Mailing List Archive

On Wed, Sep 29, 2021 at 5:49 PM Baldur Norddahl <baldur.norddahl@gmail.com>
wrote:

>
>
> On Wed, 29 Sept 2021 at 22:11, Victor Kuarsingh <victor@jvknet.com> wrote:
>
>> In the consumer world (Where a consumer has no idea who we are, what IP
>> is and the Internet is a wireless thing they attach to).
>>
>> I am only considering one router (consumer level stuff). Here is my
>> example:
>>
>
> I am afraid you are tailor making your case. We could just as well have an
> even more clueless customer that simply buys a 4G/5G router and attaches it
> to the inside of his LAN in addition to the wifi router he got from his
> DSL/cable/xPON service. Guess what will happen? It wont work as far as IPv4
> goes but it _will_ work with IPv6.
>
> As for the tailor made case where the customer buys a device actually made
> for this, said device would also implement IPv6 for dual WAN. Plenty of
> options for how the device could do that, including the possibility of
> doing 1:1 stateless IPv6 NAT or simply presenting both prefixes to the LAN
> and source route to the correct ISP.
>

You are correct - various cases will have different results (in fact my
main concern is that with consumer gear - there is quite a bit of
variability in what we can expect).

As for my use case, you are right, it was very specific, but that was on
purpose to have a fruitful discussion (versus hand waving things). I also
wanted to discuss the dual prefix item as well (which was being discussed).
However it is a very real example and shows up in networks (at least in
NA). I am sure we can draw a very long table of use cases with different
results.

Don't get me wrong, I want IPv6 to work better, I spent a lot of time
implementing IPv6 in multiple networks. That said, I also don't want to
ignore real common uses cases which impact customers and need to be
resolved.

I would like to dig into your use case a bit just so I understand. I guess
in this case - you assumed the customer would hook up the LTE/5G router
using LAN side ports (no WAN side port). That makes sense. I bring this
up because what I had found when looking at direct network data is that
most consumers serialize connecting second routers to each other (but
that's a single provider use case - so I digress).

In this case, when we say "it won't work". Do we mean nothing works? or
that the effective result of having a redundant connection to two providers
wont work. I agree that only one side, for IPv4 could work as the host
would only get an address from one or the other router. This is a great
use case for IPv6 in terms of the benefits for dual router situations.

All that said, I do personally (because of impact on call centers and
costs) differentiate outcomes where something "does not have the full
intended redundancy" (but still works and gets people to the Internet)
versus "can supply brokenness driving calls and IT support" (the latter is
more serious in my opinion).

regards,

Victor K


>
> Regards,
>
> Baldur
>
>

> On Sep 29, 2021, at 13:09 , Victor Kuarsingh <victor@jvknet.com> wrote:
>
>
>
> On Wed, Sep 29, 2021 at 3:22 PM Owen DeLong <owen@delong.com <mailto:owen@delong.com>> wrote:
>
>
>> On Sep 29, 2021, at 09:25, Victor Kuarsingh <victor@jvknet.com <mailto:victor@jvknet.com>> wrote:
>>
>> ?
>>
>>
>> On Wed, Sep 29, 2021 at 10:55 AM Owen DeLong via NANOG <nanog@nanog.org <mailto:nanog@nanog.org>> wrote:
>> Use SLAAC, allocate prefixes from both providers. If you are using multiple routers, set the priority of the preferred router to high in the RAs. If you’re using one router, set the preferred prefix as desired in the RAs.
>>
>> Owen
>>
>> I agree this works, but I assume that we would not consider this a consumer level solution (requires an administrator to make it work). It also assumes the local network policy allows for auto-addressing vs. requirement for DHCP.
>
> It shouldn’t require an administrator if there’s just one router. If there are two routers, I’d say we’re beyond the average consumer.
>
> In the consumer world (Where a consumer has no idea who we are, what IP is and the Internet is a wireless thing they attach to).
>
> I am only considering one router (consumer level stuff). Here is my example:
> - Mr/Ms/Ze. Smith is a consumer (lawyer) wants to work from home and buy a local cable service and/or DSL service, and/or xPON service

OK, so one router or two?

> - Both providers have IPv6 (competing in the market so don't cooperate on how to address, manage customer homes)

This shouldn’t be necessary with appropriate CPE, especially if Mr/Ms/Ze Smith has a single router for both.

> - Mr/Ms/Ze Smith has no idea what IPv4 is, what IPv6 is or anything anything else technical (typical consumer); They only knows how to walk into a store and buy a random thing off the shelf and ask for "WiFi".

Again, assuming a single router managing both providers with a sane implementation and rational defaults, this shouldn’t be a problem.

Of course, today, that isn’t really available in v4 for the most part, either.

> - Both providers provide IPv6 and delegate a prefix to the router (let's pretend the retail staff knew enough to sell this person a consumer box with 2x WAN interfaces)

Let’s further pretend that the software in the box is sane about its v6 implementation and has a “primary” and “backup” port allowing it to make rational default choices
about priority/preference fields in the RAs that it generates and that it defaults to SLAAC only on the LAN ports.

> - Lets also assume the cable boxes have a consumer actionable way to force R1483 mode, and assume the DSL device can do the same (I know many providers that don't allow this type of configuration)

R1483 is unfamiliar to me unless you mean the RFC covering Multiprotocol Encapsulation over ATM Adaptation Layer 5.

Assuming this is what you mean, let me get this straight, we’ve got a consumer who doesn’t know what IPv4 or IPv6 are, and she just wants WiFi, but she’s supposed to understand what RFC-1483 is and/or the implications of ATM Adaptation layer 5 for multi protocol encapsulation? I could be wrong, but I think that’s asking a lot.

The CPE should have rational defaults for supporting the two connections, period. She shouldn’t need “consumer actionable anything” an it should be possible to just plug it in and have it work.

> - So this dual WAN (retail) device now has one Public IPv4 address per WAN interface (assuming one or both of the services was not disallowing bridging mode, in which case its a Private address on one or both of the WAN interfaces)

Sure, but we really don’t care about the IPv4 thing here, that’s going to involve tragic NAT hackery and whatever. Hopefully it’s a somewhat temporary problem.

> - this dual wan device also gets a PD from both upstream providers which delegates to the CPE

That’s certainly what I would expect.

> I will ignore the dual router case as that normally looks very ugly in networks as customers typically don't hook that up correctly (normally hook one box in behind the first, not in parallel). Do we think this use case just works today? Can we say we are confident we know how this all pans out in real production? e.g. CPE only uses one PD? uses both? does all the right things to support SLAAC downstream?

I think that if the CPE has rational defaults (which I admit is not a given today) and truly supports IPv6 on the dual WAN ports with proper support for PD and corresponding SLAAC on the LAN ports, then yes, this should work.

CPE should use both. It should create RAs with a prefix from the primary port PD as preferred,valid,on-link and the secondary port PD as valid,on-link. CPE should have no problem doing SLAAC downstream.

I do not know if there are currently any routers that get this right, nor do I know if there are not. It’s almost certain there are still CPE routers that get this wrong.

> I hate to say it, but for the IPv4 case, as ugly as NAT is, I know what happens and normally the consumer has no clue what's going on and the router just deals with it. For the IPv6 side, I am not yet confident this is all just working yet. I would like to be wrong. I can say - in my consumer mode in the US - this example above is not working by default. (I won't out the providers of course). I want the answer to be different, but there is still more work to do (especially since dual provider has become much more common due to work from home).

It’s a valid concern and I’m not sure what testing has been done at this level yet. I will say that it’s a not particularly common configuration even in IPv4 and the switchover when the primary ISP fails isn’t as entirely smooth as you imply.

You may know exactly what to expect, but I guarantee the consumer faces at least some confusion at best in most cases.

I’ll also guarantee you that when they call their ISP it’s almost certain to be a very confusing conversion on both sides of the phone, especially if they are using any of the really big providers that have call centers full of people that can’t deal with anything beyond the script they barely know how to read (if that) and the 4 or 5 buttons they’re allowed to poke to (send a it to your modem, re-flash your modem’s firmware, “test” your modem’s reachability, produce a delay to make the customer think they did something, or escalate the call to someone that will never actually call the consumer).

Owen

> On Sep 29, 2021, at 14:23 , Victor Kuarsingh <victor@jvknet.com> wrote:
>
>
>
> On Wed, Sep 29, 2021 at 4:51 PM Michael Thomas <mike@mtcc.com <mailto:mike@mtcc.com>> wrote:
>
>
> On 9/29/21 1:09 PM, Victor Kuarsingh wrote:
>>
>>
>> On Wed, Sep 29, 2021 at 3:22 PM Owen DeLong <owen@delong.com <mailto:owen@delong.com>> wrote:
>>
>>
>>> On Sep 29, 2021, at 09:25, Victor Kuarsingh <victor@jvknet.com <mailto:victor@jvknet.com>> wrote:
>>>
>>> ?
>>>
>>>
>>> On Wed, Sep 29, 2021 at 10:55 AM Owen DeLong via NANOG <nanog@nanog.org <mailto:nanog@nanog.org>> wrote:
>>> Use SLAAC, allocate prefixes from both providers. If you are using multiple routers, set the priority of the preferred router to high in the RAs. If you’re using one router, set the preferred prefix as desired in the RAs.
>>>
>>> Owen
>>>
>>> I agree this works, but I assume that we would not consider this a consumer level solution (requires an administrator to make it work). It also assumes the local network policy allows for auto-addressing vs. requirement for DHCP.
>>
>> It shouldn’t require an administrator if there’s just one router. If there are two routers, I’d say we’re beyond the average consumer.
>>
>> In the consumer world (Where a consumer has no idea who we are, what IP is and the Internet is a wireless thing they attach to).
>>
>> I am only considering one router (consumer level stuff). Here is my example:
>> - Mr/Ms/Ze. Smith is a consumer (lawyer) wants to work from home and buy a local cable service and/or DSL service, and/or xPON service
>>
> Isn't the easier (and cheaper) thing to do here is just use a VPN to get behind the corpro firewall? Or as is probably happening more and more there is no corpro network at all since everything is outsourced on the net for smaller companies like your law firm.
>
>
> For shops with IT departments, sure that can make sense. For many mom/pop setups, maybe less likely. The challenge for us (in this industry) is that we need to address not just the top use cases, but the long tail as well (especially in this new climate of more WFH).

The mom/pop law firm without an IT department probably isn’t working from home any more, they’re probably back in the office.

In any case, they probably have the office “resources” they want to use for WFH in the cloud somewhere so there’s no difference
in access between home and office.

Owen

On Wed, 29 Sep 2021 16:09:26 -0400, Victor Kuarsingh said:

> - Both providers provide IPv6 and delegate a prefix to the router (let's
> pretend the retail staff knew enough to sell this person a consumer box
> with 2x WAN interfaces)

So... do such boxes exist in any great quantity?

Do consumers who can't add a valid number after 'IPv' accidentally contract for
Internet service from two different providers often? Do they intentionally do
that often?

It sounds like a sufficiently rare situation that "clueless lawyer/whatever
hires somebody with clue for 2 hours work to configure it all" is a reasonable
solution.

On Thu, Sep 30, 2021 at 10:01 PM Valdis Kl?tnieks <valdis.kletnieks@vt.edu>
wrote:

> On Wed, 29 Sep 2021 16:09:26 -0400, Victor Kuarsingh said:
>
> > - Both providers provide IPv6 and delegate a prefix to the router (let's
> > pretend the retail staff knew enough to sell this person a consumer box
> > with 2x WAN interfaces)
>

Just to make it clear, I would love it all to work really well and by
default. But I also look at the reality and don't over estimate how
proficient consumers will be.


>
> So... do such boxes exist in any great quantity?
>

Not in great quantity. But for the fun of it, I ran down to the local
BestBuy recently and they offered me a dual WAN router (only one type) in
stock. So, I guess sufficient supply?


>
> Do consumers who can't add a valid number after 'IPv' accidentally
> contract for
> Internet service from two different providers often? Do they intentionally
> do
> that often?
>

Likely not accidentally, but the router they showed me (will not say what
brand on this list) showed a "WAN" and "WAN/DMZ" port, so just as clear as
any other port markings for consumer grade connections.


>
> It sounds like a sufficiently rare situation that "clueless lawyer/whatever
> hires somebody with clue for 2 hours work to configure it all" is a
> reasonable
> solution.
>

Yes, I suspect that may happen. How many clueful IPv6 folks do we suspect
service this market which are available at a cost most will be willing to
pay?

regards,

Victor K

> On Sep 30, 2021, at 19:35 , Victor Kuarsingh <victor@jvknet.com> wrote:
>
>
>
> On Thu, Sep 30, 2021 at 10:01 PM Valdis Kl?tnieks <valdis.kletnieks@vt.edu <mailto:valdis.kletnieks@vt.edu>> wrote:
> On Wed, 29 Sep 2021 16:09:26 -0400, Victor Kuarsingh said:
>
> > - Both providers provide IPv6 and delegate a prefix to the router (let's
> > pretend the retail staff knew enough to sell this person a consumer box
> > with 2x WAN interfaces)
>
> Just to make it clear, I would love it all to work really well and by default. But I also look at the reality and don't over estimate how proficient consumers will be.

No reason it can’t. The limitations on this are not in the protocol or the specifications at this point. CPE is another matter. It’s never been particularly good at IPv4, let alone IPv6.

> So... do such boxes exist in any great quantity?
>
> Not in great quantity. But for the fun of it, I ran down to the local BestBuy recently and they offered me a dual WAN router (only one type) in stock. So, I guess sufficient supply?

How well did it handle IPv6?

> Do consumers who can't add a valid number after 'IPv' accidentally contract for
> Internet service from two different providers often? Do they intentionally do
> that often?
>
> Likely not accidentally, but the router they showed me (will not say what brand on this list) showed a "WAN" and "WAN/DMZ" port, so just as clear as any other port markings for consumer grade connections.

I’m an expert and that’s not clear to me. Which one is primary, which one is secondary?

Does that second notation mean WAN and DMZ, or does it mean WAN OR DMZ?

WAN+DMZ on same port seems an odd combination. OTOH, “OR” would imply a need to configure it one way or the other and for the consumer to understand the concept of a DMZ network and…

> It sounds like a sufficiently rare situation that "clueless lawyer/whatever
> hires somebody with clue for 2 hours work to configure it all" is a reasonable
> solution.
>
> Yes, I suspect that may happen. How many clueful IPv6 folks do we suspect service this market which are available at a cost most will be willing to pay?

$LAWYER won’ t blink at paying $250/hour for 2 hours of work to configure a router. I’ve done so for several of them.

They also don’t blink at billing their clients much more than that per hour.

Owen