Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Internet Engineering Task Force / IETF 115 / 11 Nov 2022
Internet Engineering Task Force / IETF 115 / 11 Nov 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: IETF115-V6OPS-20221111-0930

Description

V6OPS meeting session at IETF115
2022/11/11 0930

https://datatracker.ietf.org/meeting/115/proceedings/

A

Thank you.

A

Foreign.

B

So it's 9 30. Let's start welcome to the V6 of session. Before we start everything.

B

We invite our ad Warren to say something.

C

Hello world so today in commonwealth countries, it's Remembrance, Day and so I'm asking that at 11AM we take a brief pause for a minute or two serve, as is custom in in countries. I think we should always try and follow the Customs wherever we are I happen to also I. Think it's a good one and it's just a minute or two of Silence to sort of remember people who've died in conflicts so whoever's token at 11, A.M. Sorry we're going to interrupt your speech for a minute and we'll have a minute or two of Silence.

C

Thanks.

B

Thank you Warren. So I'll start with the note. Well, it is a reminder to everybody that basically expect other participants.

B

And I also like to show you the agenda. So today we have a big agenda. We have one working group, Jeff and six individuals you have and at the end we also have the operational presentation to share IPv6.

B

Only hosting companies. Experience.

B

And this is an overview of the working group status so from quantity perspective, our number of individuals left are increasing um the number of working groups. You have an obviously or you have the England score stable. So from a quantity perspective, we seem to be doing fine, but how do we measure our growth in quality or in battery impact? I? Think that this is a question that's worth thinking.

B

My own personal perspective is that if our group is helping to solve certain IPv6 challenges facing the industry, then maybe we are doing a good job, and here we fixed for challenges here and if you have other idea how we can generate a bigger impact in the industry or how our working group can do better. Please select the chairs no, and the last thing is that we're going to call for contribution, because at the moment we are doing some people are doing some very meaningful work.

B

For example, Brian Carpenter is leading to a group to write a free, IPv6 textbook. We believe that this is something very useful, because if the students are not educated in school, when they go to their jobs, they still don't understand IPv6. It will be difficult for them to deploy IPv6. So here I provide a link of these Brian's book and also you only need a GitHub account in order to contribute so Brian really encourage everybody to look at the link and contribute to this book, and the second thing is Mike are collecting.

B

The IPv6 is used in Enterprise and we are doing some site meetings on Tuesday. We have one um many of the top IPv6 experts was there to comment and participate in the discussion, and we are really grateful for the contribution of this top experts. So we call for a more people to participate and contribute on this, and also in B6, orb and actually in sixth main or even in Nano.

B

There are certain topics that get debated again and again so, every six months or 12 months, the the same topic will emerge and then there will be a big discussion. So, for example, this time this do ISP deployment.

B

We hope that after so many experts voice their opinion and do this discussion, we can collect the information from the mailing list and maybe like a summary draft, so that in the future we don't need to debate it again. Maybe we can at least Point people to the UF.

B

We believe that this is something meaningful and we call for some volunteers to do this work and also there are certain working group draft that currently expire, and we also call for the existing co-authors, or maybe some new contributor- to discuss with the existing the original co-authors, whether to restart this working group as well, and if you can think of something else that are meaningful for our working group. To do please, let me know so. This is the the working group status and the next topic of my agenda is.

B

My own working group job so run. Can you run the slides for me while I present.

D

Okay, give me a second to find the uh forward and back.

B

Yep.

B

Oh it because I only have two slides, maybe I.

D

Can run.

B

It myself.

D

Okay,.

B

Thank.

D

You very much.

B

So this is the first time this you have become a working group and for those people who haven't read it yet. I would like to give a quick summary of what's in this draft, so the job basically have three parts. The first part is a summary of the node excuse and also the cause. I think that our contribution is mainly to summarize like of the 15xus. No, they are basically triggered by only three calls.

B

So if you deal with just the three calls, it will be uh easier than to deal with uh 15 issues plus if, in the future, a new Excel is discovered under certain chords, and if you already deal with the cause, then you automatically deal with a future excuse as well, and the second part of this draft is, we summarize flirting optimization solutions. They deal with the excuse that we talk about, and we not only summarize the solutions.

B

We also discovered that all of these Solutions rely on has one common thing, which is to do some kind of like host isolation, to try to avoid the excuse and this host isolation can be, for example, P2P link, isolation or p2mp link, isolation or unique prefix per holes, which basically put each host in its own subnet.

B

We can call this the subnet isolation, and there are also The Gua isolation and proxy isolation, so we encourage you to take a look, because this is this is at least some New Perspective, and the third part of this draft is that we learn basically learn from the existing optimization solution and kind of extend this isolation idea for people to consider when they are planning their first hope deployment. So we basically recommend that you start from the highest level of isolation. There are certain actual requirements to that.

B

You can consider that whether this is applicable to you or not, and if it's applicable to you, if you start with the highest degree of isolation, then you are the safest. You know in the future in the future there may be. You know certain new issue. May be discovered, but it may already be uh taken care of. So you start with the the highest level of isolation.

B

um If it's not applicable, then you move on to the kind of like a loose isolation. They have lower entry requirement, but it can also have a more potential excuse and you basically go through a guideline and a step by step until the last step is no isolation at all. So this cover all the scenario, because in the end, you can give up our isolation and just do the back to the normal uh in the situation.

B

So we believe that for people who are interested to know all the issues related to ND, this would be a good reference. It's like a One-Stop reference that you can get all the information.

B

um The last slide, basically summarize the change in this version because, for example, Jane lose some comments in the last ITF attack. Certain solution that will rebuild are as environmental. So in this version we pointed all of this out uh mentioned that well, the file names will not be called ND deployment because ND is a single protocol, so we change the file name to end the consideration.

B

Something also always the point that if we do unique prefix per holes, then each host can take a slash, 64 or even slash 56 and it seems to consume a lot of address, but the job actually have a discussion on this deck. Given that at the moment that the magnet rir can give you a slash 29 without without the need of all justification almost then we really have sufficient slash 64 for every host, and if we do this, actually it can avoid a lot of excuse.

B

So we also highlighted this, and there are some other uh uh comments that way that we incorporated in this version. So this is a quick update of the draft and any comments.

B

So nobody in the queue, then we move on to the next presentation link.

B

Go ahead.

E

Okay, uh can you hear me? Yes? Okay, thank you, uh hello. Everyone. uh This draft is about a framework of epithesis, only another network, uh the multi-to-me networks. It has been presented in IHF, 103 and 114, but the next two revealed again next, please.

E

Next, okay, the objective of this draft, as we all know, ipv4 as a service basic requirement of uh for ipv's only annually networks when ipv4 protocol is disabled. The network should not only carry relative IPv6 service but also ensure that the remaining ipv4 serves running normally, and it does not impact on user's components. Based on this consideration, the objective risk framework is to provide end-to-end, ipv4 service delivery or multi-domain ipvc's only other networks and improve, and to improve data for efficiency by eliminating unnecessary ipv4, IPv6 converance in a scalable way.

E

Next, please.

E

This is a problem focused based on our experience. During the past, IHF has designed many activities. Technology each have different fpv4 activities, converter gateways, it can be encapsulation based or translation based. Some are still full on. Some are stillies here. Xl8 is a general term to represent various fbv4 IPS gateways. The network community's figure is used as a general, as a user figures is a multi-dominant Works, which consists of ES1, as2 and as3. Each domain serve different scenarios in production network two support activities, only EGS uses corresponding transition technology.

E

There are six different gasoline Gateway in this case. If applicable, user is trying to access ipv4 service, their IP basis, email Network, the data stream need to Traverse as1 as2 as3 when ipv4 packs reaches the edge, is one they are converted into IPv6 package by episode, one and then converted ipv for packs by absolute 2 as egress. Well fts2, they are converting to activities package again and process is same way as ES1, and the process in answer is the same, except for the excellent gateways are different from the prospective operators.

E

Excessive excellent gateways makes Network complex and the increase in Opex as well. Moreover, Activity six data pass for ipv4 delivery is not going to end. It is. Com is component by multiple discontinuous tunnels. Some people may say, if also as use the same transition technology, the problem can be sold, but that's not the case. No single existing technology can solve the transition problem of other scenarios. There are some existing IPv6 only for Transit records, such as that in RC 5565, which network, which proposed to use bgbination Hub as a tunnel in the pawn address.

E

However, as I mentioned in this IFC in the nas case, asbr as a remote in the point of the software is not the bgp network hub for package that need to be sent on the software. Those procedures do not work when the trend call consists of RTS.

E

Therefore, we need a new framework which can set up end-to-end activities. Time or translation based did pass across multi-domains near secure and scalable way, so as to transfer ipv4 service from linguous uh to the egress key without any transition function in the middle of the data path.

E

Next, please so, in this framework, UTP will be allocated and under defined by at least one activists making prefix. It will also have one or more Associated ipv4 address block which are extracted from the local app before routing table or dress code. The American relationship between ipv4 address, block and IPv6 mapping prefix is called address.

E

Mapping room it is in this case and address my control is created by pe and provides previous level mapping for stateless ipv4, ipvc's address, converter HP devices essentially address mapping rule gives the direction of ipv4 address I mean for Service delivery in multi-dominate Networks.

E

The first one is room management layer which is in charge of the American rules starting local database. The second one is routing processing layer with which the mapping rules can be propagated within across ipvc's, only domains to provide a beautiful, reachability information to other peas, which may be cross domains. Actually, the changing of the prefix might pin for activities only has happened and as an Access Network such as that defined EFC 7050 in the ds64, but is exchanging a mapping prefix in Trend call is still black. Now this solution will fill the gap.

E

A data forwarding layer, support, ipv4 delivery by incapitalization or translation. With this design. We're happy before package reach the previous online work. The Ingress pu will use address, mapping rules to generate corresponding IPv6 cells and desolation address of the new header from its original ipv4 source and desolation address. The ipvc's package generally are sent to the red. Egress PE will not be converted to fpv4 package on the way, so it is end of the end. Imitation there's no need to make a user related status or translation tables as PE, so this approach is scalable.

E

Next, please.

B

Something you still have five slides. You may need to accelerate.

E

Okay,.

E

Production Network so far, it includes metro area network at the backbone and quality centers. Totally there are five domains. Our practice show that this framework is feasible and valuable. Moreover, it is compatible with existing abuses. Only techniques such as 6-4 uh the 464 absolate in this way, metal, 6, 4 device and P or multi-domain will converge. So the current phase interface and the core phase interface are both IPv6. Ipv4 server will be delivered from user terminal to the equity directly.

E

uh This it can also have to be extended to more as Network operated by different operators. So I think this is only the past can be by multiple operating networks. Next, please, but we have received another comments since it was presented on behalf of all the classes. I explained expressed sincere thanks next, please.

E

On Commons received with 17, had been made since ietf 114. Firstly, srv6 is removed from the quantities based on the comments of Veronica. In particular, the framework does not specific T techniques as mentally, and that's the security consideration section was updated based on the comments from Gene, and then we also made reviewing to reflect the outcome of discussion with Qing and the other unlimited list.

E

Okay,.

E

So next, please.

E

uh This class is drawn to work our Channel Telecom Sun at Verizon orange, so it's called the card number is zero. Five. We think the document is ready for a call for adoption, so more commonly welcome is Europe. Thank you for your attention. Please question.

B

Any comments.

B

Something.

F

Okay, our champion from Huawei, in fact I. This is the pay attention to this drop dance solution for a long time. In fact, I think YouTube propose the Practical solution for the implementing the IPv6 only across multiple domain, and also because- and this is database solution and with uh match this capability advantages. So I think this draft is the solution proposed and architecture does work well. So, in addition, I think this is related with uh also related with some of this solution in the control plane on the data plane.

F

I, think all these architecture framework, we should go on to propose the possible this solution work with this data plane- and this is the control plane to make this architecture the complete.

B

Oh.

G

Hi hi everybody uh I'm. Also the co-author of this draft and uh okay, you may know like we are doing stylish translation of those currency and we have the solution. I mean ITF, has solutions for the prefix fighting, for example, 70 50 or the ND to sign the prefix or DHCP to give like ours. So currently we are working like internet and China Telecom try to work on Cross domain to pass this kind of transition, information across domains.

G

I believe this is a natural extension to the previous discussion for the users, but this is for the peers. Thank you very much.

B

Thank you. Thank you.

B

If there's no more comments, we will move on to the next job.

B

The requirements.

B

Why a king of pigs makes this.

B

Foreign.

H

This is um a couple of drafts on extension, header testing, uh um yeah troubleshooting uh next slide, please.

H

So what I'm going to give? You is the background of the problem and why we think topologies are important and then um the framework of how we want to proceed on this set of troubleshooting drafts uh next, please so so um in the background. So we started testing this before um gosh, maybe about six seven months ago, and the impetus really was is there were quite a few studies showing that there were huge numbers of packet drops with extension, headers and so um in our own testing for our own extension header.

H

um We had found that in fact it all seemed to work just fine, and so then what we wanted to do was to see exactly uh why things were not working and where things were not working. So then we decided to come up with a methodology for why we're seeing it and so, for example, um from last time we presented at the iepg-114 we tested to um what I'll call is um uh naked servers, the the 1980s topology of the internet, which is you have a client. You have the internet and you have a server.

H

So that's what we had. We had a surfer and everything just went right flat out onto the internet. There was no intervening network, but but there were Transit networks, of course, but no intervening set of uh servers. You know an edge to bound it, for example behind a CDN or on a cloud Network, and what we did is we said well we're going to try and go across multiple continents.

H

I mean so you know we're a small non-profit and we don't have like you know, zillions of dollars for this, and so we said well, let's at least see if we can get servers through multiple uh continents and a background. What we put in is we had at this point. We had free BSD servers with a patch to the kernel so that they would send out an extension header with every single packet, because what we wanted to test was real data.

H

You can craft packets, but but we felt that it's much safer and much more Assurance. If you can do like an actual uh application traffic, because then you don't have to worry about you know, is your packet being seen as a sin. Flood attack dos attack. Anything like that. So what we did is we sent large ftps and you can see we sent them from Toronto to Warsaw to Seattle Frankfort everywhere we sent this huge FTP. It all worked next, please so so why are we seeing different results? Is it a difference in topology?

H

Is it because we have a standalone server? Is it the type of eh the size? um You know so there's a lot of different reasons that might be, um or is it something else uh next please?

H

So what we wanted to do was develop a clear set of methodologies to say: okay, look! These are the if you're in this topology. These might be your issues if you're not seeing um uh extension headers, for example, it could be completely unrelated to the EXT presence of an extension header. For example, we found that for certain cdns IPv6 itself is disabled on the other side of the CDN. So it should be uh no surprise that if IPv6 itself is not supported well, then quite likely E8 also is not going to be supported next, please.

H

So these are the topologies we looked at and in the next draft, I will talk in particular about what I call the naked topology client internet server. That's the simplest easiest to understand, and then so, let's start with that, um the CDN topology can be quite interesting because you have to then- and we tested this by moving our own FreeBSD server, which sends extension. Headers we've moved our own server behind the CDN, so we can control it.

H

We could take packet traces over there and on the other side, and I am happy to share the packet traces with anybody who would like them. So you can see for yourself and I can point you to the documentation of the various CDN servers. If you would wish to try this yourself, we're also trying the the cloud provider scenario next next, please.

H

So this is the simplest topology, what happens and again in some ways, um sometimes when we're at the ietf I feel like this is the topology that we are all talking about, whereas in reality this is quite infrequent that this is the topology that we're talking about. It is sometimes the topology we're talking of uh next, quite often, for example, if you go to the Alexa top 1000 or top one million or top whatever to the most trafficked websites, they are behind at a minimum uh one CDN, possibly multiple.

H

If, for example, uh sir, if you're, a video streaming company, you may have uh at an actual CDN presence, you may be also behind a CDN that your ISP provides. You may have a contract with them, so the topology becomes quite important, because I will talk about this more next time when we talk about cdns but to spoiler alert. What we have found is that, quite often um if packets are not dropped out right by the CDN cache server uh Adam, the the E8 is not passed all the way through.

H

So again, um this is quite interesting. uh Next, please, with Cloud providers. It becomes uh um again quite an interesting uh topology and set of experiences are anecdotal experience right now with putting our extension header uh server behind one particular cloud provider. Is that um with when you're completely stand alone on the internet? Everything works. Fine, the minute you behind you move behind the cloud Survivor, so cloud provider.

H

Again it stops working and- and let me let me tell you- we have two CDN providers who are working very closely with us to try to fix this situation and the first cloud provider that we are we have tested with. They also uh have said they will work very closely with us to find out exactly where in their Network, things might be done because um again, the conversations with with them were.

H

um We did not realize we were doing this so so that is actually quite interesting that people um are not necessarily aware that they're even doing this, so this is this is good and I. Think bodes well for the future. Next, please so so this is our plan.

H

um We will have a set of drafts. The first three um uh have to do with topology and I am sure that we will find problems and um during each of these- and let me tell you- is you know, I I, take what Fred Baker told me long long time ago. Hello Fred is that the purpose of the ietf is not to generate documents, but it is to solve uh problems on the internet and somehow I have drunk his Kool-Aid and um I hope.

H

We can solve some of these uh problems and again that once we've done the topology ones, we will then move to a particular pieces of equipment, because, just at the hackathon in ietf 114, we found um a router bug preventing uh eh transmission. So this is why we want to go very slowly and methodically and go through all the potential topology energies and all the potential.

H

Kinds of equipment, because we really feel that extension headers are a very useful part of IPv6 and I hope we will be able to deploy them after we fix some of these problems next, please!

H

So! Thank you so much any questions. Thoughts.

H

Okay,.

I

Okay,.

I

Just very very stupid question: my brain is not working. How is the trouble shooting packets with packet drop, with extension, header, fundamentally different from troubleshooting? Any other packet drop you might see between sources and destination, I. Think they're, like the methodology, will be more or less the same. I need to find where it's dropped and look in the device which is dropping it so I'm, just not sure of what is so different that we need to focus on its specifically instead of providing maybe General guidance to operators, how to turbo should start.

H

There's a very interesting question: Jen very interesting, I think I. Think um no, no, very, very interesting because sometimes in fact the packet drop is because of IPv6 itself, but I hang on one second, but I.

H

Think the difference is, is that um in today's Networks um there's a specific you have to go out of your way to send extension headers and to send them at different sizes and different kinds, and and so I think that is the difference and right now what we have been doing is um sending just our own uh PDM destination options, because that is what we have as a real extension header.

H

We are redoing our methodology so that we have um uh We've implemented our our stack in ebpf, which can send different kinds of extension, headers and different sizes and so forth. So so I think that's where we will add on. Do you see what I mean.

I

Yeah, in this case, I I think what would be very, very useful addition to your draft is to provide guidance, how exactly shared those headers right, because people who would need the guidance on how troubleshoot Network probably have no slightest idea how to insert a random field in a random IP packet right. Maybe some links to implementations and so on would be useful in.

H

A very very good point: Jan yeah any other thoughts or so Suresh.

J

Thanks uh thanks nalini, so I'm not sure exactly how you're doing it, but I do have an answer for Jen. So I'll just run it by you see what you think, okay great, so what we can do is probably do two tests in parallel, one for just IPv6 packet without the headers and one with headers right at the same time and then collect the statistics and then have a null hypothesis of it doesn't make a difference. And if you get a p-value, that's smaller, then we do it I.

J

Think Anna is here, so maybe she's doing some tests too. So if she can confirm that is it then it makes sense to me no.

H

No Suresh, you are so right that actually is exactly in the draft, and that actually is exactly what we did is is but I think her point was a little bit different. Is that in some ways it is true that that, if that in either case it could be a firewall setting, it could be the topology and so on, but after that the next step is what you say, and that is actually in our draft too, and that is what we did is we said. Yes, it passes without the extension header.

H

Now, let's see if the problem is extension, header itself, no very true thanks involved.

K

Gory first wow this is high, and so what is your intention with the recommendations that come out of this, because I see two different pieces here, I see if we're going to deploy and operate extension headers, we need ways of knowing and managing that operation and the paths that support it, but there's also guidance on how the extension headers should be implemented and how they should be used by the end points. The end nods is that other part starting Sixth Man, or is there some oval up here? No.

H

Yeah yeah I think I understood.

H

Yeah yeah stop right there, no, no, no go back to one go up, one more: okay, yeah, a really good question, I mean and really good point gory. There are two different things: well, maybe even three one it's like if I am a designer of a certain protocol or whatever and I wish to use a particular extension header. What should that? What should be done? Two, if I'm a user of said protocol, you know, then what should be done. That's very true and then, but really I. Think um there's there's huh okay!

H

Now this is kind of a morass but there's actually three four five and six, which is which is, if I am, for example, a router vendor or if I am a load, balancer vendor or if I'm, a CDN or, if I'm a cloud provider. What should what should be done and- and that's a very, very interesting topic you raised gory and one of the things I'm kind of thinking is that's why we want.

H

We want to figure out some of the problems and once we've figured out some of the problems and maybe even fix some of them, then at the very last thing then then, maybe we do a BCP and the BCP really is I. Think quite interesting, because it's more it's it's like it's like what should people be doing and for certain extension headers what extension headers should be encrypted? What should be authenticated?

H

What can go in the clear and then, of course, then people bring up the issue of limited domain is like is: is it a limited domain? Is it not that's? Why I kind of want to kick that whole can down the road? Quite a bit is: am I answering your question. Gory.

K

Maybe I think the word BCP here we have to separate somehow I I to wait this work. We need to advise operators what to do. Give them tooling help with configuration, but finding whether you do encryption or authentication sounds like a protocol mechanism to me.

K

So we need to split apart the protocol recommendations which I think probably belong in in in six months, from the operational considerations which are equally important but tell you how to configure how to use how to test how to know it's working and I think we have to clearly separate these out or we'll end for some really big morass, as we start to make the recommendations. No.

H

No really really good point gory and of course you know, do I mean for everybody. I mean please do contact. We have a pretty big team, helping and working with us already, and anybody that wants to um you know work on this, especially people who have commented at the mic, such as gory. If you got ideas, you know yeah great, perfect.

H

Okay, it's.

B

Always a move on to the next yeah.

H

Okay, so so this one, then now we'll now we'll start getting down to actually what methodology is okay. So this is what I call the the naked or Standalone server. This is Mr 1980s topology next, please!

H

So, as I said, you know, we've got a number of different topologies. Let's do the the easiest one first, okay! Next, please.

H

Hello yeah, so this is, as I say, um slightly joking I suppose about 1980s topology. So we have the client. You have the internet with multiple Transit networks, whatever and a server, and so let's just do that. So then we've got that and in and in our case our our um server was eh, enabled and and again I. There are multiple ways to to do this and what Jen said was very interesting and and I.

H

We have to think whether to make um our code, uh which is a work in progress to be available to others, to test with very I, have to think okay, but that's kind of the topology next, please so so that's the question really is like what do you?

H

How are you going to be able to send EHS, there's, there's a bunch of different ways, as I say: I'm kind of a bigot on the the send it with real data, because because you know I feel like you know, I mean there is awesome, awful smart people who know how to craft packets perfectly and can send them so that it's not a um you know seen by anybody. As a sin. Flood attack or a Dos attack and stuff. You know I want to keep it simple for myself.

H

You know: I'm, like okay, I'm, just gonna, send an FTP. I know what it is. I'm gonna do a curl. I know what it is. It's doing a real session I, don't have to worry about sequence numbers any of that, and so so then I'll do that. So, but you have to make that decision. How are you going to do this? How are you gonna? You know? That's a decision point. There are there's lots of packages that you can craft um extension headers with.

H

But how are you going to add them and what's going to be the content of it and then, of course, what's the rate of sending and sampling because you know I mean you know as I say, if you send like 20, TCP sin, packets um and and you're not doing the if you've crafted it and you're not doing uh the entire synax sequence, then you could be falling into sin. Flood attack protection.

H

So what you're testing is something entirely different from what you think: you're testing, or even even hitting up a performance enhancing proxy or who knows what which is responding to you. So again, you know I want to keep my simple brain simple, so I like craft I, like actual data, but you have to make these decisions okay, so next, so then what we did is the first thing, which is the way we're doing it, which is that we have a test server, enabled to send eh with every packet.

H

And of course we can turn that on and off because the first thing we do is we send it off. So then you know if the packet is getting through at all and if the packet's not getting through at all without the eh. Well, then, you know I mean whatever right or if it's not getting through in IPv6.

H

Well, then, okay I mean right um so, but this is what we did. We had a test server and now and now it's an Ubuntu server with ebpf sending eh with every packet, and then we put up um I, believe we put up Apache um and- and we put up a huge old index.html, so that in our case not only does it send back the Doh extension header, but it's fragments, and so we got fragment headers coming back and then the most important thing, in my mind, is taking a packet trace on both sides.

H

At the same time, that's why you want to have control, because if you don't know what, because, if you're sending one thing you want to make sure what you sent and what you received is the same thing: okay. So next please.

H

So this is what we did and and um so so what we did is just we configured it first, not to send extension. Headers did the thing, and then we did an HTTP curl to see if that got through and then um uh go ahead and sent an eh, and you may also want to send to just the IP address and not a DNS name to you know to eliminate that part, and then you can of course, elaborate send DNS names whatever next.

H

Yeah and then and then come back and send it with eh. um Do the same thing do an HT. This is what we did. Is it it's a pretty simple thing to follow next, please!

H

So, then, then, if normal problem, diagnosis are you are, you know, are you which packets are you not getting? Are you not getting them with EH without eh, what you know, but you've got traces on both sides, so you can compare next.

H

So in the next thing again, we I think we need to discuss how to craft packets um and do it if you're using a crafting methodology, because then you, you probably can't do a curl, but then so we'll do some um some recommendations. I'm tentatively thinking, uh send a few TCP sin packets um and and see what you get back.

H

We've tried crafting UDP, packets, um icmp packets, too, but I think probably sending just a few tcps in is the way to go, um and then we will add um more discussion and troubleshooting where to look at the problem with more troubleshooting. Is that if it works without eh?

H

um uh That's one thing: if it works, then it stops working with EH. It's a that becomes problematic. That may need to wait for some of the other drafts, because then you need to think you can test some things fairly easily like.

H

Are you dropping it right at your Source or not, but some of the other things if it is indeed uh going behind if it's in a Transit, Network and so on, or if it's at some kind of router, uh then as I say as we get down the road on this, we'll have more guidance uh at that part. So some of this will be limited um guidance at this point, but as the other Drafts come along, then we'll have more discussion uh there. Okay, anything else, yep!

H

So that's it! That's it for this draft and um we'll be working on the CDN and cloud provider drafts uh as they uh come along any thoughts questions all right. Everybody got their thoughts and questions with the last draft yep. Okay, oh.

B

Anton.

L

Hello Anthony, uh you mentioned in the test that you would send TCP syn packets in your testing. Are you willing to go through the world uh since uh sequence, because I think that if you just send TCP since to probe, you will be blacklisted by uh Sin Sin food prevention mechanisms? No.

H

No I told totally hear you I totally, hear you and and um but see that's. Why I like to have the application send it gets tricky when you're crafting packets to do a synapse sequence, but I totally hear you and- and um let me is it's a good point. Let me think how I can craft uh a sequence of packets yeah? No, no totally good yep.

L

uh Usually, uh people that were testing mptcp, we are injecting uh things at the circuit level in in Linux by overloading the memory space memory circuit options. So this is something that you can do inside the application, so you can loads or get options beside the application and inject parameters that the toolkit is taking into account to craft the packet. So maybe this is the way a way you want to do for your testing.

H

Yeah, let me talk to you offline and get get some hints from you. Thank you. That's a that's a great comment.

M

Hey, um uh did you see any pocket drops related to um M2 issues and did you distinguish this package drops.

A

From.

H

Yeah, no okay. So in our testing with what I'll call the naked servers, um we saw tons of fragmentation and we did not see packet drops due to MTU issues. We we um again again.

H

um This was limited testing that we did because, let's add this, there was a sad story with the free BSD we had. We ran into it. We had an old kernel that we couldn't get get upgraded and couldn't register. So we were rewriting the code in ebpf.

H

That is something that super concerns me is MTU drops, because we need because right now what happened is. Is these these servers had a big old interface? It had a huge interface which is actually good, because then we saw fragmentation, but if we go from a small interface or something like that and we start doing Source fragmentation yeah, we have to see about MTU issues very good point. We haven't gotten there yet in in this bare set of testing. We didn't see it.

N

Hi hi. Thank you very much for the work you're doing um so. Just to let you know we have a tool called Pathfinder at University of Aberdeen. This tool can already craft whatever packet you may want to send and can do scene not just in a complete handshake test already.

H

Great great so, let's talk and then maybe maybe we can use your tool and do the methodology for the how to do crafted packets. We talk offline yeah, that's perfect because as I say, it's a we concentrate on the the the real application, but I know you guys are doing some great work, and so is it will be very good to collaborate yeah. Thank you. Anna thanks.

G

Something.

O

Does he have.

B

Something you want to say something.

B

If not, then we no problem.

H

No yeah, then I don't have anything I guess the question would be then it's a question for the chairs and the group is is, is this work that we want to uh take on uh or maybe after it matures, but at some point I suppose we had to make that decision.

B

Okay, yeah.

H

Okay, anything else. Okay, then, thank you so much.

B

The next one is.

P

Hello, can you hear me.

B

Now, yes,.

P

Okay, thank you. So, uh in my draft, uh I just accumulate some some test results, which I hope can help the network operators to to find the right, IP version for the service technology for their networks, and we could you go to the next slide. Please.

P

Thank you. So currently we tested uh 464xlat and map D regarding their scalability, and we had the privilege that we could use the same implementation for both Technologies. So Jewel was recommended a few ideas ago and it implements currently both 464 xlat and map T. So we could.

P

We could test both Technologies with the same implementation just uh to to avoid the problem that that different implementers we can do better or reverse job, so the testing method was that we use the customer Edge and the provider Edge devices together and Benchmark them together, and we used DNS traffic for testing just because we had a DNS testing tool which which we use for for testing, sending packets and and receiving back the packets. Could you go to the next slide? Please, foreign.

P

Thank you. So this is the measurement setup it was used for for both Technologies and before those Technologies. We also debted them as uh just two routers were there just to test the the performance of the the system. So, on the bottom left corner, you can see uh IP version for client running the DNS, 64 Plus testing program and the bottom right corner. You can see uh other IP version, 4 server running the convert DNS.

P

It was just used to to answer the queries and it has high enough performance without these sealer 10 pilot, when we just tested them with routers, we achieved two million packets per second, so it was made more than enough that to test the Technologies. So on the top left corner, you can see the signal in the top right corner. You can see the pilot of 4648 slot and they were connected by 10 gigabit links using vlans. Could you go to the next slide? Please thank you. So you can see very little change.

P

This is the test setup for map t on the top left corner and top right corner. You can see the CE and BR devices of the macp technology and we had all the necessary settings. So this is the test networks for for our test, and could you go to the next slide.

P

Thank you. So we tested the performance of the system uh regarding uh how it scales up with the number of CPU cores. So in both devices the the customer, Edge and provider Edge devices, we increased the number of active CPU cores from one by doubling, then their number up to 16.

P

and we use the binary search to find the highest rate at which near the order values were resolved within timeout time. We allowed 0.01 percent packet loss, and here are the parameters just to have everything here: the the published servers and we use Debian, Linux, 10 and Joule 4.2. It was just a release candidate, because that time it was not fully released, but we had to use the same version for both Technologies to be fair with them. Could you go to the next slide?

P

Thank you. So here are the results for 464x that uh here you see the number of active CPU cores, both in the silat and pilot and here the results. Of course, the most interesting things are the medians, because we executed the test for 10 times and calculated the medians and, of course, we also added a minimum maximum here to show that the results were quite consistent.

P

So the practically no significant difference between minimum maximum and you can see that there's a certain scalability, so the two core results are 43 higher than the one core results and the four core results are 79 higher than two core results, and still there are some increase and the eight core is at about 10 percent and about four percent when we switch from Focus to 16.

P

But it's here, the the the the law of diminishing returns that even if we double the number of CPU cores, uh it doesn't scale up well about four cores yeah you can. You can see some some strange thing, that's why it was just 43 percent at two cores and then 79 that Focus. The explanation is very simple: we use the CPU, uh which has a kind of new architecture that the uh even no number of CPU cores that is uh to uh so of course, zero.

P

Two four six belong to number node zero and the odd number of cores one three five ETC number node one and from one note to two core: when we changed we we can to have an uh numer homogeneous system and then, after that it was always homogeneous. So there's not no such problem. Could you go to the next slide?

P

Please thank you and you can see that the same thing also happened with map d, uh the increase from two cores to four courses higher than for one quarter, two cores, but the ink is always much higher than than with uh 464x, so it shows a much much better scale up much better scalability. Even this is 42 percent uh increase when we use 16 cores instead of eight cores, so we can say that, as expected map t scale of better than 465 flat, could you go to the next slide?

P

Yes, here you can see graphically.

P

It is also true that map D started with somewhat lower single core result, but then it has overtaken and surpassed the performance of of 4648 Flats so map the showed much better scale up than 464 xlot. Could you go to the next slide.

P

Yes, that's it so uh here are results. We published in a paper This Is, An, Open, Access paper. So if you're interested in the details, you can check our measurements and now I have the question. If, if you find these things interesting or useful, as as Network operators and yeah I can see that Eric is in the queue. Thank you.

O

So to thank you interesting just the questions where all those DNS query is used to generate traffic, we're always using the same Source port.

P

Sorry.

O

The source board I mean my understanding is that you were using a DNS traffic right for Generate the load. Yes, where all those queries coming from the sales UDP ports.

P

The queries came from different UDP ports. Of course the queries were going all to UDP Port 53, but we used uh different uh Source ports because we wanted to use LSS receive site scaling, so we used okay, the details. We used 16 cores to send queries and under 16 cores to receive the replies at the client at the tester and as far as I remember, uh 100 different Source. Force numbers were used per sending cores so all together, 1 600 different Source port numbers were used.

P

It was the number because of map D, so you know that map D Limits The Source port numbers and they wanted to be below 2000. So this is why we used only 100 and 1600 different Source port numbers.

O

Okay, I was wondering because I would expect if you get a huge variety of source ports. This could have maybe an impact on the performance as well just wondering.

P

uh We used a multiple Source port numbers uh to to enable NSS to share the interrupts between the CPU cores of the of the servers, so they were more or less equally shared, so it's enough to distribute the interrupts. So if we used much much more Source support numbers, then we would have exhausted the port number limit port number set of the CE device of map D. So we couldn't use.

O

I understand the limitation for map T, of course, but anyway, thank you interesting.

P

Thank you.

G

Nick.

D

I just have a comment. uh One of the questions that I get asked quite frequently when, when working on some of the V6, only projects that I'm on is the scalability issues. So the more data that we have on different platforms that are available I think the better off will be so I just wanted to say. Thank you for putting the time and effort into uh testing these things and sharing your results.

P

Thank you very much for your feedback. We plan to to add some more results later on, we'll be still working on some more measurements.

B

If no more question, then we move on to normal car's presentation.

D

Like.

Q

I'll just hold this hello, my mocha from the White Project um today, I want to be I, want to talk about IPv6, only intuitive resolvers utilizing the last 64.

Q

and I submitted this draft, because I had a niche problem and I wanted a niche solution and I wanted to document it, and today I want to um talk about this and ask you if you think this is worth documenting or if it's just rubbish so next slide, please so motivation.

Q

um The motivation of me writing this draft is that I wanted to have an IPv6 only to wait a resolve it, but it's you unusable IPv6, only 280 results or unusable.

Q

This is because um there are ipv4, only also their service and IPv6 only so this cannot talk to ipv for only Authority service.

Q

All other applications can use dns-64, but resolvers can't use DNS 64 because it's the resolver it it won't make sense and clarification by IPv6. Only um right now I mean like it only has an IPv6 address. Okay next slide, please.

Q

So um this is a like a picture of how uh resolving with an IPv6 only intuitive resolver can fail. So the workers dual stack. The next the next author server might be dual Sac, but the next server The Authority server gives me the next Authority survey to ask, but that server only has an a record so I can't so the iterative resolver can't access the last authoritative server, because the last author of the server only has an a record and it doesn't have a cloud a record.

Q

So this is how it can fail next slide, please.

Q

So this is a reference to BCP, 91, obviously 3901, and it talk in section 4. It talks about how we need a preserved, namespace continuity and I'm, going to read this out loud um so a boost. It says every recursive name server should be either IP people only or draft stock and for the authority service sites.

Q

It says every DNS Zone should be sued by at least one ipv4, reachable authoritative names of it. This makes sense because we need namespace continue it continuity, because we don't want to not be able to resolve zones. That would be sad, but we also want IPv6 on intuitive service because they'll be fun. So next slide please.

Q

So my proposal is that well not my proposal. It's just I'm just trying to document this, but what I want to document is that we can fulfill the sparrow of BCP 91. That I just showed with an IPv6 only resolver. By doing the ipv4's IPv6 translation inside the iterator dissolve and making it quote. Unquote, dwell stack so like we can do the ipv4 to the IPv6 translation in the application, the resolver and just like, translate it so next slide, please so how it works.

Q

So, first, if the resolver only finds an a record for an authoritative server, the resolver will perform Azure synthesis to the ipv4 address. That's that was wrong and make it IPv6.

Q

This is done by applying the perf64 to the ipv4 address, to construct ipv computed IPv6 address, as defined in ofc 6052 or maybe I should have coded ah different. Oh see that uh I just forgot the number of, but okay, so how to obtain the prefix for of the not 64 64..

Q

So um there's two ways to get per six. Four one is just um use static, configuration or the other is to use a discovery mechanism and discover. There's a lot of Discovery mechanisms, but the pole, control protocol or whatever advertisements can be used for this and using there's other mechanisms like using the mechanisms describes in obviously 7050 using ipv4.alpha or another draft um V6 Ops, not 64 SRV, but I.

Q

Don't think these two can work, because these two need a DNS, 64 or a resolver to work, and we don't want to rely on a resolver because we want an iterator resolve it. So this is how it works. It's very simple: it's only combining! Well, it's not even commanding it's just like old techniques.

Q

That's we're just doing it inside the resolve. It um next slide, please so considerations um so I think all of you thinking why not just use a sealette, because that will solve the problem and we don't have to do this in the application layer.

Q

um That is true. That is certainly true, but on most applications can reach ipv4 internet by a dna64, not the 64. and um an iterative. Resolver is the oretically. The only application that has to use uh I forgot, the name, um ipv addresses and not domain names, and oh wait. Oh yeah and it did an iterative server- is the only application that cannot utilize, dns64 and I thought um using seal at.

Q

Maybe you can do the use of native ibb6 on the machine and sealat forces keeping ipv4 support, so um I think there may be people who disagree, but these are the reasons I brought up next slide. Please do I, have any slice left, oh yeah, so implementations not yet merge, but so popular data softwares or implementing, or maybe we'll Implement. These features on this there are PLS for it for bind Mark Andrews has his work and Von bound.

Q

um David ickley has his works, so um so I haven't done any work on this like coding thing, but I thought it would be nice to have all of this work documented as an informational RFC.

Q

So that's why I'm here so um I want to ask you people if you think this is worth documenting as an informational draft or not. So um thank you.

R

Real.

A

Hi I'm Rio from University of Glasgow. um Thank you very much um for the talk, I think right now, I think DNS is one of the tricky part of moving on to V6. Only and I. Think one of the tricky thing about moving to V6 is once again. If you leave any of the V4 compatible bit or first to keep it, then people won't be forced to move on I. Think so.

A

um Thank you very much for your work and I think it should just be um go, should go ahead as an informational, I think it is a very useful thing to document and keep in the RSC. Thank you.

Q

Thank you.

B

If no mark.

B

um

S

I'm very much in two minds about this that merge request has been seen around for three years um now.

S

um If you go ipv, if, if a site is going to go IPv6 only, it has to make a decision about whether it is going to what ipv4 as a service it is going to use and DNS and dns64 is a lousy service, really really really really really lousy.

S

Worrying about a node having a stub ipv ipv4 service, so it can do clatt circle on a clat or similar or we've got plenty of ipv4 as a services.

S

They can all run down to the node without applications having to do crap like this I'm gonna I wrote the crap in that click that commit.

S

We we had too many. We had too many ipv4 as a Services as a moment at the moment and assuming that net six dns-64 is the one that people are going to be used is also very much up there.

S

um It's something that we really should be trying to stop having to do more and more and more fixes for Nat six. Four, the correction Den SX4- and this is we keep finding more and more things that dns64 doesn't work with. We knew it didn't work with when I was put up in behave, it was promised to be a short-lived solution. It is now plus 10 years that is not short-lived.

S

That's just my view.

S

Okay, okay,.

Q

So.

Q

um I can't object to that. I can't say anything to that, but um as a person who like uses these mechanisms um using DNS 64 and not six four is the easiest for people to use, because I just need to set up a dns64 I, don't need to set up silats to the end hosts so like it's very easy to just set up a dinner six foot, so I think that's why people still use DNS, 64 and.

Q

um If people still using it, I thought it might, because this draft isn't going to make people use DNS 6 for more, it's not going to increase the number of people using dns-64. It's just gonna increase the people creating uh iterated resolver inside of DNS 64.64 environment.

Q

So um yeah, that's my response.

B

David.

T

uh David lampader um I I would like to note, especially in response to mark that this doesn't really have a dependency or or like there's no dns64 inherently in this.

T

um So even if I have an IPv6 only Network and I don't do not six four uh for my applications. This can help me achieve IPv6. Only connectivity to some domain that happens to only have before authoritative name servers, so I may end up having to use this just to get native mistakes working because the domains aren't updating and I. Don't even have the ns64 really I just have this weight for my for my resolver to reach before only domains in the internet.

S

Can I uh come back with this David? um It's? This is a DNS 64 Only Solution, really, because if you have deployed 464x slack properly, you do not need this.

S

If you have deployed DS Light properly, you do not need this. If you have deployed map T properly, you do not need this. I can go through the list of all the other ipv.

T

As.

S

A service mechanisms.

T

I don't want to deploy any of those.

S

Well, then, you can also fold out for the queries selectively floor forward, ipv4 Aquarius, Library, vs4 services to a service, the other side of to the other side of a of the IPv6 only link. Now this service requires you to have a nat64, so you've implicitly deployed.

S

Either nap either dns64 net64, 64s, x-lap or map t to be in this position to begin with.

B

I would like to Lake Lorenzo speak and then give Jane a few minutes to talk about her draft.

M

Y sort of agreeing with David here I think um deploying a Nats. Explorer is really really really easy. You put it in the network, you point 64 ff9b at it, and you're done right. So this is also really easy right. If you have some code on DNS in a recursive, it works deploying ipv4 as a service is kind of more difficult. You need to like deal with ipv4. If you have a server like Linux that doesn't do clap, then it's kind of annoying right.

M

You need to set up ipv4, dhp servers or whatever other, like you know, annoying stuff. That's you know not well integrated with distros today, so this is sort of a much lower cost option. I can see why we don't want to support e0964 with lots of hacks, and you know these two implementations may decide to reject these pull requests because it's like you, know too much complexity, but I do see a niche for this. You know it's just easy and not super harmful. So.

B

So we will stop here and move on to James.

I

Hello only here only today, two drafts for the price of one next slide. Please, so you might have seen the first draft on the list. So what's the problem here? First of all, before people start worrying about slack versus DHCP discussion. It has nothing to do we're not talking about how hosts get addresses where address is coming from. Let's just look in the normal operating system, like your MacBooks here on this network, it most likely will have at least three addresses.

I

If you haven't happened to be on V6 only Network, it might get four addresses, link local privacy, stable and 10464 slot, and then, if you need to renumber a network it might or you have multi-home stuff, it might actually be seven of them right, so stable privacy, 464x slot, all Global addresses will be like doubled, also chromos, for example, because it's running in Virtual machines inside it requires between, like seven and nine addresses currently- and it's not actually too much right and by the way.

I

Yesterday, in Pay energy, it was some transport people talking about the research and suggestions and thoughts about how multiple addresses would be very like interesting, different different. How they could make our life in V6 were all different from before. Also we already published on RFC, which was explicitly not recommending to limit number of V6 addresses per host. So next slide, please well meantime.

I

Obviously not everyone reads the Tariff C, because some layer, 2 devices, which are trying to be way too smart, do put some hard-coded limits into a number of IPv6 addresses per mark. Mostly it's devices doing Savvy or NDP proxy, and the problem is limit. Is there the limit is hard coded and you have no idea when that limit got reached because it just quietly start dropping some addresses not actually necessarily the unused ones. In some cases itself. Just another address and you I see new one I cannot install it.

I

I drop it on the floor, so troubleshooting becomes very like entertaining so, and when you talk to those vendors they're like, oh really, you need more okay. We can give you more so, which normally indicates they just had no idea what the limit should be, so they just picked up a reasonable number. So I was thinking. Some guidance might be needed next slide. Please so problem number one we have hard-coded number. So, let's raise it.

I

The draft currently saying 20 I'm not like it was just a run number taken from uh 7934, but I guess we can talk about what number should be reasonable? It should be definitely more than seven and if it's too high for you to low for you, I think it should be configurable I. Think it's reasonable demand well and I as an operator I would love to know when that happens. So I don't spend time getting a packet captures from five different places in the network.

I

It would be nice to get a syslog message showing Telemetry error, saying hello. This is a problem, and probably it would be nice if there are some attempts to drop, not the most recently seen address, but one which might not be in use for a while next slide. Please.

I

So it's all tactical fixes- and you might see in the list that a lot of people made quite reasonable comments, that increased number of addresses might cause some scalability issues on network and everything here. Maybe actually we need to do something about that and make everyone happy.

I

Maybe we can keep an almost unlimited number of addresses per host without putting any scalability stress on the devices sure last night I submitted a draft which might talk about long-term solution, which basically said: let's do 64 per host, but not an array because I don't know how many implementations on the router couldn't do that. But let's use existing mechanisms which called prefix delegation.

I

So your host could request slash 64, and that means your network infrastructure will get just one route pointing two link local address, so it basically, it will scale to number of hosts, not number of addresses. It will give you the things which a lot of people wanted, an ability to say which device was using, which address the whole 64 is your device, and it also has some fate sharing, because these are all addresses work or none of them.

I

So yeah, please check the second draft as well. It's a very early draft, a lot of like sections saying we don't know exactly how to do this. We just have some high level ideas and the comments are appreciated. uh I think that's all.

B

Okay, so it's 11 o'clock. Do we want to do the two minutes.

J

uh Subscription so thanks, Jen I think the problem you have is, like you know, really a valid problem to solve, and the 20 number I'm not sure like there's some Hardware limitations on some of the routers I think we need to figure it out and generally I'm supportive of this work right, but I think maybe there's other mechanisms needed. We can probably have an offline chat about it, but something to indicate like failure right like that. This is happening I.

J

uh Whatever number you increase it to 20 200, whatever I think somebody might hit that issue uh in the future. So I think we probably need a failover mechanism for that. So thanks do.

B

We want to do the two minutes, foreign.

B

Okay, we are back seriously, you won't. Okay, go.

J

Ahead, yeah, I I think I was I, wanted to finish by 11, so I was done so uh Warren did you want to add anything to that same thing or.

J

No I just said like we need a protocol mechanism to Signal this failure like in addition to this, so something probably in six man, so, okay, I'm I'll, just like um do a straw. Man right the straw. Man would be some icmp message, V6 message which says like no, you, like you know, I ran out of ND cash entries for you, like I, don't know!

J

Well, if I come up with a message right, I I know, I need to think a little bit more through, like you know what attack vectors this enables, but that's kind of what I was thinking. Okay, saying that I, you may not use this address anymore right, I know: Lorenzo is going to be pissed. That uh router can say that to a host, but we need to somehow say, like you you're past you're, welcome.

M

More.

I

Like it's not.

M

Like we have a BCP that says not to do that, it's not like Lorenzo would be pissed, but we have a BCP that says: don't do that.

I

Also, remember: it's not routers, it's not even routers. That device might not be able actually to send you anything well without any hacks right. It's like Layer Two, like access points.

J

Right, no I, I, I I got it. What I'm saying is I? Don't like this to be a silent failure, because right now it's a silent failure that, like this thing, you cross your ND cash entries, whatever limit right and there's no indication from the router like. But this is not an indication to stop. It's like a router saying. I cannot do this right, which which could be taken as like a just an indication like if you don't want to do anything with that.

J

I got Lorenzo's point right about the BCP, so I'm fully cognizant of that. But I'm saying there's no indication from the router that this is happening. The packets are getting black hole.

I

So uh I think there are two things here. First, there is no reason of sending an alarm if it's not action, not actionable right. If device cannot use it, what it just fails, so it fails anyway. That's why I'm saying we need to log this, so an operator deals with this right, not necessary, Hoster, yeah and secondly, long-term Solutions should deal with it. I.

J

I got it it's the second draft, exactly so. The second draft, as well um I just wanted to put in a point the 3gpp already. Does it right, like so I, think there's an ietf recommend addition to 3gp saying for every host give them a slash 64 for themselves right, so I, don't think we need to like make a big stretch from there to say like give it to everybody. So I'm sure there's like issues like implementing this on a Wi-Fi, AP or something but I think I'm I'm two thumbs up for that idea. Thanks.

U

Lauren.

C

Kamari with no hats, so your first set of discussions draft you were talking about I've got a little D-Link router at home. It's got the world's smallest tcab. Apparently it can deal with like four addresses per host. Woohoo is it? Would it be a compliant with your new thing like if the hardware seriously cannot support well.

I

Okay,.

I

So yeah so like yeah, if you cannot do this yeah, it's your scalability issue but I'm talking about like Enterprise scale, large people who put like numbers like fives there.

O

Okay, everything two points: I mean increasing the numbers of a bb60 series per Mark, we'll present some challenges right regarding the multicast, notably, it all depends upon the number, but also if it's the AP, which enforce this limit or is it the router which is behind the AP? And of course we need to increment the numbers of IPv6 addresses permac address on both sides right anyway, um you know this as I know. Regarding this this slide and using a slash 64 via prefix delegation. This is kind of cool.

O

Of course it's solved many problems except the Privacy one, because if you use multiple pv6 addresses right is to provide you with privacy once the Mac addresses disappear right over the internet, you use five or ten different V6 Services. We cannot say it's you now, if you're using a slash 64, we know it's, you.

I

Actually, you don't, because how do you know if two addresses belongs to 64 allocated to a device or two different devices? In my slack Network.

O

I can honestly we can guess it right. That's.

O

Yeah yeah agreed, but if everyone is doing a slash, 64, let's say in five years, then you lose the benefit of privacy.

I

Every time right, you join the network. You get like five minutes later, another one. So it's.

O

Oh, if you want to get PD refresh, is often.

O

Now we are eating, most probably don't forget the HTTP State full right, so the ATP server reads some fun, but anyway interesting.

M

Yeah I mean I, guess I, guess, I'm an author, so I can't really say much, but I I am hopeful that this will actually work. The the long-term solution will actually work and maybe finally resolve this.

M

This argument that we've been having for years and years about you know Network versus host and like one thing that maybe is not in the draft, is that you can you can hand you can hand this to a laptop, and you know you can create a million Docker containers on it and they can all have end-to-end connectivity and it'll just work and that's something that we've like like we.

M

We can maybe sort of do that with ipv4, but they can't receive any packets right and and if we wanted to basically give these things incoming connectivity, it really wouldn't work because you'd like bust and that's like um port forwarding tables right. So this is really something that it's it's going to be a substantial improvement over what we can do in ipv4 and I.

M

Don't think you know it's going to hit the same sort of host versus Network hustle that we've been seeing so I'm, really hopeful that this will go somewhere and I think we need help with getting this to work, somebody who knows dhppd in particular, and how how it's implemented, for example, we were looking at some Corner case where we, you know, or if you, if you have two rooted, two dhpv6 release on the link and you do PD on both of them like what happens right.

M

Presumably both of them can snoop the reply, because both of them like forward the request, but anyway so we'd really, like you, know, someone who, who knows dhb6 and PD in particular, to like help us figure out how to do and what to do so um help welcome. Thank you.

B

Thank you uh folks, I will have to ask you to take the XU to the list because we are already eight minutes late. So we'll move on to the last presentation.

U

Hi Pete Stevens Mythic beasts. So four years ago, I came here and talked about some of our IPv6, only stuff that we've deployed to actual paying customers and uh I'm back next one please.

U

So uh what did we do? um 2014? We deployed virtual servers that only have V6 nobody bought them um because they can't talk to anything and it's not very useful.

U

um So over the next couple of years we decided that what we were going to do was deploy an actual application that functioned and was useful. Underpaying customer would buy that only used V6 on the virtual server. So we added some things to the network.

U

um So you get um not six four and dns64, so you can talk outbound to other things and we implemented a proxy service that automatically configures HTTP, https inbound and a few other SSL based protocols um and um and so on, a VM. You can have a V4 address optionally, but you'll get a slash 64 of V6 space and that's what we currently do now slide. Please, um and the first thing we learn is: dual stack: is rubbish?

U

um I hate, dual stack, I'd like it to go away? um If you just have to configure everything twice, you have to configure firewalls twice. You have to do your connectivity twice. So all of our management layer supports V6 for everything.

U

um So for any application, where we can turn off V4, it's less configuration and less work, and we get to conserve the V4 address, which makes it cheaper. So don't do dual stack if you can possibly avoid it, go straight to B6 excellent, please!

U

So um what doesn't work email?

U

You can't do email from a V6 only server, because there's a whole load of V4 only people out there.

U

um However, um the large providers have fixed this email, doesn't work from V4 either these days, um so whatever you're gonna forward it through someone else, and as long as your MX relay's got V6, you give it to them and hand it over um FTP and web developers like FTP. That really doesn't work very well V6 only because you can't forward it from a V4 address.

U

um Turn it off fine, whatever um Hadoop, there's a few other distributed things that don't work, there's more applications that assertive E4 in the way they're built. So those you have to have V4 addresses, we can't run those. Yet what doesn't work very well.

U

um Node.Js is probably the biggest pain point for us. um It has very strong ideas about why it wants to connect out over V4, even when the DNS server gave it a code address that it should be using um Docker and the whole thing is built on the Assumption.

U

There's Network address translation everywhere, so a whole load of the firewalling tools and stuff, don't work, um which is a shame, because Docker is the absolute perfect use case for V6, because, um rather than having to implement an overlay network from one of the multiple alternative sources of overlay networks, you could just give it a V6 block and let everything talk to each other out of the box and it would all work.

U

um Snap applications deployed in snaps on Ubuntu um will frequently refuse to download themselves over V6 um and basically there's a lot of applications that will prefer V4 over V6, because V4 always works um and a bunch of those you can fix by just breaking V4 completely. If you don't give them a records back, they will eventually decide to connect over V6 and work. Add some please so um when we did our first implementation, what did we get wrong?

U

uh We did a slash, 64 Lan for each of our data centers that had a slash 24 of V4 space in and gave customers a slash, 96 of address space from it um all the block lists decided to filter on a slash, 64 one spamming customer your data center can't send any traffic to people who blocked you anymore.

U

um So now we give every customer a slash 48 if they want it and you get a 64 per host. So each host is individually blockable by internet block lists and renumbering. This was not a great deal of fun um filtering. This is probably one of the biggest pain points when you're on a V6 only server the whole of ipv4 appears to come from one IP address.

U

So um when you get denial of service from a bunch of V4 things, it all comes in from the same V6 address and separating the traffic out to selectively block malicious hosts is really hard um and uh you can quite easily accidentally block the entirety of V4 and today, that's much less of a problem than it used to be because substantial fractions of your traffic coming over V6 and accidentally dropping half your traffic is a lot less embarrassing than dropping all of it.

U

um So and if all the web applications, which is the majority of what we deal with um what this means is uh you need to pass the V4 address through using proxy protocol and then Apache filters in the Apache config, rather than doing it more quickly at the firewall level on your host machine, which is a little annoying, but it kind of works next. One please.

U

um So we've got a proof of concept: proxy implementation um that takes an entire four billion V6 addresses, and so when it proxies the address back to you, it embeds the source V4 address in the V6 address, so the traffic comes on and then you can use your firewall, because every single V4 address appears to come from a different V6 address out of the proxy, um which is very much like um not six, four in reverse, um so uh We've embedded the destination port number we're not sure if that's a good idea or not, um but basically we really need to get this built into ha proxy, which is what we use for our proxy service.

U

And then um every V4 address looks like a V6 address and all of your V6 filtering tools work better. So that's coming next um more things that went badly uh large on link prefixes, don't work very well.

U

um If you give your customer a slash 64 that you can use a different IP address for every single outgoing connection they ever make, um and they do this to try and avoid other people's rate limits um and that's really painful um and even if they do it across your land. You know just being scanned continuously um from vast numbers of V6 addresses appearing.

U

um Similarly, when people scan your address space inbound and try and enumerate what's up there in a slash 64 and you spend the entire time trying to enable discover who is actually using, these V6 addresses that's pretty bad next slide um and basically it comes down to the fact that a slash 64 doesn't fit in Ram. You can't maintain a complete 64 of um V6 to MAC address mappings.

U

um There's lots of exciting things you can discover in the Linux Network stack about what happens when a garbage collects all of this stuff. um You can stall your inbound Network for tens of milliseconds, maybe even a hundred um and anyone in the same layer, 2 domain is you can force you to neighbor, discover billions of addresses and that's really annoying next one, please so, um which gets back to the question of. Why do we do neighbor, Discovery or even art for that matter?

U

And basically it's to turn a V4 or V6 address into a MAC address, but we've got a billing database. That already knows where every address can go to in our Network um and for security reasons. If we get an answer from a machine that doesn't match what our billing database thinks, we should throw it away because our security violation, um so why do we actually do this at all next slide? Please?

U

So now we don't mostly um all of our switches, know all of the link local addresses of all of our V6 address blocks um and um our bgp Daemon running on the switch is bird. It knows about all the V6 ranges attached to all the customers. So as soon as the link comes up, it advertises out and says: I've got this like slash 64..

U

You can read me traffic over here and it hands it all to the link local address um and we don't need to do enable discovery next slide, um and so essentially, everything on our network is now migrating to completely layer. Three every link has point to point everything is rooted.

U

um We don't want to care about having multiple things on the same Layer Two segment. There is one thing we know it's link labor address, link local address, we root to it, um and two of our five data centers are in the are now basically enabled with this, and the rest are being worked round over, probably the next six to 12 months. Next slide, please.

U

So how are we doing so?

U

um This is infrastructure that Mythic beasts manage ourselves and customers who are on servers that we manage for them, or we provide some level of management and security updates, and so on um about a quarter of them are still V4 single stack a little over a quarter of dual stack and just under half our V6 single stack, which is obviously really good news. We've come a really long way next slide next one, unfortunately, that's not quite as good as it seems.

U

um The V6 only ones are newer and typically tend to be simpler, and one of the reasons for that is because V6 addresses are free. You tend to spin up more servers because they don't have a V4 tax cost attached to them, um and so you get distributed applications rather than monoliths, um with lots of things running on the same before address so the there's. So you know a good like 25 of that.

U

V6 graph is actually one application that we just run hundreds and hundreds and hundreds of identical copies of, whereas the V4 every one of those is a special Snowflake and needs a little bit of help next one please and turning off Legacy things is really hard, um so we've got three percent of our Visa. Four servers are due to go by the end of the month. um This is a Centos 5, build that we deployed in 2017 when sensor 5 went end of life um as a six-month migration project.

U

To move on to the newer stack that our customer was using, which finished in September 2022 and overrun of four and a half years on a six-month project. um So turning off your V4, only things is very hard. They are going to be here for a really long time um and in sorting this talk out. I found we've actually got some of our public-facing things that are still V4. Only that we hadn't noticed so I need to uh finish auditing and fixing all of those.

U

So they are all dual stack next one please so yeah V4 is all always going to be here. um Some things are too expensive and too hard to migrate to V6. We just did a new V4, only setup on behalf of they're, not technically a bank um but basically they're a bank.

U

um It does Swift transactions, um which are some extra for V4. They were fine um they're, a bank they're never going to run out of money. If we charge them a hundred dollars a month for every V4 address they used, they would be fine with that next slide, please so, which gets you into a chat from Finance side. This is not Financial. Advice.

U

Do not take my advice on finance use proper, like qualified people and whatever, um when we started V6 only in 2014 we set the price of a V4 address at two pounds a month, because it seemed like a good number that was just enough that most people wouldn't moan about having to pay it and the other half would get really angry and turn off feeful, which is what we were aiming for next slide. This appears to have become relatively standard Amazon 3.60 a month as your 260 Google 288. It varies.

U

um Interestingly, on the access side, it's a bit cheaper, Zen, internet's 83p a month, so but basically yeah you're, looking pound couple of dollars a month for a V4 address next slide. Please!

U

um If you go and talk to someone who works in finance, they have very interesting things to say about this, because um people who run Pension funds by government bonds and they get three and a half percent back, whereas today you can buy an IP address on the open market for fifty dollars and rent it for two dollars a month netting you a 48 return.

U

um So if you had 200 billion dollars and you could buy the entire V4 space, you could solve the problem of Pension funds being solvent.

U

um Which is worth thinking about um now, obviously, ipv4 addresses have higher risk attached to them from government bonds, because governments always pay their debts and everyone's going to move off E4. So you know you need a higher rate of return, but doesn't need to be 10 times as good would double be good enough. You know who knows so yeah, that's one to think about next slide, um and this also comes on to some thoughts. um This is a fictional tier one. Isp there's figures are not that different from a couple of real ones.

U

um Enterprise Value is the cost of buying all the shares in your ISP and paying off all of its debts. Three billion dollars will buy you a tier one, ISP roughly and get you 30 million IP addresses, which works out at a hundred dollars, an IP address.

U

um So half the value of that Tier 1 ISP is its ipv4 space at today's prices.

U

um If you can get ipv4 addresses to 120 dollars, um you could buy the entire ISP, sell the IP space, clear yourself, um what 60 no 600 million dollars and throw away your Tier 1 ISP next slide, which takes you to Wall Street, um where of course, the key plot point in the film from the 80s is Gordon the gecko spots. The pension fund has more money than it needs to pay. The pensioners buys the airline shuts it and steals the money. Is that going to happen to some isps out there?

U

Who needs to be really scared and at what value per IP? Do you need to get frightened next slide?

U

My good friend Evan Upton, who made not only this t-shirt, he builds pieces that cost five dollars and they cost fifty dollars to connect to the internet.

U

um Someone did point out the last time. I said this that it's very hard to buy a Raspberry Pi zero for five dollars. Only more due to supply constraints, to which my response is I am prepared to bet that more Raspberry, Pi zeros will come out of the Raspberry Pi zero Factory than ipv4 addresses come out of the ibb4 address Factory.

U

um So next slide, so we built a Raspberry Pi Cloud, um that's a lot of Raspberry Pi 4S in an enclosure. Those are much more expensive, Raspberry Pi's they cost 35 or even 55, for some of them, so still the same cost as the V4 address roughly, um and you start racking them up and stacking them in racks next slide, and uh they start to look like this. You have some fans on the back to keep them cold and a lot of Poe switches in order to give them power and network.

U

um They have one wire to each: they all net boot. They talk to a file server um and what you can see. There is right on the bottom, with all the ugly wires. That's the pi 3, the previous model that doesn't stack quite so close, the all the top ones, the pi fours. That's 384 servers in nine year of Rackspace um next slide. Please so 3u chassis! You mount two of them back to back 96 Pi fours um each one of those is a quad core machine with eight gig of RAM.

U

um You've got a couple of 48 Port switches um for reasons of compatibility with the pi 3. Although this might be solved in the newest firmware released in the pi 4, it only does V4 for the first stage of net boot, so we give it a tiny amount of RFC 1918 space to get to the NFS file system. So you can boot the thing um we can't afford to give these a V4 address each because the V4 addresses are the same price as the computers.

U

So we thought about it and we said right, no V4 we're just not doing it. You can't have V4. All external communication has to be V6 next slide. um We do lose some customers. These are some complaints from people who have sent this on sport, which basically says I'm canceling this because it doesn't have V4 Rara I, don't want it, which is fine. Okay, buy a different service that costs more next slide. Please um biggest secure biggest support. Query we get. Is lots of people go I've got server on the internet.

U

I immediately need to secure it. Let's immediately configure a super secure, ipv firewall things you can firewall your file system, that's it the only thing you can firewall. This does not end very well so yeah, there's a bit of explaining that you need to make an Implement a V6 firewall. Please don't Implement a v41 that will not help next slide.

U

um So back to some of those badly behaved. Applications um node.js um hosts file work around is the easy way to do a bunch of these. um You put some static um entries in your host file and then node will not get an A required. A ah will not get an A record for a DNS query, so it won't know, V4 is available and that will force it to use V6 and it will connect out and go and download the bits and pieces it wants, um because basically the implementation sees it.

U

It's got a RFC 19 address on the host and V4 always works, so you should always prefer that um even environments when it doesn't um so now no package manager fastly provides dual stack um for all the package downloads. You have a V6, only um Raspberry Pi and it still won't download over V6 because it wants to use V4 because it thinks that that's more reliable um next slide so um trying to work out what to do about. Some of these.

U

um We thought about actually making our DNS servers not reply to a requests at all um is possibly worth doing.

U

um There's a library called tnap64 which basically intercepts all of your open, socket connections and forces them out over V6. In theory, it's not supposed to intercept ones to 127, not not one, um but last time I tried. This I kept having problems with that um and it's really annoying. If your application now can talk to all the other things it needs to talk to on the internet, but can't talk to its database server, that's on the same machine um and painfully um see that the tour Anderson wrote a sea light implementation for Linux.

U

You install it and V4 magically works in your V6. Only server and all of your applications do not need to be educated. That they're in a new network environment um I, would daily like to fix all the applications, but as a work around this, this gets you going. So maybe we need to install this by default, possibly um next slide.

U

So next question I get this a lot like. This is a toy right. No one would seriously use this for anything. um So there's 25 million raspberry pies that are in industrial applications.

U

um Some of the companies that use Raspberry Pi's in their applications have continuous integration setups where they build their software and want to test it on Raspberry Pi's.

U

um Some people want to spend a load of them up on demand for various things distributed computing systems like actually having real computers. Not virtual ones has advantages in research, so people do that next slide um and the most exciting one is pi Wheels. uh This came out of the International Space Station, the International Space Station has some Raspberry Pi's on it for kids to do scientific research projects, they all need numerical python.

U

Numerical python is a massive C library that goes into Python and it takes two and a half hours to compile on a pie which really slows down the whole thing. So what you want to do is pre-compile it and distribute it, um and that project got out of hand Ben who ran it, decided to pre-compile every python module for every python version for the Raspberry Pi and make it into a service that it just downloads binaries to speed everything up.

U

um This is done entirely in our Raspberry Pi Cloud. It's all natively compiled because cross compilation is no fun um and it does all the distribution from the Raspberry Pi Cloud as well, and it all goes through our V4 V6 proxy service to all the people who don't have V6 at the end. Next slide. Please um and it does north of a million packages a day being downloaded right. That's a real application with a lot of end users running V6 only in a Raspberry Pi environment.

U

So you can use this for production things and we don't know how many other people now depend on this working in order that their continuous integration and build and everything in their offices relies on next slide. Please um also. We have desktop users who don't know they're running in a nat64 environment because they just spin up a desktop in our Raspberry Pi cloud and the internet kind of works, and you can go to websites and so on.

U

So we have another set of users there next slide, please um anyone heard of a thing called Mastodon last week. This would have been an entertaining question but probably more hands today, yeah yeah, and that became a thing since I wrote the slides and arriving here so I had to add something very quickly. Yesterday, um it's a decentralized micro blogging platform like basically it's Twitter, but without a mad founder um and it's suddenly become extremely popular and every Mastered on server.

U

You run your own instance of Mastodon, or you use someone else's instance and they Federate, so they all have to talk to each other. So that means suddenly. We've got an application, that's using thousands and thousands of servers that all need to communicate with each other. So they all need V4 addresses next slide um and it turns out that again is this: a toy, a geek project. uh This bloke called Stephen Fry, apparently he's quite famous uh he's migrated and turned off his Twitter account, so suddenly There's real users, actual departments.

U

You know money's about to turn up um next slide.

U

um So yeah, it's currently 4 000 servers. It might be 5 000 by the time. This talk ends and they all need to be full because every server has to be able to talk to every other server in order to make it work. Unless, of course, you can put it on one of our V6.

U

Only services use our inbound proxy for V4, because it's all https and then use dns64 and that six, four and C like D, um because it's built on node.js and you can't Etc host file work around every server that gets sprung up in every three minutes. So you know it's a bit of a pain.

U

um However, some other people, some of whom are also customers about us, have already started submitting bug fixes to get this to work in a pure dns64.964 environment, um which is which is nice. um There are enough people running this in a V6, only environment that they're starting to submit software bug fixes because fundamentally the people who started using this are techies and cheap. So they don't want to pay for V4 addresses if they don't have to and fixing source code is easy. So that's there's some of those out there already next slide.

U

um So this guy called Alastair Allen. He works for Raspberry Pi in the social media team and he said we want to run our own Mastered, on instance, just for Raspberry Pi, and we want to run it on a Raspberry Pi as our production, social media application. For a company with half a million Twitter followers, let's see how many we get on this service.

U

um That was the brief we got at 11AM on Monday morning and we went production at 10 A.M on Wednesday, which was a little quicker than we were really aiming for, um but yeah so um Raspberry Pi's production, social media is sat in our PI Cloud running on a Raspberry Pi in a V6, only environment, to talk to Mastodon, which is a massively exploding.

U

Social media, Network and no V4 is used anywhere in the whole thing directly and we can keep spinning out more and more of these and add more massive on instances and we don't need to consume any V4 addresses um all the V6 traffic goes direct. The V4 stuff gets proxied and gets slightly slower paths or possibly gets pulled around um thanks slide.

U

um So uh yes, um and the thing that comes with this, is, if you solid Place V6 on a VM or on a Raspberry Pi, it costs less than eight pounds a month, which is suddenly a very significant pricing number um thanks to a little little blue tick, costing eight dollars a month, um but yeah. The important point from our point is: we can keep deploying these without consuming our remaining V4 space.

U

Our ability to sell Mastodon servers is not limited by rv4 space, um which is good because we can't get any more of that, um and the other thing is: there's a load of V4 only Mastodon out there and we don't care. We don't need them to migrate. They can stay V4 forever if they want to or they can migrate. It's up to them. um We're not compelling other people to move, and we don't need them to move in order to enable our service and next slide please.

U

um So um this gets onto the question that I got asked at ripe, which is how do we get more Network engineers and more people trained to build applications and understand that they're working in V6 only environment? So um my first thought was it'd, be really nice to just have a completely simple setup um where you have an image through a Raspberry Pi.

U

You plug it into your switch and it Springs up a Wi-Fi network that is dns64 and that six four and you can connect to it and hey Presto you're in a V6, only environment, and you can start testing your applications and make them work, which is very similar to what Apple did for iOS applications.

U

um The other one is, of course, is Retina Raspberry Pi desktop in our cloud, and you get that by default, some people haven't noticed um and the next training exercise is going to be uh build. Your own V6, only Mastodon server and join the federverse, um which we've got sometime next week, an article with a tutorial on how to do that coming out, and this is what will hopefully start to drive the software people to understand that V6 is a thing.

U

V6 engine environments exist and your software does need to work in those, um because the application side is the barrier more than the network side from where I set um next slide.

U

um So um the other thing for providers is easing dual stack: um I have pixie boot on all of my servers, so I can recover them and reinstall them and whatever at the moment that all starts with V4, because pixie boot works with V4 reliably everywhere.

U

um I haven't really tested it properly on V6, but really I do want V6 pixie Boot, and that means when my server turns on I, want to see its Mac address and give it a V6 dress in the simplest way possible um and it's the MAC address I care about, because I already know what the MAC address of the server is and that's the thing that tells me what address it needs to get um so ultimately, I need a file with Mac address, V4 address, V6 stress and the ability to remove the V4 addresses.

U

That's what I want going forward next slide, please. um As mentioned I've, already removed layer 2 from all of my new network everything's point to point, which means my switches are running: a DHCP full server. Already it's a very small, very simple: the HTTP full server, because all it says is that Mac address gets this V4 address and this Netbook details and that's the only answer it ever gives because it doesn't have to manage leases because everything's completely static.

U

um Do I need to do this for V6. Do I need to write the HTTP 6 server that just says hello, Mr, dhbs6, here's, your V6 address, here's, how you net Boot and just Carries On! um So that's the thing I would really like. If someone would build me one of those next one and that's it a brief summary to what it's like trying to operate in a V6 only world when you have to deal with like customers and people with arbitrary demands.

U

um So yeah we have a Blog, um we have a brand new Mastodon address and we even have a Twitter address which should work for at least a week um other than that you can drop me an email. um So any questions.

R

Hi David, uh thanks for the talk um you said, you went fully L3 so down to the host I. Imagine are you running a bgp service or like a route reflector on each of your hosts.

U

Every switch is running bgp, so.

R

To the switch not to the host so.

U

We aren't running beat not unless the customer has their nasn, which some of them do um so our hosts um just speak as normal, and when the interface comes up, we see link Discovery happen and um at that point it's going to have a link local address. Then we know what that is. So at that point, a process on the switch injects, the bgp route into the local bgp server, which then floods out to the network and routing happens. Okay, thank you.

M

Oh, it's a clearly a very interesting talk. Thank you. A couple of things, uh the the pixie boot thing. um Could you do slack with um eui 64 addresses, or do you really need DCP, because I mean we like? The nice thing about like eui 64 address is that it's predictable and it's very similar to the MAC address so I don't know.

U

um Depends.

M

On implementation, I guess.

U

Yeah then I've got to run a slack service on my switches rather than DHCP. Can you do full pixie boot with just Slack I? Don't know, no I need the HTTP there at some point to give out DNS service.

M

And the boot image right, yeah yeah.

U

So basically, I'm I'm also um there's a parody thing. Right. I already have a whole load of people who understand how pixie bb4 works, and this is not an interesting problem to solve. I just want the thing to switch on yep.

M

um A couple of other questions: I try to do the Raspberry Pi thing myself: I got paid for I, wanted it to sit on the side of my network and send an RA with the 96 of the of the natx4 prefix, because I don't control my home Gateway, so I wanted to plug. In my Raspberry Pi advertise, the 96 prefix send a separate array with the pref64 option so that you know basically clients would just see it and they were just getting that six.

M

Four on my existing Wi-Fi network, which has V6 it has native V6 um I, failed because the the Raspberry Pi dependency of the Dual package didn't work, but um okay, I guess I'll, try again right.

U

Yeah I mean I'm I mean it doesn't have to be that, but basically yeah the simplest possible way to get a 964 Network at home for an Enthusiast would be a really useful training thing to do, and the high Advantage is there's loads of them kicking around in boxes. So people can do it for no setup fee.

M

Yeah, because there's some I I think I even put it on GitHub there's some code that will send an RA with a with an s64 option. It doesn't have to be the same ra that the production Network sends you can just like, have it on the side and you can send an Rio for it right so anyway, we can chat about that offline.

A

Yeah sure.

M

And the another question was interesting is like you, you sounds like you ended up doing 64s to the VM. Is that right or.

U

Yeah are.

M

You worried about eventually running out of V6 space, or you know, because you can. Customers can create a lot of VMS.

U

um I'm not especially worried about running out of V6 space, um so um partly because uh a company I acquired, ran into the V4 exhaustion very early because they sold very cheap VMS and they future-proofed themselves not by actually making V6 work, which would have been sensible, but by acquiring as much V6 space as they could um so um I.

U

Think I'm sat on like a slash 27 of V6 space, which, for a small company with 15 employees, is probably probably enough for a bit um so um yeah I mean I, mean ultimately, I've got what I 10 billion servers worth of V6 space, um and uh so it's not. It's not exactly 64 per VM. It's a slash 64., but it can be. But customers can use multiple 64 multiple addresses in the same 64 across multiple VMS.

U

um So it's not quite as wasteful as a full 64. Every time a VM gets turned on, but if a new customer turns up um their VM gets spun up and they get handed a slash 64. and they can have 48s on on request. 64.

M

Per customer you'll never run out of that I think I think but anyway interesting. Thank you. Yeah.

N

Hi you mentioned silati yeah, um and you mentioned it needs to be packaged and I can probably get that into Debian as I'm a Debian developer can.

U

I buy you a drink. Thank you.

N

Okay, that's it thank.

U

You yeah um to possibly accelerate that um uh uh no yeah. If you can just turn it into a Debian package. That would be ace even if I can just steal it and stick it in the Mythic packet package repository that we use for customers before it turns up in proper Debian.

N

uh Did you open a bug on the Debian backtracker for asking for it to be packaged.

U

uh I, haven't no I only really thought about this on Monday, when I properly, probably put it in to make a master, don't go, but yeah turn it into a Debian package. That would be amazing. Thank you.

M

Please please please yeah.

B

If no more question, then we thank Pete for the excellent presentation. Okay, thank you. Folks,.

J

Sorry.

J

Anna pleased to meet you, okay, see you around, hopefully,.

K

In Japan.