IETF
v6ops
v6ops@jabber.ietf.org
Tuesday, November 11, 2014< ^ >
Dave Thaler has set the subject to: v6ops IETF 91
Room Configuration
Room Occupants

GMT+0
[00:04:05] BillC joins the room
[00:04:21] Ole Troan joins the room
[00:10:10] Ole Troan leaves the room
[00:20:20] Dan York joins the room
[00:37:09] Erik Nygren leaves the room
[00:51:49] Lee Howard leaves the room
[00:53:13] dudisaki leaves the room
[00:58:06] Dan York leaves the room
[01:08:21] BillC leaves the room
[01:09:41] Andrew Sullivan joins the room
[01:11:10] Ole Troan joins the room
[01:15:40] Lee Howard joins the room
[01:20:41] Dan York joins the room
[01:22:50] Dave Thaler joins the room
[01:22:53] Meetecho joins the room
[01:23:04] <Dave Thaler> What, the meeting wasn't moved to the beach?!?
[01:23:38] <Dave Thaler> How are we supposed to boil the ocean now? :)
[01:25:46] fdupont joins the room
[01:25:52] <Lee Howard> Fernando Gont presenting on IPv6 Extension Headers in the Real World <https://tools.ietf.org/html/draft-gont-v6ops-ipv6-ehs-in-real-world>
[01:25:59] <Lee Howard> "Problem Statement"
[01:26:03] Atarashi Yoshifumi joins the room
[01:26:19] <Lee Howard> Would anyone be willing to scribe for us?
[01:28:08] <Lee Howard> "Goals of our Internet Draft"
[01:29:24] Erik Nygren joins the room
[01:29:53] <Lee Howard> "Filtering of packets with IPv6 EHs"
[01:30:01] Suz joins the room
[01:31:33] <Lee Howard> "General Implications of IPv6 EHs"
[01:32:15] <Lee Howard> "Sec. Impl. of Widespread Filtering"
[01:32:50] <Lee Howard> Fred Baker asking a question
[01:33:24] Franck Martin joins the room
[01:33:50] <Suz> peter lothberg at the mic
[01:34:00] <Lee Howard> Peter Lothberg at the mic
[01:35:27] <Lee Howard> oh, you said that
[01:36:31] <Suz> :)
[01:36:59] <Suz> Franck Martin
[01:37:36] <Suz> Fred Templeton (?)
[01:37:50] <Suz> Mark Andrews
[01:37:55] <Lee Howard> Templin
[01:38:01] <Suz> ty
[01:40:40] <Suz> Franck Martin
[01:41:48] <Suz> Sec Impl of Widespread Filtering (2)
[01:42:23] <Suz> Peter Lothberg question
[01:42:38] <Suz> "Specific Attack Scenario: BGP"
[01:44:44] <Suz> Dave Thaler
[01:46:08] <Suz> "Feedback to Other WGs"
[01:46:37] <Suz> Fred Baker comment
[01:47:23] <Suz> Tony Hain
[01:47:28] <Suz> offes to send data!
[01:48:50] <Suz> Fred Templin
[01:49:10] <Suz> didn't catch speaker's name, sorry….
[01:50:39] <Suz> Mike Ackerman
[01:51:37] <Suz> Nalini Elkins (and Mike Ackerman, again)
[01:52:42] <Suz> Jen Linkova
[01:53:22] Geoff Huston joins the room
[01:53:38] <Suz> Nalini Elkins
[01:55:23] <Suz> Peter Lothberg
[01:56:53] <Suz> 3 issues here: first, if we can't make ipv6 work as specified we need to fix it; not enough clear recommendations how to configure in compliance with the architecture; and measurements
[01:57:17] dudisaki joins the room
[01:58:03] <Suz> Joel Jaeggli, as an operator: real world constraints do cause frag drop, even if he doesn't apply policy, a fragment will end up on the wrong device and drop
[01:58:34] John Jason Brzozowski joins the room
[01:58:51] <Suz> Bob Hinden: don't support the suggested feedback that relying on IH will break in the internet
[01:59:16] Franck Martin leaves the room
[02:00:08] <Suz> Cameron Byrne: interested in observational findings in the draft, has questions about methods/validity e.g. what about servers with operational policy that if it's not expected, drop it?
[02:00:16] Franck Martin joins the room
[02:01:28] <Suz> "Moving Forward"
[02:02:34] <Suz> Merike Kaeo
[02:04:40] <Lee Howard> Is Fred drifting from the mic, or is he okay?
[02:05:03] <Suz> drifting a little
[02:05:35] <Suz> Fred: 2 questions: what do the data really say, so more is better (per Tony Hain, etc.) Second, so what? i.e. what should we do about it
[02:06:04] <Suz> not comfortable recommending "don't rely on EHs to work in the internet"
[02:07:03] <Suz> Peter Lothberg: just move the packets as fast as possible, don't want to look at it, etc. If I can't do that with a protocol compliant packet, my network is broken and I need help.
[02:07:26] <Suz> Fred Baker: would the WG like to see a data development study as a WG item?
[02:08:10] <Suz> weak hum for yes, weak hum for no. Fred asks for further development of data study
[02:08:51] <Suz> Fred: dowe want to have a draft on configuring proper service? Yes: audible hum No: faint/no hum.
[02:09:00] <Suz> Asks Fernando to work on that too
[02:09:35] <Suz> Fred: Data is one document, the "so what?" guidance is another. We're asking for both.
[02:11:11] <Lee Howard> Design Choices for IPv6 Networks <https://tools.ietf.org/html/draft-ietf-v6ops-design-choices>
Victor Kuarsingh presenting
[02:11:14] <Lee Howard> "Progress"
[02:11:49] <Suz> Status - 1
[02:13:18] <Suz> "Status - 2"
[02:14:36] <Suz> "Status - 3"
[02:15:37] <Suz> "Status - 4"
[02:16:30] <Suz> "Status - 5"
[02:16:30] Andrew Sullivan leaves the room
[02:16:52] <Suz> Seeking additional comments, or are we ready for last call?
[02:16:55] Andrew Sullivan joins the room
[02:17:33] <Suz> Dave Thaler at the mic: scope of abstract/title and content don't quite match, cross the gap with other doc references?
[02:18:01] Andrew Sullivan joins the room
[02:18:17] Andrew Sullivan leaves the room
[02:18:17] Peter Koch joins the room
[02:18:32] <Suz> referring to other documents may be easier than surgically altering the abstract to match the current actual scope
[02:18:35] Andrew Sullivan joins the room
[02:18:46] <Suz> Also security considerations still TBD, so not really ready for WGLC
[02:18:47] Andrew Sullivan leaves the room
[02:20:03] <Suz> Discussion of what's missing, Dave suggests a few key references including ULA
[02:20:21] <Suz> Jen Linkova: +1 to Dave
[02:20:59] <Suz> suggests also attention to more use cases
[02:22:31] Geoff Huston leaves the room
[02:23:09] <Suz> Victor: how much to document what's broken? some suggested language etc.
[02:23:22] <Suz> ?? didn't catch name, sorry
[02:23:41] <Suz> WGLC ASAP, otherwise document may just grow out of control, keep it tight
[02:24:19] <Lee Howard> that was Eric Vyncke
[02:24:24] <Lee Howard> this is Francis Dupont
[02:24:35] <Suz> Francis Dupont: refers to RFC 2525, should include that reference
[02:25:20] <Suz> Jen Linkova: ask community for more questions/issues to include
[02:25:56] <Dave Thaler> Eric Vyncke recommended changing title to be specific to routing choices.   Still need security considerations (e.g. design choices around security, even if just for routing) before can do WGLC.
[02:27:02] <Suz> Fred Baker: about on time, now "lightning talks"
[02:27:26] <Suz> A Special Purpose TLD to resolve IPv4 Address Literal on DNS64/NAT64 environments <https://tools.ietf.org/html/draft-osamu-v6ops-ipv4-literal-in-url>
[02:27:35] <Suz> "Change Log"
[02:28:34] <Suz> "Issues for v6ops Community"
[02:29:21] <Suz> "Toward discussion in DNSOP"
[02:30:22] Dan Wing joins the room
[02:30:25] <Suz> Fred: TLD is DNSOP problem, a .arpa delegation is under IAB
[02:31:02] <Suz> IPv4 literals a problem with IVI translation
[02:31:07] <Dave Thaler> Xing is not in Honolulu (visa delay issue)
[02:31:17] <Suz> anyone else seeing issues?
[02:31:41] <Suz> Dan Wing: ran tests years ago, checked again 6 months ago ,there are still sites using IPv4 literals.
[02:31:49] <Suz> Not just HTTP URIs
[02:32:36] <Suz> Andrew Sullivan: I think this is a bad idea, because NAT64/DNS64 wasn't intended to solve all problems and we knew it wouldn't solve this one. Strongly opposed to a TLD for it.
[02:32:38] dudisaki leaves the room
[02:34:09] <Suz> Joel Jaeggli: have seen embedded IPv4 literals in applications, so yes this is broken. These get buried in funny places. There's a user interface disaster here and this may well not help. Also think about impact on usability of SSL.
[02:34:34] <Suz> Maybe the best solution is not to accommodate this particular problem.
[02:35:10] Erik Nygren leaves the room
[02:35:43] <Suz> Dave Thaler: does draft-02 answer all of IETF 90 questions? HTTP cookies now covered. DNSSEC doesn't work, which isn't mentioned in this draft. Why not 464xlat also not addressed in this draft
[02:36:47] John Jason Brzozowski leaves the room
[02:36:54] <Suz> Eric Nygren: cookie issue belongs in Security Considerations. And, if we want to do this for v4, we should consider one for v6, even though it's ugly, because a converted v4 literal dependent application may have to do the same in v6.
[02:37:17] <Suz> Cameron Byrne: proof of concept built?
[02:37:22] <Suz> Yes, it's been teste
[02:37:39] Erik Nygren joins the room
[02:38:12] Mark Townsley joins the room
[02:38:17] <Suz> Cameron: tried it out, found a lot of web servers may have problems with this in Apache config
[02:39:08] <Andrew Sullivan> BTW, the "numeric" approach outlined in section 4.6.3 of this draft appears not to be allowed by _at least_ operational practice of DNS
[02:39:20] <Suz> Cameron: can we explicitly say we want IPv4 literals to go away>
[02:40:29] <Suz> Joel Jaeggli: referrer URL case that breaks is when the expectation is the IPv4 literal and not the proposed full name, there's a corner case
[02:40:52] <Suz> Considerations on IPv6-only DNS Development <https://tools.ietf.org/html/draft-song-sunset4-ipv6only-dns>
[02:41:09] <Suz> Presented here instead of sunset4
[02:41:45] <Suz> "Context of IPv6-only"
[02:42:02] <Suz> (sunset4 charter)
[02:42:17] <Suz> "Real Use Cases"
[02:42:24] <Suz> "Motivation"
[02:43:05] John Jason Brzozowski joins the room
[02:44:13] <Suz> "DNS Proxy in IPv6 Only Network"
[02:45:44] <Suz> "Pitfalls of Proxy"
[02:47:42] <Suz> "Another case of DNS Inertia"
[02:48:45] <Franck Martin> did we just speak about EH and DNS?
[02:49:55] <Franck Martin> so EDNS can send all the data in one go
[02:50:18] <Suz> "DNS64 in IPv6-only Network"
[02:51:09] <Andrew Sullivan> "Android is broken.  This is a problem"
[02:51:22] <Andrew Sullivan> EDNS0 is way over 10 years old
[02:51:38] <Andrew Sullivan> if Android can't ship a resolver that can speak it, then it's broken
[02:51:49] <Franck Martin> agreed
[02:52:09] <Suz> Android is hardly alone in this brokenness though. DNSOP tomorrow will include some stats on EDNS0 uptake
[02:52:37] iljitsch joins the room
[02:52:40] <Suz> Mark Andrews: IPv6 nodes required to support EDNS0
[02:53:06] <Franck Martin> EDNS0 can request a 1400 response (which is better than 512) and does not require fragments
[02:53:17] <Suz> 512 bytes not really a limit
[02:54:25] <iljitsch> is there a problem when non-EDSN0 NAT64 responses are truncated? There should still be at least one fake AAAA record in there
[02:54:31] <Suz> Erik Kline: evidence EDNS0 generally works between reoslvers and auth servers?
[02:55:18] <Franck Martin> Myth, fragmented packets are a security risk ?
[02:55:18] <Suz> Mark Andrews: has done testing, offers to share data, exactly one auth server he can find that doesn't return > 512
[02:55:40] <Suz> Cameron Byrne: risk is not root and TLD servers, it's the fan out further down the DNS hierarchy
[02:55:40] John Jason Brzozowski leaves the room
[02:56:22] <Suz> Cameron: Request for work from DNSOP "or whoever "to implement a EDNS0 Happy Eyeballs. Perception that it's broken.
[02:56:45] <Suz> Mark Andrews: just insure new devices do the right thing with bigger packets
[02:57:21] Markus de Bruen joins the room
[02:59:04] <Suz> Andrew Sullivan: there are endpoints that can't do EDNS0, but DNS messages are getting bigger for good reasons, and we can't keep stacking kludges any deeper
[02:59:39] John Jason Brzozowski joins the room
[02:59:58] <Suz> Adding more discovery/clue adds latency, which is just not acceptable for applications that rely on larger packets
[03:00:40] <Suz> Middleboxes that drop >512 are just broken and we warned them before
[03:01:09] <Suz> Fred Baker: this sounds like someone should tell people to use a bigger assumed size
[03:01:18] <Suz> Andrew: been there, done that (RFC 6891)
[03:01:56] <Franck Martin> The issue is to get someone in authority to say fragmented packets are not a security risk
[03:02:23] <Suz> Erik Kline: Android has to consider home CPE, etc.
[03:03:18] Peter Koch leaves the room
[03:03:40] <iljitsch> if everyone else does EDNS0, why would that be a problem for Android?
[03:03:44] <iljitsch> Especially on v6
[03:03:44] <Suz> Cameron Byrne: deja vu all over again re: Andrew's comments
[03:03:50] <Franck Martin> or to ask DNS in IETF to define DNS without the need of fragmented packets
[03:03:56] Dan York joins the room
[03:04:23] <Andrew Sullivan> We did define DNS without the need of fragmented packets: use TCP or EDNS0
[03:04:30] <iljitsch> you can set your EDNS0 size to > 512 but < MTU
[03:04:46] <Andrew Sullivan> You totally should set < MTU
[03:04:56] <Andrew Sullivan> 1280 or so is generally plenty
[03:04:58] <Suz> Current Presentation: NFV
[03:05:01] <iljitsch> BIND doesn’t/didn’t
[03:05:08] <Franck Martin> iljitsch: yes, but this requires tunning
[03:05:11] <Andrew Sullivan> That was a bug that's been fixed
[03:05:13] <iljitsch> famous last words
[03:05:50] <Franck Martin> https://www.dns-oarc.net/oarc/services/replysizetest
[03:06:16] <Suz> (can't find current preso online, sorry)
[03:06:28] <iljitsch> sigh
[03:06:37] <Lee Howard> We did not receive these slides in advance.
[03:06:39] <iljitsch> Why do we waste time on this?
[03:07:08] <iljitsch> we need an Internet Stuff That’s Legal But Breaks Task Force (ISTLBBTF) so the IETF can do real work
[03:07:15] <Suz> Lee, understood
[03:08:43] iljitsch leaves the room
[03:09:25] <Lee Howard> Apparently, we also need Required But Not Supported (RBNS).
[03:15:47] <Suz> Fred Baker: Encouraging further discussion of Openstack work on IPv6 deployment, look for drafts, will take further discussion to the mailing list
[03:15:59] Markus de Bruen leaves the room
[03:16:20] <Andrew Sullivan> Also, perhaps, Not How I Did It reqirement?
[03:16:53] <Suz> And…..we're done. Thanks all!
[03:17:01] Andrew Sullivan leaves the room
[03:17:03] Lee Howard leaves the room
[03:17:17] Dan York leaves the room
[03:17:17] fdupont leaves the room: Computer went to sleep
[03:17:47] Suz leaves the room
[03:18:56] Dan Wing leaves the room
[03:20:35] BillC joins the room
[03:20:41] BillC leaves the room
[03:20:47] John Jason Brzozowski leaves the room
[03:22:57] Erik Nygren leaves the room
[03:24:29] Meetecho leaves the room
[03:27:14] Erik Nygren joins the room
[03:29:47] Dan York leaves the room
[03:32:16] Mark Townsley leaves the room
[03:34:41] Erik Nygren leaves the room
[03:38:54] ilari.liusvaara leaves the room: offline
[03:49:01] Mark Townsley joins the room
[03:53:29] Lee Howard joins the room
[04:01:06] Lee Howard leaves the room
[04:01:44] Atarashi Yoshifumi leaves the room
[04:19:07] Mark Townsley leaves the room
[04:24:38] Ole Troan leaves the room
[04:41:59] Franck Martin leaves the room
[04:51:14] Lee Howard joins the room
[04:54:00] Franck Martin joins the room
[04:54:29] Franck Martin leaves the room
[04:58:12] Suz joins the room
[04:58:21] Suz leaves the room
[04:59:44] Erik Nygren joins the room
[04:59:46] Ole Troan joins the room
[05:01:33] Dave Thaler leaves the room
[05:29:27] Lee Howard leaves the room
[05:29:46] Mark Townsley joins the room
[05:33:05] Lee Howard joins the room
[05:37:12] Peter Koch joins the room
[05:44:32] Ole Troan leaves the room
[05:44:38] Peter Koch leaves the room
[05:44:43] Mark Townsley leaves the room
[05:44:51] Lee Howard leaves the room
[05:45:18] Erik Nygren leaves the room
[06:55:00] Ole Troan joins the room
[06:55:16] Ole Troan leaves the room
[08:23:34] John Jason Brzozowski joins the room
[08:33:49] John Jason Brzozowski leaves the room
[09:17:13] Erik Nygren joins the room
[09:22:24] Mark Townsley joins the room
[09:33:40] Erik Nygren leaves the room
[15:28:53] Lee Howard joins the room
[15:36:27] John Jason Brzozowski joins the room
[15:44:37] Lee Howard leaves the room
[15:46:10] Lee Howard joins the room
[15:47:53] John Jason Brzozowski leaves the room
[16:04:33] John Jason Brzozowski joins the room
[17:02:53] John Jason Brzozowski leaves the room
[17:23:16] John Jason Brzozowski joins the room
[17:38:54] John Jason Brzozowski leaves the room
[17:41:13] Erik Nygren joins the room
[18:09:50] Lee Howard leaves the room
[18:37:46] Mark Townsley leaves the room
[18:37:46] Mark Townsley joins the room
[18:37:47] Mark Townsley leaves the room
[18:49:14] John Jason Brzozowski joins the room
[18:53:05] Erik Nygren leaves the room
[19:03:55] Lee Howard joins the room
[19:07:33] Lee Howard joins the room
[19:07:34] Lee Howard leaves the room
[19:13:14] Erik Nygren joins the room
[19:31:59] Mark Townsley joins the room
[19:34:06] Mark Townsley joins the room
[19:34:22] Mark Townsley leaves the room
[19:37:57] Dan Wing joins the room
[19:38:10] Dan Wing leaves the room
[20:00:32] Lee Howard leaves the room
[20:00:55] John Jason Brzozowski leaves the room
[20:02:28] John Jason Brzozowski joins the room
[20:06:13] Mark Townsley leaves the room
[20:06:55] John Jason Brzozowski leaves the room
[20:25:06] Lee Howard joins the room
[20:30:18] Mark Townsley joins the room
[20:32:23] Mark Townsley leaves the room
[20:34:16] Erik Nygren leaves the room
[20:35:26] John Jason Brzozowski joins the room
[20:45:22] Erik Nygren joins the room
[20:50:21] Lee Howard leaves the room
[20:54:52] Mark Townsley joins the room
[21:30:28] Erik Nygren leaves the room
[21:30:35] Mark Townsley leaves the room
[21:32:26] John Jason Brzozowski leaves the room
[21:55:42] Erik Nygren joins the room
[21:55:42] Erik Nygren leaves the room
[22:12:18] Erik Nygren joins the room
[22:15:23] Erik Nygren leaves the room
[22:15:25] Erik Nygren joins the room
[22:21:27] Erik Nygren leaves the room
[23:17:26] John Jason Brzozowski joins the room
[23:39:26] John Jason Brzozowski leaves the room
[23:55:27] Erik Nygren joins the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!