nanog mailing list archives

Re: IPv6 day and tunnels

From: Joe Maimon <jmaimon () ttec com>
Date: Mon, 04 Jun 2012 18:27:24 -0400



Jeroen Massar wrote:

If people want to use a tunnel for the purpose of a VPN, then they will,
be that IPv4 or IPv6 or both inside that tunnel.

Instead of having a custom VPN protocol one can do IPSEC properly now as
there is no NAT that one has to get around. Microsoft's Direct Access
does this btw and is an excellent example of doing it correctly.

Microsoft has had this capability since win2k. I didnt see anyenterprises use it, even those who used their globally unique and routedipv4 /16 internally. NAT was not why they did not use it.


They did not use it externally, they did not use it internally.

In fact, most of them were involved in projects to switch to NAT internally.

Enterprises also happen not to be thrilled with the absence of NAT in IPv6.

Dont expect huge uptake there.

No why should it? But note that "IPv6 tunnels" (not VPNs) are a
transition technique from IPv4 to IPv6 and thus should not remain around
forever, the transition will end somewhere, sometime, likely far away in
the future with the speed that IPv6 is being deployed ;)



So VPN is the _only_ acceptable use of sub 1500 encapsulation?

Today, most people cant even get IPv6 without tunnels.


In time that will change, that is simply transitional.

If turning it on with a tunnel breaks things, it wont make nativetransition happen sooner.


1280 is the minimum IPv6 MTU. If people allow pMTU to work, aka accept
and process ICMPv6 Packet-Too-Big messages everything will just work.

If things break with higher mtu's then 1280 but less then 1500, therereally is no reason at all not to use 1280, the efficiency difference istrivial. And on the IPv4 internet, we generally cannot control what mostof the rest of the people on it do. Looks like we are not going to bedoing any better on the IPv6 internet.


This whole thread is about people who cannot be bothered to know what
they are filtering and that they might just randomly block PtB as they
are doing with IPv4 today. Yes, in that case their network breaks if the
packets are suddenly larger than a link somewhere else, that is the same
as in IPv4 ;)

Greets,
  Jeroen

This whole thread is all about how IPv6 has not improved any of theissues that are well known with IPv4 and in many cases makes them worse.

This whole thread is all about showcasing how IPv6 makes them worse,simply because it is designed with "this time they will do what we want"mentality.

Joe

Current thread:

Re: IPv6 day and tunnels, (continued)
- - Re: IPv6 day and tunnels Jeroen Massar (Jun 03)
    - Re: IPv6 day and tunnels Masataka Ohta (Jun 04)
    - Re: IPv6 day and tunnels Jeroen Massar (Jun 04)
    - Re: IPv6 day and tunnels Jared Mauch (Jun 04)
    - Re: IPv6 day and tunnels Jeroen Massar (Jun 04)
    - Re: IPv6 day and tunnels Joe Maimon (Jun 04)
    - RE: IPv6 day and tunnels Templin, Fred L (Jun 04)
    - Re: IPv6 day and tunnels Jeroen Massar (Jun 04)
    - RE: IPv6 day and tunnels Templin, Fred L (Jun 04)
    - Re: IPv6 day and tunnels Jeroen Massar (Jun 04)
    - Re: IPv6 day and tunnels Joe Maimon (Jun 04)
    - Re: IPv6 day and tunnels Jeroen Massar (Jun 04)
    - Re: IPv6 day and tunnels Mark Andrews (Jun 04)
    - Re: IPv6 day and tunnels Owen DeLong (Jun 04)
    - Re: IPv6 day and tunnels Joe Maimon (Jun 04)
    - Re: IPv6 day and tunnels Masataka Ohta (Jun 04)
    - Re: IPv6 day and tunnels Owen DeLong (Jun 04)
    - Re: IPv6 day and tunnels Jeroen Massar (Jun 04)
    - Re: IPv6 day and tunnels Owen DeLong (Jun 04)
    - New routing systems (Was: IPv6 day and tunnels) Jeroen Massar (Jun 05)
    - Re: New routing systems (Was: IPv6 day and tunnels) Owen DeLong (Jun 05)

(Thread continues...)