> > http://www.ietf.org/mail-archive/web/v6ops/current/msg06820.html
> >
> >     Jima
> 

Just skimming through the draft: 

     1) It is no longer recommended that /128s be given out. While there
        may be some cases where assigning only a single address may be
        justified, a site by definition implies multiple subnets and
        multiple devices.

--- I never knew a site, by definition, has multiple subnets and devices.

   A key principle for address management is that end sites always
        be able to obtain a reasonable amount of address space for their
        actual and planned usage, and over time ranges specified in
        years rather than just months. In practice, that means at least
        one /64, and in most cases significantly more. One particular
        situation that must be avoided is having an end site feel
        compelled to use IPv6-to-IPv6 Network Address Translation or
        other burdensome address conservation techniques because it
        could not get sufficient address space.

I think this is the real point everyone is trying to get at. They want IP6 to 
be the end of NAT. Got it. There are now years of security dogma that says NAT 
is a good thing, in the 20+ years IP6 has been on the books, the dogma went 
another way. This concept will take a long time to unwind. Somehow this is 
supposed to mesh with dynamic renumbering where we can move around between /48s 
without "too much burden" while wildly waving our hands at all the higher-level 
configs (DNS, Applications, firewalls, etc) that don't play nicely with 
automatic renumbering.

There is some convoluted discussion about how they wanted their /48 policy to 
somehow encourage residential ISPs to give their users more IP space in the 
base offering. I'm not sure why or what purpose an addressing policy should 
have to a business case. I see nothing motivating a residential ISP (especially 
one providing CPE equipment) to change their current deployment system one 
iota. And I'm pretty sure they are the ones MOST exposed to abuses of this 
address space by the least technical user base. (side note, if I were a 
residential ISP I'd configure a /64 to my highly-controlled CPE router and 
issue /128s to each and every device that plugged in on the customer site, and 
only one per MAC and have a remotely configurable limit of say 50 devices or 
whatever the mac table limit was. So I only have one route entry in my 
aggregation layer and if the customer blows his CPE router up, I'm still 
protected.)

Question - Whatever happened to the concept of a customer coming to their SP 
for more space? Why do we have to give them enough space for a decade of 
theoretical use when every week we could widen their subnet without causing any 
negative impact on them? No renumbering, etc. It's not considered a burden 
today, but under IP6 it is? Heck, since space is so plentiful, we can all set 
up gateways to do it automatically, but until routers get smarter, I don't see 
how all that dead routable space is a good thing.  Customers are paying for and 
getting a service, a continuous relationship with some set of SPs. In that 
service they aren't getting a mathematical representation, they are getting 
usable IP space, but that doesn't mean that if they hop out of bed in the 
middle of the night and decide to allocate 5,000,000 unique IPs the SP network 
should automatically accept it (based on today's current technology).

BOGONS, IP hijacks and all the rest seem like the worse problem here and the 
whole point of putting training wheels on these roll outs. Instead, it seems we 
are systematically unwinding all the lessons learned from CIDR and going back 
to addresses being classful, interface links being massive space wasters and no 
one caring about addresses. That's fine, and probably an improvement, until the 
next round of attacks and then shortages occur. Once the schools start teaching 
RFC3177, the hardcoded apps are sure to follow.

Deepak







Reply via email to