Unidentified issues in IPv6 deployment/operation draft-itojun-jinmei-ipv6-issues-00.txt %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Motivation ngtrans chairs asked WIDE to identify issues/problems still remaining issues related to deployment/operation can touch some protocol issues not sure how the document should end up v6ops wg item? recommendation to other wgs? %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Addressing - DNS Reverse DNS mapping Difficult to maintain reverse mapping Cannot auto-generate (like dhcp128.example.com) Dynamic DNS registration still in infancy Scoped addresses - separate name tree, just like firewall? Temporary address - probably we don't want to register Don't rely on the existence of PTR RR Alternate mechanism? - ICMPv6 node info query Forward DNS mapping Dynamic DNS registration still in infancy Scoped addresses separate name tree, just like firewall? AAAA record does not carry scope info %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Addressing - scoped unicast Link-local ND - there's no question, it's needed Normal use - back to DNS discussion Is site-local address really useful? IBGP session how likely we will renumber? routers MUST have global address to send ICMPv6 to outside Security risks putting site-locals into routing header and attack nodes inside other company Attacks via application layer (itojun@[fec0::1]@kame.net) %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Addressing - multicast How should we really use scopes? SLP and other protocols rely upon scoped multicasts How likely it is to have multicast routing infrastructure? If likely, protocol designs can take advantage of it If not likely, protocol designs should use unicast, not multicast %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Addressing - anycast How to use anycast for service location purposes Characteristics of anycast address - separate draft draft-ietf-ipngwg-ipv6-anycast-analysis-01.txt %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Prefix management ISP-to-edge prefix assignment (prefix delegation) -> ipngwg %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Routing BGP4+ clarifications implementation varies due to document ambiguities what to put into nexthop attribute BGP4+ operation by link-local address only Interaction between routing protocols ("redistribute") Aggregation - network designs for a site/ISP/... Multihoming - RFC3178, multi6 wg %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 32bit IDs A lot of protocols use 32bit IDs 32bit IDs = management headaches, scalability limitation What is the domain of uniqueness? BGP, OSPF - within an AS NTP - worldwide uniqueness needed How wide does ID need to be? 128bit - global IPv6 address can be used 64bit - EUI64 maybe? (not guaranteed to be unique) 64bit - 32bit AS number + 32bit serial (management headache) 32bit - insufficient (32bit AS numbers) Scoped IPv6 address and IDs? %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% DNS issuess Server discovery anycast, multicast, DHCPv6? Packet size EDNS0? root zone response size? glue AAAA records? DNS server reachability Broken DNS servers Incorrect NXDOMAIN response when "www.example.com" has only A, and AAAA query is issued (should be empty NOERROR) Making root DNS servers IPv6 ready Making ccTLD/gTLD DNS services IPv6 ready %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% SNMP Transport - okay. we can run it over IPv4/v6 content and transport are separate Need SNMPv3 to support trap via IPv6 MIBs - in the works %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Security Some new model is needed, which is better than firewall With firewalls, no real benefit of IPv6 (no p2p apps deployment) Firewall model is flawed anyways roaming laptop infected by virus, insider attacks "use IPsec" is not enough need to go into gory details routing protocol documents need to be revisited %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% RADIUS protcol specs are there, just deployment issues %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Non-socket APIs DBMS can handle IPv4 addrs as primitive data type Same thing should happen for IPv6 Platform-dependent APIs %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Education Lack of educational materials operation, API, whatever Host/router requirements %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Summary Various issues still need to be addressed maybe in v6ops wg, or other wgs how should we handle this? v6ops wg recommend something to other wg via AD? this document be published as snapshot? whatever? -end