Ironically enough, I waited 24 hrs for the spamhaus block to clear on my ipv6 addr for my main email account, it still hasn't.
Lee Howard <lee@asgard.org> writes:
On 10/4/19 4:55 PM, Dave Taht wrote:
not being able to get a static IPv6 address out of comcast, my hurricane tunnel getting blocked by netflix, the still-huge prefix sub-distribution problem. The idea of dynamic 2 week prefixes in part of the world prone to earthquakes doesn't work for me...
I can think of several programmatic ways to deal with that.
Yeah, in the case of my 10 year + running hurricane tunnel and services running on it, I could have just blackholed netflix's ipv6 addresses. Ask your typical user to do that. In the end I pulled it down and tried to leverage the dynamic ipv6 allocation I get only to give up on that for a variety of reasons. As for the 2 week expiry time - hate it. Anyone that lived through the 1989 quake here and tried to keep a network even sort of running would hate it too. for real use a static ipv6/48 to distribute is needed. Dynamic ipv6 assignments are fine if you are doing trivial stuff but if ipv6 is ever to even start to supplant ipv4 it's got to become more static.
Or you can just buy Comcast's business service, which I think includes one IPv4 address.
I have comcast business service. I still couldn't last I checked, buy a static IPv6 network from them.
that said, we need more running code, still, which only then can get into a deployment, and nobody's funding that.
Do you mean CeroWRT specifically, or code in general?
Well, I was referencing the cerowrt project, which ran for 3 years, fixed about 120 bugs related to ipv6, and helped make openwrt entirely compatible with most ipv6 capable ISPs on the planet. And even with that there were a plethora of problems like too many RA's causing the firewall to reload too often that got fixed in cerowrt but not quite in openwrt, and lots I'm still pretty scarred from that effort. I remember losing hair to so many things. Stuff still dangling - 8 years later - are ipv6 reverse dns and prefix distribution more than one hop into the network. HOMENET's stuff is still too unstable to use and in a couple ways still inadaquate, even in theory.
I was thinking about some Hackathon projects to add IPv6 capability to open source projects. Seems to me the hardest part is making sure there's an adequate test environment.
Hackathons ARE useful tools for getting a short burst of focused work out of people sharing the same space and time, but too many are thinking hackathons alone will solve more detailed design, coding and iteration problems; it's one of those ideas trivializing the costs of "Real Programming(tm)" that really bugs me nowadays. I could share here the detailed project management stuff that went into cerowrt's run (3 years), or the outline of work we did for make-wifi-fast - which we've now been at for over 5 years now - 3+ to get fq_codel to work right on wifi, 2 to rework the API to work for more devices, and a pointer to the latest work which has been going for 3+ months now - and for all that we've only accomplished about 1/10th what we wanted to do, and only on 4 chipsets (most recently intel's ax200 chips) out of the hundreds. Certainly testing is one of the hardest parts, also.
But Mr.Rey's reference about IPv6 deployment rates also makes a good point! Nobody cares about deployment rates. What good does it do, if people don't use it ? This is more realistic : https://www.google.com/intl/en/ipv6/statistics.html During the week, we are below 25%.
(Replying to an item upthread)
APNIC's statistics show that in almost every network that has IPv6, it is almost always used.
I pointed to coffee shops as one counter example. To the lack of DHCPv6-PD on android (and I think, IOS) for tethering as another.
One entertaining thing I've been up to is checking the state of multiple kinds of deployment in the coffee shops of the world with a string of simple tests anyone can do (after we package them up better)
Yeah, we need the GoGo and ATTWifi and such of the world to deploy.
I'm more concerned at the moment that the 5G people aren't planning to do ipv6 right at all, and have no idea what the starlinks of the world, plan.
Since there was demand for more IPv4, perhaps that would also fuel more updates to ipv6, as both require middlebox updates...
As for money to make middleboxes better in *any* way, don't make me laugh. During the cerowrt project we approached everybody making money from the internet and multiple non-profits and got nowhere. I spent my own fortune on it, and got a lot of volunteers onboard, especially in the openwrt universe... and made things better, but I got nothing left.
We need a new kame-like project to jointly handle the cracks in the ipv6 network architecture, standards and code, at the very least.
The costs of "mo ipv4" are trivial in comparison.
Another thought I've had:
One of the reasons small ISPs can't deploy IPv6 is that they don't control the features in the CPE, because they don't buy enough.
I know a couple CPE vendors who would be happy to provide a specific feature set for a guaranteed purchase of a couple thousand units a month. This sounds like a good business to me: if a bunch of small ISPs each contract for a specific number of units, but require RIPE-554, RFC7084, and RFC8085, we could both get the needed features, and get a larger volume discount than they get now.
Yes, the smaller ISPs should join together in a buying club like that. Tried to get that going in NZ once. Failed. tried harder to make the aftermarket do the right thing - the eeros and google wifi's of the world are doing ok, the bottom part of the market just copy/pastes whatever's in openwrt at that moment, slaps a label on it and ships it. So we focused on making the openwrt base as good as possible.
Saving $1 per CPE is better than spending $20 for an IPv4 address for every new user. Please confirm my math. :)
I always thought that ISPs would invest in their CPE far more than they have. Free.fr being a shining example! ISPs get paid for modem rentals and have customer support costs that could be reduced - that should have been a great ongoing funding source and motivation, alone. but I know a few vendors, like evenroute, doing bufferbloat AND ipv6 right, that have totally failed to crack ISP market thus far. and for no reason I can think of, the rental folk don't push out new hardware OR new software to their users - I think charter made an effort to get docsis 3.1 stuff out there and retire all the docsis 2.0 gear in place, but not comcast. Secondly none of those ipv6 standards help when you still really need a real IPv4 address, so yer still out the $20, IF you can buy the /24s you need. And there's more ipv6 RFCs left without running, integrated code, to support them.
3 months ago, I turned DECNET off on my network. It was actually not even an IT/network decision; customer decided they were done with a product, and we de-commissioned the tools with DECNET. Business decision. We run OS/2 Warp, MS-DOS, Windows 95, HPUX, Solaris, Windows 2000, and I probably forget some. Please note the ipv4 extensions stuff won't work with most that "legacy" ipv4 stuff. It can, however, enable new applications and services to exist. Most of the IOT and SDN stacks already do work. Most don't have decent ipv6 support due to resource constraints.
Perversely I kind of like the idea of a portion of the internet immune from legacy windows worms and viruses....
DECNET isn't on the Internet. I don't care if some crusty old boxes in dark corners of data centers whisper IPv4 among themselves. How would I even know?
In 20 years, I will still need IPv4. And it seems possible we can make more.
And I have enough IPv4 on my hands for the foreseeable future. I bought some recently, just in case.
I encourage the WG group to read this : https://www.internetgovernance.org/2019/02/20/report-on-ipv6-get-ready-for-a... And the full text : https://www.internetgovernance.org/wp-content/uploads/IPv6-Migration-Study-f... Serious work, paid by ICANN. We cited that work in our presos on this subject as that was also key on gilmore, paul wouters and myself to start looking hard at what it would take to make ipv4 better in multiple ways. Please look it over!?
The ipv4 unicast extensions project is one outgrowth of that: A string of trivial patches to a couple OSes and routing daemons and we're well on our way to being able to add 420m new addresses to the internet, within a 10 year time horizon.
You just mentioned your un-upgradable "OS/2 Warp, MS-DOS, Windows 95, HPUX, Solaris, Windows 2000," and now you say it's easy to upgrade.
I didn't say it was "easy to upgrade" in the context of this legacy gear, I said it was easy to "add" 420m addresses. 240/4 is almost fully enabled in every OS except windows, for example. Fixed the last bug in it for linux and openwrt last december. Deploying. 0/8 now. Yea, people keep missing on this point. IPv6 is not globally reachable either. To try and clarify: A new IOT device trying to backhaul its data to 240.0.0.1 doesn't need to have a windows OS also trying to get to that same address. Is that clearer? A new application can try to use new IPv4 addresses. backtomymac runs over private ipv6 addrs, doesn't need to be accessible to anything else. Etc. Universal connectivity is dead as a dodo, regardless. On Sat, Oct 5, 2019 at 6:06 AM Lee Howard <lee@asgard.org> wrote:
On 10/4/19 4:55 PM, Dave Taht wrote:
not being able to get a static IPv6 address out of comcast, my hurricane tunnel getting blocked by netflix, the still-huge prefix sub-distribution problem. The idea of dynamic 2 week prefixes in part of the world prone to earthquakes doesn't work for me...
I can think of several programmatic ways to deal with that. Or you can just buy Comcast's business service, which I think includes one IPv4 address.
that said, we need more running code, still, which only then can get into a deployment, and nobody's funding that.
Do you mean CeroWRT specifically, or code in general?
I was thinking about some Hackathon projects to add IPv6 capability to open source projects. Seems to me the hardest part is making sure there's an adequate test environment.
But Mr.Rey's reference about IPv6 deployment rates also makes a good point! Nobody cares about deployment rates. What good does it do, if people don't use it ? This is more realistic : https://www.google.com/intl/en/ipv6/statistics.html During the week, we are below 25%.
(Replying to an item upthread)
APNIC's statistics show that in almost every network that has IPv6, it is almost always used.
One entertaining thing I've been up to is checking the state of multiple kinds of deployment in the coffee shops of the world with a string of simple tests anyone can do (after we package them up better)
Yeah, we need the GoGo and ATTWifi and such of the world to deploy.
Since there was demand for more IPv4, perhaps that would also fuel more updates to ipv6, as both require middlebox updates...
As for money to make middleboxes better in *any* way, don't make me laugh. During the cerowrt project we approached everybody making money from the internet and multiple non-profits and got nowhere. I spent my own fortune on it, and got a lot of volunteers onboard, especially in the openwrt universe... and made things better, but I got nothing left.
We need a new kame-like project to jointly handle the cracks in the ipv6 network architecture, standards and code, at the very least.
The costs of "mo ipv4" are trivial in comparison.
Another thought I've had:
One of the reasons small ISPs can't deploy IPv6 is that they don't control the features in the CPE, because they don't buy enough.
I know a couple CPE vendors who would be happy to provide a specific feature set for a guaranteed purchase of a couple thousand units a month. This sounds like a good business to me: if a bunch of small ISPs each contract for a specific number of units, but require RIPE-554, RFC7084, and RFC8085, we could both get the needed features, and get a larger volume discount than they get now.
Saving $1 per CPE is better than spending $20 for an IPv4 address for every new user. Please confirm my math. :)
3 months ago, I turned DECNET off on my network. It was actually not even an IT/network decision; customer decided they were done with a product, and we de-commissioned the tools with DECNET. Business decision. We run OS/2 Warp, MS-DOS, Windows 95, HPUX, Solaris, Windows 2000, and I probably forget some. Please note the ipv4 extensions stuff won't work with most that "legacy" ipv4 stuff. It can, however, enable new applications and services to exist. Most of the IOT and SDN stacks already do work. Most don't have decent ipv6 support due to resource constraints.
Perversely I kind of like the idea of a portion of the internet immune from legacy windows worms and viruses....
DECNET isn't on the Internet. I don't care if some crusty old boxes in dark corners of data centers whisper IPv4 among themselves. How would I even know?
In 20 years, I will still need IPv4. And it seems possible we can make more.
And I have enough IPv4 on my hands for the foreseeable future. I bought some recently, just in case.
I encourage the WG group to read this : https://www.internetgovernance.org/2019/02/20/report-on-ipv6-get-ready-for-a... And the full text : https://www.internetgovernance.org/wp-content/uploads/IPv6-Migration-Study-f... Serious work, paid by ICANN. We cited that work in our presos on this subject as that was also key on gilmore, paul wouters and myself to start looking hard at what it would take to make ipv4 better in multiple ways. Please look it over!?
The ipv4 unicast extensions project is one outgrowth of that: A string of trivial patches to a couple OSes and routing daemons and we're well on our way to being able to add 420m new addresses to the internet, within a 10 year time horizon.
You just mentioned your un-upgradable "OS/2 Warp, MS-DOS, Windows 95, HPUX, Solaris, Windows 2000," and now you say it's easy to upgrade.
Lee
-- Dave Täht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-205-9740