[ppml] 2005-1:Business Need for PI Assignments

Edward Lewis Ed.Lewis at neustar.biz
Mon Apr 25 10:24:11 EDT 2005


At 16:11 +0100 4/22/05, Michael.Dillon at radianz.com wrote:

>IPv6 is not IPv4. Being prudent and conservative in an IPv6
>world involves different behaviors than being conservative
>in an IPv4 world.

Reading the further discussions bring me back to this statement.

I wonder what the differences are.  I can think of some.  When I hear 
arguments about fractions of space available, I don't see why 
fractions are relevant.

More and more, IPv4 and IPv6 seem alike to me.  IPv6 only adds bits 
to the address.

IPv6 promises a new generation of software to make all sorts of other 
wonderful things happen - but as it's taken so long to get rolling, 
it is now plagued by the same disease as IPv4 - hardening of the 
software.  E.g., renumbering IPv6 networks is impinged by firewall 
rules - firewalls weren't around back when IPv6 design work began. 
In addition, IPv4 has been accreting capability to come up to what 
was wanted from IPv6.  (E.g., NAT has extended the address space.)

A /32 of IPv4 space is the same percentage as a /32 of IPv6 space. 
That's obvious.  So what?  With more address space available, I would 
expect to get a smaller percentage of the overall space.

The one alleged feature of IPv6 that plays to the size of the 
addresses and the amount assigned to a network is its "security 
through obscurity" achieved by being sparse.  I find it ironic that 
folks will say that "because it takes so long to scan a network" the 
net is more secure yet also say that "NAT provides no security."  Not 
that NAT provides security, but how is a wasting a lot of space to 
hide a server any better?

The one pertinent difference is that devices are supposed to be 
capable of having multiple addresses on an interface - for multicast 
groups, etc.  I can buy that you need to allocate more addresses than 
interfaces, something not widely done in IPv4.  This is a double 
edged sword - scoped addressing isn't something generally beneficial 
to applications.  (Do I open the SSH session over a globally unique 
address or the local scope address?)

What I'm afraid I am hearing is that "since there are so many more 
IPv6 addresses, let's loosen the address supply to make it easier to 
manage."  That sounds a little like a cop out, understanding that the 
technology is immature and we don't really know where it's heading.

If you put a /48 in my house, with each device getting a /64 to 
assign a /128 to it's interfaces, I still have a hard time imagining 
that this would be an efficient use of space.  Even with MIT-like 
smart kitchens, etc., I can't imagine that much address space being 
needed and used efficiently.  (Especially for those who've been to my 
house.  I could address all of the items in my fridge with a v4 /29, 
maybe a /28 after a trip to Giant.)

It seems to me that IPv6 DHCP assigning addresses more compactly than 
using  the Ethernet address as the last 48 bits would be worth the 
management overhead.
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

If you knew what I was thinking, you'd understand what I was saying.



More information about the ARIN-PPML mailing list