Re: IPv6 Confusion

[David Conrad <drc () virtualized org>]

Tony,

On Feb 17, 2009, at 12:17 PM, Tony Hain wrote:
> This being a list of network engineers, there is a strong bias  
> toward tools
> that allow explicit management of the network. This is a fine  
> position, and
> those tools need to exist. There are others that don't want, or need  
> to know
> about every bit on the wire, where 'as much automation as possible'  
> is the
> right set of tools.

No question.  However, as this is a list of network engineers who are  
the folks who need to deploy IPv6 in order for others who may not care  
about every bit on the wire to make (non-internal) use of it, I'd  
think the bias displayed here something that might carry some weight.

> Infighting at the IETF kept the RA from informing the
> end systems about DNS, and kept DHCPv6 from informing them about their
> router. The result is that you have to do both DHCP & RA, when each  
> should
> be capable of working without the other.

Yeah.  Rants about the IETF should probably be directed elsewhere.

> As far as dnssec, while the question is valid, blaming the IPv6  
> design for
> not considering something that 10+ years later is still not
> deployed/deployable, is a bit of a stretch.

Uh, no.  That's not what I was saying.  I was saying that stateless  
auto-configuration made certain assumptions about how naming and  
addressing worked that weren't necessarily well thought out (clients  
updating the reverse directly in a DNSSEC-signed environment was just  
an example).  Perhaps it's just me, but it feels like there was a  
massive case of NIH syndrome in the IPv6 working groups that network  
operators are now paying the price for.  However, as I said, rants  
about the IETF should probably be directed elsewhere.

> > Or, we simply continue down the path of more NATv4.
> While this is the popular position, those that have thought about it  
> realize
> that what works for natv4 at the edge, does not work when that nat  
> is moved
> toward the core.

Yeah, multi-layer NAT sucks.  I was amazed when I was speaking with  
some African ISPs that had to go this way today because their telecoms  
regulatory regime required them to obtain addresses from the national  
PTT and that PTT only gave them a single address.  I would argue that  
if we want to avoid this outcome (and make no mistake, there are those  
who like this outcome as it means end users are only content  
consumers, which fits into their desired business models much more  
nicely), we need to make IPv6 look more like IPv4 so that network  
operators, end users, content providers, network application  
developers, etc., have minimal change in what they do, how they do it,  
or how they pay for it. Part of that is getting familiar tools (e.g.,  
DHCP, customer provisioning, management, etc.) working the way it  
works in IPv4.  Taking advantage of all the neato features IPv6 might  
provide can come later.

However, I have a sneaking suspicion it might already be too late...

Regards,
-drc