<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<div class="moz-cite-prefix">On 12/1/18 1:16 AM, Andrew Alston
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:B3B7941E-33A5-480A-B590-E0CC7F64257F@liquidtelecom.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:984630243;
mso-list-type:hybrid;
mso-list-template-ids:-1250552784 1785000636 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-number-format:alpha-lower;
mso-level-text:"%1\.\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style>
<div class="WordSection1">
<p class="MsoNormal">You know,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
...<br>
<blockquote type="cite"
cite="mid:B3B7941E-33A5-480A-B590-E0CC7F64257F@liquidtelecom.com">
<div class="WordSection1">
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Now let me talk about IPv6 – something I
happen to know a fair bit about – particularly in terms of ISP
deployments. Let us be completely honest, IPv6 is necessary –
and we all have to get there – it’s not an option – v4 simply
doesn’t scale to global needs. But – instead of these
meaningless platitudes about how everyone should go to IPv6 –
how about we start openly and honestly talking about the
challenges with IPv6 and how we address them – so that we can
promote its deployment through proper understanding – and
instead of everyone going “lets all move to ipv6” – let’s
start finding solutions to some of the things that STOP people
moving to IPv6.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<ol style="margin-top:0cm" start="1" type="a">
<li class="MsoListParagraph"
style="margin-left:0cm;mso-list:l0 level1 lfo1">Lack of
legacy support in a fair ton of hardware – how do we deal
with it</li>
</ol>
</div>
</blockquote>
<p>"Legacy support" or "IPv6 support"? I've never seen an
internet-capable device that wasn't capable of IP. I've seen very
few that were IPv6-only.<br>
</p>
<p>I haven't encountered a router, switch, load balancer, or
firewall made in the last ten years that wasn't capable of basic
IPv6 functions in hardware. Some of the oldest required upgrades
to line cards or controller cards, but those were available by
2012. And many devices even older than 2008 had good IPv6 support.</p>
<p>Some advanced features haven't been available for long (like some
of the MPLS issues you note below), so they may not be implemented
widely or well. That's just new technology, and it's significantly
helped by the network effect, as more people work with it.<br>
</p>
<blockquote type="cite"
cite="mid:B3B7941E-33A5-480A-B590-E0CC7F64257F@liquidtelecom.com">
<div class="WordSection1">
<ol style="margin-top:0cm" start="1" type="a">
<li class="MsoListParagraph"
style="margin-left:0cm;mso-list:l0 level1 lfo1"><o:p></o:p><br>
</li>
<li class="MsoListParagraph"
style="margin-left:0cm;mso-list:l0 level1 lfo1">Vastly
inconsistent support for transition mechanisms and
chronically bad support for most of these transition
mechanisms in CPE’s</li>
</ol>
</div>
</blockquote>
<p>*Huge* problem. <br>
</p>
<p>Partly due to consumers being unaware of IPv6, so it's not part
of their buying decision. If something doesn't make consumer buy
boxes, vendors don't do it.</p>
<p>Also partly due to ISPs buying cheap boxes and not paying
anything for support, so they can't get upgrades. <br>
</p>
<p>Also partly due to foreign ISPs dumping volumes of used CPE,
which get resold at deep discounts. <br>
</p>
<p>Something that has worked for some companies is an "ISP
Certified" sticker. CPE vendors could apply to an ISP, and pay the
costs of testing. If the tests complied with the ISP's
requirements, which might include MAP, lw4o6, or 464xlat support,
the vendor was allowed to put a sticker on their box saying, "This
device certified for use with $ISP." <br>
</p>
<p>Something else that works is for the ISP to provide CPE, and
include the cost in the monthly fee. Then the ISP may choose only
to buy CPE that meets its requirements. <br>
</p>
<p>It might be possible for a group of ISPs with common requirements
to form a buying pool, where they had a single requirements
document they could send to several vendors, and agree to buy all
CPE from the vendor with the best bid. That way, 20 ISPs who would
normally buy 5,000 devices per year get the buying influence of
one buying 100,000 per year. I don't know if there are laws
against collusion that might interfere, but I would imagine that
ISPs that don't compete wouldn't have that problem.</p>
<p>This problem is also helped by the network effect, as more ISPs
deploy IPv6 and realize most transition mechanisms require CPE
support.<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:B3B7941E-33A5-480A-B590-E0CC7F64257F@liquidtelecom.com">
<div class="WordSection1">
<ol style="margin-top:0cm" start="1" type="a">
<li class="MsoListParagraph"
style="margin-left:0cm;mso-list:l0 level1 lfo1"><o:p></o:p><br>
</li>
<li class="MsoListParagraph"
style="margin-left:0cm;mso-list:l0 level1 lfo1">The complete
*<b>mess</b>* that MPLS support as concerns IPv6 (to this
day you cannot do vpnv6 without a v4 underlay, martini is
entirely bound to LDP and LDPv6 support is near
non-existent, and I’ve yet to see Kompella working entirely
without v4 in some form either)</li>
</ol>
</div>
</blockquote>
<p>You know this better than I do. 6PE works, from what I
understand, but it's exactly as you describe, with IPv4
underlaying IPv6. It will be a couple of years before good support
for native IPv6 MPLS emerges. <br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:B3B7941E-33A5-480A-B590-E0CC7F64257F@liquidtelecom.com">
<div class="WordSection1">
<ol style="margin-top:0cm" start="1" type="a">
<li class="MsoListParagraph"
style="margin-left:0cm;mso-list:l0 level1 lfo1"><o:p></o:p><br>
</li>
<li class="MsoListParagraph"
style="margin-left:0cm;mso-list:l0 level1 lfo1">The security
challenges around IPv6 and the bad implementations that
create issues here – issues which over the years we have
learnt to deal with in IPv4 – Happy to expound on these off
list – and no – they have nothing to do with NAT or the lack
thereof – because NAT as a security mechanism was the
biggest lie ever sold to an industry.</li>
</ol>
</div>
</blockquote>
<p>Well, bad implementations are bad, and I don't know what to do
about that.</p>
<p>The only inherent security risks I know of that are specific to
IPv6 are link-local, where a host might send RAs or NAs, but there
are several known mitigations for those risks. Someone recently
argued to me that a router that only populated its neighbor table
based on DHCPv6 responses would be inherently more secure than an
IPv4 network.<br>
</p>
<p>Security best practices are still best practices.<br>
</p>
<blockquote type="cite"
cite="mid:B3B7941E-33A5-480A-B590-E0CC7F64257F@liquidtelecom.com">
<div class="WordSection1">
<ol style="margin-top:0cm" start="1" type="a">
<li class="MsoListParagraph"
style="margin-left:0cm;mso-list:l0 level1 lfo1"><o:p></o:p><br>
</li>
</ol>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">For years I have been an IPv6 advocate –
and I still am – and I’ve actively deployed and run IPv6 in
production supplying it to the end user, with multiple
percentage point changes in country IPv6 penetration
statistics as a result, but I am fast realizing that if we
want IPv6 to grow and thrive – it’s time we started being a
little more open and honest about the challenges and problems
with it – instead of sprouting off that everyone should just
move to it. Let’s acknowledge that IPv6 is critical, we have
no option, but it is also deeply flawed, has major problems,
and until start dealing with those – we will see deployment
continue to stutter</p>
</div>
</blockquote>
<p>I'd be delighted to participate in such a discussion, as I have
here. RPD probably isn't the right venue for the discussion. Is
there a better list (AfriIPv6-Discuss)? Should we have a round
table discussion at AIS? How can we identify and make progress on
resolving issues with IPv6?</p>
<p>It does seem to me that if everyone would take a couple of hours
to write an address plan and get IPv6 addresses from Afrinic, and
take the time to route them on their network and announce them,
then we'd have a lot of organizations starting from a baseline of
experience. I don't know of any issues with those steps. Then as
people deployed IPv6 in their data centers, to enable web sites,
provisioning and OSS systems, they might have common experiences
to discuss. <br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:B3B7941E-33A5-480A-B590-E0CC7F64257F@liquidtelecom.com">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Andrew<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<p><br>
</p>
<p>Lee</p>
<br>
</body>
</html>