IETF 81 V6OPS WG Minutes ------------------------------- --Tuesday July 26 0900-1130 EDT Approximately 200 participants Fred Baker - Introduction The meeting is divided into two sections 1. World ipv6 day 2. Old Business * Presentation - World IPV6 Day Measurement results - Keranen http://tools.ietf.org/agenda/81/slides/v6ops-0.pdf http://tools.ietf.org/html/draft-keranen-ipv6day-measurements * Presentations - Microsoft Measurement report - Chris Palmer http://tools.ietf.org/agenda/81/slides/v6ops-1.pptx the sad graph, basically half a percent of th euser base came in via v6, 7% of those folks were windows xp which is surprising becuase you have to turn it on. as far as method, 91% native 8% 6to4 and 1% teredo. CDN's delivered, really at the last minute but they were there. It's hard to say given the usage that we've validated this at scale. Ralph D - Clarification Question ipv6 geolocation is it unavailable or is it incorrect. Chris - We use third parties and they're lacking the data. ? - What would it take from miscrosofts perspective to roll a patch to enable windows XP Chris P - That's something we've been generically thinking about but there's only a 1000 days of Windows XP left. Lorenzo C - one of the things you achieved with this is the removal of fear. How do you lock in those gains? if you do nothing the fear will come back. John B - We see duplicate DUID when windows devices do DHCPv6, which creates and operational complication. Chris P - Stacks changes are coming in Sept. Eric Kline - Will IE get ahppy eyeballs or fast fallback so it can join the other browsers? Chris P - So things like happy eyeballs are useful but fuzy towards the no. We're inclined to make changes to 3484. Dan W - Hey your v6 is broken is is not generic to the whole internet, it may work in your office or home, so a solution has to have scope. * Presentations - Checkpoint's World IPv6 Day Experience - Bob hinden http://tools.ietf.org/agenda/81/slides/v6ops-3.pdf Mark T - In our experience there are a lot of things we could just leave up afterwards, yet there is a lot of legacy stuff that has to be validated. Bob H - By doing this deployment exercise we're now having conversations about internal deployment now that the IT team feels a lot more comfortable and turns out to have not been that hard. * Presentation - World IPv6 Day, What did we learn (Ripe measurement report) - Bert Wijnen http://tools.ietf.org/agenda/81/slides/v6ops-4.pdf Bert W - Ripe had about 40 measurement points from which to observe world ipv6 day. Looking at DNS queries, 2 days before, negative cache TTL dropped for several participants. The internet is is a collection of internets connected to each other. Some of our vantage points revealed partitioning which was confirmed with further discussion. when monitoring performance ipv4 vs ipv6 for source destination pairs, v4 was a little better, but very close however. Alain D - Did you monitor the propigation of /48 prefixes , there are rumors of edge providers still filtering. Joel J - We advertise /48 prefixes and these days, we see them basically everywhere we can see with routeviews. Hui Deng - use of nat 64 for services can you detect that in your data? Joel J - Question everyone uses a load-balancer at scale, what are you trying to find? Alain D - With nat64 in front of the a server we have lost the identity of the user. * Presentation - IPv6 day operators report (hurricane electric) - Martin Levy http://tools.ietf.org/agenda/81/slides/v6ops-19.pdf Only port 80/443 traffic volume changed on IPv6 day. We credit much of this to youtube. Teredo tunnels require that the tunnel-end point return an icmp6 ping. About 11% of ASes are IPv6 enabled, if you count adjacencies, by the time that you get to 7 adjacencies about 50% of those players are ipv6 enabled. Geoff H - Your commnetary about Teredo isn't gelling for me, at the client side the ICMP is in UDP, the modified stun protocol in teredo guesses wrong about 37% of the time with the NAT binding. * Presentation - Comcast expereince with ipv6 deployment - John Browsowki http://tools.ietf.org/agenda/81/slides/v6ops-20.pdf Traffic increased notably during world ipv6 day. An additional trial is being deployed (DS-Lite) Native dual stack validated, preparing for production deployment. We took Jason Fesler's IPv6 testing code and did some 30,000 tests with end users, found some users that were potentially impacted. Hui D - How is your backoffice deployment supporting IPv6? John B - We've been working on it for about 6 years. The edge of the broadband network is where the effort is. Lee H - I thank you John because we started three years ago which means things have gone much faster. Chris P - Do you have visibility into household customers with gateways that don't support V6? John B - That vast majority, when we enable it in the broadband network we can tall people hey guys you need to upgrade. Chris P - my concern is that maybe if we're lucky we can reach 1 in 4 households. Lorenzo C - As a customer V6 is great and it works as well as ipv4. If you went all out how long would it take you to bring V6 to 1% of your customers? John B - 1% is doable pretty easy thequestion is more like the 90% number. Fred Baker - Status report World IPv6 day call to arms http://tools.ietf.org/html/draft-chown-v6ops-call-to-arms It doesn't have a lot of value as an RFC so Tim will let it lapse but the info will go into some other drafts. * Presentation - Happyeyeballs implementation report - Dan Wing http://tools.ietf.org/agenda/81/slides/v6ops-5.pptx http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs After discussion on the list, instead of describing the algorithm we decided to describe requirements. There are two versions stateless, e.g. chrome or firefox vs stateful Algorithms. Chris P - I think the direction is fantastic, requirements are good. * Presentation - IPv6 DNS Whitelisting - Jason Livingood http://tools.ietf.org/agenda/81/slides/v6ops-6.pptx http://tools.ietf.org/html/draft-ietf-v6ops-v6-aaaa-whitelisting-implications Lots of feedback from the IESG, generating version 3-6. We talked to implmentors, and it needs another rev, to make it acceptable to a swap of the community. Wes G - When this approach was first tried manual was the only approach. Lorenzo C - When we started this it was because we had no alternative. We removed ourselves from the discussion because we thought it was a critique of us. It's possible that we can produce a document that we can accept. Focus on intent and consequences in this draft. Fred B - Is there something (a taxonomy of GTM/GSLB) that we should take to DNSOP? Fred Baker - Response to Appeal on 6to4 to historic http://tools.ietf.org/agenda/81/slides/v6ops-24.pptx http://tools.ietf.org/html/draft-ietf-v6ops-6to4-to-historic Keith M - I'm convinced that you did due dilligence with respect to wg consensus. Fred B - It is worth noting that the draft did have some impact (with vendors). New business * Presentation - RFC for IPv6 IP identification field (header) - Mike Ackerman http://tools.ietf.org/agenda/81/slides/v6ops-7.ppt http://tools.ietf.org/html/draft-elkins-6man-ipv6-diagnostic-header Fred B - Question for the group, do you use the IPID in ipv4? (no respondants other than presenters) Weg G - We use it all the time? I've never heard of it... Francis D - it's potentially a covert channel, also why not use the fregmentation header? Bob H - We diefintently want to hear if this is useful. I don't know who puts this header in the packet? Nalini ? - The host clearly Andrei Y - typical use case for this header would be to see if a middle box is modifying the packet. Fred B - What I'm out of this discussion is that the application isn't a bad one, it could be simulated in a fregment. Fred Baker - Meeting complete, go to Lunch ------------------------------- -- Thursday July 28 1520-1720 EDT Approximately 200 participants * Presentation - Stateless 4Via6 - Wojec Dec http://tools.ietf.org/agenda/81/slides/v6ops-8.ppt http://tools.ietf.org/html/draft-dec-stateless-4v6 4v6 index provides enough information to compute an ipv4 address and port index. Example scenario - A CPE, inside it has a port contrained nat44 implmentation along with the 4v6 function. inside the cpe we nat the source ip to a public v4 address and port rnage provided by the v6 address encapsulated and sent to the 4v6 gateway where it is sent on the internet. Alternative modes of operation, mapped, vs translation. Translation has signficantly less impact in the 3gpp case. Ole T - Wanted to ste for the minutes that there isn't any practical difference between encapsulation ad double translation. Wojek D - We didn't get to have the discussion in softwires we belive that V6OPS is the best place to capture the operational issues. Hui D - would like less impact Satoru M - Going to be a work item for softwires. Mark T - The vast majority of both operations are the same, the question is do we compress the headers out or not. I support the minimal effort which is encapsulation. Alain D - This will be done at the interim metting in sept. Jari A - we should put them in the same place (softwire) rather than split them all over the place. Sing Y (cernet) - Sometimes we deploy single translation sometimes double, we haven't found many corner case where one works and the other doesn't. Fred B - Would suggest that people here read the draft, and comment to softwire where the work will be done. Dave T - the difference between tunneling and translation is very small and it would be an odd division to put those in two places. * Presentation - advanced requirements for cpe routers - Ole Troan http://tools.ietf.org/agenda/81/slides/v6ops-9.pdf http://tools.ietf.org/html/draft-ietf-v6ops-ipv6-cpe-router-bis Request from homenet to move the lan side of this document to the homenet wg. thus the document will be split in wan requirements vs lan side which will go there. Options give up on the document move to softwires (the ds-lite part) resubmitt 6204 with ds-lite and 6rd requirements continue. Barbara S - I like 6204 option or option 4 Ole T - include requirement for PCP? Alain D - PCP has been through two WG last calls Mark T - 6rd and DS-lite and PCP and making them come up and behave well together, that work is already here. Barbara S - Inclusion of PCP will start the question of do we also include UPnP Lorenzo C - what 6204 and homenet are doing is a relatively partitionable problem. Fred B - Question for Barbara, does this start here or in the BBF (broadband forum) Barbara S - Start them whereever someone is referencing PCP Hemant S - Lan side requirements are where we have real urgency from operators. Fred B - unless homenet feels badly them my expression would be to go for the thing with the nearest completion. Erik K - we need to have the cpe vendors be able to build this early next year. Jari A - we should publish what we have, if there's falky stuff we should pull it. Lorenzo C - In a closer reading of some of the lan side stuff dhcp will definitly hurt homenet work. * Presentation - IPv6 RA-Guard Evasion - Aurturo Servin http://tools.ietf.org/html/draft-gont-v6ops-ra-guard-evasion http://tools.ietf.org/agenda/81/slides/v6ops-11.pdf Fred B - so you made this presentation in 6man, what was the upshot? Aurturo - Was asking for acceptance becaue it's updates 6105, in v6ops case it's documentation of the issue and the operational solutions. Fernando G - Ra-guard is/was an infomational document produced in v6ops not 6man. Ron B - We would be stepping on the charter of 6Man Joel J - (outside of the problem statement) Fred B - We'll talk with Bob and Brian but it seems like the work can be done in 6man. * Presentation - IPv6 Practices on China Mobile IP Network - Chen Gun http://tools.ietf.org/html/draft-chen-v6ops-ipv6-bearer-network-trials http://tools.ietf.org/agenda/81/slides/v6ops-16.ppt Chris P - empathize strongly, I think it's great but I have a question are you drving load from your user's against this? Chen G - we have a plan for that, it's a lab exercise. Hui D - we have a national project that will deploy later this year. * Presentation - NAT64 CPE Operation Usages and Requirements - Chen Gun http://tools.ietf.org/agenda/81/slides/v6ops-25.ppt http://tools.ietf.org/html/draft-chen-v6ops-nat64-cpe Fred B - If the other draft is covering the same material at least they could be merged. * Presentation - A Discard prefix for IPv6 - Dave Freedman http://tools.ietf.org/html/draft-hilliard-v6ops-ipv6-discard-prefix http://tools.ietf.org/agenda/81/slides/v6ops-12.pdf Dave Freeman - Where should the prefix be from? documentation range? cute hex? more than one address? Global Unicast? Hard-Wired discard prefix is a standards track item. Nick H - There are concievable situations where you might want to leak this prefix e.g. to downstreams for DOS analysis etc (Warren K, Lorenzo C dispute this) Rob ? - We don't have a BCP for implementation Joel J - as one of the coauthor's on the ipv4 (RTBH BCP) the ipv4 one would be virtually identical. Fred - hearing a fair amount of support (hum) in favor no opposed short prefix (e.g. /64) vs /128 wg prefernce for /64 This is an arguement for BCP, Lets take this to a working group last call and move it ahead. * Presentation - DHCPv6 Prefix delegation as IPv6 Migration Tool in mobile netoworks - behcet Sarikaya http://tools.ietf.org/agenda/81/slides/v6ops-13.pptx http://tools.ietf.org/html/draft-sarikaya-v6ops-prefix-delegation Fred B - WG do you want to see this as a WG item? (show of hands shows no strong support each way) Nor support (for or against) individal submission Fred Baker - meeting over ------------------------------- Friday July 29 1300-1500 EDT Approximately 80 participants * Presentation - IPv6 Address accountability Considerations - Tim Chown http://tools.ietf.org/agenda/81/slides/v6ops-29.pdf http://tools.ietf.org/html/draft-chown-v6ops-address-accountability Tim C - At the moment people in ipv4 have a reasonable task of providing address accountability in v6, things like privacy addresses make that harder. Dave T - What do you mean by accountability Tim C - either a hardward port or 802.1x giving you a binding between port and ip address correlation between ip4 arp and ipv6 nd tables and polling rapidly enough that you know your data is relevant, alternatively record all nd traffic on the link. Fred B - Zigbee has Pana Unkown (Back mic) - Use Savi Tim C - Currently documents say logging with Savi should only log potential spoofing events, Logging all mapping data would be required. Fred B - as a Savi author switches in general have places where they log all sorts of things. James W - Shouldn't this rightfully be taken up in NOG organizations, One person's accountability is another Persons Pen Register. Wes G - The privacy concerns are something that should be included in the document. * Presentation - Operational Neighbor Discovery problem and enchancements - Joel Jaeggli http://tools.ietf.org/html/draft-gashinsky-v6nd-enhance http://tools.ietf.org/agenda/81/slides/v6ops-21.pdf Joel J - 6Man owns the solutions, V6ops feedback on whether there's a problem or not is helpful. Ole T - What's the relationship of this work to 6 lowpan nd Joel J - Don't know haven't explored that. Lorenzo C - Propose splitting the draft into operational guidance vs protocol changes. Fred B - Are address scans a problem? If this draft is split would the working group take the operational and implementation details (consensus, no opposition) * Presentation - Implementing AplusP in the provider's IPv6 only network - X Deng http://tools.ietf.org/html/draft-deng-v6ops-aplusp-experiment-results http://tools.ietf.org/agenda/81/slides/v6ops-14.ppt X Deng - implemented both port-range and scatter port a+p Fred B - So this is the Demo you showed in the terminal room? X Deng - Yeah What Breaks? UPNP clients. Marshall E / Dan W - Is there a security implication to the mask of ports? If I'm running a Kaminsky Style attack I can guess your next port. Stuart C - Lot of focus on making UPNP 1.0 work, it never will, you have to throw it out and start again hence IGD 2.0 * Presentation - Rapid Transition of IPv4 contents to be IPv6 accessible - Q Sunq http://tools.ietf.org/html/draft-sunq-v6ops-contents-transition http://tools.ietf.org/agenda/81/slides/v6ops-27.pptx Wes G - In the case where you turn on content providers, they need to do that on their own edge. Has this show us a practical application worth replicating or is this a proprietary one-off worth documenting. Dan W - if the consensus in the room is that nat64 is inappropiate in front of an ip4-only server because of a loss of the IPv6 source address, then v6ops would benifit from documenting that as a not recomended deplyoment. Lorenzo C / Jason W - There's a disparity where content is ahead of access. Access provders are currently working on that. Fred Baker - Meeting adjourned