V6 still not supported (was Re: CC: s to Non List Members (was Re: 202203080924.AYC Re: 202203071610.AYC Re: Making Use of 240/4 NetBlock))

Joe Greco jgreco at ns.sol.net
Wed Mar 9 20:15:21 UTC 2022


On Wed, Mar 09, 2022 at 09:46:41AM -0800, David Conrad wrote:
> Tim,
> 
> On Mar 9, 2022, at 9:09 AM, Tim Howe <tim.h at bendtel.com> wrote:
> > Some of our biggest vendors who have supposedly supported
> > v6 for over a decade have rudimentary, show-stopping bugs.
> 
> Not disagreeing (and not picking on you), but despite hearing 
> this with some frequency, I haven???t seen much data to corroborate 
> these sorts of statements.

Fine.  We could start at the top, with protocols that are defective
by design, such as OSPFv3, which lack built-in authentication and 
rely on IPsec.  That's great if you have a system where this is all
tightly and neatly integrated, but smaller scale networks may be
built on Linux or BSD platforms, and this can quickly turn into a
trainwreck of loosely cooperating but separate subsystems, maintaining
IPsec with one set of tools and the routing with another.

Or ... FreeBSD's firewall has a DEFAULT_TO_DENY option for IPv4 but
not for IPv6.  Perhaps not a show-stopping bug, granted.  But, wait,
if you really want end-to-end IPv6 (without something like NAT in
between doing its "faux-firewalling") endpoints, wouldn't you really
want a firewall that defaults to deny, just in case something went
awry?  If I've got a gateway host that normally does stateful
firewalling but it fails to load due to a typo, I'd really like
it to die horribly not packet forwarding anything, because someone
will then notice that.  But if it fails open, that's pretty awful
because it may not be noticed for months or years.  So that's a
show-stopper.

As exciting as it would be to go all-in on v6, it's already quite a
bit of a challenge to build everything dual-stack and get to feature
parity.  The gratuitous differences feel like arrogant protocol
developers who know what's best for you and are going to make you 
comply with their idea of how the world should work, complexity be
damned.

I really never thought it'd be 2022 and my networks would be still
heavily v4.  Mind boggling.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"The strain of anti-intellectualism has been a constant thread winding its way
through our political and cultural life, nurtured by the false notion that
democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov


More information about the NANOG mailing list