Looking for comments

William Herrin bill at herrin.us
Wed Jul 21 22:03:43 CDT 2010


On Wed, Jul 21, 2010 at 3:18 AM, Fred Baker <fred at cisco.com> wrote:
> IETF IPv6 Operations WG is looking at this draft, and we're interested
> in any comments you might have as well.
>
> http://tools.ietf.org/html/draft-arkko-ipv6-transition-guidelines
>  "Guidelines for Using IPv6 Transition Mechanisms", Jari Arkko, Fred
>  Baker, 12-Jul-10


Hi Fred,

Some feedback:

In section 4.1, you kind of gloss over the challenges with native dual
stack. You do state them, but if I didn't already know, I'd miss the
significance of what you wrote.

The significance is this:

1. The IPv6 Internet is not yet operating at the same availability
standard as the IPv4 Internet and for reasons obvious to those of us
who maintain operational systems, won't operate at the same standard
until the networking emphasis (and funding!) moves from Ipv4 to Ipv6.

2. Connections to a dual stacked IPv6 host where the IPv6 path isn't
working are much like connections to an IPv4 host with two IP
addresses where one isn't working. With the added bonus that all
assigned IPv6 addresses are tried first.


The document is a little short on mitigations. Whitelisting between
providers? Somehow in the name lookup? In what DNS software? And what
about the folks who don't resolve names locally?


There is a third major challenge to dual-stack that isn't addressed in
the document: differing network security models that must deliver the
same result for the same collection of hosts regardless of whether
Ipv4 or v6 is selected. I can throw a COTS d-link box with
address-overloaded NAT on a connection and have reasonably effective
network security and anonymity in IPv4. Achieving comparable results
in the IPv6 portion of the dual stack on each of those hosts is
complicated at best.


While interesting, 4.3 remains too deep in theory to seriously
consider it for a short-term transition strategy.


While 4.4 may be useful in the waning days of IPv4, it doesn't seem
credible in the waxing days of IPv6. I'm going to make the vast
majority of my customers pass through how many additional points of
failure? That I have to pay extra to maintain?

Regards,
Bill Herrin

-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004




More information about the NANOG mailing list