IPv6 Working Group Minutes - RIPE 83

Date: 25 November, 13:00-14:00 (UTC+1)
Chairs: Raymond Jetten, Benedikt Stockebrand
Scribe: Suzanne Taylor
Status: Draft

Welcome, Administrative Matters

Raymond Jetten, Working Group Co-Chair

Raymond Jetten, Working Group Co-Chair, welcomed everyone to the session and went over some rules of engagement.

There were no questions or comments.

Building IPv4 Islands for Fun and Profit

Nico Schottelius, ungleich

This presentation is available at:
https://ripe83.ripe.net/wp-content/uploads/presentations/86-ripe83-ipv4-islands-for-fun-and-profit.pdf

Nico discussed the technical details of how to set up IPv6-only networks that need to incorporate IPv6-incompatible devices (such as x-ray or ultrasound scanners, LoraWAN gateways, printers, power plants) by setting up IPv4 “islands” for those devices. 

Benedikt Stockebrand commented that there are many different approaches to this issue and that if this particular method doesn’t work, then attendees should be encouraged to reach out on the mailing list rather than simply give up on deploying IPv6. Nico said he fully agreed.

Michael Richardson, Sandelman Software Works, thanked Nico for his explanation and said he had also been doing something similar. He said he thought another name is needed, however, other than “islands”. Nico said he was open to other suggestions. Raymond suggested that ideas could be discussed on the mailing list.

There were no further questions or comments.

To ULA or not ULA

Nico Schottelius

This presentation is available at:
https://ripe83.ripe.net/wp-content/uploads/presentations/87-ripe83-to-ula-or-not-ula.pdf

In his second presentation, Nico gave an overview of ULAs (unique local addresses), which are used in community networks and other use cases but aren’t generally visible on the Internet. He explained how his company has been asked to run a ULA registry and asked for opinions about how – and whether there was consensus – to support community projects by running a ULA registry.

Jordi Palet Martínez, Moremar - The IPv6 Company, said that the right way to have a registry is to revive the ULA-Central work, which he tried already in the IETF and with the RIRs. He said there is possibly a need for a global policy on running a central IANA registry or coordination for that among the RIRs, but that it didn’t work. He offered to continue working on that if there were community support.

Nico said that was an interesting approach and that there were also recent discussions around where to register IP space for aerospace technology and that this could be a way to go, or that the RIRs could have a subsection for ULA community space. He said he would reach out to Jordi after the meeting.

Niall O’Reilly, speaking as a “ULA user”, asked Nico whether he imported registrations from SixXS to the new registry. Nico responded that everything had been imported and that some have already been deleted because they saw old information in the registry.

Marco Hogewoning, RIPE NCC, said that the EU Cybersecurity Strategy suggests a possible sunset clause for IPv4 if insufficient progress is made with IPv6 and asked what the RIPE community thought could be done other than avoiding legislation to force a particular technical choice. He asked whether the community, for example, would advise forcing the use of IPv6 or discouraging the use (or forcing the disuse) of IPv4. He commented that this strategy is focuses on the market and not just the public sector.

Nico said that is a difficult question. He said the market is already at play, given the increasing price of IPv4 and that some governments are going IPv6-only. He said that an RIR like the RIPE NCC can encourage IPv6 deployment, and that he sees a role for open-source solutions to support this shift and enable bottom-up development and innovation.

Rüdiger Volk, my UNorganized self, said he remembered when Internet number resources were essentially available for free and the one registry was funded by the US federal government. He said that, in order to support communities that were outside of the very small Internet at the time that wanted to install TCP/IP locally or regionally with a limited view to interconnect globally, volunteers started to hand out things and get centrally registered space and create sub-registries. Essentially, he said, the RIPE NCC registry grew from there.

He said he felt that if the address space you’re using has enough free resources for everyone to be globally unique, then you should do that – but if the current ICANN anchored registry system doesn’t offer a way for all communities to adequately address their needs, that should be a trigger to question how to do that. He said that, in some ways, the precursor to ULA was the RFC 1918 space, but it was meant to just be local and was not meant to require a registry (unless your enterprise network isn’t connected to anything else and runs as a very closed system, in which case a local registry might be used).

Nico said he saw Rüdiger’s point and said that perhaps this work should be a community/volunteer effort. He said this topic already came up on the IETF mailing list, along with the usual question of who would pay for the project. He said the idea of handing out GUA (global unique addresses) was also discussed on the IETF mailing list, which he thought was good, as it would offer uniqueness along with global addressability. He added that sponsoring the address space is one thing, but sponsoring the work was another thing and being recognised, a third consideration. He encouraged anyone interested in contributing to the project to contact him.

Peter Hessler, speaking as an “open source enthusiast”, asked how much space the community should request from the RIPE NCC if it were to group together and form a LIR to request and manage IPv6 address space.

Nico said you can start with a /32 and simply request another as needed, because the addresses don’t need to be consecutive. Raymond added that you can get a /29 without any justification.

Michael Richardson said he had been a proponent of a non-connected IPv6 space for a long time and that he had first come across this before in using it in a data centre through VPNs as a management network. He said that in his experience, these inevitably leak and when they do, you don’t know who to tell. He said this was also why he doesn’t like ULA random. He said that the value of Whois is high and provides a feeling that no one will come and do something terrible to you because you’re using the address space. He also said the possibility of reverse DNS really matters in IPv6 space. For those reasons, he said he would like to have a registry but was agnostic as to whether it should be a /29 of carefully managed global address space that is unannounced in RPKI, or ULA central or fd/8 if that were ever to work. He said there should be a nominal, one-time fee to register the space. He said he oftens sees a need for this in equipment chassis and gave the example of a networked fishing boat. He said he would rather it wasn’t RFC1918 but IPv6, and if there were too much paperwork, you could use 1.1 or 11 network because 1918 is on the other interface and using NAT, so you don’t know what is there. He said engineers don’t use IPv6 because they think they can’t get it and don’t use ULA random because they need something different for every boat (in the example), which is correct, but he said it should be within the network you own. He said the community needs to enable this and that a small registration fee should make it your own in perpetuity.

Benedikt said that one use case that tends to be forgotten about, as most in the community are LIRs, is having a provider aggregated addresses and wanting to maintain some independence from your ISP, ULAs can be very helpful in renumbering. He said there’s a big difference between IPv4 and IPv6 in that IPv6 was designed to support multiple addresses per interface, and this can be very useful. He also cautioned against starting a separate address space that is sort of connected with people using ULAs across the Internet via tunnels where they really shouldn’t.

Raymond closed the queue to further questions in the interest of time.

Jeroen Massar, Massar Networking, commented later in the chat that the SixXS ULA Registry was a practical joke and that many people are still falling for it. He added that ULA is so random (if done right) that you will never collide with another /48. He shared that the ULA RFC shows a nice table and that if you would make 10,000 connections to other networks, the probability that you have a collision is 4.54*10^-05. He added that you will have better odds playing lottery instead. He pointed out that there already had been collisions in the SixXS ULA registry because people did not randomly generate their prefix. He said that the moment you want a “check if the prefix is used” you got the RIR system: somebody needs to maintain that list of numbers. That is why ULA-C went nowhere, as it would just be a new RIR. He said that the other thing was that everything that gets connected will want Internet access at one point or another and that using RIR-provided address space solves all of that. Jeroen also felt that this was an IETF matter and that it went nowhere because the issue it aimed to solve was already solved using real addresses.

RIPE-554bis

Jan Žorž, 6connect

This presentation is available at:
https://ripe83.ripe.net/wp-content/uploads/presentations/73-RIPE554bis-RIPE83.pdf

Jan gave some background and history on updating RIPE-554 and RIPE-554bis, which provides guidance on how to procure IPv6-capable equipment and software for enterprises. He explained which updates were deemed necessary, such as adding fundamental RFCs like “IPv6 over Ethernet” and removing BOUNDv6, as it no longer exists. There are new requirements for hosts and enterprise/ISP switches, and some other changes for routers, CPEs, mobile devices, load balancers and software. He stressed the need to publish an update to RIPE-554 as soon as possible and asked the group whether there was consensus on RIPE-554bis.

Blake Willis, Zayo, asked whether RFC8950/RFC5549 BGP tunnel signalling was within the document’s scope. Jan replied that it included IPv6-specific things and he would need to look into it. Sander Steffann, 6connect and RIPE-554bis co-author, said he was also not certain. Jan said he did not think RFC8950 was included but that they could consider it for the next version, as they didn’t want to expand the scope of this version since it would take too long to update it.

Éric Vyncke, Cisco and IETF but speaking mainly as an “IPv6 evangelist”, said he couldn’t find in the draft RIPE-554bis document Jan’s reference during his presentation to not using a /64 and RFC8200 now including atomic/overlapping fragments. Jan said the RFC8200 was in the section on requirements for host equipment, and that it’s basically the same document, just updated. Sander said he thought he found the section that Éric was referring to, which was from RFC7608 (IPv6 prefix length recommendations for forwarding), which mentions that prefix lengths longer than /64 must be supported in forwarding. Éric said the other two RFCs mentioned were removed from the RIPE-554bis document and that the presentation had not been updated to reflect the most recent Google doc.

Christoph Berkemeier, DB Station & Service AG, asked whether Jan was aware of automated or semi-automated test scripts/environments for the recommendations. Jan responded that this was a mistake many people were making, and that the document was meant to be used as a template. He said that, for example, “if support for tunnelling and duo-stack is required, the device must support basic transition mechanisms for IPv6 hosts and routers” then it could be technically possible to build a script to test this, but you would need to include everything you want and need, which would be complicated. He said that you need to take the parts of the document that apply to your situation. But, he said, if someone wanted to build something like that, then he would be happy to include it. Sander said that Blake Willis was referring on the chat to the University of New Hampshire’s independent testing lab. Jan said there are asterisks on some of the requirements in the draft policy that indicate they are being tested.

Jan asked the collective whether there was consensus.

Benedikt said that no one would complain if they wanted to do the work. Raymond said he was happy to move forward but suggested leaving the mailing list open until the following Wednesday for any other potential objections to consensus, which Jan agreed to.

Jan and Raymond thanked everyone for their hard work.

Raymond thanked the scribe and said that there had been no comments on the minutes from RIPE 82, which had been online for some time, so declared them approved. He said that he hoped to see everyone at a meeting in person soon and closed the session.

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum