[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: unmanaged scope comments (fwd)

To: Pekka Savola <pekkas@netcore.fi>
Subject: Re: unmanaged scope comments (fwd)
From: Ronald van der Pol <Ronald.vanderPol@rvdp.org>
Date: Wed, 20 Nov 2002 03:22:43 +0100
Cc: v6ops@ops.ietf.org
Delivery-date: Tue, 19 Nov 2002 18:25:03 -0800
Envelope-to: v6ops-data@psg.com
In-reply-to: <Pine.LNX.4.44.0211180000530.11375-100000@netcore.fi>
References: <Pine.LNX.4.44.0211180000530.11375-100000@netcore.fi>
Sender: owner-v6ops@ops.ietf.org
User-agent: Mutt/1.4i

On Mon, Nov 18, 2002 at 00:07:06 +0200, Pekka Savola wrote:

> I was a bit frustrated to note that my earlier comments on unmaneval-00 
> weren't replied to, or taken into account in -01.

Sorry about that. Your email is in my inbox, and parts were discussed
within the design team. But we should have sent a reply.

> One of the biggest issues is that there seems to an assumption that
> unmanaged networks always employ (from ISP and/or internally) NAT.  That
> restricts the applicability unnecessarily.

You told me about bridged dsl in Finland which offers several global
v4 addresses. I think the specific v4 situation does not matter that
much. The main requirement is that v4 connectivity should not worsen
when you transition to v6.

> 1) Especially for case A and C.  I think there needs to be a clearer
> characterization of (IPv4) connectivity and addresses, like (this has all
> cases I think -- it could be simplified):
>
>  1. global addresses
>   a) dynamic
>       - enough addresses for every node
>       - only one

Yes, we realized we do not discuss dynamic v4 addresses. We probably
should.

> 2)
>
> 4     Application requirements of an IPv6 unmanaged network
>
> The application requirements are expressed in mostly three
> dimensions: connectivity, naming, and security. Connectivity issues
> include the provision of IPv6 addresses and their quality: do host
> need a global scope address, should this address be stable, or more
> precisely what should be the expected lifetime of the address.
>
> ==> connectivity includes one very important component IMO: the quality of
> network connections.  This is often ignored.  It's a high risk for a vendor
> to enable IPv6 by default, for example, if that'd result in lower quality
> connections to e.g. dual-stack web servers (a very real fact in 6bone), this
> should be taken into consideration at least in the short term.

I think this is YACEP (Yet Another Chicken and Egg Problem). Routing is
bad because people don't use v6 on a daily basis. And people don't use
v6 (upgrade services to dual stack) because routing is bad. But this is
not specific to unmanaged networks. It could go in a general BCP.

> 5.1	Case A, host deployment of IPv6 applications
> 
> In this case the gateway doesn't provide IPv6; the ISP may or may
> not provide IPv6, but this is not relevant, since the non-upgraded
> gateway would prevent the hosts from using the ISP service. Some
> hosts will try to get IPv6 connectivity, in order to run
> applications that require IPv6, or work better with IPv6.
> 
> ==> This is not true I think: for example, even if gateway runs v4 private
> addresses, ISP could provide e.g. internal tunnel service or something like
> ISATAP to their v6-enabled network.

I think this is meant:
"the ISP may or may not provide *native* IPv6"

> ==> Do you refer to *layer 3* gateway?  (Otherwise, this gets simpler with
> e.g. bridged ATM encapsulation in xDSL).

Yes, should we discuss bridged networks? Are they widely deployed or are
they corner cases?

> 6)
> 
> 5.1.1	Application support in Case A
> Server applications are also not a primary focus of Case A. Server
> applications require DNS support, which is difficult to engineer for
> clients located behind a NAT. Besides, server applications, at this
> stage, cater mostly to IPv4 clients; putting up an IPv6 only server
> is not very attractive.
> 
> ==> I'm not quite sure how DNS support is difficult to engineer; this
> probably has an unstated assumption that the address behind NAT would change
> too often to be really updateable or writable in DNS.  This does not need to
> be the case.

Maybe its not so much DNS which is the problem, but the server port mapping.
How would you do this unmanaged?

> ==> In case A, clients don't necessarily need to be behind a NAT.

The question is what percentage of SOHOs use NAT. If it is the vast
majority, I don't think we should complicate the draft even further.

> The security of server applications depends mostly on the
> correctness of the server, and also on the absence of collateral
> effects: many incidents occur when the opening of a server on the
> Internet inadvertently enables remote access to some other services
> on the same host.
> 
> ==> s/host/node/
> ==> not necessarily only the same node, even on the same local network
> ==> does 'correctness of the server' refer to the server application?

I think it means how vulnerable the server OS is.

> 5.1.3	Naming services in Case A
> 
> At this phase of IPv6 deployment, hosts in the unmanaged domain have
> access to DNS services over IPv4, through the existing gateway. DNS
> resolvers are supposed to serve AAAA records, even if they only
> implement IPv4; the local hosts should thus be able to obtain the
> IPv6 addresses of IPv6 only servers.
> 
> ==> s/are supposed to//
> ==> s/should thus be/are/ (are these really worth the conditionals..)

Very old resolvers don't support AAAA.

> 5.4	Case D, ISP stops providing native IPv4 connectivity
> 
> In this case the ISP is IPv6-only, so the gateway looses IPv4
> connectivity, and is faced with an IPv6-only service provider. The
> gateway itself is dual stack, and the unmanaged network includes
> IPv4 only, IPv6 only and dual stack hosts.
> 
> ==> no IPv4 connectivity to the customer, or no v4 at all (e.g. no
> possibility for ALG's, web caches, DNS / SMTP servers etc.).  Probably the
> former.

I think so.

> 3.2	Client applications
> 
> network and a server at a remote location. A typical example is
> accessing a web server from a client inside the managed network, or
> reading and sending e-mail with the help of a server outside the
> managed network.
> 
> ==> s/managed/unmanaged/g (whoops.. :-)

Fixed in -02.

> applications are often facilitated by a server outside the managed
> networks. Examples of a peer-to-peer application would be a video-
> 
> ==> s/managed/unmanaged/ (whoops :-)

Fixed in -02.

> representation of the IPv4 address of the server, either by sing a
> 
> ==> s/sing/using/

Fixed in -02.

We will fix the others in -03.

Thanks for reading the draft and commenting on it.

	rvdp

Follow-Ups:
- Re: unmanaged scope comments (fwd)
  - From: Pekka Savola <pekkas@netcore.fi>

References:
- unmanaged scope comments (fwd)
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: RE: On NGTRANS, transition mechanisms and consortia
Next by Date: Re: On NGTRANS, transition mechanisms and consortia
Previous by thread: unmanaged scope comments (fwd)
Next by thread: Re: unmanaged scope comments (fwd)
Index(es):
- Date
- Thread