[arin-ppml] Portable address space vs. IPv6 auto-numbering

Hi Ted,

In "Re: [arin-ppml] IPv6 in the Economist" you wrote in part:

> It also changes with the advent of IPv6 because the hosts don't
> need to be numbered with network-specific info.

Just because there is an automated approach for hosts to set their
own IP addresses and even to do this for a new network prefix while
running from the old does not mean that all substantial end-user
networks could easily move from one ISP to another, by renumbering
from one PA prefix to another.  In many cases, there are too many
places where raw IP addresses are written into config files and ACLs
for the administrators to reliably find these and securely, reliably
and automatically change them.  DNS zone files are an obvious instance.

Also, I read somewhere that IPv6 auto-numbering isn't acceptable to
all networks due to security concerns.  Automation can lead to
increased robustness, security and simplification of management -
but it can also lead to the opposite.

The only way these problems can be handled is with portable address
space - PI space as currently managed by BGP (driving the routing
scaling problem) or some new kind of PI space such as provided by
map-encap schemes which does not excessively burden the BGP system.

Even if portability wasn't really required by most or all end-user
networks, IPv6 still doesn't provide the multihoming they need for
PA prefixes.  SHIM6 relies on the correspondent host having SHIM6
and does not provide router-centric, network-centralised,
multihoming management, since it works at the level of hosts.  Every
Internet-facing host in the network would need to do SHIM6 and be
robustly and securely coordinated.

There was some debate about this on the IRTF Routing Research Group
recently:

 Consensus? End-user networks need their own portable address space
 http://psg.com/lists/rrg/2008/msg01310.html

The RRG is attempting to find and recommend (by 2008-03) a new
routing and addressing architecture for the Internet so that many
(millions or potentially billions) of end-user networks can get
multihomed address space, suitable for traffic engineering in a way
which makes it relatively easy for them to change ISPs.  This needs
to be achieved in a scalable way - most likely by creating a new
form of address space management and associated routing (actually
tunneling) mechanisms so millions of end-user networks get the kind
of space they need, without each such network advertising one or
more prefixes in the global BGP system.

RRG home page, wiki and archives:

http://www.irtf.org/charter?gtype=rg&group=rrg
http://www3.tools.ietf.org/group/irtf/trac/wiki/RoutingResearchGroup
http://psg.com/lists/rrg/2008/maillist.html

The five map-encap proposals all provide portable address space in a
scalable fashion, for both IPv4 and IPv6: LISP-NERD, LISP-ALT, APT,
Ivip and TRRP.  (See the wiki for links to these.)

Quite a few folks argued against portable address space.  But I
think their objections are primarily based on the way portability
causes scaling problems in today's system.  I think they are highly
sceptical of map-encap solutions and keen to see everyone on IPv6
ASAP - where they think portable space isn't required.

None of them convinced me that substantial end-user networks would
be happy with IPv6 host renumbering as a means of easily changing
the entire network's prefix when choosing another ISP.  The fact
that most RIRs now offer PI space to end-user networks strikes me as
pretty good proof of my argument that end-user networks typically
need portability.

> Pushing IPv4 is pushing a system that once IPv4 runout happens,
> feudalizes the very structure of the Internet.  You are now
> creating a network where those who were on stay on, those who
> weren't, cannot get on.

I am not saying IPv4 is ideal.  I am just saying that I think the
optimism some people have about IPv6 being widely adopted in the
next 10 years is highly unrealistic.  It is a separate network from
the IPv4 Internet and most Internet users only want to be on a
network where everyone else is.

NAT-PT doesn't seem to be a viable transition mechanism by which
IPv6-only hosts can retain connectivity to the IPv4 Internet, as I
wrote here:

  http://psg.com/lists/rrg/2008/msg01467.html

An alternative suggestion was:

  http://tools.ietf.org/html/draft-ietf-v6ops-nat64-pb-statement-req

which I haven't read yet.

So how are ISPs (other than those with captive customers, such as in
China perhaps) going to sell an IPv6-only service which won't do
everything ordinary end-users want?  All it takes is 10% of the
end-users to find that some relatively obscure application won't
work, and the service would be really hard to sell and be costly to
support.

> You are also halting the ability of commercial entities to reach
> customers who are "fenced out" and cannot obtain IPv4 because
> there isn't any more of it.

I am not trying to push IPv4 or halt IPv6.  I am trying to be
realistic about the difficulties of sufficient end-users getting
IPv6 connectivity so that most end-users won't need IPv4 connectivity.

> In short, it's short term gain that costs a lot more over the
> long term than you gain now.

I agree - but why are end-users going to pay for an Internet service
which only connects to a subset of other end-users?  This is
especially the case at the start, when only a tiny fraction of
end-users have IPv6.

End-users don't care whether the packets are carried by IPv4, IPv6
or a global network of relativistic carrier pigeons.

I think most end-users require something like this:

  1 - Their applications work as expected.  For some end-users
      this includes obscure applications which don't do IPv6
      and never will - either because the application is no
      longer updated, because the author doesn't update it
      to IPv6 or because they do not in fact update their
      applications.

  2 - They can reach any website, send email anywhere, get
      any service, do peer-to-peer anything with whoever
      they want.

  3 - The service must be installable without any fussing
      around with configurations, including probably the
      requirement that they don't have to upgrade their
      OS from XP, which many folks are keen to hold onto
      to avoid getting sucked into Vista and being unable
      to drive some of their old peripherals.

Unfortunately, there is no upgrade path from IPv4 which meets these
requirements.  IPv6 proponents tend to have a much more flexible
notion of what ordinary end-users want, such as them upgrading all
their applications rapidly and only using a few protocols.  These
proponents tend to downplay the importance of P2P applications, but
I understand this is a big part of the attraction of the Net for a
large enough proportion of home users to constitute a significant
barrier to selling IPv6-only services when the vast majority of
end-users have no IPv6 connectivity.

I am suggesting that IPv4 has a lot more life left in it than
IPv6-advocates imagine.  Maybe that will give us time to devise an
upgrade path to something better - IPv6 or something else.

But maybe that won't be possible and we will be locked into IPv4
with NAT forever.

Attempting to tell the truth (and to learn and change my mind) about
the barriers to the world transitioning to IPv6 does not affect what
those barriers are.

There could be many other barriers to IPv6 adoption.  I don't know
enough about DNS to properly follow what Leo Bicknell and Dean
Anderson wrote in the "IPv6 in the Economist" thread.  Perhaps there
needs to be a wiki on barriers to IPv6 adoption.

  - Robin           http://www.firstpr.com.au/ip/ivip/