V6 still not supported

• Previous message (by thread): V6 still not supported
• Next message (by thread): V6 still not supported
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 17 Mar 2022 at 04:27, William Allen Simpson
<william.allen.simpson at gmail.com> wrote:

>     This is intended to replace ARP, ICMP Router Advertisement, ICMP
>     Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the [IPv6]
>     environment. There are also elements of the OSI ES-IS and IS-IS Hello.
>
> We were forward looking to deployments of thousands of systems per link, rather
> than the 30 maximum under then current ethernet standards.  We needed fewer
> announcements, less chatty traffic, and more specific traffic designation.

Please bear with me, after negativity some sobering remarks follow.

And the solution is broken, it assumes snooping packets and creating
near arbitrary amounts of multicast groups and forwarding multicast on
L2 device is cheaper than flooding. It is not, and everyone keeps MLD
off in L2 to simplify and reduce cost.
So in reality the multicast L2 resolution is not used, and useless
complexity. In addition to this problem of changing broadcast to
multicast, the ND can use GUA|LL<->GUA|LL any combination, which makes
almost every input ACL broken, because operators simply are not aware
of this. Very common problem for us is, we change vendor on our end,
and customer IPv6 breaks, customer did 0 changes, so of course they
blame us, and we have difficult task to educate them 'look this is how
ND works, your ACL is broken, because it assumes special case is
generic case, and the special case has changed' because different
vendors choose different GUA|LL <-> GUA|LL for ND, it can be wrong and
work until the far end does some change. The right solution is not to
filter by ADDR, but to filter by hop-limit, but it's too complex for
operators to understand.

/MOST/ IPv6 'improvements' are like this, they solve problems that
either didn't exist or make the existing problem worse. Like extension
headers. Like creating large on-link networks, adding a lot more
attack vectors.

Ok IPv6 is kinda shit, but it's the only thing we have and we can make
it work with some effort and some cost. And the effort and cost of
making IPv6 work is less than making IPV4+IPV6 work, and we really
really need the larger address space, it trumps all other deltas by a
wide margin. So yes I have an ugly child, but it's the only child I
have, and with my genes, a beautiful child isn't on the cards, so I'll
raise this ugly child as best I can.
I no longer care how bad IPv6 is, that's crying over spilt milk, it
doesn't matter. I care about the cost of doing both IPV4+IPV6.

-- 
  ++ytti

• Previous message (by thread): V6 still not supported
• Next message (by thread): V6 still not supported
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]