nanog mailing list archives

Re: Addressing plan exercise for our IPv6 course

From: Brandon Butterworth <brandon () rd bbc co uk>
Date: Sat, 24 Jul 2010 17:40:35 +0100 (BST)

Enterprises of non-trivial size will likely use RFC4193 (and I
fear we will notice PRNG returning 0 very often) and then NAT it to
provider provided public IP addresses.


Eventually ARIN (or someone else will do it for them) may create a site
you can register your address and know that it really is unique
among participating registrants. Random is fine, unique is better.

Such a site would be the seed for when (if) we come up with the tech
for everyone to have PI and lose all the restrictions imposed so far.

I'm just hoping that we'll at least
see 1:1 NAT instead of NAPT being used.


I think that will be a common PI alternative. If people really don't
want NAT then we shouldn't provide reasons for it to exist.

RFC4193 seems to be the best enterprise plan. They can link to other
enterprises and change ISPs easily or multihome. They are not beholden
to any ISP or numbering authority. The global table doesn't explode.

Why on earth would you do that? Why not just put the provider-assigned
addresses on the interfaces along side the ULA addresses? Using ULA
in that manner is horribly kludgy and utterly unnecessary.


Enterprises tend to want only one identifier to manage per device and
that it be unique and mostly permanent.

With several PA and ULA on each device, links to ISPs and other
enterprises, the combinations of addresses and paths to manage flows
and security over become too hard (if it's not simple it's probably not
secure). Every device becomes a router and firewall and the staff who
manage those aren't cheap.

This is to facilitate easy and cheap way to change provider. Getting PI
address is even harder now, as at least RIPE will verify that you are
multihomed, while many enterprises don't intent to be, they just need low
cost ability to change operator.

Why is that easier/cheaper than changing your RAs to the new provider and
letting the old provider addresses time out?


And changing all the ACLs based on the old providers addresses

And allowing for all the 5 - 15 year old kit that predates this and
won't be upgraded (we have that problem with NT embedded in systems
with 10year+ refresh cycle)

brandon

Current thread:

Re: Addressing plan exercise for our IPv6 course, (continued)
- - - Re: Addressing plan exercise for our IPv6 course Stephen Sprunk (Jul 29)
    - Re: Addressing plan exercise for our IPv6 course Owen DeLong (Jul 29)
    - Re: Addressing plan exercise for our IPv6 course Mark Smith (Jul 22)
    - Re: Addressing plan exercise for our IPv6 course Joe Maimon (Jul 22)
    - Re: Addressing plan exercise for our IPv6 course Owen DeLong (Jul 22)
    - Re: Addressing plan exercise for our IPv6 course Joe Maimon (Jul 23)
    - Re: Addressing plan exercise for our IPv6 course Mark Smith (Jul 23)
    - Re: Addressing plan exercise for our IPv6 course Marco Hogewoning (Jul 23)
    - Re: Addressing plan exercise for our IPv6 course JORDI PALET MARTINEZ (Jul 23)
    - Re: Addressing plan exercise for our IPv6 course Doug Barton (Jul 23)
- Re: Addressing plan exercise for our IPv6 course Brandon Butterworth (Jul 24)
  - Re: Addressing plan exercise for our IPv6 course Fred Baker (Jul 24)
  - Re: Addressing plan exercise for our IPv6 course Leen Besselink (Jul 24)
  - Re: Addressing plan exercise for our IPv6 course Owen DeLong (Jul 24)
    - Re: Addressing plan exercise for our IPv6 course Mark Smith (Jul 24)
- Re: Addressing plan exercise for our IPv6 course Brandon Butterworth (Jul 24)
  - Re: Addressing plan exercise for our IPv6 course Karl Auer (Jul 24)
    - Re: Addressing plan exercise for our IPv6 course Jack Bates (Jul 24)
    - Re: Addressing plan exercise for our IPv6 course Karl Auer (Jul 24)
  - Re: Addressing plan exercise for our IPv6 course Valdis . Kletnieks (Jul 24)
  - Re: Addressing plan exercise for our IPv6 course Doug Barton (Jul 24)

(Thread continues...)