[BBLISA] anybody doing IPv6 for real operations?/possible presentation topic
Dean Anderson
dean at av8.com
Sat Mar 13 13:24:14 EST 2010
On Fri, 12 Mar 2010, Internaut at Large wrote:
> Greetings,
>
> On Fri, 2010-03-12 at 17:25 -0500, Dean Anderson wrote:
> > On Fri, 12 Mar 2010, Tom Limoncelli wrote:
> >
> > > > Except that there is no killer IPV6 app or service. There is no one
> > > > thing that anyone "just has to do". After 15 years of pie in sky,
> > > > IPV6
> > >
> > > Oh please, can't we all just get along?
> > >
> > > Slow down, cowboy. I didn't say IPv6 was good or bad. Did I?
> >
> > No...
>
> Hrm ... IPSec is a pretty good killer app. And the fact that the US
> Government has mandated being ready for it, is pretty good in my book as
> well.
IPSec runs on IPv4. Its no reason to change to IPV6. It could easily
run on CLNS, too. Its no reason to change to CLNS, either.
> not an ISP, I want my machines reachable by number not having to
> create temporary, elaborate SSH tunnels all over the place to get
> through the NAT at my work, through the NAT at the ISP, and then
> through the third NAT at my house, because IPv4 is scarce.
Ah. Well, to the extent the ISP will allow that, CLNS enables a wider
address space, too. But ISPs dont' want to allow this for commercial
reasons and because that's what botnets need, as well, while mom&pop
don't really need it.
> I think "having my machines be servers and reachable" is rather nice.
Sure it would be. But IPV6 isn't going to deliver that for
administrative reasons; its turned off by the ISP. CLNS will be exactly
the same in that respect: Possible, but home computers as servers isn't
going to fly. Certainly not for everyone.
> And having IPSec built in is also a bonus.
Its built into IPV4, too.
> > All the bells and whistles of IPV6 have been cut out.
>
> Which of your favorite toys were cut out? Let's see, IPSec, Automatic
> recognization via MAC address, ISP independence, and ... well ...
> access. Those are nice bells and whistles for me.
I think you misunderstand something about IPSec. It has nothing to do
with IPV6, per se. IPV4 also has "Automatic recognization via MAC
address" (DHCP). But IPv6 doesn't have ISP independence, and never did.
> > Really all you have left is wider addresses and a slew of
> > brokenness to use it. And IPV6 will be slower and go less places.
>
> Why will it be slower and go less places? I mean, that's what people
> said when we were switching from UUCP to IPv4, that so few people use
> it, most of the network will remain UUCP ...
I never heard anyone say that. I had UUCP leased lines back in the day.
Everyone I knew was craving the internet connection, back when you had
to have a research purpose to get a connection.
It will be slower because of the large packet size and lack of payload,
and because of the tunnels, and because DNS will fall back to TCP and
take much longer; because tunnels are inefficient ways to communicate.
and these "misfeatures" will keep people wanting IPV4 protocols.
> > > Discussions of beauty and truth weren't requested.
> >
> > No, but discussion of practicality is. IPV6 isn't practical, CLNS
> > actually is.
>
> CLNS and TP4 are useful if you are an ISP, but for a standard company?
> You've got to be kidding. Using a "Connectionless" interface, hoping
> your packets get there?
IP is connectionless. We seem to get by.
> I'd rather use X.25, thank you very much.
You did, and do now. Frame Relay was X.25 simplified. MPLS is frame
relay fast. We used Frame Relay and now MPLS to deliver IP packets.
> And, in case you missed it, I'm very happy about IPSec which CLNS has no
> concept of security for.
You could run IPSec over CLNS.
> I mean, it's great for telephones, and ... Decnet (remember that?) but
> ... really, unless you are an ISP, it's somewhat ... the wrong tool
> for the job.
Actualy, the ISO protocols are related to Decnet; You wouldn't be too
far wrong in saying it is Decnet standardized and generalized for a
global network.
CLNS has nothing more to do with telephones than IP does. The ITU also
write standards for ISDN and SS7, but those are entirely different
protocols, not even related by derivation.
> > > You called IPv6 a failure. Technically, we won't know if it is a
> > > failure until we run out of IPv4 addresses. I never thought it would
> > > actually be deployed until the last minute. Did anyone fix Y2K issues
> > > in the 1980s?
> >
> > Failure and futile efforts at deployment are different. Before you get
> > root to 20,000 routers, you need to have a plan, not just a wonderful
> > vision of utopia after the revolution.
>
> Now that sounds _exactly_ like a quote from the beginning of the Y2K
> years. Remember Microsoft 98 (released two years before Y2K) needed Y2K
> patches. Besides, many routers already run IS-IS, which is happy to
> pass IPv6. Oh, wait, you make that point elsewhere, so ... aren't you
> arguing both sides of this?
No. We have to setup CLNS & IS-IS to get IPV6. But rather than go on
to IPV6, having already setup CLNS and IS-IS, we should just use CLNS
for everything. Which just means dropping TCP and UDP, IPSec, etc onto
CLNS framed packets.
> > > True, there are no killer apps today. Except the 2 that I mentioned.
> > > The other killer app is "any ISP that has a business plan that depends
> > > on growth past 2012". That's a very meaningful and real business case
> > > for ISPs, hosting companies, and large web-based businesses. Sadly
> > > there aren't more than handful of those in the world. Plus, that's an
> > > indirect benefit. People don't buy a car, they buy a way to get from
> > > point A to point B.
> >
> > ISPs will continue to grow after 2012 on IPV4. End users get more NATs.
> > E.g Comcast needs very few public IP addresses. Comcast doesn't need a
> > nationwide-unique RFC1918 address space either (they complained that
> > they have more than 24 million devices) Most of the billions of IPV4
> > users are residential clients of a few million servers. Only servers
> > need public IP addresses. There really aren't that many servers,
> > especially when you consider that a load balancer only needs one IP to
> > front many servers.
>
> Right, I forgot, you are ISP-centric.
I wouldn't go that far. I serve and consult to companies, who just want
to get information from one place to another. I've never met a CEO who
cared much what protocol was used to do that.
> The rest of us who actually look at our machines as _servers_ are not
> being served by your idea of a good network. Really.
Companies usually have servers. AV8 specializes in companies.
Residential customers generally don't have servers. Unless you are an IT
guy (like those on BBLISA), /most/ people don't run servers at home.
Getting a static IP from Comcast or Verizon (etc) is always a pain in
the butt. Services like dyndns exist just to service people like us
that have servers at home on slowly changing non-static IPs. Some
residential providers have completely removed public IPs from their
customers to prevent them from running servers.
Changing to IPV6 or CLNS isn't going to change the administrative rules.
If you think that you will get to run a server at home under IPV6, I
think you are mistaken. It isn't lack of IP space that prevents that
now. Its administrative rules; the residential carriers don't want to
allow that. The tools to prevent that are getting quite sophisticated,
and don't go away because they change to IPv6.
> > After that, IP addresses are used for infrastructure. CLNS can be
> > used instead, again without router upgrades. There's no need for
> > routers to have IPV4 addresses; they just have to be able to route
> > CLNS packets that connect users to servers. Think MPLS on the global
> > network.
>
> Actually, a lot of routers, while happy with IS-IS, don't have CLNS or
> X.25 enabled on them. We're back to your "root on 20,000 routers"
> problem, I think.
You aren't the first to be confused by the requirements for running
IS-IS, or the relation of X.25 to CLNS. I think it has to do with
muliple standards bodies naming entirely unrelated protocols with "X" as
the first letter. I can't explain why they did that. X.25 has no
relationship to CLNS, just like ISDN and SS7 have no relationship to
CLNS; X.25 was a forerunner to frame relay and MPLS, and was
standardized by CCITT, a completely different organization from the
ITU/ISO. Anyway, in order to run IS-IS (routing protocol over CLNS) you
have to enable CLNS protocol on the interface and give the router a ISO
address, and each the interface an ISO network.
Once IS-IS is working, ISO CLNS frames will be routed thoughout the
network. Other things can send and recieve CLNS frames besides IS-IS.
IS-IS is very similar to OSPF. To run OSPF, you need the router to have
an IP address, and you need each interface to have an IP network. Once
you get OSPF running, IP frames will be routed thoughout the network.
To say that you can run IS-IS without CLNS is like saying you can run
OSPF without IP.
To say that you can have IS-IS working, but not route other CLNS packets
is like saying you can have OSPF working, but can't route other IP
packets (like telnet).
> > > Will there be an app that directly draws people to IPv6? No. It
> > > is a chicken and egg problem. However, AFTER ipv6 is widely
> > > deployed I predict killer apps will arise.
> >
> > After I win the lottery, I predict BBLISA will have free beer and
> > massages at every meeting. Don't hold your breath, I don't play the
> > lottery.
>
> No, but those of us who do find windfalls often share it, so ... your
> argument lacks, my friend.
It does lack, but I think you missed the point. AFTER is the key word in
both statements. It is no good to promise what will happen AFTER.
> Besides, many things exist, and are used
> without a "killer app" like ... hrm ... let me think, oh, yes, IPv4,
> CLNS, IS-IS ...
IPV4 had at least two killer apps that UUCP didn't have: FTP and
Telnet. The ability to browse what was available and immediately get
it. UUCP could transfer files, but it took like a day, and sometimes it
didn't work; you'd look at the list of files, pick one, get the address
wrong, and a day later, you got an error back. Telnet would let you get
into any number of machines quickly, without dialup, and since dialup
with 300 or 1200 baud, a 56kbs IP line was blindingly fast. Even when
telebit came out with 19kbs modems (which required connection to other
telebit modems), the internet was still preferred. So the stage was
well set for commercialization in 1993.
> > > I don't know what they are but they will be in the category of "things
> > > you can do in a world without NAT", or one might simplify that to
> > > just: "The benefit of IPv6 is that everyone can be their own server".
> > > P2P will go from being a fringe/rare thing, to a common way of doing
> > > things. Not for file sharing, but for everything: IM, phone calls,
> > > and hopefully apps that we can't imagine today.
> >
> > This was one of the pie in the sky promises. While there is address
> > space, your residential ISP won't let you be your own server. You'll
> > still be behind a NAT to IPV4 servers, or a NAT to IPV6 servers. The NAT
> > is to ensure you aren't running a server at home.
>
> Right, and that's _exactly_ my problem. _YOU_ are trying to restrict
> what _I_ might do with _MY_ servers, the bandwidth _I've_ leased, etc.
> Thank you very much Big Brother, but, I'd rather run my servers on my
> own.
Err. no. The ISP has no care what you do. Its a matter of money.
Servers cost money; Companies have money. Residential mom&pop just want
their youtube to work, and pay the least possible. ISPs make that
distinction happen by blocking servers to residential customers.
> I like my direct connects, I like being able to get to my data,
> and use my various compute farms, that I've set up, directly. This, I
> think, is the heart of the problem. You, as an ISP-individual, are used
> to the Paternalistic Controlling of what I do. Well, thank you very
> much, but I'm an adult, and I should be able to get along just fine
> without your foot on my neck.
You know, I am the president of the LPF, which fights software patents;
people who really do have a foot on your neck.
> > > "The benefit of IPv6 is that you can be the server (again.. like in
> > > the 1990s before NAT)"
> >
> > This just isn't true. There isn't space in the routing table for
> > everyone to have their own block like in the early 1990s. Cisco talks
> > about a new router that can handle 2 million routes. Well, that still
> > doesn't give end users their own address block. It was never size of
> > the address space that ARIN/IANA was managing, it was size of the
> > routing table.
>
> Hrm ... Is that a failure of IS-IS I hear you mentioning? Perhaps,
> there should be several more layers? Say 4? Your 4th layer can be the
> backbone, the 3rd layer can be the big pools of population, your 2nd
> layer might be the local neighborhood, with the 1st layer talking to
> each of the companies, or the like. You would need layer 1-2, layer 2-3
> and layer 3-4 machines as well, at each of the borders, but ... it would
> be more robust, now, wouldn't it?
Actually, the layers of which you speak were invented by the ISO, in the
development of the ISO packet protocols including CLNS, and IS-IS,
x.400, x.500 (you might have heard of X.509 certificates).
> Maybe that's the "killer ap" as in IPv6 will be the killer ap that will
> actually get something that doesn't aggregate all the routes all over
> the world, but deals better with ARP requests.
>
> I think you just don't want to change the way you are doing things,
> which is why you are throwing the wet blanket over our IPv6 movement.
> Do you still heat your house with coal?
No, CLNS will change things. It has a variable up to 20 byte address
space, bigger than IPV6. It will change things, too. Just not in the way
that you think---I think mostly because you misunderstand the how
certain issues relate to address space size.
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 256 5494
More information about the bblisa
mailing list