Archives

These are unedited transcripts and may contain errors.


Plenary, Tuesday 15th of October, 2013

At 9a.m.:

JOB SNIJDERS: Good morning, sunshines. Welcome to the fourth installment of the plenary session at RIPE in Athens. This morning's plenary session will be mostly focused on IPv6, some of you might have heard about it. And we want to kick this off with a presentation from Nathalie Trenaman, who will talk about her experiences running IPv6 in her home. She'll be speaking on personal title. And my kind assistant Brian just reminded me it is of utmost importance that you rate the talks after they have been presented. Rating talk helps us assess what the interesting topics are and where we should focus on as a Programme Committee so your votes are much appreciated.

NATHALIE TRENAMAN: Thank you very much. Thank you all for coming out so early on a Tuesday morning. For something I am going to talk about that has been my little home project for the last five or six months. As you can see by the title slide, I am doing this strictly on personal title in my own time. Yes, so this is my own comments.

I did this project not just by myself. I did this together with my boyfriend Benjamin and the reason he is into home automation, so even before this project, we had a lot of stuff working on IP or with radio frequencies or other ways.

We have no kids, so the network is just us and we are the only ones relying on it and we have 3GS backup plan so we could play with a lot of things. I am not doing this presentation by myself today; I was more in charge of all the chasing vendors, helping ?? asking things around to people in the IPv6 community, all the actual implementations, all the scripting, all the decisions on the software, were made by Benjamin and to help me out today with the presentation, if you have questions about these specific things, he will be available for you on the chat, on the Jabber, his nickname is Benjamin so please find him if you have any questions on these things.

I am an IPv6 trainer. And I have been for the last four years, travelling around the world, explaining people how they can do IPv6 and in our IPv6 training course from the RIPE NCC we have this little exercise where people have to make subneting decisions based on IPv6 on fridges. Which made me think: Would there be an IPv6 capable fridge? Well, at the moment of course there isn't. But then it made me also think what other things in the house can you hook up to IPv6. Also, what would that cost? What do I have to replace? So that is a bit what this presentation is about.

So first bit of a picture of how it looked when we just did IPv4 and I think this could be a common household. So we have a Windows 7 game PC in the attic, a pass berry pie for the media centre, same in the bedroom and on that floor we also have a printer. And then the low floor you can see some other things that not everybody maybe has in their house; for example, F HE M, used to control ?? for the Dutch the click in and click out, I don't know what the English equivalent for that, it's basically controlling your lamps over the radio frequency. And FHEM helps you to script that with pearl and makes group of that so group living room or watch TV and then the lights behind the TV go on and the lights of the rest of the room dim. We also have the usual Apple stuff, Android stuff, nothing really important there. Important there is the UPC line that you see. Now, that UPC line does not do IPv6. So, that was one that we had to replace, together with some other things you might see her, the raspberry pies were fine but there was some other stuff didn't do IPv6 and I made a list of that. So the UPC line, no IPv6, the wireless access point, no IPv6 in Netgear, the switch obviously didn't do IP. We had the media centre running XBMC Buntu, that did, the red asterisk means there is no IPv6 and probably will not be IPv6. The webcam and the printer. So stuff to be replaced or tweaked, that is what we did.

First challenge like I said was UPC. 20 Mbit, that was nice. We live in a house built in the '70s so there is no fibre and there will not be any fibre any time soon. For UPC, I have been calling them them for the last year on a bi?weekly basis asking them when they can provide me with v6. On the website it was for a long time half of 2013. And they removed that from the website and now there is no date any more. So, I couldn't wait for that. Although because the speed was OK?ish I couldn't drop them completely because XS4ALL was another option we could use that has IPv6 but because we are quite far from the DSLAM, the speed drops quite significant, so it says 8 Mbit here but that is on peak hours, so if we are really lucky it could be as worse as three Mbit. So, for the speed, we were a bit, still ?? we couldn't totally get it although we really wanted it.

So then we called XS4ALL and asked them could you also do IPv6 only for us. I was surprised that the guy answering the phone in the help desk knew immediately what IPv6 was. He knew what IPv6?only was, so queue does for XS4ALL for there but he had to check and when he came back after three minutes he said no, because our billing software accounts for an IPv4 address. So at the moment, no IPv6 only. OK. I was happy to see that the help desk at least knew what IPv6 was. So another provider that does residential IPv6 in the Netherlands is not just XS4ALL for all today, also Softcom, another provider could deliver, same speed, same DSLAM, same problem. So for the sake of reputation, we chose XS4ALL but it could have been them just as easy.

We got this Freetz box 7360 by default. It's a cool thing but because now we have got two providers coming into the house, that Freetz box was not capable of doing the double wham, so that was a bit of an issue there. Eric Van Uden he was a her row, he talked us through many, many options and he said, well you could choose for the more expensive one, the 7390. That was €225, we thought let's see if we can make that a bit cheaper, so we did. We had the AS R OC ION in our house well so we tried PFSense. We got a lot of support initially from them because we run into the famous bug number 2919 with PFSense and DHCPv6 prefix delegation, it does the prefix delegation for a certain lease time and when that passed it would not regive the addresses so there was just the end of it. Very annoying. My colleague had contacts with the guy who was working on that bug so we offered him the test?bed. He played with it, he said well, I might come back in two weeks. We didn't hear anything. So we decided to move on. Later, I heard that this dug was bug was actually fixed in August but by that time we have moved on. So PFSense is supposedly working fine now with the DHCPv6 prefix delegation. By the way, this is Ben in his utility closet where he spends quite some time.

So then, what? We decided to go for cheap and easy and that is with OpenWrt we stay still. OpenSource. We tried it with berry breaker, apparently it also works with attitude adjustment. It gave us a default everything at that we needed so the multi?one problem was fixed, it does the bringing, it does have a firewall. Prefix delegation works and the IPv4 traffic from XS4ALL and UPC is also now load balanced for €86. So it was a good deal.

So this is a bit how it looks like and now in her house. We have the XS4ALL line coming in with dual stack, UPC still v4, the Draytek acting as modem and goes to OpenWrt router and at the moment it has three /64s, one is the guest wi?fi, second one is the home wi?fi and I don't want to give out guest, the password of my home wi?fi because currently all the home stuff, so the lights, etc., are in the home wi?fi. So that is still to be splitted but for now, we decided to just go for a guest wi?fi so people can't control our doorbell and lights.

Then we had to make a decision if we would go either for SLAAC, address auto configuration or DHCPv6 to our devices. Yeah, looking at things, all the raspberry pies they have static, so that was no problem, but we were running some stuff that didn't do too well with the DHCPv6, so for now we stick to SLAAC. We will try it again next year to see if Android caught up with things. I know running an older version of Mcso that is on the to do list to upgrade so that will be solved.

Next step down the road, the media centres. That was the easiest one because we had raspberry pies and we had running XPMC so that all supported IPv6. No problem there. The only problem that I found and Ben found, the Raspbmc was not stable enough so it would just crash sometimes and you had to get your keyboard out and restart it again. So we moved to OpenELEC which runs fine for a while and yesterday Ben told me something interesting, that they push out an upgrade last week where IPv6 is switched off by default. So he suddenly lost IPv6 connectivity to all the OpenELEC things so he had to activate IPv6 in order to get it to work again. I don't know exactly why they disabled that.

Then the NAS, this was an expensive one but there was also a bit of a bonus for Ben because, well, the stuff that we had would never do IPv6, any way, ever. So it was time for an upgrade and while we upgrade, we upgraded well so we spent some money there.

So, pricing, works, it also works with free NAS, also works just what is your flavour, what is your liking. So media centre, NAS works no problem.

Then the Thermostat, we are going a bit to a greyer area now. We bought the thermostat. It was a pretty cool thing, easy to install, Heatmiser, 164, not that expensive, nice apps, easy to control, no IPv6 of course, at all. So contacted the help desk, that was an interesting case; I sent an e?mail to them asking if there was IPv6 on their roadmap, if they had products that support IPv6. They closed my ticket without an answer. After that, after they closed my ticket without sending an answer they sent me a customer satisfaction survey. So I didn't leave it with that. Went back, sent another ticket, asked them if there was any support for IPv6 on the road map. This time I got an answer after two weeks, saying no, we don't. No answer on when, no answer on which products, nothing. "No, we don't". So we had to look around. And I found actually one in Europe that, a thermostat that does IPv6. And that is called Tado, it's a German company, so kudos for that. From what I see it does everything I want it to do. Unfortunately, it doesn't ship to NL, to the Netherlands. I sent them an e?mail asking them if they would be able to send me a thermostat. They said yeah, if you send us our specks, our wiring specs, etc., they are happy to send it to you. But then I saw the pricing, and that freaked me out a bit because that is a whole new model in this Internet of things world where you don't purchase a device; you pay a yearly or monthly fee to control a devices that not in your own network but you have to also connect to the outside world so you have to pay a subscription fee to use a service from them to control my own stuff. There is something wrong there. But yeah. So €99 per year, I am not willing to go there yet, but we will see.

Then, the front door. Now that is a bit famous. It's a bit of a fun project. Our front door does two things, really, well, not the front door itself, it's the webcam on the front door. We used to have an IP webcam on the front door, it sends pictures of movement in front of the front door through my e?mail. Now, my e?mail is all IPv6 enabled so that works all fine. The IP calm was not IPv6 capable, unfortunatelyly, so we had to find a solution for that. But the other feature that it does, that is kind of funny, if the doorbell is pressed it makes a mug shot and then sends a tweet around saying the doorbell rang and sends it to me and Ben so we know when the doorbell was rang, when the mailman was at the door, etc.. now, we all know Twitter does not support IPv6, so, that was a bit of a problem there. The other thing to replace the webcam we just bought a very cheap no IP USB webcam, we made it waterproof, hang it outside, drilled a hole through the door post, plugged it in the raspberry pie and mounted it on the door post works fine. I don't know if you heard when they will do that, but we can't wait.

And also now we have IPv6 on the door, we are looking at our cool things we can do with that. So maybe unlock it over IPv6. We still have to look into the security specs for that. But, our webcam works over IPv6 and this is our mail guy who is happy to have IPv6 over the webcam. We still had to adjust a bit that you don't see the street any more because by law of course that is not allowed. Webcam works.

Next thing: IPv6 lights. Our energy supplier, they started offering IPv6 capable light bulbs, very cool. Not cheap, though. Two bulbs and a gateway device that I had to plug into my router, €129. Yeah, I know. Plus, I had to buy or lease, and here we go again, this e?manager for 2.95 per month, which basically connects to not Neuon, what you would think, but to an external party to control my lights, green way reality it's called, it's a start?up company. Interesting scenario. So I ordered it, I want to play with it. Theory: It's not complex to set up, you just screw the light bulbs in, you hook up the gate way, and over v4 it works, but I couldn't find anywhere in the whole graphical user interface, any place, where I could adjust IP addresses or assignment IP addresses or anything, nowhere. So I sent them an e?mail, GreenWaveReality, so this is not my energy supplier, sent them an e?mail asking, OK, so you have really expensive light bulbs, then you have got a graphical user interface that is basically designed for my grandmother, very convenient but I can't adjust anything, where do I put my IPv6 addresses? They closed my ticket without sending an answer. So, I sent them another e?mail, of course. No answer yet.

This is from a website, so it is big announced, it uses 6LowPAN, I believe that is more and more commonly used thing for the Internet of things. This was October last year. What can you do with a let light bulb that has its own Internet address and how much would you pay for it? I think it's rather costly at the moment and, well, I don't get it to work, so interesting experiment. For the moment, we stick with our good old radio frequency lighting that I can with FEM control from my remote from my phone.

I started questioning, after this thermostat incident and the light incident, what is up with these things, why do I have to buy a software subscription to connect to my devices over somebody else's platform and in the case of the light bulb not only my energy supplier but also another third party, what do they do with these records, how secure are there platforms? Why is this? Is this new business model? I have no idea. It just doesn't feel right for me, so I am interested to hear what you think about this. It actually started me to get a bit worried about this Internet of things stuff.

So this is what we have now, coming to the end. Windows 7 PC is still there, works fine, RaspberryPi, the Epson printer is still there, unfortunately. So we are looking around for an IPv6 capable printer. We know they are there, brother seems to have some decent ones so we are looking at that at the moment. For the thermostat, I am still not sure to go with Tado or not, because of that €99 per year and the connecting over other platforms. All the rest, no problem. But as you can see from my picture this is mainly OpenSource, right? There is nothing out of the box yet. So what we have to do still is the Bot light over IPv6, the front door over IPv6, unlocking, maybe, get that new printer. Other than that, get the lights to work, of course. Then we start looking at the coffee machine.

IPv6 in 2013 in your house is not cheap. We had to replace certain devices. You can make it as crazy as you want. There is a lot of manual labour involved; ask Ben. We had to do a lot with OpenSource because there is not much customised consumer products out there, still. Even with the whole promotion of the Internet of things. Vendors of commercial home products are not even aware of IPv6 and like I said, my experiences with the help desk were not that good. So at the moment 2013, not everything can be done with IPv6, unfortunately. I hope to be here in two years and tell a completely different story. That is it from me, happy to take any questions.
(Applause)

BRIAN NISBET: Thank you very much, Nathalie. Any questions, please, remember to state your name and your affiliation before you ask.

AUDIENCE SPEAKER: Roland Dobbins, ARBOR Networks. I had a comment, this new business model of charging for devices in your home is into the new business model, it's a very old business model in the late 19th century and through most of the 20th, the telephone companies, whether private corporation monopoly or PCT, you actually paid to rent a telephone instrument that you had no choice about and if you had three telephones there was a fee for each of the three telephones, each month so it's actually kind of returned to an older type of business model.

RANDY BUSH: IIJ. Two things: On the monthly problem, you should note that you work for a company that rents integers by the year. But the security issue of having inter linear devices that phone home to somebody else's home is exceedingly serious. I am having trouble beating Clue into some of the people in the IETF. I think we have a general problem there. I think I paid for that God dam device, it will talk to what I want it to. And I think, I am not sure where we get the leverage to deal with that problem but it's very serious problem and it will only grow worse and worse.

AUDIENCE SPEAKER: Benedikt Stocebrand, a couple of things. First of all, why do we have these subscription services? One of the reasons we have, it's the same as with IPv4, if you have dynamically changing IPv6 addresses, it's bloody stupid and difficult to make your devices accessible from outside, so it's easier for the vendors to go this way and make a bit of money out of this along the way. It would be much easier if static addresses were generally available but that is actually not always available and if you were a vendor, you'd build your system or your products so that most people could actually use it and that means you have to go this way. So, we have a rather nasty development there, I think, which ?? well, part of this community sort of screwed up, sorry to say that.

Second thing, printers. I have had at least one case with a printer which supported IPv6 but it didn't say anywhere the documentation and I only found out by attaching it to a network with advertising router and that thing ?? was completely surprised; apparently they tried to sell it to some government contract and didn't believe their stuff was actually working or whatever, anything like that. So it's actually worth to give it a try. Yet another thing on printers, I have also had another case with a printer which supported IPv6, it supported IPv4 as well but not both at the same time. So you put that into your network with an advertising router and IPv4 would stop working apparently because it was too short on memory. It happened to me during a training and the other course was trying to print things. So, that is a...

Finally one more thing. When you talk about all this automation, keep in mind the majority of people are not remotely capable of configuring the things you have done, so if this ever is supposed to really take off, we need to build things and networks and everything so actually your grandmother can plug things in like she does with a 20 volts things.

NATHALIE TRENAMAN: Agreed. Thanks.

AUDIENCE SPEAKER: Mikael Abrahamsson from BT. So would you say that you would like your light bulb to be accessible from all over the Internet or do you prefer it to phone home or do you want to control this yourself?

NATHALIE TRENAMAN: No, no. I would like to control my Internet bulb by myself.

AUDIENCE SPEAKER: I was thinking the access policy that makes it reachable from some places but perhaps not from everywhere.

NATHALIE TRENAMAN: With VPM maybe or somehow close that off a bit

AUDIENCE SPEAKER: Do you want that to be default of not reachable and you have a device which can actually use some ??

NATHALIE TRENAMAN: Yes.

AUDIENCE SPEAKER: That is what I think as well. This is tricky because you want it to be reachable from your device but not everybody else's so we need our framework to make that work.

NATHALIE TRENAMAN: Yes, thanks.

AUDIENCE SPEAKER: Marco, small note on the printer part, the printer in the terminal room isn't absent and it supports IPv6. So there is hope.

AUDIENCE SPEAKER: Vesna, chat monitor, and there was a comment at the first part of your talk about somebody called Kate it is a on IRC who said that stateless address auto configuration should be enough with address configuration and recursive DNS.

NATHALIE TRENAMAN: OK. Thank you.

BRIAN NISBET: So thank you very much, Nathalie.
(Applause)

Before we introduce our next speaker, just one second, a bit of good news, and proof that rating the talks is the thing you should be doing. We have our first winner of the rating the talks prize from yesterday, and the winter is Eric Osterweil from Verisign. Go and talk to the people in the RIPE NCC and they will sort you out with your prize, and continue to rate the talks, I think there is another price for today. There may not be. I can't see anyone in the RIPE NCC rushing to tackle me. So after that personal experience of IPv6 in the home we now have the official how to do it, so from Mark Townsley from Cisco and routing IPv6 to the HOMENET.

MARK TOWNSLEY: After that wonderful reality on reality I am going to ask you to suspend disbelieve for a moment and pretend that you do have many devices in your home that support IPv6. This presentation is going to talk about not only do you have many devices in your home to support IPv6 but also IPv6 to your home, maybe in multiple ways. So, despite all that reality, we are going to talk about technology for a minute, specifically routing IPv6 in the HOMENET.

So the main goal in my mind of this Working Group, of this effort, is to raise the bar in home networking, the current state of affairs is maybe not that great. In order to do this, we are focusing on what we know, at least from an IETF perspective and certainly from my perspective and that is just to lay down the principles that no matter how many routers you have in your home or how they are connected, networks shall have ample IP address space, routers shall know where to send packets, names shall resolve to addresses and human touch is not required, simple stuff. Now reaching that bar, two vectors here:

One, stands to set the bar and OpenSource to help us get over it. And the consumer world particularly in the home router market, the reality today is that OpenSource is highly leveraged, if it doesn't exist in OpenSource it's probably not going to exist. So, when we created the Working Group, we included in doing that a Working Group creation process that running code in OpenSource was going to be a fundamental important part of the work that is done there. Shortly thereafter, at Cisco, the company I work at, John chambers created tech funds were distinguished engineer or fellow so take an idea that was technology?based, submit it to a panel and that panel could decide, OK, I will help fund that to technology to meet its ends, despite whether or not it fits within a particular business unit to make money with in the next quarter, any of that stuff, so something a little bit separated from that on a year by year basis. So I said well why not, right? I submitted a proposal and myself and a colleague of mine in the US also named Mark, Mark /PWOUR, have some oversite over a group of engineers that are developing OpenSource specifications ?? OpenSource code based on open specifications in order to meet some of those goals I talked about earlier.

All of this is available in a get had you been, OpenWrt based as well, we would like to see it in a package that can be easily downloaded by year end or early next year.

Now, one thing about HOMENET and hip net, I think maybe if you were here last year, not here but at RIPE last year, you may have seen a presentation on hip net. Hip net is a specification developed by cable labs not in the IETF, so cable labs ?? well /TPHO*RBG America, comprised mainly of cable MSOs, (north) who got together and wanted to solve a very similar problem, and that is IPv6 is getting to the home, how do I get it across multiple links and do routing with IPv6 in the home. And they went about as far as they could without actually introducing a routing protocol in the home. Now most of the work so far in HOMENET has been around the basic idea that yeah, we will have a routing protocol in the home. So, the end result is with hip net you have something that works across multiple links and with multiple routers by doing DHCPv6?PD down to the routers, enforcing a tree model or using RAs to break ?? to disconnect up links so that you get a tree model, and that is about it. The problem we are facing right now is that HOMENET and hip net are incompatible with each other. If you put any mix of hip net route /TPHERS your home and HOMENET routers in your home as defined mostly by what we have been doing in various drafts in the home networking group and in the OpenSource code, it probably will not work, OK. So this was brought up in the Berlin meeting at the last IETF and we got in the room and formed a design team of individuals that understand the bits and the bytes of this and said how are we going to make this work? And the results of that should be coming soon, it's encouraging, but hopefully we can heed ?? avoid that disaster before it makes it out into the real world.

I wanted to explain that and make that clear. Hip net is not HOMENET.

So, what is HOMENET? Here is our scope, again layer 3 plus or minus a layer or so. Multieye router and ISP, we assume we have multiple up links. Arbitrary topology, automatic IPv6 prefix configuration, /64s on the links, name resolution, service discovery, we are doing all with this IPv6 focus, but if it happens to work with IPv4, OK. Not that necessarily we will specify that in the Working Group, maybe, maybe not, but the point here is that we won't make a concession because of IPv4, right? The design is IPv6?based but if it happens to be applicable with IPv4, fine. So one of the the things I always get when I talk about we are solving this routing problem in the home where there is multiple routers, people tell me I have only got one, what are you talking about, why would I need two unless you are crazy like Nathalie and her boyfriend. Well, you know, back in the day, of course, a long time ago we just had one PC in the home and then link us came along and sold you this thing and its principal purpose was to let you have two PCs in the home, Linux came along and wanted to ?? many people probably plugged it in the back of their existing router, you didn't want to lose those ports, you bought them. And this actually happened where our links us routers at the time we sold this stuff, get 192.168.124 in the home by default and the new models did exactly the same thing at least some of the cases when this happened, this machine couldn't even reach the Internet because it ran into name collision issues, and what was a user to do? Swap it out and put in a DLink because they used a different value here. And then it worked. So this is actually happened, talking to product managers.

That was a DLink product manager that explained it to me. I don't know how long it went on before they figured it out. Then of course, you get your Apple devices, you might think your time capsule is for backup but it's a router. You have your VPN connection in your home, smart grid on?line, then you have your 6 low pan stuff, IOTs come in and of source some of them only work on this flavour of IPv6 called 6 low pan which generally, remember this is an IPv4 network, one needs to have some kind of gateway in order to get to that IPv4 network, which leads you down this sort of cloud thing we were talking about earlier, unless you have ubiquitous IPv6 these can't route to each other, they have to go through a gateway and that probably has wires to connect to your wi?fi, it probably has a plug on the back of it too and because you disconnect both and you have got a loop. If you are running VAMware or parallels you have got a little virtual router in your PC. I am already up to seven routers. I hadn't even talked about home automation or security or hi?fi and all this future stuff that wants to get on, ethernet at least if not IP also.

Now, to a router guy, that just looks like a bunch of routers. I don't care where they come from. The not the router that you got in your home that you think of as a router. These are all routers, or could be routers. That is what we want to try to solve. And one of the most important things we have got to do first is identify the border routers, we are assuming we are not having PI space here, this is all PA space, may have multiple up links so you are going to end up with multiple prefixes to deal with.

If you lock at the work we have ?? the work we have done in the OpenSource project is based on those couple of drafts you see at the bottom, OSPF based but we could have any sort of IGP that you could imagine here, IS IS or any one of a flavour of mobile ad hoc type routing protocols. That hasn't been officially decided in the company yet. But let's go forth from here thinking, if we have a routing protocol in the home, what is it ?? how is it going to help us? One thing it's going to eliminate our loops and also gives us a convenient function to automatically identify those links, because you have the topology, you can identify which links need a /64, and you can go around and identify which interface of which router actually owns configurations of hosts on a link that has more than one router connected to it. For example, here, I have got five routers connected to this same link. Who answers DACP and the RAs? Do they fight over it, what do they do? When you run the IGPL algorithm, what happens here is each router is in contact with one another, they have a shared data of what is going on, they have ?? they go ahead and say, all right, well, I will own this link, thank you very much, I will own putting the 64 on this link, I will take care of the hosts here. Until the topology changes and somebody else takes over. Same here, same here, same here, you will find later that that basic fundamental ability to have the links stayed in the home and to have the routers say, all right, I will take care of this link, you tare care that have one, can actually be used for other things. Again and again. It's a nice thing to have. So, what we need to do is carve up /64s that we have and assign them to links, if you have three up links, 3 PAs, you get 3 /64s on every link and all that runs independently, which is also nice from a resiliency standpoint. We don't have to get into each other's processes there.

What does this mean? That guy gets three IPv6 addresses, three globals. He has also got to link local. He may have ULA. This blows the minds of people probably not you guys, but blows the minds of people who are first looking at this. They are like what, my PC has more than one address. You are look yes. Absolutely. Our job is to make sure the packets get to the right exit. That is what our job is, no matter what the PC source address is chosen, we have got to get the packets right out to the right exit. This is the PC's mind being blown.

What do I do? I have never asked the user for that kind of information. What do you mean? I have only got one address and I just send packets. Ah. This guy has been handling this for you. Whether you like it or not, it's quite aware of being multi?homed, connected to multiple interfaces, at least. You get asked by your ipod or your ipod application itself or even in the system settings based on registered applications, are you allowed to use this type of network or that type of network for this communication? Not a problem for me, part of daily life. What we are talking about here is effectively raising that same kind of information up to layer 3, so that you don't have to be restricted to the ?? to being directly connected in order to utilise that same kind of knowledge. So even if he is singally connected into your home with wi?fi, I have the information that this may be this up link is 3G and this is fine. What happens is we take properties, properties that can be communicated from the ISP connection, properties that may come directly from the link itself, package them up, send them through OSPF or the IGP and then it gets propagated to all the different routers and then because the router owns controlling the host he can just give the information in the RA or DHCP. That is the basic principle. Now that is for something we call properties, it was defined in that DHCP document that was in the previous slide. Properties are things I can agree on in an RFC what it is. What about things that are a bit more nebulous than that? What if it's just something that is greed upon between the application and the network? That is where you get into prefix colours and I think Michl will be talking about that at some point but the idea here is simply to give some more information to that poor worried host that doesn't know how to make a decision about which source address to use. And so that is a tag or an idea or what have you, or a colour and here we are calling it a colour. This slide is from a bits and bytes presentation where one of my students that worked at Cisco for the summer last year modified an android, put DHCP 6 on it and allowed it to receive colour information, modified VLC, which is video playing application, to go off and get a policy for selecting the blue or the green prefix and had it all working as it was connected to one of the home nets. Now, I would be remiss not to talk about service discovery here and I have carved your home up, how do I print on my printer? How do I get Bonjour to work. This is a general problem, this being addressed in the MDNS or the SDNS in the IETF, it's something that Stuart and others have been working on to make sure that Bonjour works across multiple links in say a campus environment. We are going to reuse that without any configuration. There is two drafts here, this is Stuart's draft and this is Marcus, one of the guys that has been working on the OpenWrt code. He takes the exact ideas from Stuart, which is basically this: If you want to reach your evil Mr. Burns webcam in your home, which is basically, I am going to do DNSSD to a router and that is is going to distribute that Unicast over and then populate the response by doing MDNS, one per link. I can do this and know that it's one per link because I have the topology. No problems with NDNS proxy storms and these things of things because I am doing Unicast from here because the during DHCP I was given that DNS?SD server for the host to query and once I query it, he floods that information out just to the routers that have connected hosts and well just to the ?? that have links they own, there may be a router that doesn't have link of its own and does MDNS just once per link, populates the response, it's all stateless, populates the response and boom, he gets his Bonjour information multi?link and we have that running.

So the next thing I am going to go through with just a few minutes left, so imagine you have this wonderful, again, you know, suspend reality, imagine you have this OpenWrt implementation on all your HOMENET routers, you have IPv6 running everywhere, multiple up links, and everything is working beautifully, now maybe you want to share something with a friend of yours, how might you do that if you are not into actually configuring tunnels or calling your friend and saying join this great home connecting tunnel service or something like that. So I asked one of my students to look into this and to try, without any additional infrastructure, no additional infrastructure, you can reuse whatever infrastructure is out there, but without any additional infrastructure, because I didn't want to pay for it, how do you connect multiple homes together in a way that might be user?friendly? So imagine your home router was actually part of your social network. So you have your Google plus user ID and Facebook ID and subordinate to that you have a home network and you can friend your friend's home network and it's a separate graph, the home network from your social network but you can kind of see through your social network, who has a home network. And the bi?directional action of doing that establishes a tunnel, establishes a tunnel to two homes that know how to route packets and exchange routes, know how to do service discovery over that tunnel so now you can share your pictures, iTunes library, web cams directly over that encrypted tunnel to your friends on Facebook without putting the content on Facebook. So you are bypassing it. All you are sending through the Google plus in this case because that is he ended up using, is eachability information for your tunnel and public. It's kind of like met at that data but you are getting the content you are sharing out of the cloud and back more towards end?to?end, more towards end?to?end but in a format that you are more familiar with when it comes to sharing content. You can also share realtime content this way, web cams and such like that that they haven't managed to tackle on your news feed in Facebook. So this is just some more detail on once the tunnels are up, you have got LSAs, give you all this information and boom, my zero browser can see the browser that is in the other home.

So, one thing I want to let you know here, it's a secret, don't tell anybody, but don't let home in the title fool you. We are working on home, on the home here, but in my mind, one of the reasons is, is because it gives a great environment, because if you can solve this multi?prefix, multi?homing without NAT end?to?end linkage all the way into the applications kind of problem, in a home environment, where you don't have any administrator, then everything else should be a piece of cake. So we are really tackling those problems that have been part of IPv6 since its beginning, so really getting end?to?end model to actually work end?to?end and even let you link it all the way up into the applications, which starts to give you wonderful dreams of SDN and things like that if you'd like.

Summary:

IPv6 is increasingly available from ISPs, even if sometimes they close support tickets or what have you without answering. Homenet is really about taking it from the edge into the home. We already have RFC 6204 etc. That define the within a link part of this and we are taking it the next step in the home and the goal is to raise the bar for home networking in the process, to try to make this better, to really try to make it better. RFC and OpenSource code are being developed, please contribute. This is your home, we are working on. Any questions?

(Applause)

JOB SNIJDERS: Thank you kindly for this elaborate presentation on how we should run our home networks.

GERT DORING: IPv6 user whatever. Thanks for actually showing us what is going on, for those that are too lazy to follow home network or too busy or whatever. I can see that this will meet some resistance from sort of semi?network operators that will tell you that this is never going to fly, you can't have a routing protocol in your home and so on and so on. And I think it has to be that way, either it's all on full automatic or it will not happen, so I think this is the right way to go. But I have seen comments on mailing lists and IFC and so on, have it in the home, you must be crazy.

Something, actually a question I have is, you mentioned that one of the routers will decide to be the boss of a certain /64 or a certain Layer 2 segment. So when a client asks for RA, this single router will then send an RA with three, four, five prefixes, so when the client then sends out a packet it will always go to that master router ??

MARK TOWNSLEY: Let me clarify. Single designated router per prefix.

GERT DORING: So when you ask for RA you will get three RA ??

MARK TOWNSLEY: I think the algorithim is independent. You could get one from that one, this one and that one because they are different routers. Let me think about it, I think that's right.

GERT DORING: So at the same time then you need to solve the routing in the PCs to use the proper default gateway per prefix?

MARK TOWNSLEY: It's not the routing and PCs per say. It's the source selection, it's got multiple sources.

GERT DORING: I understand that bit. The question is, when I have three coloured prefixes, I use colour B so to get around reverse path filtering on the ISP side, if a user prefix B I need to send it to router B. So I have three candidate default routes but every one is only working for one source.

MARK TOWNSLEY: I think the hosts know how to do that today already.

GERT DORING: The hosts already know?

MARK TOWNSLEY: They already know how to do ?? they already know how to do multiple source addresses with different routers advertising RAs. What they don't know how to do is intelligent, well different levels of intelligent, but intelligent source prefix selection. Now, Windows do know how to choose source selection based on PIO, which is if you are going to this destination, use this source but they already ?? if you take two routers, two RAs, one host, and I have got an address from this one, that from that router and to go to the right default gateway. Somebody please correct me if I am wrong.

GERT DORING: I would challenge that for Linux because it tends to install one default route and use that for every source. Not multiple defaults.

MARK TOWNSLEY: Maybe not Linux, I am thinking Android and Apple.

GERT DORING: That cannot run without IPv4 anyway.

AUDIENCE SPEAKER: Mikael Abrahamsson, I have to agree just one default gateway, this is worked on in multiple interfaces, after they are done hopefully this will work so that you can basically, wherever you learned to use this address you will use that for sending packets out with that address, basically if you get three RAs from three different routers you are going to use each router. I wanted to add one thing to your vision about connect home, I would like to see going forward that, for instance, if I am friends with someone and they have authenticated devices they own they come into my home, it will authenticate my network, and I will authenticate their device and when this happens and they are actually in my home they can use my printer but when they are at their place they can't. I can set up policies for this. This is taking your stuff and adding a little bit to it but with the infrastructure you already suggested this should be doable. And I don't know if this is something that people want to do. I would like to do it. I hope I am not the only one. I think generally people want to do it and they want also to be able to reach their home devices wherever they are encrypted, IPsec or something like that with the same mechanism but this also means that if you are using Google plus then all of a sudden I guess you have to trust them for all your security policies in your home. Do we really want this?

MARK TOWNSLEY: Well, at least the reachability in the keys, you don't ?? you can attach ?? well, in our model you can attach the security models of what you share to a name of circles, a named circle which in turn is reflected in the Google plus so the information about what you are sharing is in the circle and then is shared actually over the tunnel encrypted, so the fact that you have a printer isn't posted into Google plus, just that you have a Homenet. But if you bring it to hosts and not networks, you may have to cross that barrier where you are advertising a bit more.

AUDIENCE SPEAKER: The question is, would this kind of architecture going into the service discover this part of Homenet, is this the right Working Group to do this or do we need something more? We can take this off?line.

MARK TOWNSLEY: Right, we have got so much fish to fry at the moment. What I think it's good to thing about these crazy ideas and that our infrastructure shouldn't prohibit it but I don't think we should run out and start defining standards for Google Plus based interconnectivity. These are just hey, let's test these things out and if they are working, maybe the infrastructure is flexible enough to start creating new things.

AUDIENCE SPEAKER: Ian Farrer is my name. Just to pick up on; about the next?hop selection based on source address. It isn't there at the moment, there is a draft in Homenet which proposes a way of resolving it but there is no mechanism currently as it stands.

MARK TOWNSLEY: I thought Windows could do this.

AUDIENCE SPEAKER: There is no mechanism for doing it.

JOB SNIJDERS: Thank you kindly.

(Applause)

Our next speaker is Lee Howard from Time Warner Cable, Internet provider in the United States. By now, it has been established I think that IPv6 addresses are 128 bits but what is more mysteryous to me at least, is what the cost of operating IPv6 is, and the stage is yours.

LEE HOWARD: Good morning. I have a lot that I want to say and talk about. But first, I gave a presentation yesterday afternoon where I talked about what IPv6 only looks like and I called out the sponsors of RIPE and showed whether they support IPv6 on their websites or not. And I have to give some kudos to one company in particular, who yesterday afternoon did not support IPv6 on their website and today does. Would the staff of Forthnet please stand up.
(Applause)

Forthnet.gr, while we were all having drinks they were dual stacking their website and that is really good, that is exactly why we do that and I hope to see lots more. For all the other sponsors whose websites don't support yet, the gauntlet has been thrown, there is still several more days of the conference.

I want to talk about the total cost of the overall transition. A lot of things go into supporting IPv6 and making this the essential transition that we have to make. What I have here is three different talks, each of which makes 40 minutes and I have 20 so I am going to talk quickly but I realise not everybody is a native English speaker.

Three previous talks there is additional information here, you probably have not even before even if you have seen any of the individuals.

What will it cost to run carrier grade net. So I was thinking a couple of years ago, I tend to prefer IPv6, I was in the RIR culture so I had this prejudice towards IPv6. Because people said NAT is evil. And I thought about it after a while and when I got to Time Warner Cable I thought what is evil? What is the nature of evil? Well the nature of evil for a for profit company is it costs a lot of money. So I had to figure out, I was trying to figure out how do I figure out how evil this is. And compared to other potential problems like buying addresses, is that more or less evil than deploying carrier grade NAT. The way to quantify that is to put it into dollars. How do you figure out how many dollars or euros and I apologise for being parochial in using dollars, how many dollars carrier grade NAT costs. Here is what I thought about. I had a summer intern and I put him into the lab with two different carrier grade NAT platforms and a home bunch of home electronics, it was the best ever because here is this college student whose job is to play X Box and PlayStation and watch Netflix movies and while he is working with very high end hardware he had a great summer. He is a full?time employee of Time Warner Cable now. He found several things did break behind carrier grade NAT and we reported our findings to cable labs and collaborated to provide this Internet draft which is now an RFC, I had to look it up, RFC 7021, talks about the impacts of NAT 444.

At the time that we did this testing a couple of years ago X Box was the biggest thing that failed, however Microsoft has deployed Stun for their X Box services so it no longer fails behind carrier grade NAT so I have removed it from this list. We heard last week at NANOG that X Box 1 will support IPv6 for peer to peer networking out of the gate. Way to go Microsoft.

PlayStation 3 still breaks, as far as I can tell it breaks when it's behind carrier grade NAT, when you are doing head to head gaming. Peer to peer networking, you can download and leach with a peer to peer network just fine but what you can't do is seed because you are outside address looks like the outside address of the CGN and so the tracker is going to report that outside address. Unfortunately, most of the peer to peer in force a limit on how much you can leach without seeding so eventually your ability to use will decline over time. And finally, NetFlix was one of those applications not available everywhere but that was one that in a few circumstances, a very small percentage of NetFlix users when run at scale seems to fail, when they are behind carrier grade NAT. So what I did is okay these kinds ?? some other things probably break that we don't know and individual cases, so how much breakage is this. What I did is I did some web surfing and I said how many people use PlayStation 3 and how many people use peer to peer and NetFlix. This is north American numbers, you can do your own research, I am trying to provide a model to think about what the costs are. In your country it's going to change and be different. I don't know what your market is like, that is why I am trying to provide the framework so you can about plug this your own assumptions and get your own results.

So what I came up with is in North America for every 10,000 users 1,100 have PlayStation 3. 1,500 do peer to peer, 1,200 use NetFlix and let's say 800, some small fraction, use something else that breaks. What I come up to then is I will say ash trail half of the people who use PlayStation 3 Tuesday in a way that breaks so maybe not all people who have PS 3s actually do head to head gaming, maybe only half. I couldn't find any numbers so I chose half. Same thing with peer to peer, I said eventually you are going to have a problem but maybe not all peer to peer users will have that problem or notice or care. NetFlix, again fairly small percentage actually had any brokenness and the miscellaneous things that break, break. What does that cost? OK, now, we are trying to figure out, remember my definition of what is bad, we are trying to quantify this in financial terms, economic terms that matter to a for profit company. The two things that would cost money from your customers would be taking support calls because every time you have somebody pick up a phone that costs money and customers cancelling. Losing money and revenue is bad. So, I said again, fairly arbitrarily, let's say that 25% of the people who experience some brokenness, call text support and another 25% cancel, now it could be the same 25%, there certainly could be overlap, but if they call and cancel you have paid for it twice, for the call and the cancellation.

So, that is pretty nice. What does that look like: Well, so let's ?? I said what is the actual costs here. The capital cost, I called up some CGN vendors and said what does your box go for retail and I want to redundant pair of device because I am going to put 10,000 users behind it, I want to make sure there is redundancy there. And the retail price was about US 90,000 dollars, which wasn't too terrible, and that is again this is for a device that can handle 10,000 simultaneous users. What is the operating expense. You have got part?time, person in the NOG ?? somebody has to do the firmware upgrades and you have got power and space and cooling, I chose 10,000 dollars a year as the operating expense to support the box. I have got support calls, I found some statistics on?line the average costs somewhere between 5 and 50 dollars which isn't really very useful, so plug in whatever your support cost is multiply it times the number of customers you think will call text support and you come up with what your cost is for taking those support calls. I chose 20, somewhere in the middle range and I came up with 652 customers calling that gives me 13,000 dollars, in support costs, but the big one was if the same number of customers cancel, if I have 652 customers cancelling and the average revenue peruser is 400 dollars per year that is the average for the top four US broadband residential ISP, I looked at their public filings, if the average revenue is 400 dollars per year and you lose 462 then you lose 260,000 dollars, 260, 800 dollars for ?? in lost revenue for every 10,000 users you put behind carrier grade NAT. That is pretty significant and seems like real money.

So, how does that work out over time, because this is just a one year, what does it look like in the first year so I decided to spread that out and do some depreciation. I did straight line deappreciate ration, took that 90,000 dollars and divided by five years, the second row is 10,000 dollars per year in opex just like I said. The third line I said customer support, you would probably take essentially all of your customer support calls the first year, you are going to start getting those calls. After the first year, essentially everything that is going to break, has broken by then and you have very few support calls after that. But, that lost revenue is still lost. You never get that revenue back. Those users, once they have cancelled, they are still cancelled every year for the next five years. So that means you take that 260,000 dollars of lost revenue every year. I don't know what your time planning Horizon is, this is your budget, you get to make your own decisions, but if you add that up and multiply it out, for every 10,000 customers, it costs you almost one?and?a?half million dollars. That is a lot of money. That is real money. CGN costs one?and?a?half million dollars for every 10,000 users it's used for that and if you divide that among that entire body, that entire population of 10,000 users that works out to 30 dollars per user per year. That is incredible. We are talking about residential users, that is a big chunk of your margin.

Maybe that is not the most cost?effective thing you can do but at least we have a quantity here. You can deside, again plug in your own numbers and come up with your own basis for costing, what does it cost to run dual stack? Maybe, this may have to be run in combination, as you know IPv4 addresses, I don't want to shock anybody, IPv4 addresses are running out. I know, big surprise, right. So you may have to run CGN or buy addresses in addition to running dual stack but let's look at what it costs to do IPv6. There is some effort involved and it's not free. OK if it's not free, how not free is it? What does it cost. So I asked some people that I thought were experts in the field and I hope that you will come up with your own estimates, figure out what it's going to cost to you do your deployment and ongoing operation and I want to talk about what it look likes it costs to me. The first people I asked were the authors of a series of documents coming out of v6 Ops Working Group at IETF, documents called the wire line incremental, I believe there is Internet content provider, incremental document, enterprise incremental, a series of documents that talks about an incremental method for deploying IPv6, they are pretty well written. I asked them what they thought it was going to cost in terms of percentages of their costs but to deploy IPv6 and operate it on an ongoing basis. Now you may have seen this in a previous presentation, I did this at NANOG last year but it was a boring presentation. Can I put some dollar amounts next to again, sorry, I am using dollars, add a third for euros, so can I put some dollar amounts to sort of gave closer sense per user so you can compare the cost of dual stack compared to the cost of buying addresses or of CGN and I will come back to buying addresses in a minute. So, the data centre and hosting and content providers also had the same cost structures, maybe a little bit lower for the hosting guys, where they have some level of hardware that is required. In this case, it's generally adding some additional, either security appliances, there is lots of security appliances out there that don't support IPv6, and then application development. The estimates I heard were 10 to 30% of your application development costs will be ?? will be increased, your application development costs will increase by 10 to 30% by adding IPv6 because you have to add new libraries and data structures have be larger to hold larger addresses. You work that out. I looked at Google and Yahoo's development costs over the course of a year and added 10 to 30% and said there you go and guessed at how many users they have and I came up with 6 dollars per user. That sounds high to me. I don't think they spend that deploying dual stack. But I don't know. They do have an awful lot of services and offerings. Probably less than that, I would think more like 6 cents per user but again, so your numbers may be wildly different from this, I hope they are and it's much cheaper for you. As we saw, it is both Tore presented yesterday ten days, I am much more impressed with Forthnet. For ISPs every time I have given a presentation on what it costs an ISP to deploy IPv6 somebody says you forgot about training, training is a really big deal and Nathalie does a fantastic job of it and I highly recommend RIPE NCC training but it turns out by my analysis if you have one operations employee per thousand users and they spend a couple of hours in training and you pay their full salary and something for the development of the training, it's change, it's really a small amount of money per user, that is not where your cost is as an ISP. Where your cost is as an ISP for deployment is essentially all in the CPE. As a rough rule of thumb, any modem or Layer 2 device, since about 2007, 2008, can support IPv6 with a firmware upgrade, that is not necessarily true of home routers, they probably could support IPv6 with firmware update except they don't get them because users don't update the firmware and after a year or two the vendor stops supporting them and developing new code. So ISPs who have CPE in the home may have a lot of hardware they have to replace, but 2007, 2008, please tell me that at least half of your devices are younger than that and could get software updates. Your vendors may say sure, we will provide you firmware update just give us some money. You may decide to give them money, it depends on your relationship with them. In any case I come up to, if it costs 50 dollars?ish to replace a box in the home and half of your boxes have to be replaced, call it 25 dollars per user. So that is where the real money is.

I looked at consumer ?? I should say there is also your OSS have to be developed and your provisioning systems have to be developed and customer care systems, need the extensions too. It's still a fairly small amount and I will come back to it on the next slide.

For consumer electronics, really hard to figure out what it costs to add v6 to this. Partly difficult because so few have done it. So, let's say that it's, you hire a full?time programmer for a year or it's two programmers for six months to update v6 on consumer electronics, boom 200,000 dollars, send a million of them, 30 cents per device, that would be great but it depends on how many you sell and that is very low margin business so I don't really know what that costs but think about what it would cost to add that support. It's really not high and the ongoing operations is really small. So that is what it costs in my opinion, to deploy IPv6. What does it cost to maintain and operate a dual stack network. Fairly little. It turns out that for the network components, and this is true both for data centre and hosting content operations and for ISPs, operating a v6 network, a dual stack network is only one to five percent harder than operating a single stack network and that is because once you have done ping 6, doing a ping is no big deal. Troubleshoot whatever has broken your routing or circuit, troubleshoot the fundamental problems and the other family and it works.

You do have ?? any of your new services come out maybe need to do additional development and that is what I have here, per user per year, P?U?P?Y, it's a new word I made up, costs I have reflected here. The nice thing is for consumer electronics it's really, really low. I mean, they don't ?? once you have released your IPv6 software, if it works you are done.

So, having summarised that, I am running low on time, as I said I was going to, so let me talk about what it costs to buy IPv4 addresses. Now, I am not in one of the experts in the room on ?? I am not a broker, so I don't know exactly what the transactions look like for the market but I have done a bit of analysis and I wanted to show where I think the market might go and so I am very happy to hear from people who have more insights into the market, please share them with the rest of us because I think a more transparent market is better for the overall industry. What is the demand for IPv4 addresses. And this is based on, we have all seen the NRO allocations year by year, usually a set of bar graphs showing each RIR and how many they are allocated for each year. I stacked them and made up a line and instead of a series of bar charts and you can see it's almost linear. The rate of growth over time of IPv4al allocations and assignments was a fairly linear growth. I stopped counting in 2011 because I don't know if you know this but some RIRs stopped allocating IPv4 addresses in 2011. That was kind of a big deal and so the number changed. In fact, in 2012, it was more about five /8 equivalents allocated by the RIRs, the remaining RIRs, including RIPE and APNIC's last allocation metrics. I have not gone back to add in what the transfer market looked like in 2012, that is what the demand looked like over time. If that is a linear growth, what happens when we extrapolate that. I went and looked at the routing tables and looked for gaps to say what addresses aren't being used. And I looked at older allocations to figure out what address space might easily become available or might be thoroughly under?utilised, and I came up with I think there is probably about a billion addresses available to the market. So if there is just under 200 million addresses remaining among the RIRs, and there is a billion addresses available to a market, and the growth rate continues at the same rate that I just showed, then the market would run out of addresses by the end of 2015. The market doesn't look like it's going to last as long as maybe you'd hoped it would. Now that is if the rate of growth continues. And that is a pretty aggressive, we already know in 2012 it didn't look like the rate of growth was the same, part because some of it was hidden. So maybe instead of continuing at the same rate of growth maybe it stays at that last, the 2011 rate which is about 15 /8y equivalents per year, so at that flat rate, then the market would run out sometime in 2017, again that is not a long life for this market. But, do not make the miss /TAEUFBG thinking that this is demand curve or supply curve because there is no pricing information here. So as prices change those curves will change and we don't know what that is going to look like. So we need to figure out what is the pricing look like. If I could tell you what the prices were going to happen, if I knew the price of a good in the few future, I would use my powers for evil and I would be rich. I can think about what ?? what it costs to bring addresses to market. So here is what I was thinking: I think that there are four tiers or tranches of address space, of supply for address space, and the first tier is the RIRs, which is very, very cheap address space. The second /TAO*ER is address space that is completely unutilised, not even routed on the Internet but routed but not assigned to anything. The third is address space slightly utiliseded and to make the rest available. There you would have your /16 with an organisation who is only using 200 hosts and they can sell off most of that address space. And tier 3 is using CGN or IPv6 only in order to substitute and make addresses available.

So I did some analysis, what does it cost for somebody who that is that address space to make it available. The costs are fairly low in first couple of tiers. RIRs is fairly cheap. Those prices look a bit high. From what I am hearing from the brokers address space can be had for less than that although in this region not much less because prices seem to be higher here. The under?utilised space goes for a little bit more because some renumbering may need to be done and routing changed. If you take the chart I just showed you and extrapolate it over the time lines that I just showed here is the rate at which the market would run out and you can see the years in which the costs go up. Again costs change and the thing that is really not modelled here is the expectation of price, five things go into price and it's the cost of the goods, the cost of substitutes, the cost of compliments, taste and preferences and the expectation of price and the expectation of price isn't modelled here because I don't know what a seller expects to get for their addresses in 2017, so it may be completely different. This is not the price you will pay; this is what it will cost to bring address toss market in that year.

So, once we get to the point where we are out of the easy space we get to substituting CGN or something else for IPv4 address space and then what does it cost? If it costs you 30 dollars to do CGN, what does an address cost that you are selling it for? I don't know. Quick summary before I can take some questions:

The total cost of CGN about 30 dollars per user per year. The cost of running dual stack about 750, maybe 6 dollars, maybe a little bit less for content providers but they have to keep maintaining their applications year over year. Buying addresses, at least 9 to 20 dollars. Well, maybe it's at least 7 or 8 dollars now depending on your region, how much address space but I would expect based on increasing demand that price to go up over time. The question I have left unanswered here is how can I reduce my costs and this is the message that I want to bring because it seems to me that the way to reduce your costs, even running dual stack network increases your cost because you have added another address family and things to support. The only way to reduce your costs over time is to run single stack, since the cost of IPv4 is rising very clearly the single stack you need to run is IPv6. Thank you very much.
(Applause)

BRIAN NISBET: Thanks, I see we have some people ready for questions.

AUDIENCE SPEAKER: Jen Linkova, Google. I'd rather not comment on your 6 billion dollar remark but I can comment on reducing the cost and I have speaking from my experience, the earlier you start the lower your cost will be.

LEE HOWARD: Absolutely.

Jen: Because I am still working on some bugs and I still have to sacrifice some other work, I might be doing and instead I am fixing v6.

LEE HOWARD: Yes.

Jen: And I am very, very happy start ??

LEE HOWARD: I highly recommend you start your IPv6 effort in 2001.

BRIAN NISBET: We went for 2003, but it worked out pretty well for us.

Benedikt Stokebrand: In your assessment on the cost of CGN you missed something rather important, the things that break because some of your neighbours are currently using bit ? or whatever and your CGN gateways are running out of memory. I mean we are approaching Christmas shopping season so that that boils down a lot of money for a lot of people and an ISP trying to get some extra CGN hardware won't get it right within the next half hour, so this is where you really, really, really are going to lose customers.

LEE HOWARD: That is a fair point, yes, thank you.



JIM REID: Random guy off the street. I think you may have ?? the cost with CGNs, I understand there was a meeting between law enforcement and telephone operators in Europe primarily and a lot of the two ?? to get between the end users device and the inter webs. Now I think the problems you have got there are things like the cost of all the additional hardware plus you have got the legal requirements that people are being mumbling about being able to track an individual IP address back to an end user's device, who is the guy that is doing the naughty things and the cost for the operators doing that are more than just deploying one single CGN box and think about things like data retention in Europe, how long you keep that, how it's audited, blah?blah?blah. So I think the cost of CGN might be understated from what you have already said.

LEE HOWARD: I did include some cost of logging, but I assumed bulk port assignment because I come from a landline residential ? dish understand wireless providers frequently or mobile providers frequently don't do a whole lot of logging and that is a source of consternation from law enforcement. This is the point at which I channel Geoff Huston and say but, Lee, you are looking at this all wrong, it's a profit centre for ISPs because you can sell the logs to people, to advertisers who can see every space that your users have been to. I haven't seen any ISP that wants to be in that business yet and none of the advertisers have made me an offer. Some of them have said we are not offering you any money for that. Yes absolutely, law enforcement is concerned about it.

AUDIENCE SPEAKER: Andreas Polyrakis from GRNET. So my company is one of the companies that are on the IPv6 ? for year and full dual stack for more than five years, we give cloud services that are dual stack and GS L services that are. We are not free of these problems. The problem is that since IPv4 is there and when tourist visit IPv4 planet we still need to do some kind of NAT, even single stack with v6 only, we still need some kind of NAT v4, you cannot stip this 30 dollars per user per year, even if you are on the road ??

LEE HOWARD: If you are going to do dual stack that includes doing IPv4, it's still necessary on the Internet we have. You could buy addresses instead of doing CGN, with limited amount of time and price, but as we have seen even on the v6, it includes NAT v4 because people want to get to Twitter and the rest of the Internet.

RANDY BUSH: IIJ. I think it's a little disingenuous to say deploy as soon as possible. We deployed in '97 and assure you our financial people didn't think it was great. In 2001, as you have just recommended, a whole lot of hardware didn't support it, you couldn't run dual stack on many Mcbones etc., and as Nathalie told us today you have problems with equipment, etc., today, so this isn't glib and it's not easy. You are going to have equipment costs, as you said the biggest thing is rolling a truck to replace all that bleeding CPE for your broadband carriers. So, there is a lot of costs, there is a lot of trade?off and it's not easy and the religion is a great sounding but it ain't easy and cheap and free.

LEE HOWARD: Yet I seem to recall you exhorting us ten years to deploy IPv6, which I agree with you, you are saying the right thing, and my response is that is part of why I tried to put some dollars around this and it's not cheap, you know, that is real money. However, I do think ?? rush rush there are trade?offs.

LEE HOWARD: Exactly. Rush rush I think you make a good point about the trade?offs, I think unfortunately we haven't got really good numbers numbers for a lot of things. But I think each network has to evaluate for itself because we are all not broadband or all not fixed line, but this stuff is not so simple and not so easy.

LEE HOWARD: One of the response I want to make to Randy is that do I think it is easier now than it was ten years ago or even three years ago to deploy IPv6 because others have gone first now.

AUDIENCE SPEAKER: Everyone has been talking about the two other topics. The cost for IPv4. We are a fresh newly created broker, we have only been in the packet for two months?ish, and we did have this discussion in China at APNIC. Now, as far as we can see it, as again as a fresh broker, the prices may be just a bit lower than what you are actually mentioning there. However, I think after everyone has seen your presentation, they won't, not any more. On the other side, though, I do have the ?? I do have to tell that you I have the same impression that they will continue to go up until maybe 2017, and I do think that we will still have a market until maybe even 2020, I am hoping at least, for my sake. But yeah, just that comment. I think they will start a bit lower than what you are thinking.

LEE HOWARD: I agree from what I have heard from you and others that the prices are a little bit lower than what I have said here and I think the prices will go up over time. There may be a time when prices start to come back down, at which point then we do see a market that last until 2020 or beyond because you reach price ??

AUDIENCE SPEAKER: Right now there is no liquidity in the market, I don't see any, and that will probably delay the market for maybe another year, and then, yeah, there is no were diction to be done actually.

LEE HOWARD: There are several inhibitors to the market. Fortunately we have a panel on the address market later today, right?

BRIAN NISBET: We do. Thank you very much. Thank you very much, Lee.

(Applause)

Right, it is now time for coffee. Please remember to rate the talks and the second plenary session of the day will be starting in here at eleven. Thank you all very much.