[ppml] 2005-1 alternatives
Ed.Lewis at neustar.biz
Tue Apr 19 17:11:42 EDT 2005
At 16:33 -0400 4/19/05, Steve Feldman wrote:
>So there wasn't overwhelming support this morning for 2005-01.
>Why did people vote against it? Because the proposed criteria
>for allowing PI assignment were bad, because PI space is a bad
>idea in general, or something else?
I'm going to take a stab at answering this, bearing in mind I
probably voted for it (can't remember), have never worked for an ISP
and have never been the person that had to deal with a provider. So
- the issues I will describe are perceived rather than from
There are two reasons why I would want to control my IP address range.
One is that I don't trust that a single ISP can provide the service I want.
- I fear that if my ISP goes out of business overnight, I'm stuck
- I want to have more control over my resiliency
+ Accomplishing this means multihoming and advertising my space two+ ways
The other is that I fear that renumbering would inflict a heavy cost to me.
- I have lots of manually configured security devices, firewall rules
- I don't like leaving server addresses to chance, relying on dynamic DNS
+ Automatic configuration isn't automatic enough
My early impression of IPv6 was that it would usher in a new era in
which network layer details, like addresses and routing, would be
left to ISPs as the layer 3 entities. Network topology would rule
the day, making the routing tables more efficient. Addressing would
be painless, being able to only need to tweak the routers to change
prefixes. In DNS, binary labels and A6 records would rule.
As time has progressed though, the promise seems to have slipped
away. Security devices, featuring ACLs, have made the network
brittle. No longer is a server's address just for the server, the
router, and DNS to know - the firewall too. (And I'd think twice
about automatic updates to security devices.) From an operations
point of view, I need obvious determinism - like being able to look
at a packet dump and know "oh, that's the address of the ftp server."
The work in the IETF's multi6 (and the following shim6) will be
important to the success of multihoming in IPv6. It would be good (I
haven't followed closely) if multihoming could mean that I get
prefixes from each provider simultaneously.
IMHO, if enterprises could trust the ISPs - and I mean has a whole,
not individually - I doubt that there'd be a rationalization for
"provider independent" uniquely globally routable address space.
Such space would not be efficient.
So there's a latent desire for provider independent space. But, the
impact of having it is that we take away from the routing community
the ability to optimize the route tables. We also remove the impetus
to demand security products that are address-flexible.
From a system-wide point of view, I don't like provider-independent
space. But I can't deny the utility of it to an enterprise that puts
a huge stake into networking as internal infrastructure.
(I've tried to keep this short, so I've dropped some details.) I'm
curious to hear opinions too.
Edward Lewis +1-571-434-5468
If you knew what I was thinking, you'd understand what I was saying.
More information about the ARIN-PPML