[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: transition architecture discussion

To: Ronald van der Pol <Ronald.vanderPol@rvdp.org>
Subject: Re: transition architecture discussion
From: Pekka Savola <pekkas@netcore.fi>
Date: Fri, 21 Feb 2003 09:35:24 +0200 (EET)
Cc: v6ops@ops.ietf.org
In-reply-to: <20030211140206.GC692@rvdp.org>

Sorry for the delay, vacation..

On Tue, 11 Feb 2003, Ronald van der Pol wrote:
[...]
> It would also be useful to find out why people are not deploying/
> using/requesting IPv6.

Indeed.  I think that for the most, it provides no added value, only
complexity and a degradation of their existing usage practises (consider 
worse IPv6 used instead of better IPv4).

I certainly use it nevertheless myself, and advocate it for 
testing/getting-used-to/pilot-deployments, but "real" uses have to wait 
for a bit, yet.

> You restrict the architecture discussion to the "process of enabling
> the use of IPv6". I don't think that's enough. I think it should
> include at least the phase of a predominantly IPv6 internet. 

I agree: this should be mentioned.  I just think that the "first phase", 
gaining enough momentum without hindering current IPv4 use _at all_, is 
the most important.  

There are some very usable strategies to go beyond that, but my belief is
that "we shouldn't try to run before we can walk", so to speak.

> Running
> dual stack is not without any costs. It is easier and cheaper to run
> either v4-only or v6-only. 

Yes, there are costs -- but they aren't as significant as some others,
IMO.

> If we don't _plan_ for a situation where
> almost all traffic is v6 it won't happen.

Well, I'm not so sure of that myself.  Something will happen when we have
enough momentum; when that happens, we have a possibility to affect how
the long-term planning will go.

> You mention the problems of enabling IPv6 for services and bad IPv6
> connectivity. That's true. I fully agree. But on the other hand
> routing approved a lot when people started to use IPv6 on a daily
> basis. This is just an operational issue. IPv4 networks can be
> operated badly too.

Yes -- it has gotten better, but nowhere near the levels I think I'd be 
confortable pushing IPv6 by-default to your avarage home users, for 
example.

IPv6 connectivity doesn't need to perfect (IPv4 surely isn't), but there
must not be a really significant difference, to most destinations anyway.

> Therefore, I think we should not use separate domain names (like
> ipv6.example.com) or prefer A over AAAA. 

This depends a lot on the transition "schedule".  If you want to do things
_now_, I would not advocate putting them to the same domain.  If you can
wait for 1-2 years and hope the connectivity is better (and after that,
notice that it actually is good enough), then you can put them in the same
names -- in 1-2 years.

Preferring A over AAAA and solutions like these provide an entirely
different deployment strategy: I'm not sure if it's a good one myself,
either -- but if we fear the stable deployment would take a long time, it
seems the only way to make (almost) everyone be safe enough to enable IPv6
out of the box.

> We (operators, not the
> IETF) should put effort in v6 connectivity with the same quality
> as v4.

Totally agree here, but I'm having hard time seeing that happening .. it's 
getting better, though.

> With respect to tunneling, I think there are a couple of questions:
> - Should we work on v6-in-v4 tunneling through v4 NATs (e.g. teredo)?
> 	I can see its use in 3GPP, where the end user does not
> 	have influence on the GGSN. I am not sure about home routers.
> 	End users have the choice to buy an IPv6 enabled home router.

As stated previously, I fear Teredo has become a hopeless effort :-(.  
However, it seems likely that NAT will remain for some time yet, so I'd
personally pursue an approach to enable bi-directional tunneling through
NAT, including heartbeating and other required features, but *no* bells
and whistles.  If the spec for this is over 10-15 pages, it's too long.

> - Do we have a clear tunnel architecture?
> 	I don't think so. We have 6to4 and configured tunnels. Is
> 	6to4 also for single end user systems? Do we agree on the
> 	security issues of 6to4? Are tunnel brokers enough? Do we
> 	need tsp?

I agree the picture is not clear.  There is some resistance to the tunnel 
broker model (as well as 6to4 model, of course).  6to4 is usable for 
single end user systems, certainly.  

> Do we need to work on translation (NAT-PT, SIIT, etc)? I am not sure.
> At least we should discourage it because in many cases there are
> better alternatives.

I don't think such translation is useful in the generic case.  In some
specific cases, especially in ALG's or similar, it may be useful but
that's usually really just "data payload relaying", nothing more.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Re: transition architecture discussion
  - From: Ronald van der Pol <Ronald.vanderPol@rvdp.org>

Prev by Date: Re: Oops! Accepting Enterprise Scenarios as WG Item
Next by Date: Re: IPv6 Home Use to stimulate deployment over IPv4-NAT
Previous by thread: Re: transition architecture discussion
Next by thread: RE: transition architecture discussion
Index(es):
- Date
- Thread