>So you need to somehow build a prefix distribution mechanism, so people >can have an arbitrary number of PD prefixes in "wherever network they=20 >happen to be". So we're back to multi-level PD, with all the challenges >(firewall rules, ACLs, internal routing, ...). And even then, a /48 >might no longer be sufficient for a company with, say, 500 internal >network segments and 40.000 employees - where it would be extremely=20 >spacious otherwise.
Independent of the prefix distribution mechanism, it may be worth revisiting having a single /48 for an organisation of 40000 employees. There needs to be way to shield network complexity within a host from the rest of the network. If we don't then limits on what routers can track (ND) can become a limit in what we can do on a host. Even now people are already worried about the number of 'privacy addresses'. So having an address policy that would support a /64 per host makes sense to me. If we assume that hosts have no further structure (i.e., this just requests one or a few /64s) then managing prefixes allocated to hosts is very similar to managing individual addresses. So there is no reason why PD would not work for that. Of course, in a network of routers, PD makes less sense. However in this case, when the network is actually managed, routers get prefixes from some addressing plan, not from an automated mechanism. That leaves homenet as the most complex dynamic case: potentially multiple layers of routers that should configure automatically. However, in the homenet case, the network is typically small enough that keeping track of individual /64s is possible. So PD where each request is a /64 could very well work. (I'm not trying to express an opinion on HNCP here)
