[184529] in North American Network Operators' Group
Re: /27 the new /24
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Oct 7 08:04:10 2015
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <Pine.LNX.4.61.1510041115500.10544@soloth.lewis.org>
Date: Wed, 7 Oct 2015 05:01:47 -0700
To: Jon Lewis <jlewis@lewis.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On Oct 4, 2015, at 8:33 AM, Jon Lewis <jlewis@lewis.org> wrote:
>=20
> On Sun, 4 Oct 2015, Mel Beckman wrote:
>=20
>> If it doesn't support IPSec, it's not really IPv6. Just as if it =
failed to support any other mandatory IPv6 specification, such as RA.
>=20
> Go tell cisco that. IIRC, the first network I dual-stacked, I was =
kind of surprised when I found I could not use authentication in OSPFv3, =
because OSPFv3 assumes IPv6 will supply the IPSec to do auth...but these =
routers didn't support IPSec. They still managed to route IPv6 and =
support IPv6 customers...so it really was IPv6...just not the full suite =
of everything you'd expect from IPv6.
A router with OSPFv3 and no IPSec for securing the OSPFv3 sessions =
really is an incomplete implementation.
This is one case where IPSec really should be considered mandatory =
rather than recommended.
>=20
>> Your observation simply means that users must be informed when buying =
IPv6 devices, just as they must with any product. You can buy either =
genuine IPv6 or half-baked IPv6 products. When I speak of IPv6, I speak =
only of the genuine article.
>=20
> Does anyone buy "IPv6 devices=E2=80=9D?
Yes=E2=80=A6 For some definitions of that term.
> The biggest hurdle I've seen with IPv6 adoption (i.e. going =
dual-stack, with the idea that we'll gradually transition most things / =
most traffic from v4 to v6) is the number of end-user network providers =
that don't offer v6 at all. My home cable internet provider still =
doesn't offer IPv6.
> When I asked one of their support people about it recently, I was =
told not to worry, they have plenty of v4 addresses left, but it was =
implied that they do plan to start offering v6 sometime soon. They =
should have started rolling out IPv6 to any customers that wanted it =
years ago, so that by today, it would be standard for all their =
installations to be dual-stack. But here we are, nearly 2016, and they =
don't have a single IPv6 customer (AFAIK) yet.
Yeah, lots of providers still don=E2=80=99t get it like that.
The problem is we=E2=80=99ve also done a poor job training people who =
call them up asking for IPv6.
Many accept =E2=80=9CWe have plenty of IPv4 addresses=E2=80=9D as an =
answer.
Instead, the followup question is needed=E2=80=A6 =E2=80=9CThat=E2=80=99s =
great, but how does that help me reach a web site that doesn=E2=80=99t =
have and can=E2=80=99t get an IPv4 address?=E2=80=9D
Owen
