Logs for v6ops@ietf.xmpp.org, 2005-08-01

[02:40:59] --- tskj has joined
[02:41:12] --- tskj has left
[06:29:10] --- rune has joined
[06:29:42] --- rune has left
[06:29:59] --- rune has joined
[06:32:44] --- Bob has joined
[06:32:52] --- brabson has joined
[06:33:30] --- FDupont has joined
[06:33:39] --- arifumi@jabber.org has joined
[06:34:15] --- dthaler has joined
[06:34:26] --- nm has joined
[06:34:33] --- kurtis has joined
[06:34:39] --- fred has joined
[06:34:45] <fred> hello...
[06:35:05] --- mikemlb has joined
[06:36:59] --- dudi has joined
[06:36:59] --- fred has left: Disconnected
[06:37:00] <dthaler> looking for minute taker
[06:37:13] --- brabson has left: Disconnected
[06:37:30] --- dr has joined
[06:37:45] --- torus has joined
[06:38:26] --- Jim has joined
[06:38:32] <dthaler> fred baker presenting status of drafts
[06:39:07] <dthaler> 4 drafts in rfc queue, 6 completed WG last call in June
[06:39:26] <dthaler> agenda today is on 2 of those, plus 2 others
[06:40:09] <dthaler> also some new items
[06:40:18] --- brabson has joined
[06:40:21] <dthaler> 6 drafts are indiv submissions, not discussed here
[06:41:05] --- mo7sen has joined
[06:41:39] <dthaler> next up: Jim Bound on enterprise scenarios doc
[06:42:15] --- jeroen has joined
[06:42:22] <dthaler> draft-ietf-v6ops-ent-analysis-03.txt
[06:43:30] <dthaler> added sec 8.4 Transition Mechanism Summary analysis
[06:44:56] --- fred has joined
[06:45:33] <dthaler> ask for any feedback to be specific and say why
[06:46:02] <dthaler> 8.4 provides overview of manual tunnels, 6to4, isatap, teredo, tunnel broker, dstm
[06:48:04] <dthaler> BCNF used for configured tunnels
[06:48:23] <dthaler> 6to4 widely implemented, but only useful when cannot get a native v6 prefix
[06:48:33] --- StrUk has joined
[06:48:36] <dthaler> lots of enterprises looking at isatap internally
[06:48:42] --- ma-kun has joined
[06:48:56] --- peter has joined
[06:49:02] <dthaler> teredo used in cases with NATs
[06:49:07] --- remowilliams has joined
[06:49:16] <fred> Perhaps more to the point, 6to4 propagates the IPv4 route table into IPv6. Some people find that useful, but nobody really likes it.
[06:50:06] <dthaler> (that's not quite true... as specified in the RFC you shouldn't do that. some people might anyway, but it's not per spec)
[06:50:07] --- peter has left: Replaced by new connection
[06:50:15] --- brabson has left: Disconnected
[06:50:37] --- WH has joined
[06:51:13] --- tskj has joined
[06:51:25] --- brabson has joined
[06:51:55] <dthaler> no comments from the floor
[06:52:39] --- rpayne has joined
[06:52:58] <dthaler> next up Gunter Van de Velde on draft-ietf-v6ops-nap-01.txt
[06:53:16] <dthaler> passed last call, some issues raised
[06:53:35] <dthaler> draft covers perceived benefits of nat and what the IPv6 alternatives are
[06:54:30] --- nm has left: Replaced by new connection
[06:54:30] --- nm has joined
[06:54:31] --- nm has left
[06:54:33] <dthaler> needs external review from NAT community
[06:54:57] --- nm has joined
[06:55:07] <dthaler> Section 6: IPv6 Gap Analysis is now out of date with respect to new standards
[06:56:22] <dthaler> want to soften language about NATs, e.g. remove word "evil"
[06:58:11] --- Jim has left
[06:58:48] <dthaler> open question: is /128 on an interface legal?
[06:59:34] <dthaler> fred baker: knows of some cases where they're used, usually on virtual hosts
[06:59:36] --- ggm has joined
[07:00:14] <dthaler> no other comments
[07:00:38] <ggm> <can anybody see geoff huston in the room please?>
[07:00:51] <kurtis> Not from teh stage...
[07:01:19] <dthaler> now up Elwyn Davies on security overview draft
[07:01:23] --- ripple has joined
[07:01:49] <dthaler> moved ICMPv6 filtering to a separate draft
[07:02:26] <dthaler> this is draft-ietf-v6ops-security-overview-02.txt
[07:02:30] <dthaler> ready for IETF last call
[07:03:01] <dthaler> no comments from floor
[07:03:22] <dthaler> now draft-davies-v6ops-icmpv6-filtering-bcp-00.txt
[07:04:12] <dthaler> some parts of ICMPv6 are essential to establishing communication
[07:04:34] <dthaler> some messages can be a threat to open networks
[07:07:03] <dthaler> cannot blindly filter ICMPv6
[07:07:20] <dthaler> need to filter on type, address type and scopes
[07:07:29] <dthaler> also look at code field
[07:08:18] --- pigdog has joined
[07:08:46] <dthaler> still missing - doesn't talk about types 141-2, 148-153
[07:09:49] <dthaler> Q to floor: should the WG accept this as a work item?
[07:10:00] --- arifumi@jabber.org has left: Logged out
[07:11:06] <dthaler> Pekka Savola: useful, borderline whether ietf or elsewhere. Don't know whether we have sufficient info to go BCP vs Informational
[07:11:50] <dthaler> David Kessens: up to WG to decide. personal preference is Informational
[07:12:25] <dthaler> Alain Durand: important to get people to stop filtering all ICMPv6
[07:12:38] --- ggm has left
[07:13:17] <dr> oh, alain durand lives? his personal email addr was bouncing for weeks... is alain here on Jabber by chance?
[07:13:29] --- ryanczak has joined
[07:13:36] <dthaler> Ariel Silverstone: go straight to BCP
[07:14:14] <dthaler> humming poll
[07:14:39] <dthaler> more humming for BCP than Info, but apparently unamimous hums for accept as work item
[07:15:17] <dthaler> next update to be draft-ietf-v6ops...
[07:15:55] <dthaler> next up Pekka Savola on draft-ietf-v6ops-ipsec-tunnels-00.txt
[07:16:03] <dthaler> using IPsec to secure v6-in-v4 tunnels
[07:16:30] <dthaler> draft-ietf-v6ops-mech-v2 was low on IPsec detail, but details are lengthy so put into this document
[07:16:32] <pigdog> ...?
[07:16:55] <dthaler> issue tracker at http://www.netcore.fi/pekkas/ietf/temp/ipsec-tunnels.html
[07:18:05] <dthaler> biggest change in this version is to protect all tunnel traffic, removed section on EAP (out of scope)
[07:18:24] --- peter has joined
[07:18:37] <dthaler> 3 ways to protect tunnel: transport mode, tunnel mode w/ generic ::/0 <-> ::/0 selectors (tunnel modeled as an interface), or
[07:18:41] --- ripple has left: Replaced by new connection
[07:18:51] <dthaler> tunnel mode with specific selectors (tunnel is not an interface)
[07:18:59] --- ripple has joined
[07:19:08] <dthaler> third one not recommended
[07:19:50] --- pigdog has left
[07:21:01] <dthaler> no other comments
[07:21:29] --- dudi has left: Replaced by new connection
[07:21:32] --- dudi has joined
[07:22:01] <dthaler> next up Jordi Palet on draft-ietf-v6ops-bb-deployment-scenarios-03.txt
[07:22:28] <dthaler> goal is to cover broadband technologies, raise IPv6 issues, and give gap analysis
[07:22:32] --- laurent.vreck has joined
[07:23:20] --- arifumi@jabber.org has joined
[07:23:43] <dthaler> last call was completed
[07:25:34] <dthaler> Alain Durand: (now working for a cable operator), section 6.2.1 and 6.2.2 should be merged, gives reader a headache. Second, DOCSIS3.0 is very relevant to these scenarios, good to have some synchronization but currently some discontinuities
[07:25:43] <dthaler> Fred Baker: what is timeframe
[07:26:03] <dthaler> ?: timeframe is not public at this time
[07:26:23] <dthaler> Fred Baker: folks with access can work with Jordi and help get it right
[07:28:11] <dthaler> ?: all of the sections in the doc around cable modem management section will be moot
[07:28:53] <dthaler> ? = someone from cablelabs
[07:29:22] <dthaler> Alain Durand: time is of the essence
[07:31:17] <dthaler> Tony Hain: some scenarios can be addressed without upgrading equipment and those need to be addressed in this doc, without waiting for cablelabs
[07:31:27] --- rune has left: Replaced by new connection
[07:31:29] --- ryanczak has left: Replaced by new connection
[07:32:19] --- rune has joined
[07:32:23] --- nm has left: Replaced by new connection
[07:32:24] --- nm has joined
[07:32:24] --- nm has left
[07:32:37] --- ryanczak has joined
[07:32:38] --- nm has joined
[07:32:52] <dthaler> Fred Baker: hearing that doc needs an update, but wisest to delay and get it right
[07:33:12] <dthaler> ? = John Francois
[07:33:38] --- mikemlb has left: Disconnected
[07:33:45] --- howard218 has joined
[07:33:52] <dthaler> next doc: draft-vives-v6ops-distributed-security-framework-00.txt
[07:33:54] --- tskj has left: Disconnected
[07:34:59] <dthaler> analyze network-based security model, introduce host-based security model
[07:35:28] <dthaler> the latter is complementary to the former
[07:35:28] --- ma-kun has left: Lost connection
[07:36:03] <dthaler> considering starting a BOF so not asking for it to be a WG doc
[07:36:53] <dthaler> discussion of drafts is now done, now discussion of renumbering
[07:37:17] <dthaler> Ralph Droms on "Operational Experience in IPv6 Network Renumbering"
[07:37:48] <dthaler> with others to present the "real work"
[07:38:52] <dthaler> project jointly sponsored by cisco and 6NET
[07:39:29] <dthaler> goal was to gain operational experience
[07:39:43] <dthaler> 5 docs came out
[07:40:54] --- ripple has left: Disconnected
[07:41:11] <dthaler> now summaries from 5 participating orgs
[07:44:39] <dthaler> Thorsten Kuefer - JOIN/University of Muenster (Germany)
[07:46:51] --- laurent.vreck has left
[07:46:57] <dthaler> some specs don't yet working implementations yet
[07:47:05] --- laurent.vreck has joined
[07:47:30] --- ggm has joined
[07:47:45] <dthaler> project tested procedure from RFC 2072 and Baker's draft
[07:48:11] <dthaler> had to manually change prefixes since no implementation of rtr renumbering spec
[07:48:28] <dthaler> required lots of manual work for DNS and BGP
[07:48:42] --- ryanczak has left
[07:49:54] <dthaler> reports on 6NET web site http://www.6net.org
[07:49:55] --- torus has left: Lost connection
[07:50:02] --- Yoshifumi Atarashi has joined
[07:50:23] --- howard218 has left: Replaced by new connection
[07:50:31] --- howard218 has joined
[07:51:20] <dthaler> http://www.6net.org/publications/deliverables/D3.6.1.pdf and http://www.6net.org/publications/deliverables/D3.6.2.pdf
[07:51:26] <dthaler> Tim Chown
[07:51:47] <dthaler> applied draft-ietf-v6ops-renumbering-procedure-05
[07:52:03] <dthaler> found text to be correct, generally works well
[07:52:13] --- arifumi@jabber.org has left
[07:52:40] --- ryanczak has joined
[07:52:46] --- arifumi@jabber.org has joined
[07:53:03] <dthaler> RFC3484 implementations work well when one prefix is deprecated, but less so when had 2 preferred prefixes with equal preference
[07:53:19] --- torus has joined
[07:53:26] <dthaler> some hosts (OS/X, BSD, Linux) still send data with old source addr even after marked invalid
[07:53:54] --- ma-kun has joined
[07:54:54] <dthaler> important to catch all uses of address literals
[07:55:04] <dthaler> no sites spoken to had an inventory of them
[07:55:22] <dthaler> useful to have tools to look for, e.g. netflow
[07:55:30] <dthaler> management of the process is clumsy, lots of manual config
[07:56:36] <dthaler> Solaris offers a host token feature - can configure just host part (64 bits) of the interface address
[07:56:55] <dthaler> didn't use A6, might have helped
[07:57:03] <StrUk> ... i hacked the net-dev stack on stock linux to introduce tokenised IIDs, too. worked a dream
[07:58:29] --- dthaler has left: Replaced by new connection
[07:58:31] --- nm has left: Replaced by new connection
[07:58:31] --- nm has joined
[07:58:31] --- nm has left
[07:58:35] --- dthaler has joined
[07:58:36] --- dthaler has left: Disconnected
[07:58:36] --- laurent.vreck has left
[07:58:51] --- Yoshifumi Atarashi has left: Replaced by new connection
[07:58:52] --- Yoshifumi Atarashi has joined
[07:58:53] --- dthaler has joined
[07:58:54] --- dthaler has left: Disconnected
[07:59:02] --- jeroen has left
[07:59:11] --- brabson has left: Replaced by new connection
[07:59:16] --- brabson has joined
[07:59:17] --- fred has left: Lost connection
[07:59:28] --- dthaler has joined
[07:59:30] --- dthaler has left: Disconnected
[08:00:16] --- dthaler has joined
[08:00:18] --- nm has joined
[08:00:19] --- dthaler has left: Disconnected
[08:00:28] --- laurent.vreck has joined
[08:00:40] --- dthaler has joined
[08:00:42] --- dthaler has left: Disconnected
[08:01:18] --- dthaler has joined
[08:01:18] --- dthaler has left: Disconnected
[08:01:51] --- dthaler has joined
[08:02:12] <dthaler> <keep getting disconnected from jabber so missed some>
[08:02:18] --- arifumi@jabber.org has left: Logged out
[08:02:26] <dthaler> now up Jerome Durand, RENATER
[08:02:49] <dthaler> RENATER already renumbered 3 times, took 1 year each time
[08:03:41] <dthaler> RR can't do DNS mods, firewall, DHCPv6, hard-coded IPv6 addrs, internet registries interaction, management, rollback
[08:04:09] <dthaler> NetSV monitors the renumbering
[08:04:28] <dthaler> daemon needed on monitored hosts
[08:05:17] <dthaler> everything gets easier when have good manament facilities (v6 flow monitoring, uRPF check, MIBs)
[08:05:52] <dthaler> Ralph Droms now summarizing on behalf of 2 participants who couldn't be here
[08:06:20] <dthaler> impact of renumbering on network management tools
[08:07:06] <dthaler> PNSC looked at 2 popular tools, try renumbering while its being managed
[08:08:23] <dthaler> INRIA did a similar study but used a variety of tools
[08:09:57] <dthaler> Alain Durand: don't reopen A6 discussion, but need to understand what tools we need and lots of value in understanding this
[08:10:19] --- ripple has joined
[08:10:41] <dthaler> Durand question to Tim Chown: did you leave IPv4 on the network being renumbered? or was it a safety net that could be used as management plane
[08:11:02] <dthaler> Tim Chown: separate v6-only routing infrastructure but v4 was available on hosts and was not renumbered
[08:11:22] --- peter has left
[08:11:30] --- amynovember has joined
[08:12:01] <dthaler> Tim Chown: if you get v4 and v6 from same provider, can't keep renumbering events separate
[08:12:31] <dthaler> Erik Nordmark to Tim Chown: you used netflow to catch things left behind, was this by design?
[08:12:54] <dthaler> ?: it was a hack not by design
[08:13:17] <dthaler> Erik Nordmark: if it's useful, might be good to add to the procedures
[08:13:29] <StrUk> ? == Mark Thompson, UoSouthampton
[08:14:25] <dthaler> Tim Chown: didn't evaluate issues with ingress/egress filtering since renumbered to a different prefix within same /48
[08:14:42] --- suz has joined
[08:17:34] <dthaler> ??: from experience, DHCPv6 prefix delegation works well to renumber a small (e.g. home) environment
[08:19:24] <dthaler> Jerome Durand: for updating routers in large environments, don't necessarily need a protocol just better tools/scripts. Identify interfaces not local addresses in scripts.
[08:20:00] --- dr has left
[08:20:00] --- dr has joined
[08:21:54] <mo7sen>
[08:21:56] <dthaler> Stig Venaas: (on the use of newly-declared invalid addresses) also if you manually remove an address from an interface, packets will continue to go out from existing sockets
[08:22:26] <dthaler> Ralph Droms now summarizing
[08:22:42] <StrUk> I think ?? was Iljitsch Van Beihnum
[08:22:50] <StrUk> *Beijnum
[08:23:32] <dthaler> next steps: could republish renumbering procedures as BCP, could start a follow-up WG, ...
[08:23:55] --- arifumi@jabber.org has joined
[08:24:13] <dthaler> Alain Durand: if main work is needed on tools not protocols, then IETF might not be the right place
[08:25:02] <dthaler> Fred Baker: from Jerome, sounds like RR protocol doesn't solve enough of the problem
[08:25:51] <dthaler> Fred Baker: one vendor said it didn't solve enough of the problem to be worth implementing
[08:26:31] <dthaler> Ralph Droms: still have to go to the routers to change other stuff. should it be deprecated?
[08:28:21] <dthaler> Erik Nordmark: if RR doesn't do it, what about a generalization of symbolic tokens in place of prefixes
[08:28:44] <dthaler> Ralph Droms: also add/drop at a given time, instead of just change now
[08:29:54] <dthaler> ... discussion between Ralph, Fred, Erik on this becoming a general issue, like the NETCONF WG
[08:30:40] --- ripple has left
[08:30:53] <dthaler> ???: would be nice to have an informational requirements doc for tools vendors
[08:31:06] --- tskj has joined
[08:31:15] --- brabson has left
[08:32:22] <dthaler> Fred Baker: heard a call for reqts doc for vendors, heard a call to update procedures doc and make BCP, ...
[08:33:14] <dthaler> Tim Chown to look at existing doc in RFC-ed queue and make a recommendation to WG as to whether it's adequate as is for BCP or not
[08:33:55] <dthaler> notice: demo of IPMS using v6 in terminal room
[08:34:01] <dthaler> we are now done
[08:34:11] --- kurtis has left
[08:34:13] --- howard218 has left
[08:34:13] <StrUk> where is this demo?
[08:34:27] --- ryanczak has left
[08:34:33] --- Bob has left
[08:34:34] --- laurent.vreck has left
[08:34:41] --- nm has left
[08:34:47] <dthaler> just said "in the terminal room" (which is next to registration)
[08:34:55] <StrUk> ah. going deaf. thnx
[08:34:57] --- StrUk has left
[08:35:09] --- rune has left
[08:35:14] --- torus has left
[08:35:21] --- suz has left
[08:35:40] --- rpayne has left
[08:35:54] --- arifumi@jabber.org has left: Logged out
[08:35:55] --- dthaler has left
[08:36:21] --- tskj has left
[08:38:21] --- amynovember has left
[08:38:28] --- ma-kun has left
[08:42:05] --- dudi has left: Replaced by new connection
[08:42:06] --- dudi has joined
[08:42:40] --- dudi has left
[08:45:50] --- ggm has left: Disconnected
[08:50:01] --- dr has left
[08:51:45] --- Yoshifumi Atarashi has left: Disconnected
[08:52:13] --- FDupont has left: Disconnected
[08:54:11] --- WH has left: Disconnected
[08:56:35] --- mo7sen has left: Disconnected
[09:18:21] --- Yoshifumi Atarashi has joined
[09:18:41] --- Yoshifumi Atarashi has left
[09:26:26] --- ma-kun has joined
[09:27:41] --- ma-kun has left
[12:18:45] --- remowilliams has left: Disconnected
[12:21:14] --- laurent.vreck has joined
[12:27:42] --- laurent.vreck has left