drc at virtualized.org
Tue Feb 17 21:47:34 CST 2009
On Feb 17, 2009, at 12:17 PM, Tony Hain wrote:
> This being a list of network engineers, there is a strong bias
> toward tools
> that allow explicit management of the network. This is a fine
> position, and
> those tools need to exist. There are others that don't want, or need
> to know
> about every bit on the wire, where 'as much automation as possible'
> is the
> right set of tools.
No question. However, as this is a list of network engineers who are
the folks who need to deploy IPv6 in order for others who may not care
about every bit on the wire to make (non-internal) use of it, I'd
think the bias displayed here something that might carry some weight.
> Infighting at the IETF kept the RA from informing the
> end systems about DNS, and kept DHCPv6 from informing them about their
> router. The result is that you have to do both DHCP & RA, when each
> be capable of working without the other.
Yeah. Rants about the IETF should probably be directed elsewhere.
> As far as dnssec, while the question is valid, blaming the IPv6
> design for
> not considering something that 10+ years later is still not
> deployed/deployable, is a bit of a stretch.
Uh, no. That's not what I was saying. I was saying that stateless
auto-configuration made certain assumptions about how naming and
addressing worked that weren't necessarily well thought out (clients
updating the reverse directly in a DNSSEC-signed environment was just
an example). Perhaps it's just me, but it feels like there was a
massive case of NIH syndrome in the IPv6 working groups that network
operators are now paying the price for. However, as I said, rants
about the IETF should probably be directed elsewhere.
>> Or, we simply continue down the path of more NATv4.
> While this is the popular position, those that have thought about it
> that what works for natv4 at the edge, does not work when that nat
> is moved
> toward the core.
Yeah, multi-layer NAT sucks. I was amazed when I was speaking with
some African ISPs that had to go this way today because their telecoms
regulatory regime required them to obtain addresses from the national
PTT and that PTT only gave them a single address. I would argue that
if we want to avoid this outcome (and make no mistake, there are those
who like this outcome as it means end users are only content
consumers, which fits into their desired business models much more
nicely), we need to make IPv6 look more like IPv4 so that network
operators, end users, content providers, network application
developers, etc., have minimal change in what they do, how they do it,
or how they pay for it. Part of that is getting familiar tools (e.g.,
DHCP, customer provisioning, management, etc.) working the way it
works in IPv4. Taking advantage of all the neato features IPv6 might
provide can come later.
However, I have a sneaking suspicion it might already be too late...
More information about the NANOG