[ppml] 2005-1 status
Thus spake "George Kuzmowycz" <George.Kuzmowycz at aipso.com>
> Please forgive me if I'm not doing this "correctly", but even though
> I've lurked on this list for a while I have never participated in any
> policy development processes.
> What I see distinctly under-represented here is the
> corporate/enterprise IT view,
Agreed, but that only comes into play when the AC tries to measure consensus
_after_ the minority has the chance to sway the majority. It's also one of
the reasons that ARIN (and the IETF) use this method instead of voting...
I don't see too many of the ISP folks who are completely against PI space,
though; it's more that many are afraid of it being significantly more
popular than v4 multihoming is.
> and as a result I think the vagueness of the "large/complex" will lead
> to problems. In my view, the direction this policy is taking will lead to
> even a lower rate of corporate IPv6 adoption than the pessimists here
> think. In today's environment, an organization does not have to be
> particularly "large" or "complex" to have legitimate need for PI space
> and real multi-provider multi-homing.
The "large/complex" label is just a section heading; it could be easily
removed without affecting anything. Here's the text you snipped:
6.5.8. Direct assignments to large/complex end sites
18.104.22.168. To qualify for a direct assignment, an
a) not be an IPv6 LIR; and
b) meet at least ONE of the following requirements:
1) Have an IPv4 assignment or allocation directly from an RIR,
the IANA or legacy registry; or
2) Qualify for an IPv4 assignment or allocation from ARIN under
the IPv4 policy currently in effect; or
3) Be currently multihomed using IPv6 to two or more separate
LIR's using at least one /48 assigned to them by each LIR.
I don't see either of the latter two as being particularly difficult to
accomplish for anyone who has a legitimate need for multihoming. If
anything, the proposal is taking fire from ISPs for being _too easy_ to use.
> A policy which makes that more difficult than it is today is doomed.
Today it's impossible to get PI IPv6 space, so anything will make it better
from the perspective of end sites.
> Keep in mind, please, that network architecture decisions in the real
> world are increasingly not being made on the basis of technical (i.e.
> protocol-level or routing-policy-level) factors. Network architecture
> decisions are being driven by what can be justified to compliance
> officers, internal auditors, third-party review (audit or otherwise),
> data security officers, etc. These may be people who know just enough
> about networking to pass a CISSP or CISA or CIA exam but have no idea
> what BGP is.
Then, until the IETF produces something else workable, those organizations
are simply not competent enough to multihome with either v4 or v6. That's
neither ARIN's (or the ISPs') fault nor their responsibility to remedy.
> There are many, many organizations that are large enough to
> have an IT staff and an internal audit or compliance staff but not large
> enough or old enough to have a legacy /16. Many of these organizations,
> publicly, maybe are only a couple of /30's, but behind that could easily
> be a /20's or a /19's worth of devices. Under current policy, the only
> way to get PI space for such an organization is to renumber to non-1918
> space or to stretch the truth with ARIN (which seems to be the
> nudge-nudge-wink-wink sort of advice that one occasionally gets).
If they have a /20s worth of hosts, then they already qualify for v4 PI
space and therefore would qualify for v6 PI space under this proposal.
Where's the problem?
It sounds like you're saying that they'd want a PI block outside the
firewall but still use private addresses inside. The only equivalent of
this in the v6 world is ULAs internally with NAT (ick!), but since they
could get a PI /48 with this proposal, why bother?
> Yet to an IT Director or above, who asks why we can have telephone
> number portability but not IP address portability, what's the answer?
My answer is to ask him if, when he moves, the post office allows him to
take his old address with him.
> I saw this come up on the list a bit around a week ago, but have the
> feeling that the provider community, which dominates this process, isn't
> listening. Policies which are predicated on providers' statements (as
> I've seen here) of what an AS "needs" without listening to what those
> ASes want and why don't make for a sustainable business model, IMO. It's
> not that we (the customers) don't trust you, it's that in today's
> regulatory/business environment we no longer are permitted to trust you.
> If I don't have a solid plan for what to do quickly and painlessly to
> switch ISP's, I lose my job or our customers or both. For better or for
> worse, PI space and multi-homing are the answer du jour.
If we gave everyone who wanted PI space some, either the ISPs would end up
filtering it all or the DFZ would melt. Neither is acceptable, so the end
sites have to compromise. This proposal is an attempt to do that.
Stephen Sprunk "Stupid people surround themselves with smart
CCIE #3723 people. Smart people surround themselves with
K5SSS smart people who disagree with them." --Aaron Sorkin