[Cerowrt-devel] Fwd: [homenet] Routing protocol comparison document

[Cerowrt-devel] Fwd: [homenet] Routing protocol comparison document

[Dave Taht]

I currently plan to enable some form of ipv6 translation by default in
the next version of cerowrt - and make direct access optional - (or
the reverse! I'm easy ) if somehow we get it together enough to
actually have a way to do a cerowrt-scale effort again.

Any objections here? Suggestions for how to make one of the ipv6
translation techniques work right?

---------- Forwarded message ----------
From: Dave Taht <dave.taht@gmail.com>
Date: Mon, Mar 2, 2015 at 11:32 AM
Subject: Re: [homenet] Routing protocol comparison document
To: Juliusz Chroboczek <jch@pps.univ-paris-diderot.fr>
Cc: "<curtis@ipv6.occnc.com>" <curtis@ipv6.occnc.com>, Ray Hunter
<v6ops@globis.net>, "homenet@ietf.org Group" <homenet@ietf.org>, Teco
Boot <teco@inf-net.nl>, Mikael Abrahamsson <swmike@swm.pp.se>


On Mon, Mar 2, 2015 at 10:59 AM, Juliusz Chroboczek
<jch@pps.univ-paris-diderot.fr> wrote:
>>> If we carry NAT over to IPV6, then shame on us.
>
>> I am sorry, I no longer share this opinion [...]  The next version of
>> cerowrt will do translation from the external IPv6 address range to
>> a static internal one (or ones, in the case of multiple egress
>> gateways),
>
> (Insert strong expression of disagreement here.  Use any means available
> to convince Dave otherwise, including flattery, threats, demagoguery, ad
> hominem attacks and photographs of cute animals.)

Hahaha. Thanks juliusz! I have laughed far too little in the past few
weeks. ( just one example:
http://the-edge.blogspot.com/2015/03/virgin-media-fixing-epidemic-of.html
 )

Let me make clear: CeroWrt is (or was, ENOFUNDING) a *RESEARCH PROJECT*,
IMHO *the best - and nearly the only - one - that exists*, one that
has poked into many of the very real problems billions of home
networks have.

http://www.bufferbloat.net/projects/cerowrt

Through it, we identified *and fixed* multiple epidemic problems so
far, including fixing bufferbloat, making dnssec deployable, and -
along with the wonderful devs over at openwrt - helped make ipv6 work
a zillion times better along the edge than it ever has before.

We have made available the code, and firmware, to a large, dedicated,
brilliant group of testers, who have all done testing, providing their
feedback on each idea, each rfc, and the good and bad ideas in both
the code and rfcs better sorted out.  And a metric ton of bugs were
fixed along the way in both the kernel and the userspace stacks.

Some of these things have fed back as requirements into this wg,
notably the need to do mdns proxying, and prefix distribution, and to
some extent, source specific routing, and (finally) you are beginning
to recognize the real problems and complexities that real home
networks have, and are beginning to grok wifi.

Regrettably, progress on multiple other fronts for CeroWrt have been
slow (no funding, not enough devs), and of all the problems I have run
into in comcast's (otherwise pretty darn good) ipv6 deployment,
getting renumbered has been the biggest PITA, followed by a couple
borked dhcpv6 implementations, and then by trying to get hnetd to work
at all - at the moment it feels like the "systemd for home routers" -
and that is *not* a complement.

To make it clear - after actually *testing* some form of ipv6
translation technology - maybe all of them - in the next version of
CeroWrt[1] - we plan to find the bugs, document the problems, and do
whatever we can to fix them - and... if those are more severe than the
problems that hnetd introduces - try to fix hnetd - with enough people
helping, at the same time - and incrementally evolve whatever we works
best into something your mom can use and home, and small business -
into something that can be more widely deployed.

I am rather upset at the whole wg for the pathetic level of actual
testing and dogfooding of what code now exists - only *1* person was
willing to to do a plugfest on my previous "modest proposal", and he -
like me - is too broke to attend the ietf, but not too broke to spend
60 bucks, 5 minutes reflashing an off-the-shelf router, and do a
little testing on it's behalf. Arguably hnetd now has the most amazing
ratio of ported code (1000s of platforms, 36 cpu architectures) to
actual users (4?) that has ever existed.

I - and my userbase - are not going to let y'all inflict the broken
ideas on my mom, or for that matter the home router industry, without
actually testing running code. Sorting out the good ideas from the bad
is why we actually build things, and test, before committing to final
versions of specifications. At least, that's how I have always
operated.

> -- Juliusz

[1] And the main reason for the next version of cerowrt has little to
do with the products of this working group - but to further develop,
and test, some MAJOR improvements to wifi we've come up with.



--
Dave Täht
Let's make wifi fast, less jittery and reliable again!

https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb


-- 
Dave Täht
Let's make wifi fast, less jittery and reliable again!

https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb

Re: [Cerowrt-devel] Fwd: [homenet] Routing protocol comparison document

[Toke Høiland-Jørgensen]

Dave Taht <dave.taht@gmail.com> writes:

> Any objections here?

Yes! I certainly wouldn't want to run that.

> Suggestions for how to make one of the ipv6 translation techniques
> work right?

Turn them off? ;)

-Toke

Re: [Cerowrt-devel] Fwd: [homenet] Routing protocol comparison document

[Aaron Wood]

[-- Attachment #1: Type: text/plain, Size: 1057 bytes --]

I would definitely be interested in being involved with how to secure and
firewall, but still provide access to, internal IPv6 hosts.  Ie, the
internet the way it's supposed to work (peer to peer), but with the
security that we've inadvertently picked up along the way by using NAT
everywhere for the last ~10-20 years worth of home routers.

Basically, the question is:  How do I access my home remotely, without
exposing it to the world.

The IPSec portions of IPv6 seem like most, but not all, of the building
blocks.

-Aaron

On Mon, Mar 2, 2015 at 12:26 PM, Toke Høiland-Jørgensen <toke@toke.dk>
wrote:

> Dave Taht <dave.taht@gmail.com> writes:
>
> > Any objections here?
>
> Yes! I certainly wouldn't want to run that.
>
> > Suggestions for how to make one of the ipv6 translation techniques
> > work right?
>
> Turn them off? ;)
>
> -Toke
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>

[-- Attachment #2: Type: text/html, Size: 1770 bytes --]

Re: [Cerowrt-devel] Fwd: [homenet] Routing protocol comparison document

[Dave Taht]

On Mon, Mar 2, 2015 at 12:26 PM, Toke Høiland-Jørgensen <toke@toke.dk> wrote:
> Dave Taht <dave.taht@gmail.com> writes:
>
>> Any objections here?
>
> Yes! I certainly wouldn't want to run that.

Not a problem. You are fortunate enough to have stable ipv6 addresses
where you are - and me, I have to go bat-s**t crazy everytime I get
renumbered finding all the places that don't handle it properly and
rebooting them. So if renumbering is not the PITA it is for me, for
most of you, I merely want to make the ability to have some form of
translation available for those that can't put up with it, and won't
make it be the default.

Also as aaron points out, better firewalling/dmz of ipv6 is on the
agenda too. Not that I have either time, or money, or a lot of
interest, in fixing anything but wifi in the next few months.

>> Suggestions for how to make one of the ipv6 translation techniques
>> work right?
>
> Turn them off? ;)
>
> -Toke



-- 
Dave Täht
Let's make wifi fast, less jittery and reliable again!

https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb

Re: [Cerowrt-devel] [homenet] Routing protocol comparison document

[JF Tremblay]

[-- Attachment #1: Type: text/plain, Size: 818 bytes --]


> On Mar 2, 2015, at 2:45 PM, Dave Taht <dave.taht@gmail.com> wrote:
> 
> I currently plan to enable some form of ipv6 translation by default in
> the next version of cerowrt - and make direct access optional - (or
> the reverse! I'm easy ) if somehow we get it together enough to
> actually have a way to do a cerowrt-scale effort again.
> 
> Any objections here? Suggestions for how to make one of the ipv6
> translation techniques work right?

By IPv6 translation, do you mean a NAT66 stateless prefix translation as described in http://tools.ietf.org/html/rfc6296 <http://tools.ietf.org/html/rfc6296> ? 

That could be useful for people like me behind a 6RD /60, I wouldn’t mind trying it with an internal ULA and see how it behaves. Not sure how current implementations behave though. 

JF



[-- Attachment #2: Type: text/html, Size: 1563 bytes --]