fully IPv6-only when the older handsets age off. IPv4 Internet access is provided through some combination of NAT64/DNS64/464xlat. Comcast isn't (to the best of my knowledge) hasn't yet made any moves in that direction, but have presented on moving to IPv6 only offering IPv4 as a service on top of it. Starting this past June 1 (from what I've heard) Apple is requiring all apps submitted to their app store to support IPv6 only networks. The US Federal CIO is expanding IPv6 transition focus to government enterprise networks from the previous, more Internet-based focus. Again, those are just a handful of the large-scale efforts I've personally heard about. But those are all some pretty significant players on the Internet. And there are likely to be many more who aren't publicizing their efforts. Of course, I happen to mostly pay attention to activity in the US, so there's that selection bias in play as well. Scott
Re: IPv6 deployment excuses
On Mon, Jul 4, 2016 at 11:28 AM, Matt Hoppes < mattli...@rivervalleyinternet.net> wrote: > Except the lady will eventually downsize. The college student will want > more and lease the space. > > Also, the 49,000 Sq ft office space that has been leased for 10 years and > never occupied will be taken back and released to someone who will actually > develop it. > I'm not particularly fond of metaphors using physical resources like land because physical changes do tend to happen slowly and carry substantial inertia. As a result such metaphors break down pretty quickly. Internet numbers are an abstraction with no physical component. As such, their utility depends on how all the different players on the Internet behave. Given that, it becomes a classic game theory problem. It makes little practical difference if there are "enough" IPv4 numbers theoretically available to serve the demand if only better allocated or not. I agree with those who believe there aren't given the demands on the infrastructure and the rate of growth, but that's largely irrelevant. Even if there theoretically were 'enough' legacy numbers to fit some definition of 'enough', do you actually believe the many and varied players on the Internet will converge on that optimal utilization? I certainly don't. Nor is that the behavior we're seeing. We see players who have 'more than enough' by some theoretical optimum utilization scheme conserving the resources they have for transition. We see large players, who have the most influence on the direction software and hardware makers move, somewhere in transition to IPv6. Some are very advanced in their deployment, others are earlier in it, but pretty much all of them are moving in that direction. Given that reality and the way the Internet works, at some point in the not too distant future we're more likely to see the Internet tip toward IPv6 than not. Nothing's certain, but that seems to be where the game is headed. Once that happens, those caught behind the curve are more likely to suffer loss than not. The safe bet is to be prepared beforehand, especially since it's neither particularly difficult nor expensive to deploy IPv6. It's a comparatively low cost hedge. Of course, as more people hedge their bets that way, the likelihood that IPv6 will also turn out to be the 'winning' bet increases, so it starts to become a self-fulfilling prophecy. But some people prefer risky bets. It's not clear to me what you actually gain if you bet the farm on IPv4 and its utility remains more or less the same for a decade. Any cost-savings over deploying IPv6 are likely going to be more than consumed in renumbering efforts, purchasing IPv4 number resources, and deploying/administering CGN equipment. So it actually looks like a lose/lose scenario to me. But if you see some hypothetical advantage you wish to pursue, go for it. But if that hypothetical advantage depends on getting everyone on the Internet to play along with your scheme for optimal IPv4 number utilization? Well, good luck with that one. Scott
Re: IPv6 deployment excuses
On Mon, Jul 4, 2016 at 7:44 AM, Matt Hoppes < mattli...@rivervalleyinternet.net> wrote: > I disagree. Any data center or hosting provider is going to continue to > offer IPv4 lest they island themselves from subscribers who have IPv4 only > - which no data center is going to do. > > Thus, as an ISP you can safely continue to run IPv4. Ipv4 won't be going > away for at least ten years or more - if ever. > That's an interesting "bet the business" decision for an ISP to make. It's not one a large ISP can make simply because they want to continue growing their subscriber base and that's a losing proposition as far as profits go. That's why all the big ISPs are either implementing IPv6 or actively working to deploy it. So it seems you're saying that a small to medium sized ISP can delay 10 or more years because all the content their customers want will be available over IPv4. And that's pretty much betting the entire business on what is basically nothing more than a crystal ball. I don't know about you, but I think back to the mid to late 80s and most ideas I saw about where technology would be by the mid to late 90s were pretty inaccurate. Jump to the mid 2000s and past projections were pretty off-base again. Shortly after that, mobile computing really hit and the world today looks very little like it did then. Do you really think someone should bet their entire business on your ability to make Internet forecasts 10 years into the future? Now, that's not to say I expect IPv4 to necessarily be mostly gone (from the Internet, not private networks) in 10 years, though it wouldn't particularly shock me either if things did work out that way. But I do expect a tipping point will be reached well before then that reduces the utility of IPv4. Technology changes on the Internet have not traditionally been steady, gradual processes. Rather, they've had some sort of fairly long lead time, a rapid spike of uptake, and then a flip from a 'new' technology to something expected. There's then often something of a long tail, but it can be pretty unpleasant to be forced to exist in that tail. The attitude quickly switches to one of, "Oh, you're still using 'x'? You should use 'y' instead. It's working fine." And issues with 'x' get lower priority attention. And that 'flip', when it happens, tends to happy relatively quickly. Often, it can be difficult to predict if a new technology will overtake and supplant an older one. The IPv6 transition, however, is being forced by IPv4 exhaustion. That's putting a lot of technological and financial pressure on most of the parties involved. As someone who works at an enterprise that sees a lot of traffic, primarily from the US, we were seeing a steady increase in IPv6 traffic from end users from practically nothing in 2012 to around 15% in 2015. This year we've seen it spike to 25%-30%. So in the US, we may very well reach that tipping point within the next couple of years. If we do, the utility of IPv4 will probably start to degrade pretty rapidly as more attention and focus is placed on IPv6 connectivity. If that happens and you're still an IPv4 only edge/access network that hasn't even begun planning an IPv6 deployment? That's apt to be an uncomfortable experience. But again, I'm not a prognosticator. I wouldn't have correctly guessed the timing for any of the transitions I've seen in the past, though I did sometimes come close to guessing the outcome. (That's one of the reasons I started a small scale production deployment of Linux at my place of employment back in the mid-90s, something we now have running on platforms all the way up to our mainframes.) It looks to me like, in the US at least, we're on the 'rapid uptake' slope of adoption. If that's the case, then that tipping point is probably coming a lot sooner than 10 years out. You could be right and everything will be fine for IPv4-only customers and networks in 10 years. But that is most definitely a high stakes bet to make. I certainly wouldn't be willing to make such a gamble. I also want to note that enterprise or data center networks moving to IPv6 only does not necessarily involve NAT64 or any sort of translation. For any large internet service, inbound connections are typically terminated at the edge. A new connection is then established from the point of termination to the data center resources. So Facebook, for instance, only needs to dual-stack its edge. And if you use a 3rd part CDN for the edge, you don't even have to do that. That's what other posters were pointing out. Depending on its security profile, a large enterprise network might also 'proxy' outbound Internet traffic (primarily web, mail, DNS) already for its internal users. If that's the case (as it is where I work) very little outbound translation is required as well and only the outbound perimeter services need to be dual-stacked long-term. So if an enterprise or data center network operator isn't already thinking in terms of where they can go
Re: Netflix VPN detection - actual engineer needed
Nonsense. That is hardly their only option as many others have pointed out. It's a deliberate and technically lazy choice to block 6in4 tunnels. Those are not even vaguely the same thing as a VPN. They've decided to break normal IPv6 support and do so in a way that does not even fall back to IPv4. They deserve all the bad publicity that comes with such a anti-customer decision and the blame for their implementation choices cannot be passed back to the content providers. Scott On Mon, Jun 6, 2016 at 9:59 AM, Matthew Huff <mh...@ox.com> wrote: > Netflix IS acting in their user's best interest. In order to provide > content that the user's want, the content providers have mandated that they > do their due diligence to block out of region users including VPN and open > tunnel access. As Hulu and Amazon prime become more popular and their > contracts with the content provides come due, they will have to also. > > You can argue about the content provides business model all you want, but > Netflix has to do what they are doing. They aren't blocking IPv6 users, > they are blocking users that are using VPNs and/or tunnels since their > currently is no practical way of providing GEOIP information about that > users that the content providers require. > > > > Matthew Huff | 1 Manhattanville Rd > Director of Operations | Purchase, NY 10577 > OTA Management LLC | Phone: 914-460-4039 > aim: matthewbhuff| Fax: 914-694-5669 > > > -Original Message- > > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Scott Morizot > > Sent: Monday, June 6, 2016 10:50 AM > > To: Mark Tinka <mark.ti...@seacom.mu> > > Cc: NANOG list <nanog@nanog.org> > > Subject: Re: Netflix VPN detection - actual engineer needed > > > > I have Hulu Plus and Amazon Prime. The only thing I would miss from > > Netflix > > is their Marvel original series. And I can live with that. I can't live > > without my IPv6 enabled home network and Internet connection since > > that's > > an essential part of my job. (I'm the IPv6 transition technical lead > > for a > > large organization.) While I actually manage my home internet gateway > > through a linux server and have fine-grained control over the firewall > > rules, I'm still debating whether I care enough about a handful of > > series > > to continue paying a company that is deliberately acting against its > > users' > > interests. Right now I'm leaning toward no. But I'll discuss it with my > > wife before making a final decision. > > > > Scott > > > > On Mon, Jun 6, 2016 at 8:03 AM, Mark Tinka <mark.ti...@seacom.mu> > > wrote: > > > > > > > > > > > On 6/Jun/16 01:45, Damian Menscher wrote: > > > > > > > > > > > Who are these non-technical Netflix users who accidentally stumbled > > into > > > > having a HE tunnel broker connection without their knowledge? I > > wasn't > > > > aware this sort of thing could happen without user consent, and > > would > > > like > > > > to know if I'm wrong. Only thing I can imagine is if ISPs are > > using HE > > > as > > > > a form of CGN. > > > > > > There are several networks around the world that rely on 6-in-4 > > because > > > their local provider does not offer IPv6. > > > > > > Mark. > > > >
Re: Netflix VPN detection - actual engineer needed
I have Hulu Plus and Amazon Prime. The only thing I would miss from Netflix is their Marvel original series. And I can live with that. I can't live without my IPv6 enabled home network and Internet connection since that's an essential part of my job. (I'm the IPv6 transition technical lead for a large organization.) While I actually manage my home internet gateway through a linux server and have fine-grained control over the firewall rules, I'm still debating whether I care enough about a handful of series to continue paying a company that is deliberately acting against its users' interests. Right now I'm leaning toward no. But I'll discuss it with my wife before making a final decision. Scott On Mon, Jun 6, 2016 at 8:03 AM, Mark Tinkawrote: > > > On 6/Jun/16 01:45, Damian Menscher wrote: > > > > > Who are these non-technical Netflix users who accidentally stumbled into > > having a HE tunnel broker connection without their knowledge? I wasn't > > aware this sort of thing could happen without user consent, and would > like > > to know if I'm wrong. Only thing I can imagine is if ISPs are using HE > as > > a form of CGN. > > There are several networks around the world that rely on 6-in-4 because > their local provider does not offer IPv6. > > Mark. >
Re: Netflix NOC? VPN Mismarked?
Well, I live in the US and this is a North American specific list (NANOG) and IPv6 is the resolution of those issues for us. I'm not particularly familiar with the state of networking in the rest of the world, so have no idea how much of an issue it is for them. And yes, TVs stick around for a long time, but Smart TV (the kind that does its own streaming) is relatively new category. I haven't personally encountered one that doesn't do IPv6. I'm sure there are some models that don't, but I'm wondering if there's any actual data available on that question. On Jan 28, 2016 11:46, "Chris Knipe"wrote: > On Thu, Jan 28, 2016 at 7:40 PM, Mike Hammett wrote: > > > There's little reason to buy a newer TV more than every 5 - 10 years, so > > many TVs will be stranded until (if) they have some unifying firmware. > > > > > Well the TV is also meaningless if the CPE, and (at the very least) service > provider don't support IPv6. And yes, that is unfortunately reality. If > you look beyond the US and EU, and maybe Brazil, the rest of the world, > unfortunately, is FAR from IPv6 adoption, and that *is* reality. > > Hence my initial comments... It's going to be many more years, before IPv6 > is the "fix" for any real problems currently experienced with IPv4. Sad, > but unfortunately, true. > > -- > Chris. >
Re: Netflix NOC? VPN Mismarked?
On Jan 28, 2016 12:27, "Mikael Abrahamsson" <swm...@swm.pp.se> wrote: > > On Thu, 28 Jan 2016, Scott Morizot wrote: > >> Which brands are the ones that aren't supporting IPv6? > > > I just checked a Samsung "smart TV", it's new enough to have 5GHz wifi, I believe the model is 3 years old. > I must have just lucked out on the Sony and LG TVs I bought (2014 and 2015). IPv6 was not one of my purchasing criteria. It was just a pleasant surprise. I could have sworn the two Samsung TVs I set up for extended family last year had IPv6 options, but they didn't have v6 running on their home networks, so I didn't pay that much attention. An odd coincidence, though, especially if most brands/models still don't support v6. Scott
Re: Netflix NOC? VPN Mismarked?
On Jan 28, 2016 08:21, "Mark Tinka"wrote: > On 28/Jan/16 15:46, Bacon Zombie wrote: > > > Do all "smart" TVs and Game consoles fully support IPv6 out of the box? > > The number is not non-zero, but it's not worth talking about based on > the small sample I did in 2015. I'm curious how you conducted this sample. I happened to have set up a number of Smart TVs at home and for extended family over the past couple of years. They've all supported IPv6 out of the box. It's not a 'feature' any of them listed on their feature list. It was just part of their networking. My home is IPv6 enabled and my TVs are running it just fine. My personal, purely anecdotal experience is limited to Sony, Samsung, and LG smart TVs. But that's a much larger than simply 'non-zero' segment of the smart TV market. And smart TVs as a category aren't all that old. Which brands are the ones that aren't supporting IPv6? Scott
Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")
On Fri, Oct 2, 2015 at 1:35 PM, Owen DeLongwrote: > > > On Oct 1, 2015, at 21:47 , Rob McEwen wrote: > > Also, it seems so bizarre that in order to TRY to solve this, we have to > make sure that MASSIVE numbers of individual IPv6 IP addresses.. that equal > numbers that my calculate can't reach (too many digits)... would all be > allocated to one single combined usage scenario. Then allocating only /48s > multiples that number by 65K. Mind boggling > > You’ll get over that eventually. Once you get some experience with the > conveniences and other advantages it brings, it’s actually pretty easy to > wrap your head around. > > I agree with Owen (and the others who have chimed in) on that one. As long as you're thinking and talking about individual addresses you're stuck in an IPv4 mindset. One of the points in having 64 bits reserved for the host portion of the address is that you never need to think or worry about individual addresses. IPv6 eliminates the address scarcity issue. There's no reason to ever think about how many individual addresses are available on any network. The answer is always more than enough. Instead you think about networks and network size. Also, good luck trying to shove the IPv6 genie back into the bottle. I doubt you're going to have much success. I know my large organization has seen the percentage of email traffic on our edge MTAs using IPv6 steadily grow since we dual-stacked them back in 2012. It's been a while since I checked with the organization responsible for them, but I believe it's somewhere north of 10% of all email traffic now. (I know our heavily used website has reached roughly 20% IPv6 traffic now.) So it's best to just keep working on ways to manage spam in an IPv6 world since that's the present reality. Scott
Re: How long will it take to completely get rid of IPv4 or will it happen at all?
On Sat, Jun 27, 2015 at 9:38 AM, Bob Evans b...@fiberinternetcenter.com wrote: What will come first ? A) the earths future core rotation changes altering the ionosphere in such a way that we are all exposed to continuous x-rays that shorten our lifespan OR B) the last IPv4 computer running will be reconfigured to IPv6 Thank You Bob Evans CTO At least from a large enterprise perspective, I don't really care when IPv4 is removed from that last computer. Instead, I care about how long it will take us to eliminate IPv4 from most or all of our internal network and confine its continued support to our dual-stacked public resources and legacy support at our perimeter. In particular, our plans right now focus on transitioning to a native IPv6-only wide area network providing legacy protocol support where needed using LISP. (We already have LISP configured and deployed to our largest sites.) We're in the process of ensuring all clients are dual-stacked and deploying IPv6 to internal applications. We are testing and developing a process to create IPv4 enclaves in our data centers for applications that cannot timely transition fronted by NAT64 so we can start removing IPv4 from our many smaller access network sites. It's not really our problem or concern how long some people choose to keep IPv4-only systems running, even as those systems increasingly become second-class citizens on the network. Running a large, fully dual-stacked enterprise network is overly-complex, increases costs, and imposes limitations. As time proceeds, I expect most enterprises that haven't already done so will reach a similar conclusion. I've never worked at a carrier or ISP, so I have no particular insight into the drivers pushing those sorts of networks. But the presentation by Comcast on possible plans to provide long term legacy IPv4 support as an overlay service suggest to me that the drivers are not completely dissimilar from their perspective. So it really doesn't matter that much how long IPv4 continues to exist in one sense or another. It's the tipping point where much of the Internet begins to treat it as a second-class citizen that really matters. I would suggest most people will not like ending up on the wrong side of that curve. My perspective, anyway. Scott