Re: V6 still not supported

[Dave Bell <me () geordish org>]

You can still do NAT with IPv6 like you ask for. It's been around over a
decade now:
https://datatracker.ietf.org/doc/html/rfc6296

On Thu, 17 Mar 2022 at 12:02, Matthew Huff <mhuff () ox com> wrote:

> Did you read his email? He was saying that what a lot of people wanted was
> IPv4 + bigger address space, and not any other changes. Speaking for
> myself, other than the bigger address space, for a corporate/enterprise
> environment I have yet to see any advantages of IPv6 and many, many issues.
>
>
>
> Information hiding, aka NAT is very important in the financial world.
>
>
>
> For example, we have a directly peered connection with our clearing
> partner at our co-location. Both sides use NAT. This way either side can
> make a network change without having to involve the other partner.
>
>
>
> Here is what happens without NAT (circa 2008), and yes, this really
> happened:
>
>
>
>    1. We needed to separate out process and move to a different server.
>    The existing server IP couldn’t change since other partners had it in their
>    access list.
>    2. It took 9 weeks and:
>       1. 3 conference calls including one with 30 participants from the
>       clearing company
>       2. 2 approvals by committees at the clearing company
>
>
>
> You can say that this was absurd and should be changed. Yes, but it won’t
> and we have no control over them.
>
>
>
> With NAT we can change internal IP addresses at any time as long as we
> update the NAT tables.
>
>
>
> This is not something important at ISP or hosting providers, but it’s many
> issues like this in the corporate world that prevent IPv6 adoption. Things
> like static addressing, consistent behavior of IPv6 across different
> operating systems including disabling SLAAC,  privacy addressing and others.
>
>
>
> Based on my experience and people on tech mailing list that are oriented
> toward enterprises, I would bet that IPv6 deployment (with global
> addresses) is significantly less than 10% nor is it on their horizon.
>
>
>
>
>
> *Matthew Huff* | Director of Technical Operations | OTA Management LLC
>
>
>
> *Office: 914-460-4039*
>
> *mhuff () ox com <mhuff () ox com> | **www.ox.com <http://www.ox.com>*
>
>
> *...........................................................................................................................................*
>
>
>
> *From:* NANOG <nanog-bounces+mhuff=ox.com () nanog org> * On Behalf Of *Tom
> Beecher
> *Sent:* Thursday, March 17, 2022 7:41 AM
> *To:* borg () uu3 net
> *Cc:* nanog () nanog org
> *Subject:* Re: V6 still not supported
>
>
>
> “It seems all the market needed was IPv4 with bigger address space.
> Instead of delivering it, some contraption has been created trying to solve
> non-existant (or already fixed) problems.”
>
>
>
> your argument against IPv6 is that they should have created a new version
> of IPv4, but bigger?
>
>
>
> So… IPv6?
>
>
>
> On Thu, Mar 17, 2022 at 06:32 <borg () uu3 net> wrote:
>
> It seems team developing IPv6 had ONE way of doing things,
> with is actually recipe for disaster. Why? Because they were building an IP
> protocol. Something that will be using globally by ALL networks around.
> Not some local IOT (useless) shit used here and there.
> Thats why such IP protocol should be follow KISS concept and flexibility.
> Some people have different vision how to run network. And because
> Inter-net is an AS to AS network they should have right to do so.
>
> In my opinion all that crypto stuff should be put layer upper because
> crypto is hard, very hard and can get obsolete quickly.
>
> Its same about other weird things embedded into IPv6 that probably
> should go layer up. And now people wonder why IPv6 adoption is crap and
> there is high resistance. IPv4 made mistakes too, but hell, it was the
> first.
>
> It seems all the market needed was IPv4 with bigger address space.
> Instead of delivering it, some contraption has been created trying to solve
> non-existant (or already fixed) problems.
>
> Just my 2 cents...
>
>
> ---------- Original message ----------
>
> From: William Allen Simpson <william.allen.simpson () gmail com>
> To: NANOG <nanog () nanog org>
> Subject: Re: V6 still not supported
> Date: Wed, 16 Mar 2022 22:24:14 -0400
>
> I'd wanted to clearly distinguish this from the old methods:
>
>    This is intended to replace ARP, ICMP Router Advertisement, ICMP
>    Redirect, ICMP Information, ICMP Mask, and OSPF Hello in the [IPv6]
>    environment. There are also elements of the OSI ES-IS and IS-IS Hello.
>
> We were forward looking to deployments of thousands of systems per link,
> rather
> than the 30 maximum under then current ethernet standards.  We needed fewer
> announcements, less chatty traffic, and more specific traffic designation.
>
> We also prioritized network security.  Moreover requiring addresses be
> ephemeral,
> such that applications would not be able to tie
> authentication/authorization to
> an
> IPv6 address and would be motivated to use cryptographic security.
>
> Unfortunately, later committees decided that rather than a single simpler
> secured
> address assignment scheme, we needed unsecured SLAAC and duplicate DHCPv6.
> Three ways to do the same thing are always a recipe for disaster.
>
> Reminder: I was an operator and one of the original NANOG members.
>
> We spent a lot of time considering human factors.  I'd pioneered the
> "Operational Considerations" section of the original draft RFCs.
>
> IPv6 is a case study of what happens with committee-itis.
>
> The small design team worked well.