IPv6 WG minutes from ripe 86
Here are the minutes from the RIPE 86 IPv6 wg session, please let us know if you want anything edited, or they will be published in a week on the website. Date: 24 May 2023, 11:00 - 12:30 (UTC+2) Chairs: Benedikt Stockebrand, Jen Linkova, Raymond Jetten Scribe: Tayfun Ozaltin Status: 1. Welcome Jen Linkova, IPv6 WG Co-chair The presentation is available at: https://ripe86.ripe.net/wp-content/uploads/presentations/8-RIPE-86-IPv6-WG.p... Jen Linkova welcomed everyone and introduced the co-chairs. The RIPE 85 minutes were approved. 1. Advanced IPv6 Course Input Request Tayfun Ozaltin, RIPE NCC The presentation is available at: https://ripe86.ripe.net/wp-content/uploads/presentations/105-RIPE-86-Slide-A... Tayfun Ozaltin, RIPE NCC, asked for input on the advanced IPv6 e-learning course that was being developed. There were no questions. 1. Deploying IPv6 and/or CGNAT Rinse Kloek, Delta Fiber / Kindes The presentation is available at: https://ripe86.ripe.net/wp-content/uploads/presentations/67-RPE86-IPv6-deplo... Rinse explained how their company made a transition from IPv4-only to an IPv6 supporting network. He mentioned the challenges they had during the implementation. Yannis Nikolopulos, Cellmobile, asked who the vendor was and what the real story was behind the denial. Rinse answered that Nokia was the vendor and that they did not support MAP-E and MAP-T. After several rounds of discussions, Rinse could not convince them to support these transition techniques. Yannis asked about the details of the deployment scenario. Rinse replied that they were using CGNAT, so the user was getting an internal IP address, a 164 address, and they were planning to assign the customers a v6 prefix as well. Thomas Schäfer, LMU, asked about the number of users who were already using IPv6 in their network. Rinse answered that they currently had about 50 friendly users (test users). Thomas added that it would be better to bypass internal services with IPv6. Rinse agreed and said that IPv6 was the way to go and that they already had a plan for it. Branimir Rajtar, 5x9 Networks, asked if they had implemented IPv6 in the core network as well or if they used 6PE/6VPE. Rinse answered that everything was dual-stack since day one in both the core and access networks. Peter Hessler, Globalways GmbH, said that the community should encourage people to deploy IPv6 whenever they were ready for it. Brian Storey, Gamma Telecom Limited, asked how long it had taken to reach this state and how they envisioned documenting IPv6 for their customers. Rinse answered that they hope by the end of this year 20% of the users will be IPv6 enabled, and next year it may be 80-100%. Peter Head, Gigaclear, asked for more elaboration on why they filtered the DHCPv6 releases. They decided to follow it up offline. 1. Clear Guidance for Implementing IPv6 in Enterprises Wilhelm Boeddinghaus The presentation is available at: https://ripe86.ripe.net/wp-content/uploads/presentations/123-RIPE86-IPv6-Wil... Wilhelm Boeddinghaus emphasized the need for clear guidance on IPv6 deployment phases, challenges, and steps, especially for enterprise IT departments. He asked the question, "Can we as the community provide this clear guidance to the enterprises?" Peter Hessler said that he liked the idea and mentioned that it would be hugely beneficial to a lot of enterprises. Marco Davids, SIDN Labs, asked if Wilhelm agreed with him that the working group should also work on getting IPv6 knowledge into schools and universities so that young students have at least some knowledge. Wilhelm agreed. He emphasized that students in universities were still learning IPv4, and we needed to educate young people about IPv6. An audience speaker said that it was not only enterprises but also ISPs who needed to learn about this. He claimed that even big ISPs do not know how IPv6 works. Wilhelm agreed but also claimed that enterprises had many more problems since their core business was not IT. Urban Suhadolnik, TU Graz, agreed with the previous comments about universities. Wilhelm emphasized once again that universities should involve themselves much more in this. Gert Doering, SpaceNet AG, agreed and thanked Wilhelm for bringing up enterprise problems regarding IPv6 transition into the meeting. He added that he would like to help with the new BCOP for enterprises. He said that it will not be easy to pick up and agree on the right solution, but that it should be tried. Wilhelm agreed and said we should also involve enterprise admins in our group. Benedikt Stockebrand said that since most IT people in academia didn't receive any network training at all, it was still the RIPE community's job to spread the word at a level that people without a proper IT background can handle. Jen contributed to this with another online comment indicating that as the adoption of IPv6 increases among enterprises, universities will offer more. Peter Hessler said that for some ISPs, it was not even an option to provide IPv6 connections to enterprises. An audience speaker thanked Wilhelm for his proposal, mentioning how important it was for enterprises. He also said that he would be open to writing, reviewing, and working on documents of the best resources for newcomers and beginners in IPv6 and TCP/IP. Jen mentioned another online comment. Markus said that his students were unwilling to learn IPv6 since they think nobody used it. Jen said that there were different approaches to this depending on the availability of IPv6 in each part of the world. Finally, Jen asked what the next action should be. Wilhelm said that he would send an email to the mailing list to start working on this with people who can contribute. 1. Implications of IPv6 Addressing on Security Operations Fernando Gont The presentation is available at: https://ripe86.ripe.net/wp-content/uploads/presentations/119-ripe86-fgont-ip... Fernando Gont presented about the challenges of IPv6 security deployment. He also explained how IPv4 and IPv6 differ in terms of security implementations. Rinse Kloek mentioned that he conducted extensive CPE testing. One issue he encountered was that occasionally services were listening on local addresses, and if one copied the v4 test to the v6 test, it was possible to overlook this aspect. Fernando agreed and said testers did not know about ULA addresses. Benedikt Stockebrand suggested that leaving the IPv4 way of thinking would made things much easier. He added that not using dual-stack would simplify the way of working. Peter Hessler noted that a common mistake while translating IPv4 ACLs into IPv6, which was blocking ICMP as it should not be blocked in IPv6. Jen asked why it was important to care about the size of the prefix you block if it was someone else's network. Fernando answered that he experienced this in a meeting with a large content provider where they were just blocking a single IPv6 address instead of the /64. Fernando added that these kinds of things, which were obvious to this group, might not be obvious to the groups that were implementing rules in the networks. Jen added that with IPv4, it was much worse since you might be blocking many innocent users behind CGN just by blocking a single IPv4 address. 1. Conclusion & Thanks Benedikt Stockebrand announced that his term as the WG chair was ending with the next RIPE meeting, and that he did not want to go for another term. He asked the community if anyone was interested. As the last topic of the WG, Ondrej Caletka, RIPE NCC, asked everybody to test the IPv6-only network and try to identify any issues and report them to the vendors. Raymond , Benedikt, Jen. For Internal Use Only
participants (1)
-
Raymond Jetten