►
From YouTube: IETF115-V6OPS-20221111-0930
Description
V6OPS meeting session at IETF115
2022/11/11 0930
https://datatracker.ietf.org/meeting/115/proceedings/
A
C
Hello
world
so
today
in
commonwealth
countries,
it's
Remembrance,
Day
and
so
I'm
asking
that
at
11AM
we
take
a
brief
pause
for
a
minute
or
two
serve,
as
is
custom
in
in
countries.
I
think
we
should
always
try
and
follow
the
Customs
wherever
we
are
I
happen
to
also
I.
Think
it's
a
good
one
and
it's
just
a
minute
or
two
of
Silence
to
sort
of
remember
people
who've
died
in
conflicts
so
whoever's
token
at
11,
A.M.
Sorry
we're
going
to
interrupt
your
speech
for
a
minute
and
we'll
have
a
minute
or
two
of
Silence.
C
B
B
B
And
this
is
an
overview
of
the
working
group
status
so
from
quantity
perspective,
our
number
of
individuals
left
are
increasing
the
number
of
working
groups.
You
have
an
obviously
or
you
have
the
England
score
stable.
So
from
a
quantity
perspective,
we
seem
to
be
doing
fine,
but
how
do
we
measure
our
growth
in
quality
or
in
battery
impact?
I?
Think
that
this
is
a
question
that's
worth
thinking.
B
My
own
personal
perspective
is
that
if
our
group
is
helping
to
solve
certain
IPv6
challenges
facing
the
industry,
then
maybe
we
are
doing
a
good
job,
and
here
we
fixed
for
challenges
here
and
if
you
have
other
idea
how
we
can
generate
a
bigger
impact
in
the
industry
or
how
our
working
group
can
do
better.
Please
select
the
chairs
no,
and
the
last
thing
is
that
we're
going
to
call
for
contribution,
because
at
the
moment
we
are
doing
some
people
are
doing
some
very
meaningful
work.
B
For
example,
Brian
Carpenter
is
leading
to
a
group
to
write
a
free,
IPv6
textbook.
We
believe
that
this
is
something
very
useful,
because
if
the
students
are
not
educated
in
school,
when
they
go
to
their
jobs,
they
still
don't
understand
IPv6.
It
will
be
difficult
for
them
to
deploy
IPv6.
So
here
I
provide
a
link
of
these
Brian's
book
and
also
you
only
need
a
GitHub
account
in
order
to
contribute
so
Brian
really
encourage
everybody
to
look
at
the
link
and
contribute
to
this
book,
and
the
second
thing
is
Mike
are
collecting.
B
The
IPv6
is
used
in
Enterprise
and
we
are
doing
some
site
meetings
on
Tuesday.
We
have
one
many
of
the
top
IPv6
experts
was
there
to
comment
and
participate
in
the
discussion,
and
we
are
really
grateful
for
the
contribution
of
this
top
experts.
So
we
call
for
a
more
people
to
participate
and
contribute
on
this,
and
also
in
B6,
orb
and
actually
in
sixth
main
or
even
in
Nano.
B
B
B
We
believe
that
this
is
something
meaningful
and
we
call
for
some
volunteers
to
do
this
work
and
also
there
are
certain
working
group
draft
that
currently
expire,
and
we
also
call
for
the
existing
co-authors,
or
maybe
some
new
contributor-
to
discuss
with
the
existing
the
original
co-authors,
whether
to
restart
this
working
group
as
well,
and
if
you
can
think
of
something
else
that
are
meaningful
for
our
working
group.
To
do
please,
let
me
know
so.
This
is
the
the
working
group
status
and
the
next
topic
of
my
agenda
is.
D
Okay,
give
me
a
second
to
find
the
forward
and
back.
B
D
D
B
B
So
this
is
the
first
time
this
you
have
become
a
working
group
and
for
those
people
who
haven't
read
it
yet.
I
would
like
to
give
a
quick
summary
of
what's
in
this
draft,
so
the
job
basically
have
three
parts.
The
first
part
is
a
summary
of
the
node
excuse
and
also
the
cause.
I
think
that
our
contribution
is
mainly
to
summarize
like
of
the
15xus.
No,
they
are
basically
triggered
by
only
three
calls.
B
So
if
you
deal
with
just
the
three
calls,
it
will
be
easier
than
to
deal
with
15
issues
plus
if,
in
the
future,
a
new
Excel
is
discovered
under
certain
chords,
and
if
you
already
deal
with
the
cause,
then
you
automatically
deal
with
a
future
excuse
as
well,
and
the
second
part
of
this
draft
is,
we
summarize
flirting
optimization
solutions.
They
deal
with
the
excuse
that
we
talk
about,
and
we
not
only
summarize
the
solutions.
B
We
can
call
this
the
subnet
isolation,
and
there
are
also
The
Gua
isolation
and
proxy
isolation,
so
we
encourage
you
to
take
a
look,
because
this
is
this
is
at
least
some
New
Perspective,
and
the
third
part
of
this
draft
is
that
we
learn
basically
learn
from
the
existing
optimization
solution
and
kind
of
extend
this
isolation
idea
for
people
to
consider
when
they
are
planning
their
first
hope
deployment.
So
we
basically
recommend
that
you
start
from
the
highest
level
of
isolation.
There
are
certain
actual
requirements
to
that.
B
You
can
consider
that
whether
this
is
applicable
to
you
or
not,
and
if
it's
applicable
to
you,
if
you
start
with
the
highest
degree
of
isolation,
then
you
are
the
safest.
You
know
in
the
future
in
the
future
there
may
be.
You
know
certain
new
issue.
May
be
discovered,
but
it
may
already
be
taken
care
of.
So
you
start
with
the
the
highest
level
of
isolation.
B
If
it's
not
applicable,
then
you
move
on
to
the
kind
of
like
a
loose
isolation.
They
have
lower
entry
requirement,
but
it
can
also
have
a
more
potential
excuse
and
you
basically
go
through
a
guideline
and
a
step
by
step
until
the
last
step
is
no
isolation
at
all.
So
this
cover
all
the
scenario,
because
in
the
end,
you
can
give
up
our
isolation
and
just
do
the
back
to
the
normal
in
the
situation.
B
B
The
last
slide,
basically
summarize
the
change
in
this
version
because,
for
example,
Jane
lose
some
comments
in
the
last
ITF
attack.
Certain
solution
that
will
rebuild
are
as
environmental.
So
in
this
version
we
pointed
all
of
this
out
mentioned
that
well,
the
file
names
will
not
be
called
ND
deployment
because
ND
is
a
single
protocol,
so
we
change
the
file
name
to
end
the
consideration.
B
Something
also
always
the
point
that
if
we
do
unique
prefix
per
holes,
then
each
host
can
take
a
slash,
64
or
even
slash
56
and
it
seems
to
consume
a
lot
of
address,
but
the
job
actually
have
a
discussion
on
this
deck.
Given
that
at
the
moment
that
the
magnet
rir
can
give
you
a
slash
29
without
without
the
need
of
all
justification
almost
then
we
really
have
sufficient
slash
64
for
every
host,
and
if
we
do
this,
actually
it
can
avoid
a
lot
of
excuse.
B
So
we
also
highlighted
this,
and
there
are
some
other
comments
that
way
that
we
incorporated
in
this
version.
So
this
is
a
quick
update
of
the
draft
and
any
comments.
E
Okay,
can
you
hear
me?
Yes?
Okay,
thank
you,
hello.
Everyone.
This
draft
is
about
a
framework
of
epithesis,
only
another
network,
the
multi-to-me
networks.
It
has
been
presented
in
IHF,
103
and
114,
but
the
next
two
revealed
again
next,
please.
E
Next,
okay,
the
objective
of
this
draft,
as
we
all
know,
ipv4
as
a
service
basic
requirement
of
for
ipv's
only
annually
networks
when
ipv4
protocol
is
disabled.
The
network
should
not
only
carry
relative
IPv6
service
but
also
ensure
that
the
remaining
ipv4
serves
running
normally,
and
it
does
not
impact
on
user's
components.
Based
on
this
consideration,
the
objective
risk
framework
is
to
provide
end-to-end,
ipv4
service
delivery
or
multi-domain
ipvc's
only
other
networks
and
improve,
and
to
improve
data
for
efficiency
by
eliminating
unnecessary
ipv4,
IPv6
converance
in
a
scalable
way.
E
This
is
a
problem
focused
based
on
our
experience.
During
the
past,
IHF
has
designed
many
activities.
Technology
each
have
different
fpv4
activities,
converter
gateways,
it
can
be
encapsulation
based
or
translation
based.
Some
are
still
full
on.
Some
are
stillies
here.
Xl8
is
a
general
term
to
represent
various
fbv4
IPS
gateways.
The
network
community's
figure
is
used
as
a
general,
as
a
user
figures
is
a
multi-dominant
Works,
which
consists
of
ES1,
as2
and
as3.
Each
domain
serve
different
scenarios
in
production
network
two
support
activities,
only
EGS
uses
corresponding
transition
technology.
E
There
are
six
different
gasoline
Gateway
in
this
case.
If
applicable,
user
is
trying
to
access
ipv4
service,
their
IP
basis,
email
Network,
the
data
stream
need
to
Traverse
as1
as2
as3
when
ipv4
packs
reaches
the
edge,
is
one
they
are
converted
into
IPv6
package
by
episode,
one
and
then
converted
ipv
for
packs
by
absolute
2
as
egress.
Well
fts2,
they
are
converting
to
activities
package
again
and
process
is
same
way
as
ES1,
and
the
process
in
answer
is
the
same,
except
for
the
excellent
gateways
are
different
from
the
prospective
operators.
E
Excessive
excellent
gateways
makes
Network
complex
and
the
increase
in
Opex
as
well.
Moreover,
Activity
six
data
pass
for
ipv4
delivery
is
not
going
to
end.
It
is.
Com
is
component
by
multiple
discontinuous
tunnels.
Some
people
may
say,
if
also
as
use
the
same
transition
technology,
the
problem
can
be
sold,
but
that's
not
the
case.
No
single
existing
technology
can
solve
the
transition
problem
of
other
scenarios.
There
are
some
existing
IPv6
only
for
Transit
records,
such
as
that
in
RC
5565,
which
network,
which
proposed
to
use
bgbination
Hub
as
a
tunnel
in
the
pawn
address.
E
E
Therefore,
we
need
a
new
framework
which
can
set
up
end-to-end
activities.
Time
or
translation
based
did
pass
across
multi-domains
near
secure
and
scalable
way,
so
as
to
transfer
ipv4
service
from
linguous
to
the
egress
key
without
any
transition
function
in
the
middle
of
the
data
path.
E
Next,
please
so,
in
this
framework,
UTP
will
be
allocated
and
under
defined
by
at
least
one
activists
making
prefix.
It
will
also
have
one
or
more
Associated
ipv4
address
block
which
are
extracted
from
the
local
app
before
routing
table
or
dress
code.
The
American
relationship
between
ipv4
address,
block
and
IPv6
mapping
prefix
is
called
address.
E
The
first
one
is
room
management
layer
which
is
in
charge
of
the
American
rules
starting
local
database.
The
second
one
is
routing
processing
layer
with
which
the
mapping
rules
can
be
propagated
within
across
ipvc's,
only
domains
to
provide
a
beautiful,
reachability
information
to
other
peas,
which
may
be
cross
domains.
Actually,
the
changing
of
the
prefix
might
pin
for
activities
only
has
happened
and
as
an
Access
Network
such
as
that
defined
EFC
7050
in
the
ds64,
but
is
exchanging
a
mapping
prefix
in
Trend
call
is
still
black.
Now
this
solution
will
fill
the
gap.
E
A
data
forwarding
layer,
support,
ipv4
delivery
by
incapitalization
or
translation.
With
this
design.
We're
happy
before
package
reach
the
previous
online
work.
The
Ingress
pu
will
use
address,
mapping
rules
to
generate
corresponding
IPv6
cells
and
desolation
address
of
the
new
header
from
its
original
ipv4
source
and
desolation
address.
The
ipvc's
package
generally
are
sent
to
the
red.
Egress
PE
will
not
be
converted
to
fpv4
package
on
the
way,
so
it
is
end
of
the
end.
Imitation
there's
no
need
to
make
a
user
related
status
or
translation
tables
as
PE,
so
this
approach
is
scalable.
E
E
Production
Network
so
far,
it
includes
metro
area
network
at
the
backbone
and
quality
centers.
Totally
there
are
five
domains.
Our
practice
show
that
this
framework
is
feasible
and
valuable.
Moreover,
it
is
compatible
with
existing
abuses.
Only
techniques
such
as
6-4
the
464
absolate
in
this
way,
metal,
6,
4
device
and
P
or
multi-domain
will
converge.
So
the
current
phase
interface
and
the
core
phase
interface
are
both
IPv6.
Ipv4
server
will
be
delivered
from
user
terminal
to
the
equity
directly.
E
This
it
can
also
have
to
be
extended
to
more
as
Network
operated
by
different
operators.
So
I
think
this
is
only
the
past
can
be
by
multiple
operating
networks.
Next,
please,
but
we
have
received
another
comments
since
it
was
presented
on
behalf
of
all
the
classes.
I
explained
expressed
sincere
thanks
next,
please.
E
On
Commons
received
with
17,
had
been
made
since
ietf
114.
Firstly,
srv6
is
removed
from
the
quantities
based
on
the
comments
of
Veronica.
In
particular,
the
framework
does
not
specific
T
techniques
as
mentally,
and
that's
the
security
consideration
section
was
updated
based
on
the
comments
from
Gene,
and
then
we
also
made
reviewing
to
reflect
the
outcome
of
discussion
with
Qing
and
the
other
unlimited
list.
E
E
This
class
is
drawn
to
work
our
Channel
Telecom
Sun
at
Verizon
orange,
so
it's
called
the
card
number
is
zero.
Five.
We
think
the
document
is
ready
for
a
call
for
adoption,
so
more
commonly
welcome
is
Europe.
Thank
you
for
your
attention.
Please
question.
F
Okay,
our
champion
from
Huawei,
in
fact
I.
This
is
the
pay
attention
to
this
drop
dance
solution
for
a
long
time.
In
fact,
I
think
YouTube
propose
the
Practical
solution
for
the
implementing
the
IPv6
only
across
multiple
domain,
and
also
because-
and
this
is
database
solution
and
with
match
this
capability
advantages.
So
I
think
this
draft
is
the
solution
proposed
and
architecture
does
work
well.
So,
in
addition,
I
think
this
is
related
with
also
related
with
some
of
this
solution
in
the
control
plane
on
the
data
plane.
B
G
Hi
hi
everybody
I'm.
Also
the
co-author
of
this
draft
and
okay,
you
may
know
like
we
are
doing
stylish
translation
of
those
currency
and
we
have
the
solution.
I
mean
ITF,
has
solutions
for
the
prefix
fighting,
for
example,
70
50
or
the
ND
to
sign
the
prefix
or
DHCP
to
give
like
ours.
So
currently
we
are
working
like
internet
and
China
Telecom
try
to
work
on
Cross
domain
to
pass
this
kind
of
transition,
information
across
domains.
G
B
H
This
is
a
couple
of
drafts
on
extension,
header
testing,
yeah
troubleshooting
next
slide,
please.
H
So
what
I'm
going
to
give?
You
is
the
background
of
the
problem
and
why
we
think
topologies
are
important
and
then
the
framework
of
how
we
want
to
proceed
on
this
set
of
troubleshooting
drafts
next,
please
so
so
in
the
background.
So
we
started
testing
this
before
gosh,
maybe
about
six
seven
months
ago,
and
the
impetus
really
was
is
there
were
quite
a
few
studies
showing
that
there
were
huge
numbers
of
packet
drops
with
extension,
headers
and
so
in
our
own
testing
for
our
own
extension
header.
H
We
had
found
that
in
fact
it
all
seemed
to
work
just
fine,
and
so
then
what
we
wanted
to
do
was
to
see
exactly
why
things
were
not
working
and
where
things
were
not
working.
So
then
we
decided
to
come
up
with
a
methodology
for
why
we're
seeing
it
and
so,
for
example,
from
last
time
we
presented
at
the
iepg-114
we
tested
to
what
I'll
call
is
naked
servers,
the
the
1980s
topology
of
the
internet,
which
is
you
have
a
client.
You
have
the
internet
and
you
have
a
server.
H
So
that's
what
we
had.
We
had
a
surfer
and
everything
just
went
right
flat
out
onto
the
internet.
There
was
no
intervening
network,
but
but
there
were
Transit
networks,
of
course,
but
no
intervening
set
of
servers.
You
know
an
edge
to
bound
it,
for
example
behind
a
CDN
or
on
a
cloud
Network,
and
what
we
did
is
we
said
well
we're
going
to
try
and
go
across
multiple
continents.
H
I
mean
so
you
know
we're
a
small
non-profit
and
we
don't
have
like
you
know,
zillions
of
dollars
for
this,
and
so
we
said
well,
let's
at
least
see
if
we
can
get
servers
through
multiple
continents
and
a
background.
What
we
put
in
is
we
had
at
this
point.
We
had
free
BSD
servers
with
a
patch
to
the
kernel
so
that
they
would
send
out
an
extension
header
with
every
single
packet,
because
what
we
wanted
to
test
was
real
data.
H
You
can
craft
packets,
but
but
we
felt
that
it's
much
safer
and
much
more
Assurance.
If
you
can
do
like
an
actual
application
traffic,
because
then
you
don't
have
to
worry
about
you
know,
is
your
packet
being
seen
as
a
sin.
Flood
attack
dos
attack.
Anything
like
that.
So
what
we
did
is
we
sent
large
ftps
and
you
can
see
we
sent
them
from
Toronto
to
Warsaw
to
Seattle
Frankfort
everywhere
we
sent
this
huge
FTP.
It
all
worked
next,
please
so
so
why
are
we
seeing
different
results?
Is
it
a
difference
in
topology?
H
Is
it
because
we
have
a
standalone
server?
Is
it
the
type
of
eh
the
size?
You
know
so
there's
a
lot
of
different
reasons
that
might
be,
or
is
it
something
else
next
please?
H
So
what
we
wanted
to
do
was
develop
a
clear
set
of
methodologies
to
say:
okay,
look!
These
are
the
if
you're
in
this
topology.
These
might
be
your
issues
if
you're
not
seeing
extension
headers,
for
example,
it
could
be
completely
unrelated
to
the
EXT
presence
of
an
extension
header.
For
example,
we
found
that
for
certain
cdns
IPv6
itself
is
disabled
on
the
other
side
of
the
CDN.
So
it
should
be
no
surprise
that
if
IPv6
itself
is
not
supported
well,
then
quite
likely
E8
also
is
not
going
to
be
supported
next,
please.
H
So
these
are
the
topologies
we
looked
at
and
in
the
next
draft,
I
will
talk
in
particular
about
what
I
call
the
naked
topology
client
internet
server.
That's
the
simplest
easiest
to
understand,
and
then
so,
let's
start
with
that,
the
CDN
topology
can
be
quite
interesting
because
you
have
to
then-
and
we
tested
this
by
moving
our
own
FreeBSD
server,
which
sends
extension.
Headers
we've
moved
our
own
server
behind
the
CDN,
so
we
can
control
it.
H
We
could
take
packet
traces
over
there
and
on
the
other
side,
and
I
am
happy
to
share
the
packet
traces
with
anybody
who
would
like
them.
So
you
can
see
for
yourself
and
I
can
point
you
to
the
documentation
of
the
various
CDN
servers.
If
you
would
wish
to
try
this
yourself,
we're
also
trying
the
the
cloud
provider
scenario
next
next,
please.
H
So
this
is
the
simplest
topology,
what
happens
and
again
in
some
ways,
sometimes
when
we're
at
the
ietf
I
feel
like
this
is
the
topology
that
we
are
all
talking
about,
whereas
in
reality
this
is
quite
infrequent
that
this
is
the
topology
that
we're
talking
about.
It
is
sometimes
the
topology
we're
talking
of
next,
quite
often,
for
example,
if
you
go
to
the
Alexa
top
1000
or
top
one
million
or
top
whatever
to
the
most
trafficked
websites,
they
are
behind
at
a
minimum
one
CDN,
possibly
multiple.
H
If,
for
example,
sir,
if
you're,
a
video
streaming
company,
you
may
have
at
an
actual
CDN
presence,
you
may
be
also
behind
a
CDN
that
your
ISP
provides.
You
may
have
a
contract
with
them,
so
the
topology
becomes
quite
important,
because
I
will
talk
about
this
more
next
time
when
we
talk
about
cdns
but
to
spoiler
alert.
What
we
have
found
is
that,
quite
often
if
packets
are
not
dropped
out
right
by
the
CDN
cache
server
Adam,
the
the
E8
is
not
passed
all
the
way
through.
H
So
again,
this
is
quite
interesting.
Next,
please,
with
Cloud
providers.
It
becomes
again
quite
an
interesting
topology
and
set
of
experiences
are
anecdotal
experience
right
now
with
putting
our
extension
header
server
behind
one
particular
cloud
provider.
Is
that
with
when
you're
completely
stand
alone
on
the
internet?
Everything
works.
Fine,
the
minute
you
behind
you
move
behind
the
cloud
Survivor,
so
cloud
provider.
H
Again
it
stops
working
and-
and
let
me
let
me
tell
you-
we
have
two
CDN
providers
who
are
working
very
closely
with
us
to
try
to
fix
this
situation
and
the
first
cloud
provider
that
we
are
we
have
tested
with.
They
also
have
said
they
will
work
very
closely
with
us
to
find
out
exactly
where
in
their
Network,
things
might
be
done
because
again,
the
conversations
with
with
them
were.
H
We
did
not
realize
we
were
doing
this
so
so
that
is
actually
quite
interesting
that
people
are
not
necessarily
aware
that
they're
even
doing
this,
so
this
is
this
is
good
and
I.
Think
bodes
well
for
the
future.
Next,
please
so
so
this
is
our
plan.
H
We
will
have
a
set
of
drafts.
The
first
three
have
to
do
with
topology
and
I
am
sure
that
we
will
find
problems
and
during
each
of
these-
and
let
me
tell
you-
is
you
know,
I
I,
take
what
Fred
Baker
told
me
long
long
time
ago.
Hello
Fred
is
that
the
purpose
of
the
ietf
is
not
to
generate
documents,
but
it
is
to
solve
problems
on
the
internet
and
somehow
I
have
drunk
his
Kool-Aid
and
I
hope.
H
We
can
solve
some
of
these
problems
and
again
that
once
we've
done
the
topology
ones,
we
will
then
move
to
a
particular
pieces
of
equipment,
because,
just
at
the
hackathon
in
ietf
114,
we
found
a
router
bug
preventing
eh
transmission.
So
this
is
why
we
want
to
go
very
slowly
and
methodically
and
go
through
all
the
potential
topology
energies
and
all
the
potential.
H
I
I
Just
very
very
stupid
question:
my
brain
is
not
working.
How
is
the
trouble
shooting
packets
with
packet
drop,
with
extension,
header,
fundamentally
different
from
troubleshooting?
Any
other
packet
drop
you
might
see
between
sources
and
destination,
I.
Think
they're,
like
the
methodology,
will
be
more
or
less
the
same.
I
need
to
find
where
it's
dropped
and
look
in
the
device
which
is
dropping
it
so
I'm,
just
not
sure
of
what
is
so
different
that
we
need
to
focus
on
its
specifically
instead
of
providing
maybe
General
guidance
to
operators,
how
to
turbo
should
start.
H
There's
a
very
interesting
question:
Jen
very
interesting,
I
think
I.
Think
no,
no,
very,
very
interesting
because
sometimes
in
fact
the
packet
drop
is
because
of
IPv6
itself,
but
I
hang
on
one
second,
but
I.
H
Think
the
difference
is,
is
that
in
today's
Networks
there's
a
specific
you
have
to
go
out
of
your
way
to
send
extension
headers
and
to
send
them
at
different
sizes
and
different
kinds,
and
and
so
I
think
that
is
the
difference
and
right
now
what
we
have
been
doing
is
sending
just
our
own
PDM
destination
options,
because
that
is
what
we
have
as
a
real
extension
header.
H
We
are
redoing
our
methodology
so
that
we
have
We've
implemented
our
our
stack
in
ebpf,
which
can
send
different
kinds
of
extension,
headers
and
different
sizes
and
so
forth.
So
so
I
think
that's
where
we
will
add
on.
Do
you
see
what
I
mean.
I
Yeah,
in
this
case,
I
I
think
what
would
be
very,
very
useful
addition
to
your
draft
is
to
provide
guidance,
how
exactly
shared
those
headers
right,
because
people
who
would
need
the
guidance
on
how
troubleshoot
Network
probably
have
no
slightest
idea
how
to
insert
a
random
field
in
a
random
IP
packet
right.
Maybe
some
links
to
implementations
and
so
on
would
be
useful
in.
J
Thanks
thanks
nalini,
so
I'm
not
sure
exactly
how
you're
doing
it,
but
I
do
have
an
answer
for
Jen.
So
I'll
just
run
it
by
you
see
what
you
think,
okay
great,
so
what
we
can
do
is
probably
do
two
tests
in
parallel,
one
for
just
IPv6
packet
without
the
headers
and
one
with
headers
right
at
the
same
time
and
then
collect
the
statistics
and
then
have
a
null
hypothesis
of
it
doesn't
make
a
difference.
And
if
you
get
a
p-value,
that's
smaller,
then
we
do
it
I.
J
H
No
Suresh,
you
are
so
right
that
actually
is
exactly
in
the
draft,
and
that
actually
is
exactly
what
we
did
is
is
but
I
think
her
point
was
a
little
bit
different.
Is
that
in
some
ways
it
is
true
that
that,
if
that
in
either
case
it
could
be
a
firewall
setting,
it
could
be
the
topology
and
so
on,
but
after
that
the
next
step
is
what
you
say,
and
that
is
actually
in
our
draft
too,
and
that
is
what
we
did
is
we
said.
Yes,
it
passes
without
the
extension
header.
K
Gory
first
wow
this
is
high,
and
so
what
is
your
intention
with
the
recommendations
that
come
out
of
this,
because
I
see
two
different
pieces
here,
I
see
if
we're
going
to
deploy
and
operate
extension
headers,
we
need
ways
of
knowing
and
managing
that
operation
and
the
paths
that
support
it,
but
there's
also
guidance
on
how
the
extension
headers
should
be
implemented
and
how
they
should
be
used
by
the
end
points.
The
end
nods
is
that
other
part
starting
Sixth
Man,
or
is
there
some
oval
up
here?
No.
H
Yeah
yeah
stop
right
there,
no,
no,
no
go
back
to
one
go
up,
one
more:
okay,
yeah,
a
really
good
question,
I
mean
and
really
good
point
gory.
There
are
two
different
things:
well,
maybe
even
three
one
it's
like
if
I
am
a
designer
of
a
certain
protocol
or
whatever
and
I
wish
to
use
a
particular
extension
header.
What
should
that?
What
should
be
done?
Two,
if
I'm
a
user
of
said
protocol,
you
know,
then
what
should
be
done.
That's
very
true
and
then,
but
really
I.
Think
there's
there's
okay!
H
Now
this
is
kind
of
a
morass
but
there's
actually
three
four
five
and
six,
which
is
which
is,
if
I
am,
for
example,
a
router
vendor
or
if
I
am
a
load,
balancer
vendor
or
if
I'm,
a
CDN
or,
if
I'm
a
cloud
provider.
What
should
what
should
be
done
and-
and
that's
a
very,
very
interesting
topic
you
raised
gory
and
one
of
the
things
I'm
kind
of
thinking
is
that's
why
we
want.
H
We
want
to
figure
out
some
of
the
problems
and
once
we've
figured
out
some
of
the
problems
and
maybe
even
fix
some
of
them,
then
at
the
very
last
thing
then
then,
maybe
we
do
a
BCP
and
the
BCP
really
is
I.
Think
quite
interesting,
because
it's
more
it's
it's
like
it's
like
what
should
people
be
doing
and
for
certain
extension
headers
what
extension
headers
should
be
encrypted?
What
should
be
authenticated?
H
K
K
So
we
need
to
split
apart
the
protocol
recommendations
which
I
think
probably
belong
in
in
in
six
months,
from
the
operational
considerations
which
are
equally
important
but
tell
you
how
to
configure
how
to
use
how
to
test
how
to
know
it's
working
and
I
think
we
have
to
clearly
separate
these
out
or
we'll
end
for
some
really
big
morass,
as
we
start
to
make
the
recommendations.
No.
H
No
really
really
good
point
gory
and
of
course
you
know,
do
I
mean
for
everybody.
I
mean
please
do
contact.
We
have
a
pretty
big
team,
helping
and
working
with
us
already,
and
anybody
that
wants
to
you
know
work
on
this,
especially
people
who
have
commented
at
the
mic,
such
as
gory.
If
you
got
ideas,
you
know
yeah
great,
perfect.
H
H
H
Hello
yeah,
so
this
is,
as
I
say,
slightly
joking
I
suppose
about
1980s
topology.
So
we
have
the
client.
You
have
the
internet
with
multiple
Transit
networks,
whatever
and
a
server,
and
so
let's
just
do
that.
So
then
we've
got
that
and
in
and
in
our
case
our
our
server
was
eh,
enabled
and
and
again
I.
There
are
multiple
ways
to
to
do
this
and
what
Jen
said
was
very
interesting
and
and
I.
H
We
have
to
think
whether
to
make
our
code,
which
is
a
work
in
progress
to
be
available
to
others,
to
test
with
very
I,
have
to
think
okay,
but
that's
kind
of
the
topology
next,
please
so
so
that's
the
question
really
is
like
what
do
you?
H
How
are
you
going
to
be
able
to
send
EHS,
there's,
there's
a
bunch
of
different
ways,
as
I
say:
I'm
kind
of
a
bigot
on
the
the
send
it
with
real
data,
because
because
you
know
I
feel
like
you
know,
I
mean
there
is
awesome,
awful
smart
people
who
know
how
to
craft
packets
perfectly
and
can
send
them
so
that
it's
not
a
you
know
seen
by
anybody.
As
a
sin.
Flood
attack
or
a
Dos
attack
and
stuff.
You
know
I
want
to
keep
it
simple
for
myself.
H
You
know:
I'm,
like
okay,
I'm,
just
gonna,
send
an
FTP.
I
know
what
it
is.
I'm
gonna
do
a
curl.
I
know
what
it
is.
It's
doing
a
real
session
I,
don't
have
to
worry
about
sequence
numbers
any
of
that,
and
so
so
then
I'll
do
that.
So,
but
you
have
to
make
that
decision.
How
are
you
going
to
do
this?
How
are
you
gonna?
You
know?
That's
a
decision
point.
There
are
there's
lots
of
packages
that
you
can
craft
extension
headers
with.
H
But
how
are
you
going
to
add
them
and
what's
going
to
be
the
content
of
it
and
then,
of
course,
what's
the
rate
of
sending
and
sampling
because
you
know
I
mean
you
know
as
I
say,
if
you
send
like
20,
TCP
sin,
packets
and
and
you're
not
doing
the
if
you've
crafted
it
and
you're
not
doing
the
entire
synax
sequence,
then
you
could
be
falling
into
sin.
Flood
attack
protection.
H
So
what
you're
testing
is
something
entirely
different
from
what
you
think:
you're
testing,
or
even
even
hitting
up
a
performance
enhancing
proxy
or
who
knows
what
which
is
responding
to
you.
So
again,
you
know
I
want
to
keep
my
simple
brain
simple,
so
I
like
craft
I,
like
actual
data,
but
you
have
to
make
these
decisions
okay,
so
next,
so
then
what
we
did
is
the
first
thing,
which
is
the
way
we're
doing
it,
which
is
that
we
have
a
test
server,
enabled
to
send
eh
with
every
packet.
H
H
Well,
then,
okay
I
mean
right
so,
but
this
is
what
we
did.
We
had
a
test
server
and
now
and
now
it's
an
Ubuntu
server
with
ebpf
sending
eh
with
every
packet,
and
then
we
put
up
I,
believe
we
put
up
Apache
and-
and
we
put
up
a
huge
old
index.html,
so
that
in
our
case
not
only
does
it
send
back
the
Doh
extension
header,
but
it's
fragments,
and
so
we
got
fragment
headers
coming
back
and
then
the
most
important
thing,
in
my
mind,
is
taking
a
packet
trace
on
both
sides.
H
H
So
this
is
what
we
did
and
and
so
so
what
we
did
is
just
we
configured
it
first,
not
to
send
extension.
Headers
did
the
thing,
and
then
we
did
an
HTTP
curl
to
see
if
that
got
through
and
then
go
ahead
and
sent
an
eh,
and
you
may
also
want
to
send
to
just
the
IP
address
and
not
a
DNS
name
to
you
know
to
eliminate
that
part,
and
then
you
can
of
course,
elaborate
send
DNS
names
whatever
next.
H
H
H
So
in
the
next
thing
again,
we
I
think
we
need
to
discuss
how
to
craft
packets
and
do
it
if
you're
using
a
crafting
methodology,
because
then
you,
you
probably
can't
do
a
curl,
but
then
so
we'll
do
some
some
recommendations.
I'm
tentatively
thinking,
send
a
few
TCP
sin
packets
and
and
see
what
you
get
back.
H
We've
tried
crafting
UDP,
packets,
icmp
packets,
too,
but
I
think
probably
sending
just
a
few
tcps
in
is
the
way
to
go,
and
then
we
will
add
more
discussion
and
troubleshooting
where
to
look
at
the
problem
with
more
troubleshooting.
Is
that
if
it
works
without
eh?
H
That's
one
thing:
if
it
works,
then
it
stops
working
with
EH.
It's
a
that
becomes
problematic.
That
may
need
to
wait
for
some
of
the
other
drafts,
because
then
you
need
to
think
you
can
test
some
things
fairly
easily
like.
H
Are
you
dropping
it
right
at
your
Source
or
not,
but
some
of
the
other
things
if
it
is
indeed
going
behind
if
it's
in
a
Transit,
Network
and
so
on,
or
if
it's
at
some
kind
of
router,
then
as
I
say
as
we
get
down
the
road
on
this,
we'll
have
more
guidance
at
that
part.
So
some
of
this
will
be
limited
guidance
at
this
point,
but
as
the
other
Drafts
come
along,
then
we'll
have
more
discussion
there.
Okay,
anything
else,
yep!
H
So
that's
it!
That's
it
for
this
draft
and
we'll
be
working
on
the
CDN
and
cloud
provider
drafts
as
they
come
along
any
thoughts
questions
all
right.
Everybody
got
their
thoughts
and
questions
with
the
last
draft
yep.
Okay,
oh.
B
L
Hello
Anthony,
you
mentioned
in
the
test
that
you
would
send
TCP
syn
packets
in
your
testing.
Are
you
willing
to
go
through
the
world
since
sequence,
because
I
think
that
if
you
just
send
TCP
since
to
probe,
you
will
be
blacklisted
by
Sin
Sin
food
prevention
mechanisms?
No.
H
No
I
told
totally
hear
you
I
totally,
hear
you
and
and
but
see
that's.
Why
I
like
to
have
the
application
send
it
gets
tricky
when
you're
crafting
packets
to
do
a
synapse
sequence,
but
I
totally
hear
you
and-
and
let
me
is
it's
a
good
point.
Let
me
think
how
I
can
craft
a
sequence
of
packets
yeah?
No,
no
totally
good
yep.
L
Usually,
people
that
were
testing
mptcp,
we
are
injecting
things
at
the
circuit
level
in
in
Linux
by
overloading
the
memory
space
memory
circuit
options.
So
this
is
something
that
you
can
do
inside
the
application,
so
you
can
loads
or
get
options
beside
the
application
and
inject
parameters
that
the
toolkit
is
taking
into
account
to
craft
the
packet.
So
maybe
this
is
the
way
a
way
you
want
to
do
for
your
testing.
H
M
Hey,
did
you
see
any
pocket
drops
related
to
M2
issues
and
did
you
distinguish
this
package
drops.
A
H
Yeah,
no
okay.
So
in
our
testing
with
what
I'll
call
the
naked
servers,
we
saw
tons
of
fragmentation
and
we
did
not
see
packet
drops
due
to
MTU
issues.
We
we
again
again.
H
This
was
limited
testing
that
we
did
because,
let's
add
this,
there
was
a
sad
story
with
the
free
BSD
we
had.
We
ran
into
it.
We
had
an
old
kernel
that
we
couldn't
get
get
upgraded
and
couldn't
register.
So
we
were
rewriting
the
code
in
ebpf.
H
That
is
something
that
super
concerns
me
is
MTU
drops,
because
we
need
because
right
now
what
happened
is.
Is
these
these
servers
had
a
big
old
interface?
It
had
a
huge
interface
which
is
actually
good,
because
then
we
saw
fragmentation,
but
if
we
go
from
a
small
interface
or
something
like
that
and
we
start
doing
Source
fragmentation
yeah,
we
have
to
see
about
MTU
issues
very
good
point.
We
haven't
gotten
there
yet
in
in
this
bare
set
of
testing.
We
didn't
see
it.
N
H
Great
great
so,
let's
talk
and
then
maybe
maybe
we
can
use
your
tool
and
do
the
methodology
for
the
how
to
do
crafted
packets.
We
talk
offline
yeah,
that's
perfect
because
as
I
say,
it's
a
we
concentrate
on
the
the
the
real
application,
but
I
know
you
guys
are
doing
some
great
work,
and
so
is
it
will
be
very
good
to
collaborate
yeah.
Thank
you.
Anna
thanks.
H
No
yeah,
then
I
don't
have
anything
I
guess
the
question
would
be
then
it's
a
question
for
the
chairs
and
the
group
is
is,
is
this
work
that
we
want
to
take
on
or
maybe
after
it
matures,
but
at
some
point
I
suppose
we
had
to
make
that
decision.
P
Okay,
thank
you.
So,
in
my
draft,
I
just
accumulate
some
some
test
results,
which
I
hope
can
help
the
network
operators
to
to
find
the
right,
IP
version
for
the
service
technology
for
their
networks,
and
we
could
you
go
to
the
next
slide.
Please.
P
Thank
you.
So
currently
we
tested
464xlat
and
map
D
regarding
their
scalability,
and
we
had
the
privilege
that
we
could
use
the
same
implementation
for
both
Technologies.
So
Jewel
was
recommended
a
few
ideas
ago
and
it
implements
currently
both
464
xlat
and
map
T.
So
we
could.
P
We
could
test
both
Technologies
with
the
same
implementation
just
to
to
avoid
the
problem
that
that
different
implementers
we
can
do
better
or
reverse
job,
so
the
testing
method
was
that
we
use
the
customer
Edge
and
the
provider
Edge
devices
together
and
Benchmark
them
together,
and
we
used
DNS
traffic
for
testing
just
because
we
had
a
DNS
testing
tool
which
which
we
use
for
for
testing,
sending
packets
and
and
receiving
back
the
packets.
Could
you
go
to
the
next
slide?
Please,
foreign.
P
Thank
you.
So
this
is
the
measurement
setup
it
was
used
for
for
both
Technologies
and
before
those
Technologies.
We
also
debted
them
as
just
two
routers
were
there
just
to
test
the
the
performance
of
the
the
system.
So,
on
the
bottom
left
corner,
you
can
see
IP
version
for
client
running
the
DNS,
64
Plus
testing
program
and
the
bottom
right
corner.
You
can
see
other
IP
version,
4
server
running
the
convert
DNS.
P
It
was
just
used
to
to
answer
the
queries
and
it
has
high
enough
performance
without
these
sealer
10
pilot,
when
we
just
tested
them
with
routers,
we
achieved
two
million
packets
per
second,
so
it
was
made
more
than
enough
that
to
test
the
Technologies.
So
on
the
top
left
corner,
you
can
see
the
signal
in
the
top
right
corner.
You
can
see
the
pilot
of
4648
slot
and
they
were
connected
by
10
gigabit
links
using
vlans.
Could
you
go
to
the
next
slide?
Please
thank
you.
So
you
can
see
very
little
change.
P
P
Thank
you.
So
we
tested
the
performance
of
the
system
regarding
how
it
scales
up
with
the
number
of
CPU
cores.
So
in
both
devices
the
the
customer,
Edge
and
provider
Edge
devices,
we
increased
the
number
of
active
CPU
cores
from
one
by
doubling,
then
their
number
up
to
16.
P
and
we
use
the
binary
search
to
find
the
highest
rate
at
which
near
the
order
values
were
resolved
within
timeout
time.
We
allowed
0.01
percent
packet
loss,
and
here
are
the
parameters
just
to
have
everything
here:
the
the
published
servers
and
we
use
Debian,
Linux,
10
and
Joule
4.2.
It
was
just
a
release
candidate,
because
that
time
it
was
not
fully
released,
but
we
had
to
use
the
same
version
for
both
Technologies
to
be
fair
with
them.
Could
you
go
to
the
next
slide?
P
Thank
you.
So
here
are
the
results
for
464x
that
here
you
see
the
number
of
active
CPU
cores,
both
in
the
silat
and
pilot
and
here
the
results.
Of
course,
the
most
interesting
things
are
the
medians,
because
we
executed
the
test
for
10
times
and
calculated
the
medians
and,
of
course,
we
also
added
a
minimum
maximum
here
to
show
that
the
results
were
quite
consistent.
P
But
it's
here,
the
the
the
the
law
of
diminishing
returns
that
even
if
we
double
the
number
of
CPU
cores,
it
doesn't
scale
up
well
about
four
cores
yeah
you
can.
You
can
see
some
some
strange
thing,
that's
why
it
was
just
43
percent
at
two
cores
and
then
79
that
Focus.
The
explanation
is
very
simple:
we
use
the
CPU,
which
has
a
kind
of
new
architecture
that
the
even
no
number
of
CPU
cores
that
is
to
so
of
course,
zero.
P
Two
four
six
belong
to
number
node
zero
and
the
odd
number
of
cores
one
three
five
ETC
number
node
one
and
from
one
note
to
two
core:
when
we
changed
we
we
can
to
have
an
numer
homogeneous
system
and
then,
after
that
it
was
always
homogeneous.
So
there's
not
no
such
problem.
Could
you
go
to
the
next
slide?
P
Please
thank
you
and
you
can
see
that
the
same
thing
also
happened
with
map
d,
the
increase
from
two
cores
to
four
courses
higher
than
for
one
quarter,
two
cores,
but
the
ink
is
always
much
higher
than
than
with
464x,
so
it
shows
a
much
much
better
scale
up
much
better
scalability.
Even
this
is
42
percent
increase
when
we
use
16
cores
instead
of
eight
cores,
so
we
can
say
that,
as
expected
map
t
scale
of
better
than
465
flat,
could
you
go
to
the
next
slide?
P
P
Yes,
that's
it
so
here
are
results.
We
published
in
a
paper
This
Is,
An,
Open,
Access
paper.
So
if
you're
interested
in
the
details,
you
can
check
our
measurements
and
now
I
have
the
question.
If,
if
you
find
these
things
interesting
or
useful,
as
as
Network
operators
and
yeah
I
can
see
that
Eric
is
in
the
queue.
Thank
you.
P
O
P
The
queries
came
from
different
UDP
ports.
Of
course
the
queries
were
going
all
to
UDP
Port
53,
but
we
used
different
Source
ports
because
we
wanted
to
use
LSS
receive
site
scaling,
so
we
used
okay,
the
details.
We
used
16
cores
to
send
queries
and
under
16
cores
to
receive
the
replies
at
the
client
at
the
tester
and
as
far
as
I
remember,
100
different
Source.
Force
numbers
were
used
per
sending
cores
so
all
together,
1
600
different
Source
port
numbers
were
used.
P
O
P
We
used
a
multiple
Source
port
numbers
to
to
enable
NSS
to
share
the
interrupts
between
the
CPU
cores
of
the
of
the
servers,
so
they
were
more
or
less
equally
shared,
so
it's
enough
to
distribute
the
interrupts.
So
if
we
used
much
much
more
Source
support
numbers,
then
we
would
have
exhausted
the
port
number
limit
port
number
set
of
the
CE
device
of
map
D.
So
we
couldn't
use.
G
D
I
just
have
a
comment.
One
of
the
questions
that
I
get
asked
quite
frequently
when,
when
working
on
some
of
the
V6,
only
projects
that
I'm
on
is
the
scalability
issues.
So
the
more
data
that
we
have
on
different
platforms
that
are
available
I
think
the
better
off
will
be
so
I
just
wanted
to
say.
Thank
you
for
putting
the
time
and
effort
into
testing
these
things
and
sharing
your
results.
P
D
Q
I'll
just
hold
this
hello,
my
mocha
from
the
White
Project
today,
I
want
to
be
I,
want
to
talk
about
IPv6,
only
intuitive
resolvers
utilizing
the
last
64.
Q
and
I
submitted
this
draft,
because
I
had
a
niche
problem
and
I
wanted
a
niche
solution
and
I
wanted
to
document
it,
and
today
I
want
to
talk
about
this
and
ask
you
if
you
think
this
is
worth
documenting
or
if
it's
just
rubbish
so
next
slide,
please
so
motivation.
Q
Q
This
is
because
there
are
ipv4,
only
also
their
service
and
IPv6
only
so
this
cannot
talk
to
ipv
for
only
Authority
service.
Q
All
other
applications
can
use
dns-64,
but
resolvers
can't
use
DNS
64
because
it's
the
resolver
it
it
won't
make
sense
and
clarification
by
IPv6.
Only
right
now
I
mean
like
it
only
has
an
IPv6
address.
Okay
next
slide,
please.
Q
So
this
is
a
like
a
picture
of
how
resolving
with
an
IPv6
only
intuitive
resolver
can
fail.
So
the
workers
dual
stack.
The
next
the
next
author
server
might
be
dual
Sac,
but
the
next
server
The
Authority
server
gives
me
the
next
Authority
survey
to
ask,
but
that
server
only
has
an
a
record
so
I
can't
so
the
iterative
resolver
can't
access
the
last
authoritative
server,
because
the
last
author
of
the
server
only
has
an
a
record
and
it
doesn't
have
a
cloud
a
record.
Q
So
this
is
a
reference
to
BCP,
91,
obviously
3901,
and
it
talk
in
section
4.
It
talks
about
how
we
need
a
preserved,
namespace
continuity
and
I'm,
going
to
read
this
out
loud
so
a
boost.
It
says
every
recursive
name
server
should
be
either
IP
people
only
or
draft
stock
and
for
the
authority
service
sites.
Q
It
says
every
DNS
Zone
should
be
sued
by
at
least
one
ipv4,
reachable
authoritative
names
of
it.
This
makes
sense
because
we
need
namespace
continue
it
continuity,
because
we
don't
want
to
not
be
able
to
resolve
zones.
That
would
be
sad,
but
we
also
want
IPv6
on
intuitive
service
because
they'll
be
fun.
So
next
slide
please.
Q
So
my
proposal
is
that
well
not
my
proposal.
It's
just
I'm
just
trying
to
document
this,
but
what
I
want
to
document
is
that
we
can
fulfill
the
sparrow
of
BCP
91.
That
I
just
showed
with
an
IPv6
only
resolver.
By
doing
the
ipv4's
IPv6
translation
inside
the
iterator
dissolve
and
making
it
quote.
Unquote,
dwell
stack
so
like
we
can
do
the
ipv4
to
the
IPv6
translation
in
the
application,
the
resolver
and
just
like,
translate
it
so
next
slide,
please
so
how
it
works.
Q
Q
This
is
done
by
applying
the
perf64
to
the
ipv4
address,
to
construct
ipv
computed
IPv6
address,
as
defined
in
ofc
6052
or
maybe
I
should
have
coded
different.
Oh
see
that
I
just
forgot
the
number
of,
but
okay,
so
how
to
obtain
the
prefix
for
of
the
not
64
64..
Q
So
there's
two
ways
to
get
per
six.
Four
one
is
just
use
static,
configuration
or
the
other
is
to
use
a
discovery
mechanism
and
discover.
There's
a
lot
of
Discovery
mechanisms,
but
the
pole,
control
protocol
or
whatever
advertisements
can
be
used
for
this
and
using
there's
other
mechanisms
like
using
the
mechanisms
describes
in
obviously
7050
using
ipv4.alpha
or
another
draft
V6
Ops,
not
64
SRV,
but
I.
Q
Q
That's
we're
just
doing
it
inside
the
resolve.
It
next
slide,
please
so
considerations
so
I
think
all
of
you
thinking
why
not
just
use
a
sealette,
because
that
will
solve
the
problem
and
we
don't
have
to
do
this
in
the
application
layer.
Q
That
is
true.
That
is
certainly
true,
but
on
most
applications
can
reach
ipv4
internet
by
a
dna64,
not
the
64.
and
an
iterative.
Resolver
is
the
oretically.
The
only
application
that
has
to
use
I
forgot,
the
name,
ipv
addresses
and
not
domain
names,
and
oh
wait.
Oh
yeah
and
it
did
an
iterative
server-
is
the
only
application
that
cannot
utilize,
dns64
and
I
thought
using
seal
at.
Q
Maybe
you
can
do
the
use
of
native
ibb6
on
the
machine
and
sealat
forces
keeping
ipv4
support,
so
I
think
there
may
be
people
who
disagree,
but
these
are
the
reasons
I
brought
up
next
slide.
Please
do
I,
have
any
slice
left,
oh
yeah,
so
implementations
not
yet
merge,
but
so
popular
data
softwares
or
implementing,
or
maybe
we'll
Implement.
These
features
on
this
there
are
PLS
for
it
for
bind
Mark
Andrews
has
his
work
and
Von
bound.
Q
Q
So
that's
why
I'm
here
so
I
want
to
ask
you
people
if
you
think
this
is
worth
documenting
as
an
informational
draft
or
not.
So
thank
you.
R
A
Hi
I'm
Rio
from
University
of
Glasgow.
Thank
you
very
much
for
the
talk,
I
think
right
now,
I
think
DNS
is
one
of
the
tricky
part
of
moving
on
to
V6.
Only
and
I.
Think
one
of
the
tricky
thing
about
moving
to
V6
is
once
again.
If
you
leave
any
of
the
V4
compatible
bit
or
first
to
keep
it,
then
people
won't
be
forced
to
move
on
I.
Think
so.
A
Thank
you
very
much
for
your
work
and
I
think
it
should
just
be
go,
should
go
ahead
as
an
informational,
I
think
it
is
a
very
useful
thing
to
document
and
keep
in
the
RSC.
Thank
you.
S
S
S
S
It's
something
that
we
really
should
be
trying
to
stop
having
to
do
more
and
more
and
more
fixes
for
Nat
six.
Four,
the
correction
Den
SX4-
and
this
is
we
keep
finding
more
and
more
things
that
dns64
doesn't
work
with.
We
knew
it
didn't
work
with
when
I
was
put
up
in
behave,
it
was
promised
to
be
a
short-lived
solution.
It
is
now
plus
10
years
that
is
not
short-lived.
Q
Q
I
can't
object
to
that.
I
can't
say
anything
to
that,
but
as
a
person
who
like
uses
these
mechanisms
using
DNS
64
and
not
six
four
is
the
easiest
for
people
to
use,
because
I
just
need
to
set
up
a
dns64
I,
don't
need
to
set
up
silats
to
the
end
hosts
so
like
it's
very
easy
to
just
set
up
a
dinner
six
foot,
so
I
think
that's
why
people
still
use
DNS,
64
and.
Q
If
people
still
using
it,
I
thought
it
might,
because
this
draft
isn't
going
to
make
people
use
DNS
6
for
more,
it's
not
going
to
increase
the
number
of
people
using
dns-64.
It's
just
gonna
increase
the
people
creating
iterated
resolver
inside
of
DNS
64.64
environment.
Q
So
yeah,
that's
my
response.
B
T
T
So
even
if
I
have
an
IPv6
only
Network
and
I
don't
do
not
six
four
for
my
applications.
This
can
help
me
achieve
IPv6.
Only
connectivity
to
some
domain
that
happens
to
only
have
before
authoritative
name
servers,
so
I
may
end
up
having
to
use
this
just
to
get
native
mistakes
working
because
the
domains
aren't
updating
and
I.
Don't
even
have
the
ns64
really
I
just
have
this
weight
for
my
for
my
resolver
to
reach
before
only
domains
in
the
internet.
S
Can
I
come
back
with
this
David?
It's?
This
is
a
DNS
64
Only
Solution,
really,
because
if
you
have
deployed
464x
slack
properly,
you
do
not
need
this.
S
T
S
M
Y
sort
of
agreeing
with
David
here
I
think
deploying
a
Nats.
Explorer
is
really
really
really
easy.
You
put
it
in
the
network,
you
point
64
ff9b
at
it,
and
you're
done
right.
So
this
is
also
really
easy
right.
If
you
have
some
code
on
DNS
in
a
recursive,
it
works
deploying
ipv4
as
a
service
is
kind
of
more
difficult.
You
need
to
like
deal
with
ipv4.
If
you
have
a
server
like
Linux
that
doesn't
do
clap,
then
it's
kind
of
annoying
right.
M
You
need
to
set
up
ipv4,
dhp
servers
or
whatever
other,
like
you
know,
annoying
stuff.
That's
you
know
not
well
integrated
with
distros
today,
so
this
is
sort
of
a
much
lower
cost
option.
I
can
see
why
we
don't
want
to
support
e0964
with
lots
of
hacks,
and
you
know
these
two
implementations
may
decide
to
reject
these
pull
requests
because
it's
like
you,
know
too
much
complexity,
but
I
do
see
a
niche
for
this.
You
know
it's
just
easy
and
not
super
harmful.
So.
I
Hello
only
here
only
today,
two
drafts
for
the
price
of
one
next
slide.
Please,
so
you
might
have
seen
the
first
draft
on
the
list.
So
what's
the
problem
here?
First
of
all,
before
people
start
worrying
about
slack
versus
DHCP
discussion.
It
has
nothing
to
do
we're
not
talking
about
how
hosts
get
addresses
where
address
is
coming
from.
Let's
just
look
in
the
normal
operating
system,
like
your
MacBooks
here
on
this
network,
it
most
likely
will
have
at
least
three
addresses.
I
Yesterday,
in
Pay
energy,
it
was
some
transport
people
talking
about
the
research
and
suggestions
and
thoughts
about
how
multiple
addresses
would
be
very
like
interesting,
different
different.
How
they
could
make
our
life
in
V6
were
all
different
from
before.
Also
we
already
published
on
RFC,
which
was
explicitly
not
recommending
to
limit
number
of
V6
addresses
per
host.
So
next
slide,
please
well
meantime.
I
Obviously
not
everyone
reads
the
Tariff
C,
because
some
layer,
2
devices,
which
are
trying
to
be
way
too
smart,
do
put
some
hard-coded
limits
into
a
number
of
IPv6
addresses
per
mark.
Mostly
it's
devices
doing
Savvy
or
NDP
proxy,
and
the
problem
is
limit.
Is
there
the
limit
is
hard
coded
and
you
have
no
idea
when
that
limit
got
reached
because
it
just
quietly
start
dropping
some
addresses
not
actually
necessarily
the
unused
ones.
In
some
cases
itself.
Just
another
address
and
you
I
see
new
one
I
cannot
install
it.
I
I
drop
it
on
the
floor,
so
troubleshooting
becomes
very
like
entertaining
so,
and
when
you
talk
to
those
vendors
they're
like,
oh
really,
you
need
more
okay.
We
can
give
you
more
so,
which
normally
indicates
they
just
had
no
idea
what
the
limit
should
be,
so
they
just
picked
up
a
reasonable
number.
So
I
was
thinking.
Some
guidance
might
be
needed
next
slide.
Please
so
problem
number
one
we
have
hard-coded
number.
So,
let's
raise
it.
I
The
draft
currently
saying
20
I'm
not
like
it
was
just
a
run
number
taken
from
7934,
but
I
guess
we
can
talk
about
what
number
should
be
reasonable?
It
should
be
definitely
more
than
seven
and
if
it's
too
high
for
you
to
low
for
you,
I
think
it
should
be
configurable
I.
Think
it's
reasonable
demand
well
and
I
as
an
operator
I
would
love
to
know
when
that
happens.
So
I
don't
spend
time
getting
a
packet
captures
from
five
different
places
in
the
network.
I
I
I
Maybe
we
can
keep
an
almost
unlimited
number
of
addresses
per
host
without
putting
any
scalability
stress
on
the
devices
sure
last
night
I
submitted
a
draft
which
might
talk
about
long-term
solution,
which
basically
said:
let's
do
64
per
host,
but
not
an
array
because
I
don't
know
how
many
implementations
on
the
router
couldn't
do
that.
But
let's
use
existing
mechanisms
which
called
prefix
delegation.
I
So
your
host
could
request
slash
64,
and
that
means
your
network
infrastructure
will
get
just
one
route
pointing
two
link
local
address,
so
it
basically,
it
will
scale
to
number
of
hosts,
not
number
of
addresses.
It
will
give
you
the
things
which
a
lot
of
people
wanted,
an
ability
to
say
which
device
was
using,
which
address
the
whole
64
is
your
device,
and
it
also
has
some
fate
sharing,
because
these
are
all
addresses
work
or
none
of
them.
I
J
Subscription
so
thanks,
Jen
I
think
the
problem
you
have
is,
like
you
know,
really
a
valid
problem
to
solve,
and
the
20
number
I'm
not
sure
like
there's
some
Hardware
limitations
on
some
of
the
routers
I
think
we
need
to
figure
it
out
and
generally
I'm
supportive
of
this
work
right,
but
I
think
maybe
there's
other
mechanisms
needed.
We
can
probably
have
an
offline
chat
about
it,
but
something
to
indicate
like
failure
right
like
that.
This
is
happening
I.
J
Whatever
number
you
increase
it
to
20
200,
whatever
I
think
somebody
might
hit
that
issue
in
the
future.
So
I
think
we
probably
need
a
failover
mechanism
for
that.
So
thanks
do.
J
Ahead,
yeah,
I
I
think
I
was
I,
wanted
to
finish
by
11,
so
I
was
done
so
Warren
did
you
want
to
add
anything
to
that
same
thing
or.
J
No
I
just
said
like
we
need
a
protocol
mechanism
to
Signal
this
failure
like
in
addition
to
this,
so
something
probably
in
six
man,
so,
okay,
I'm
I'll,
just
like
do
a
straw.
Man
right
the
straw.
Man
would
be
some
icmp
message,
V6
message
which
says
like
no,
you,
like
you
know,
I
ran
out
of
ND
cash
entries
for
you,
like
I,
don't
know!
J
Well,
if
I
come
up
with
a
message
right,
I
I
know,
I
need
to
think
a
little
bit
more
through,
like
you
know
what
attack
vectors
this
enables,
but
that's
kind
of
what
I
was
thinking.
Okay,
saying
that
I,
you
may
not
use
this
address
anymore
right,
I
know:
Lorenzo
is
going
to
be
pissed.
That
router
can
say
that
to
a
host,
but
we
need
to
somehow
say,
like
you
you're
past
you're,
welcome.
M
I
J
Right,
no
I,
I,
I
I
got
it.
What
I'm
saying
is
I?
Don't
like
this
to
be
a
silent
failure,
because
right
now
it's
a
silent
failure
that,
like
this
thing,
you
cross
your
ND
cash
entries,
whatever
limit
right
and
there's
no
indication
from
the
router
like.
But
this
is
not
an
indication
to
stop.
It's
like
a
router
saying.
I
cannot
do
this
right,
which
which
could
be
taken
as
like
a
just
an
indication
like
if
you
don't
want
to
do
anything
with
that.
J
I
So
I
think
there
are
two
things
here.
First,
there
is
no
reason
of
sending
an
alarm
if
it's
not
action,
not
actionable
right.
If
device
cannot
use
it,
what
it
just
fails,
so
it
fails
anyway.
That's
why
I'm
saying
we
need
to
log
this,
so
an
operator
deals
with
this
right,
not
necessary,
Hoster,
yeah
and
secondly,
long-term
Solutions
should
deal
with
it.
I.
J
I
got
it
it's
the
second
draft,
exactly
so.
The
second
draft,
as
well
I
just
wanted
to
put
in
a
point
the
3gpp
already.
Does
it
right,
like
so
I,
think
there's
an
ietf
recommend
addition
to
3gp
saying
for
every
host
give
them
a
slash
64
for
themselves
right,
so
I,
don't
think
we
need
to
like
make
a
big
stretch
from
there
to
say
like
give
it
to
everybody.
So
I'm
sure
there's
like
issues
like
implementing
this
on
a
Wi-Fi,
AP
or
something
but
I
think
I'm
I'm
two
thumbs
up
for
that
idea.
Thanks.
U
C
Kamari
with
no
hats,
so
your
first
set
of
discussions
draft
you
were
talking
about
I've
got
a
little
D-Link
router
at
home.
It's
got
the
world's
smallest
tcab.
Apparently
it
can
deal
with
like
four
addresses
per
host.
Woohoo
is
it?
Would
it
be
a
compliant
with
your
new
thing
like
if
the
hardware
seriously
cannot
support
well.
I
O
Okay,
everything
two
points:
I
mean
increasing
the
numbers
of
a
bb60
series
per
Mark,
we'll
present
some
challenges
right
regarding
the
multicast,
notably,
it
all
depends
upon
the
number,
but
also
if
it's
the
AP,
which
enforce
this
limit
or
is
it
the
router
which
is
behind
the
AP?
And
of
course
we
need
to
increment
the
numbers
of
IPv6
addresses
permac
address
on
both
sides
right
anyway,
you
know
this
as
I
know.
Regarding
this
this
slide
and
using
a
slash
64
via
prefix
delegation.
This
is
kind
of
cool.
O
Of
course
it's
solved
many
problems
except
the
Privacy
one,
because
if
you
use
multiple
pv6
addresses
right
is
to
provide
you
with
privacy
once
the
Mac
addresses
disappear
right
over
the
internet,
you
use
five
or
ten
different
V6
Services.
We
cannot
say
it's
you
now,
if
you're
using
a
slash
64,
we
know
it's,
you.
I
M
M
We
can
maybe
sort
of
do
that
with
ipv4,
but
they
can't
receive
any
packets
right
and
and
if
we
wanted
to
basically
give
these
things
incoming
connectivity,
it
really
wouldn't
work
because
you'd
like
bust
and
that's
like
port
forwarding
tables
right.
So
this
is
really
something
that
it's
it's
going
to
be
a
substantial
improvement
over
what
we
can
do
in
ipv4
and
I.
M
B
Thank
you
folks,
I
will
have
to
ask
you
to
take
the
XU
to
the
list
because
we
are
already
eight
minutes
late.
So
we'll
move
on
to
the
last
presentation.
U
U
So
what
did
we
do?
2014?
We
deployed
virtual
servers
that
only
have
V6
nobody
bought
them
because
they
can't
talk
to
anything
and
it's
not
very
useful.
U
So
over
the
next
couple
of
years
we
decided
that
what
we
were
going
to
do
was
deploy
an
actual
application
that
functioned
and
was
useful.
Underpaying
customer
would
buy
that
only
used
V6
on
the
virtual
server.
So
we
added
some
things
to
the
network.
U
So
you
get
not
six
four
and
dns64,
so
you
can
talk
outbound
to
other
things
and
we
implemented
a
proxy
service
that
automatically
configures
HTTP,
https
inbound
and
a
few
other
SSL
based
protocols
and
and
so
on,
a
VM.
You
can
have
a
V4
address
optionally,
but
you'll
get
a
slash
64
of
V6
space
and
that's
what
we
currently
do
now
slide.
Please,
and
the
first
thing
we
learn
is:
dual
stack:
is
rubbish?
U
I
hate,
dual
stack,
I'd
like
it
to
go
away?
If
you
just
have
to
configure
everything
twice,
you
have
to
configure
firewalls
twice.
You
have
to
do
your
connectivity
twice.
So
all
of
our
management
layer
supports
V6
for
everything.
U
So
for
any
application,
where
we
can
turn
off
V4,
it's
less
configuration
and
less
work,
and
we
get
to
conserve
the
V4
address,
which
makes
it
cheaper.
So
don't
do
dual
stack
if
you
can
possibly
avoid
it,
go
straight
to
B6
excellent,
please!
U
So
what
doesn't
work
email?
U
U
However,
the
large
providers
have
fixed
this
email,
doesn't
work
from
V4
either
these
days,
so
whatever
you're
gonna
forward
it
through
someone
else,
and
as
long
as
your
MX
relay's
got
V6,
you
give
it
to
them
and
hand
it
over
FTP
and
web
developers
like
FTP.
That
really
doesn't
work
very
well
V6
only
because
you
can't
forward
it
from
a
V4
address.
U
Turn
it
off
fine,
whatever
Hadoop,
there's
a
few
other
distributed
things
that
don't
work,
there's
more
applications
that
assertive
E4
in
the
way
they're
built.
So
those
you
have
to
have
V4
addresses,
we
can't
run
those.
Yet
what
doesn't
work
very
well.
U
U
There's
Network
address
translation
everywhere,
so
a
whole
load
of
the
firewalling
tools
and
stuff,
don't
work,
which
is
a
shame,
because
Docker
is
the
absolute
perfect
use
case
for
V6,
because,
rather
than
having
to
implement
an
overlay
network
from
one
of
the
multiple
alternative
sources
of
overlay
networks,
you
could
just
give
it
a
V6
block
and
let
everything
talk
to
each
other
out
of
the
box
and
it
would
all
work.
U
Snap
applications
deployed
in
snaps
on
Ubuntu
will
frequently
refuse
to
download
themselves
over
V6
and
basically
there's
a
lot
of
applications
that
will
prefer
V4
over
V6,
because
V4
always
works
and
a
bunch
of
those
you
can
fix
by
just
breaking
V4
completely.
If
you
don't
give
them
a
records
back,
they
will
eventually
decide
to
connect
over
V6
and
work.
Add
some
please
so
when
we
did
our
first
implementation,
what
did
we
get
wrong?
U
U
So
now
we
give
every
customer
a
slash
48
if
they
want
it
and
you
get
a
64
per
host.
So
each
host
is
individually
blockable
by
internet
block
lists
and
renumbering.
This
was
not
a
great
deal
of
fun
filtering.
This
is
probably
one
of
the
biggest
pain
points
when
you're
on
a
V6
only
server
the
whole
of
ipv4
appears
to
come
from
one
IP
address.
U
So
when
you
get
denial
of
service
from
a
bunch
of
V4
things,
it
all
comes
in
from
the
same
V6
address
and
separating
the
traffic
out
to
selectively
block
malicious
hosts
is
really
hard
and
you
can
quite
easily
accidentally
block
the
entirety
of
V4
and
today,
that's
much
less
of
a
problem
than
it
used
to
be
because
substantial
fractions
of
your
traffic
coming
over
V6
and
accidentally
dropping
half
your
traffic
is
a
lot
less
embarrassing
than
dropping
all
of
it.
U
So
and
if
all
the
web
applications,
which
is
the
majority
of
what
we
deal
with
what
this
means
is
you
need
to
pass
the
V4
address
through
using
proxy
protocol
and
then
Apache
filters
in
the
Apache
config,
rather
than
doing
it
more
quickly
at
the
firewall
level
on
your
host
machine,
which
is
a
little
annoying,
but
it
kind
of
works
next.
One
please.
U
So
we've
got
a
proof
of
concept:
proxy
implementation
that
takes
an
entire
four
billion
V6
addresses,
and
so
when
it
proxies
the
address
back
to
you,
it
embeds
the
source
V4
address
in
the
V6
address,
so
the
traffic
comes
on
and
then
you
can
use
your
firewall,
because
every
single
V4
address
appears
to
come
from
a
different
V6
address
out
of
the
proxy,
which
is
very
much
like
not
six,
four
in
reverse,
so
We've
embedded
the
destination
port
number
we're
not
sure
if
that's
a
good
idea
or
not,
but
basically
we
really
need
to
get
this
built
into
proxy,
which
is
what
we
use
for
our
proxy
service.
U
And
then
every
V4
address
looks
like
a
V6
address
and
all
of
your
V6
filtering
tools
work
better.
So
that's
coming
next
more
things
that
went
badly
large
on
link
prefixes,
don't
work
very
well.
U
If
you
give
your
customer
a
slash
64
that
you
can
use
a
different
IP
address
for
every
single
outgoing
connection
they
ever
make,
and
they
do
this
to
try
and
avoid
other
people's
rate
limits
and
that's
really
painful
and
even
if
they
do
it
across
your
land.
You
know
just
being
scanned
continuously
from
vast
numbers
of
V6
addresses
appearing.
U
Similarly,
when
people
scan
your
address
space
inbound
and
try
and
enumerate
what's
up
there
in
a
slash
64
and
you
spend
the
entire
time
trying
to
enable
discover
who
is
actually
using,
these
V6
addresses
that's
pretty
bad
next
slide
and
basically
it
comes
down
to
the
fact
that
a
slash
64
doesn't
fit
in
Ram.
You
can't
maintain
a
complete
64
of
V6
to
MAC
address
mappings.
U
There's
lots
of
exciting
things
you
can
discover
in
the
Linux
Network
stack
about
what
happens
when
a
garbage
collects
all
of
this
stuff.
You
can
stall
your
inbound
Network
for
tens
of
milliseconds,
maybe
even
a
hundred
and
anyone
in
the
same
layer,
2
domain
is
you
can
force
you
to
neighbor,
discover
billions
of
addresses
and
that's
really
annoying
next
one,
please
so,
which
gets
back
to
the
question
of.
Why
do
we
do
neighbor,
Discovery
or
even
art
for
that
matter?
U
And
basically
it's
to
turn
a
V4
or
V6
address
into
a
MAC
address,
but
we've
got
a
billing
database.
That
already
knows
where
every
address
can
go
to
in
our
Network
and
for
security
reasons.
If
we
get
an
answer
from
a
machine
that
doesn't
match
what
our
billing
database
thinks,
we
should
throw
it
away
because
our
security
violation,
so
why
do
we
actually
do
this
at
all
next
slide?
Please?
U
So
now
we
don't
mostly
all
of
our
switches,
know
all
of
the
link
local
addresses
of
all
of
our
V6
address
blocks
and
our
bgp
Daemon
running
on
the
switch
is
bird.
It
knows
about
all
the
V6
ranges
attached
to
all
the
customers.
So
as
soon
as
the
link
comes
up,
it
advertises
out
and
says:
I've
got
this
like
slash
64..
U
You
can
read
me
traffic
over
here
and
it
hands
it
all
to
the
link
local
address
and
we
don't
need
to
do
enable
discovery
next
slide,
and
so
essentially,
everything
on
our
network
is
now
migrating
to
completely
layer.
Three
every
link
has
point
to
point
everything
is
rooted.
U
We
don't
want
to
care
about
having
multiple
things
on
the
same
Layer
Two
segment.
There
is
one
thing
we
know
it's
link
labor
address,
link
local
address,
we
root
to
it,
and
two
of
our
five
data
centers
are
in
the
are
now
basically
enabled
with
this,
and
the
rest
are
being
worked
round
over,
probably
the
next
six
to
12
months.
Next
slide,
please.
U
This
is
infrastructure
that
Mythic
beasts
manage
ourselves
and
customers
who
are
on
servers
that
we
manage
for
them,
or
we
provide
some
level
of
management
and
security
updates,
and
so
on
about
a
quarter
of
them
are
still
V4
single
stack
a
little
over
a
quarter
of
dual
stack
and
just
under
half
our
V6
single
stack,
which
is
obviously
really
good
news.
We've
come
a
really
long
way
next
slide
next
one,
unfortunately,
that's
not
quite
as
good
as
it
seems.
U
The
V6
only
ones
are
newer
and
typically
tend
to
be
simpler,
and
one
of
the
reasons
for
that
is
because
V6
addresses
are
free.
You
tend
to
spin
up
more
servers
because
they
don't
have
a
V4
tax
cost
attached
to
them,
and
so
you
get
distributed
applications
rather
than
monoliths,
with
lots
of
things
running
on
the
same
before
address
so
the
there's.
So
you
know
a
good
like
25
of
that.
U
V6
graph
is
actually
one
application
that
we
just
run
hundreds
and
hundreds
and
hundreds
of
identical
copies
of,
whereas
the
V4
every
one
of
those
is
a
special
Snowflake
and
needs
a
little
bit
of
help
next
one
please
and
turning
off
Legacy
things
is
really
hard,
so
we've
got
three
percent
of
our
Visa.
Four
servers
are
due
to
go
by
the
end
of
the
month.
This
is
a
Centos
5,
build
that
we
deployed
in
2017
when
sensor
5
went
end
of
life
as
a
six-month
migration
project.
U
To
move
on
to
the
newer
stack
that
our
customer
was
using,
which
finished
in
September
2022
and
overrun
of
four
and
a
half
years
on
a
six-month
project.
So
turning
off
your
V4,
only
things
is
very
hard.
They
are
going
to
be
here
for
a
really
long
time
and
in
sorting
this
talk
out.
I
found
we've
actually
got
some
of
our
public-facing
things
that
are
still
V4.
Only
that
we
hadn't
noticed
so
I
need
to
finish
auditing
and
fixing
all
of
those.
U
So
they
are
all
dual
stack
next
one
please
so
yeah
V4
is
all
always
going
to
be
here.
Some
things
are
too
expensive
and
too
hard
to
migrate
to
V6.
We
just
did
a
new
V4,
only
setup
on
behalf
of
they're,
not
technically
a
bank
but
basically
they're
a
bank.
U
It
does
Swift
transactions,
which
are
some
extra
for
V4.
They
were
fine
they're,
a
bank
they're
never
going
to
run
out
of
money.
If
we
charge
them
a
hundred
dollars
a
month
for
every
V4
address
they
used,
they
would
be
fine
with
that
next
slide,
please
so,
which
gets
you
into
a
chat
from
Finance
side.
This
is
not
Financial.
Advice.
U
Do
not
take
my
advice
on
finance
use
proper,
like
qualified
people
and
whatever,
when
we
started
V6
only
in
2014
we
set
the
price
of
a
V4
address
at
two
pounds
a
month,
because
it
seemed
like
a
good
number
that
was
just
enough
that
most
people
wouldn't
moan
about
having
to
pay
it
and
the
other
half
would
get
really
angry
and
turn
off
feeful,
which
is
what
we
were
aiming
for
next
slide.
This
appears
to
have
become
relatively
standard
Amazon
3.60
a
month
as
your
260
Google
288.
It
varies.
U
Interestingly,
on
the
access
side,
it's
a
bit
cheaper,
Zen,
internet's
83p
a
month,
so
but
basically
yeah
you're,
looking
pound
couple
of
dollars
a
month
for
a
V4
address
next
slide.
Please!
U
If
you
go
and
talk
to
someone
who
works
in
finance,
they
have
very
interesting
things
to
say
about
this,
because
people
who
run
Pension
funds
by
government
bonds
and
they
get
three
and
a
half
percent
back,
whereas
today
you
can
buy
an
IP
address
on
the
open
market
for
fifty
dollars
and
rent
it
for
two
dollars
a
month
netting
you
a
48
return.
U
U
Which
is
worth
thinking
about
now,
obviously,
ipv4
addresses
have
higher
risk
attached
to
them
from
government
bonds,
because
governments
always
pay
their
debts
and
everyone's
going
to
move
off
E4.
So
you
know
you
need
a
higher
rate
of
return,
but
doesn't
need
to
be
10
times
as
good
would
double
be
good
enough.
You
know
who
knows
so
yeah,
that's
one
to
think
about
next
slide,
and
this
also
comes
on
to
some
thoughts.
This
is
a
fictional
tier
one.
Isp
there's
figures
are
not
that
different
from
a
couple
of
real
ones.
U
Enterprise
Value
is
the
cost
of
buying
all
the
shares
in
your
ISP
and
paying
off
all
of
its
debts.
Three
billion
dollars
will
buy
you
a
tier
one,
ISP
roughly
and
get
you
30
million
IP
addresses,
which
works
out
at
a
hundred
dollars,
an
IP
address.
U
If
you
can
get
ipv4
addresses
to
120
dollars,
you
could
buy
the
entire
ISP,
sell
the
IP
space,
clear
yourself,
what
60
no
600
million
dollars
and
throw
away
your
Tier
1
ISP
next
slide,
which
takes
you
to
Wall
Street,
where
of
course,
the
key
plot
point
in
the
film
from
the
80s
is
Gordon
the
gecko
spots.
The
pension
fund
has
more
money
than
it
needs
to
pay.
The
pensioners
buys
the
airline
shuts
it
and
steals
the
money.
Is
that
going
to
happen
to
some
isps
out
there?
U
Someone
did
point
out
the
last
time.
I
said
this
that
it's
very
hard
to
buy
a
Raspberry
Pi
zero
for
five
dollars.
Only
more
due
to
supply
constraints,
to
which
my
response
is
I
am
prepared
to
bet
that
more
Raspberry,
Pi
zeros
will
come
out
of
the
Raspberry
Pi
zero
Factory
than
ipv4
addresses
come
out
of
the
ibb4
address
Factory.
U
So
next
slide,
so
we
built
a
Raspberry
Pi
Cloud,
that's
a
lot
of
Raspberry
Pi
4S
in
an
enclosure.
Those
are
much
more
expensive,
Raspberry
Pi's
they
cost
35
or
even
55,
for
some
of
them,
so
still
the
same
cost
as
the
V4
address
roughly,
and
you
start
racking
them
up
and
stacking
them
in
racks
next
slide,
and
they
start
to
look
like
this.
You
have
some
fans
on
the
back
to
keep
them
cold
and
a
lot
of
Poe
switches
in
order
to
give
them
power
and
network.
U
They
have
one
wire
to
each:
they
all
net
boot.
They
talk
to
a
file
server
and
what
you
can
see.
There
is
right
on
the
bottom,
with
all
the
ugly
wires.
That's
the
pi
3,
the
previous
model
that
doesn't
stack
quite
so
close,
the
all
the
top
ones,
the
pi
fours.
That's
384
servers
in
nine
year
of
Rackspace
next
slide.
Please
so
3u
chassis!
You
mount
two
of
them
back
to
back
96
Pi
fours
each
one
of
those
is
a
quad
core
machine
with
eight
gig
of
RAM.
U
You've
got
a
couple
of
48
Port
switches
for
reasons
of
compatibility
with
the
pi
3.
Although
this
might
be
solved
in
the
newest
firmware
released
in
the
pi
4,
it
only
does
V4
for
the
first
stage
of
net
boot,
so
we
give
it
a
tiny
amount
of
RFC
1918
space
to
get
to
the
NFS
file
system.
So
you
can
boot
the
thing
we
can't
afford
to
give
these
a
V4
address
each
because
the
V4
addresses
are
the
same
price
as
the
computers.
U
So
we
thought
about
it
and
we
said
right,
no
V4
we're
just
not
doing
it.
You
can't
have
V4.
All
external
communication
has
to
be
V6
next
slide.
We
do
lose
some
customers.
These
are
some
complaints
from
people
who
have
sent
this
on
sport,
which
basically
says
I'm
canceling
this
because
it
doesn't
have
V4
Rara
I,
don't
want
it,
which
is
fine.
Okay,
buy
a
different
service
that
costs
more
next
slide.
Please
biggest
secure
biggest
support.
Query
we
get.
Is
lots
of
people
go
I've
got
server
on
the
internet.
U
I
immediately
need
to
secure
it.
Let's
immediately
configure
a
super
secure,
ipv
firewall
things
you
can
firewall
your
file
system,
that's
it
the
only
thing
you
can
firewall.
This
does
not
end
very
well
so
yeah,
there's
a
bit
of
explaining
that
you
need
to
make
an
Implement
a
V6
firewall.
Please
don't
Implement
a
v41
that
will
not
help
next
slide.
U
So
back
to
some
of
those
badly
behaved.
Applications
node.js
hosts
file
work
around
is
the
easy
way
to
do
a
bunch
of
these.
You
put
some
static
entries
in
your
host
file
and
then
node
will
not
get
an
A
required.
A
will
not
get
an
A
record
for
a
DNS
query,
so
it
won't
know,
V4
is
available
and
that
will
force
it
to
use
V6
and
it
will
connect
out
and
go
and
download
the
bits
and
pieces
it
wants,
because
basically
the
implementation
sees
it.
U
It's
got
a
RFC
19
address
on
the
host
and
V4
always
works,
so
you
should
always
prefer
that
even
environments
when
it
doesn't
so
now
no
package
manager
fastly
provides
dual
stack
for
all
the
package
downloads.
You
have
a
V6,
only
Raspberry
Pi
and
it
still
won't
download
over
V6
because
it
wants
to
use
V4
because
it
thinks
that
that's
more
reliable
next
slide
so
trying
to
work
out
what
to
do
about.
Some
of
these.
U
U
There's
a
library
called
tnap64
which
basically
intercepts
all
of
your
open,
socket
connections
and
forces
them
out
over
V6.
In
theory,
it's
not
supposed
to
intercept
ones
to
127,
not
not
one,
but
last
time
I
tried.
This
I
kept
having
problems
with
that
and
it's
really
annoying.
If
your
application
now
can
talk
to
all
the
other
things
it
needs
to
talk
to
on
the
internet,
but
can't
talk
to
its
database
server,
that's
on
the
same
machine
and
painfully
see
that
the
tour
Anderson
wrote
a
sea
light
implementation
for
Linux.
U
You
install
it
and
V4
magically
works
in
your
V6.
Only
server
and
all
of
your
applications
do
not
need
to
be
educated.
That
they're
in
a
new
network
environment
I,
would
daily
like
to
fix
all
the
applications,
but
as
a
work
around
this,
this
gets
you
going.
So
maybe
we
need
to
install
this
by
default,
possibly
next
slide.
U
So
next
question
I
get
this
a
lot
like.
This
is
a
toy
right.
No
one
would
seriously
use
this
for
anything.
So
there's
25
million
raspberry
pies
that
are
in
industrial
applications.
U
U
Some
people
want
to
spend
a
load
of
them
up
on
demand
for
various
things
distributed
computing
systems
like
actually
having
real
computers.
Not
virtual
ones
has
advantages
in
research,
so
people
do
that
next
slide
and
the
most
exciting
one
is
pi
Wheels.
This
came
out
of
the
International
Space
Station,
the
International
Space
Station
has
some
Raspberry
Pi's
on
it
for
kids
to
do
scientific
research
projects,
they
all
need
numerical
python.
U
Numerical
python
is
a
massive
C
library
that
goes
into
Python
and
it
takes
two
and
a
half
hours
to
compile
on
a
pie
which
really
slows
down
the
whole
thing.
So
what
you
want
to
do
is
pre-compile
it
and
distribute
it,
and
that
project
got
out
of
hand
Ben
who
ran
it,
decided
to
pre-compile
every
python
module
for
every
python
version
for
the
Raspberry
Pi
and
make
it
into
a
service
that
it
just
downloads
binaries
to
speed
everything
up.
U
This
is
done
entirely
in
our
Raspberry
Pi
Cloud.
It's
all
natively
compiled
because
cross
compilation
is
no
fun
and
it
does
all
the
distribution
from
the
Raspberry
Pi
Cloud
as
well,
and
it
all
goes
through
our
V4
V6
proxy
service
to
all
the
people
who
don't
have
V6
at
the
end.
Next
slide.
Please
and
it
does
north
of
a
million
packages
a
day
being
downloaded
right.
That's
a
real
application
with
a
lot
of
end
users
running
V6
only
in
a
Raspberry
Pi
environment.
U
So
you
can
use
this
for
production
things
and
we
don't
know
how
many
other
people
now
depend
on
this
working
in
order
that
their
continuous
integration
and
build
and
everything
in
their
offices
relies
on
next
slide.
Please
also.
We
have
desktop
users
who
don't
know
they're
running
in
a
nat64
environment
because
they
just
spin
up
a
desktop
in
our
Raspberry
Pi
cloud
and
the
internet
kind
of
works,
and
you
can
go
to
websites
and
so
on.
U
So
we
have
another
set
of
users
there
next
slide,
please
anyone
heard
of
a
thing
called
Mastodon
last
week.
This
would
have
been
an
entertaining
question
but
probably
more
hands
today,
yeah
yeah,
and
that
became
a
thing
since
I
wrote
the
slides
and
arriving
here
so
I
had
to
add
something
very
quickly.
Yesterday,
it's
a
decentralized
micro
blogging
platform
like
basically
it's
Twitter,
but
without
a
mad
founder
and
it's
suddenly
become
extremely
popular
and
every
Mastered
on
server.
U
You
run
your
own
instance
of
Mastodon,
or
you
use
someone
else's
instance
and
they
Federate,
so
they
all
have
to
talk
to
each
other.
So
that
means
suddenly.
We've
got
an
application,
that's
using
thousands
and
thousands
of
servers
that
all
need
to
communicate
with
each
other.
So
they
all
need
V4
addresses
next
slide
and
it
turns
out
that
again
is
this:
a
toy,
a
geek
project.
This
bloke
called
Stephen
Fry,
apparently
he's
quite
famous
he's
migrated
and
turned
off
his
Twitter
account,
so
suddenly
There's
real
users,
actual
departments.
U
You
know
money's
about
to
turn
up
next
slide.
U
U
Only
services
use
our
inbound
proxy
for
V4,
because
it's
all
https
and
then
use
dns64
and
that
six,
four
and
C
like
D,
because
it's
built
on
node.js
and
you
can't
Etc
host
file
work
around
every
server
that
gets
sprung
up
in
every
three
minutes.
So
you
know
it's
a
bit
of
a
pain.
U
However,
some
other
people,
some
of
whom
are
also
customers
about
us,
have
already
started
submitting
bug
fixes
to
get
this
to
work
in
a
pure
dns64.964
environment,
which
is
which
is
nice.
There
are
enough
people
running
this
in
a
V6,
only
environment
that
they're
starting
to
submit
software
bug
fixes
because
fundamentally
the
people
who
started
using
this
are
techies
and
cheap.
So
they
don't
want
to
pay
for
V4
addresses
if
they
don't
have
to
and
fixing
source
code
is
easy.
So
that's
there's
some
of
those
out
there
already
next
slide.
U
So
this
guy
called
Alastair
Allen.
He
works
for
Raspberry
Pi
in
the
social
media
team
and
he
said
we
want
to
run
our
own
Mastered,
on
instance,
just
for
Raspberry
Pi,
and
we
want
to
run
it
on
a
Raspberry
Pi
as
our
production,
social
media
application.
For
a
company
with
half
a
million
Twitter
followers,
let's
see
how
many
we
get
on
this
service.
U
That
was
the
brief
we
got
at
11AM
on
Monday
morning
and
we
went
production
at
10
A.M
on
Wednesday,
which
was
a
little
quicker
than
we
were
really
aiming
for,
but
yeah
so
Raspberry
Pi's
production,
social
media
is
sat
in
our
PI
Cloud
running
on
a
Raspberry
Pi
in
a
V6,
only
environment,
to
talk
to
Mastodon,
which
is
a
massively
exploding.
U
Social
media,
Network
and
no
V4
is
used
anywhere
in
the
whole
thing
directly
and
we
can
keep
spinning
out
more
and
more
of
these
and
add
more
massive
on
instances
and
we
don't
need
to
consume
any
V4
addresses
all
the
V6
traffic
goes
direct.
The
V4
stuff
gets
proxied
and
gets
slightly
slower
paths
or
possibly
gets
pulled
around
thanks
slide.
U
So
yes,
and
the
thing
that
comes
with
this,
is,
if
you
solid
Place
V6
on
a
VM
or
on
a
Raspberry
Pi,
it
costs
less
than
eight
pounds
a
month,
which
is
suddenly
a
very
significant
pricing
number
thanks
to
a
little
little
blue
tick,
costing
eight
dollars
a
month,
but
yeah.
The
important
point
from
our
point
is:
we
can
keep
deploying
these
without
consuming
our
remaining
V4
space.
U
Our
ability
to
sell
Mastodon
servers
is
not
limited
by
rv4
space,
which
is
good
because
we
can't
get
any
more
of
that,
and
the
other
thing
is:
there's
a
load
of
V4
only
Mastodon
out
there
and
we
don't
care.
We
don't
need
them
to
migrate.
They
can
stay
V4
forever
if
they
want
to
or
they
can
migrate.
It's
up
to
them.
We're
not
compelling
other
people
to
move,
and
we
don't
need
them
to
move
in
order
to
enable
our
service
and
next
slide
please.
U
So
this
gets
onto
the
question
that
I
got
asked
at
ripe,
which
is
how
do
we
get
more
Network
engineers
and
more
people
trained
to
build
applications
and
understand
that
they're
working
in
V6
only
environment?
So
my
first
thought
was
it'd,
be
really
nice
to
just
have
a
completely
simple
setup
where
you
have
an
image
through
a
Raspberry
Pi.
U
The
other
one
is,
of
course,
is
Retina
Raspberry
Pi
desktop
in
our
cloud,
and
you
get
that
by
default,
some
people
haven't
noticed
and
the
next
training
exercise
is
going
to
be
build.
Your
own
V6,
only
Mastodon
server
and
join
the
federverse,
which
we've
got
sometime
next
week,
an
article
with
a
tutorial
on
how
to
do
that
coming
out,
and
this
is
what
will
hopefully
start
to
drive
the
software
people
to
understand
that
V6
is
a
thing.
U
V6
engine
environments
exist
and
your
software
does
need
to
work
in
those,
because
the
application
side
is
the
barrier
more
than
the
network
side
from
where
I
set
next
slide.
U
U
I
haven't
really
tested
it
properly
on
V6,
but
really
I
do
want
V6
pixie
Boot,
and
that
means
when
my
server
turns
on
I,
want
to
see
its
Mac
address
and
give
it
a
V6
dress
in
the
simplest
way
possible
and
it's
the
MAC
address
I
care
about,
because
I
already
know
what
the
MAC
address
of
the
server
is
and
that's
the
thing
that
tells
me
what
address
it
needs
to
get
so
ultimately,
I
need
a
file
with
Mac
address,
V4
address,
V6
stress
and
the
ability
to
remove
the
V4
addresses.
U
That's
what
I
want
going
forward
next
slide,
please.
As
mentioned
I've,
already
removed
layer
2
from
all
of
my
new
network
everything's
point
to
point,
which
means
my
switches
are
running:
a
DHCP
full
server.
Already
it's
a
very
small,
very
simple:
the
HTTP
full
server,
because
all
it
says
is
that
Mac
address
gets
this
V4
address
and
this
Netbook
details
and
that's
the
only
answer
it
ever
gives
because
it
doesn't
have
to
manage
leases
because
everything's
completely
static.
U
Do
I
need
to
do
this
for
V6.
Do
I
need
to
write
the
HTTP
6
server
that
just
says
hello,
Mr,
dhbs6,
here's,
your
V6
address,
here's,
how
you
net
Boot
and
just
Carries
On!
So
that's
the
thing
I
would
really
like.
If
someone
would
build
me
one
of
those
next
one
and
that's
it
a
brief
summary
to
what
it's
like
trying
to
operate
in
a
V6
only
world
when
you
have
to
deal
with
like
customers
and
people
with
arbitrary
demands.
U
R
Hi
David,
thanks
for
the
talk
you
said,
you
went
fully
L3
so
down
to
the
host
I.
Imagine
are
you
running
a
bgp
service
or
like
a
route
reflector
on
each
of
your
hosts.
U
We
aren't
running
beat
not
unless
the
customer
has
their
nasn,
which
some
of
them
do
so
our
hosts
just
speak
as
normal,
and
when
the
interface
comes
up,
we
see
link
Discovery
happen
and
at
that
point
it's
going
to
have
a
link
local
address.
Then
we
know
what
that
is.
So
at
that
point,
a
process
on
the
switch
injects,
the
bgp
route
into
the
local
bgp
server,
which
then
floods
out
to
the
network
and
routing
happens.
Okay,
thank
you.
M
Oh,
it's
a
clearly
a
very
interesting
talk.
Thank
you.
A
couple
of
things,
the
the
pixie
boot
thing.
Could
you
do
slack
with
eui
64
addresses,
or
do
you
really
need
DCP,
because
I
mean
we
like?
The
nice
thing
about
like
eui
64
address
is
that
it's
predictable
and
it's
very
similar
to
the
MAC
address
so
I
don't
know.
U
U
M
A
couple
of
other
questions:
I
try
to
do
the
Raspberry
Pi
thing
myself:
I
got
paid
for
I,
wanted
it
to
sit
on
the
side
of
my
network
and
send
an
RA
with
the
96
of
the
of
the
natx4
prefix,
because
I
don't
control
my
home
Gateway,
so
I
wanted
to
plug.
In
my
Raspberry
Pi
advertise,
the
96
prefix
send
a
separate
array
with
the
pref64
option
so
that
you
know
basically
clients
would
just
see
it
and
they
were
just
getting
that
six.
M
Four
on
my
existing
Wi-Fi
network,
which
has
V6
it
has
native
V6
I,
failed
because
the
the
Raspberry
Pi
dependency
of
the
Dual
package
didn't
work,
but
okay,
I
guess
I'll,
try
again
right.
U
Yeah
I
mean
I'm
I
mean
it
doesn't
have
to
be
that,
but
basically
yeah
the
simplest
possible
way
to
get
a
964
Network
at
home
for
an
Enthusiast
would
be
a
really
useful
training
thing
to
do,
and
the
high
Advantage
is
there's
loads
of
them
kicking
around
in
boxes.
So
people
can
do
it
for
no
setup
fee.
M
Yeah,
because
there's
some
I
I
think
I
even
put
it
on
GitHub
there's
some
code
that
will
send
an
RA
with
a
with
an
s64
option.
It
doesn't
have
to
be
the
same
ra
that
the
production
Network
sends
you
can
just
like,
have
it
on
the
side
and
you
can
send
an
Rio
for
it
right
so
anyway,
we
can
chat
about
that
offline.
M
M
U
I'm
not
especially
worried
about
running
out
of
V6
space,
so
partly
because
a
company
I
acquired,
ran
into
the
V4
exhaustion
very
early
because
they
sold
very
cheap
VMS
and
they
future-proofed
themselves
not
by
actually
making
V6
work,
which
would
have
been
sensible,
but
by
acquiring
as
much
V6
space
as
they
could
so
I.
U
Think
I'm
sat
on
like
a
slash
27
of
V6
space,
which,
for
a
small
company
with
15
employees,
is
probably
probably
enough
for
a
bit
so
yeah
I
mean
I,
mean
ultimately,
I've
got
what
I
10
billion
servers
worth
of
V6
space,
and
so
it's
not.
It's
not
exactly
64
per
VM.
It's
a
slash
64.,
but
it
can
be.
But
customers
can
use
multiple
64
multiple
addresses
in
the
same
64
across
multiple
VMS.
U
So
it's
not
quite
as
wasteful
as
a
full
64.
Every
time
a
VM
gets
turned
on,
but
if
a
new
customer
turns
up
their
VM
gets
spun
up
and
they
get
handed
a
slash
64.
and
they
can
have
48s
on
on
request.
64.
M
N
Hi
you
mentioned
silati
yeah,
and
you
mentioned
it
needs
to
be
packaged
and
I
can
probably
get
that
into
Debian
as
I'm
a
Debian
developer
can.
U
U
I,
haven't
no
I
only
really
thought
about
this
on
Monday,
when
I
properly,
probably
put
it
in
to
make
a
master,
don't
go,
but
yeah
turn
it
into
a
Debian
package.
That
would
be
amazing.
Thank
you.