►
From YouTube: IETF100-V6OPS-20171113-1330
Description
V6OPS meeting session at IETF100
2017/11/13 1330
https://datatracker.ietf.org/meeting/100/proceedings/
A
B
C
C
Michael
Abramson
is
our
jabber
scribe,
he's
sitting
next
to
the
front
Mike.
He
asks
that
as
you
approached
the
mic,
please
approach
the
front
mic,
so
he
can
see
your
nametag
and
please
have
it
visible
to
him
so
that
he
can
spell
your
name
correctly
and
Barbara
Stark
is
taking
notes
in
etherpad.
Thank
you
both
very
much
I
love
this
working
group,
because
I
didn't
even
have
to
ask
for
help.
People
came
up
to
me
before
the
meeting
started
and
offered
that's
fantastic.
C
One
of
the
things
some
of
things
some
of
you
may
have
noticed
is
the
v4
SSIDs
for
IETF
have
been
disabled
in
this
room.
You
might
see
some
leakage
from
those
SS
studies
from
the
adjacent
rooms.
Please
don't
use
them
because
that
you'll
be
stuck,
but
then
those
will
get
overloaded
and
performance
will
be
poor.
I
have
actually
just
accidentally
tested
this
and
determined
that,
in
fact,
performance
is
poor
for
me
on
the
IETF
main
SSID,
because
I'm
pulling
it
from
the
the
access
points
over
there.
I
didn't
mean
to
be
on
that
one.
C
So
that
is
just
for
this
room
and
just
for
the
duration
of
this
meeting,
everything
will
be
relabeled
after
we're
finished
here,
but
it
seems
like
this
would
be
a
good
place
to
do
this
experiment
here.
We
have
our
agenda
any
further
announcements,
all
right,
so
we
have
somebody
from
Cisco
is
gonna,
hear
you
are
good
speakers.
Please
stand
inside
the
pink
box.
That's
here
in
front
of
this
microphone
because
you're
on
camera
and
remote
participants
can't
see
you
if
you're
on
camera,
if
you're
outside
the
box.
D
All
right
good
afternoon,
everyone,
my
name,
is
Kelly
Javed
I,
am
part
of
Cisco
IT
and
worked
with
the
team
that
helped
deploy
ipv6
only
in
one
of
our
buildings
in
the
San
Jose
campus
I've
been
with
us
quietly
for
a
time
now
and
I
just
want
to
call
out
at
the
very
beginning.
This
is
my
first
ITF,
please
be
gentle.
D
D
So
we
are
just
like
any
other
large
enterprise
that
you
would
expect
to
find
I'm
not
going
to
count
out
each
of
these.
You
can
all
see
them,
but
roughly
we're
looking
at
about
5
million
IP
address
assignments.
Ida
may
not
be
live,
endpoints
their
allocation
assignments
and
that's
pulled
from
our
address
management
database
and
that's
the
kind
of
scale
be
looking
at
when
we're
talking
about
going
to
ipv6
only
or
dual
stacking
our
infrastructure.
D
D
D
D
You
know
it
was
juice
extended
everywhere,
but
there
were
areas
where
we
could
not
do
it
because
of
various
gaps.
Let's
say
in
the
products
or
in
in
the
way
we
were
doing
things.
There
are
some
pilot
deployments
that
we
have
not
taken
forward
and
those
include
the
extranet
and
the
Cisco
virtual
office,
which
is
basically
the
home
office
that
employees
are
using
to
access
the
cisco
corporate
network,
the
pilot,
CV
or
Cisco
virtual
office.
That's
done
it's
really
carrying
a
previous
external
inside
the
IPSec
VPN,
it's
not
native
ipv6.
D
On
the
external,
a
quick
overview
of
a
timeline
we
did
world
a,
we
did
well
launch
we're.
Looking
we've
done,
building
23
learning
lessons
from
them.
We
are
looking
to
go
out
and
develop
this
design
for
the
data
center
side
as
well.
It's
in
in
in
POC
stages,
right
now
for
a
v6,
only
data
center
hot
and
we're
focusing
on
getting
the
Train
training
and
development
off
for
the
teams,
specifically
the
application
developers
getting
them
awareness
around
the
need
to
develop
IP
agnostic
applications,
especially
as
we
move
towards
a
micro
services,
architecture
and.
D
Okay,
so
coming
over
to
building
23
in
San
Jose,
so
it
was
a
single
campus
building
that
was
targeted
for
both
wired
and
wireless
mobile
devices
as
well.
We
had
a
nat64
and
dns64
set
up
to
look
after
the
translation,
management
and
data,
so
the
bit
that
was
doing
out
to
be
a
six
only
was
also
being
managed
over
ipv6
and
it
included
all
the
unified
comms
applications
as
well.
D
D
D
D
We
are,
we
are
doing
dhcpv6
stateful
by
default,
and
slack
is
there
only
as
a
special
case
because
of
the
attribution
forensics
issues
that
sit
behind
privacy
addresses
there
like
I,
already
called
out
ERP
for
ipv6
and,
of
course,
not
x4
dns64,
some
stats
there
from
the
14th
of
October,
we
had
a
peak
of
500
users.
This
was
on
the
day
that
invited
everybody
to
come
on
in
and
log
on
to
the
ipv6
enabled
corporate
SSID
there.
It
took
us
three
months
to
do
the
entire
deployment.
That
means
it's
still
running.
It's
not.
D
We
ran
it
for
three
months
and
we
stopped
it
took
us
three
months
to
do
the
entire
deployment,
approximately
seven
to
eight
engineers
and
the
average
traffic
we
see
there
was
about
250
megabits
per
second.
This
is
on
the
northbound
links
from
the
from
the
café's
6500
pair
that
you
saw
there
approximately
32,000
nat64
translation
entries
in
the
boxes.
There.
D
This
is
chart
for
the
maxixe
for
translation
table
entries.
As
you
can
see,
we
peaked
at
32,000
proximately.
The
dips
are
obviously
the
weekends.
When
there's
nobody
in
there
I'll
call
out
why
we
couldn't
gather
it
under
SNMP.
We
were
using
a
script
because
it's
not
supported
there's
a
slide
on
that.
D
Okay
ipv6,
only
DC
is
still
in
the
PLC
stages,
single
port,
we're
targeting
based
on
our
ACI
fabric,
which
is
application,
centric
infrastructure
for
those
who
don't
know
we're
just
doing
the
data
plane.
Nat64
dns64,
of
course
we're
doing
a
combination
of
stateless
and
stateful
math
there,
and
if
there
is
budget,
we
intend
to
do
a
port
per
quarter,
starting
fi,
19,
again
subject
to
approval.
D
D
Okay,
I'll
come
over
to
the
issues
and
challenges
we
faced.
While
we
were
doing
this,
it
is
probably
something
that
you
guys
are
more
interested
in
and-
and
let
me
tell
you
it's
working
so
there's
nothing.
We
couldn't
work
around
right,
I'm,
just
calling
these
out,
because
yet
these
are
some
of
the
stumbling
blocks
that
we
had
to
find
a
way
around.
Any
connect
issues
on
the
Mac
only
resulting
from
some
software
problem
with
an
upgrade
and
a
code
fix.
This
was
resolved.
D
There's
apparently
no
babe,
no
map
for
extracting
translation
information
from
the
nat64
boxes,
so
we
filed
an
enhancement
effect
there,
but
I,
don't
know
what
can
be
done
about
that.
If
there's
no
standard
right,
we
had
an
issue
with
our
Cisco
TV
or
infinite
video,
which
was
an
acquisition
again.
It
was
a
back
end
up
that
fix
the
problem.
D
We
had
issues
with
jabber
clients.
Again
it
was
an
upgrade
to
version
12
of
the
CUC
and
the
Cisco
Unified
Communications
managed
to
call
manager
server
and
it
was
resolved
so
user
sitting
in
building
23
could
use
jabber.
They
could
use
Cisco
TV,
they
could
use
applications
wire.
The
nat64
to
connect
to
ipv4
only
applications
and
yeah
we
mean
on
the
day
we
had
a
war
room.
There
were
initial
issues,
but
everything
settled
after
that.
D
We
had
spark
that
was
also
working,
but
only
the
application.
The
web
enabled
side
of
spark.
The
web-based
date
was
not
working.
Webex
WebEx
has
an
IT
infrastructure
that
is
not
under
Cisco
IP
it
as
a
separate
IT
infrastructure
and
is
going
through
its
changes.
So
we
had
issues
there
because
the
load
balancer
was
quite
old
and
it
would
send
surveil
and
the
nat64
would
not
be
able
to.
You
know
synthesize
a
core
day,
but
again
it
is
the
GSS
upgrade
thing:
that's
going
to
resolve
our.
D
So
that's
that's
the
long
term
fix
and
this
only
happened
when
they
failed
over
to
a
data
center
that
was
not
ipv6,
enabled
versus
otherwise
ipv6
enabled.
Finally,
ipv4
literals.
We
had
engineer
sitting
there
who
were
using
ipv4
literals
to
get
to
their
labs
and
there's
no
fix
for
that
right,
so
I
mean
we
worked
around
by
coding.
Those
are
tv4
literals
with
dashes
into
the
DNS
servers
so
that
we
could
just
accommodate
them.
For
the
time
being,.
D
Right
so
privacy
extensions
are
quite
an
issue
with
us,
especially
with
slack.
There
is
a
significant
Android
user
community
across
Cisco.
We
don't
have
that
problem
with
the
iPhones
right
with
iOS,
but
with
Android.
We
have
this
problem
and
we
and
we're
not
essentially
against
this.
You
know
we'll.
All
we
want
is
that
InfoSec
have
the
ability
to
track
these
address
rotations
as
they
happen,
or
that
means
we
do
so
for
that.
D
We
have
to
develop
a
tool
to
somehow
figure
that
out
right
or
we
do
something
called
device
profiling,
and
we
say
that
if
you've
enabled
you
know,
privacy,
extensions
and
I
can't
let
you
join
the
wireless
network.
So
that
is
why
I'm
asking
Google
here.
Can
you
please
give
us
the
switch
to
switch
this
on
or
off
so
that
we
can
decide
at
a
corporate
level
by
their
devices
which
have
enabled
privacy
extension
should
be
allowed
onto
the
network
or
not?
And
then
it's
the
users
choice
the
RFC
mandates.
It
says
it's
a
must.
D
D
D
D
My
storage
architects
tell
me
that
if
I
was
to
go
out
to
v6,
only
their
pools
will
be
fragmented
and
understandably
all
right
and
if
they're
fragmented,
then
you
still
have
to
go
through
some
kind
of
a
translation
infrastructure
to
go
between
the
pools
or
I
guess
you'd
have
problems
having
wheels
moving
around
or
things
to
that
effect
right.
So
storage
pools
are
an
issue
when
we
look
at
the
data
center.
If
you
are
ipv6-only,
that's
as
long
as
there
is
ipv4
own
stuff
that
is
trying
to
access
them.
D
D
D
Making
the
business
case
for
dual-stack
was
hard
for
ipv6
it's
hard
and
risky
for
ipv6.
Only
what
I
mean
by
that
is
so
we
got
everything
into
into
Gil
stack
now,
as
people
try
to
go
into
ipv6,
only
application
owners
come
up
and
ask
all
right.
So
what
if
it
breaks
so
now
there
is,
there
is
a
line
where
you
have
to
convince
them.
D
That
is,
you
need
to
move
to
ipv6,
and
then
there
is
a
line
which
says:
okay,
what
if
it
breaks
for
people
who
don't
have
a
previous
a
so
if
you
go
to
the
translation
infrastructure,
so
that's
that's
a
message.
I
hear
from
people
I
talk
to
and
this
message
is
still
not
flowing
downhill.
I
want
to
take
everybody
back
to
2011
and
12.
The
service
providers
had
a
use
case.
They
needed
growth
and
therefore
we
gathered
the
momentum
and
we
did
ipv6
day
and
we
did
ipv6
launch.
D
We
had
the
content
providers
come
in
and
they
said.
Ok,
that's
really
no
good
until
we
get
a
lot
of
the
service
providers
in
because
yet
things
will
still
be
going
through
translational
infrastructure
and
we
had
a
lot
of
momentum.
So
between
2
and
3
years,
we
had
the
graph
go
up
like
this
right
now,
it's
5
years
since
then,
and
still
the
application
owners
are
not
convinced
that
they
are
ready
to
go
to
ipv6.
D
Only
and
I
think
that
momentum
comes
down
to
the
leaders
who
are
sitting
at
the
top
from
folks
like
you
who
influenced
their
thoughts.
It
doesn't
go
bottom-up
from
people
like
me
and
that's
that's
what
I
mean
by
the
message
is
not
flowing
downhill
yet
because
we've
done
our
bit
on
the
infrastructure
side,
with
dual
stack:
try
to
minimize
the
risk
you've
been
taking
a
building
on
to
active
v6
only
but
going
forward.
You
know
we're
ready,
but
the
application
owners
are
not
convinced
that
they
want
to
go
there.
D
Just
yet
I'll
give
you
a
recent
example:
Cuban
IT
support
came
in
sometime
like
March
2016
for
ipv6.
Now
we
are
doing
a
micro
services.
Migration
for
all
our
applications
and
I
was
very
keen
on
making
sure
that
you
know
we
have
a
playbook
where
we
lead
by
example,
and
have
developers
do
IP,
agnostic,
application
development
saying
that,
yes,
we
can
do
this
over
a
few
basics
only,
but
if
the
overall
architecture
direction
that
the
application
they're
moving
to
things
like
those
are
late
and
doing
our
pp6,
only
then
I've
lost
the
case.
D
It
then
suddenly
becomes
a
disincentive
to
go
there.
You
know
if
it's
not
only
not
doing
that.
Furthermore,
you
know
I
mean
I
know
that
we
are
doing
some
kind
of
an
overlay
not
for
v4
for
the
micro
services
piece
now
that
that
that
further,
you
know,
aggravates
the
problem
of
people
not
trying
to
go
to
ipv6
only
so
I.
That's
that's
my
feeling
on
this
that
that's
what's
happening
out
there
in
the
wider
world
and
yeah.
There
was
a
great
team
behind
this
and
I
just
wanted
to
stand.
E
Hi
David's
Ganassi
Apple
regarding
your
point
of
device
tracking
and
a
global
switch
for
privacy
addresses
as
someone
who
makes
user-friendly
devices,
don't
expect
me
to
put
in
a
switch
for
ipv6
privacy
addresses.
That's
not
what
the
user
wants.
Also
privacy
addresses
or
beneficial
prevents
there's
some
website
from
tracking
them.
Whether
the
your
device
is
on
your
network
or
not.
If
you
really
want
to
track
them,
why
aren't
you
tracking,
based
on
MAC,
address.
D
D
So
what
is
the
unit
I
think
that
it
can
be
debated,
but
I
think
that
when
you
sign
up
to
a
corporate
network,
you
already
sign
a
contractor.
You
already
signing
to
agree
with
the
policy.
If
your
corporate
policy
says
that
yes,
no
privacy
extension,
then
it's
the
users
choice.
You
can
come
on
or
you
can
not
come
on
so.
E
D
Yes,
exactly
that's
that
that's
the
case,
because
we
set
out
the
policy
you
could
go
to
the
policy
and
find
200
other
lines
which
say:
oh
yeah,
I.
Why
are
you
doing
this
because
I
should
have
rights?
So
it's
it's
legal
has
to
face
a
lot
of
legal
obligations.
They
have
to
make
sure
that
they're
in
compliance
with
a
lot
of
things.
That's
that
what
they
tell
me.
Okay,.
D
Iiii,
don't
make
that
policy
I'm
just
telling
you
that
this
is
what's
preventing
slack
going
out,
so
you
can
either
take
it
that,
like
that,
alright,
we
are
going
to
leave
it
like
that
you're
not
going
to
do
it
and
help
not
let
ipv6-only
proliferate
or
you
can
say,
hey
user.
Here's
a
switch!
Your
choice
agreed.
F
Thank
you,
Marconi
grab,
my
happens,
cheap.
Thank
you.
Great
work,
especially
coming
from
a
vendor
eating
your
own
dog
food
is
always
good.
I
spend
a
lot
of
time
kind
of
selling
this
at
a
high
level
to
all
sorts
of
people
who
are
not
engineers
and
I'm
still
a
bit
confused
and
in
the
message
here.
If
you're
telling
me
that
this
is
a
message
that
needs
to
come
or
a
decision
needs
to
be
made
top-down,
but
it's
costly.
F
It's
high
risk
and
essentially
you're
already
dual
stack,
so
you
should
disable
ipv4,
which
I
don't
sort
of.
Are
you
suggesting
that
people
who
are
already
dual
stack
and
should
move
on
to
ipv6
only
already
now
pentesting
something
that's
supposed
to
be
a
green
field
deployment,
because
I
kind
of
don't
see
the
pot
from
dual
stack
to
v6.
Only
if
you've
got
a
working,
dual
stack
then
shouldn't
happy.
I
was
take
most
of
the
strain
and
make
ipv4
squared.
D
But
happy
eyeballs
is
is
more
of
something
that
we
found
to
mask
a
lot
of
connectivity
issues.
We
feel
that
dual
stack
is
not
the
way
to
go
forward
operationally.
It
should
be
active.
A
six
only
and
happy
eyeballs
doesn't
help
at
all
in
making
sure
that
Idris
is
connectivity
is
really
working.
There.
I
suspect.
G
D
That's
not
the
only
thing
that
that
defines
the
equation
that
people
who
are
developing
products-
you
know
they've
got
other
revenue
targets
to
meet
I,
guess
so
so
operational
costs.
We
are
already
saying
that
we
do
not
want
to
maintain
two
protocols.
We
are
already
saying
that
the
the
way
we
would
like
to
go
ask
me
to
do
it
again
today
and
I'll.
Do
I
do
v6
only
and
I'll
invest
everything
I
possibly
can
into
a
translational
infrastructure
so
that
I
can
I
can
work
out
the
kinks
there,
but.
G
We
are
you
start
I
shouldn't
have
said
you
I
should
have
said
people
like
you
all
across
the
industry,
when
the
operational
cost
will
basically
start
being
substantial
enough.
The
people
are
starting
to
stop
gonna
start
asking
themselves.
Why
do
we
need
this
before
thing
anyway?
That
is
the
point
when
your
app
developers
are
going
yeah
yeah.
D
Absolutely
so
let
me
tell
you
where
I
stand
on
that
and
I'm
talking
about
people
like
me.
Hopefully
other
people
have
their
opinions,
maybe
I
don't
know,
but
from
my
perspective,
operational
costs
are
owned
by
a
different
budget
owner
an
application
revenue
is
owned
by
a
different
budget
owner,
so
you
have
to
look
at
it
from
the
top
down.
You
see
the
the
guy
out
there,
whose
application
is
bringing
in
billions
of
dollars
of
revenue
does
not
own
the
operational
costs.
No.
G
G
And
and
that
message
again
comes
top-down,
it
still
doesn't
flow,
bottom-up.
Okay,
so
now
on
the
privacy
dress
front
you're
correct
that
we
don't
implement
for
a
94
run
correctly.
The
I
would
I
would
ask
your
InfoSec
people.
Do
you
want
everyone
on
the
Internet
to
track
your
users
in
perpetuity?
Because
if
you
disable
privacy
addresses
that's,
what's
gonna
happen?
You.
D
D
I,
don't
know
any
any
legal
law
that
requires
people
to
track
stuff
all
but
I
hear
it
I
hear
them
when
they
say
that
look
when
you
switch
on
your
laptop
or
your
PC
into
the
office,
you
are
agreeing
to
a
code
of
conduct
with
respect
to
the
use
of
the
network,
and
that
has
so
many
other
clauses
that
you
would
normally
agree.
Yeah.
G
D
G
D
At
the
end
of
the
day-
maybe
sorry-
maybe
maybe
two
years
down
the
road
you
can
say
you
know
we
don't
need
this
anymore.
Everybody
agrees
that
we
should
have
privacy,
extensions
and
that's
good,
but
if
you
do
that
today
it
will
help
people
who
are
not
deploying
slack
because
of
legal
issues,
deploy
slack
and
allow
ipv6
to
come
on,
but.
G
Then
forever
we
will
have
no
privacy,
so
there's
a
trade-off.
I
mean
so
another
point
I
wanted
to
make
is
that
the
legal,
the
consensus
statement
of
the
ITF
on
this
topic
has
been
published.
Okay,
it's
written
in
Rye
of
c79,
three
four
and
it
contains
detailed
text
about
address
tracking
and
what
is
recommended
in
the
ITF
I
would
recommend
that
you
follow
that
advice,
because
that's
the
advice
of
the
ITF.
D
G
Have
the
tools
your
devices
do
this?
They
send
syslog
messages
when
new
neighbour
cache
entries
are
created,
that's
written
in
the
RFC
implementations.
Are
there
I
mean
so
so,
like
I
said,
read
ERC
and
we
would
be
happy
so
so.
There's
a
flip
side
also
right
we're
trying
to
we're
trying
to
look
at
this
for
the
long
haul.
G
What
we're
trying
to
see
is
what
can
we
do
with
multiple
IP
addresses
that
you
can't
do
with
just
one
and
we're
talking
about
we're
starting
conversations
about
like
how
can
you
sign
an
ipv6
address
to
an
app
the
Firefox
people
are
saying:
how
can
we
sign
a
different
IP
source
IP
address
for
a
every
origin,
server
to
preserve
privacy's?
There's
all
these
things
that
we're
going
to
require
multiple
addresses
on
hosts
and
just
saying,
there's
one
IP
address
per
host
is
not
gonna.
I'll
go
on
gonna
allow
all
these
things.
G
There
realize
that
there's
attention
there,
but
I
think
we.
We
should
think
about
the
long
term.
A
little
bit
more
and
I
did
have
some
conversations
with
people
at
Cisco
and
I.
Think
there
was
general
agreement
around
the
table
that
it
would
be
better
to
base
this
tracking
not
on
an
IP
address,
but
on
a
solid
attestation
like
the
802
dot.
One
excerpt
right,
if
you
want
to
build
this,
come
talk
to
us
and
I
think
that's
a
way
better
solution.
G
D
D
G
You
may
also
consider
a
final
point.
You
may
also
consider
the
ipv6
prefix
per
host
raft,
which
gives
you
a
much
easier
way
of
tracking
that,
since
you
only
have
to
track
one
thing
at
a
time
you
can
assign
the
host.
You
can
assign
the
host
one
prefix
based
on
based
on
radius,
and
that
will
give
you
tracking
to
from
IP
to
Mac
and
if
the
device
randomizes
its
Mac
you're
Sol,
just.
G
B
I
Question
I'll:
keep
it
brief,
do
you
have
anything
online
like
a
blog
article
or
something
that
has
a
little
bit
more
detail
than
just
the
slides,
but
that's
not
video
that
somebody
could
read
I'd
love
to
share
this
more
widely
on
mailing
lists
in
social
media,
as
it
is
just
as
you
know,
a
used
case.
Your
experience.
Do
you
have
anything,
that's
easy
to
share
there.
D
J
Gentleman
call
Google
just
for
sanction
presentation
very
interesting,
but
as
someone
who
operates
a
corporate
network
I
definitely
would
not
like
users
to
have
privacy
addresses
disabled
because
they
would
not
enable
them
when
they
walked
out
of
the
door.
They
wouldn't
do
it.
Every
time
the
commons
office,
unmown,
young,
disabled
privacy,
addresses
and
renamed
was,
and
after
so
we
actually,
because
we
just
do
not
have
right
tools
in
place.
We
should
not
sacrifice
security
and
privacy
concerns.
J
D
E
David's
cañazo,
just
so
I
am
NOT
a
lawyer,
and
if
someone
is
and
knows
this
rules
in
the
great
city
of
San
Jose,
please
come
and
correct
me,
but
I
highly
doubt
that
the
regulations
stipulate
exactly
how
you
would
need
to
track
users.
They
probably
only
tell
you
that
you
should
track
users,
so
the
fact
that
you're
doing
an
IP
address
and
not
on
MAC
address.
You
can't
hide
behind
the
legal
requirement.
E
D
I,
don't
know
how
you're
doing
it.
This
is
an
IP.
This
is
an
InfoSec
thing.
It's
dark
circles,
even
I'm,
not
privy
to
that.
What
tools
they
have,
what
attrition
mechanisms
they
have
there,
but
the
feedback
I
got
from
them
was
that
if
it's
in
the
RFC
it
needs
to
be
there.
If
it's
not
there
in
the
RFC,
then
you
know
then.
D
E
F
C
We've
had
on
the
IETF
list
about
whether
the
default
SSID
should
be
the
nat64
or
should
be
four
six,
four
X
lat
or
some
other
variation,
and
also
to
compare
the
various
transition
mechanisms.
And
so
let
me
Clemmy
come
back
to
the
team.
We
did
so
we
here's
how
we
did
it.
We
had
this
rodent
domicile
rat's
nest
that
we
created
it
interconnecting
a
whole
bunch
of
home
gateways
with
VPP
implementation
of
transition
technologies.
C
It
took
us
a
while
to
put
it
together.
Here's
the
the
network
diagram.
You
can
see
that
the
network
diagram
has,
you
know
handwriting,
hidden,
written
notes
on
it,
because
things
change
on
the
fly.
That's
why
it's
a
hackathon,
the
CPE
that
we
used
was
lead
or
ledee
or,
however,
you
that,
if
that
is
properly
pronounced
and
the
event
and
VPP
was
used
for
all
the
BRS
and
aft
ARS
for
this,
this
is
the
team
that
was
working
on
it.
C
Actually,
anybody
in
the
room
who's
on
this
who
who
helped
work
on
this,
would
you
stand
up
for
a
minute,
so
you
know
great
work.
I
really
appreciate
all
the
work
at
the
end
here,
I
note
that
Jen
link,
OVA
and
Randy
Bush,
specifically
tested
against
IETF
nat64,
implementations
and
Jen's
couldn't
come
up
and
give
her
slides
in
a
minute
we
tested
always
tested
these
transition
technologies,
and
these
applications
and
everything
worked
except
steam
was
one
that
Jen
noticed
the
unable
to
reach
a
certificate.
Revocation
list
might
have
been
a
glitch
in
the
matrix.
C
We
didn't
get
a
chance
to
test
Matt,
T
and
Matt
II.
It
should
work
the
same
as
like
wait
for
over
six.
We
just
you
know
we
couldn't
prove
it
because
we
did
have
a
chance
to
test
it.
Vpns.
There
was
a
special
case
because
VPNs
don't
work
if
they're
configured
not
to
work
or,
if
they're
not
configured,
to
work.
It
kind
of
works
both
ways
and
that
kind
of
brings
me
to
well.
Let
me
go
ahead
and
show
this.
This
is
essentially
Jen's
slide.
She's
gonna
come
back
and
talk
about
her
results.
C
We
tested
dual
stack
light
and
you
can
see
lots
of
gaps
here
where
we
didn't
actually
have
a
tester
in
place
or
the
facilities.
Somebody
who
could
test
that
or
we
somehow
just
missed
the
test
case.
The
nice
thing
is
almost
everything
we
tested
was
green
everything
most
of
what
we
worked
where
we
test
it
actually
worked.
Spotify
so
Spotify
interesting
lis
didn't
work
on
Mac
OS
as
an
app,
but
it
works
just
fine.
C
As
with
the
web
client,
that's
another
one
that
I'd
like
to
go
back
and
test
and
do
some
packet
captures,
and
apparently
air
display
didn't
work
on
on
Android,
but
worked
on
the
the
Apple
OS
is
four
six
four
X.
Let's
similar
results,
not
quite
as
many
such
cases
tested,
we
weren't
able
to
test
most
VPN
clients,
because
we
just
didn't
have
the
right
people
at
the
table,
who
happened
to
use
those
VPN
clients
and
sort
of
additional
testing
that
we
also
did
but
not
rigorously,
not
not
well
noted.
C
Was
we
tested
slack
and
Remote
Desktop
Protocol
on
a
couple
of
things
next
time?
So
these
are
some
of
my
lessons
learned
the
first
day
setup
was
much
harder
than
I
expected
took
us
a
long
time
to
get
the
configurations
of
both
ends
working
together
next
time
we
do
this
and
I
do
think
there
should
be
it
next
time.
C
We
need
to
add
these
additional
transition,
technologies,
I
think
and
there's
still
there's
a
different
work
that
isn't
just
what
we
do
next
time
is
the
the
lead
documentation
for
these
transition
technologies
is
sparse
if
existent
at
all,
I
think
I'm
going
to
go
ahead
and
say
in
at
least
a
couple
cases.
There
is
just
no
documentation
that
when
you
do
search
for
how
to
configure
it,
you
come
up
with
email
from
geordie
to
the
lead
development
team.
C
We
I
think
we
may
want
to
come
up
with
some
VPN
best
practices,
how
to
configure
your
VPN
so
that
you're,
not
opening
yourself
up
to
the
to
the
internet
over
v6.
How
to
make
sure
that
you're,
not
you
know,
split
tunnels
are
a
really
weird
situation.
Wes
has
been
telling
George
has
been
telling
me
about
some
of
his
unique
cases.
We've
got
some
potential
hosts
requirements
and
potentially
some
potential
input
into
host
requirements
that
all
a
really
is
is
saying:
hey,
I
think
we've
learned
this.
C
We
really
need
to
work
on
this
some
more
and
we
also
need
to
test
home
electronics
stuff
that
I'm
not
gonna
bring
to
an
IETF,
because
you
know
packing
up
a
whole
bunch
of
game
consoles
and
stuff
here
and
dragging
them
on
an
airplane
doesn't
sound
like
a
good
idea
but
I'm
working
on
this
there.
That's
what
I
wanted
to
do.
Real,
quick
Jen
can
talk
about
her
results
and
then
we'll
take
questions
for
just
a
minute
or
two
I.
J
Actually
sent
you
updated
slide
option,
because
I
would
like
to
bill
all
the
slides,
because
you
helped
a
lot
on
the
hackathon,
sir
okay,
so
I
said
that
I
just
sent
you
updated
slide
version.
So
if
you
can
upload
later
updated,
sent
because
I
missed
bills,
name
on
the
slide
and
I
feel
very
bad
about
that.
My
apologies.
So
we
had
the
discussion
last
time
about
how
useful
is
IETF,
not
six
voice.
S
ID,
so
I
hope
everyone
who
keeps
their
laptops
open.
J
A
current
show
not
six
for
SS
ID
and
if
not
I
would
like
to
I
would
like
to
see
ticket
soap
and
explaining
why
they.
What
did
not
work.
So
we
try
to
see
get
moderate
about
what
is
going
to
be
broken
if
suddenly
before
disappears.
So
it
was
a
list
of
applications
selected
mostly
based
on
other
tickets,
which
NOC
received
previously
during
previous
IETF
and
plus
some
applications,
which
we
believe
I
need
to
be
tested
like
applications
which
require
for
working
group.
Our
participations
like
metal,
Jabar
and
so
on,
so
anak
helped
sense.
J
A
lot
for
creating
troubleshooting
environment,
who
is
mirroring,
curb
all
traffic
to
switchboard
and
so
on.
So
we
were
able
to
troubleshoot
when
something
went
wrong.
So
yeah
it
was
the
matrix,
so
green
means
works.
Fine
gray
means
it
didn't
make
any
sense
to
test
because,
for
example,
me
take
oh
I
didn't
test
on
iOS,
Android
and
orange
means
you
need
to
be
tested
because
I
had
some
visual
issues
with
getting
Windows
10
up
and
red
means
it
did
not
work.
J
And
surprisingly,
it
actually
looks
quite
well
so
Spotify
application
on
MCOs
did
not
work
because
it
looks
like
iOS.
Application
was
fixed
because
of
HIPAA
requirements,
but
there
is
no
such
requirements
for
desktop
application.
It
still
believes
that
if
there
is
no
before
address,
there
is
no
before
connectivity
and
even
on,
and
it's
still
trying
to
use
refer
address
and
error
display
on
Android
behaves
the
same
way.
It's
application
just
complains.
I
know
I,
do
not
have
internet
connectivity.
Please
come
back
later.
I.
J
Found
yeah,
it
was
another
sync,
I
tested
telegram
messengers
and
everything
works
fine,
except
for
web-based
key
generation.
So
it's
just
sitting
there
doing
nothing.
But
after
if
you
get
kid
Keys
generated,
it
works
just
fine
and
I'm
trying
to
find
people
who
can
fix
it
and
I
feel
bugs
for
a
bug
report
for
display.
So
again,
if
you
user
display
on
Android,
you
can
complain
to
them
and
the
most
important
sync
actually
was
VPN,
because
I
think
it
was
the
main
concern
that
people
could
not
get
their
work
done.
J
I
repay
an
applications
do
not
work
and
I
see,
surprisingly
good
results,
so
Open
VPN
works,
cisco
people
tested
the
corporate
VPN
and
came
back
to
me
here,
and
it
works
just
fine.
So
here
some
corporate
VPN
do
have
issues.
There
are
vendors
which
do
not
support
v6
only
clients,
but
I've
heard
that
some
people
might
even
consider
on
changing
those
vendors
to
better
ones,
and
there
are
some
work.
J
Europeans
might
not
be
just
a
configurate
to
York
explicitly,
and
indeed
here,
when
you
split
tunneling,
it's
tricky
right,
split
tunneling
might
hurt,
even
if
you
want
before
only
network,
because
it's
osseous
DNS
split
horizon
issue,
you
get
DNS
respond
over
VPN,
it
doesn't
mean
you
can
actually
use
that
respond
to
send
traffic,
not
in
the
VPN
tunnel,
so
it
was
actually
quite
good.
Yeah
I,
say
telegram.
Messenger
was
also
tested.
J
It
wasn't
so
I
know
that
a
lot
about
various
millions
of
instant
messengers
this
week
I
did
not
even
know
so
many
of
them
exist.
So
we
tested
two
more.
They
worked.
I
heard
that
some
of
them
did
not.
I
will
show
that
steam
application
does
not
work
and
it's
actually
old
version
of
my
slide
to
two
versions
so
yeah.
The
most
funny
thing
is
all
these
fossils
in
your
configurations.
J
Don't
check
your
SSH
configs
for
host
star
familiar
net
check
your
EDC
host
for
explicitly
specify
it
before
addresses,
which
means
dns64,
doesn't
help
you
much
and
so
so
yeah.
You
might
have
some
very
interesting
configuration
on
your
devices.
Yes,
so
there
I'll,
indeed
a
lot
of
things
to
test,
I'm
pretty
sure
there
are
other
VPN
applications
around.
J
There
are
millions
and
millions
of
messengers
and
again
it
would
be
really
nice
to
get
more
data
about
what
people
using
at
IDF
network
and
want
what
needs
to
work
here
to
see
if
not
six
four
is
in
the
good
shape
to
be
a
usable
SSID
here.
So
please
use
not
six
for
this
week
and
report
if
it
does
not
work
actually
if
it
works,
it
also
nice
to
know.
So
I
think
that's
it.
H
H
An
opened
up
be
based
in
omnia
Taurus
at
home
that
I
managed
to
win
like
half
an
hour
to
get
that
working
as
a
net
6-4
dns64
box.
I
can
probably
try
to
get
a
normal
out
of
box
lady
and
try
to
do
instructions
on
how
to
do
that.
Would
that
be
useful
so
that
anyone
can
set
up
a
dns64
plus
the
nat64
box
at
home
for
testing
I.
C
C
Documentation
of
this,
so
that
would
help
I
didn't
look
for
how
to
do
dns64
and
nat64
on
a
lead
box,
because
we
had
the
the
ietf
heavy
version
using
using
one
vendor,
and
we
had
VPP
providing
another
instance.
So
I
didn't
need
to
I
didn't
go
that
there
was
actually
one
more
comment
on
I
need
to
make
on
something
else,
which
was
in
several
cases.
We
found
that
an
application
had
problems,
but
once
we
upgraded
it
to
a
more
recent
version,
the
problems
went
away.
Several
cases.
G
H
G
Wireless
controller
in
this
network,
if
you
don't
do
G
HP
v6
and
you
don't
do
a
UI
64,
that's
like
well
you're,
not
on
the
network.
So
that's
something
that
we're
reporting
the
Cisco,
because
our
devices
can't
get
on
the
network
at
all
our
new
ones,
because
they
don't
do
UI.
64
addresses
anymore
and.
E
David's
can
now
see
Apple
I
wanted
to
make
a
couple
points
on
the
VPN
slides
well,
first
off
thanks
a
lot
for
all
this.
This
is
really
heartwarming,
especially
that
things
are
getting
fixed
on
the
VPN
configuration
shouldn't
matter
since,
like
a
few
years
back,
we
went
through
and
fixed
all
of
the
VPNs
that
are
shipped
with
iOS
and
Mac
OS,
and
you
can
try
to
configure
them
any
way
you
want.
E
You
can't
get
them
to
not
work,
because
these
VPNs,
if
they
use
UDP
or
TCP,
they
will
go
through
a
nat64
just
like
they
go
through
an
app
for
for
like
things
that
UCSB
could
be
a
different
story,
but
if
that
any
kind
of
VPN
that
can
go
through
an
at4
for
can
go
through
an
app
6-4.
Otherwise,
it's
a
bug
in
the
VPN
software.
It's
not
a
configuration
problem.
I.
J
E
But
I,
so
imagine
this
if
you
configure
it
to
say
this
is
a
full
tunnel
VPN
that
disables
all
v6,
which
is
what
you
want,
because
otherwise
you're
leaking
all
your
traffic
over
v6.
If
your
goal
is
to
make
a
VPN
that
privacy
and
you
don't
you,
don't
your
server
infrastructure
doesn't
support
v6,
you
want
everything
on
before
and
you
explicitly
want
to
drop
on
v6.
Then
what
that
would
do
is
all
of
to
the
phone.
It
offers
a
v4
or
default
route.
J
E
C
One
of
the
cases
that
we
think
this
is
different
than
what
you
described
is
I
did
hear
of
somebody
describing
that
their
IT
department
had
them
configured
for
split
tunnel
and
therefore
their
their
applications
believe
that
they
had
v6
and
could
use
v6
and
there
and
then,
of
course,
they're
set
to
use
the
the
ISPs
name
server.
In
one
case
they
said
they
got
it
because
they
didn't
have
v6
locally
and
they
didn't
before
locally.
They
were
getting
a
link.
C
E
Know,
there's
something
that
we've
already
solved.
Those
second
point
lit
tunnel
and
nat64
is
discussed
in
the
happy
eyeballs
version
to
draft
in
70
section,
not
something,
and
it's
up
to
the
client
OS
to
solve
the
problem,
because
I
agree
that
split
tunnel
makes
this
hard,
but
split
tunnel
is
and
split,
DNS
aren't
going
away,
so
you
this
can
be
fixed
in
the
host
and
the
RC
documents.
How
to
do
it.
Thank.
E
D
D
C
Bit
so
we
we
do
have
RFC
is
describing
it
I,
don't
think
the
IETF
does.
This
runs
a
certification
program.
There
might
be
somebody
in
the
room
who
does
run
a
certification
program,
but
when
we
did
the
the
ipv6
ready
logo
program
it
was
we
had
to
write
a
spec
describing
the
expected
behavior
and
then
work
with
the
v6
forum
on
developing
a
essentially
a
compliance
test
suite
that
they
could
then
use
to
test
against.
So
there's
work
to
be
done
there
I,
don't
know
any
reason
why
it
couldn't
be
done
and
I
don't
see.
K
Yeah
yeah
Tim
winner
is
UNH
hi
well
so
for
the
v6
ready
logo
stuff.
Obviously,
when
there's
interest
in
these
types
of
things,
that's
when
we
go
and
do
it.
So
if
someone
relates
really
nice
document
that
we
can
read
and
we
can
create
a
test
program
and
there's
interest
on
it,
we
would
absolutely
do
that.
L
Geordie
palette
I
was
not
sure
to
understand
in
your
presentation
both
of
you,
but
especially
for
for
not
just
not
64,
but
the
rest
of
the
transition
mechanism.
I
actually
try
it
Open
VPN,
which
disappea
not
with
UDP,
but
we
still
need
work
it
in
all
the
transition
mechanisms
that
we
tested.
Okay,
so
that's
that's
clear
and
also
responding
to
what
Michael
said.
I
have
already
implemented
in
a
city
like
this
ten
ten
dollars,
not
sixty
four
and
dns64
on
open
wrt.
So
that's
that's
visible
as
well,
and
it
works
yeah.
L
I
J
C
J
G
Other
insecurities
to
reply
dear
to
your
comment.
Jordi
I
think
it's
it's
not
as
easy,
as
you
say
so.
I've
gotten
I've,
gotten
nat64
dns64
to
work
on
our
printer
belchy,
but
it's
dog
slow,
really,
really
really
slow.
Cuz
tiger
punch
the
packets
user
space
and
it's
not
really
an
acceptable
solution
for
a
mass-market
device
which
is
going
to
have
a
CPU.
That's
as
small
as
it
can
be.
Well.
G
J
B
J
J
So
how
can
we
do
this?
Especially
if
we
look
in
the
situation
when
some
up
links
might
go
down
come
back
up
again,
and
so
so
there
is
a
draft
adopted
by
routing
working
group
which
describes
a
solution
for
quite
general
use
case,
and
the
problem
is
so.
The
problem
said
the
solution
proposed,
which
tries
to
cover
almost
every
possible
scenario
requires
hosts
to
you
to
use
rule
5
5
for
default.
Address
selection,
algorithm
to
select
a
next
hop
router
and
then
select
the
source
address.
J
This
draft
documents
tactical
solution
which
could
be
implemented
on
any
network
with
reasonably
modern
clients.
I
mean
coins
which
support
the
current
version
of
default.
Address
selection
even
result
supporting
the
roof
I
file,
which
is
op,
which
is
optional,
as
per
default,
address
selection
algorithm,
so
they
the
whole
idea.
Is
you
if
a
host
is
allowed
to
use
the
prefix,
because
uplink
is
up
and
operational?
J
You
allow
host
to
use
it
because
it's
your
primary
or
lot
value
on
balancing
between
up
links,
then
the
host
just
received
Pio,
who
is
nonzero
default
lifetime
and
can
use
it.
If
network
needs
to
signal
back
to
house
that
this
prefix
should
not
be
used
because
uplink
is
down
or
use
your
backup
uplink
and
you
do
not
want
to
send
any
traffic
yeah
there.
Yet
then
prefix
is
duplicated
by
sending
array
is
preferred
lifetime.
Zero,
for
this
is
P.
J
So
here
is
a
link
for
my
slides
from
Alice
ITF,
which
covers
the
solution
in
more
details
and
now
I
just
tell
you
what's
happened
since
prog,
so
the
draft
was
adopted
and
after
this
very
productive
discussion
and
the
way
headed,
prog
I,
think
I
addressed
comments
received.
So
now,
I
explicitly
clarify
that
when
network
chain
state
changes,
it's
not
just
one
array
being
sent
to
signal
situation
to
the
host,
but
all
subsequent
arrays
I
have
the
same
parameter.
J
So,
for
example,
if
you
are
uplink
is
down
that
all
periodic
unsolicited
or
solicited
arise
received
by
a
host
would
have
preferred
lifetime
0
set
for
this
prefix.
So
he
has
a
an
any
point
of
time.
Basically,
they
are
a
sent
by
router
should
be
consistent
with
the
desired
network.
Topology,
oh
yeah,
so
in
the
previous
version
of
the
draft
I
didn't
make
it
clear
what
should
be
done
if
all
up
links
are
done,
shall
we
duplicate
all
prefixes
or
do
something
else
and
I
think
this?
J
So
solving
it
would
be
really
nice
step
forward,
helping
enterprise
networks
to
deploy
ipv6.
So
I
heard
why
I'm
here,
because
I
sent
updated
version
linked,
updated
version
to
the
list.
First
of
all,
I
would
really
like
to
hear
from
people
who
minded
to
use
the
phone
and
would
likely
see
it
implemented
and
would
be
interested
it
probably
deploy
in
it.
So
I
would
like
to
see
if
it
just
a
problem
I'm
trying
to
solve,
for
there
are
other
people
who
would
use
it
if
you,
if
you'd
like
to
use
it.
J
A
J
J
Testing
in
the
lab
is
this
delay
because
I'm
using
some
automation,
because
vendors
do
not
do
it
like
I,
couldn't
apply
a
polish
on
the
route
they're
saying
if
this
uplink
is
down
like
you're
doing
the
VAP
right,
please
update
the
right
configuration
so
I
have
to
do
some
scripting,
which
introduced
in
July
yeah
but
yeah.
Maybe
you
are
right.
Maybe
it
should
be
some
kind
of
dampening
and
yeah
not
propagate
and
change
immediately.
A
J
G
G
You
could
I
mean
I,
guess
you
could
certainly
say
that
you
know
you.
We
should
not
do
that
and
we
could
I
think
the
the
challenge
was
that
we
saw
that
on
certain
networks.
When
addresses
were
deprecated,
it
was
because
they'd
actually
timed
out.
We
actually
had
no
route,
but
we
could.
We
could
consider
changing
that.
But
if
you
had
an
implementation
report,
if
you
test
some
various
implementations-
and
you
told
us
what
was
wrong,
if
anything,
then
we
could
fix
that
I
I.
J
Think
it's
more
kind
of
related
to
network
design
because,
for
example,
if
you're
talking
about
I,
don't
know
small
office
with
few
people
right,
a
few
users
sitting
there.
Maybe
when
all
your
links
are
downs,
it's
a
full
outage
right.
If
you're
talking
about
something
more
complex
you
might
want
to
use,
usually
is
there
to
keep
intra
site
connectivity
up
because
you
you
want
to
probably
connect
your
printers
on
your
workstation
or
something
I
am
Not
sure,
because
yeah
you
realize
have
placed
here
for
keeping
your
inter-site
connectivity
in
case
of
internet
outage
yeah,
no.
H
Michael
Abramson
so
I
think
the
the
whole
net
proof
of
concept
code
already
does
a
lot
of
this.
You
could
probably
use
that
for
testing
as
well
instead
of
the
orchestration
here.
We're
talking
about
I.
Think
I
mentioned
this
last
time
as
well,
that
this
is
a
lot
like
the
when
you're
sitting
on
the
user
side
of
this.
It
looks
a
lot
like
sitting
at
home
that
or
this
solution
I
mean
some
of
the
machinery
in
the
middle
in
the
network
might
be
different
but
device
perspective.
It's
probably
very
similar
because
again.
L
Presented
this
this
document
in
the
previous
IDF,
it's
a
still
version
zero
zero,
but
actually
should
be
zero.
One
I
make
a
mistake
with
the
naming
and
then
the
data
tracker
didn't
didn't
wanted
me
to
play
the
the
number
just
going
very
quickly
because
I
don't
want
to
repeat
everything.
I
said
the
last
time.
The
the
situation
here
is
that
happy,
happy
eyeballs
is
is
good
for
the
for
the
for
the
user,
but
actually
is
hiding
problems
in
in
the
network
to
the
operators.
L
L
If,
if
we
go
on
with
this
work,
is
the
only
way
to
do
that,
but
for
simplicity
at
the
moment,
I
I
think
that
the
best
way,
because
because
it's
something
that
usually
is
already
in
operators,
networks
is
to
use
6
lakh
only
with
UDP
only
with
the
default
port,
which
is
5,
1
4,
and
only
using
ipv6
links
to
report
the
problem,
because
it
is
supposed
that
that
that
the
link
to
the
operator
should
be
working.
If
not,
the
operator
has
a
bigger,
bigger
problem
towards
those
users.
L
I
am
also
using
an
existing
protocol
to
report
or
to
actually
find
the
the
syslog
server
in
the
network.
So
it's
it's
again
thing
new,
it's
something
that
already
exists
there
and
and
I'm,
using
basically
the
same
system
as
for
finding
the
nat64
okay.
So
it's
nothing
new.
Just
I
am
using
a
specific
address
that
it
should
not
be
use
it
in
any
way,
because
I
am
using
ipv6
only.
It
will
not
conflict
with
any
other
existing
protocol.
L
If
somebody
still
has
6
to
4,
which
is
the
dress,
I-
am
using
configure
it
there,
because
I
am
not
using
the
ipv4
address,
but
the
ipv4
address
as
part
of
an
ipv6
address
which
is
unique
to
every
operator.
Network.
Ok.
So
this
is
some
of
the
comments
that
they
got
from
the
previous
presentation.
That's
that's
not
going
to
be
an
issue
even
if
somebody
has
still
64
working
there.
L
So
the
idea
is
that
when
happy
Able's
detects
failure,
it
should
use
the
the
6
lock
server
to
report
things
that
need
still
to
be
define
it.
It's
something
that
we
need
to
work
with,
which
they
always
vendors,
probably
like
timeout
parameters,
failure,
destination
address
and
SUSE
prefix,
and
one
of
the
major
concerns
that
I
hear
in
the
previous
meeting
was
about
privacy
considerations.
Okay,
I
have
been
working
with
an
encounter
that
they
have
for
the
document.
I
think
is
somewhere
here
in
the
room
Carlos.
L
The
idea
is
first.
We
believe
that
this
information
is
already
being
collected
by
vendors
and
operators
and
in
general,
current
regulations
allow
collecting
the
data,
but
they
don't
allow
is
to
disclose
it.
Ok,
we
have
a
similar
discussion
with
skara
brae,
not
in
the
list
and
also
which,
which
you
do
poll
and
so
on,
and
and
all
these
that
is
being
done.
L
L
So
it's
a
decision
that
we
need
to
take.
If
we
want
to
get
rid
absurdly
of
this
source
address
privacy
consideration,
we
can
go
through
this
way,
so
I
think.
Basically,
that's
answering
the
main
concern
that
I
got
in
the
previous
meeting.
I
think
there
were
other
questions
like
incentive
to
deploy,
implement
this
well.
I
think
the
incentive
is
the
same
as
happy
evolves
is
improving
the
ipv6
deployment
quality.
That's
that's
obvious.
L
There
was
another
question
about
the
OS
vulnerability
if
I
understand
that,
because
the
SIS
lock
is
the
same
as
you
have
today
with
any
other
six
locks,
so
there
should
be
no
difference.
You
are
already.
If
you
have
a
six
lock,
you
are
protecting
that
that
server,
somehow
maybe
not
allowing
reporting
from
outside
your
network
or
whatever
or
right
limit
or
whatever.
L
There
are
more
things
to
work.
Yes,
of
course,
but
I
think
having
this
document
as
a
working
group
item
will
help
to
get
comments,
because,
basically,
as
the
case
for
for
the
previous
presentation
from
gen,
we
didn't
have
any
comments
or
any
inputs
in
the
mailing
list.
So
hopefully
it's
it's
going
to
improve
ops
and
to
open
questions.
L
It's
possible
to
do
this
reporting
with
what
ipv4
and
ipv6
but
I
believe
that
if
we
are
looking
into
the
future
in
26,
only
it
makes
much
simple
to
report
using
ipv6.
If
they
td6
access
to
the
customer
is
broken.
Then,
as
I
just
mentioned,
you
have
a
much
bigger
problem
right,
so
so
you
probably
need
to
detect
that
some
somehow
in
a
different
way.
L
In
that
case,
basically,
you
will
not
get
the
reporting
and
then
well
I
have
a
question
that
I
guess
is
a
personal
question
about
if
it's
possible,
to
ask
I
Ana
to
reserve
a
specific
address
you
said
before,
but
that
will
not
be
changed.
The
problem
because
we
could
use
any
other
ipv4
address
main
changes
from
the
previous
version.
H
Michael
jeomsun,
so
I,
don't
remember
if
we
discussed
this
at.
Let
me
what
was
the
rationale
for
choosing
dot
one
in
the
prefix.
The
exact
same
address
st
is
64
real
a.
What
was
it
rationale
for
choosing
that
address
and
not
another
address
in
that
/
24.
Just
what
was
the
rationale
for
choosing
dot
one?
Well,
actually
you
can
choose.
H
L
L
G
Would
suggest
pick
you
know
the
v4
address
if
necessary
can
pay
the
ten
bucks
by
hit
so
on
on
the
question
of
whether
it's
report
from
using
v6
before
it
doesn't
seem
to
make
sense
report
this
over
v6
like
if
happy
eyeballs
fell
back
to
v4.
It
means
that
v6
is
broken
and
we've
seen
a
lot
of
the
cases
where
we
see
the
v6
is
broken.
G
It's
actually
the
last
mile,
not
something
in
the
core,
so
at
least
in
our
experience
it
seems
like
you're,
better
off
doing
something
else,
either
reporting
out
always
on
before
or
or
using
happy
eyeballs
to
do
your
report
right,
because
if
it
because
if
there's
an
outage-
and
you
see
an
error,
then
the
ears
who
can
report
that
error,
what
you're
looking
for
what
you're
worried
about
is
silent
failure
is
where
the
system
falls
back
so
then
use
the
same.
Fallback
behavior
and
you'll
be
guaranteed
that
it's
gonna
work.
L
G
L
B
B
B
Right,
there's,
no
air,
so
okay,
so
you
can't
use
happy
eyeballs.
You
just
sent
to
UDP
messages
and
bite
the
bullet
on
the
fact
that
they
can
be
correlated
yeah,
okay,
so
collied
in
your
talk,
you
said
that
dual
stack
worked
against
you
and
that
the
happy
eyeballs
approach
was
a
problem
which
is
to
say
the
Geordie
is
talking
about
where
you
were
talking
about.
Do
you
have
additional
comments
you
want
to
bring
in
from
an
operational
perspective,.
D
E
L
You
don't
know
it
happens.
I
can
tell
you
some
examples
and
probably
similar
situation
as
as
Cisco
mention
I
have
got
one
National
Bank
from
a
country
telling
me
hey,
we
have
deployed
ipv6
and
then
I
was
testing
it
and
it
was
not
working
and
partially.
The
problem
was
the
transit,
international
transit
and
the
interesting
history.
L
What
they
mention
is
I,
make
a
mistake
with
any
submitted
version:
zero
zero
when
I,
try
it
to
send
version
zero
one
because
I
the
title
to
correct
a
mistake.
The
data
tracker
didn't
wanted
to
accept
zero
one
for
a
non-existing
previous
rule.
Zero,
so
I
make
a
new
zero
zero.
So
this
is
the
second
version,
but
a
still
zero:
zero.
Okay.
Okay,
thanks.
L
E
E
I'm
this
is
leaking
what
the
iPhone
user
is
connecting
to
that's
like
one
of
the
Holy
Grails
of
privacy
right
there,
even
if,
like
it's
encrypted,
I'm
gonna
need
a
lot
more
than
a
oh.
We
have
a
soft
approach
and
we
don't
log
your
client
IP,
even
if
it
says,
must
in
the
RFC.
That's
maybe
not
even
good
enough,
so
I
think
we
need
to
really
sit
down
and
talk
a
lot
more
about
privacy
if
you
want
the
client
OS
to
adopt
it
because
going
back
to
your
point
about
incentive.
E
E
In
this
case,
that's
done
the
incentive
for
this
there's
no
incentive
for
us
as
a
client
device.
The
customers
are
already
happy.
Their
eyeballs
are
happy
because
of
happy
eyeballs.
This
is
to
make
your
network
better,
which
I
want
to
help
with,
but
we're
really
going.
The
incentives
aren't
there.
So
we're
really
gonna
have
to
work
on
making
a
thea
sensitives
and
be
convincing
us
to
build
a
way.
That's
privacy-preserving,
so
maybe
using
something
like
differential
privacy
or
in
something
I,
I.
Think.
L
E
B
E
G
You
know
if
you
I
really
think
if
you
want
this
to
be
implemented.
It
is
this
it
like
basically,
is
a
security
problem
and
is-
and
you
know
this
is
actually
creating
lots
of
lots
of
security
problems.
I'm,
not
even
I'm,
not
even
like
qualified
to
comment
on
your
assertion
that
you
know
it's
not
a
privacy
breach
unless
you
disclose
the
information
you
know
it.
G
It
doesn't
seem
credible
to
me,
but
like
I'm,
not
going
to
talk
about
that,
I
think
I
think
you'd
be
much
better
off
doing
some
sort
of
flow
analysis
and
getting
this
done
on
a
statistical
basis.
To
be
honest,
if
you're
looking
at
TCP
just
look
at
sins
and
syntax,
divert
them
off
to
a
mirrored
port
and
like
see
see
if
they
come
back
right
because
it
the
traffic
is
gonna,
be
symmetric
at
the
cost
from
where
endpoint
I'll
just
do
that
I
mean,
like
so
I
mean
like
yeah.
You
can
standardize.
G
This
I
mean
like
we're,
never
going
to
implement
that
good.
Such
a
huge
privacy
hole
right
so
I
mean
I,
don't
want
to
get
in
the
way
of
useless
work
right.
You
know
if
it's
if
it's
harmful,
I'll
get
in
the
way,
but
if
it's
used
to
the
Senate
doesn't
matter
because
as
long
as
you
don't
implement
that
there's
no
problem
right
but
but
I
think
if
you
want
it
to
be
relevant
and
I
think
you
have
to
think
about.
G
L
At
the
end,
I
think
that
if
we
believe
this
is
useful
and
I
think
for
several
comments
is
useful.
We
want
to
do
this.
Maybe
the
way
to
that
this
big
proposal
right
now
is
not
the
best
one,
but
what
I
am
saying
is:
please
provide
inputs
about
that
about
how
to
do
that,
how
to
improve
and-
and
we
will
move
into
that
direction.
J
J
My
last
mile,
otherwise
I
wouldn't
know
so
and
but
back
to
security.
I
can
give
you
one
security
scenario.
You
requested
what
knew
before
address
you
before
block
for
this
right
and
if
my
ISP
has
no
idea
about
this
technology
and
I
get
an
endpoint
which
implements
this.
It
will
send
UDP
traffic
to
some
destination,
which
someone
else
might
advertise
to
my
ISP
and
what
my
traffic
will
go
there,
and
some
people
somewhere
and
Internet
will
get
some
interesting
information
about
all
sites
I'm
trying
to
reach.
O
O
Ok,
fine
I'd
like
to
know
that
I
have
problems
with
my
network,
but
maybe
I
could
monitor
that
in
some
fashion
and
that
would
be
cool
I'm
not
doing
that
today.
I'm,
probably
not
gonna,
do
this.
If
it's
the
problem
is
on
the
remote
network,
I
can't
really
tell
them
there's
a
problem
so
much
like
they're,
not
gonna,
listen
to
me,
I
can
call
Telecom
Italia
and
say
something
is
broken,
and
lo
say
we
don't
know
who
you
are
go
away
right,
which
they
do.
O
That's
fine,
so
other
than
sort
of
research
paper
saying
well,
we
see,
X
percent
of
things
are
broken.
I,
don't
really
understand
what
the
point
is
and
then
add
this.
The
dislodging
everybody's
web
request
is:
that's
a
bit
horrible,
so
I
guess
it's
a
neat
hack
I
appreciate
that,
but
I
don't
really
understand
why
I
would
ever
do
it
so
sell
it.
Please.
B
So
yeah
so
I
think
where
we
stand,
we're
not
ready
to
think
about
adoption.
At
this
point
several
issues
been
raised
in
the
last
few
minutes
and
if
you
could
address
those,
then
you
know
I
think
you
see
where
that
goes
now,
don't
go
too
far.
Jordi
Jordi
come
back,
so
here's
we've
got
another
half
hour.
So
I'm
gonna
move
one
of
your
drafts
forward
from
next
week.
B
L
Okay,
we
start
I
started
this
document
because
when
when
we
talk
among
us,
sometimes
we
are
saying
ipv6
only
and
in
fact
even
talking
with
some
of
the
co-chairs,
some
of
the
times
about
some
specific
documents
or
work
or
situations
in
networks.
We
are
not
thinking
the
same,
so
I
have
a
position
about
goatees
ipv6.
Only
and
some
other
people
has
another
one
so
and
I
think
it
was
Lee
in
the
previous
meeting
said.
L
Maybe
we
really
need
to
have
a
definition
or
a
concrete
definition
of
what
is
ipv6
only
to
get
in
sync,
so
well,
I,
the
first
version
of
the
document.
Some
people
was
not
understanding.
What
I
was
telling
when
talking
about
forwarding
IP
in
layer,
2,
layer,
3
or
whatever
so
I
changed
it
completely
in
this
version
of
the
document,
and
basically,
what
I
am
saying
is:
let's
define
what
is
the
specific
scope
or
what
a
specific
network
are
when
we
say
that
we
have
or
not
native
support
for
APB
for
ipv6?
Okay.
L
So
that's
that's
the
basic
idea
to
really
say
instead
of
ipv6
only
ipv6
only
where
and
in
the
sense
of
native
support
of
one
or
the
other
protocol.
So
this
is
this
is
an
example
of
of
a
network,
so
we
have
a
network
which
has
cellular
residential
and
corporate
customers
and
in
this
case
I
am
using
an
example:
4
4,
6,
4
X
lat,
which
many
people
will
say
hey.
That
means
that
it's
ipv6
only
because
basically
you
have
only
it
before
in
the
transit.
L
I
don't
know.
Will
you
agree
that
this
is
an
MPV
six
only
network?
Some
people
told
me
yes,
this
is
a
pv6
only
book,
because
in
inside
of
your
head
were
basically,
you
can
have
everything
which
ipv6-only
and
that's
true
and
you
can
have,
of
course,
dual
stack
at
the
at
the
lungs
of
the
customers,
but
you
are
not
actually
transporting
ipv4
natively,
okay,
so
it
will
read.
This
is
ap
physics.
Only
then
now
want
to
look
at
every
specific
part
of
the
network,
so,
for
example,
in
the
cellular
network.
L
M
P
L
Well,
in
general,
what
I
try
to
do
is
not
to
say
if
the
devices
or
the
network
has
the
capability
of
being
dual
stack
or
not.
What
I
am
saying
is,
if
actually
from
the
perspective
of
the
operator,
he
is
or
not
transporting
natively,
ipv4
or
ipv6
I.
Think
that's,
that's
the
small
difference.
So
maybe
we
need
to
fix
that
in
in
in
in
the
and
saying
explaining
what
would
you
just
set
to
differentiate
both
situations?
L
Q
Yeah
this
is
Alexandra
Petrescu,
I
I,
see
you
picture
there.
A
cellular
network
and
I
still
have
to
read
the
draft
and
I
hear
you
call
it
ipv6.
Only
I
I
believe
there
are
at
least
two
kinds
of
cellular
network
that
support,
ipv6
and
actually
I.
Think
none
of
them
is
ipv6
only,
and
this
is
why
maybe
I
have
to
give
you
some
comments.
L
L
Q
L
G
Yeah,
so
it's
it's
worth
noting
that
the
same
the
same
network
can
at
the
same
time,
support
maybe
v4,
v6
and
v6
only
links
so
yeah.
It's
not
a
property
of
the
network,
but
it
is
a
property
to
the
point-to-point
channel
you
established
over
that
network.
There
is
most
certainly
an
ipv6,
only
PDP
context
that
is
only
v6,
alright,
so
sorry
v6
only
SSID
yeah,
so
the
logical
link
layer.
There
definitely
is
v6
only
link.
N
Julie,
it
seems
like
there's
a
semantic
distinction,
that's
being
teased
out
here
where
client
isolation
is
such
that
you
either
do
or
do
not
have
v4,
and
you
do
or
do
not
have
v6
right.
If,
if
you
don't
have
v4
on
the
client
or
in
the
clients,
immediate
upstream
connectivity
cone,
it's
irrelevant
whether
the
rather
rest
of
the
network
supports
v4
or
not
right,
because
client
can't
use
it
even
if
the
client
does
it
internally.
N
It's
not
present
so
like
to
the
extent
that
you
know
that
isolation
is
enforced
where
it's
enforced
actually
describe
to
what
kind
of
a
network
you
have
right,
because
by
and
large
we
do
not
have
layer
to
broadcast
domains
which
have
multiple
hosts
associated
with
them
right.
So
you
don't
have
the
case
where
the
clients
could
have
v4
and
the
rest
of
the
network
does
not.
R
L
Okay,
but
what
I
am
saying
is
if
the
network
is
transporting
ipv4,
natively
or
not,
I
am
NOT,
saying
cannot
have
ipv4
on
top
of
an
ipv6.
Only
link
is
the
same
as
when
today
we
have
an
ipv4
only
network
which
most
of
the
espys
hub.
Unfortunately,
users
can
still
have
Tunnel
brokers
to
have
a
PVC
service
that
they
spinette
worries.
Dual
stack,
not
the
ipv6
network,
is
in
this
case
I
think
for
only
you
see
the
point
honestly.
No
okay.
Q
L
A
L
Q
Q
F
F
This
is
already
a
very
complex
case
for
the
last
ten
years,
I've
been
explaining
to
people
that,
in
the
case
of
an
ipv6
only
network,
yes,
there
will
be
a
residual
connectivity
to
ipv4
sheriff
sheesh
you're,
not
losing
anything
in
your
transitioning
you're,
not
helping
me
here
from
an
end
user
perspective
and
even
as
that
sort
of
Joel
mentioned
and
I
think
Alan
was
also
going
there
from
an
implementation
perspective.
You
have
a
v6
stack,
it
might
work,
it
might
not.
F
L
Don't
think
you
don't
got
the
point
here,
because
what
I
am
saying
is
that
there
are
going
to
be,
and
there
are
already
some
service
providers
that
either
in
solar
or
non
similar
networks
will
deliver
and
they
are
delivering
ipv6
only
access.
For
example,
if
you
talk
about
the
one
link,
so
in
that
case
we
want
to
be
very
specific
when
we
say
ipv6
only
if
it's
the
full
network
or
only
part
of
it.
F
E
David's
canaussie
Apple,
so
conversations
that
I
have
at
the
ITF.
It's
true
that
for
some
people,
the
ITF,
nat64
or
SSID
that
everyone
no
room
should
be
on
is
v6
only
for
some
people.
It's
not
v6.
Only
and
it's
true
that
there's
some
confusion
there,
but
we
generally
clear
it
up
pretty
quickly.
I
then
read
your
draft,
and
now
I
am
ten
times
more
confused.
E
Viewing
the
questions
and
your
answers.
I
am
still
extremely
confused,
so
I
don't
know
what
problem
you're
trying
to
solve
and
I
think
you're,
making
it
worse.
At
the
end
of
the
day,
whoever
you're
talking
to
you're
gonna
have
to
explain
the
terms
anyway
and
having
a
document
that
says,
no
really
don't
call
it
as
a
cell.
We
renamed
them
to
TLS
people
stopped,
calling
it
as
a
cell.
It
doesn't
help
like
we
don't
we
don't
even
have
a
problem
to
solve
here
and
would
I
I'm
just
completely
confused
now.
Well,.
L
L
J
J
L
J
The
problem
is
you
kind
of
mix
in
technical,
administrative
definitions
right
there.
There
are
administrative
factions
which
might
make
your
network
v6
only,
and
there
are
technical
things
if,
for
example,
in
your
LAN,
you
deploy
filter
some
layer
2
which
prevents
it
to
happen.
Yes,
it's
one
thing,
but
if
I'm
just
design,
my
network
has
been
v6
only,
which
means
I
am
not
supposed
to
provide
before
service.
C
C
Think
what
I'm
hearing
from
the
conversation-
and
this
may
be
more
about
putting
a
chair
hat
back
on
as
I'm
looking
at
my
co-chairs-
is
I'm,
not
sure
that
we're
hearing
from
the
comments
here
that
there
is
a
problem
that
we
need
to
solve.
If
we
hear
that
if
we
agree,
there's
a
problem
that
we
need
to
solve,
then
I
challenge
us
to
go
figure
out.
Alright,
maybe
we
don't
still
don't
have
the
right,
maybe
we're
nowhere
close.
Maybe
we're
close
and
haven't
quite
gotten
there.
C
Yet
I
don't
know,
but
if
we
don't,
if
we
don't
agree,
there's
a
problem
we
need
to
solve
because
there's
communication,
then
then,
there's
no
point
in
advance
of
the
document.
I
will
point
out
that
I'm
not
connected
on
my
laptop
over
there
to
the
nat64
SSID
I'm
connected
to
the
ipv6,
only
SSID
and
the
nat64
one
isn't
v6
only
but
that's
yeah
we've
got
a
terminology
collision
right.
There.