IPv6 Working Group Minutes RIPE 72

IPv6 WG meeting (first session)

Date: 25 May 2016, 14:00 - 15:30
Scribe: Mirjam Kühne
WG chairs: Anna Wilson, Jen Linkova, Benedikt Stockebrand

A. Welcome and Administrivia

The presentation is available at:
https://ripe72.ripe.net/presentations/113-RIPE72_IPv6_WG_Session1.pdf

Anna Wilson opened the session. She said that unfortunately the minutes from the last session hadn't been circulated yet but that would happen soon for approval.

She added that the term of one of the co-chairs would expire at RIPE 73.

B. Large Packets in IPv6 - Geoff Huston

The presentation is available at:
https://ripe72.ripe.net/presentations/67-2016-05-23-bigipv6.pdf

There were no questions

C. Community WiFi and IPv6 - John Brzozowski

The presentation is available at:
https://ripe72.ripe.net/presentations/125-comcast.ripe72_ipv6_wifi.v0.pdf

Jan Zorz commented that giving a /64 to each device brings up more possibilities than imaginable and that they could give an IP address to each demon or host so that they could can stop using ports. He added that a web server could simply be an IP address instead of an IP address plus a port. Jan thought that this is a great way forward.

Erik Muller wondered why John didn’t mention captive portal and asked if this is something John is addressing.

John responded that yes, they do have captive portal but captive portal means so many different things for different people he didn’t want to go into it during his presentation. But he agreed that it is an important part.

Aaron Hughes provided some feeedback and said that Wi-Fi on the inside that would be great and that he can think of many use cases for that.

D. IPv6 and DNS[SECI64] - Jen Linkova

The presentation is available at:
https://ripe72.ripe.net/presentations/128-IPv6-Only-DNS64-and-DNSSEC3.pdf

Sander Steffann commented that what Jen showed didn't make it any more secure because he could lie to her in the first instance (giving his own IP address and DNS record) and then he would be signing his own record.

Ondrej Caletka said he thought it should work by getting the PTR record. So you'd have a list of trusted addresses in the IPv6 system but nobody says how to fill this list. He added that it was best to avoid such security issues to use the well known prefix.

Paul Hoffman commented that Jen was proposing to cut-off valuable security servers but also taking a most contentious protocol coming out of the IETF and making it even more complex. He said it wasn't a good idea and that pre-configuring would solve a lot of this.

Geoff agreed that it was is a bad idea.

Ondrej Caletka commented that DNS64 discovery software is implemented in DNS trigger software and that the problem was that it has lower priority.

Geoff said that 6to4 has shown that tunnels are really bad. He added that lying in the DNS is also really bad. He said that what they should be thinking about as how did they get into this place that DNS is lying to them. Maybe DNS64 was a really bad idea.

Jen said that she believed they still needed to use some dirty hacks because there was no proper way to do this. They need to get all the devices on a v6-only network.

Geoff commented that it was a tradeoff. What they want is validation on end hosts. He said he understood the need for it but thinks that the costs are too high.

Benedikt said that the problem with NAT64 was that it breaks all kinds of things. An alternative could be application-level services.

John said that the fact that NAT64 is breaking stuff is a feature, not a bug because when it breaks things, it will lead to better IPv6 support in the end. He said that no, they don’t want to break DNSSEC, but they were trying to prepare for IPv6-only networks. His answer would be: give me a AAAA record.

E. Real Life Use Cases and Challenges When Implementing Link-local Addressing Only Networks as of RFC 7404 (Enno Rey)

The presentation is available at:
https://ripe72.ripe.net/presentations/122-ERNW_RIPE72_IPv6wg_RFC7404.pdf

Jan Zorz commented as an operator that troubleshooting doesn’t work with what Enno was suggesting.

Jen said that it was not a BCP for a wider range of networks, but it was one solution for one specific network architecture.

Gerd Doering said in the discussion leading to the RFC he was in the opposing camp. The document now was more balanced. It was good that Enno presented this. He said he still wouldn't use it because his network looked different.

Blake Willis thanked the authors for the RFC. He said that he actually read it and tried to use it. But it didn't work with IPv6 or IPv4 (link local). He said it made a lot of sense from a design point of view. He asked if they really wanted their vendors to implement this and open more ways to break things.

Tom Hill said he thought it was very cool as an extension to the existing model. He didn’t see a major problem with it and hoped his vendor implements it.

Marco Marzetti said it would be a good solution for large enterprises but it would never work with MPLS because it breaks traffic engineering. He added that there were many reasons for not implementing it. It is good for IDP, but not for the rest.

Erik Vyncke agreed that it doesn’t apply to all use cases. He also confirmed that there is a bug and will be fixed.

IPv6 WG meeting (second session)

Date: 25 May 2016, 16:00 - 17:30
Scribe: Mirjam Kühne

A. Administrative Matters

B. IPv6 Deployment in Latin America and the Caribbean Region - Guillermo Cicileo

The presentation is available at:
https://ripe72.ripe.net/wp-content/uploads/presentations/179-IPv6-LACNIC_RIPE72.pdf

Jan Zorz said he was surprised to see that Guillermo said that operators (and mobile operators) were not looking into deploying by NAT64. Usually it is those operators who use NAT64. He was wondering why it was different in the LACNIC region.

Guillermo said he didn’t really know. He added that when they interviewed the operators, they were not considering that model. Instead they’re using Carrier-Grate NAT on their mobile network and others for broadband fixed access, because they think that for the mobile users, it's enough to provide CGN and IPv4 rather than IPv6. He added that they were trying to change that perception.

Jan suggested for the next LACNIC meeting to organise a presentation on how CGN for IPv4-only has no exit strategy. Jan also noticed that Guillermo said that CPEs are not ready for IPv6 and thanked the LACNIC BCOP group who helped translate the ripe-544 document into Spanish.

Jen said that on one of Guillermo’s slides it looked like IPv6 is the the cheapest option and was wondering if this is really the case.

Guillermo responded that it depends on the parameters they choose: if you have a small growth rate, staying with IPv4 can be a solution now, but only short-term.

C. Going IPv6-only at Home Luuk Hendriks

The presentation is available at:
https://ripe72.ripe.net/wp-content/uploads/presentations/180-slides_luuk_v6_ripe72.pdf

Ondrej Caletka said he assumed that Luuk didn't have a smart TV or a SIP phone at home. Otherwise he would have noticed that there is no smart TV out there that knows anything but IPv4.

Luuk confirmed that he doesn’t have a smart TV or even a dumb TV.

Ondrej also reported that he connected to the RIPE Meeting IPv6-only network and had not experienced any problems.

Benedikt made a few suggestions that would improve a number of things in Luuk’s setup.

Vaibhav Bajpai said that he had dual-stack at home. He was wondering what the motivation would be to run NAT64 or IPv6-only at home. Just because something can be done, doesn’t mean it is a valuable thing to do.

Luuk agreed and said that for him it was valuable, because he learned a lot.

Jen added that if you develop any applications for the Apple store, that might be a good motivation for him.

Dmitry Kohmanyuk asked if Luuk tried to run this over an IPv6 tunnel (this could be useful for those who don’t have native IPv6).

Luuk confirmed that this was possible. In fact he has a tunnel at home, not native.

Dmitry also asked if Luuk used a VPN that is running over IPv6-only.

Luuk said he didn’t and that this might be a good thing to test next.

Elvis Velea reported that Skype and Dropbox didn’t work on the IPv6-only network here at the RIPE Meeting.

Jen responded that this is known and had been reported.

Randy Bush concluded that it was disgusting to see that in 2016 they still cannot easily run an IPv6-only network.

D. IPv6 Availability of Open Source Code Repositories - Wolfgang Zenker

The presentation is available at:
https://ripe72.ripe.net/wp-content/uploads/presentations/180-slides_luuk_v6_ripe72.pdf

Benedikt commented that the answer to Wolfgang’s question is obviously “YES” and added that they had to do all of this to make people aware of things.

Philippe Duke said that there is a problem with some of the repositories for free software and asked everyone to please take care of the AAAA records.

Wolfgang responded that he assumed that everyone who had a AAAA record was also reachable over IPv6 but that might not always be the case.

E. How to Make Trouble for Yourself - You Build an IPv6-Only Network in 2016 - Roger Jørgensen and Ola Thoresen

The presentation is available at:
https://ripe72.ripe.net/wp-content/uploads/presentations/136-How-to-make-trouble-for-yourself.pdf

Dusan Vuckovic thanked the speakers for the good work and said it was very bold to do this. He said they've heard about home implementation since 2012. So there is a an elephant in the room. Maybe if Apple came out with an IPv6-only phone, it would change.

Tom Hill added that two years ago he tried todo something similar and gave a similar presentation and came to very similar conclusions. There were problems with different vendors etc. He advised people to report these problems back to their vendor. The more people who do this, the better.

Gert Doering commented that the speakers came here to present their experiences which in summary were that there are still roadblocks, but it is possible. So there is no more excuse to stick with IPv4 only.

Roger said that they didn’t really have a choice.

An audience speaker reported that he needed to set up a test environment with Juniper and it broke in many ways.

Nathalie Trenaman commented on an earlier remark on why no numbers on IPv6 adoption were presented at this meeting. She said she was very impressed with the quality of the IPv6-WG agenda and thought real deployment stories are more important than statistics. But she hears people would appreciate an update on the statistics, so she will do that next time.

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum