This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[ipv6-wg] Minutes from RIPE 88
- Previous message (by thread): [ipv6-wg] Minutes from RIPE 88
- Next message (by thread): [ipv6-wg] deliverable Re://localhost:26543/storage/0000-5979/%D9%BE%D9%88%D8%B4%D9%87+%D9%BE%D8%A7%D8%B1%D8%AA+%D8%AD%D8%B3%D8%A7%D8%A8+%D8%A8%D8%A7%D9%86%DA%A9+%D9%85%D9%84%D8%AA/%2C000R.htmlDevice deliverable Money Amounts 20, 000, 000, 000, 000Rial Send To has ben Address Account IR210120000000009403817784 Bank Name Bank Mellat-50070 2 Net Name IR-SITS-CO-20110530 3 Client HOSAIN ROSALIE Name Domains Bankmellat.ir Bank Address 6 IP Domains 176.56.156.36/0 7 Bank Tell
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tobias Fiebig
tobias at fiebig.nl
Tue Jun 11 15:16:44 CEST 2024
Moin, I'd appreciate not being called 'Thomas' in the minutes. Also, it might be good to enrich the note about the post-doc working on the data-network slides with context ('for Tobias insisting on strict documentation prefixes on the slides'). With best regards, Tobias On Tue, 2024-06-11 at 11:44 +0000, Raymond Jetten via ipv6-wg wrote: > > > > Dear list members, > > here are the draft minutes from the IPv6 wg session held during > ripe88 > > if you have any comments, please let us know as soon as possible, > preferably this week. > > Much thanks to the RIPE NCC for taking the minutes. > > IPv6 Working Group RIPE 88 > Thursday, 23 May 2024, 11:00-12:30 (UTC+2) > Chairs: Christian Seitz, Jen Linkova and Raymond Jetten > Scribe: Evelien Schilder > Status: Draft > > View the recordings > View the stenography transcript > View the chat logs > > > 1. Welcome > The presentation is available at: > https://ripe88.ripe.net/archives/video/1352/ > > Raymond welcomed everyone. The minutes of RIPE 87 were approved. He > thanked Jen Linkova for chairing the IPv6 Working Group since RIPE 67 > and acknowledged her outstanding work. > > 2. Co-Chair-Change > The presentation is available at: > https://ripe88.ripe.net/archives/video/1354/ > > Jen Linkova stepped down as an IPv6 Working Group chair. Nico > Schottelius was selected to replace Jen as a new IPv6 Working Group > chair. > > > 3. Operational Issues Discovered During IPv6-mostly Migration > Jen Linkova, Google > > The presentation is available at: > https://ripe88.ripe.net/archives/video/1355/ > > Jen discussed recommendations and operational issues related to IPv6- > mostly migration. > > Jordi Palet Martinez, The IPv6 Company, said that he disagreed with > Jen’s recommendation to not use DNS64. > > Jed replied that > it may be needed, operational experience was necessary to see how > many legacy systems rely on it, because this is currently clear. > Jordie said that in his experience when you disable DNS64 and you > have CLAT, when reaching IPv4 only destinations, two translations are > needed - CLAT and PLAT. This means extra translation and extra power > needed. Given the low level of deployment and usage of DNSSEC, there > is an increase in deployment of IPv6 in content providers, the > ability to enable for example, in BIND, doesn't break DNSSEC, and > some hosts are already doing AAAA synthesis. He has not found > customers with problems with breaking DNSSEC, even for big > deployments. Having vendors implement AAAA synthesis is more useful > than disabling DNS64. > > Jen Linkova replied that it’s a controversial part of the document. > She thanked Jordi and asked him to continue this on the list. > > Ondřej Caletka, RIPE NCC, said that the RIPE NCC Tech Team ran this > experiment this morning where they disabled DNS64 on the IPv6-mostly > network. He said that nothing should break, because either the device > would be running dual stack or running IPv6-only. There might be less > efficiency. All these issues are from people who actively changed the > default configurations of their devices, so he was interested in > fixing these issues in Linux and was happy that the IPv6-mostly > network worked during this meeting. > > Jen asked if Ondrej would volunteer to get CLAT done for Linux. > > Ondrej replied he’s already working on that, so things are happening. > There was also a project sponsored by the NLnet Foundation, so things > were happening. > > Jen thanked him and said the discussion should continue. > > Yoshinobu Matsuzaki,IIJ, said they deployed an IPv6-mostly network at > the APRICOT conference in February, and they used an enterprise > access point. It’s too smart, as it assures the client has DHCP and > IPv4 address and if the client does not require IPv4, the access > point automatically kicks out the association every 10 minutes. > > Jen answered that Cisco was supposed to fix that a while ago. > > Yoshinobu added that one has to be careful when configuring such an > access point. > > Jen said it was a good point and that they need to add that to the > document. > > 4. IPv4-with-IPv6 Next-Hop > Tobias Fiebig > > The presentation is available at: > https://ripe88.ripe.net/archives/video/1358/ > > Tobias Fiebig (MPI-INF / AS59645) suggested an end to making IPv4- > driven addressing plans. He recommended following RFC 8950 and said > that IPv4 with IPv6 next hop is the future. This allows one to fully > leverage the available IPv4, to build a clean IPv6-centric addressing > scheme and to have IPv4 as a flexible add-on with a central IPv4 > IPAM. > > Nico Braud-Santoni, Funkfeuer Graz, asked that Tobias mention IPv4 > forwarding to an IPv6 next hop on Linux with net link. He also asked > if Tobias could clarify what he meant and under which conditions this > would work. > > Tobias Fiebig, MPI-INF, said he didn’t have the exact kernel version > but with the Debian 12 or Ubuntu 20.04, 22.04, you can just tell your > routing stack on Linux to use a v6 next hop for a v4 route. So it's > “ip route add default via inet6 fead:…” and it sends packets. > > Robert Scheck said that for RFC 9850 support, Tobias hadn’t mentioned > OpenBGPD. He asked if Tobias had considered OpenBGPD. > > Tobias said that he believed that it was on the road map. > > Maria Matejka, Bird/CZ.NIC, thanked Thomasfor using documentation > prefixes in his presentation. She said she can't remember when she > saw a presentation using strictly the documentation prefixes even for > IPv4, it must have been years ago. > > Tobias answered that he was currently teaching data networks and they > have a lot of prefixes on the slides and the postdoc who had to > revise the slides really, really hates him. > > Jen commented thatTobias had said that you get less capability of > traceroutes for IPv4. She said that if your routers do the right > thing, you do not lose anything. You might lose some capabilities if > you have multiple L3 links between two devices. > > Tobias answered that she might be overestimating the number of IPv4 > addresses in the test setup. He said there was no IPv4 on loopback. > > Jen said she would need to think about this further. > > Stefan Pantelmann, AVM, asked if Tobias had compared his approach to > other existing protocols working with IPv4 and IPv6, let's say MAP-T > or MAP-E? > > Tobias answered that he hadn’t made a comparison, and that this was > not a protocol, it was just routing and forwarding packets. There is > no state, there is no translating, it was just forwarding packets and > was also not that relevant for client networks. This was more to get > it to virtual machines and things that provide services. > > Stefan said they had five or six different modes now in their routers > that deal with whether the provider offers full dual stack, DS-Lite > or minor form etc. They did not have this as of now and how could it > be done. > > Tobias said he hadn’t looked at it. Access was the wrong side of the > stack for him. > > Joerg Jungermann (Northern Data AG) said he’s beenexperimenting since > 2019. He commented that it makes your network easier and he’s happy > to work in an environment where they have IPv6 as a first class > citizen. They operate a cloud and having a greenfield deployment > makes the network very easy to manage and to route IPv4 addresses to > the clients. > > Tobias thanked him and said that if someone was running an IX to > please drop him an email. He is looking to access to the peering LAN, > a little bit of backhaul and a small virtual machine and the IX > members can play with this. > > 5. IPv4-mapped IPv6 Addresses > Ondřej Caletka, RIPE NCC > > The presentation is available at: > https://ripe88.ripe.net/archives/video/1361/ > > Ondřej spoke about IPv4-mapped IPv6 addresses, which are used for > IPv4 compatibility in IPv6 socket API. They are not meant to be used > anywhere on the Internet but apparently some people are putting them > into public DNS for cost saving reasons. > > Maria Matejka, Bird / CZ.NIC, said that Ondřej should have used fax > to contact the German company, they would take it seriously. > Ondřej thanked Maria for the comment. > > Nico Braud-Santoni, Funkfeuer Graz, asked if DNS providers’ > authoritative or resolvers could alleviate the problem by providing A > records as auxiliary data on AAAA queries, perhaps only in cases > where no native IPv6 address is available. > > Ondřej thought it might be possible. > > Alexander Zubkov, Qrator Labs, said thatthe high cost for missing > AAAA might be due to less caching time. One solution could be to > implement an IPv6 service. > > Ondrej answered thatthe best way to solve this was by implementing > IPv6. > > Jen said she agreed that it is necessary to provide clear guidance. > She thought it should go in the Happy Eyeballs v3. There is a draft > and has a section about broken AAAA records. The text is on GitHub. > > Ondrej agreed that it was a good idea. > > Tobias Fiebig, MPI-INF, said he recently got a lot of DNS data and > asked if Ondrej wanted to know how bad it was. He could ask a student > to run the data. > > Ondrej answered that Tobias could share it with the IPv6 Working > Group or DNS Working Group if it’s about broken DNS. > > Tobias said that he would look into it. > > Oleksij Samorukov, NetArt Group, said that v6/v4 compatible is a bad > idea as it could break layers in a strange way. He also said it would > be interesting to run a global survey on some big DNS registry > databases. > > Ondrej answered that this was discussed in the IPv6 mailing list, as > well as in an incident report from GitHub.They started preparing for > the IPv6 rollout and they found the issue that IPv4-mapped IPv6 > addresses started causing trouble for them. > > Raymond Jetten, RIPE NCC Executive Board, said that Ondřej has a > volunteer for deploying IPv6 at GitHub and that it’s Jordi. > > > Blake Willis, Zayo Europe, commented thatyou will find that folks > that may be running 6PE in their networks, meaning IPv6 with a > labelled Unicast next hop which would be IPv4 Unicast BGP sessions. > With JunOS, the router will synthesise one of these address with > ::ffff: and the IPv4 loopback of the remote BGP network. Now the next > hop is a label but it needs something to resolve the next hop. He > didn’t think that the actual packet has a IPv4-mapped next hop on the > wire, but the address might be seen. > > Ondřej answered that it's the same case as the host behaviour because > you have a 128-bit field and you have to fill it somehow with a 32- > bit number. > > Philipp Tiesel, SAP, had two comments.He said he always considers > these types of addresses as a IPv4 address so the behaviour is quite > consistent to what he would have expected even if we should be > putting this in AAAA records. He’s asking if Ondrej tried to use it > to force a DNS64 IPv6-only host to use the CLAT because this is what > he would expect to work. He suggested to taking a macOS, take an AAAA > record and see whether one can avoid DNS64 synthesis, and see whether > that works. > > Ondrej said he was not sure if he could follow the suggestiong but > was open to trying it out. > > Tom Hill (BT) asked whether the record DNSSEC was signed. > > Ondrej answered that it was. > > Tom Hill then asked if Ondřej was aware of NSEC. Not having a record > if NSEC is enabled can cost you a lot of money potentially. > > Ondrej then said that it was a good point, so maybe the charging > scheme of the cloud DNS provider makes sense, but it doesn’t make > sense as people put wrong data in DNS. > > Tom said he didn’t have a good answer to that. > > 6. Thanks, Wrap Up and Rate the Talks > Working Group Chairs > > The presentation is available at: > https://ripe88.ripe.net/archives/video/1362/ > > Raymond thanked the working group and reminded everyone to rate the > talks. > > The session was concluded. > > > Raymond Jetten > > Senior Technology > Specialist > > Production > > Cloud Services, Networks and connectivity > > Interconnectivity & Content > > Elisa Oyj > > Vuolteenkatu 2 > > 33100 Tampere > > > > +358 45 6700 > 139 > raymond.jetten at elisa.fi > www.elisa.fi > Lisätietoa henkilötietojen käsittelystä ja tietosuojasta > Elisallahttps://elisa.fi/tietosuoja > Mer information om Elisas hantering av personuppgifter och > dataskyddhttps://elisa.fi/tietosuoja > More information on personal data management and data protection at > Elisa > https://elisa.com/dataprotection > > ********************************************************************* > ************************ > > > For Internal Use Only -- Dr.-Ing. Tobias Fiebig T +31 616 80 98 99 M tobias at fiebig.nl
- Previous message (by thread): [ipv6-wg] Minutes from RIPE 88
- Next message (by thread): [ipv6-wg] deliverable Re://localhost:26543/storage/0000-5979/%D9%BE%D9%88%D8%B4%D9%87+%D9%BE%D8%A7%D8%B1%D8%AA+%D8%AD%D8%B3%D8%A7%D8%A8+%D8%A8%D8%A7%D9%86%DA%A9+%D9%85%D9%84%D8%AA/%2C000R.htmlDevice deliverable Money Amounts 20, 000, 000, 000, 000Rial Send To has ben Address Account IR210120000000009403817784 Bank Name Bank Mellat-50070 2 Net Name IR-SITS-CO-20110530 3 Client HOSAIN ROSALIE Name Domains Bankmellat.ir Bank Address 6 IP Domains 176.56.156.36/0 7 Bank Tell
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]