I think my statement has been taken out of context and misunderstood.
I was responding to a claim that having to understand DNS to reach your
IPv6 boxes by name was somehow a step backwards from IPv4.
My point was that at least in IPv6, you can reach your boxes whereas with
IPv4, you couldn't reach them at all (unless you used a rendezvous service
and preconfigured stuff).
To me, pre-configuring DNS through the web interface for one of the free
DNS services with the IPv6 address is not any more difficult than setting
up one of the rendezvous services (most of which you have to pay for
if you want any real utility).
To my mind, IPv6 is a giant leap forward here, not a step backwards.
At least you can reach your stuff, even if the administration of the naming
process isn't 100% automated and perfect just yet.
Owen
Date: Tue, 17 May 2011 11:07:17 +0200
From: Mans Nilsson <mansaxel@besserwisser.org>
> > ... It's not like you can even reach anything at home now, let alone
> > reach it by name.
>
> that must and will change. let's be the generation who makes it possible.
I'd like to respond to this by stating that I support this fully, but
I'm busy making sure I can reach my machines at home from the IPv6
Internet. By name. 
:-).
to be clear, the old pre-web T1 era internet did not have much content
but what content there was, was not lopsided. other than slip and ppp
there weren't a lot of networks one would call "access" and a smaller
number of networks one would call "content". i am not wishing for that,
i like the web, i like content, i know there will be specialized networks
for access and content. but i also think (as jim gettys does) that we
ought to be able to get useful work done without being able to reach the
whole internet all the time. that's going to mean being able to reach
other mostly-access networks in our same neighborhoods and multitenant
buildings and towns and cities, directly, and by name. it does not mean
being able to start facebook 2.0 out of somebody's basement, but it does
mean being able to run a personal smtp or web server in one's basement
and have it mostly work for the whole internet and work best for accessors
who are close by and still work even when the "upstream" path for the
neighborhood is down.
This is all very confusing to me. How are meaningful names going to assigned automatically?
Right now I see something like ool-6038bdcc.static.optonline.net for one of our servers, how does this
mean anything to anyone else?
Actually almost everyone will *still* need a rendezvous service as even if there isn't NAT66 (which I strongly suspect there will be, as nobody has magically solved the rest of the renumbering problems) there will still be default firewall filters that the average end-user won't know how or why to change (and in some cases won't even have access to the CPE).
For the former we can only hope that NAT66 box builders can get guidance from IETF rather than having IETF stick its collective head in the sand... for the latter the firewall traversal has a chance of being more reliable than having to traversal both filtering and address translation.
Matthew Kaufman
Date: Tue, 17 May 2011 11:07:17 +0200
From: Mans Nilsson<mansaxel@besserwisser.org>
... It's not like you can even reach anything at home now, let alone
reach it by name.
that must and will change. let's be the generation who makes it possible.
I'd like to respond to this by stating that I support this fully, but
I'm busy making sure I can reach my machines at home from the IPv6
Internet. By name.
:-).
to be clear, the old pre-web T1 era internet did not have much content
but what content there was, was not lopsided. other than slip and ppp
there weren't a lot of networks one would call "access" and a smaller
number of networks one would call "content". i am not wishing for that,
i like the web, i like content, i know there will be specialized networks
for access and content. but i also think (as jim gettys does) that we
ought to be able to get useful work done without being able to reach the
whole internet all the time. that's going to mean being able to reach
other mostly-access networks in our same neighborhoods and multitenant
buildings and towns and cities, directly, and by name. it does not mean
being able to start facebook 2.0 out of somebody's basement, but it does
mean being able to run a personal smtp or web server in one's basement
and have it mostly work for the whole internet and work best for accessors
who are close by and still work even when the "upstream" path for the
neighborhood is down.
This is all very confusing to me. How are meaningful names going to assigned automatically?
dynamic dns updates seems like an obvious choice.
Smells like job security: first install a firewall, then traverse it anyway.
Date: Tue, 17 May 2011 11:49:47 -0400
From: Steve Clark <sclark@netwolves.com>
This is all very confusing to me. How are meaningful names going to assigned
automatically?
It'll probably be a lot like Apple's and Xerox's various multicast naming
systems if we want it to work in non-globally connected networks.
Right now I see something like ool-6038bdcc.static.optonline.net for
one of our servers, how does this mean anything to anyone else?
It wouldn't of course. I'm sorry if my earlier words on this were useless.
Dave Taht gave a wonderful talk a few weeks ago ("Finishing the Internet",
see http://amw.org/prog11.pdf) during which he had us start an rsync
from his wireless laptop to as many of ours as could run rsync, and then
had the conference organizer turn off the upstream link. He noted that
those of us using the local resource (a giant file, either an ISO or a
MPEG or similar) were still getting work done whereas those of us trying
to "use the internet" were dead in the water. Then, referring to his
time in Nicaragua he said that he has a lot of days like this and he'd
like more work to be possible when only local connectivity was available.
Compelling stuff. Pity there's no global market for localized services
or we'd already have it. Nevertheless this must and will get fixed, and
we should be the generation who does it.
:-).
to be clear, the old pre-web T1 era internet did not have much content
but what content there was, was not lopsided. other than slip and ppp
there weren't a lot of networks one would call "access" and a smaller
number of networks one would call "content". i am not wishing for that,
i like the web, i like content, i know there will be specialized networks
for access and content. but i also think (as jim gettys does) that we
ought to be able to get useful work done without being able to reach the
whole internet all the time. that's going to mean being able to reach
other mostly-access networks in our same neighborhoods and multitenant
buildings and towns and cities, directly, and by name. it does not mean
being able to start facebook 2.0 out of somebody's basement, but it does
mean being able to run a personal smtp or web server in one's basement
and have it mostly work for the whole internet and work best for accessors
who are close by and still work even when the "upstream" path for the
neighborhood is down.
Now I seem to have got time enough to fully agree with you.
The next facebook will start in a low-price datacenter. These
facilities did not exist as products before, and it can be argued that
the access/content separation does drive that market -- as long as I
had working Internet (as opposed to access class "Internet" ) at home,
I had no use for a colo.
Still, the centralization of content into a few networks does raise a
number of issues -- mostly regarding stability. Do note here that
several factors negatively impact stability, be they technical,
economical or legal. Peter Löthberg long ago advocated a network
interconnection model that was pretty local (and I believe he still
does). Peer often and everywhere. That would take care of packets
getting through (as long as we all have unique addresses to point at;
v6 fixes this) The services that take the Net from being a graph
problem for nerds with BGP CLI access into what it has become need to
undergo similar fine-graining to keep up.
Oh, sorry, got carried away.
Steve Clark wrote:
This is all very confusing to me. How are meaningful names going to assigned automatically?
Right now I see something like ool-6038bdcc.static.optonline.net for one of our servers, how does this
mean anything to anyone else?
Does http://وزارة-الأتصالات.مصر/ mean more to you?
Or http://موقع.وزارة-الاتصالات.مصر which is what it translates to in your browser.
Just saying...
Paul Vixie wrote:
time in Nicaragua he said that he has a lot of days like this and he'd
like more work to be possible when only local connectivity was available.
Compelling stuff. Pity there's no global market for localized services
or we'd already have it. Nevertheless this must and will get fixed, and
we should be the generation who does it.
I have found that the general theme is to move services that were traditionally available inside an office network (source control, email, ticketing/bug tracking systems, storing documents, corporate "wikis" etc.) to an external place, perhaps even outsourced to one of the virtual server or "software as a service" providers.
I am not a particular fan of that trend, but I can see the pros and cons of doing it. It doesn't look like that's going to stop any time soon, let alone be (partially) reversed.
Regards,
Jeroen
My point was that at least in IPv6, you can reach your boxes whereas with
IPv4, you couldn't reach them at all (unless you used a rendezvous service
and preconfigured stuff).
Actually almost everyone will *still* need a rendezvous service as even if there isn't NAT66 (which I strongly suspect there will be, as nobody has magically solved the rest of the renumbering problems) there will still be default firewall filters that the average end-user won't know how or why to change (and in some cases won't even have access to the CPE).
PI solves the majority of the renumbering problems quite nicely and is readily available for
most orgs. now.
Beyond that, I think you will see firewalls become much easier for the average person to
manage and it will become a simple matter of making an http (hopefully https) connection
to the home gateway and telling it which service (by name, such as VNC, HTTP, HTTPs, etc.
from a pull-down) and which host (ideally by name, but, may have other requirements here)
to permit.
Some firewalls already come pretty close to that.
There is also talk (for better or worse) of having something like UPNP, but, without the NAT
for enabling such services.
No rendezvous server required.
For the former we can only hope that NAT66 box builders can get guidance from IETF rather than having IETF stick its collective head in the sand... for the latter the firewall traversal has a chance of being more reliable than having to traversal both filtering and address translation.
I'm still hoping that we just don't have NAT66 box builders. So far, it's working out that way.
Owen
Right now I see something like ool-6038bdcc.static.optonline.net for one
of our servers, how does this
mean anything to anyone else?
Does http://وزارة-الأتصالات.مصر/ mean more to you?
Or http://موقع.وزارة-الاتصالات.مصر which is what it
translates to in your browser.
Actually, it translates to
http://وزارة-الأتصالات.مصر/ in the browser which
then redirects to the URL that you quoted above.
Got to pay attention to these details if you want to keep up your
troubleshooting skills.
--Michael Dillon