Minutes IETF100: v6ops

Meeting Minutes IPv6 Operations (v6ops) WG
Title Minutes IETF100: v6ops
State Active
Other versions plain text
Last updated 2017-11-25

Meeting Minutes

IPv6 Operations - IETF 100          Monday 13 November 13:30

Chairs: Lee Howard, Fred Baker, Ron Bonica
Minutes: Barbara Stark
Jabber: Mikael Abrahamsson


Invited talk: IPv6-only deployment at Cisco
   Khalid Jawaid, Cisco Systems
Readout from the Hackathon
   Lee Howard
Using Conditional Router Advertisements for Enterprise Multihoming
Reporting of Happy Eyeballs Failures

IPv6-only deployment at Cisco


Khalid Jawaid, Cisco Systems, presented.

David Schinazi: Does not want to provide switch to disable privacy extensions.
Privacy addresses are useful. If you want to track, why not track on MAC
address. Khalid: When you sign on to a corporate network, you are agreeing to a
corporate policy. David: When you use corporate network you have fewer privacy
rights? Khalid: Yes. Marco Hogewoning: Are you suggesting that people who are
dual stacking should move to v6 only? Khalid: Happy Eyeballs masks problems.
Lorenzo Colitti: It falls on you to prove lower opperational costs to move to
v6 only. Khalid: Yes, that is the justification of v6 only. Running dual stack
costs money. Lorenzo Colitti: Concerned with tracking policies preventing use
of multiple IPv6 addresses. Recommended implementation of IETF RFCs. Can
trackusing 802.1x. Khalid: Will take that back and see if we can change the
design of our network to do that. Daniel Shaw: Doyou hve something online, like
a blg article, that youculd share. Khalid: Will provide a blog. Jen Linkova: 
People cannot remember to enable privacy addresses when they walk out the door,
so we need to put emphasis on solutions that don't disable privacy addresses.
Khalid: OK. David: Regulations do not seem to say how to track, merely that you
need to track. There are various ways to track individual users and devices.
Khalid: I don't know of ll the tools. But they say if it's in the RFC, then it
has to be there. David: Tell them we will not enable [ability to disable
privacy addresses].

Readout from the Hackathon


Lee Howard presented initial slides (up to 13).
Jen Linkova then talked for slides 14-20.

Mikael Abrahamsson: Did you say you got LEDE to do NAT64?
Lee: No
Mikael: Offered assistance in setting up LEDE to do NAT64, so people can do at
home. Lee: Interesting. We did not need LEDE to do this because IETF supplied
NAT64. Lorenzo: Noticed that non-EUI-64 addresses were not supported. David:
Configuration of VPN shouldn't matter. It should not be possible to get VPNs
not to work. Jen: I thought it was possible to make VPN only use IPv4. Mikael:
Offered assistance in setting up LEDE to do NAT64, so people can do at home.
Lee: Interesting. We did not need LEDE to do this because IETF supplied NAT64.
Lorenzo: Noticed that non-EUI-64 addresses were not supported. David:
Configuration of VPN shouldn't matter. It should not be possible to get VPNs
not to work. Jen: I thought it was possible to make VPN use IPv4. David: The
case you are describing is a bug in the OpenVPN code. User configuring it wrong
shouldn't be an option [to test]. Khalid: We tested Skype for business, jabber,
etc., and it worked. Can we have NAT64-certified, like IPv6 certification? Lee:
IETF doesn't certify, but others do. Tim Winters: If vendors want a cert, it
can be offered. There must be interest. Jordi Palet: Tried OpenVPN with TCP and
not just UDP. I have implemented NAT64 in OpenWRT. I will document everything
that is missing in LEDE. Daniel: Did you differentiate between
text/voice/video? Jen: Yes. Lee: I think we tested all functionality on all
transition technologies. Lorenzo: It's not as easy as you say. I've gotten
NAT64 to work on OpenWRT and it's really slow. Unacceptably slow. It's not just
if it works; it's also how well it works. It's not trivial.

Using Conditional Router Advertisements for Enterprise Multihoming


Jen Linkova presented slides

Erik Nordmark: It seems like a useful think.  Was wondering about hysteresis of
link flaps. on't know if easy way to test. Jen: It might be good to delay a
little before changing network topology. But maybe some dampening and not
immediately propagating change. Lorenzo: Have you tested on various
implementations? I think on Android if you deprecate all addresses it will
leave completely so perhaps you should not do that. If you test on various
implementations and tell us what was wrong then we could fix. Jen: Maybe use
ULAs if you really want to keep an address that doesn't go away when uplink
goes away. Mikael: This looks like something homenet could solve.

Reporting of Happy Eyeballs Failures


Jordi Palet presented.

Mikael: What was the rationale for using .1 as the prefix? That is used as 64
relay. Jordi: I was using .1 as a suffix for an IP address. Just a suggestion.
Can define any other address. Lorenzo: I would suggest choosing another
address. And don't use just v6 for reporting. Need to guarantee reporting
works. Maybe use HE for reporting. Most problems we see with v6 are in the last
mile. Jordi: Most problems are at destination and not access network. Fred
Baker: We have different experiences producing opposite results. I think you
need HE. Jordi: Need to report using v6 as well as v4. Fred: OK so you can't
use HE. Fred: Khalid, in your talk you said HE was a problem; can you
elaborate? Khalid: Our view is tha problem is either at the origination or
destination. David: If problem is not on your network, why care? You can't fix
it. Jordi: In testing access network with deployed IPv6, we discovered problem
in transit network. By reporting problems in other networks, we were able to
get them to fix problems. Jordi: Clarified why the doc was submitted twice with
different IDs. It was an error. David: We need to talk more about privacy.
Concerned there was no security section. This is leaking what iPhone user is
connecting to. We need to talk a lot more about privacy. We didn't deploy HE to
make IPv6 better. We did it to incent people to deploy IPv6. This is not to
help people; it's to make your network better. I'd like to help, but not at
expense of security and privacy. Fred: We're identifying a syslog problem.
Syslog should be running over DTLS. David: That's a start. But it's still
reporting everything users connect to. Lorenzo: I'm not going to discuss idea
that if you don't disclose info then it isn't a privacy leak. We won't
implement because it's a huge privacy problem. If you want it to be relevant
and implemented, you need to be concerned with security. Jordi: Maybe this is
not best way, but please provide input on how to improve. Lorenzo: Maybe it can
be improved, but it also may be possible there is no way to improve to fix this
problem. Jen: Provided security scenario. Chris Morrow: Why would I care about
this? If the problem is on my local network and I'm an enterprise provider,
then maybe I care. But if the problem is on a remote network, it's hard to tell
them. Other than researchers saying x% of things are broken, I don't understand
point. Fred:  Not ready to think about adoption at this point.

Fred: We're running early. Will now do another topic not on today's agenda.

IPv6-Only Terminology Definition


Jordi Palet presented slides.

George Michaelson: Diagram shows arbitrary L2 forwarding. Corporations that
have not constrained forwarding capabilities of L2 are ignored. Jordi: I'm
saying whether network has certain capabilities, from perspective of the
operator. Alexandre Petrescu: I see picture of cellular network in your slide.
I know of 2 main cellular IPv6 architectures and neither is IPv6-only. Jordi: I
know many people who say they have an IPv6-only network. Alexandre: Core
network is IPv4 and IPv6. Jordi: If at edge you only have NAT64 then tht is
IPv6-only. Alexandre: No. There is no IPv6-only core cellular network. I will
send comments to list. Lorenzo: The same network can support v4, v6, and
v6-only links. There is definitely a v6-only SSID and other context, so there
may be something good to define. Joel Jaeggli: You probably don't have a case
where clients have v4 but network does not. Alain Durand: Does not see point.
What matters is what clients can do. Jordi: I am saying whether network is
supporting IPv4 natively. Alexandre: I wanted to say that there is a case where
PCP/PPP type is IPv6-only. Jordi: Talking about actual native transport. Marco:
Things work or don't. We don't need this. I don't think this helps. Jordi: We
need terminology when discussing options with providers. David: I'm confused. I
don't know what problem you're trying to solve and think you may be making
things worse. Don't create a term. Jordi: We do not have same understanding of
"IPv6 only" David: Agreed. And this won't help. Use full length descriptions of
what you mean, rather than trying to create a term to avoid using full length
descriptions. Jen: You might create more confusion by trying to define this
term. Lee: Not all networks are Internet networks. I think what I'm hearing
from the conversation: I'm not sure we agree there is a problem to be solved.
Fred:  No consensus to move forward with this.