--On Wednesday, April 04, 2012 21:31 -0400 Steven Bellovin <smb@xxxxxxxxxxxxxxx> wrote: > v6 is not the protocol I would have chosen. For that matter, > it's not the protocol I pushed for, as hard as I could, in the > IPng directorate. At this point -- with all of its technical > mistakes, IETF omissions, and difficulty of converting, we're > stuck with it; we simply do not have time -- even if we agreed > now on what we should have done, way back when -- to start > over. Do the arithmetic... Assume we know, today, the basic > structure of a perfect replacement for v4. It would take a > minimum of 3 years to get through the IETF, not because of ... > By my arithmetic, it's a > dozen years minimum, *after* we've agreed on the basic design. I agree with Steve in almost all respects. Also somewhat agree with Dave Meyers: NATs were inevitable the moment we adopted CIDR and effectively started encouraging the RIRs to push back on allocating fragmented and/or small blocks, if not even sooner. Now we could (and I think did) reasonably assume (perhaps as part of retrospectively less-reasonable assumptions about how quickly IPng/IPv6 would be deployed and how CIDR would disappear -- the latter assumption followed on the early assumption that CIDR was mostly about address conservation rather than about routing tables) that they would not become associated with other issues and have a long life as a result. The latter is, IMO, really key, not whether or not we would have NATs. Because of the problems that Steve points out of timing to get another solution out there (perhaps fortunately, that constraint applies to anyone else who wanted to start on a new "next generation" protocol suite too), I don't see a lot of point in putting energy into asking "what if" or bemoaning the state we find ourselves in except insofar as it actually helps us to move forward. I'm trying to avoid that except where understanding how we got here seems useful to avoiding repeating prior mistakes. I do think it is worthwhile to look at where we are today and, in particular, how we should balance trying to better understand the real obstacles to IPv6 adoption and doing something about them (obstacles that include the perceptions we and others are continuing to create) against IPv6 Cheerleading sessions that try to change perceptions in their own ways but do nothing about those problems (or, IMO, worse, dismiss them as unimportant). In the message to which Steve responded, Noel included: > Part of the real problem has been that the IETF failed to > carefully study, and take to heart, the operational > capabilities which NAT provided (such as avoidance of > renumbering, etc, etc), Part of that really does have to do with the question of how we move forward. The "etc, etc" above covers a lot beyond NATs in a renumbering context. At least IMO, we failed to do the comprehensive analysis on what those issues were. Consequently, in a problem that seems to persist to this day, we haven't been able to make a coherent "if you have situation X, you should do Y" chart or tell a corresponding story. I'm personally particularly sensitive to customer support issues for relatively small end-networks that have no serious on-site technical support capability (residential networks, SOHO arrangements (where the office is either remote from a larger facility or primary), relatively isolated branch offices, etc.). I have been worrying for some time that NAT arrangements with 1918 space create an "almost all networks are the same, even down to the addresses used" situation, which is hugely convenient from the standpoint of support, especially if the support personnel are not, themselves, experts. I'm delighted that we finally have a HOMENET WG but concerned that if we were serious about IPv6 and understood that set of issues, we would have had that WG a decade ago. Worse, my inference from discussion in the meeting of that WG last week is that a large fraction of the participants _still_ don't understand the issues. Others have worried more about renumbering and, well, etc., etc. Unlike some others, I'm still not convinced that there is anything fundamentally wrong with the IPv6 design although I believe that we could have made it either easier to deploy or that we could have offered more incentives for deployment. But I think we have done a terrible job until now of identifying, organizing, and presenting realistic scenarios and corresponding transition models. As an exercise, I'd like everyone to try to think about the decision process of an IT executive who is trying to decide when and how to deploy IPv6. Let's make the problem easy by assuming that she understands the broad issues and believes that she will have to deploy IPv6 sooner or later (a belief that is by no means universal). She needs to deal with several complex questions and tradeoffs among them including: (i) Networks grow, so conversion costs for existing (at the time) facilities will be larger in the future than they are now... probably worse yet if measured in constant dollars. (ii) Support costs and [re]training of people are an important part of the equation. The end users who are being supported probably barely know how to work a web browser, believe a "route" is something they follow on the way to the grocery store, and understand "address" mostly as something their houses have exactly one of each. Worse, it may be in the IT Department's interest to keep it that way -- users who know enough to start messing with machine or router configurations are often _very_ expensive to support. As one of many consequences of this, equipment and configurations that are easy to support have a huge and continuing economic advantage over arrangements that provide more options and flexibility at the cost of complexity. In many cases, judgments will get made about ease of support and training on one generation of equipment and, if the answers aren't right, it will make sense to wait for the next generation (possibly after trying to beat vendors up, possibly not). (iii) It is very dangerous to start deployment before all of the ducks are lined up. If key concepts or equipment are not available, or not fully understood, after conversion works starts, the consequences are likely to be very nasty. In particular, about the worst thing she can do (measured in job [in]security, if nothing else) is to start deployment and then stop or fail, having invested considerable resources with no ROI. At least the third of these involves some speculation and reading of omens (which is part of why she presumably gets paid the big bucks). But the signals the IETF sends are really important in that regard. Part of the signal we are sending now (and have been sending for a long time) is that we are willing to let a thousand flowers bloom wrt both transition strategies and configuration decisions, that, inevitably, there are a lot of weeds mixed in there with the flowers, and that if we know how to tell a flower from a weed, we aren't telling. That is actually ironic given how outraged we get in other areas when a non-standard solution (or a solution proposed by standardization in another body) comes along that might confuse the marketplace vis-a-vis IETF work). But, to our hypothetical executive, it is pretty easy to read the message we are sending as "the IETF doesn't really understand how people in my situation should deploy IPv6, so I should probably wait until they do". Worse, if some snake-oil purveyor (NAT or otherwise) then comes along and says "I know how you can avoid converting with IPv4 until you are good and ready, if ever", she is getting a message that is more clear, and more attractive under the circumstances, than the one she is getting from the IETF. And "decision-maker at ISP supporting small networks" or "small business" can be substituted for "IT Executive" in the above without significant other change. The details are different and the tradeoffs may be, but the fundamental issues aren't. john