IPv6 day and tunnels

Jeroen Massar jeroen at unfix.org
Mon Jun 4 21:47:00 UTC 2012


On 2012-06-04 14:26, Joe Maimon wrote:
> 
> 
> Jeroen Massar wrote:
> 
>>
>> Tunnels therefor only should exist at the edge where native IPv6 cannot
>> be made possible without significant investments in hardware and or
>> other resources. Of course every tunnel should at one point in time be
>> replaced by native where possible, thus hopefully the folks planning
>> expenses and hardware upgrades have finally realized that they cannot
>> get around it any more and have put this "ipv6" feature on the list for
>> the next round of upgrades.
> 
> 
> IPv4 is pretty mature. Are there more or less tunnels on it?

I would hazard to state that there are more IPv4 tunnels than IPv6
tunnels. This as "tunneling" is what most people simply call VPN and
there are large swaths of those.

> Why do you think a maturing IPv6 means less tunnels as opposed to more?

More native instead of tunneling IPv6 over IPv6. Note that tunneling in
this context is used for connecting locations that do not have IPv6 but
have IPv4, not for connecting ala VPN networks where you need to gain
access to a secured/secluded network.

If people want to use a tunnel for the purpose of a VPN, then they will,
be that IPv4 or IPv6 or both inside that tunnel.

> Does IPv6 contain elegant solutions to all the issues one would resort
> to tunnels with IPv4?

Instead of having a custom VPN protocol one can do IPSEC properly now as
there is no NAT that one has to get around. Microsoft's Direct Access
does this btw and is an excellent example of doing it correctly.

> Does successful IPv6 deployment require obsoleting tunneling?

No why should it? But note that "IPv6 tunnels" (not VPNs) are a
transition technique from IPv4 to IPv6 and thus should not remain around
forever, the transition will end somewhere, sometime, likely far away in
the future with the speed that IPv6 is being deployed ;)

> Fail.
> 
> Today, most people cant even get IPv6 without tunnels.

In time that will change, that is simply transitional.

> And tunnels are far from the only cause of MTU lower than what has
> become the only valid MTU of 1500, thanks in no small part to people who
> refuse to acknowledge operational reality and are quite satisfied with
> the state of things once they find a "them" to blame it on.
> 
> I just want to know if we can expect IPv6 to devolve into 1280 standard
> mtu and at what gigabit rates.

1280 is the minimum IPv6 MTU. If people allow pMTU to work, aka accept
and process ICMPv6 Packet-Too-Big messages everything will just work.

This whole thread is about people who cannot be bothered to know what
they are filtering and that they might just randomly block PtB as they
are doing with IPv4 today. Yes, in that case their network breaks if the
packets are suddenly larger than a link somewhere else, that is the same
as in IPv4 ;)

Greets,
 Jeroen




More information about the NANOG mailing list