IPv6 Finally gets off the ground

On Mon, Apr 16, 2007 at 01:59:36PM +1200, Perry Lorier
wrote:
> >When you can plug your computer in, and
automatically (with no
> >clicking) get an IPv6 address, 
> 
> Router Advertisements let you automatically configure
as many IPv6 
> addresses as you feel like.

Remember that in XP, which Iljitsch recently cited to
support his
claim of "years of operating system support," you
must click IPv6
into your configuration.  It probably wants your XP install
disc,
or something like that.

In my point of view, this does not cut the mustard for such
words.


Let's be clear:

"There has been router and operating system support for
years" is
a statement which predicates that the World has no technical
excuse
for not running IPv6 globally edge-to-edge already.

I think such a statement is fundamentally flawed.


> This could be a fairly simple defacto standard if
network operators 
> start using it.  This is an obvious weak link in the
chain at this point 
> tho.

Does this represent "years of router and operating
system support?"

My answer is "no."

> once you have DNS you can use the WPAD proxy auto
discovery thingamabob.

...if you also had your domain suffix (unless you are
suggesting
that there have been WPAD records at the root for
"years"?).

RTADV won't help you here (tho they keep talking about
putting
domain-search and nameservers in it), and neither will
DHCPv6
as it turns out (it carries a domain-search list, but not
"your
domain suffix" which is more what WPAD should really
want).

This is not "years of operating system support."

What has had "years of operating system support,"
is the
unfortunate practice of acquiring option code 252 in
DHCPv4.

> >and solve your dynamic dns problems (as IPv4 set
top boxes do today), 
> 
> Updating your forward/reverse dns via DNS Update
messages isn't that 
> uncommon today.

On Enterprise networks using GSS-TSIG, sure.

On ISP networks, I think the only time end-hosts try to
update
their reverse DNS directly is when they're participating in
a
rather unfortunate, and unintentional, distributed DoS
against
the root servers.

Which, oddly enough, you mention next.

Actual reverse dns updates for end hosts (and not their NAT
gateways) is relatively uncommon, owing to the fact that
such
end hosts generally are on RFC1918 addresses.

> http://www.caida.org/publications/presen
tations/ietf0112/dns.damage.html
> 
> where hosts are trying to update the root zone with
their new names.

I'm confused by what you're trying to argue.  Are you
suggesting
that AS112 represents "years of operating system
support for
IPv6"?

> So you can get from A to D without requiring DHCPv6.

...I hope you see that this is only so long as you require
some
clicking instead.

This is all well and good for those of us who have
sufficient
growth (or equivalent feminine metaphor) on our chins, which
we
enjoy stroking thoughtfully while determining what all
these
"correct configurations" are.

But I don't think "it works for bearded geeks" is
setting the
bar high enough when we use lofty words like "supported
by
routers and operating systems for years."

-- 
David W. Hankins	"If you don't do it right the first
time,
Software Engineer		you'll just have to do it again."
Internet Systems Consortium, Inc.	-- Jack T. Hankins

On 16-apr-2007, at 23:42, David W. Hankins wrote:

>> Router Advertisements let you automatically
configure as many IPv6
>> addresses as you feel like.

> Remember that in XP, which Iljitsch recently cited to
support his
> claim of "years of operating system support,"
you must click IPv6
> into your configuration.  It probably wants your XP
install disc,
> or something like that.

You have to enable IPv6. After that, stateless
autoconfiguration  
takes care of your addresses and default gateway. No support
for DNS  
lookups over IPv6, though, as far as I've been able to
discern.

But there are more operating systems than just Windows.
Basic IPv6  
support has been available in most of them since the early
2000s.

> "There has been router and operating system
support for years" is
> a statement which predicates that the World has no
technical excuse
> for not running IPv6 globally edge-to-edge already.

That's an interesting way of putting it. I would concede
that you  
can't reasonably run IPv6-only today, the DNS situation
being an  
important reason for that.

But if you want to run dual stack, and you're willing to get
rid of  
some old stuff to accomplish that, you should be able to.

I've been running IPv6 for years, literally longer than I
can  
remember. In the beginning. I could only ping6 and
traceroute6 from a  
FreeBSD box. These days, I ssh and ftp over IPv6, read and
send email  
from/to my server over IPv6, I visit IPv6-enabled web pages
and more,  
all with software that came with the system without
specifically  
enabling anything. (On a Mac.)

Some people even run IPv6 without realizing it. This is
common at  
RIPE and IETF meetings and the like, where there is a
conference  
network with one or more IPv6 routers. And the first home
gateway  
that provides IPv6 connectivity out of the box has arrived
in the  
form of the latest Apple Airport Express base station.

> RTADV won't help you here (tho they keep talking about
putting
> domain-search and nameservers in it), and neither will
DHCPv6
> as it turns out (it carries a domain-search list, but
not "your
> domain suffix" which is more what WPAD should
really want).

> This is not "years of operating system
support."

> What has had "years of operating system
support," is the
> unfortunate practice of acquiring option code 252 in
DHCPv4.

Yes, despite the incredible level of IPv6 activity in the
IETF some  
rather fundamental things never got the attention they
needed. It  
reminds me of the situation with ISDN 11 years ago. Dial-up
was  
pretty mature by then, and worked without much trouble.
However,  
connecting to an ISP over ISDN was a nightmare of
incompatible  
framings, hand-installing drivers and the like. However, the
main  
issue was that there wasn't a generally accepted standard
way of  
doing things. Once everyone settled on synchronous PPP and
the  
drivers were tailored for that, it was smooth sailing.

The same thing will happen for IPv6 DNS etc configuration
once people  
realize that running dual stack isn't a long term solution.

On Sun, Apr 15, 2007 at 12:38:42PM +0200, Iljitsch van
Beijnum wrote:
> Sure, but that's because with IPv4, there are only
three flavors:
> 
> - manual configuration
> - PPP
> - DHCP

Although nobody uses them:

- BOOTP
- RARP

The distinction of DHCP, BOOTP, and RARP is important I
think, and
it would be good to remember the reasons for that
progression, the
lessons we learned on the way.

If the progression from SLIP or HDLC to PPP also represents
a progression in your view as it does in mine, then it is
also important to remember.

Both of these two progression trees represent the
cumulative
formulation of knowledge:  Users are stupid.  Automatic is
not
just best, it's the only way.


> The DHCPv6 servers and clients that I tested two years
ago didn't  
> even support address assignment to hosts.

That sounds about right.  The interesting events here have
been
this year or last.


> >What DHCP and PPP did do, was to remove all of
that, and make ISP
> >integration of customer premise something that
could "just happen"
> >without any handholding or bearded geekery.
> 
> Fortunately, the IETF got things right the sixth time
around (?) by  
> adding the stateless autoconfig to IPv6, so these
additional  
> mechanisms aren't necessary.

Forgive me for saying (I do not mean it rudely), that I
think this
one sentence measures best precisely how far you've missed
my point
by.


It is not enough to observe that the end host has been given
an
IP address, a prefix is imagined as part of that, and a
default
gateway.  RARP and ICMP router discovery taught us this.

It is still not enough to, after several years of thinking
this
was enough, throw in domain-search and nameserver
configuration
state.  BOOTP taught us this.


The main point, is that if you leave "all other host
configuration"
details up to, well, the host itself, then in practice what
you're
really doing is leaving it up to the user.  Ultimately, it
is
mandatory that the end-user make a choice in this model, if
not
about everything, then about "some things".

This is intolerable in an ISP environment.

Compare it to the current IPv4 network, and you see that no
choice is mandatory.  You just plug in and go.  You might,
optionally, over-ride any DHCP or PPP delivered knob, but
it is easy to simply return the client to "get
everything
dynamically" and Just Work (tm).


> And exactly how often do people type in the address of
their own  
> system...?

I'm thinking more of the 'gamer' demographic, wherein other
people type in your IP address.


> A problem with the DNS and IPv6 is that unlike IPv4,
you can't pre- 
> populate the DNS so that each host has a valid DNS name
as soon as it  
> receives an address. Manual configuration is
problematic for more  
> than the obvious reasons: host may use temporary IPv6
addresses with  
> random lower bits to avoid exposing their MAC address.
The only  
> reasonable way to solve this is with dynamic DNS
updates.

That's an excellent summary.  Neither has RTADV supported
dyanmic
dns updates for years, nor is it likely to in the future. 
If it
does, I would be surprised if it manages to work properly.


> This would
> be bad except that customers will usually have their
own prefix in
> IPv6 so this should be solvable security-wise.

It may not even involve DDNS, but rather be entirely
internalized
on the customer's home gateway.


I think from everything I have just heard from you, that we
could
both agree:

There have been IPv6 implementations "for years."

There has not been IPv6 support until very recently, this
year
or last depending on how you count.

-- 
David W. Hankins	"If you don't do it right the first
time,
Software Engineer		you'll just have to do it again."
Internet Systems Consortium, Inc.	-- Jack T. Hankins

In a message written on Mon, Apr 16, 2007 at 03:42:53PM
-0700, David W. Hankins wrote:
> Both of these two progression trees represent the
cumulative
> formulation of knowledge:  Users are stupid.  Automatic
is not
> just best, it's the only way.
[snip]
> The main point, is that if you leave "all other
host configuration"
> details up to, well, the host itself, then in practice
what you're
> really doing is leaving it up to the user.  Ultimately,
it is
> mandatory that the end-user make a choice in this
model, if not
> about everything, then about "some things".
> 
> This is intolerable in an ISP environment.

I agree 100% with your points, however I believe you have a
minor
marketing problem that might change how many people receive
your
comments.

It's not that users are stupid, necessarily.  They may be of
course,
but they are also lazy, impatient, and intolerant of things
that
do not work.

As someone who can type "conf t" and use ed to
configure their Unix
box _I_ won't tolerate manually configuring my home laptop
just so
I can surf over to weather.com and find out if it's going to
rain.
While I may do all the testing and work-arounds to make it
work for
my job, I'll turn it off at home until it just works and is
available
via my standard provider.

It's 2007, not 1987.  If I can't take a brand new box out of
the
packing material, plug it into an ethernet port and have it
just
work then something is broken.  The network, the OS, the
protocol,
take your pick, but it's broken and not deployable.

[Note: How wise it is to put a brand new box on the net is a
different
question, the point is it should just work.]

-- 
       Leo Bicknell - bicknellufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bic
knell/
Read TMBG List - tmbg-list-requesttmbg.org, www.tmbg.org