Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Owen DeLong]

>>> 
>>> Thus far, IPv6 has been the "Field of Dreams"  those of us who have
>>> built it, we know they have not yet come  (the IPv6 customers).  That's
>>> all this discussion is really about is "when will they come".
>> 
>> Some of us have quite a few IPv6 customers:
>> http://www.worldipv6launch.org/measurements/
>> And we see significant traffic from those users.  :-)
>> 
> 
> Maybe my isolation in silicon valley causes me to have a different IPv6
> experience. Not much IPv6 happening here. I heard Google my have topped
> over 2% traffic that is IPv6. Significant ? Not from where I am sitting.
> 

There’s actually lots of IPv6 happening in Silicon Valley. I’ve been running 
IPv6
for years and so has my employer. Your Google data is old… They’re well over 4%
and it’s been doubling about every 3-6 months, so I’d expect to see upwards of 
16%
by the end of the year, but remember, that’s traffic that chose IPv6 based on 
happy
eyeballs and doesn’t represent all traffic that could have gone IPv6 or even all
traffic that would have gone best over IPv6.

If Micr0$0ft would publish the stats of native vs. teredo from the xbox one, I 
bet
we’d have a better idea of what percentage of folks are running IPv6 for real.

I think it’s a lot more than you seem to believe.

Of the major consumer providers in the area, AT&T and SPRINT Wireless are
the only ones I’m aware of that are completely unable to do IPv6. Even some
of the smaller residential providers are now doing some IPv6 and I hear rumors
that some AT&T DSL and uVerse customers can now get IPv6.

> We give away the IPv6 to every business on a second port - to make their
> life easy and encourage them to play with it. Unfortunately, few try it at
> all.

We make IPv6 available to all of our customers on the same port which seems
to make their life even easier and many of our customers are using it. Perhaps
this is food for thought.

Owen

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Valdis . Kletnieks]

On Tue, 25 Mar 2014 09:55:21 -0400, Lee Howard said:

> Some of us have quite a few IPv6 customers:
> http://www.worldipv6launch.org/measurements/
> And we see significant traffic from those users.  :-)

I'm actually glad to see that we're no longer on the first page
of that list. ;)


pgpvBn_f_1ZcP.pgp
Description: PGP signature

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Bob Evans]

Bob Evans
CTO

>
>
> On 3/24/14 9:12 PM, "Bob Evans"  wrote:
>
>>
>>I agree with "one" thing herein
>>
>>> In order for IPv6 to truly work, everyone needs to be moving towards
>>>IPv6.
>>
>>Yep, chicken and the egg. I agree. We built an IPv6 "native" network - no
>>tunneling - no customers to speak of ... didn't even bother to start IPv6
>>peering on it.
>
> How would there be traffic if you have no peering?

4 IPv6 transits and a handful of customers. Today, we only provide fiber
service to businesses. Tiny traffic - no IPv6 peering at IX locations.

>
>
>>
>>An there you have it, how much is someone willing to pay for space in the
>>Internet casino. Well, it's much more than free and probably close to the
>>dollar level in the presentation by Lee Howard at an ARIN meeting (I
>> think
>>it was in Barbados or maybe I have that meeting place wrong and it was
>>NANOG) ... Well, $40/month per IP address will be the pain level for all
>>customers to finally cash-in the IPv4 chips and move to IPv6.
>
> I wish it was Barbados!
> NANOG56.
> http://www.nanog.org/meetings/nanog56/presentations/Wednesday/wed.general.h
> oward.24.wmv
>
>

Thanks Lee, I was hunting for that link.

>
>>
>>Thus far, IPv6 has been the "Field of Dreams"  those of us who have
>>built it, we know they have not yet come  (the IPv6 customers).  That's
>>all this discussion is really about is "when will they come".
>
> Some of us have quite a few IPv6 customers:
> http://www.worldipv6launch.org/measurements/
> And we see significant traffic from those users.  :-)
>

Maybe my isolation in silicon valley causes me to have a different IPv6
experience. Not much IPv6 happening here. I heard Google my have topped
over 2% traffic that is IPv6. Significant ? Not from where I am sitting.

>
>>
>>I know the core of the Internet will be IPv4 for many years. All one has
>>to do is talk to a few customer to find out that they are in no hurry.
>>It's a no-brainer, because , none of us charges a customer more than than
>>lunch money for an IPv4 address.
>
> Depends on what you mean by "core." For some values of "core," the
> Internet is already dual-stack.
>
>>
>>Now, if you tell me all the porn site owners were great net citizens,
>>ready to move to IPv6 and shut off IPv4 access, well then I can see
>> things
>>moving along much faster.
>
> Feel free to offer them a discount for dual-stack, and a deeper discount
> for IPv6-only.
> Unfortunately, I don't know any porn site operators, so I haven't been
> able to have conversations with them about the economics of IPv6.
>

We give away the IPv6 to every business on a second port - to make their
life easy and encourage them to play with it. Unfortunately, few try it at
all.

Bob

> Lee
>
>
>

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Lee Howard]

On 3/24/14 9:12 PM, "Bob Evans"  wrote:

>
>I agree with "one" thing herein
>
>> In order for IPv6 to truly work, everyone needs to be moving towards
>>IPv6.
>
>Yep, chicken and the egg. I agree. We built an IPv6 "native" network - no
>tunneling - no customers to speak of ... didn't even bother to start IPv6
>peering on it.

How would there be traffic if you have no peering?


>
>An there you have it, how much is someone willing to pay for space in the
>Internet casino. Well, it's much more than free and probably close to the
>dollar level in the presentation by Lee Howard at an ARIN meeting (I think
>it was in Barbados or maybe I have that meeting place wrong and it was
>NANOG) ... Well, $40/month per IP address will be the pain level for all
>customers to finally cash-in the IPv4 chips and move to IPv6.

I wish it was Barbados!
NANOG56. 
http://www.nanog.org/meetings/nanog56/presentations/Wednesday/wed.general.h
oward.24.wmv



>
>Thus far, IPv6 has been the "Field of Dreams"  those of us who have
>built it, we know they have not yet come  (the IPv6 customers).  That's
>all this discussion is really about is "when will they come".

Some of us have quite a few IPv6 customers:
http://www.worldipv6launch.org/measurements/
And we see significant traffic from those users.  :-)


>
>I know the core of the Internet will be IPv4 for many years. All one has
>to do is talk to a few customer to find out that they are in no hurry.
>It's a no-brainer, because , none of us charges a customer more than than
>lunch money for an IPv4 address.

Depends on what you mean by "core." For some values of "core," the
Internet is already dual-stack.

>
>Now, if you tell me all the porn site owners were great net citizens,
>ready to move to IPv6 and shut off IPv4 access, well then I can see things
>moving along much faster.

Feel free to offer them a discount for dual-stack, and a deeper discount
for IPv6-only.
Unfortunately, I don't know any porn site operators, so I haven't been
able to have conversations with them about the economics of IPv6.

Lee

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[TJ]

On Mon, Mar 24, 2014 at 9:12 PM, Bob Evans wrote:

>
> Thus far, IPv6 has been the "Field of Dreams"  those of us who have
> built it, we know they have not yet come  (the IPv6 customers).  That's
> all this discussion is really about is "when will they come".
>
> I know the core of the Internet will be IPv4 for many years. All one has
> to do is talk to a few customer to find out that they are in no hurry.
> It's a no-brainer, because , none of us charges a customer more than than
> lunch money for an IPv4 address.
>
>
While I will agree that it has taken longer than some of us thought /
expected I don't believe you can say no-one is coming.

My home (Comcast) & my phone (T-Mo) get native IPv6, automatically, no
extra charge - no special request - no special equipment.  Our "4g"
hotspots are all dual-stack. We recently got a new Verizon (landline)
circuit for a job-site - came with a /48 automatically.  The carriers drive
this part of the boat - and some of them are doing so quite nicely
(finally).  Not all, but some of the biggest have done the most work ==
more eyeballs.

The content side is doing better as well; again - not all, but the big ones
are good wins.

The customers, the normal people that is, don't know or care.  We know
that.  On the "enterprise side" there is of course the cost & burden of
dealing with the "legacy" network that still, largely, works as they
expect.  And in the govt it is even worse, despite some "mandates" to the
contrary.  But that too will shift over time - and needn't hold up anyone
else's plans.  And when people who do care have IPv6 at home/on their phone
they will start to push that into said enterprises ... like I am doing :).


/TJ

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Bob Evans]

I agree with "one" thing herein

> In order for IPv6 to truly work, everyone needs to be moving towards IPv6.

Yep, chicken and the egg. I agree. We built an IPv6 "native" network - no
tunneling - no customers to speak of ... didn't even bother to start IPv6
peering on it.

> Maintaining dual protocols for the entire internet is problematic,
> wasteful, and horribly
> inefficient at best. Bottom line, the internet outgrew IPv4 almost 30
> years ago and
> we’ve been using various hacks like NAT as a sort of IPv4 life-support
> ever since.

30 years - oh, come on now - maybe it outgrown on someone's EBITDA chart
they handed an investor. At least a couple of decades of exaggeration in
that number.

>
> Ask any doctor about the prospects for a patient on life support for years
> at a time
> and they will probably laugh at you. Patients rarely survive more than a
> few days
> on life support, let alone weeks, months, or even years.
>
> Yes, we’ve done really well with internet life support. So well that many
> have been
> lulled into a false sense of safety believing that these extreme measures
> can be
> continued indefinitely and scaled well beyond their breaking points.
>
> There is little visibility into the escalating cost and complexity of
> these measures
> and even less awareness of the relative ease of deploying IPv6 compared to
> most
> of these mechanisms.

Sorry Owen - bad analogy - unlike a person, IPv4 won't die because it
can't accommodate more - here's a reality analogy for you.

In the Internet Casino, all the Internet black jack tables are full. All
seats taken. The players don't want to play with the new blue chip IPv6
currency. So the house simply raises IPv4 green chip minimum limit for a
seat.

An there you have it, how much is someone willing to pay for space in the
Internet casino. Well, it's much more than free and probably close to the
dollar level in the presentation by Lee Howard at an ARIN meeting (I think
it was in Barbados or maybe I have that meeting place wrong and it was
NANOG) ... Well, $40/month per IP address will be the pain level for all
customers to finally cash-in the IPv4 chips and move to IPv6.

While the world is not capitalistic, the USA is. Just because it works in
Sweden doesn't mean it's ready to work here (Health Care). So what
percentage of web pages are my USA customers reading in foreign languages
?  Gee, the world doesn't need more IPv4 space to make an english page
available to reach a US customer. Not much when they move their language
base of users to IPv6 they will find they have plenty of IPv4 space left
over. And what percentage of my customer base needs to put up IPv6 web
pages ? Not many most of the world can't afford our goods - so that leaves
a small percentage of US sites that need IPv6 and probably already have
begun that in place.

Thus far, IPv6 has been the "Field of Dreams"  those of us who have
built it, we know they have not yet come  (the IPv6 customers).  That's
all this discussion is really about is "when will they come".

I know the core of the Internet will be IPv4 for many years. All one has
to do is talk to a few customer to find out that they are in no hurry. 
It's a no-brainer, because , none of us charges a customer more than than
lunch money for an IPv4 address.

Now, if you tell me all the porn site owners were great net citizens,
ready to move to IPv6 and shut off IPv4 access, well then I can see things
moving along much faster.

Bob Evans
Founder/CTO
Fiber Internet Center

>
> Owen
>
> On Mar 22, 2014, at 2:25 AM, Bryan Socha  wrote:
>
>> Fair point.   There are some situations that do need more than most, but
>> aren't they the ones that should be on ipv6 already???
>>
>> I know a few are shouldn't I be on ipv6 and that's fair too.   I'm
>> plqnnning some speaking engagements to cover that.  Its not blind and
>> ignoring.
>> On Mar 22, 2014 4:36 AM, "TJ"  wrote:
>>
>>> Millions of IPs don't matter in the face of X billions of people, and
>>> XX-XXX billions of devices - and this is just the near term estimate.
>>> (And don't forget utilization efficiency  - Millions of IPs is not
>>> millions of customers served.)
>>>
>>> Do IPv6.
>>> /TJ
>>>
>>> On Mar 22, 2014 3:09 AM, "Bryan Socha"  wrote:

 As someone growing in the end of ipv4, its all fake.Sure, the rirs
>>> will
 run out, but that's boring.Don't believe the fake auction sites.
 Fair price of IP at the end is $1 for bad Rep $2 for barely used, $3
 for
>>> no
 spam and $4 for legacy.Stop the inflation. Millions of IPS
 exist,
 there is no shortage and don't lie for rirs with IPS left.
>>>
>
>
>

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Owen DeLong]

On Mar 23, 2014, at 11:09 AM, Mark Tinka  wrote:

> On Sunday, March 23, 2014 06:57:26 PM Mark Andrews wrote:
> 
>> ISP's have done a good job of brain washing their
>> customers into thinking that they shouldn't be able to
>> run services from home. That all their machines
>> shouldn't have a globally unique address that is
>> theoritically reachable from everywhere.  That NAT is
>> normal and desiriable.
>> 
>> I was at work last week and because I have IPv6 at both
>> ends I could just log into the machines at home as
>> easily as if I was there. When I'm stuck using a IPv4
>> only service on the road I have to jump through lots of
>> hoops to reach the internal machines.
> 
> I expect this to change little in the enterprise space. I 
> think use of ULA and NAT66 will be one of the things 
> enterprises will push for, because how can a printer have a 
> public IPv6 address that is reachable directly from the 
> Internet, despite the fact that there is a properly 
> configured firewall at the perimetre offering half-decent 
> protection?
> 
> Mark.

So ULA the printers (if you must).

That doesn’t create a need for ULA on anything that talks to the internet, nor 
does it create a requirement to do NPT or NAT66.

Owen

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Owen DeLong]

On Mar 22, 2014, at 10:10 PM, John Levine  wrote:

>>> It will be a long time
>>> before the price of v4 rises high enough to make it
>>> worth the risk of going v6 only.
>> 
>> New ISP's are born everyday.
>> 
>> Some of them will be able to have a "Buy an ISP that has 
>> IPv4" or "Buy IPv4 space from known brokers" line item in 
>> their budget as part of their launch plans.
>> 
>> Most won't.
> 
> In Africa, I suppose, but here in North America, the few remaining
> ISPs that aren't part of giant cable or phone companies are hanging on
> by their teeth.
> 
> Also, although it is fashionable to say how awful CGN is, the users
> don't seem to mind it at all.
> 
> R's,
> John
> 

That depends on the level of service the users are already accustomed to.

The generally piss-poor average level of service in the US may not be as 
noticeably impacted by CGN as better services.

It also depends on the class of user. I know that I would pretty much be unable 
to continue subscribing to any provider that stuck me behind a CGN.

It would be interesting to get visibility into the opt-out rate for Verizon’s 
“Address Sharing” announcement.

Owen

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[John R. Levine]

How long, exactly, do you expect 3.2 billion unicast addresses to provide
enough addressing for 6.8+ billion people?


Oh, I'd say a decade.  Like I said, I have IPv6 on my server and my home 
broadband, which mostly works, with the emphasis on the mostly.



We've just barely started to move from the era of free IPv4 to the one
where you have to buy it, and from everyhing I see, there is vast
amounts of space that will be available once people realize they can
get real money for it.  The prices cited a couple of messages back
seem to be in the ballpark.  It will be a long time before the price
of v4 rises high enough to make it worth the risk of going v6 only.


Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Owen DeLong]

On Mar 22, 2014, at 12:36 PM, William Herrin  wrote:

> On Sat, Mar 22, 2014 at 11:54 AM, Justin M. Streiner
>  wrote:
>> On Sat, 22 Mar 2014, William Herrin wrote:
>>> On Sat, Mar 22, 2014 at 10:33 AM, Justin M. Streiner
>>>  wrote:
 
 All of these 'Hail Mary' options for 'saving' IPv4 really are pointless.
>>> 
>>> 
>>> IPv4 is like the U.S. Penny. It'll be useless long before it goes
>>> away. And right now it's far from useless.
>> 
>> Interesting analogy, but it misses the larger point.  The larger point is
>> that the ongoing effort to squeeze more mileage out of IPv4 will soon [1]
>> outweigh the mileage we (collectively) get out of it.
> 
> Hi Justin,
> 
> That's what I hear. Interesting thing though: it hasn't happened yet.
> IANA ran out of /8's and it didn't happen. The RIRs dropped to
> high-conservation mode on their final allocations and it didn't
> happen. How could that be?

I disagree with your assertion that it hasn’t happened. It _IS_ happening.

The cost of maintaining IPv4 is already going up and the increases will 
continue to become more dramatic over time.

Owen

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Owen DeLong]

IPv4 has already been trading around $10/address.

So the prices quoted a while back don’t make much sense to me.

Further, could you please quantify “vast”? How many /8 equivalents in
a “vast number”?

Until they ran out, APNIC was issuing approximately 1.5 /8s per month.

How long, exactly, do you expect 3.2 billion unicast addresses to provide
enough addressing for 6.8+ billion people?

Owen
On Mar 22, 2014, at 12:57 PM, John Levine  wrote:

>> In such a case, where you are still pushing the case for 
>> IPv4, how do you envisage things will look on your side when 
>> everybody else you want to talk to is either on IPv6, or 
>> frantically getting it turned up? Do you reckon anyone will 
>> have time to help you troubleshoot patchy (for example) IPv4 
>> connectivity when all the focus is on IPv6?
> 
> I've put that concern on my calendar for sometime around 2025.
> 
> People have been saying switch to IPv6 now Now NOW for about a decade,
> and you can only cry wolf so many times.  My servers do IPv6 through a
> tunnel from HE (thanks!) where the performance is only somewhat worse
> than the native v4, and my home cable has v6 that mostly works, but
> the key term there is mostly.  (The ISP had a fairly bad internal
> routing bug which apparently nobody noticed until I tracked down why
> my v6 connectivity was flaky, and I happened to know some senior
> people at the ISP who could understand what I was telling them about
> their internal routers.)
> 
> We've just barely started to move from the era of free IPv4 to the one
> where you have to buy it, and from everyhing I see, there is vast
> amounts of space that will be available once people realize they can
> get real money for it.  The prices cited a couple of messages back
> seem to be in the ballpark.  It will be a long time before the price
> of v4 rises high enough to make it worth the risk of going v6 only.
> 
> R's,
> John
> 
> 

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Owen DeLong]

Let’s assume, for a moment, that there are 32 /8s out there that could be 
reclaimed.

Let’s further assume that renumbering out of a /8 takes, on average, about 18 
months.
(That’s moving almost 1,000,000 customers per month on average, potentially).

Even if we got all 32 /8 equivalents back over the next 18 months, it would 
only buy
us approximately 2 years of additional IPv4 life-span when divvied up among 
APNIC,
RIPE, etc.

The IPv4 situation is not artificial. IPv4 is being maintained well past its 
useful life
at great cost.

Owen

On Mar 22, 2014, at 2:30 AM, Bryan Socha  wrote:

> Oh btw, how many ipv4s are you hording with zero justification to keep
> them?   I was unpopular during apricot for not liking the idea of no
> liability leasing of v4. I don't like this artificial v4 situation
> every eyeball network created.Why is v4 a commodity and asset?   Where
> is the audits.I can justify my 6 /14s, can you still?
> On Mar 22, 2014 4:36 AM, "TJ"  wrote:
> 
>> Millions of IPs don't matter in the face of X billions of people, and
>> XX-XXX billions of devices - and this is just the near term estimate.
>> (And don't forget utilization efficiency  - Millions of IPs is not
>> millions of customers served.)
>> 
>> Do IPv6.
>> /TJ
>> 
>> On Mar 22, 2014 3:09 AM, "Bryan Socha"  wrote:
>>> 
>>> As someone growing in the end of ipv4, its all fake.Sure, the rirs
>> will
>>> run out, but that's boring.Don't believe the fake auction sites.
>>> Fair price of IP at the end is $1 for bad Rep $2 for barely used, $3 for
>> no
>>> spam and $4 for legacy.Stop the inflation. Millions of IPS exist,
>>> there is no shortage and don't lie for rirs with IPS left.
>> 

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Owen DeLong]

In order for IPv6 to truly work, everyone needs to be moving towards IPv6.

Maintaining dual protocols for the entire internet is problematic, wasteful, 
and horribly
inefficient at best. Bottom line, the internet outgrew IPv4 almost 30 years ago 
and
we’ve been using various hacks like NAT as a sort of IPv4 life-support ever 
since.

Ask any doctor about the prospects for a patient on life support for years at a 
time
and they will probably laugh at you. Patients rarely survive more than a few 
days
on life support, let alone weeks, months, or even years.

Yes, we’ve done really well with internet life support. So well that many have 
been
lulled into a false sense of safety believing that these extreme measures can be
continued indefinitely and scaled well beyond their breaking points.

There is little visibility into the escalating cost and complexity of these 
measures
and even less awareness of the relative ease of deploying IPv6 compared to most
of these mechanisms.

Owen

On Mar 22, 2014, at 2:25 AM, Bryan Socha  wrote:

> Fair point.   There are some situations that do need more than most, but
> aren't they the ones that should be on ipv6 already???
> 
> I know a few are shouldn't I be on ipv6 and that's fair too.   I'm
> plqnnning some speaking engagements to cover that.  Its not blind and
> ignoring.
> On Mar 22, 2014 4:36 AM, "TJ"  wrote:
> 
>> Millions of IPs don't matter in the face of X billions of people, and
>> XX-XXX billions of devices - and this is just the near term estimate.
>> (And don't forget utilization efficiency  - Millions of IPs is not
>> millions of customers served.)
>> 
>> Do IPv6.
>> /TJ
>> 
>> On Mar 22, 2014 3:09 AM, "Bryan Socha"  wrote:
>>> 
>>> As someone growing in the end of ipv4, its all fake.Sure, the rirs
>> will
>>> run out, but that's boring.Don't believe the fake auction sites.
>>> Fair price of IP at the end is $1 for bad Rep $2 for barely used, $3 for
>> no
>>> spam and $4 for legacy.Stop the inflation. Millions of IPS exist,
>>> there is no shortage and don't lie for rirs with IPS left.
>> 

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Mark Tinka]

On Sunday, March 23, 2014 11:02:13 PM Mark Andrews wrote:

> Actually all you have stated in that printer vendors need
> to clean up their act and not that one shouldn't expect
> to be able to expose a printer to the world.  It isn't
> hard to do this correctly.  It also does not cost much
> on a per device basis.

Well, all consumer device vendors, really...

Mark.


signature.asc
Description: This is a digitally signed message part.

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Matt Palmer]

On Sat, Mar 22, 2014 at 07:57:04PM -, John Levine wrote:
> >In such a case, where you are still pushing the case for 
> >IPv4, how do you envisage things will look on your side when 
> >everybody else you want to talk to is either on IPv6, or 
> >frantically getting it turned up? Do you reckon anyone will 
> >have time to help you troubleshoot patchy (for example) IPv4 
> >connectivity when all the focus is on IPv6?
> 
> I've put that concern on my calendar for sometime around 2025.
> 
> People have been saying switch to IPv6 now Now NOW for about a decade,
> and you can only cry wolf so many times.

You've got to remember what happened to the boy who cried wolf, though.  He
eventually got eaten.

The difference here, though, is that the people crying wolf in *this* fairy
tale are already safely up the IPv6 tree.  It's the people who aren't
listening who are going to get eaten.

- Matt

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Mark Andrews]

In message <532f42aa.9000...@foobar.org>, Nick Hilliard writes:
> On 23/03/2014 18:39, Mark Andrews wrote:
> > As for printers directly reachable from anywhere, why not.
> 
> because in practice it's an astonishingly stupid idea.  Here's why:
> 
> chargen / other small services
> ssh
> www
> buffer overflows
> open smtp relays
> weak, default or non existent passwords
> information leakage from non-protected services
> 
> and so forth.
>
> Nothing wrong with global reachability, don't get me wrong - and if I
> thought for a pico-second that printers or any other connectible device
> took even the most basic steps at handling security fundamentals, I might
> even be ok about the idea.
> 
> But they don't: printer drivers and interface firmware are written by
> people whose only ability is relaying eps and pcl files from one socket to
> another and pumping their code full of rage-inducing bloatware, the only
> purpose of which is to serve the blind whims of idiotic product managers
> who derive a sadistic satisfaction from ensuring that their products
> interfere as much as humanly possible with the process of committing ink
> and toner to paper.  Security management doesn't even get a look in.
> 
> 12 months after market debut, printer firmware updates cease forever for
> that particular model, and the inevitable result is a line-rate bot spewing
> obnoxious crap until the day that the device is thrown on to the scrap heap
> that it deserved when it was first unpacked.
> 
> Exactly the same principal applies to pretty much any consumer device,
> although I admit that printers are worse offenders than most.
> 
> We can all agree that what's needed here is full consumer choice and the
> ability to address things globally, should one desire to do so.  In
> practice, default deny is more sensible approach to handling the reality of
> connecting devices to a public network.
> 
> Nick

Actually all you have stated in that printer vendors need to clean
up their act and not that one shouldn't expect to be able to expose
a printer to the world.  It isn't hard to do this correctly.  It
also does not cost much on a per device basis.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Nick Hilliard]

On 23/03/2014 18:39, Mark Andrews wrote:
> As for printers directly reachable from anywhere, why not.

because in practice it's an astonishingly stupid idea.  Here's why:

chargen / other small services
ssh
www
buffer overflows
open smtp relays
weak, default or non existent passwords
information leakage from non-protected services

and so forth.

Nothing wrong with global reachability, don't get me wrong - and if I
thought for a pico-second that printers or any other connectible device
took even the most basic steps at handling security fundamentals, I might
even be ok about the idea.

But they don't: printer drivers and interface firmware are written by
people whose only ability is relaying eps and pcl files from one socket to
another and pumping their code full of rage-inducing bloatware, the only
purpose of which is to serve the blind whims of idiotic product managers
who derive a sadistic satisfaction from ensuring that their products
interfere as much as humanly possible with the process of committing ink
and toner to paper.  Security management doesn't even get a look in.

12 months after market debut, printer firmware updates cease forever for
that particular model, and the inevitable result is a line-rate bot spewing
obnoxious crap until the day that the device is thrown on to the scrap heap
that it deserved when it was first unpacked.

Exactly the same principal applies to pretty much any consumer device,
although I admit that printers are worse offenders than most.

We can all agree that what's needed here is full consumer choice and the
ability to address things globally, should one desire to do so.  In
practice, default deny is more sensible approach to handling the reality of
connecting devices to a public network.

Nick

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Mark Tinka]

On Sunday, March 23, 2014 09:24:35 PM Cb B wrote:

> My hope is that folks stop equating firewalls with
> security, when the first step is to secure the host,
> accountability is with the host, then layer other tools
> as needed.

I couldn't agree more.

As an example, your home PC (whose OS wasn't updated in 
months because the wife and kids can't be asked) is hit via 
HTTP in a way your CPE firewall couldn't prevent. It is then 
used to re-attack other appliances in your home that have 
poor software with no security features.

CPE firewalls won't do anything about that.

I support vendors of all kinds (Tv's, microwaves, STB's, 
home theatre systems, video game consoles, e.t.c.) to 
include some kind of localized security features that 
augment what a CPE firewall can offer. This will be even 
more critical, I think, to getting homes and offices to 
accept the use of GUA's on the LAN, if we have any hopes of 
finally getting rid of NAT with IPv6, at the scale we have 
it in IPv4.

Mark.


signature.asc
Description: This is a digitally signed message part.

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Cb B]

On Sun, Mar 23, 2014 at 12:13 PM, Mark Tinka  wrote:
> On Sunday, March 23, 2014 09:05:54 PM Cb B wrote:
>
>> i would say the more appropriate place for this policy is
>> the printer, not a firewall.  For example, maybe a
>> printer should only be ULA or LLA by default.
>>
>> i would hate for people to think that a middle box is
>> required, when the best place to provide security is in
>> the host.  Other layers are needed as required, but it
>> is sad that we don't look to the host it self as a first
>> step.
>
> I would support adding security at the host-level,
> especially because with a centralized firewall, internal
> infrastructure is usually left wide open to internal staff,
> with trust being the rope we all hang on to to keep things
> running.
>
> However, if pratical running of the Internet has taught us
> anything, host-based firewalling (especially in purpose-
> specific devices like printers, Tv sets, IP phones, IP
> cameras, e.t.c.) is a long way away from what you can get
> with a centralized firewall appliance.
>
> Do I like it? No. I run a simple packet filter (IPfw) on my
> MacBook - it does what I need. But we know Joe and Jane
> won't want things they can't click; and even though they had
> things they could click, they don't want to have to
> understand all these geeky things about their computers.
>
> Mark.

Mark, i think we are largely on the same page.

I believe that "home firewalls" in the residential broadband space are
likely the most insecure part of the entire internet.  They are very
rarely updated with software and frequently ship with terrible
terrible bugs, much worse than what we have seen in Windows for the
last 10 years.

For example,

 
http://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco-sa-20140110-sbd

Why try to hack all the devices in your home when the hackers can
simply crack your CPE / firewall / router and own all your traffic,
reset your DNS server to a malware box, .  I am sure this
community knows there are many many more problems just like this one
in CPE.

I don't see a lot of accountability or change in this space, yet
people believe these firewalls help.

My hope is that folks stop equating firewalls with security, when the
first step is to secure the host, accountability is with the host,
then layer other tools as needed.

CB

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Mark Tinka]

On Sunday, March 23, 2014 09:05:54 PM Cb B wrote:

> i would say the more appropriate place for this policy is
> the printer, not a firewall.  For example, maybe a 
> printer should only be ULA or LLA by default.
> 
> i would hate for people to think that a middle box is
> required, when the best place to provide security is in
> the host.  Other layers are needed as required, but it
> is sad that we don't look to the host it self as a first
> step.

I would support adding security at the host-level, 
especially because with a centralized firewall, internal 
infrastructure is usually left wide open to internal staff, 
with trust being the rope we all hang on to to keep things 
running.

However, if pratical running of the Internet has taught us 
anything, host-based firewalling (especially in purpose-
specific devices like printers, Tv sets, IP phones, IP 
cameras, e.t.c.) is a long way away from what you can get 
with a centralized firewall appliance. 

Do I like it? No. I run a simple packet filter (IPfw) on my 
MacBook - it does what I need. But we know Joe and Jane 
won't want things they can't click; and even though they had 
things they could click, they don't want to have to 
understand all these geeky things about their computers.

Mark.


signature.asc
Description: This is a digitally signed message part.

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Cb B]

On Sun, Mar 23, 2014 at 11:27 AM, Philip Dorr  wrote:
> On Mar 23, 2014 1:11 PM, "Mark Tinka"  wrote:
>>
>> On Sunday, March 23, 2014 06:57:26 PM Mark Andrews wrote:
>>
>> > I was at work last week and because I have IPv6 at both
>> > ends I could just log into the machines at home as
>> > easily as if I was there. When I'm stuck using a IPv4
>> > only service on the road I have to jump through lots of
>> > hoops to reach the internal machines.
>>
>> I expect this to change little in the enterprise space. I
>> think use of ULA and NAT66 will be one of the things
>> enterprises will push for, because how can a printer have a
>> public IPv6 address that is reachable directly from the
>> Internet, despite the fact that there is a properly
>> configured firewall at the perimetre offering half-decent
>> protection?
>
> That is what a firewall is for.  Drop new inbound connections, allow
> related, and allow outbound.  Then you allow specific IP/ports to have
> inbound traffic.  You may also only allow outbound traffic for specific
> ports, or from your proxy.

i would say the more appropriate place for this policy is the printer,
not a firewall.  For example, maybe a  printer should only be ULA or
LLA by default.

i would hate for people to think that a middle box is required, when
the best place to provide security is in the host.  Other layers are
needed as required, but it is sad that we don't look to the host it
self as a first step.

CB

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Mark Tinka]

On Sunday, March 23, 2014 08:39:51 PM Mark Andrews wrote:
 
> Can I suggest that you re-read what I said.  I did not
> say "WILL BE REACHABLE".  I said "THEORETICALLY
> REACHABLE".  I also said "GLOBAL UNIQUE" address not
> "PUBLIC ADDRESS".
> 
> The point is one should be able to get addresses with
> these properties. It's your decision about whether to
> use all the properties the addresses have.

I was agreeing with you, not speaking against you, Mark.

> As for printers directly reachable from anywhere, why
> not.  We do have the technology to authenticate requests
> regardless of the IP address the request originates
> from.  Whether that is built into your printer or not is
> a purchasing decision.  I see nothing wrong with being
> able to print out something from the other side of the
> world for someone else to pick up.  The cost to do this
> shoudn't amount to more than a couple of cents in the
> printer's price as it is all one off engineering.

That question was rhetorical - everybody on this list 
already knows the answer :-).

Mark.


signature.asc
Description: This is a digitally signed message part.

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Mark Tinka]

On Sunday, March 23, 2014 08:35:48 PM Saku Ytti wrote:

> Or IT isn't buying the 'renumbering is easy' argument,
> for any non-trivial size company even figuring how where
> exactly can be IP addresses punched out statically would
> be expensive and long process.
> If you are pushing for customer to use your PA in their
> LAN, I'm guessing net-result is you should never reclaim
> those addresses after customer leaves, since chances
> are, some customers won't renumber, but will 1:1 NAT
> your PA to new operator PA, and your next customer with
> this block will complain about reachability problems to
> this other customer.

In all fairness, I'm not so sure, as operators, that we want 
to push our PA space as assignments to customers in IPv6-
land.

Yes, it makes sense, but then again, it's not hard for 
enterprises to obtain PI space from $favorite_registry. Yes, 
that will pollute the routing table and potentially mean 
your customer can run away from you at any time. But IPv6 is 
so vast, and as you rightly point out, Saku, it might be 
unreasonable for us to expect the enterprise to renumber 
when they churn and take their business elsewhere. It, 
physically, is a lot of work.

So while I have lots of /56's and /48's to assign to 
customers from my /32, I'm not sure I want to actively 
encourage it, unless as a last resort.

Of course, assigning this to broadband users makes more 
sense, as use is generally temporary and well controlled.

Mark.


signature.asc
Description: This is a digitally signed message part.

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Mark Tinka]

On Sunday, March 23, 2014 08:30:21 PM Laszlo Hanyecz wrote:

> As far as the enterprise side of things, many of the
> people working in that area today have likely never
> known any other kind of network except the NAT kind.  A
> lot of these guys say things like 'private ip' and
> 'public ip' - they've have this ingrained in them for
> the past 15+ years, and the idea of real internet is
> scary.  I'm not sure how this problem of education is
> addressed, and it might sound stupid, but it's a real
> problem.

And to add to that, those of us that will welcome GUA IPv6 
addresses in the home now have to find CPE that has decent 
firewall infrastructure that won't impact performance.

Modern CPE do have some firewall features, but there is tons 
of emphasis on NAT and port forwarding.

I'd hate to see CPE vendors focusing on NAT66 instead of 
proper firewall services that can scale with traffic.

Mark.


signature.asc
Description: This is a digitally signed message part.

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Mark Tinka]

On Sunday, March 23, 2014 08:27:57 PM Philip Dorr wrote:
 
> That is what a firewall is for.  Drop new inbound
> connections, allow related, and allow outbound.  Then
> you allow specific IP/ports to have inbound traffic. 
> You may also only allow outbound traffic for specific
> ports, or from your proxy.

How many enterprise installations do you know that favour 
firewall use for NAT rather than actual firewalling?

Mark.


signature.asc
Description: This is a digitally signed message part.

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Mark Andrews]

In message <201403232009.47085.mark.ti...@seacom.mu>, Mark Tinka writes:
> On Sunday, March 23, 2014 06:57:26 PM Mark Andrews wrote:
>
> > ISP's have done a good job of brain washing their
> > customers into thinking that they shouldn't be able to
> > run services from home. That all their machines
> > shouldn't have a globally unique address that is
> > theoritically reachable from everywhere.  That NAT is
> > normal and desiriable.
> >
> > I was at work last week and because I have IPv6 at both
> > ends I could just log into the machines at home as
> > easily as if I was there. When I'm stuck using a IPv4
> > only service on the road I have to jump through lots of
> > hoops to reach the internal machines.
>
> I expect this to change little in the enterprise space. I
> think use of ULA and NAT66 will be one of the things
> enterprises will push for, because how can a printer have a
> public IPv6 address that is reachable directly from the
> Internet, despite the fact that there is a properly
> configured firewall at the perimetre offering half-decent
> protection?
>
> Mark.

Can I suggest that you re-read what I said.  I did not say "WILL
BE REACHABLE".  I said "THEORETICALLY REACHABLE".  I also said
"GLOBAL UNIQUE" address not "PUBLIC ADDRESS".

The point is one should be able to get addresses with these properties.
It's your decision about whether to use all the properties the
addresses have.

As for printers directly reachable from anywhere, why not.  We do
have the technology to authenticate requests regardless of the IP
address the request originates from.  Whether that is built into
your printer or not is a purchasing decision.  I see nothing wrong
with being able to print out something from the other side of the
world for someone else to pick up.  The cost to do this shoudn't
amount to more than a couple of cents in the printer's price as it
is all one off engineering.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Saku Ytti]

On (2014-03-23 20:09 +0200), Mark Tinka wrote:

> I expect this to change little in the enterprise space. I 
> think use of ULA and NAT66 will be one of the things 
> enterprises will push for, because how can a printer have a 
> public IPv6 address that is reachable directly from the 
> Internet, despite the fact that there is a properly 
> configured firewall at the perimetre offering half-decent 
> protection?

Or IT isn't buying the 'renumbering is easy' argument, for any non-trivial
size company even figuring how where exactly can be IP addresses punched out
statically would be expensive and long process.
If you are pushing for customer to use your PA in their LAN, I'm guessing
net-result is you should never reclaim those addresses after customer leaves,
since chances are, some customers won't renumber, but will 1:1 NAT your PA to
new operator PA, and your next customer with this block will complain about
reachability problems to this other customer.

But at least we can hope it'll be 1:1 NAT + ULA, which I would suggest to my
enterprise customers who won't want to get PI or become LIR.

-- 
  ++ytti

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Laszlo Hanyecz]

On Mar 23, 2014, at 4:57 PM, Mark Andrews  wrote:

> 
> 
> Basically because none of them have ever been on the Internet proper
> where they can connect to their home machines from wherever they
> are in the world directly.  If you don't know what it should be
> like you don't complain when you are not getting it.
> 

It's ironic that those of us that do understand this are mostly the same ones 
saying that it's ok to give 'the users' NAT.  The reality is that some 
(many/most/all?) of our 'users' are probably smarter than us and they just get 
around it with VPNs/tunnels just like we do.  Just because they aren't 
complaining directly to us, doesn't mean they are satisfied.  Every gamer with 
a console is basically screwed - they have to jump through hoops trying to 
figure out how to forward ports or whatever else, because these home routers 
all give them NAT.  We can probably argue cause/effect on this, but it's all 
tied together - those routers wouldn't have had to do NAT if they could somehow 
request unique numbers for each device.. but now carriers are doing that same 
NAT internally, because hey, 'the users' are already used to it anyway, from 
having done it on their home gateways. 

It's not that the users are ok with NAT, or that they prefer it, it's just all 
they can get.
IPv6 is far from perfect, but it's a direct answer to the resource exhaustion 
problem.  It seems unlikely that IPv4 will ever be dropped, but it can be made 
largely irrelevant by building out IPv6 networks.

As far as the enterprise side of things, many of the people working in that 
area today have likely never known any other kind of network except the NAT 
kind.  A lot of these guys say things like 'private ip' and 'public ip' - 
they've have this ingrained in them for the past 15+ years, and the idea of 
real internet is scary.  I'm not sure how this problem of education is 
addressed, and it might sound stupid, but it's a real problem.

The other side of things is that some software vendors with large market share 
are doing their own share of actively trying to undermine IPv6 deployment in 
subtle ways.  You can read RFC6555 for the details.  Just as an example, on Mac 
OS, users accessing a dual stack website from a dual stack host may not ever 
actually take the IPv6 path, so if there are people auditing how many clients 
are using v4 vs v6 they would get skewed results.

I know everyone has their own parameters that define what's worth it and what's 
not, but I think most people's lives would be made easier by embracing IPv6.

-Laszlo


> ISP's have done a good job of brain washing their customers into
> thinking that they shouldn't be able to run services from home.
> That all their machines shouldn't have a globally unique address
> that is theoritically reachable from everywhere.  That NAT is normal
> and desiriable.
> 
> I was at work last week and because I have IPv6 at both ends I could
> just log into the machines at home as easily as if I was there.
> When I'm stuck using a IPv4 only service on the road I have to jump
> through lots of hoops to reach the internal machines.
> 
> Mark
> 
>> R's,
>> John
>> 
>> 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
> 

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Philip Dorr]

On Mar 23, 2014 1:11 PM, "Mark Tinka"  wrote:
>
> On Sunday, March 23, 2014 06:57:26 PM Mark Andrews wrote:
>
> > I was at work last week and because I have IPv6 at both
> > ends I could just log into the machines at home as
> > easily as if I was there. When I'm stuck using a IPv4
> > only service on the road I have to jump through lots of
> > hoops to reach the internal machines.
>
> I expect this to change little in the enterprise space. I
> think use of ULA and NAT66 will be one of the things
> enterprises will push for, because how can a printer have a
> public IPv6 address that is reachable directly from the
> Internet, despite the fact that there is a properly
> configured firewall at the perimetre offering half-decent
> protection?

That is what a firewall is for.  Drop new inbound connections, allow
related, and allow outbound.  Then you allow specific IP/ports to have
inbound traffic.  You may also only allow outbound traffic for specific
ports, or from your proxy.

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Mark Tinka]

On Sunday, March 23, 2014 06:57:26 PM Mark Andrews wrote:

> ISP's have done a good job of brain washing their
> customers into thinking that they shouldn't be able to
> run services from home. That all their machines
> shouldn't have a globally unique address that is
> theoritically reachable from everywhere.  That NAT is
> normal and desiriable.
> 
> I was at work last week and because I have IPv6 at both
> ends I could just log into the machines at home as
> easily as if I was there. When I'm stuck using a IPv4
> only service on the road I have to jump through lots of
> hoops to reach the internal machines.

I expect this to change little in the enterprise space. I 
think use of ULA and NAT66 will be one of the things 
enterprises will push for, because how can a printer have a 
public IPv6 address that is reachable directly from the 
Internet, despite the fact that there is a properly 
configured firewall at the perimetre offering half-decent 
protection?

Mark.


signature.asc
Description: This is a digitally signed message part.

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Mark Andrews]

In message <20140323051037.94159.qm...@joyce.lan>, "John Levine" writes:
> >> It will be a long time
> >> before the price of v4 rises high enough to make it
> >> worth the risk of going v6 only.
> >
> >New ISP's are born everyday.
> >
> >Some of them will be able to have a "Buy an ISP that has 
> >IPv4" or "Buy IPv4 space from known brokers" line item in 
> >their budget as part of their launch plans.
> >
> >Most won't.
> 
> In Africa, I suppose, but here in North America, the few remaining
> ISPs that aren't part of giant cable or phone companies are hanging on
> by their teeth.
> 
> Also, although it is fashionable to say how awful CGN is, the users
> don't seem to mind it at all.

Basically because none of them have ever been on the Internet proper
where they can connect to their home machines from wherever they
are in the world directly.  If you don't know what it should be
like you don't complain when you are not getting it.

ISP's have done a good job of brain washing their customers into
thinking that they shouldn't be able to run services from home.
That all their machines shouldn't have a globally unique address
that is theoritically reachable from everywhere.  That NAT is normal
and desiriable.

I was at work last week and because I have IPv6 at both ends I could
just log into the machines at home as easily as if I was there.
When I'm stuck using a IPv4 only service on the road I have to jump
through lots of hoops to reach the internal machines.

Mark

> R's,
> John
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Tore Anderson]

* John Levine

> Also, although it is fashionable to say how awful CGN is, the users
> don't seem to mind it at all.

You might just be looking in the wrong places.

Try searching for "playstation nat type 3" or "xbox strict nat".

Tore

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Mark Tinka]

On Sunday, March 23, 2014 07:10:37 AM John Levine wrote:

> In Africa, I suppose, but here in North America, the few
> remaining ISPs that aren't part of giant cable or phone
> companies are hanging on by their teeth.

Incidentally, this doesn't apply to Africa today, because 
AFRINIC still have lots of IPv4 space to feed any new 
entrant to their heart's content.

I have mates in Asia-Pac, North America and Europe that will 
be the ones sweating if they are a new start-up.

A friend recently started a mobile operation in Malaysia two 
years ago. You can imagine the problem they are having 
rolling out and scaling their 3G/3G data service.

And if AFRINIC do run out of their IPv4 space, I can almost 
guarantee you that any new start-ups in Africa will NOT be 
able to have "IPv4 acquisition" line items in their budget.

> Also, although it is fashionable to say how awful CGN is,
> the users don't seem to mind it at all.

Users won't complain until the CGN starts to do bad things 
to their traffic, like run out of Layer 4 ports per IP 
address due to increasing connectedness of applications, add 
delay to applications getting network, CGN failure, traffic 
tromboning e.t.c.

Operators of CGN's will cry at some point. It's different 
for different operators, as some are happy throwing millions 
of CGN $$ at the problem.

Mark.


signature.asc
Description: This is a digitally signed message part.

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[John Levine]

>> It will be a long time
>> before the price of v4 rises high enough to make it
>> worth the risk of going v6 only.
>
>New ISP's are born everyday.
>
>Some of them will be able to have a "Buy an ISP that has 
>IPv4" or "Buy IPv4 space from known brokers" line item in 
>their budget as part of their launch plans.
>
>Most won't.

In Africa, I suppose, but here in North America, the few remaining
ISPs that aren't part of giant cable or phone companies are hanging on
by their teeth.

Also, although it is fashionable to say how awful CGN is, the users
don't seem to mind it at all.

R's,
John

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Mark Tinka]

On Saturday, March 22, 2014 09:57:04 PM John Levine wrote:
 
> We've just barely started to move from the era of free
> IPv4 to the one where you have to buy it, and from
> everyhing I see, there is vast amounts of space that
> will be available once people realize they can get real
> money for it.  The prices cited a couple of messages
> back seem to be in the ballpark.  It will be a long time
> before the price of v4 rises high enough to make it
> worth the risk of going v6 only.

New ISP's are born everyday.

Some of them will be able to have a "Buy an ISP that has 
IPv4" or "Buy IPv4 space from known brokers" line item in 
their budget as part of their launch plans.

Most won't.

Mark.


signature.asc
Description: This is a digitally signed message part.

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Justin M. Streiner]

On Sat, 22 Mar 2014, William Herrin wrote:


That's what I hear. Interesting thing though: it hasn't happened yet.
IANA ran out of /8's and it didn't happen. The RIRs dropped to
high-conservation mode on their final allocations and it didn't
happen. How could that be?


I never said that things would get bad the instant that IANA ran out of 
space or your friendly neighborhood RIR reached the trigger point for 
their IPv4 exhaustion plans.  Different RIRs have different consumption 
rates.


There are also different pain points for different networks.  A large .edu 
that has a big enough chunk of legacy IPv4 space to meet their needs 
for the next several years is in a different place than a large eyeball 
network that is deploying LSN/CGN to stretch what they have left because 
they can't go back to the well to get more.  A large content/hosting 
provider who has customers that have different Internet reachability 
requirements where LSN/CGN doesn't help much has yet another different set 
of business drivers and pain points.



In completely unrelated news, placard-bearing lunatics on the streets
of New York City report that The End Is Nigh... for most of the last
century.


I put my sandwich board away a long time ago.  I'm too busy working on 
deploying IPv6 ;)


jms

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[John Levine]

>In such a case, where you are still pushing the case for 
>IPv4, how do you envisage things will look on your side when 
>everybody else you want to talk to is either on IPv6, or 
>frantically getting it turned up? Do you reckon anyone will 
>have time to help you troubleshoot patchy (for example) IPv4 
>connectivity when all the focus is on IPv6?

I've put that concern on my calendar for sometime around 2025.

People have been saying switch to IPv6 now Now NOW for about a decade,
and you can only cry wolf so many times.  My servers do IPv6 through a
tunnel from HE (thanks!) where the performance is only somewhat worse
than the native v4, and my home cable has v6 that mostly works, but
the key term there is mostly.  (The ISP had a fairly bad internal
routing bug which apparently nobody noticed until I tracked down why
my v6 connectivity was flaky, and I happened to know some senior
people at the ISP who could understand what I was telling them about
their internal routers.)

We've just barely started to move from the era of free IPv4 to the one
where you have to buy it, and from everyhing I see, there is vast
amounts of space that will be available once people realize they can
get real money for it.  The prices cited a couple of messages back
seem to be in the ballpark.  It will be a long time before the price
of v4 rises high enough to make it worth the risk of going v6 only.

R's,
John

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[William Herrin]

On Sat, Mar 22, 2014 at 11:54 AM, Justin M. Streiner
 wrote:
> On Sat, 22 Mar 2014, William Herrin wrote:
>> On Sat, Mar 22, 2014 at 10:33 AM, Justin M. Streiner
>>  wrote:
>>>
>>> All of these 'Hail Mary' options for 'saving' IPv4 really are pointless.
>>
>>
>> IPv4 is like the U.S. Penny. It'll be useless long before it goes
>> away. And right now it's far from useless.
>
> Interesting analogy, but it misses the larger point.  The larger point is
> that the ongoing effort to squeeze more mileage out of IPv4 will soon [1]
> outweigh the mileage we (collectively) get out of it.

Hi Justin,

That's what I hear. Interesting thing though: it hasn't happened yet.
IANA ran out of /8's and it didn't happen. The RIRs dropped to
high-conservation mode on their final allocations and it didn't
happen. How could that be?

In completely unrelated news, placard-bearing lunatics on the streets
of New York City report that The End Is Nigh... for most of the last
century.

Regards,
Bill Herrin



-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: 
Falls Church, VA 22042-3004

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Mark Tinka]

On Saturday, March 22, 2014 05:54:06 PM Justin M. Streiner 
wrote:

> Interesting analogy, but it misses the larger point.  The
> larger point is that the ongoing effort to squeeze more
> mileage out of IPv4 will soon [1] outweigh the mileage
> we (collectively) get out of it.  IMHO, that effort is
> better invested in preparing for and deplying IPv6. 
> Things like LSN/CGN are stop-gaps that result in
> performance problems for people behind them, and aren't
> terribly useful for people who need to run inbound
> services.  Shaking down entities (to the extent that
> they can be shaken down) that have chunks of IPv4
> they're not currently using doesn't change the end-game
> for IPv4.

And to keep into perspective, the fact that a good portion 
of the registry community have run out of IPv4 space to 
allocate.

A number of existing and new ISP's are going to find that 
getting IPv6 going is probably a better solution than 
keeping IPv4 alive (many will learn this the hard way). 
Heck, it won't surprise me if some popular OTT and social 
networking providers "force" the IPv6 issue since democracy 
isn't often the best way to get something like this done.

In such a case, where you are still pushing the case for 
IPv4, how do you envisage things will look on your side when 
everybody else you want to talk to is either on IPv6, or 
frantically getting it turned up? Do you reckon anyone will 
have time to help you troubleshoot patchy (for example) IPv4 
connectivity when all the focus is on IPv6?

AFRINIC still have lots of IPv4 space. I'm not sure that 
gives operators in that region any advantage over anyone 
else, if the rest of the world is active on IPv6, i.e., 
while it may be easier to justify a /8 of IPv4 and get it 
from a registry that still has space, you're likely doing 
yourself a disservice in taking this route (and spending all 
the time and energy numbering out of that /8), because that 
/8 won't be very helpful if the most of the rest of the 
Internet is letting IPv4 go.

Mark.


signature.asc
Description: This is a digitally signed message part.

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Justin M. Streiner]

On Sat, 22 Mar 2014, William Herrin wrote:


On Sat, Mar 22, 2014 at 10:33 AM, Justin M. Streiner
 wrote:

All of these 'Hail Mary' options for 'saving' IPv4 really are pointless.


IPv4 is like the U.S. Penny. It'll be useless long before it goes
away. And right now it's far from useless.


Bill:

Interesting analogy, but it misses the larger point.  The larger point is 
that the ongoing effort to squeeze more mileage out of IPv4 will soon [1] 
outweigh the mileage we (collectively) get out of it.  IMHO, that effort 
is better invested in preparing for and deplying IPv6.  Things like 
LSN/CGN are stop-gaps that result in performance problems for people 
behind them, and aren't terribly useful for people who need to run inbound 
services.  Shaking down entities (to the extent that they can be shaken 
down) that have chunks of IPv4 they're not currently using doesn't change 
the end-game for IPv4.


I'm not saying that there aren't challenges to deploying IPv6.  There are. 
Like many of the people on this list, I run a network, and I'm familiar 
with many of those challenges.  If a network makes a conscious decision 
*not* to deploy IPv6, that is certainly their choice, and they will have 
to live with the consequences and will have to justify that decision to 
their customers.


[1] - For varying values of "soon".

jms

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[William Herrin]

On Sat, Mar 22, 2014 at 10:33 AM, Justin M. Streiner
 wrote:
> All of these 'Hail Mary' options for 'saving' IPv4 really are pointless.

Hi Justin,

IPv4 is like the U.S. Penny. It'll be useless long before it goes
away. And right now it's far from useless.

Regards,
Bill Herrin



-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: 
Falls Church, VA 22042-3004

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Justin M. Streiner]

On Sat, 22 Mar 2014, Bryan Socha wrote:


Oh btw, how many ipv4s are you hording with zero justification to keep
them?   I was unpopular during apricot for not liking the idea of no
liability leasing of v4. I don't like this artificial v4 situation
every eyeball network created.Why is v4 a commodity and asset?   Where
is the audits.I can justify my 6 /14s, can you still?


That ship sailed a long time time ago.  Can some IPv4 space be recovered 
by 'auditing' consumers of IPv4?  Possibly.  Does the amount of space that 
would be recovered justify the effort (economic, administrative, legal, 
technical)?  No.  IPv6 is the way to go.


All of these 'Hail Mary' options for 'saving' IPv4 really are pointless.

Don't forget that IPv4, in the form we know it, was never intended to go 
into production.  It's a lab experiment that grew legs and got out of its 
cage.


jms


On Mar 22, 2014 4:36 AM, "TJ"  wrote:


Millions of IPs don't matter in the face of X billions of people, and
XX-XXX billions of devices - and this is just the near term estimate.
(And don't forget utilization efficiency  - Millions of IPs is not
millions of customers served.)

Do IPv6.
/TJ

On Mar 22, 2014 3:09 AM, "Bryan Socha"  wrote:


As someone growing in the end of ipv4, its all fake.Sure, the rirs

will

run out, but that's boring.Don't believe the fake auction sites.
Fair price of IP at the end is $1 for bad Rep $2 for barely used, $3 for

no

spam and $4 for legacy.Stop the inflation. Millions of IPS exist,
there is no shortage and don't lie for rirs with IPS left.

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Chris Knipe]

On Sat, Mar 22, 2014 at 11:30 AM, Bryan Socha  wrote:
> Oh btw, how many ipv4s are you hording with zero justification to keep
> them?   I was unpopular during apricot for not liking the idea of no
> liability leasing of v4. I don't like this artificial v4 situation
> every eyeball network created.Why is v4 a commodity and asset?   Where
> is the audits.I can justify my 6 /14s, can you still?

Oh I so agree with this one.  But alas yes, IPv4's days are counted
and I doubt there's any turning back.

As a NA myself, I see day on day where smaller ISPs are forced to dish
out large network blocks (/16s) to be able to have access to large
unefficiently planned broadband networks in order to service PPPoE
terminations (at least, here in ZA).  These ISPs are forced to 'hand
out' /16 networks for the large telco's to distribute to their
respective BRAS devices Meanwhile, the ISP does not even have 20K
customers - nevermind the fact that more than likely 50% of that
customer base is not even 'always' connected...

It's due to waisting like this, that the shortage is there and that
other players with legitimate requirements (such as going provider
independant) cannot obtain address space.  And it is continueing to
this very day.  I'm definately all for proper audits, stricter audits,
and more importantly the releasing of unused address space back to the
respective registries.

-- 

Regards,
Chris Knipe

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Cb B]

On Mar 22, 2014 2:32 AM, "Bryan Socha"  wrote:
>
> Oh btw, how many ipv4s are you hording with zero justification to keep
> them?   I was unpopular during apricot for not liking the idea of no
> liability leasing of v4. I don't like this artificial v4 situation
> every eyeball network created.Why is v4 a commodity and asset?   Where
> is the audits.I can justify my 6 /14s, can you still?

You seem to be missing something, it is called Metcalfe's Law, google it.

There is no long-term solution for you using ipv4 and me using ipv6. To
derive value from the internet, we all need to be on one technology that
supports end to end communication for us all.

CB

> On Mar 22, 2014 4:36 AM, "TJ"  wrote:
>
> > Millions of IPs don't matter in the face of X billions of people, and
> > XX-XXX billions of devices - and this is just the near term estimate.
> > (And don't forget utilization efficiency  - Millions of IPs is not
> > millions of customers served.)
> >
> > Do IPv6.
> > /TJ
> >
> > On Mar 22, 2014 3:09 AM, "Bryan Socha"  wrote:
> > >
> > > As someone growing in the end of ipv4, its all fake.Sure, the rirs
> > will
> > > run out, but that's boring.Don't believe the fake auction sites.
> > > Fair price of IP at the end is $1 for bad Rep $2 for barely used, $3
for
> > no
> > > spam and $4 for legacy.Stop the inflation. Millions of IPS
exist,
> > > there is no shortage and don't lie for rirs with IPS left.
> >

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Bryan Socha]

Oh btw, how many ipv4s are you hording with zero justification to keep
them?   I was unpopular during apricot for not liking the idea of no
liability leasing of v4. I don't like this artificial v4 situation
every eyeball network created.Why is v4 a commodity and asset?   Where
is the audits.I can justify my 6 /14s, can you still?
On Mar 22, 2014 4:36 AM, "TJ"  wrote:

> Millions of IPs don't matter in the face of X billions of people, and
> XX-XXX billions of devices - and this is just the near term estimate.
> (And don't forget utilization efficiency  - Millions of IPs is not
> millions of customers served.)
>
> Do IPv6.
> /TJ
>
> On Mar 22, 2014 3:09 AM, "Bryan Socha"  wrote:
> >
> > As someone growing in the end of ipv4, its all fake.Sure, the rirs
> will
> > run out, but that's boring.Don't believe the fake auction sites.
> > Fair price of IP at the end is $1 for bad Rep $2 for barely used, $3 for
> no
> > spam and $4 for legacy.Stop the inflation. Millions of IPS exist,
> > there is no shortage and don't lie for rirs with IPS left.
>

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[Bryan Socha]

Fair point.   There are some situations that do need more than most, but
aren't they the ones that should be on ipv6 already???

I know a few are shouldn't I be on ipv6 and that's fair too.   I'm
plqnnning some speaking engagements to cover that.  Its not blind and
ignoring.
 On Mar 22, 2014 4:36 AM, "TJ"  wrote:

> Millions of IPs don't matter in the face of X billions of people, and
> XX-XXX billions of devices - and this is just the near term estimate.
> (And don't forget utilization efficiency  - Millions of IPs is not
> millions of customers served.)
>
> Do IPv6.
> /TJ
>
> On Mar 22, 2014 3:09 AM, "Bryan Socha"  wrote:
> >
> > As someone growing in the end of ipv4, its all fake.Sure, the rirs
> will
> > run out, but that's boring.Don't believe the fake auction sites.
> > Fair price of IP at the end is $1 for bad Rep $2 for barely used, $3 for
> no
> > spam and $4 for legacy.Stop the inflation. Millions of IPS exist,
> > there is no shortage and don't lie for rirs with IPS left.
>

misunderstanding scale (was: Ipv4 end, its fake.)

[TJ]

Millions of IPs don't matter in the face of X billions of people, and
XX-XXX billions of devices - and this is just the near term estimate.
(And don't forget utilization efficiency  - Millions of IPs is not millions
of customers served.)

Do IPv6.
/TJ

On Mar 22, 2014 3:09 AM, "Bryan Socha"  wrote:
>
> As someone growing in the end of ipv4, its all fake.Sure, the rirs
will
> run out, but that's boring.Don't believe the fake auction sites.
> Fair price of IP at the end is $1 for bad Rep $2 for barely used, $3 for
no
> spam and $4 for legacy.Stop the inflation. Millions of IPS exist,
> there is no shortage and don't lie for rirs with IPS left.