IETF Logo Mail Archive

Re: The point is to change it: Was: IPv4 depletion makes CNN

John C Klensin <john-ietf@jck.com> Fri, 11 June 2010 02:34 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E6D2128C119 for <ietf@core3.amsl.com>; Thu, 10 Jun 2010 19:34:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.022
X-Spam-Level:
X-Spam-Status: No, score=-0.022 tagged_above=-999 required=5 tests=[AWL=-0.023, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FHt9w+doaRaD for <ietf@core3.amsl.com>; Thu, 10 Jun 2010 19:34:07 -0700 (PDT)
Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by core3.amsl.com (Postfix) with ESMTP id ECCFB3A6999 for <ietf@ietf.org>; Thu, 10 Jun 2010 19:33:43 -0700 (PDT)
Received: from [127.0.0.1] (helo=localhost) by bs.jck.com with esmtp (Exim 4.34) id 1OMu3F-000FFW-GF; Thu, 10 Jun 2010 22:32:57 -0400
Date: Thu, 10 Jun 2010 22:32:56 -0400
From: John C Klensin <john-ietf@jck.com>
To: Mark Andrews <marka@isc.org>, ned+ietf@mauve.mrochek.com
Subject: Re: The point is to change it: Was: IPv4 depletion makes CNN
Message-ID: <55562CF3CFC08C5C6DA3DD8F@PST.JCK.COM>
In-Reply-To: <201006110017.o5B0HOBN099415@drugs.dv.isc.org>
References: <AANLkTilMjpiETg4HybCB_pik9ChxTsJEKhn0R3Vo29QM@mail.gmail.com> <4C053BFE.7010503@gih.com> <01NNSVGHG9QA00KQEH@mauve.mrochek.com> <AANLkTimpWUUKZZethUHqufetmhJ9seqZ-LpwIbWl-sJg@mail.gmail.com> <4C06A72C.20403@bogus.com> <01NNZSXLI7MU00F6L7@mauve.mrochek.com> <01NNZXBXSBKU00F6L7@mauve.mrochek.com> <4C0C1581.4030700@bogus.com> <AB08382A8009A0E9C4E0C598@PST.JCK.COM> <4C0FEEA9.6060701@mail-abuse.org> <01NO48CMVHG800004S@mauve.mrochek.com> <4C1023DD.1050309@mail-abuse.org> <01NO4HXMXG4I00004S@mauve.mrochek.com> <4C115DAA.9050307@mail-abuse.org> <01NO5QT3QGKC00004S@mauve.mrochek.com> <201006110017.o5B0HOBN099415@drugs.dv.isc.org>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: Ned Freed <ned.freed@mrochek.com>, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jun 2010 02:34:43 -0000

--On Friday, June 11, 2010 10:17 +1000 Mark Andrews
<marka@isc.org> wrote:

> 
> In message <01NO5QT3QGKC00004S@mauve.mrochek.com>,
> ned+ietf@mauve.mrochek.com w rites:
>> If this is accurate, I think you need to go back and reread
>> John Klensin's recent messages for why this scenario really
>> isn't all that likely to unfold the way you think.
>> 
>> 				Ned
> 
> Turn off the root servers IPv4 address and see how fast people
> adapt. :-)

Mark,

I hate to say this, but that is silly, smiley or not.  

Because this may be an example of some of the "force a
transition" ideas that are going around, let's examine what
would happen if it were done.  This analysis more or less
applies to any "cut off some service to force folks onto IPv6"
strategy and is hence worth examining even if we understand that
cutting off the IPv4 root servers is not realistic.

The typical users of the Internet don't use the root servers
directly at all.  They use, exclusively, some full-service
forwarder(s) that might interact with the root servers.  Those
forwarders belong to ISPs, enterprises, etc., and the lusers
think they have contracts for services with those entities.  So,
now, some major piece of infrastructure that, from the user's
perspective is a critical resource covered by the service is
converted to IPv6-only or otherwise made unavailable.  What
happens next is pretty obvious: the provider copes or sees happy
paying customers swap themselves out and their lawyers in.
Using the root servers as an example, "provider copes" would
most naturally take one of two forms:

	(1) Provider sets up an IPv6 server that is capable of
	serving out the root zone (from a cache and and queries
	as needed) to the forwarders who keep serving the users
	with IPv4 DNS.  Net effect on IPv6 deployment: just
	about zero.  Net effect on the DNS: very low or zero.
	
(2) Provider adjusts the local configuration file for the
location of the root zone to point to someone who will serve out
a root zone in IPv4.  Note "a root zone" rather than "the root
zone".  I hope I don't have to explain the difference to anyone
reading this list, but I'm sure I don't have to explain it to
you.  Net effect on IPv6 deployment: zero or worse because even
more credibility will have been lost (for IPv6 and the
intelligence of various institutions).  Net effect on the DNS:
significant and really bad... multiple roots or dubious (or at
least variable) authority.  DNSSec basically has to be turned
off to make that work.  

In addition for both scenarios, we have some experience with
such things for other reasons and in an earlier era.  If the
infrastructure that supports those alternate roots or shadow
roots isn't as good as the infrastructure which they have come
to expect from the normal root servers, the ISPs and other
operators of major forwarders have tremendous incentives to
refresh at lower frequency than called for in SOA records and to
disable or reinterpret TTL timeouts of data.   For the root
zone, that was pretty much ok around 1995 because data
volatility was very low.  But, in a world in which ICANN is
contemplating thousands of separate delegations from the root
zone, volatility goes up and basing responses on slow-update
alternate roots or non-authoritative and potentially very stale
data... well, you don't cause a lot more IPv6 deployment, but
you certainly damage the quality of DNS-based identifiers.

Again, I saw the smiley so assume that you know the above.  But
the point is that there are similar scenarios, with similar
outcomes, for almost every model for creating a forcing function
for IPv6 based on artificially shutting down IPv4 services.


> Seriously, I do think it is time that the root and TLD's had
> IPv6 only name servers.  I'm not advocating IPv4 be turned off
> on them yet.

If "yet" points to any time prior to the point at which IPv6 is
universally deployed, then the above comments apply to the DNS
and root servers.   

It may be useful to remind ourselves again that getting TCP/IPv4
"universally deployed" in an NCP-based network required a flag
day and a credible threat to disconnect any host that was still
running NCP at the point.  Neither the flag day nor the threat
has plausible analogies in today's Internet.

     john

v2.23.0 | Report a Bug | By Email