nanog mailing list archives
Re: end-user ipv6 deployment and concerns about privacy
From: Mark Smith <nanog () 85d5b20a518b8f6864949bd940457dc124746ddc nosense org>
Date: Thu, 19 Aug 2010 07:25:11 +0930
On Wed, 18 Aug 2010 20:04:47 +0930 Mark Smith <nanog () 85d5b20a518b8f6864949bd940457dc124746ddc nosense org> wrote:
On Wed, 18 Aug 2010 01:12:19 +0200 Hannes Frederic Sowa <hannes () mailcolloid de> wrote:Hello! As the first IPv6 deployments for end-users are in the planning stage in Germany, I realized I have not found any BCP for handling addressing in those scenarios. IPv6 will make it a lot easier for static address deployments but I wonder weather this is in the best sense for the customers. As I normally come from the technical side I prefer static addressing. But in the world of facebook and co. I wonder if it would be a better to let the user have the choice. A major provider of dsl here in Germany recently blogged about this [1]. Their proposal is to serve two subnets, one being a static one while the other one will be dynamically allocated. I have no clue how the user would switch between these subnets (without using some kind of command line tools). This is not about using privacy extensions as the subnet is sufficient for identification. Did you reach any conclusion on this matter?Haven't really thought about it before. One thing to consider is that unless the preferred and valid lifetimes of an IPv6 prefix are set to infinity, IPv6 prefixes are always dynamic - they'll eventually expire unless they're refreshed. The preferred and valid lifetimes for prefixes that are delegated to customers could be something that they might be able to change via a web portal, bounded to within what you as an ISP are happy with e.g. 1 to 30 days, rather than the absolute range of lifetime values supported.
In case it isn't clear, the customer would have multiple delegated IPv6 prefixes during the overlap period. New prefixes are phased in and old ones are phased out. Over what time period the phase in / phase out occurs is what the customer could have the ability to change. Changing addresses will disrupt ongoing communications. While IPv6 can't prevent that disruption, it does have mechanisms available to handle it far more gracefully than the customer having to bounce their PPP session to acquire new addressing. With the right parameters, I think an ISP could make phasing in/phasing out prefixes transparent for most cases.
CPE could also potentially do the same thing with the range of subnets it has been delegated, by phasing in and out subnets over time on it's downstream interfaces. (The more subnets the better, so a /48 would be ideal for this.) As you've mentioned, privacy addresses help. A related idea is described in "Transient addressing for related processes: Improved firewalling by using IPv6 and multiple addresses per host." [0], Peter M. Gleitz and Steven M. Bellovin, which takes advantage of the 2^64 addresses in a /64, and has different applications on the same host use different source IPv6 addresses. Pretending to be multiple hosts, or even just one with privacy addresses, moving around multiple subnets, on delegated prefixes that change fairly regularly would probably mitigate quite a lot of the privacy concerns people may have related to IPv6 addressing. Regards, Mark. [0] http://www.cs.columbia.edu/~smb/papers/tarp.pdf
Current thread:
- Re: end-user ipv6 deployment and concerns about privacy, (continued)
- Re: end-user ipv6 deployment and concerns about privacy Owen DeLong (Aug 19)
- Re: end-user ipv6 deployment and concerns about privacy Jack Bates (Aug 19)
- Re: end-user ipv6 deployment and concerns about privacy Joel Jaeggli (Aug 19)
- Re: end-user ipv6 deployment and concerns about privacy Joakim Aronius (Aug 19)
- Re: end-user ipv6 deployment and concerns about privacy Leen Besselink (Aug 19)
- Re: end-user ipv6 deployment and concerns about privacy Joel Jaeggli (Aug 21)
- Re: end-user ipv6 deployment and concerns about privacy Owen DeLong (Aug 21)
- Re: end-user ipv6 deployment and concerns about privacy Joel Jaeggli (Aug 22)
- Re: end-user ipv6 deployment and concerns about privacy Mark Smith (Aug 20)
- Re: end-user ipv6 deployment and concerns about privacy Joel Jaeggli (Aug 21)
- Re: end-user ipv6 deployment and concerns about privacy Hannes Frederic Sowa (Aug 18)
- Re: end-user ipv6 deployment and concerns about privacy Mark Smith (Aug 21)
- Re: end-user ipv6 deployment and concerns about privacy David W. Hankins (Aug 24)