[arin-discuss] Trying to Understand IPV6
Joel Jaeggli
joelja at bogus.com
Tue Sep 14 11:00:25 EDT 2010
On 9/13/10 1:47 PM, Scott Leibrand wrote:
> On Mon 9/13/2010 1:17 PM, Mike Lieberman wrote:
>> I have been reading all these discussions (mostly silently) for a long, long
>> time. I understand what a /48 is and a /56, /64 and /128. I understand the
>> notation.
>>
>> Quite frankly what I don't get is why anyone thinks that consumers want
>> public numbers inside their home/LANs. Once my customers understood the
>> benefit of hiding behind a NAT, they embraced it quite emphatically.
>
> Yes, the stateful firewall aspect of their NAT box is quite useful. I
> suspect all IPv6-capable home routers will still run a stateful firewall
> with a default-closed policy on incoming traffic.
http://tools.ietf.org/html/draft-ietf-v6ops-cpe-simple-security-12
>> Put a private residence on public IPv6? Sorry but that makes no sense.
>
> I'd like to be able to have my phone communicate with my home boxes, at
> line rate, regardless of whether I'm on my home wi-fi, or out on someone
> else's network. If both devices have public IPv6 addresses, I could
> initiate a connection, in either direction, using IPsec to provide
> end-to-end security, and ensure that everything is always instantly in
> sync between the devices, without having to go through a server.
>
> Both Apple (with Bonjour) and Microsoft are doing a good job of getting
> us back to seamless network device discovery and integration using IPv6
> link-local addresses on the local LAN. There's no reason as we deploy
> v6 globally that we shouldn't be able to extend this across the
> Internet. But if you implement v6 NAT, that's exactly the kind of
> innovation you'd prevent.
>
>> Yes I agree that I don't know what people will need in 20 years. And YES it
>> is nice that we will have address space in 20 years. But allocating a /48 to
>> a home that today uses an IPv4 /30 with a private NAT seems beyond humorous.
>> It just sounds insane. Using private addressing that home already
>> potentially has access thousands of subnets and millions of addresses.
>>
>> RFC 4193 provides even more addresses for use with firewall/NAT appliances.
>> Why does a home or business using RFC 4193 need a /48 or even a /56 or /64.
>>
>> Just because we have the numbers does not mean we should distribute them.
>
> Quite a few home networks run two SSIDs, one WPA2-encrypted for private
> use, and one open for guests. Each of those should have its own /64.
> That means I need at least a /56.
>
> -Scott
>
>>
>> _________________________
>> Mike Lieberman, President
>> Net Wright LLC
>> Tel: +1-307-857-4898
>> Fax: +1-307-857-4872
>>
>>
>> -----Original Message-----
>> From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net]
>> On Behalf Of Dan White
>> Sent: Monday, September 13, 2010 1:28 PM
>> To: Tim Howe
>> Cc: arin-discuss at arin.net
>> Subject: SPAM: Re: [arin-discuss] Trying to Understand IPV6
>>
>> On 13/09/10 12:01 -0700, Tim Howe wrote:
>>> On Mon, 13 Sep 2010 19:32:33 +0100
>>> <michael.dillon at bt.com> wrote:
>>>
>>>>> If I assigned a customer say an IPV4 /21 in IPV6 this would translate
>>>>> into a /56? If I'm not mistaken a /56 would translate into something
>>>>> like 65,000 host addresses? That just seems like a lot of hosts to me,
>>>> Anyone in this position should simply assign a /48 to every customer site
>>>> no matter how big or small. A one bedroom apartment gets a /48. A
>> manufacturing
>>>> plant with 5 buildings including a 4-story office block, gets a /48.
>>>> No exceptions.
>>> This is slightly different than I have been led to think... It
>>> seems wise, when you know the customer has no intention of having
>>> multiple networks, to provide a /64. Not because you fear wasting
>> Consider a long range scenario for that customer. A scenario in which they
>> may purchase networking equipment for multiple purposes in 5 or 10, or 20
>> years that performs layer two separation between different functions in
>> their network. E.g. Wifi, Bluetooth/USB, appliances, voice, video, visitor
>> access, alarm system, automobiles, utilities, etc.
>>
>> I find it benefitial to consider that I probably don't know what a
>> customer's network will look like in 20 years, and a /48 per customer is
>> probably wisest until we've gained more operational experience with IPv6 in
>> our own network.
>>
>>
>>
>> _______________________________________________
>> ARIN-Discuss
>> You are receiving this message because you are subscribed to
>> the ARIN Discussion Mailing List (ARIN-discuss at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> http://lists.arin.net/mailman/listinfo/arin-discuss
>> Please contact info at arin.net if you experience any issues.
>
>
> _______________________________________________
> ARIN-Discuss
> You are receiving this message because you are subscribed to
> the ARIN Discussion Mailing List (ARIN-discuss at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-discuss
> Please contact info at arin.net if you experience any issues.
More information about the ARIN-discuss
mailing list