An Internet IPv6 Transition Plan

Folks -

    There's quite a few IPv6 transition technologies, each with its
    own camp of supporters based on particular world view of the
    hardest & easiest system elements to change. One of the
    challenges this poses is that it's very easy to get caught up
    in the various transition approaches and miss the high-level
    view of what needs to be accomplished.

    In an effort to communicate one possible transition plan in a
    technology agnostic manner, I've written an Internet draft
    which highlights the expectations that organizations could
    face over the next few years:

    http://www.ietf.org/internet-drafts/draft-jcurran-v6transitionplan-00.txt

    I'd be interested in hearing any and all feedback from the
    NANOG community on this draft; feel free to send such
    privately if you'd prefer a degree of anonymity, or have
    the urge to use language inappropriate in public...

Thanks!
/John

wilbur: we need to fly though the air!
orville: easy, let's make a machine, and we can call it an "airplane"
wilbur: that's cute, but HOW WILL IT WORK?

In the references section, you'll find a number of RFC's and ID's
which propose answers on "how will this work" for particular sites
(such as enterprise, campus, etc). The reality is that the world is
far more diverse than a few RFC's can depict, and further that we
don't have a lot of folks with real world experience (yet) who can
provide feedback on the viability of these plans. Rumor has it
that this will change over time...

/John

http://rip.psg.com/~randy/070722.v6-op-reality.pdf

John,

Thank you for writing this down, this will help start the discussion.

One of the things that is missing IMHO is that there is no clear vision
of what the IPv6 Internet will/should looks like. Let me focus on the
residential
broadband for a minute, I'm fully aware there are other cases, but let's
start somewhere.

1) What is the IPv6 'service'?
   For example, is it reasonable to define a 'basic' level
   service as web+mail and an 'extended' service as everything else?
   Random ideas include for example offering a lower cost
   'basic' service with v6 that would be 'proxied' to the rest
   of the v4 Internet....

2) What is the connectivity model in IPv6 for the residential customer?
   1 address versus prefix delegation?
   what prefix size?
   is this prefix 'stable' or 'variable' over time? (ie renumbering is
expected)
   (note: the answer to this question has huge implications)
   What types of devices are connected? PCs or appliances or sensors?
   What is the management model in the home?
   (how much all of this has to be controlable by the user vs made
automatic?)
   Are there 'servers' (ie things that answers connections from the
outside) in the home?
   Is there any kind of DNS delegation happening to the home?

3) What is the security model of all this?
   I just listened today half mistified to a presentation at IETF
   that was saying that the 'recommended' deployment model in the home
   is to put a NAT-like stateful firewall in the home gateway...
   This would mean that IPv6 would have to inherit all the NAT-traversal
   technologies from IPv4 to work... Is this really what we want?

4) What about the 'legacy' devices that cannot upgrade to IPv6?
   What kind of service is expected for those? Does defining an
   80% type solution as in 1) take care of them?

IMHO, until there is a better understanding of the answers to those
questions (and many more I'm sure) to describe what the brave
new world of IPv6 looks like, it will be difficult to define
any Internet scale transition plan...

My $.02

  - Alain.

Alain -

  Present residential broadband Internet service is "provide the
  customer with access to/from any public-facing IPv4-based
  resource"

  Around 2011 (date for discussion purpose only) residential
  broadband Internet service is "provide the customer with
  access to/from any public-facing IPv6-based Internet resource"

  The specific "vision" of how to provide such service is left to
  the provider. The Internet/IAB/IETF/ICANN/ISOC/... history
  does not proscribe such items as prefix size, static versus
  dynamic addressing, management models, minimal security,
  or much else for that matter... It's entirely left to the service
  provider.

  There's certainly suggestions, both direct (such as filtering
  for end-site devices) and indirect (embedding a /48 endsite
  assumption into the addressing scheme), but at the end of
  the day its up to the service provider to make their own
  design tradeoffs and let the market decide if they're right.

  This overall transition plan simply states that you might want
  to provide customers with access to sites which are served by
  IPv6-only sometime around 1 Jan 2011. The will be particularly
  useful to ISP's who may (for lack of any choice) be using IPv6-
  only to provide "Internet" service, and would prefer to be making
  faithful representations that sites connected in this manner are
  reachable by everyone out there.

  This isn't a very hard concept. ISP's will not have access to
  the previously deep pool of IPv4 address blocks that have
  allowed their ongoing growth in the past. Continuation of
  the ISP industry is predicated on enabling IPv6 for public-facing
  sites over the next few years.

/John

actually, for some of us there is the thought that before
  the "basic" service of web+email can work at all, one needs
  to have a couple of other infrastructure pieces in play,
  namely DNS and NTP... Oh, and the routing to knit these
  services together.

--bill

Sure, this is very important... but I was talking about the "user
experience".

  - Alain.

From: John Curran [mailto:jcurran@istaff.org]
Sent: Tuesday, July 24, 2007 7:20 AM
To: Durand, Alain
Cc: nanog
Subject: RE: An Internet IPv6 Transition Plan

Alain -

  Present residential broadband Internet service is "provide the
  customer with access to/from any public-facing IPv4-based
  resource"

  Around 2011 (date for discussion purpose only) residential
  broadband Internet service is "provide the customer with
  access to/from any public-facing IPv6-based Internet resource"

  The specific "vision" of how to provide such service is left to
  the provider. The Internet/IAB/IETF/ICANN/ISOC/... history
  does not proscribe such items as prefix size, static versus
  dynamic addressing, management models, minimal security,
  or much else for that matter... It's entirely left to the service
  provider.

Yes, this this correct. However, there is a fairly 'common' expectation
today about what the 'user experience' is.

Sure, YMMV, but very often the v4 story is a direct PC connected behind
a
modem or a v4 NAT box + all the NAT traversal baggage + a bunch of
device
in the home that may have different 'upgrade path' to v6...

So, even though this is not written by any I*, this is where we are
starting
from. Now my question is: where do we land? Simply saying:

"provide the customer with
access to/from any public-facing IPv6-based Internet resource"

is not sufficient, IMHO, to describe a transition plan effectively.

   - Alain.

good point. there are "levels" of basic services.
  i suspect that the network operations folks would want
  to have working viable v6 (naming, timestamps, audit,
  measurement) running -before- turning up production
  "basic" service for the "user experience".

  assuming that is the case, what things to these assembled
  operators think are critical for operational stability
  in bringing online a new address family?

  Randy had a non-exaustive list at the last IEPG. To memory:
    MIB, AAAA, DNS, NTP, SYSLOG, DHCP, RADIUS,
    CALEA, etc.

--bill

One of the things that is missing IMHO is that there is no clear vision
of what the IPv6 Internet will/should looks like. Let me focus on the

'look like'... there are mostly ipv4 paths from each ipv4 endpoint to each
other ipv4 endpoint (keeping ourselves to the 'global internet' here). I
think it makes sense that the 'ipv6 internet' will look very similar (v6
connectivity from endpoint to endpoint).

Now, the tricky parts are the mean time where some ipv4-only host (due to
it's network infrastructure not being upgraded to dual-stack capabilities)
needs to access some 'important' ipv6-only content. Or the reverse
situation as well...

(yes, there are firewalls and things that block some end-to-end
connectivity those are mostly not important for the 'looks like'
discussion)

residential
broadband for a minute, I'm fully aware there are other cases, but let's
start somewhere.

1) What is the IPv6 'service'?

I think that in the near term 'all' dsl/cable/dial folks will have to
offer dual-stack environments. There is little hope of gateways being
successful in larger deployments. (imho)

2) What is the connectivity model in IPv6 for the residential customer?
   1 address versus prefix delegation?
   what prefix size?

I had thought it was 1 prefix, I had thought it was a /64 or a /56 someone
keeps moving the classful boundaries but pick one. Maybe it'd be
helpful to be able to subnet that, we ought to think about that too I
suppose.

   is this prefix 'stable' or 'variable' over time? (ie renumbering is
expected)

renumbering is 'free' in ipv6 right? why not stick to your 7 day leases?
Surely you'll want to keep the ability to move netspace around as capacity
issues arise?

   What types of devices are connected? PCs or appliances or sensors?

what types exist today? pc's, appliances, sensors... I suspect phones as
well.

   What is the management model in the home?

call grandson? I am probably missing your question here...

   Are there 'servers' (ie things that answers connections from the
outside) in the home?

my personal opinion is 'yes'... there are a number of things today that do
this sort of function, in the IETF v6ops meeting slingbox was mentioned as
a specific example.

3) What is the security model of all this?
   I just listened today half mistified to a presentation at IETF
   that was saying that the 'recommended' deployment model in the home
   is to put a NAT-like stateful firewall in the home gateway...
   This would mean that IPv6 would have to inherit all the NAT-traversal
   technologies from IPv4 to work... Is this really what we want?

I think that NAT is coming, regardless of anyone's want to avoid it,
we'll have to plan for that. I think that if we get the chance to start
over, let's do it 'right' or 'righter' or 'more correctly/securely' if at
all possible, eh? Less direct pc->internet more
pc->firewally-thingy->internet. (imho)

4) What about the 'legacy' devices that cannot upgrade to IPv6?
   What kind of service is expected for those? Does defining an
   80% type solution as in 1) take care of them?

won't they have ipv4 'forever'? at some point the traffic will flip (more
v6 than v4) but for the near term v4 seemingly will dominate and thus
remain strong.

-Chris

1) What is the IPv6 'service'?
   For example, is it reasonable to define a 'basic' level
   service as web+mail and an 'extended' service as everything else?
   Random ideas include for example offering a lower cost
   'basic' service with v6 that would be 'proxied' to the rest
   of the v4 Internet....

I would say that IPv6 service is the ability to send packets to and receive packets from other systems also using the IPv6 service by being connected to the global IPv6 cloud.

This means that if there is filtering, this must be under the control of the user.

Interconnection with IPv4 is a separate problem, and I'm certainly in favor of proxying to achieve that for users who don't need to run more complex protocols over IPv4:

http://www.ietf.org/internet-drafts/draft-van-beijnum-v6ops-connect-method-00.txt

Hopefully, this will make it possible to start removing IPv4 from select parts of the network:

http://arstechnica.com/news.ars/post/20070704-the-declaration-of-ipv6-independence.html

2) What is the connectivity model in IPv6 for the residential customer?
   1 address versus prefix delegation?

Prefix of course.

   what prefix size?

/48 is a nice round number, but even /64 will do the job for residential users.

   is this prefix 'stable' or 'variable' over time? (ie renumbering is
expected)
   (note: the answer to this question has huge implications)

As a residential ISP, you have to build the network, so you tell us. As long as the prefixes don't change too often and everything is done carefully, user impact is negligible.

   What types of devices are connected? PCs or appliances or sensors?

Nobody knows, and why should you care?

   What is the management model in the home?

Mostly: N/A.

   Are there 'servers' (ie things that answers connections from the
outside) in the home?

Of course.

   Is there any kind of DNS delegation happening to the home?

You can't just give every address a name like with IPv4 and you don't really know what addresses customers are going to use. Solution: dynamic DNS. Problem: the authentication. Solution: set up a zone per customer that can be modified with DDNS from the addresses given out to the customer. Bonus: web interface for removing old crap.

3) What is the security model of all this?

Javascript is enabled, so: broken.

   I just listened today half mistified to a presentation at IETF
   that was saying that the 'recommended' deployment model in the home
   is to put a NAT-like stateful firewall in the home gateway...
   This would mean that IPv6 would have to inherit all the NAT-traversal
   technologies from IPv4 to work... Is this really what we want?

No, but how do we avoid it? Vendors need to build good stuff and let the customer make their own decisions in the end, when security stuff gets in the way it WILL be disabled or worked around.

4) What about the 'legacy' devices that cannot upgrade to IPv6?
   What kind of service is expected for those? Does defining an
   80% type solution as in 1) take care of them?

Start charging more for IPv4 / less for IPv6, smart users will have a garage sale and buy new stuff, conservative ones do nothing and pay you the extra couple of bucks until 2023.