From tschaefer at t-online.de Sat May 27 10:45:18 2023 From: tschaefer at t-online.de (Thomas =?ISO-8859-1?Q?Sch=E4fer?=) Date: Sat, 27 May 2023 10:45:18 +0200 Subject: [ipv6-wg] IPv6-mostly IPv6-only(with dns64/nat64) dual stack at RIPE-meeting Message-ID: <1931446.PYKUYFuaPT@witz> Hi, during the closing plenary were considerations to remove the IPv6-only(with dns64/nat64) network/ssid the next time. I would vote for that. IPv6-mostly covers the traditional IPv6-only. Someone made the proposal to provide a real "ipv6 only" net/ssid instead (without nat64) My first thought was: Never, it will the people just frustrate. My second thought was: Let's try it! After the first shock - only 50% of the websites support IPv6 - we should provide tips for testing: - using public dns64 with own nat64 address space - VPN, the public ones like apple privacy relay, cloudflare warp ... - VPN, own organisation/company like eduvpn for NREN (e.g. DFN supports it, other institutes too, cisco anyconnect... -VPN personal, like wireguard/ipsec to AVMs fritzbox and others, openvpn NAS/ own setups Last but not least I propose to provide that special DNS-resolver: https://gitlab.com/miyurusankalpa/IPv6-dns-server It increases the amount of IPv6 capable destinations. Regards, Thomas From mdavids at forfun.net Sat May 27 12:28:24 2023 From: mdavids at forfun.net (Marco Davids) Date: Sat, 27 May 2023 12:28:24 +0200 Subject: [ipv6-wg] IPv6-mostly IPv6-only(with dns64/nat64) dual stack at RIPE-meeting In-Reply-To: <1931446.PYKUYFuaPT@witz> References: <1931446.PYKUYFuaPT@witz> Message-ID: Op 27-05-23 om 10:45 schreef Thomas Sch?fer: > during the closing plenary were considerations to remove the IPv6-only(with > dns64/nat64) network/ssid the next time. > > I would vote for that. IPv6-mostly covers the traditional IPv6-only. Yes, I agree. > Someone made the proposal to provide a real "ipv6 only" > Let's try it! A lot will break for sure. It's not just websites. The DNS may break as well. I have test domain that can *only* be resolved via IPv6 and it yielded in some interesting findings. If you would like to try: https://42.dnslabs.nl > - VPN, own organisation/company At our company we spent quite some effort is getting this right. And it is fun to open the VPN on an IPv6-only network and still get IPv4-access via the VPN. I guess what I'm trying to say is: it can be done! (but not many companies will have done it) -- Marco From gert at space.net Sat May 27 12:46:41 2023 From: gert at space.net (Gert Doering) Date: Sat, 27 May 2023 12:46:41 +0200 Subject: [ipv6-wg] IPv6-mostly IPv6-only(with dns64/nat64) dual stack at RIPE-meeting In-Reply-To: References: <1931446.PYKUYFuaPT@witz> Message-ID: Hi, On Sat, May 27, 2023 at 12:28:24PM +0200, Marco Davids via ipv6-wg wrote: > > - VPN, own organisation/company > > At our company we spent quite some effort is getting this right. And it > is fun to open the VPN on an IPv6-only network and still get IPv4-access > via the VPN. I guess what I'm trying to say is: it can be done! (but not > many companies will have done it) Off to the tangent of "what can we do for the enterprises" - this is actually one of the important things to do: enable IPv6 on the "outside" endpoints (webserver, mail server, VPN server!!), even if there is no IPv6 on the "inside" network yet. Different zones, different purpose, and "VPN endpoint with IPv6+IPv4" really helps clients sitting in an "IPv6 is good, IPv4 is CGNAT" access network. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From tschaefer at t-online.de Sat May 27 12:47:58 2023 From: tschaefer at t-online.de (tschaefer at t-online.de) Date: Sat, 27 May 2023 12:47:58 +0200 Subject: [ipv6-wg] IPv6-mostly IPv6-only(with dns64/nat64) dual stack at RIPE-meeting In-Reply-To: Message-ID: <4a040c01-364f-478f-a0d2-71f330f6f3fb@email.android.com> An HTML attachment was scrubbed... URL: From wilhelm at boeddinghaus.de Tue May 30 18:06:01 2023 From: wilhelm at boeddinghaus.de (Wilhelm Boeddinghaus) Date: Tue, 30 May 2023 18:06:01 +0200 Subject: [ipv6-wg] Clear Guidance for Enterprises Message-ID: <2795ecd6-8043-23ce-ebc3-09a3857db964@boeddinghaus.de> Hi, at the end of my talk during the RIPE86 IPv6 working group I promised to start work on a paper with clear guidance for enterprises to migrate their networks to IPv6. We have often wondere why enterprises do not migrate to IPv6. One possible answer is: They have no time and they lack knowledge. Many IT departments don't have any spare time for reading RFCs. From my understanding these IT departments don't need papers explaining the many possibilites to choose from. They need very clear guidance and examples. I am looking for 3 to 4 people who would like to start working on this with me. Peter Hessler contacted me during the meeting and he offered his help, time and expertise for this project. Thank you, Peter. Best, Wilhelm From mcr+ietf at sandelman.ca Tue May 30 18:50:03 2023 From: mcr+ietf at sandelman.ca (Michael Richardson) Date: Tue, 30 May 2023 12:50:03 -0400 Subject: [ipv6-wg] Clear Guidance for Enterprises In-Reply-To: <2795ecd6-8043-23ce-ebc3-09a3857db964@boeddinghaus.de> References: <2795ecd6-8043-23ce-ebc3-09a3857db964@boeddinghaus.de> Message-ID: <3431188.1685465403@dyas> Wilhelm Boeddinghaus wrote: > We have often wondere why enterprises do not migrate to IPv6. One > possible answer is: They have no time and they lack knowledge. Many IT > departments don't have any spare time for reading RFCs. They have no management mandate on spending their time on it. > From my understanding these IT departments don't need papers explaining > the many possibilites to choose from. They need very clear guidance and > examples. It's true that they need clear guidance, but since one size does not fit all, that doesn't help much. > I am looking for 3 to 4 people who would like to start working on this > with me. I suggest in order to be successful, one really needs an iterative approach. One needs to include actual IT departments, take their feedback, and iterate. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS* -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 658 bytes Desc: not available URL: From torbjorn.eklov at nordlo.com Wed May 31 08:02:00 2023 From: torbjorn.eklov at nordlo.com (=?utf-8?B?VG9yYmrDtnJuIEVrbMO2dg==?=) Date: Wed, 31 May 2023 06:02:00 +0000 Subject: [ipv6-wg] Clear Guidance for Enterprises In-Reply-To: <3431188.1685465403@dyas> References: <2795ecd6-8043-23ce-ebc3-09a3857db964@boeddinghaus.de> <3431188.1685465403@dyas> Message-ID: <7F3EA4D5-B51F-4990-86B6-001218A91DD6@nordlo.com> On 30 May 2023, at 18:50, Michael Richardson wrote: Wilhelm Boeddinghaus wrote: We have often wondere why enterprises do not migrate to IPv6. One possible answer is: They have no time and they lack knowledge. Many IT departments don't have any spare time for reading RFCs. They have no management mandate on spending their time on it. From my understanding these IT departments don't need papers explaining the many possibilites to choose from. They need very clear guidance and examples. It's true that they need clear guidance, but since one size does not fit all, that doesn't help much. I am looking for 3 to 4 people who would like to start working on this with me. I suggest in order to be successful, one really needs an iterative approach. One needs to include actual IT departments, take their feedback, and iterate. Hello, here is some work the Swedish Post and Telecom Authority have done. In Swedish but by Google Translate here. [pts_flagga_568x275_363x176.jpg] Till dig som IT-tekniker | PTS pts-se.translate.goog I have deployed IPv6 or been involved in many municpalities and enterprise since many years and I may help you with a short guide. My own reflections over the years is - keep it simple - Don?t build the most advanced, complex and handsome address plan - It isn?t a long project, often it?s about a few days to be done - Always dual stack so the staff have some thing to refer or fall back to - Main problem isn?t the internal network, it?s broken IPv6 services outside where Happy Eyeball don?t help you In some cases I have had training for the staff when we activate IPv6 in some segments. /Tobbe -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS* -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pts_flagga_568x275_363x176.jpg Type: image/jpeg Size: 70495 bytes Desc: pts_flagga_568x275_363x176.jpg URL: From Alexander.Koeppe at merckgroup.com Wed May 31 08:38:49 2023 From: Alexander.Koeppe at merckgroup.com (Alexander Koeppe) Date: Wed, 31 May 2023 06:38:49 +0000 Subject: [ipv6-wg] Clear Guidance for Enterprises In-Reply-To: <2795ecd6-8043-23ce-ebc3-09a3857db964@boeddinghaus.de> References: <2795ecd6-8043-23ce-ebc3-09a3857db964@boeddinghaus.de> Message-ID: Hi Wilhelm Me being a network engineer in an enterprise and an IPv6 enthusiast can say, that it even fails within the IT. Many IT workers, from server administrators over network consultants to application / solution designers still ignore IPv6 as an avoidable burden. Every time I talk vendor for a new product, they wince when I ask for IPv6 support - even today. And IPv6 support doesn't mean that all aspects are covered. Even in the space of network vendors, you feel the difference of maturity for IPv6 related support compared to the IPv4 related aspects of the solution when you try to thoroughly set it up for IPv6. The same goes on when going towards application space. With these constraints it's hard to encourage our own IT folks to just roll it out. >From my opinion, without companies being forced from top-down with a language managers understand (money or complaints), the move to IPv6 will remain at the micro-steps enthusiasts like me can afford and support. Alexander Koeppe This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith. Click merckgroup.com/disclaimer to access the German, French, Spanish, Portuguese, Turkish, Polish and Slovak versions of this disclaimer. Please find our Privacy Statement information by clicking here: merckgroup.com/privacy-statements-by-location From paolo.volpato at huawei.com Wed May 31 08:42:16 2023 From: paolo.volpato at huawei.com (Paolo Volpato) Date: Wed, 31 May 2023 06:42:16 +0000 Subject: [ipv6-wg] Clear Guidance for Enterprises In-Reply-To: <2795ecd6-8043-23ce-ebc3-09a3857db964@boeddinghaus.de> References: <2795ecd6-8043-23ce-ebc3-09a3857db964@boeddinghaus.de> Message-ID: <22967e97e97c4a59966b9ecb9d1676d5@huawei.com> Hi Wilhelm, In addition, I would add that they also lack the budget to consider deploying IPv6, meaning that enterprises don't consider IPv6 as a priority. At least, this is what we found during the editing of RFC 9386 on IPv6 deployment status. I would be happy to contribute to this effort. Best regards Paolo -----Original Message----- From: ipv6-wg On Behalf Of Wilhelm Boeddinghaus Sent: Tuesday, May 30, 2023 6:06 PM To: ipv6-wg at ripe.net Subject: [ipv6-wg] Clear Guidance for Enterprises Hi, at the end of my talk during the RIPE86 IPv6 working group I promised to start work on a paper with clear guidance for enterprises to migrate their networks to IPv6. We have often wondere why enterprises do not migrate to IPv6. One possible answer is: They have no time and they lack knowledge. Many IT departments don't have any spare time for reading RFCs. From my understanding these IT departments don't need papers explaining the many possibilites to choose from. They need very clear guidance and examples. I am looking for 3 to 4 people who would like to start working on this with me. Peter Hessler contacted me during the meeting and he offered his help, time and expertise for this project. Thank you, Peter. Best, Wilhelm -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg From andreas.springob at aldi-sued.com Wed May 31 08:52:29 2023 From: andreas.springob at aldi-sued.com (Springob, Andreas (IIT-CSS/Network & Identity Solutions)) Date: Wed, 31 May 2023 06:52:29 +0000 Subject: [ipv6-wg] Clear Guidance for Enterprises In-Reply-To: <22967e97e97c4a59966b9ecb9d1676d5@huawei.com> References: <2795ecd6-8043-23ce-ebc3-09a3857db964@boeddinghaus.de> <22967e97e97c4a59966b9ecb9d1676d5@huawei.com> Message-ID: Hi Wilhelm, Lot of things were said and all are correct. Lack of knowledge, budget, priority, interest, projects, success. It might be rather an approach for RIPE and other RIRs to get in contact with governmental units, setting up legislation as with the office of management and budget in the US: https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-07.pdf / "Completing the Transition to Internet Protocol Version 6 (IPv6)" I believe that no government will successfully force companies by laws, but it'll be rather an idea to start with governmental department and public services first things. Submitting companies' annual financial statements, registering cars, health related information to public insurances via IPV6 only would massively help. But that's a long road. RIRs might help with consulting for free / small charge, but without governments and legislation, companies do what they're supposed to... earning revenue with minimum effort. If there's any request for support in a small working group, you can contact me for further discussions. -----Original Message----- From: ipv6-wg On Behalf Of Paolo Volpato via ipv6-wg Sent: Mittwoch, 31. Mai 2023 08:42 To: Wilhelm Boeddinghaus Cc: ipv6-wg at ripe.net Subject: Re: [ipv6-wg] Clear Guidance for Enterprises Caution: This email originated from outside of the ALDI-HOFER organisation. If the content looks suspicious, please report this email via the "Phish Alert Report" button or the ServiceNow request "Report Security Event". Do not click on any links or open attachments unless you recognise the sender's email address and you are sure the content is safe. Hi Wilhelm, In addition, I would add that they also lack the budget to consider deploying IPv6, meaning that enterprises don't consider IPv6 as a priority. At least, this is what we found during the editing of RFC 9386 on IPv6 deployment status. I would be happy to contribute to this effort. Best regards Paolo -----Original Message----- From: ipv6-wg On Behalf Of Wilhelm Boeddinghaus Sent: Tuesday, May 30, 2023 6:06 PM To: ipv6-wg at ripe.net Subject: [ipv6-wg] Clear Guidance for Enterprises Hi, at the end of my talk during the RIPE86 IPv6 working group I promised to start work on a paper with clear guidance for enterprises to migrate their networks to IPv6. We have often wondere why enterprises do not migrate to IPv6. One possible answer is: They have no time and they lack knowledge. Many IT departments don't have any spare time for reading RFCs. From my understanding these IT departments don't need papers explaining the many possibilites to choose from. They need very clear guidance and examples. I am looking for 3 to 4 people who would like to start working on this with me. Peter Hessler contacted me during the meeting and he offered his help, time and expertise for this project. Thank you, Peter. Best, Wilhelm -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 1026 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2738 bytes Desc: not available URL: From leo at vegoda.org Wed May 31 15:35:52 2023 From: leo at vegoda.org (Leo Vegoda) Date: Wed, 31 May 2023 06:35:52 -0700 Subject: [ipv6-wg] Clear Guidance for Enterprises In-Reply-To: References: <2795ecd6-8043-23ce-ebc3-09a3857db964@boeddinghaus.de> <22967e97e97c4a59966b9ecb9d1676d5@huawei.com> Message-ID: Hi, On Tue, 30 May 2023 at 23:52, Springob, Andreas (IIT-CSS/Network & Identity Solutions) wrote: > > Hi Wilhelm, > > Lot of things were said and all are correct. Lack of knowledge, budget, priority, interest, projects, success. It might be rather an approach for RIPE and other RIRs to get in contact with governmental units, setting up legislation as with the office of management and budget in the US: The RIPE NCC has done this - and probably still does it. When I attended these meetings in the past there was pushback from civil servants. Governments often struggle to get more than two qualified vendors for many contracts. The civil servants were concerned that adding an IPv6 requirement would further reduce competition and make managing cost more difficult. Kind regards, Leo From Alexander.Koeppe at merckgroup.com Wed May 31 15:55:55 2023 From: Alexander.Koeppe at merckgroup.com (Alexander Koeppe) Date: Wed, 31 May 2023 13:55:55 +0000 Subject: [ipv6-wg] Clear Guidance for Enterprises In-Reply-To: References: <2795ecd6-8043-23ce-ebc3-09a3857db964@boeddinghaus.de> <22967e97e97c4a59966b9ecb9d1676d5@huawei.com> Message-ID: Hi > The civil servants were concerned that adding an IPv6 requirement would further reduce competition and make managing cost more difficult. And this is - in my opinion - just a reflection of the typical counter-argument coming from these IT consultants being reluctant getting their hands dirty with IPv6 and postulate "why should I need IPv6, everything works with IPv4 though". Alexander Koeppe This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith. Click merckgroup.com/disclaimer to access the German, French, Spanish, Portuguese, Turkish, Polish and Slovak versions of this disclaimer. Please find our Privacy Statement information by clicking here: merckgroup.com/privacy-statements-by-location