[arin-ppml] Encouraging IPv6 Transition (was: Clarify /29 assignment identification requirement)

John Santos JOHN at egh.com
Wed May 16 16:35:18 EDT 2012 

On Wed, 16 May 2012, Owen DeLong wrote:

> 
> On May 16, 2012, at 8:11 AM, Michael Richardson wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > 
> >>>>>> "Owen" == Owen DeLong <owen at delong.com> writes:
> >>> The math for statistical uniqueness in ULA, while internally
> >>> correct, is based on some suspect assumptions. If you replace
> >>> them with worst-case assumptions, the probability of collision
> >>> when interconnecting two large organizations increases to
> >>> something on the order of 1 in 1000. Maybe higher if you consider
> >>> human factors as well.
> > 
> >    Owen> So what... He said he wanted equivalent functionality to
> >    Owen> RFC-1918 where your risk of collision is more like 1 in 3 at
> >    Owen> best and usually 1 in 1 in my experience.
> > 
> > RFC1918 risk of collision is the reason to argue for IPv6 in the first
> > place.  I work for one company that decided that squatting on 2.0.0.0/8
> > for their chassis communications was better than conflicting with RFC1918.
> > 
> 
> No, RFC-1918 and NAT are among the key reasons to argue for IPv6.
> Collision is just icing on the cake.
> 
> > But, I didn't say it was risk of collision with ULA-R that was the
> > main problem, it is lack of reverse DNS and lack of whois that is the
> > problem.   
> 
> Why do you need non-local RDNS and/or WHOIS for local-only addresses?
> 
> If the addresses should not be seen outside of your organization, why
would you need a directory service to tell you who the addresses belong
to? 

They *can* be seen in SMTP "Recieved From:" headers.  If it's a v4 RFC1918
address, it could have come from anyware.  If it's a v6 unique PI or PA
address, even if from a non-routable subnet, you can at least track it
back to the assignee.  If it's v6 ULA with no RDNS, you can't tell where
it came from. 

There may be other examples where internal addresses leak out into the
wild.

> 
> If the only people that should be seeing (and thus looking up) the
addresses in RDNS, then, so long as all of the resolvers in your
organization know about your authoritative server for that applicable
ip6.arpa zone file, then, you have RDNS. 
> 
> So I don't see those as real problems for proper use of ULA.
> 
> Owen
> 
> 
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
> 
> 

-- 
John Santos
Evans Griffiths & Hart, Inc.
781-861-0670 ext 539

More information about the ARIN-PPML mailing list