|
|
Subscribe / Log in / New account

Layers and abstractions

Layers and abstractions

Posted Mar 22, 2019 20:56 UTC (Fri) by Cyberax (✭ supporter ✭, #52523)
In reply to: Layers and abstractions by perennialmind
Parent article: Layers and abstractions

The problem is, IPv4 clients can't talk to IPng nodes without what amounts to NAT64. So even IPng-capable servers will be forced to remain on IPv4.

This makes everything even worse, a dual stack IPv4/ng client won't know which protocol to use to connect to a V4 address.

to post comments

Layers and abstractions

Posted Mar 23, 2019 4:29 UTC (Sat) by perennialmind (guest, #45817) [Link] (3 responses)

NAT is bound to be the fallback in any scheme. If you start there and negotiate up, you can have a smooth on-ramp. Under the options-can-work scheme, the initial packet in any given flow exits the border router with it's address information intact. That packet is effectively "dual stack". (A heisenpacket?) It's only when it lands at an unenlightened IPv4 endpoint that you are stuck with stateful nat. Stateless transformations I don't mind.

But even if you drop the stateful NAT option, under this scheme, or a 6to4-only-IPv6 phase, clients with mere IPv4 access can talk to the full IPng internet. For servers, there's no good reason not to opt-in to IPng.

I do agree that IPng-blind IPv4 hosts could only talk to IPv4 servers. But that just makes sense, doesn't it? If I fired up Netwcape 4, I'd be able to load webpages over SSL3, but not those that only support TLS 1.2+. I'd be able to load crusty.gif, but not snazzy.svg. The web has undergone gradual transitions, with ample consideration for legacy systems. IPv6 didn't do it that way.

Layers and abstractions

Posted Mar 23, 2019 6:53 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

> NAT is bound to be the fallback in any scheme.
Whatever system you end up will not be functionally different from dual stack IPv6 + IPv4 NAT.

This is what is happening right now - you still have legacy IPv4 infrastructure with NAT-ed clients and newer IPv6 infrastructure without NATs. They both live together side-by-side seamlessly, thanks to Happy Eyeballs RFC.

> But even if you drop the stateful NAT option, under this scheme, or a 6to4-only-IPv6 phase, clients with mere IPv4 access can talk to the full IPng internet. For servers, there's no good reason not to opt-in to IPng.
No they can not. IPv4 clients can only connect to IPv4 addresses, so the server will have to use IPv4. Peer-to-peer with IPng is still impossible.

Layers and abstractions

Posted Mar 24, 2019 0:16 UTC (Sun) by zlynx (guest, #2285) [Link] (1 responses)

IPv6 servers are backward compatible in the same way as some IPng scheme. Data centers that care (and this is the key point) are giving out IPv6 addresses to web servers and also providing an IPv4 reverse proxy. Every server gets a AAAA DNS record to their actual IPv6 address and an A record to the reverse proxy.

But there's still a bunch of people who don't see the point and think it's just fine to use 10.x.x.x addresses in the data center and only rely on proxies. Forever. But those people would be a problem in any IPv4 backwards compatibility scheme for any new addressing. They'd never see the point in upgrading past the compatibility solution.

Layers and abstractions

Posted Mar 24, 2019 2:10 UTC (Sun) by perennialmind (guest, #45817) [Link]

The vast majority of web clients have been upgraded for IPv6, but most of them have lousy IPv6 access. IPv6 required upgrades along the entire path to be useful. Even then, anything short of full adoption makes use risky. For a decade, I tried to join in the 128-bit fun: tunnelbroker.net, 6to4, teredo (once I had the twin IPs for a relay), and finally a /48 of my own my company's from an ISP happy to provide it but bemused that I cared. And still, I have to grit my teeth and turn off IPv6 when some website we care about turns on IPv6 and the road gets all bumpy. "Happy Eyeballs" is all about compensating for the tendency of IPv6 to be so very bumpy. It's not the hosts at either end: it's the unloved links inbetween.

A larger address space in the 90's was primarily useful to client networks that were already resorting to NAT. That's where the incentive was, so start by addressing their problems. In the first phase, you don't run public servers beyond the IPv4 edge – I agree with you there! That happens once (1) there are few legacy IPv4 clients left and (2) all of your server software has support for the address extension. You don't disable the extended-address support on your IPv4.1 OS, because it's so very harmless. It's just one more upgrade like any other. No need for AAAA records at that point. 32-bit IPng destination addresses are normal. 🙃

It took so long before userspace had decent support for IPv6. Presumably because it was largely irrelevant. Once you have servers automatically upgrading connections to IPng, it becomes relevant! Upgrade your client OS and server OS, but keep the routers and userspace on IPv4 and still get bigger addresses on the wire? I have to think adoption would have been quicker!

Start small. Build up incrementlly. Let your chick grow up and you wind up with chicken and egg. 😊


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds