Mailing List Archive

On 20 Jan 2021, at 12:17 PM, Bryan Fields <Bryan@bryanfields.net<mailto:Bryan@bryanfields.net>> wrote:

AFAIK IANA and the RIR's cannot enforce use of IP space assignments on any
network.

<chuckle> While route hijacking isn't necessarily an ARIN issue, I will note that several US law enforcement agencies (FBI & NCIS Cybercrime units) are quite interested in such events and do investigate them looking for criminal activity.

(See https://pc.nanog.org/static/published/meetings/NANOG77/2108/20191028_Elverson_Your_As_Is_v1.pdf for details.)

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers

On 1/20/21 12:52 PM, John Curran wrote:
>
> <chuckle>  While route hijacking isn't necessarily an ARIN issue, I will note that several US law enforcement agencies (FBI & NCIS Cybercrime units) are quite interested in such events and do investigate them looking for criminal activity.   
>
> (See https://pc.nanog.org/static/published/meetings/NANOG77/2108/20191028_Elverson_Your_As_Is_v1.pdf for details.) 
>

I think the difference is semantic but a very important one nonetheless.

Announcing a netblock that isn't yours and that you don't have authorization to use to others under the same terms and assumptions as you announce those to which you do hold legitimate rights or otherwise purporting to be a legitimate user of them on what we know as the "public Internet", that is the Internet where numbers are managed by IANA and the relevant RIRs is a "big deal".

Using numbers in a manner contrary to how they are assigned on the "public Internet" within a more limited scope where everybody agrees that the use of such numbers may be contrary to IANA and relevant RIR assignments is more along the lines of "you operate your network however you want".

Other things would fall under the same purview. For example "alternate root" DNS hierarchies with extra TLDs or even TLDs used in contrast to ICANN recommendations would have similar considerations.
--
Brandon Martin

Brandon -

Agreed – the key phrase being "within a more limited scope” …

/John

> On 20 Jan 2021, at 1:26 PM, Brandon Martin <lists.nanog@monmotha.net> wrote:
>
> On 1/20/21 12:52 PM, John Curran wrote:
>>
>> <chuckle> While route hijacking isn't necessarily an ARIN issue, I will note that several US law enforcement agencies (FBI & NCIS Cybercrime units) are quite interested in such events and do investigate them looking for criminal activity.
>>
>> (See https://pc.nanog.org/static/published/meetings/NANOG77/2108/20191028_Elverson_Your_As_Is_v1.pdf for details.)
>>
>
> I think the difference is semantic but a very important one nonetheless.
>
> Announcing a netblock that isn't yours and that you don't have authorization to use to others under the same terms and assumptions as you announce those to which you do hold legitimate rights or otherwise purporting to be a legitimate user of them on what we know as the "public Internet", that is the Internet where numbers are managed by IANA and the relevant RIRs is a "big deal".
>
> Using numbers in a manner contrary to how they are assigned on the "public Internet" within a more limited scope where everybody agrees that the use of such numbers may be contrary to IANA and relevant RIR assignments is more along the lines of "you operate your network however you want".
>
> Other things would fall under the same purview. For example "alternate root" DNS hierarchies with extra TLDs or even TLDs used in contrast to ICANN recommendations would have similar considerations.
> --
> Brandon Martin

> On Jan 20, 2021, at 07:11 , Brandon Martin <lists.nanog@monmotha.net> wrote:
>
> On 1/20/21 9:58 AM, j k wrote:
>> My question becomes, what level of risk are these companies taking on by using the DoD ranges on their internal networks? And have they quantified the costs of this outage against moving to IPv6?
>
> Honestly I can't think of much unless maybe they're a defense contractor that would potentially end up with DoD ranges (non-isolated/classified networks) in their view of the global routing table. Appropriately treating it like "my networks" and/or RFC1918 in your routing policies (not exporting it, not accepting routes for it, etc.) would be required to properly ensure network stability of course.

Do you think this still holds true if DoD were to (e.g.) sell that space to $CLOUD_PROVIDER or $ISP or $SUPPLIER or…?

I don’t have any knowledge of any events surrounding this space currently, but I do know that press releases and congress have discussed that possibility, so it cannot be ruled out.

Owen

On 1/20/21 1:48 PM, Owen DeLong wrote:
> Do you think this still holds true if DoD were to (e.g.) sell that space to $CLOUD_PROVIDER or $ISP or $SUPPLIER or…?
>
> I don’t have any knowledge of any events surrounding this space currently, but I do know that press releases and congress have discussed that possibility, so it cannot be ruled out.

This is a risk you take when using squad space of any form. DoD space
is somewhat uniquely "safe" in this regard but not immune to such things.

Honestly I'd be just about as worried as a potential legitimate non-DoD
public Internet user of that space about reachability issues as I would
as someone squatting on it internally within my network about it
becoming a part of the common global routing table.

I also suspect your typical large corporate environment cares less about
broad, global reachability than other Internet users in many cases.
--
Brandon Martin

> On Wednesday, January 20, 2021 13:48, Owen DeLong <...> wrote:
>
> Do you think this still holds true if DoD were to (e.g.) sell that space
> to $CLOUD_PROVIDER or $ISP or $SUPPLIER or??
>
> I don?t have any knowledge of any events surrounding this space
> currently, but I do know that press releases and congress have
> discussed that possibility, so it cannot be ruled out.

There's this old blog post from 2010: T-Mobile: Clever or Insane?

https://blog.wireshark.org/2010/04/t-mobile-clever-or-insane/

Best regards,

Jim Y.

----- On Jan 20, 2021, at 6:58 AM, j k <jsklein@gmail.com> wrote:

Hi,

> My question becomes, what level of risk are these companies taking on by using
> the DoD ranges on their internal networks? And have they quantified the costs
> of this outage against moving to IPv6?

Not so long ago, while working for a large enterprise, my team was considering
the use of non-advertised public IP space when we realized we were close to
running out of RFC1918 space. Eventually we decided against it as we had enough
options to reclaim unused RFC1918 from within the company. However, we had a
number of arguments against the use of public ranges:

- The risk of owners deciding to advertise their space. If so, since we operated
a popular ecommerce site, there would be a huge risk of users encountering
issues.
- The risk of inadvertent security issues. People using RFC1918 space, even the
most network-illiterate dev, know that RFC1918 space is not accessible from
the big bad internet. This (perceived) safety is absent when using public
IP space.
- The risk of misconfiguring firewalls. Obviously, most of the policies cover
RFC1918 space. Introducing non-RFC1918 space encourages human error.
- The risk of looking like fools if we would accidentally leak. Let's be honest.
There are two groups of people on this list. Those who have accidentally leaked
and those who will. I learned from my mistake(s).

As for IPv6: I know I sound like a broken record but one does not simply walk
into Mordor and migrate to IPv6. In a large enterprise, especially with one
using a lot of old code to support a highly popular webapp, it is easier to
move a mountain than it is to get all nosed aligned. The network group(s),
corp, lab, DC, backbone, may all be ready, but that does not mean that your
cloud, kubernetes, frontend, backend, operations, and billing groups are
ready. Migrating to IPv6 is a cost, as there is no ROI. It is a cost center,
not an investment. Surely, we all on this list know that it is a mandatory
expense to ensure future delivery of services, but explain that to a VP with
limited budgets. Are they going for the short term win of new features, or for
the long term "win" of retaining revenue? We all know what their bonuses are
based on.

And don't get me wrong. I'm not advocating against v6. I'm merely explaining how
difficult it can be to migrate. In most large companies, the network is like
PG&E (the power utility California). If it works, nobody says well done. But if
the power is out, everyone gets angry and asks why we have fools operating the
power grid.

Thanks,

Sabri

Organizations that I have seen doing as you describe, because they ran out
of RFC1918 IP space, are also often using their existing private IP space
wastefully in the first place. Rather than using DoD /8s internally, if
they absolutely need to support v4-only equipment on their internal
management networks, they might be better served by considering that maybe
every POP doesn't need its own /24.

I'm talking about things I've seen where all of the management/monitoring
IPs of the equipment at a site might fit very comfortably in a v4 /27. But
that would be a labor intensive IP space and management address auditing
process of renumbering things, fixing internal DNS and rDNS, and updating
any myriad of things that might have the direct IP addresses of stuff
hardcoded into configuration files.

Rather than doing all of the above, they simply go "hey here's a /8 that's
highly unlikely our management network will ever need to talk to it in a
global routing table", and continue on with their /24 plan per tiny POP.



On Wed, Jan 20, 2021 at 8:38 AM Dorn Hetzel <dorn@hetzel.org> wrote:

> I am aware of some companies that have used parts of a DoD /8 internally
> to address devices in the field that are too old to ever support IPV6.
> Those devices also never interact with the public internet, and never will,
> so for them, I guess the only risk would be that some other internal system
> that wants to talk to those devices would not also be able to talk to any
> endpoint on the public internet that wound up using space allocated from
> that block, some time in the future. Is that about right or am I missing
> some key failure point?
>
> On Wed, Jan 20, 2021 at 9:59 AM j k <jsklein@gmail.com> wrote:
>
>> My question becomes, what level of risk are these companies taking on by
>> using the DoD ranges on their internal networks? And have they
>> quantified the costs of this outage against moving to IPv6?
>>
>> Joe Klein
>>
>> "inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene
>> 1)
>> "*I skate to where the puck is going to be, not to where it has been."
>> -- *Wayne Gretzky
>> "I never lose. I either win or learn" - Nelson Mandela
>>
>>
>> On Wed, Jan 20, 2021 at 9:06 AM John Curran <jcurran@istaff.org> wrote:
>>
>>> Indeed.
>>> /John
>>>
>>> > On Jan 20, 2021, at 8:47 AM, Cynthia Revström <me@cynthia.re> wrote:
>>> >
>>> > But if you do this, make sure you keep track of where you might have
>>> put policies like this in, in case the DoD sells some the space or whatever
>>> in the future.
>>>
>>>

Additionally, examples of impersonating a corporate entity to acquire
unused IP space (Erie Forge and Steel's /16, anyone?) undoubtedly fall
under existing, pre-internet interstate commerce fraud laws...

http://web.mit.edu/net-security/Camp/2003/DBowie_IP_Hijacking.pdf

https://www.wired.com/images_blogs/threatlevel/files/edited-iphd-2.ppt



On Wed, Jan 20, 2021 at 9:54 AM John Curran <jcurran@arin.net> wrote:

> On 20 Jan 2021, at 12:17 PM, Bryan Fields <Bryan@bryanfields.net> wrote:
>
>
> AFAIK IANA and the RIR's cannot enforce use of IP space assignments on any
> network.
>
>
> <chuckle> While route hijacking isn't necessarily an ARIN issue, I will
> note that several US law enforcement agencies (FBI & NCIS Cybercrime units)
> are quite interested in such events and do investigate them looking for
> criminal activity.
>
> (See
> https://pc.nanog.org/static/published/meetings/NANOG77/2108/20191028_Elverson_Your_As_Is_v1.pdf for
> details.)
>
> FYI,
> /John
>
> John Curran
> President and CEO
> American Registry for Internet Numbers
>
>

On 1/20/21 12:52 PM, John Curran wrote:
> On 20 Jan 2021, at 12:17 PM, Bryan Fields <Bryan@bryanfields.net<mailto:Bryan@bryanfields.net>> wrote:
>>
>> AFAIK IANA and the RIR's cannot enforce use of IP space assignments on any
>> network.
>
> <chuckle> While route hijacking isn't necessarily an ARIN issue, I will note that several US law enforcement agencies (FBI & NCIS Cybercrime units) are quite interested in such events and do investigate them looking for criminal activity.
>
> (See https://pc.nanog.org/static/published/meetings/NANOG77/2108/20191028_Elverson_Your_As_Is_v1.pdf for details.)

Can you ensure quoting is done properly? I don't want more confusion between
what I wrote and the reply.

Nowhere did I state this was used to be for criminal or less than above board
use. As soon as an entity decides to engage in criminal activities we're
beyond the question of what numbers they can run on their network. I can't
think of a worse entity to hijack space from than the DOD. Very few other
AS's have the ability to make it rain fire over a hijacker's NOC :-)

My comment was in terms of what a private network can do inside their own
network, or as part of a multi-entity network that is separate from the
"Internet". The bigger question is, should you do this? The answer is no for
a host of reasons, as networks rarely stay private. Even the GRX went through
a big cleanup relating to this, and as of the last 6 years (maybe more)
requires space used to be allocated via the RIR's and not RFC1918 space. IIRC
they still allow private ASN's.

--
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net

> And don't get me wrong. I'm not advocating against v6. I'm merely explaining how
> difficult it can be to migrate. In most large companies, the network is like
> PG&E (the power utility California). If it works, nobody says well done. But if
> the power is out, everyone gets angry and asks why we have fools operating the
> power grid.

Indeed… It will be interesting to see how these CxOs with limited budges react
when backbones finally start turning off IPv4 and they discover that their network
is burning down because of years neglecting the IPv6 brush growing all around
them.

Owen

> due to it being so massive and unused for so long, certain large
> corporations that have run out of RFC1918, etc. space have started
> using it internally.

i first saw that on a traceroute from my hotel at ripe bologna in 2001.
i was told i was loooong late to finding it.

randy

I used to help large companies rearchitect their addressing, implement
IPv6, etc. for a living, so no one is more sympathetic than I am about
how difficult it can be to make these changes. However, I have to ask,
how far backwards do we want to bend for those that refuse to migrate?

There have already been at least two lines in the sand that the IETF has
backed down from. Is it even useful for us to keep saying "IPv6 is the
way forward" any more?


On 1/20/21 7:26 AM, Fred Baker wrote:
> I recently had a discussion with an Asian ISP that was asking the IETF to PLEASE re-declare DoD space to be private space so that they could use it. This particular ISP uses IPv6 extensively (a lot of their services are in fact IPv6-only) but has trouble with its enterprise customers. Frankly, enterprise use of IPv6 is a problem; they seem to push back pretty hard against using IPv6.
>
> I find this thread highly appropriate.

It is the DISA DOD NIC at:

https://disa.mil/About/Contact

Which will give you the DISA help desk phone number.

John Lee

On Mon, Nov 4, 2019 at 3:57 AM Chris Knipe <savage@savage.za.org> wrote:

> Hi Guys,
>
> Except for the email on ARIN's details, does anyone else have a contact
> for the DoD?
>
> We are experiencing a situation with a 3rd party (direct peer), wanting to
> advertise DoD address space to us, and we need to confirm whether they are
> allowed to do so or not.
>
> Range in question is the 22.0.0.0/8 network, which according to ARIN is
> actively assigned to the DoD (US).
>
> --
>
> Regards,
> Chris Knipe
>

Oh, no worries.. It will never happen ;)
There is reason why everyone stick to IPv4...

Also, there was also nice space that could be used safely on private
networks [14.0.0.0/8]. Unfortunately money needs to flow, so it was
converted to normal space. Shame.

Same with recent shady action w/ 44.0.0.0/8 is sad as well..
IPv4 will stay with us for very long....


---------- Original message ----------

From: Owen DeLong <owen@delong.com>
To: Sabri Berisha <sabri@cluecentral.net>
Cc: nanog <nanog@nanog.org>, Grant Taylor <gtaylor@tnetconsulting.net>
Subject: Re: DoD IP Space
Date: Wed, 20 Jan 2021 13:15:32 -0800

Indeed It will be interesting to see how these CxOs with limited budges
react when backbones finally start turning off IPv4 and they discover that
their network is burning down because of years neglecting the IPv6 brush
growing all around them.

Owen

Chris -

https://search.arin.net/rdap/?query=22.0.0.0 will provide a valid phone number for technical & abuse matters.

/John

John Curran
President and CEO
American Registry for Internet Numbers

On 21 Jan 2021, at 12:11 AM, John Lee <jllee9753@gmail.com<mailto:jllee9753@gmail.com>> wrote:

It is the DISA DOD NIC at:

https://disa.mil/About/Contact

Which will give you the DISA help desk phone number.

John Lee

On Mon, Nov 4, 2019 at 3:57 AM Chris Knipe <savage@savage.za.org<mailto:savage@savage.za.org>> wrote:
Hi Guys,

Except for the email on ARIN's details, does anyone else have a contact for the DoD?

We are experiencing a situation with a 3rd party (direct peer), wanting to advertise DoD address space to us, and we need to confirm whether they are allowed to do so or not.

Range in question is the 22.0.0.0/8<http://22.0.0.0/8> network, which according to ARIN is actively assigned to the DoD (US).

--

Regards,
Chris Knipe

> On Jan 20, 2021, at 11:10 PM, Doug Barton <dougb@dougbarton.us> wrote:
>
> There have already been at least two lines in the sand that the IETF has backed down from. Is it even useful for us to keep saying "IPv6 is the way forward" any more?


Oh, I could not agree more. We need IETF or other powers-that-be to stop the line-in-the-sand stuff and instead go with a line in the wet concrete.

I’m sure we all remember Y2k (well, most of us, there could be some young-uns on the list). That day was happening whether we wanted it to or not. It was an unchangeable, unmovable deadline.

THAT is what we need for IPv6 implementation. Will it happen? Probably not, sadly.

I’d love to see a line in the concrete of, say, January 1, 2025, whereby IPv6 will be the default.


----
Andy Ringsmuth
5609 Harding Drive
Lincoln, NE 68521-5831
(402) 304-0083
andy@andyring.com

“Better even die free, than to live slaves.” - Frederick Douglas, 1863

----- On Jan 21, 2021, at 6:40 AM, Andy Ringsmuth andy@andyring.com wrote:

Hi,

> I’m sure we all remember Y2k

Ah, yes. As a young IT consultant wearing a suit and tie (rofl), I upgraded many
bioses in many office buildings in the months leading up to it...

> I’d love to see a line in the concrete of, say, January 1, 2025, whereby IPv6
> will be the default.

The challenge with that is the market. Y2K was a problem that was existed. It was
a brick wall that we would hit no matter what. The faulty code was released years
before the date.

We, IETF, or even the UN could come up with 1/1/25 as the date where we switch off
IPv4, and you will still find networks that run IPv4 for the simple reason that
the people who own those networks have a choice. With Y2K there was no choice.

The best way to have IPv6 implemented worldwide is by having an incentive for the
executives that make the decisions. From experience, as I've said on this list a
few times before, I can tell you that decision makers with a limited budget that
have to choose between a new revenue generating feature, or a company-wide
implementation of IPv6, will choose the one that's best for their own short-term
interests.

On that note, I did have a perhaps silly idea: One way to create the demand could
be to have browser makers add a warning to the URL bar, similar to the HTTPS
warnings we see today. If a site is IPv4 only, warn that the site is using
deprecated technology.

Financial incentives also work. Perhaps we can convince Mr. Biden to give a .5%
tax cut to corporations that fully implement v6. That will create some bonus
targets.

Thanks,

Sabri

That's a good one. Perhaps you don't live/work in the US and can be
excused for not knowing that US corporations don't pay taxes. In many
cases we subsidize them by giving tax credits to the point that the money
is flowing in the opposite direction entirely. It would be hard to give
them any more of a break ;)

>
>
> Financial incentives also work. Perhaps we can convince Mr. Biden to give
> a .5%
> tax cut to corporations that fully implement v6. That will create some
> bonus
> targets.
>
> Thanks,
>
> Sabri
>

Organizations I have worked with for IPv6 transition, reduced CAPex and
OPex by leveraging the IT refresh cycle, and by ensuring there investment
included leveraging the USGv6 (
https://www.nist.gov/programs-projects/usgv6-program) or IPv6Ready (
https://www.ipv6ready.org/) to mitigate the "We sell IPv6 products, and
want to you to pay for the debugging costs".

Can I assume other organizations don't leverage the IT refresh cycle?

Joe Klein

"inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene 1)
"*I skate to where the puck is going to be, not to where it has been."
-- *Wayne
Gretzky
"I never lose. I either win or learn" - Nelson Mandela


On Thu, Jan 21, 2021 at 2:34 PM Brandon Svec <bsvec@teamonesolutions.com>
wrote:

> That's a good one. Perhaps you don't live/work in the US and can be
> excused for not knowing that US corporations don't pay taxes. In many
> cases we subsidize them by giving tax credits to the point that the money
> is flowing in the opposite direction entirely. It would be hard to give
> them any more of a break ;)
>
>>
>>
>> Financial incentives also work. Perhaps we can convince Mr. Biden to give
>> a .5%
>> tax cut to corporations that fully implement v6. That will create some
>> bonus
>> targets.
>>
>> Thanks,
>>
>> Sabri
>>
>

> I?m sure we all remember Y2k (well, most of us, there could be some
> young-uns on the list). That day was happening whether we wanted it to
> or not. It was an unchangeable, unmovable deadline.

but i thought 3gpp was gong to force ipv6 adoption

>> I?m sure we all remember Y2k (well, most of us, there could be some
>> young-uns on the list). That day was happening whether we wanted it to
>> or not. It was an unchangeable, unmovable deadline.
>
> but i thought 3gpp was gong to force ipv6 adoption

let me try it a different way

why should i care whether you deploy ipv6, move to dual stack, cgnat,
...? you will do whatever makes sense to the pointy heads in your c
suite. why should i give them or some tech religion free rent in my
mind when i already have too much real work to do?

randy

IPv6 doesn’t need a hard date. It is coming, slowly, but it is coming.
Every data set says the same thing. It may not be coming as fast as a lot
of us would want or actually think is reasonable as ISP’s are currently
being forced to deploy CGNs (NAT44 and NAT64) because there are laggards
that are not doing their part.

If you offer a service over the Internet then it should be available over
IPv6 otherwise you are costing your customers more to reach you. CGNs are
not free.

Mark

> On 22 Jan 2021, at 06:07, Sabri Berisha <sabri@cluecentral.net> wrote:
>
> ----- On Jan 21, 2021, at 6:40 AM, Andy Ringsmuth andy@andyring.com wrote:
>
> Hi,
>
>> I’m sure we all remember Y2k
>
> Ah, yes. As a young IT consultant wearing a suit and tie (rofl), I upgraded many
> bioses in many office buildings in the months leading up to it...
>
>> I’d love to see a line in the concrete of, say, January 1, 2025, whereby IPv6
>> will be the default.
>
> The challenge with that is the market. Y2K was a problem that was existed. It was
> a brick wall that we would hit no matter what. The faulty code was released years
> before the date.
>
> We, IETF, or even the UN could come up with 1/1/25 as the date where we switch off
> IPv4, and you will still find networks that run IPv4 for the simple reason that
> the people who own those networks have a choice. With Y2K there was no choice.
>
> The best way to have IPv6 implemented worldwide is by having an incentive for the
> executives that make the decisions. From experience, as I've said on this list a
> few times before, I can tell you that decision makers with a limited budget that
> have to choose between a new revenue generating feature, or a company-wide
> implementation of IPv6, will choose the one that's best for their own short-term
> interests.
>
> On that note, I did have a perhaps silly idea: One way to create the demand could
> be to have browser makers add a warning to the URL bar, similar to the HTTPS
> warnings we see today. If a site is IPv4 only, warn that the site is using
> deprecated technology.
>
> Financial incentives also work. Perhaps we can convince Mr. Biden to give a .5%
> tax cut to corporations that fully implement v6. That will create some bonus
> targets.
>
> Thanks,
>
> Sabri

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org

What's all your opinion when company's such as Disney actively recommend disabling IPv6? They are presenting it as IPv6 is blocking their app. We all know that isn’t possible. Several people have issues with their app and Amazon firesticks. I use my phone and a chromecast and I see the issues when IPv6 is enabled. We are in the testing phase on rolling out IPv6 on our network. All the scripts are ready, just trying to work through the few issues like this one.

https://help.disneyplus.com/csp?id=csp_article_content&sys_kb_id=c91af021dbe46850b03cc58a139619ed

Thank you
Travis



-----Original Message-----
From: NANOG <nanog-bounces+tgarrison=netviscom.com@nanog.org> On Behalf Of Mark Andrews
Sent: Thursday, January 21, 2021 7:45 PM
To: Sabri Berisha <sabri@cluecentral.net>
Cc: nanog <nanog@nanog.org>
Subject: Re: DoD IP Space

IPv6 doesn’t need a hard date. It is coming, slowly, but it is coming.
Every data set says the same thing. It may not be coming as fast as a lot of us would want or actually think is reasonable as ISP’s are currently being forced to deploy CGNs (NAT44 and NAT64) because there are laggards that are not doing their part.

If you offer a service over the Internet then it should be available over
IPv6 otherwise you are costing your customers more to reach you. CGNs are not free.

Mark

> On 22 Jan 2021, at 06:07, Sabri Berisha <sabri@cluecentral.net> wrote:
>
> ----- On Jan 21, 2021, at 6:40 AM, Andy Ringsmuth andy@andyring.com wrote:
>
> Hi,
>
>> I’m sure we all remember Y2k
>
> Ah, yes. As a young IT consultant wearing a suit and tie (rofl), I
> upgraded many bioses in many office buildings in the months leading up to it...
>
>> I’d love to see a line in the concrete of, say, January 1, 2025,
>> whereby IPv6 will be the default.
>
> The challenge with that is the market. Y2K was a problem that was
> existed. It was a brick wall that we would hit no matter what. The
> faulty code was released years before the date.
>
> We, IETF, or even the UN could come up with 1/1/25 as the date where
> we switch off IPv4, and you will still find networks that run IPv4 for
> the simple reason that the people who own those networks have a choice. With Y2K there was no choice.
>
> The best way to have IPv6 implemented worldwide is by having an
> incentive for the executives that make the decisions. From experience,
> as I've said on this list a few times before, I can tell you that
> decision makers with a limited budget that have to choose between a
> new revenue generating feature, or a company-wide implementation of
> IPv6, will choose the one that's best for their own short-term interests.
>
> On that note, I did have a perhaps silly idea: One way to create the
> demand could be to have browser makers add a warning to the URL bar,
> similar to the HTTPS warnings we see today. If a site is IPv4 only,
> warn that the site is using deprecated technology.
>
> Financial incentives also work. Perhaps we can convince Mr. Biden to
> give a .5% tax cut to corporations that fully implement v6. That will
> create some bonus targets.
>
> Thanks,
>
> Sabri

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org

My opinion is that such recommendations are short sighted, and simply
creating tech debt and future support issues for themselves, and in some
cases, intermediaries. That example you linked though is pretty specific to
one "smart" TV OS ; it's possible that there is a V6 specific issue with
that TV OS, and it's just worded that way because it's simpler.

Randy nailed it a couple messages ago though. V6 Adoption always is, and
always will be, metered by time, money and resources. Everybody kicks the
can on things like this until they can't anymore. And that's honestly not
even major criticism; everybody has a list of 1000 things to do, and enough
time/money/resources to reasonably do 250 of them. Triage happens, we all
do it.

On Fri, Jan 22, 2021 at 9:30 AM Travis Garrison <tgarrison@netviscom.com>
wrote:

> What's all your opinion when company's such as Disney actively recommend
> disabling IPv6? They are presenting it as IPv6 is blocking their app. We
> all know that isn’t possible. Several people have issues with their app and
> Amazon firesticks. I use my phone and a chromecast and I see the issues
> when IPv6 is enabled. We are in the testing phase on rolling out IPv6 on
> our network. All the scripts are ready, just trying to work through the few
> issues like this one.
>
>
> https://help.disneyplus.com/csp?id=csp_article_content&sys_kb_id=c91af021dbe46850b03cc58a139619ed
>
> Thank you
> Travis
>
>
>
> -----Original Message-----
> From: NANOG <nanog-bounces+tgarrison=netviscom.com@nanog.org> On Behalf
> Of Mark Andrews
> Sent: Thursday, January 21, 2021 7:45 PM
> To: Sabri Berisha <sabri@cluecentral.net>
> Cc: nanog <nanog@nanog.org>
> Subject: Re: DoD IP Space
>
> IPv6 doesn’t need a hard date. It is coming, slowly, but it is coming.
> Every data set says the same thing. It may not be coming as fast as a lot
> of us would want or actually think is reasonable as ISP’s are currently
> being forced to deploy CGNs (NAT44 and NAT64) because there are laggards
> that are not doing their part.
>
> If you offer a service over the Internet then it should be available over
> IPv6 otherwise you are costing your customers more to reach you. CGNs are
> not free.
>
> Mark
>
> > On 22 Jan 2021, at 06:07, Sabri Berisha <sabri@cluecentral.net> wrote:
> >
> > ----- On Jan 21, 2021, at 6:40 AM, Andy Ringsmuth andy@andyring.com
> wrote:
> >
> > Hi,
> >
> >> I’m sure we all remember Y2k
> >
> > Ah, yes. As a young IT consultant wearing a suit and tie (rofl), I
> > upgraded many bioses in many office buildings in the months leading up
> to it...
> >
> >> I’d love to see a line in the concrete of, say, January 1, 2025,
> >> whereby IPv6 will be the default.
> >
> > The challenge with that is the market. Y2K was a problem that was
> > existed. It was a brick wall that we would hit no matter what. The
> > faulty code was released years before the date.
> >
> > We, IETF, or even the UN could come up with 1/1/25 as the date where
> > we switch off IPv4, and you will still find networks that run IPv4 for
> > the simple reason that the people who own those networks have a choice.
> With Y2K there was no choice.
> >
> > The best way to have IPv6 implemented worldwide is by having an
> > incentive for the executives that make the decisions. From experience,
> > as I've said on this list a few times before, I can tell you that
> > decision makers with a limited budget that have to choose between a
> > new revenue generating feature, or a company-wide implementation of
> > IPv6, will choose the one that's best for their own short-term interests.
> >
> > On that note, I did have a perhaps silly idea: One way to create the
> > demand could be to have browser makers add a warning to the URL bar,
> > similar to the HTTPS warnings we see today. If a site is IPv4 only,
> > warn that the site is using deprecated technology.
> >
> > Financial incentives also work. Perhaps we can convince Mr. Biden to
> > give a .5% tax cut to corporations that fully implement v6. That will
> > create some bonus targets.
> >
> > Thanks,
> >
> > Sabri
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
>
>