[ppml] 2005-1 alternatives

Edward Lewis Ed.Lewis at neustar.biz
Tue Apr 19 17:11:42 EDT 2005 

At 16:33 -0400 4/19/05, Steve Feldman wrote:
>So there wasn't overwhelming support this morning for 2005-01.
>Why did people vote against it?  Because the proposed criteria
>for allowing PI assignment were bad, because PI space is a bad
>idea in general, or something else?

I'm going to take a stab at answering this, bearing in mind I 
probably voted for it (can't remember), have never worked for an ISP 
and have never been the person that had to deal with a provider.  So 
- the issues I will describe are perceived rather than from 
experience.

There are two reasons why I would want to control my IP address range.

One is that I don't trust that a single ISP can provide the service I want.
   - I fear that if my ISP goes out of business overnight, I'm stuck
   - I want to have more control over my resiliency
   + Accomplishing this means multihoming and advertising my space two+ ways

The other is that I fear that renumbering would inflict a heavy cost to me.
   - I have lots of manually configured security devices, firewall rules
   - I don't like leaving server addresses to chance, relying on dynamic DNS
   + Automatic configuration isn't automatic enough

My early impression of IPv6 was that it would usher in a new era in 
which network layer details, like addresses and routing, would be 
left to ISPs as the layer 3 entities.  Network topology would rule 
the day, making the routing tables more efficient.  Addressing would 
be painless, being able to only need to tweak the routers to change 
prefixes.  In DNS, binary labels and A6 records would rule.

As time has progressed though, the promise seems to have slipped 
away.  Security devices, featuring ACLs, have made the network 
brittle.  No longer is a server's address just for the server, the 
router, and DNS to know - the firewall too.  (And I'd think twice 
about automatic updates to security devices.)  From an operations 
point of view, I need obvious determinism - like being able to look 
at a packet dump and know "oh, that's the address of the ftp server."

The work in the IETF's multi6 (and the following shim6) will be 
important to the success of multihoming in IPv6.  It would be good (I 
haven't followed closely) if multihoming could mean that I get 
prefixes from each provider simultaneously.

IMHO, if enterprises could trust the ISPs  - and I mean has a whole, 
not individually - I doubt that there'd be a rationalization for 
"provider independent" uniquely globally routable address space. 
Such space would not be efficient.

So there's a latent desire for provider independent space.  But, the 
impact of having it is that we take away from the routing community 
the ability to optimize the route tables.  We also remove the impetus 
to demand security products that are address-flexible.

 From a system-wide point of view, I don't like provider-independent 
space.  But I can't deny the utility of it to an enterprise that puts 
a huge stake into networking as internal infrastructure.

(I've tried to keep this short, so I've dropped some details.)  I'm 
curious to hear opinions too.
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

If you knew what I was thinking, you'd understand what I was saying.

More information about the ARIN-PPML mailing list