RIPE 54

RIPE Meeting: 54
Working Group: IPv6
Status: Final
Revision Number: 1

-----------------------------------------------------------
RIPE IPv6 WG minutes for RIPE 54, Tallinn
-----------------------------------------------------------
WG: IPv6
Meeting: RIPE 54, Tallinn
Date: Thursday, 10 May 2007
Time: 17:00 - 18:00 (UTC +0300)
Chair: David Kessens
Minutes: Robert Kisteleki
Jabber: *
J-Scribe: Mark Dranse
J-Script: *
Audio-1: *
WG URL: http://www.ripe.net/ripe/wg/ipv6/index.html
Material: *
Agenda: *
--------------------------------------------------------

A. Administrative Matters (David Kessens)

One addition to the agenda was suggested on ESP usage.

--------------------------------------------------------

B. Quick Update from the RIPE NCC regarding IPv6 Services (Andrei Robachevsky)

Core whois server now fully supports IPv6, although from the outside world the change is not visible.
Passive FTP over IPv6 is not supported on our firewalls, therefore the FTP server is not behind the
firewall now.
The only service that has no IPv6 support now is maill, since some infrastructure behind our mail
servers (like SpamAssassin) does not support IPv6.

Questions/comments on this:

About e-mail and SpamAssassin: some people had similar experiences, yet others don't see this problem at all.

Q: Does the firewall vendor plan to fix the problem?
A: We are using Juniper Netscreen 2000, and there's no mention of a fix yet.

--------------------------------------------------------

C. Discussion - Problems With Route Header Type 0 (Merike Kaeo)

Questions/comments:

NetBSD has also solved the problem.
Cisco command mentioned in the presentation does not work in all cases.
When one does not use mobility, then it can be simply disabled. OTOH, one drawback of disabling
it is that actualy breaks mobility.
Documentation on this from vendors (Cisco) is hard to find.
Several attendeed expressed that deprecating might be an option, or "off by default" behaviour
from vendors. Giving some feedback to IETF or similar bodies could help with the problem.

--------------------------------------------------------

D. Follow-up: IPv6 in large cable systems (Alain Durand)

(agenda item swapped with E)

Comment: IPv6 security causes some concerns, eg. NAT related. IPv6 advocates usually do not
address this. Therefore communication about IPv6 should be cautious.

As a result of a quick survey, most of the attendees who already deployed IPv6 and thought
about its security, many adapted IPv4 security measures, very few applied IPv6 specific thinking.

One solution is to move (some of) the firewalling to the host instead of the routers. As a
side-effect it protects the hosts from each other too.

Q: Regarding the mentioned issues, what is the number one issue?
A: Provisioning (regarding DHCP6), also IDS.

--------------------------------------------------------

E. Follow-up: Global IPv6 routing table status (Gert Doering)

There was discussion about a re-appearing bogon IPv6 prefix, which has been investigated since.

--------------------------------------------------------

F. Feedback and experience with Windows Vista (input from the audience)

Some measurements (mainly in Europe) show growing IPv6 activity in the first quarter of
this year. Others (mainly in US) see it practically as a noise; but it varies
geographically, for example Redmond, WA is very different. Still others seee an actual decrease.

--------------------------------------------------------

G. Report(s) about *actual* v6 traffic volume as compared to v4?

(This was actually discussed tohether with F.)

--------------------------------------------------------

H. Developments/initiatives regarding IPv6 in the RIPE region and beyond
(input from the audience)

There will be an IPv6 conference in Cologne, Germany on 6 September sponsored/organized
by the German UNIX Users Group. The URL will be sent to the mailing list by Gert Doering.

--------------------------------------------------------

G (added at agenda bashing): AH vs. ESP null

No comments.

--------------------------------------------------------

Y. Input for the RIPE NCC Activity Plan (input from the audience)

None.