[ipv6-wg@ripe.net] 9/9/2006 : ip6.int shutdown?
Hi, As e.f.f.3.ip6.arpa has finally been delegated and works as of today I want to propose the end-day for ip6.int. ip6.int has been deprecated in favor of ip6.arpa for almost 3 years already (RFC3152 dates August 2001) thus it is time to clean up the mess. Vendors have been able to update their stacks for almost 3 years, ip6.arpa has been deployed on production (read RIR) IPv6 space already for quite some time too. Thus now, with 6bone also having a working ip6.arpa tree this seems to be a perfect opportunity to start shutting down ip6.int. At the moment only Cisco IOS and Windows XP don't have ip6.arpa support, but IOS has been addressed (they say) and Windows XP will be fixed with SP2 due out per August. As neither of these are server OS's this doesn't pose much of a problem anyway. People using IPv6 need to keep their systems up-to-date anyways. I propose that RIPE, and actually any other RIR, stops any delegations for ip6.int per 9/9/2006. Which is more than 3 years after the RFC has been released. Greets, Jeroen
Sounds like a good idea to me. Ray
-----Original Message----- From: ipv6-wg-admin@ripe.net [mailto:ipv6-wg-admin@ripe.net] On Behalf Of Jeroen Massar Sent: Tuesday, July 20, 2004 7:54 AM To: ipv6-wg@ripe.net Subject: [ipv6-wg@ripe.net] 9/9/2006 : ip6.int shutdown?
Hi,
As e.f.f.3.ip6.arpa has finally been delegated and works as of today I want to propose the end-day for ip6.int.
ip6.int has been deprecated in favor of ip6.arpa for almost 3 years already (RFC3152 dates August 2001) thus it is time to clean up the mess. Vendors have been able to update their stacks for almost 3 years, ip6.arpa has been deployed on production (read RIR) IPv6 space already for quite some time too. Thus now, with 6bone also having a working ip6.arpa tree this seems to be a perfect opportunity to start shutting down ip6.int.
At the moment only Cisco IOS and Windows XP don't have ip6.arpa support, but IOS has been addressed (they say) and Windows XP will be fixed with SP2 due out per August. As neither of these are server OS's this doesn't pose much of a problem anyway. People using IPv6 need to keep their systems up-to-date anyways.
I propose that RIPE, and actually any other RIR, stops any delegations for ip6.int per 9/9/2006. Which is more than 3 years after the RFC has been released.
Greets, Jeroen
On Tue, Jul 20, 2004 at 01:54:03PM +0200, Jeroen Massar wrote:
I propose that RIPE, and actually any other RIR, stops any delegations for ip6.int per 9/9/2006. Which is more than 3 years after the RFC has been released.
Maybe 6/6/6 as per 3ffe deprecation? tim
On Tue, 2004-07-20 at 14:34, Tim Chown wrote:
On Tue, Jul 20, 2004 at 01:54:03PM +0200, Jeroen Massar wrote:
I propose that RIPE, and actually any other RIR, stops any delegations for ip6.int per 9/9/2006. Which is more than 3 years after the RFC has been released.
Maybe 6/6/6 as per 3ffe deprecation?
I actually made a typo there (and in another one), as I got mixed up with exactly that date. 9/9/2004 would be the better date, which also matches with the '3 years after the RFC' part. The sooner we flush out all the dependencies on ip6.int and clear it out the better. Why? I hear from a corner (there is bound to be someone screaming that), well maintaining both an ip6.arpa and ip6.int tree is not that difficult management wise if you got a good toolset, but it does eat quite a lot of nameserver resources (read: memory) when you have quite a number of prefixes and are reversing a lot of IP's there. As ip6.int can go away as it has been replaced properly, better use those resources for something else. Greets, Jeroen
I will also support the idea of 6/6/6. I believe a shorter time is a little bit dangerous. Some OS could be not updated so often. Not a maker problem, but by the users. The main point should be to avoid problems to users, mainly. I also hear to Jeroen, but I'm not really sure that this actually means (and in 1-2 years from now) so many resources. Instead, we can also move forward faster IF the deployment takes up sooner. Regards, Jordi ----- Original Message ----- From: "Tim Chown" <tjc@ecs.soton.ac.uk> To: "Jeroen Massar" <jeroen@unfix.org> Cc: <ipv6-wg@ripe.net> Sent: Tuesday, July 20, 2004 2:34 PM Subject: Re: [ipv6-wg@ripe.net] 9/9/2006 : ip6.int shutdown?
On Tue, Jul 20, 2004 at 01:54:03PM +0200, Jeroen Massar wrote:
I propose that RIPE, and actually any other RIR, stops any delegations for ip6.int per 9/9/2006. Which is more than 3 years after the RFC has been released.
Maybe 6/6/6 as per 3ffe deprecation?
tim
********************************** Madrid 2003 Global IPv6 Summit Presentations and videos on line at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
The faster we get cleaned up the .ip6.int vs .ip6.arpa in DNS the better it is. If we wait until 2006 or do it late this year doesn't matter, it will cause problems anyway. Let's go for 2004 and get things moving just a little bit faster ... people have known about .ip6.arpa for some times so the support should have been there. On Tue, 20 Jul 2004, JORDI PALET MARTINEZ wrote:
I will also support the idea of 6/6/6.
I believe a shorter time is a little bit dangerous. Some OS could be not updated so often. Not a maker problem, but by the users. The main point should be to avoid problems to users, mainly.
I also hear to Jeroen, but I'm not really sure that this actually means (and in 1-2 years from now) so many resources. Instead, we can also move forward faster IF the deployment takes up sooner.
Regards, Jordi
----- Original Message ----- From: "Tim Chown" <tjc@ecs.soton.ac.uk> To: "Jeroen Massar" <jeroen@unfix.org> Cc: <ipv6-wg@ripe.net> Sent: Tuesday, July 20, 2004 2:34 PM Subject: Re: [ipv6-wg@ripe.net] 9/9/2006 : ip6.int shutdown?
On Tue, Jul 20, 2004 at 01:54:03PM +0200, Jeroen Massar wrote:
I propose that RIPE, and actually any other RIR, stops any delegations for ip6.int per 9/9/2006. Which is more than 3 years after the RFC has been released.
Maybe 6/6/6 as per 3ffe deprecation?
tim
********************************** Madrid 2003 Global IPv6 Summit Presentations and videos on line at: http://www.ipv6-es.com
This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
-- ------------------------------ Roger Jorgensen | rogerj@stud.cs.uit.no | - IPv6 is The Key! http://www.jorgensen.no | roger@jorgensen.no -------------------------------------------------------
On 20-jul-04, at 18:49, Roger Jorgensen wrote:
The faster we get cleaned up the .ip6.int vs .ip6.arpa in DNS the better it is. If we wait until 2006 or do it late this year doesn't matter, it will cause problems anyway.
Let's go for 2004 and get things moving just a little bit faster ... people have known about .ip6.arpa for some times so the support should have been there.
Just curious: why was there a change from ip6.int to ip6.arpa in the first place? And I suggest that those who find it hard to support both just go ahead and drop ip6.int themselves and see what problems this causes rather than push for elimination of ip6.int wholesale. In fact, it would probably be a good idea to keep ip6.int around forever. If nobody uses it, there is no harm in it being there. If people still use it, then removing it causes problems.
On Thu, 2004-07-22 at 09:32, Iljitsch van Beijnum wrote:
On 20-jul-04, at 18:49, Roger Jorgensen wrote:
The faster we get cleaned up the .ip6.int vs .ip6.arpa in DNS the better it is. If we wait until 2006 or do it late this year doesn't matter, it will cause problems anyway.
Let's go for 2004 and get things moving just a little bit faster ... people have known about .ip6.arpa for some times so the support should have been there.
Just curious: why was there a change from ip6.int to ip6.arpa in the first place?
RFC3152: 8<----------- The IAB recommended that the ARPA top level domain (the name is now considered an acronym for "Address and Routing Parameters Area") be used for technical infrastructure sub-domains when possible. It is already in use for IPv4 reverse mapping and has been established as the location for E.164 numbering on the Internet [RFC2916 RFC3026]. ---------->8
And I suggest that those who find it hard to support both just go ahead and drop ip6.int themselves and see what problems this causes rather than push for elimination of ip6.int wholesale. In fact, it would probably be a good idea to keep ip6.int around forever. If nobody uses it, there is no harm in it being there. If people still use it, then removing it causes problems.
The problem here is that you can't identify the software easily which is using the wrong delegation. Also one now needs to support both ip6.int and ip6.arpa trees, which thus consumes double the resources on your nameservers. For people without proper DNS management it also requires double the work. It has been deprecated thus it must go away ;) Three years is long enough for people to wait already. But indeed, if there is concensus or not 9/9/2004 and ip6.int is gone for me. Greets, Jeroen
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2004-07-22, at 09.43, Jeroen Massar wrote:
But indeed, if there is concensus or not 9/9/2004 and ip6.int is gone for me.
I vote for 9/9/2004 and getting rid of it properly. Maintaining two reverse threes will create more problems than it will solve. - - kurtis - -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQP9zq6arNKXTPFCVEQI3kACgg64aymyVhewNR5xZqxBqyf+eeZMAoIgM 8UGVR6tAuhsVPUBZQOJSCxqc =y9eV -----END PGP SIGNATURE-----
[ Cross-post, to get everybody in sync, Other messages in this thread can be found at: http://www.ripe.net/ripe/mail-archives/ipv6-wg/2004/msg00089.html ] On Thu, 2004-07-22 at 09:58, Kurt Erik Lindqvist wrote:
On 2004-07-22, at 09.43, Jeroen Massar wrote:
But indeed, if there is concensus or not 9/9/2004 and ip6.int is gone for me.
I vote for 9/9/2004 and getting rid of it properly. Maintaining two reverse threes will create more problems than it will solve.
Take your pick: http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00... http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00... http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00... Short, quick and easy. If no comments are risen for 16:00 today I'll submit this as an ID. Greets, Jeroen
Hi, http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00... | Short, quick and easy. | If no comments are risen for 16:00 today I'll submit this as an ID. Are you serious ? Not that this document is that lengthy and all, but perhaps a one week review period is somewhat more fair ? I for one do not see the need to kill ip6.int 'per se' in 2004. I would think that the 6bone removal date in 2006 is more realistic. Note that if the majority thinks your 2004 date is a reasonable goal, I will support this also. groet, Pim -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment -----------------------------------------------
On 22-jul-04, at 10:56, Pim van Pelt wrote:
http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int- removal-00.html | Short, quick and easy.
Can't argue with that. :-)
I for one do not see the need to kill ip6.int 'per se' in 2004. I would think that the 6bone removal date in 2006 is more realistic.
I don't see any benefits to removing the ip6.int delegation in the first place. It makes much more sense to do this from the leaves up than from the root down. However, if this is going to happen, doing it this year is way too soon, as current IOS and Windows XP (both in wide use) rely on ip6.int. Newer versions that support ip6.arpa should be available for at least a year prior to removing ip6.int, in my opinion. So that would probably land us somewhere near 6/6/6, although there is of course no relation to the 6bone sunset. I also think expecting this to be published as an RFC by 9/9/4 is highly optimistic. :-)
On Thu, 2004-07-22 at 11:59, Iljitsch van Beijnum wrote:
On 22-jul-04, at 10:56, Pim van Pelt wrote:
http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int- removal-00.html | Short, quick and easy.
Can't argue with that. :-)
I for one do not see the need to kill ip6.int 'per se' in 2004. I would think that the 6bone removal date in 2006 is more realistic.
I don't see any benefits to removing the ip6.int delegation in the first place. It makes much more sense to do this from the leaves up than from the root down.
The leaves already have started falling in many places. Doing this quickly will make sure that everybody knows it can be removed from their systems and will identify the implementations that have not been upgraded yet.
However, if this is going to happen, doing it this year is way too soon, as current IOS and Windows XP (both in wide use) rely on ip6.int.
IOS updates are there, XP will get an update per SP2, which you can download already. For both, if you are using IPv6 you want to use new software (Debian unstable/testing ;) anyways. Thus upgrading is not an issue.
Newer versions that support ip6.arpa should be available for at least a year prior to removing ip6.int, in my opinion. So that would probably land us somewhere near 6/6/6, although there is of course no relation to the 6bone sunset.
It doesn't break any connectivity. Only reverse lookups using ip6.int will break. As neither IOS nor XP is a server OS this is not an issue. Traceroutes will not resolve and that is it. The major usage for reverse is IRC anyways and do you know somebody running an IRCD on IOS or XP? FTP/Mailservers/etc are servers and should run on Windows 2003 Server and not on XP "Pro" or even "Home". Windows 2003 Server already does ip6.arpa. IMHO this is thus a complete non-issue and the fault of the vendors who where both aware of this for three years already. Btw XP SP2 RC2 is available and works, guess what I am running ;) Waiting on vendors because they don't update their implementation is useless especially for this. They had their chance for 3 years already and they claim to be IPv6 compliant.
I also think expecting this to be published as an RFC by 9/9/4 is highly optimistic. :-)
Indeed, but that is something political not technical ;) Greets, Jeroen
On 22-jul-04, at 12:18, Jeroen Massar wrote:
I don't see any benefits to removing the ip6.int delegation in the first place. It makes much more sense to do this from the leaves up than from the root down.
The leaves already have started falling in many places. Doing this quickly will make sure that everybody knows it can be removed from their systems and will identify the implementations that have not been upgraded yet.
I still don't see any reason to remove the delegation, and especially any reason to do it sooner rather than later. It's there, it isn't in the way, just leave it. We have better things to do than babysit IRC users who can't connect because their reverse mapping doesn't work anymore.
However, if this is going to happen, doing it this year is way too soon, as current IOS and Windows XP (both in wide use) rely on ip6.int.
IOS updates are there
In all trains that support IPv6 or just some?
if you are using IPv6 you want to use new software (Debian unstable/testing ;) anyways. Thus upgrading is not an issue.
Wait until you get a real job with real users that get you fired for real when you screw up their service. I have customers who run IPv6 images on their production routers, upgrading IS a big deal there.
FTP/Mailservers/etc are servers and should run on Windows 2003 Server and not on XP "Pro" or even "Home".
So now the IETF is in the business of telling people what OS they can use for what purpose??
Waiting on vendors because they don't update their implementation is useless especially for this. They had their chance for 3 years already and they claim to be IPv6 compliant.
Waiting for 3 years and THEN do it moments before they're ready is useless. Either it should have been done immediately as there was no production stuff running IPv6 back then (AFAIK), or just take it slowly, there is no rush. Now is not the time.
On Thu, 2004-07-22 at 12:30, Iljitsch van Beijnum wrote:
On 22-jul-04, at 12:18, Jeroen Massar wrote:
I don't see any benefits to removing the ip6.int delegation in the first place. It makes much more sense to do this from the leaves up than from the root down.
The leaves already have started falling in many places. Doing this quickly will make sure that everybody knows it can be removed from their systems and will identify the implementations that have not been upgraded yet.
I still don't see any reason to remove the delegation, and especially any reason to do it sooner rather than later. It's there, it isn't in the way, just leave it. We have better things to do than babysit IRC users who can't connect because their reverse mapping doesn't work anymore.
To flush out all the faulty implementations that could have been updated already in the last three years. IRC users don't care about this. All the IRCd's of at least the bigger networks have already been upgraded at least 2 years ago. FYI irc.song.fi only uses ip6.arpa while several others first try ip6.arpa and then fallback to ip6.int. The reason they had to have a fallback mechanism is because of the ip6.int still being used by 6bone and there was, for those users, no alternative, there is now thus let's get rid of it.
However, if this is going to happen, doing it this year is way too soon, as current IOS and Windows XP (both in wide use) rely on ip6.int.
IOS updates are there
In all trains that support IPv6 or just some?
Some, but then again not every train supports IPv6 that well either ;) Apparently it is very hard to do s/ip6.int/ip6.arpa/g for even a company like Cisco... Then again, how hard does your 'production router' depend on the existence of ip6.int. It is no server and your logs will now show the IPv6 addresses. Is this a problem? IMHO absolutely not. Complain to your vendor that they are late.
if you are using IPv6 you want to use new software (Debian unstable/testing ;) anyways. Thus upgrading is not an issue.
Wait until you get a real job with real users that get you fired for real when you screw up their service. I have customers who run IPv6 images on their production routers, upgrading IS a big deal there.
See http://www.sixxs.net/forum/?msg=general-83948 these 'real customers' like the idea very well, they might not be paying for the service but they do like that it works and believe me they do complain when it does not even though they get it for free. Fortunately the problems are minimal and don't happen that much and we already announced to pull the plug on ip6.int some time ago when this event (e.f.f.3.arpa going live) would occur. Also there is something called 'maintenance' that goes very well when upgrading machines, of course after you tested them in your non-production testbed.
FTP/Mailservers/etc are servers and should run on Windows 2003 Server and not on XP "Pro" or even "Home".
So now the IETF is in the business of telling people what OS they can use for what purpose??
That is what Microsoft demands from them, read their EULA's. XP's IIS for instance is capped at 10 concurrent threads etc. There is a reason why they call it 'home' and 'server', just like you have MAC OS X Server and Redhat Enterprise. You get what you pay for.
Waiting on vendors because they don't update their implementation is useless especially for this. They had their chance for 3 years already and they claim to be IPv6 compliant.
Waiting for 3 years and THEN do it moments before they're ready is useless. Either it should have been done immediately as there was no production stuff running IPv6 back then (AFAIK), or just take it slowly, there is no rush. Now is not the time.
All the production 'stuff' is running in RIR space and RIR space has had ip6.arpa since the beginning of ip6.arpa. Thus that is a non issue. Greets, Jeroen
On Thu, Jul 22, 2004 at 10:10:19AM +0200, Jeroen Massar wrote:
[ Cross-post, to get everybody in sync, Other messages in this thread can be found at: http://www.ripe.net/ripe/mail-archives/ipv6-wg/2004/msg00089.html ]
On Thu, 2004-07-22 at 09:58, Kurt Erik Lindqvist wrote:
On 2004-07-22, at 09.43, Jeroen Massar wrote:
But indeed, if there is concensus or not 9/9/2004 and ip6.int is gone for me.
I vote for 9/9/2004 and getting rid of it properly. Maintaining two reverse threes will create more problems than it will solve.
What, specifically, is the hurry?
Take your pick:
http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00... http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00... http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00...
Short, quick and easy. If no comments are risen for 16:00 today I'll submit this as an ID.
Comments: e.f.f.3.ip6.arpa was documented in RFC3681 published in February 2004 and actioned in July 2004. I'm assuming the actioning of e.f.f.3.ip6.arpa is the trigger for this I-D; if so, why do you want to wait so little time (2 months) between e.f.f.3.ip6.arpa becoming available and requiring people to have updated resolver libraries? Personally I'd be more in favour of a 6 month timeout - i.e around last December or so. Anand -- `` All actions take place in time by the interweaving of the forces of Nature; but the man lost in selfish delusion thinks that he himself is the actor.'' Lord Krishna to Arjuna in _The Bhagavad Gita_
On Thu, 2004-07-22 at 10:57, Anand Kumria wrote:
On Thu, Jul 22, 2004 at 10:10:19AM +0200, Jeroen Massar wrote:
[ Cross-post, to get everybody in sync, Other messages in this thread can be found at: http://www.ripe.net/ripe/mail-archives/ipv6-wg/2004/msg00089.html ]
On Thu, 2004-07-22 at 09:58, Kurt Erik Lindqvist wrote:
On 2004-07-22, at 09.43, Jeroen Massar wrote:
But indeed, if there is concensus or not 9/9/2004 and ip6.int is gone for me.
I vote for 9/9/2004 and getting rid of it properly. Maintaining two reverse threes will create more problems than it will solve.
What, specifically, is the hurry?
That this has been overdue for three years already and that even though the deprecation was marked in August 2001 some vendors still not have done the change. And as it is a s/ip6.int/ip6.arpa/g which is very easy, if vendors did not do that yet they are way overdue and you got to wonder how much their interest is in keeping software upto date. Basically we (at least me) have been waiting for the 6bone to get the delegation so that we could remove the 2 trees and only keep one: ip6.arpa. This was decided by the IAB thus we should live up to it. If we do not remove ip6.int then still implementations using it will not show up. They have had 3 years already to update...
Take your pick:
http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00... http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00... http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00...
Short, quick and easy. If no comments are risen for 16:00 today I'll submit this as an ID.
Comments: e.f.f.3.ip6.arpa was documented in RFC3681 published in February 2004 and actioned in July 2004.
Added, but note that this was all long overdue and there where a number of other solutions that would have worked already 2 years ago if there had not been any of the political arguments holding back this technical issue. Note also that 6bone will end per 6/6/6 and that it is a TESTbed. The TESTbed is delaying and thus hurting the production networks in this case.
I'm assuming the actioning of e.f.f.3.ip6.arpa is the trigger for this I-D; if so, why do you want to wait so little time (2 months) between e.f.f.3.ip6.arpa becoming available and requiring people to have updated resolver libraries?
People should have updated their resolvers in the last *3 years*. If you have not done that already then you are not maintaining your machines properly and there is a big chance that you have bigger problems than a IPv6 reverse DNS that doesn't work anymore because ip6.int is gone.
Personally I'd be more in favour of a 6 month timeout - i.e around last December or so.
Of course the date is up to discussion, but IMHO: ASAP and at least before the end of the year, the sooner the better. Note that Cisco's IOS updates will be done before that date and Windows XP2 will come out in August (they say) thus everybody using IPv6 has time enough to upgrade. All "free unix flavors" already support it Also users agree: http://www.sixxs.net/forum/?msg=general-83948 Note the begin date of that thread, we where really waiting for 6bone just as being nice to the people still using it. On Thu, 2004-07-22 at 10:57, Rob Blokzijl wrote:
If no comments are risen for 16:00 today I'll submit this as an ID.
two minor points. In the abstract and the introduction you write:
RFC 3152 delegates IP6.ARPA for reverse IPv6 delegations. For RIRs (RIPE,ARIN,APNIC,LACNIC and soon AFNIC)
Replace RIPE --> RIPE NCC
That I did that wrong is a major oops, I should by know the difference by now.
Replace AFNIC --> AFRINIC
(AFNIC is the .fr registry :-) )
Also adjusted and added some xref's in the XML. Old version is now draft-massar-v6ops-ip6int-removal-00.a new version carries the draft-massar-v6ops-ip6int-removal-00 name. Greets, Jeroen
whjile i applaud each and everyone who has expunged all ip6.int from their lives, the fact of the matter is that IETF fiat or no, there exist -many- systems that can only use reverse maps in the ip6.int tree. it will be maintained as long as there are queries for it. for those of you for whom ip6.int is a distant memory, pleae understand and respect the fact that you can not, despite public posturing, force others to change their systems. to practically remove ip6.int incures real cost in both time and cash. in the US there is a term for what the IETF is trying to do w/ ip6.int. Its called an unfunded mandate. Unless or until the good folk in the IETF who are calling for the removal of ip6.int are ready to put up the cash to effect real change, I wish they would stop.
On Thu, 2004-07-22 at 09:58, Kurt Erik Lindqvist wrote:
On 2004-07-22, at 09.43, Jeroen Massar wrote:
But indeed, if there is concensus or not 9/9/2004 and ip6.int is gone for me.
I vote for 9/9/2004 and getting rid of it properly. Maintaining two reverse threes will create more problems than it will solve.
What, specifically, is the hurry?
That this has been overdue for three years already and that even though the deprecation was marked in August 2001 some vendors still not have done the change. And as it is a s/ip6.int/ip6.arpa/g which is very easy, if vendors did not do that yet they are way overdue and you got to wonder how much their interest is in keeping software upto date.
Basically we (at least me) have been waiting for the 6bone to get the delegation so that we could remove the 2 trees and only keep one: ip6.arpa. This was decided by the IAB thus we should live up to it.
If we do not remove ip6.int then still implementations using it will not show up. They have had 3 years already to update...
Take your pick:
http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00... http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00... http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00...
Short, quick and easy. If no comments are risen for 16:00 today I'll submit this as an ID.
Comments: e.f.f.3.ip6.arpa was documented in RFC3681 published in February 2004 and actioned in July 2004.
Added, but note that this was all long overdue and there where a number of other solutions that would have worked already 2 years ago if there had not been any of the political arguments holding back this technical issue. Note also that 6bone will end per 6/6/6 and that it is a TESTbed. The TESTbed is delaying and thus hurting the production networks in this case.
I'm assuming the actioning of e.f.f.3.ip6.arpa is the trigger for this I-D; if so, why do you want to wait so little time (2 months) between e.f.f.3.ip6.arpa becoming available and requiring people to have updated resolver libraries?
People should have updated their resolvers in the last *3 years*. If you have not done that already then you are not maintaining your machines properly and there is a big chance that you have bigger problems than a IPv6 reverse DNS that doesn't work anymore because ip6.int is gone.
Personally I'd be more in favour of a 6 month timeout - i.e around last December or so.
Of course the date is up to discussion, but IMHO: ASAP and at least before the end of the year, the sooner the better.
Note that Cisco's IOS updates will be done before that date and Windows XP2 will come out in August (they say) thus everybody using IPv6 has time enough to upgrade. All "free unix flavors" already support it
Also users agree: http://www.sixxs.net/forum/?msg=general-83948 Note the begin date of that thread, we where really waiting for 6bone just as being nice to the people still using it.
On Thu, 2004-07-22 at 10:57, Rob Blokzijl wrote:
If no comments are risen for 16:00 today I'll submit this as an ID.
two minor points. In the abstract and the introduction you write:
RFC 3152 delegates IP6.ARPA for reverse IPv6 delegations. For RIRs (RIPE,ARIN,APNIC,LACNIC and soon AFNIC)
Replace RIPE --> RIPE NCC
That I did that wrong is a major oops, I should by know the difference by now.
Replace AFNIC --> AFRINIC
(AFNIC is the .fr registry :-) )
Also adjusted and added some xref's in the XML.
Old version is now draft-massar-v6ops-ip6int-removal-00.a new version carries the draft-massar-v6ops-ip6int-removal-00 name.
Greets, Jeroen
* sig-ipv6: APNIC SIG on IPv6 technology and policy issues * _______________________________________________ sig-ipv6 mailing list sig-ipv6@lists.apnic.net http://mailman.apnic.net/mailman/listinfo/sig-ipv6
(FWIW, I think this is a bit off-topic for v6ops..) On Sun, 25 Jul 2004 bmanning@vacation.karoshi.com wrote:
it will be maintained as long as there are queries for it. for those of you for whom ip6.int is a distant memory, pleae understand and respect the fact that you can not, despite public posturing, force others to change their systems. to practically remove ip6.int incures real cost in both time and cash. in the US there is a term for what the IETF is trying to do w/ ip6.int. Its called an unfunded mandate. Unless or until the good folk in the IETF who are calling for the removal of ip6.int are ready to put up the cash to effect real change, I wish they would stop.
Let's put this in another way.. Are you paying for us (or a number of other bodies) for continuing to support ip6.int? Was its use granted to you in perpetuity? (I guess you're paying at least for ARIN or similar body, but whether one can read this in the contract is another topic.) Unless or until the folks who want to have a free lunch are ready to put up the cash to continue maintaining old service just for them, I wish they would stop. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Jeroen, On Thu, 22 Jul 2004, Jeroen Massar wrote:
http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00... http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00... http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00...
Short, quick and easy.
yes, indeed :-)
If no comments are risen for 16:00 today I'll submit this as an ID.
two minor points. In the abstract and the introduction you write: RFC 3152 delegates IP6.ARPA for reverse IPv6 delegations. For RIRs (RIPE,ARIN,APNIC,LACNIC and soon AFNIC) Replace RIPE --> RIPE NCC Replace AFNIC --> AFRINIC (AFNIC is the .fr registry :-) )
Greets, Jeroen
Otherwise YES! Groet, Rob
Jeroen, all, Jeroen Massar wrote:
[ Cross-post, to get everybody in sync, Other messages in this thread can be found at: http://www.ripe.net/ripe/mail-archives/ipv6-wg/2004/msg00089.html ]
On Thu, 2004-07-22 at 09:58, Kurt Erik Lindqvist wrote:
On 2004-07-22, at 09.43, Jeroen Massar wrote:
But indeed, if there is concensus or not 9/9/2004 and ip6.int is gone for me.
I vote for 9/9/2004 and getting rid of it properly. Maintaining two reverse threes will create more problems than it will solve.
Take your pick:
http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00... http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00... http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-ip6int-removal-00...
Short, quick and easy. If no comments are risen for 16:00 today I'll submit this as an ID.
We were discussing possible ways of ip6.int phaseout with other RIRs, and one approach was presented at the last RIPE meeting in May (http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-reverse-i...). It is a bit less radical than yours. Description of the plan is attached.
Greets, Jeroen
Regards, Andrei -- Andrei Robachevsky RIPE NCC IP6.INT Phaseout Plan To deprecate usage of IP6.INT tree for reverse DNS and enable smooth transition to IP6.ARPA a process with 3 milestones is proposed: Milestone 1. Stop creating new and modifying existing delegations in IP6.INT tree. Starting from January 1, 2005 new delegations SHOULD NOT be created and existing resource records will be modified. This applies to the IP6.INT zone itself as well as to all child zones down the tree. Creation of new delegations in IP6.INT zone for 6bone address space was effectively stopped on January 1, 2004 as no new pseudo TLA's can be allocated according to the 6bone phaseout plan [RFC3701]. For the address space allocated to the RIRs by IANA it means that new allocations will not be reflected in the IP6.INT zone. These measures will inevitably degrade the quality of delegations in IP6.INT tree, gradually increasing pressure for developers and administrators to migrate to use of IP6.ARPA as the only reverse delegation tree. Milestone 2. Remove all existing delegations from the IP6.INT tree. Starting from June 6, 2006, all delegations will be deleted from the IP6.INT zone and its child zones down the tree. This will effectively obsolete IP6.INT reverse delegation tree. Milestone 3. Remove IP6 delegation from the "INT" gTLD. Recommend to the IETF to direct IANA to remove the delegation of the obsolete "IP6" child zone from the "INT" gTLD. Since Milestone 2 effectively obsoletes IP6.INT zone this can be done at the same time, on June 6, 2006.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrei,
IP6.INT Phaseout Plan
To deprecate usage of IP6.INT tree for reverse DNS and enable smooth transition to IP6.ARPA a process with 3 milestones is proposed:
Milestone 1. Stop creating new and modifying existing delegations in IP6.INT tree.
Starting from January 1, 2005 new delegations SHOULD NOT be created and existing resource records will be modified. This applies to the IP6.INT zone itself as well as to all child zones down the tree.
I can see that removing the ip6.int delegation by 9/9/2004 would be considered agressive. But continuing to populating something that has been deprecated for another 6 months after there is an alternative doesn't make sense to me. I would assume this date to be ASAP.
Milestone 2. Remove all existing delegations from the IP6.INT tree.
Starting from June 6, 2006, all delegations will be deleted from the IP6.INT zone and its child zones down the tree. This will effectively obsolete IP6.INT reverse delegation tree.
Milestone 3. Remove IP6 delegation from the "INT" gTLD.
Recommend to the IETF to direct IANA to remove the delegation of the obsolete "IP6" child zone from the "INT" gTLD. Since Milestone 2 effectively obsoletes IP6.INT zone this can be done at the same time, on June 6, 2006.
While 9/9/2004 might be optimistic, just as Iljitsch points out, we will not have a RFC by then, June 6th 2006 seems to far away for me. End of the year or mid 2005 by the latest seems more realistic. - - kurtis - -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQP+YWqarNKXTPFCVEQJkqgCgounFuCktIjrjdhL8Gts0RFLQEaoAn2a6 hyzq7sTzmdbDxyEJYf81JZlV =pUeg -----END PGP SIGNATURE-----
On Thu, Jul 22, 2004 at 12:35:02PM +0200, Kurt Erik Lindqvist wrote:
While 9/9/2004 might be optimistic, just as Iljitsch points out, we will not have a RFC by then, June 6th 2006 seems to far away for me. End of the year or mid 2005 by the latest seems more realistic.
Agreed. The period of coexistence of both trees should be kept as short as possible to avoid confusion and fostering lazyness. Half a year is more than enough to get delegations in ip6.arpa done. Regards, Daniel
Am Do, den 22.07.2004 schrieb Daniel Roesen um 12:59:
On Thu, Jul 22, 2004 at 12:35:02PM +0200, Kurt Erik Lindqvist wrote:
While 9/9/2004 might be optimistic, just as Iljitsch points out, we will not have a RFC by then, June 6th 2006 seems to far away for me. End of the year or mid 2005 by the latest seems more realistic.
Agreed. The period of coexistence of both trees should be kept as short as possible to avoid confusion and fostering lazyness. Half a year is more than enough to get delegations in ip6.arpa done.
I think the problem is not populating the new tree, but the resolvers that try to query a reverse address. E.g. standard Fedora Core 1 (which is not so old) still tries to query in ip6.int. It will take some time to get rid of the "ancient" operating systems and as long as they exist, ip6.int. might be necessary. Christian
Hi, On Thu, Jul 22, 2004 at 01:12:02PM +0200, Christian Schild wrote:
I think the problem is not populating the new tree, but the resolvers that try to query a reverse address. E.g. standard Fedora Core 1 (which is not so old) still tries to query in ip6.int.
It will take some time to get rid of the "ancient" operating systems and as long as they exist, ip6.int. might be necessary.
Let's break these as quickly as possible. So that people will *notice* that their crappy libraries need fixing. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 65398 (60210) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299
On 22-jul-04, at 16:12, Gert Doering wrote:
It will take some time to get rid of the "ancient" operating systems and as long as they exist, ip6.int. might be necessary.
Let's break these as quickly as possible. So that people will *notice* that their crappy libraries need fixing.
Ok, but only if we give all the root servers an IPv6 address and allow them to go over the 512 byte limit for udp responses too. If we're going to break things, let's break something people will notice.
Am Do, den 22.07.2004 schrieb Gert Doering um 16:12:
Hi,
On Thu, Jul 22, 2004 at 01:12:02PM +0200, Christian Schild wrote:
I think the problem is not populating the new tree, but the resolvers that try to query a reverse address. E.g. standard Fedora Core 1 (which is not so old) still tries to query in ip6.int.
It will take some time to get rid of the "ancient" operating systems and as long as they exist, ip6.int. might be necessary.
Let's break these as quickly as possible. So that people will *notice* that their crappy libraries need fixing.
Ok, then we have the choice if _we_ have to spend money for maintaining two trees or if we want to force "them" to spend money for upgrading their systems :-) And yes, I saw the bitstring.arpa/nibble.int magic right away two days ago on a FC1 system of one of my colleagues and told him he has to upgrade to fix it. He answered "when he has time to fiddle about this". And again yes, querying bitstrings.arpa/nibble.int is an old problem and is fixed in all modern versions of OSes. Christian -- JOIN - IPv6 reference center Christian Schild A WWU project Westfaelische Wilhelms-Universitaet Muenster http://www.join.uni-muenster.de Zentrum fuer Informationsverarbeitung Team: join@uni-muenster.de Roentgenstrasse 9-13 Priv: schild@uni-muenster.de D-48149 Muenster / Germany GPG-/PGP-Key-ID: 6EBFA081 Fon: +49 251 83 31638, fax: +49 251 83 31653
On Thu, Jul 22, 2004 at 01:12:02PM +0200, Christian Schild wrote:
Am Do, den 22.07.2004 schrieb Daniel Roesen um 12:59:
On Thu, Jul 22, 2004 at 12:35:02PM +0200, Kurt Erik Lindqvist wrote:
While 9/9/2004 might be optimistic, just as Iljitsch points out, we will not have a RFC by then, June 6th 2006 seems to far away for me. End of the year or mid 2005 by the latest seems more realistic.
Agreed. The period of coexistence of both trees should be kept as short as possible to avoid confusion and fostering lazyness. Half a year is more than enough to get delegations in ip6.arpa done.
I think the problem is not populating the new tree, but the resolvers that try to query a reverse address. E.g. standard Fedora Core 1 (which is not so old) still tries to query in ip6.int.
So file an complain to Red Hat and get it fixed. (it is already in Rawhide, see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=101261) BTW, current glibc for FC1 does bitstring.arpa and nibble.int queries. Current rawhide glibc should do both nibble-style.
It will take some time to get rid of the "ancient" operating systems and as long as they exist, ip6.int. might be necessary.
So what. Those OSses had how many years to get it right? If one wants working v6 reverse, use working software. Regards, Daniel
On Thu, Jul 22, 2004 at 04:20:17PM +0200, Daniel Roesen wrote:
So file an complain to Red Hat and get it fixed.
(it is already in Rawhide, see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=101261)
BTW, current glibc for FC1 does bitstring.arpa and nibble.int queries. Current rawhide glibc should do both nibble-style.
Better reference: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=111059#c2 So if you want proper IPv6 reverse resolution on FC1, upgrade glibc to current rawhide version or wait for the next glibc update for FC1. But this is all implementation details, so off-topic here. Regards, Daniel
On Thu, 2004-07-22 at 12:11, Andrei Robachevsky wrote:
Jeroen, all, <SNIP>
We were discussing possible ways of ip6.int phaseout with other RIRs, and one approach was presented at the last RIPE meeting in May (http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-reverse-i...). It is a bit less radical than yours.
I noticed the presentation, but couldn't find the minutes as I wasn't there myself. And due to technical reasons on my behalf I couldn't check the webcast nor from the archive.
Description of the plan is attached.
Timing it out slowly seems a good idea but in an off-list discussion with some people the following example by Daniel Roesen, why a direct cut-off would be the best to do: 8<----------------- CustA gets 2001:db8:1000::/48 CustA installs reverse for 2001:db8:1000::/48 in the ip6.int tree CustA changes ISP and gets another /48 CustB gets 2001:db8:1000::/48 CustB installs reverse for 2001:db8:1000::/48 in the ip6.arpa tree Thus the ip6.int tree still points to the NS's from CustA. As CustA didn't remove those entries from their nameserver now the following happens: CustC didn't upgrade their resolvers CustC thus notices in it's logs that the reverses for 2001:db8:1000::/48 are from CustA CustD did upgrade their resolvers CustD thus notices in it's logs that the reverses for 2001:db8:1000::/48 are from CustB ----------------->8 Thus depending if you upgraded or not you will be getting different results, which could have effects on the It is thus better to have *NO* IP6.INT zone as then the reverses will revert back to IPv6 numbers which is consistent with the IP6.ARPA tree. Should this example be included in the draft or do we want to keep it short? Greets, Jeroen
On 22-jul-04, at 9:58, Kurt Erik Lindqvist wrote:
But indeed, if there is concensus or not 9/9/2004 and ip6.int is gone for me.
I vote for 9/9/2004 and getting rid of it properly. Maintaining two reverse threes will create more problems than it will solve.
Blame the IAB. Apparently, they were the ones who created this mess by frivolously adopting ip6.arpa as a replacement for ip6.int. It staggers the mind that otherwise smart people can make decisions like this. In Dutch we have a saying "those who burn their buttocks must sit on the blisters" (= if you do something stupid you have to suffer the consequences).
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2004-07-22, at 10.55, Iljitsch van Beijnum wrote:
On 22-jul-04, at 9:58, Kurt Erik Lindqvist wrote:
But indeed, if there is concensus or not 9/9/2004 and ip6.int is gone for me.
I vote for 9/9/2004 and getting rid of it properly. Maintaining two reverse threes will create more problems than it will solve.
Blame the IAB. Apparently, they were the ones who created this mess by frivolously adopting ip6.arpa as a replacement for ip6.int. It staggers the mind that otherwise smart people can make decisions like this.
In Dutch we have a saying "those who burn their buttocks must sit on the blisters" (= if you do something stupid you have to suffer the consequences).
"Two wrongs doesn't make a right". :-) I don't know why we ended up in .int to start with. But I guess there is a story behind that, that someone will tell me real soon now(tm). :-) Still, there is no merit to have two trees and we have known this change would come for a long time. And now that even IANA seems to be "IPv6 capable" we should just move on. - - kurtis - -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQP+BuqarNKXTPFCVEQIj4QCgpJ7w2srZtSiHQSerQFXjYVvwfxEAoOeE nZDDKnW8kc/sr/O8xBzzFYD/ =lePP -----END PGP SIGNATURE-----
Hi, On Thu, Jul 22, 2004 at 09:32:56AM +0200, Iljitsch van Beijnum wrote:
Just curious: why was there a change from ip6.int to ip6.arpa in the first place?
Politics that no sane minds will be able to understand.
And I suggest that those who find it hard to support both just go ahead and drop ip6.int themselves and see what problems this causes rather than push for elimination of ip6.int wholesale. In fact, it would probably be a good idea to keep ip6.int around forever. If nobody uses it, there is no harm in it being there. If people still use it, then removing it causes problems.
Maintaining both trees does cause quite some administrative overhead (depending on the name server software and zone file format you use, you cannot just point both zones to the same file. Even if you can, the whole thing falls apart if you want to delegate a /48 to your customer, and the customer has only ip6.arpa, but not ip6.int -> lame delegation, or distinct zone files further up the tree). Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 65398 (60210) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299
On 22-jul-04, at 11:46, Gert Doering wrote:
In fact, it would probably be a good idea to keep ip6.int around forever. If nobody uses it, there is no harm in it being there. If people still use it, then removing it causes problems.
Maintaining both trees does cause quite some administrative overhead (depending on the name server software and zone file format you use, you cannot just point both zones to the same file.
Then you probably also use an OS that doesn't support file system links? :-) The way I understand it, it's even possible to use the dname mechanism to fix all of this, so this argument isn't all that convincing. But even if:
Even if you can, the whole thing falls apart if you want to delegate a /48 to your customer, and the customer has only ip6.arpa, but not ip6.int -> lame delegation, or distinct zone files further up the tree).
I'm not arguing EVERYONE should continue to support ip6.int forever, just that the delegations to those who still do should remain in place. If you feel you shouldn't support ip6.int in your network, by all means, remove it.
Hi, On Thu, Jul 22, 2004 at 12:04:44PM +0200, Iljitsch van Beijnum wrote:
In fact, it would probably be a good idea to keep ip6.int around forever. If nobody uses it, there is no harm in it being there. If people still use it, then removing it causes problems.
Maintaining both trees does cause quite some administrative overhead (depending on the name server software and zone file format you use, you cannot just point both zones to the same file.
Then you probably also use an OS that doesn't support file system links? :-)
There is no difference between symlinks / hard links and pointing both zones to the same file from inside BIND. The difference *is* that the content will not necessarily be identical - think "delegation to customers that provide only ip6.arpa, not ip6.int". If you do the delegation from a common file for both zones, you're creating lame delegations, which is a much worse problem than just dropping ip6.int globally. [..]
Even if you can, the whole thing falls apart if you want to delegate a /48 to your customer, and the customer has only ip6.arpa, but not ip6.int -> lame delegation, or distinct zone files further up the tree).
I'm not arguing EVERYONE should continue to support ip6.int forever, just that the delegations to those who still do should remain in place. If you feel you shouldn't support ip6.int in your network, by all means, remove it.
We will. OTOH, maintaining ip6.int at the RIR registries is costing some amount of money. Of which we have to pay our share, and there is no sense in it. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 65398 (60210) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299
participants (17)
-
Anand Kumria -
Andrei Robachevsky -
bmanning@vacation.karoshi.com -
Christian Schild -
Christian Schild (JOIN Project Team)
-
Daniel Roesen -
Gert Doering -
Iljitsch van Beijnum -
Jeroen Massar -
JORDI PALET MARTINEZ -
Kurt Erik Lindqvist -
Pekka Savola -
Pim van Pelt -
Ray Plzak -
Rob Blokzijl -
Roger Jorgensen -
Tim Chown