[ppml] Why ULA-* will not harm the DFZ

Azinger, Marla marla.azinger at frontiercorp.com
Tue Jul 10 17:17:13 EDT 2007 

Thank you Joe.  That is where my thoughts went with all of it and its nice to see it written out line by line.

There is just one point that needs to be considered as well, and that is what next?  While I believe ULA-Central should be used for private VPNs or internal infrastructure, I also ask everyone to consider the following:

1. Either designate space FC00::/8 as ULA-central and finish the documentation and processes needed (which their is a draft in front of IETF right now). 
2. Or release space FC00::/8 for another type of use (becuase sitting on the shelf is wasteful)
3. Or maybe double the size of statistically unique ULA.

Ok. Those are my thoughts.  Fire at will.
Marla Azinger
Frontier Communications


-----Original Message-----
From: Joe Abley [mailto:jabley at ca.afilias.info]
Sent: Monday, July 09, 2007 7:25 PM
To: IPv6 WG
Subject: Why ULA-* will not harm the DFZ


The risk to the DFZ of leaking ULA-* {routes, packets, whatever}  
keeps coming up on this list. I thought I'd try to address just that  
problem in isolation, just to see whether I'm hearing things right.  
Please attack the following.

1. With PI address space there is an expectation of global utility  
(or, reachability across the DFZ, or however you want to describe  
"useful on the Internet"). I said expectation, not guarantee.

2. With ULA-* address space there would be no expectation of global  
utility. In fact, there would be an expectation that the addresses  
are for local use only (for some definition of "local").

3. There is doubt that any ULA-* address space would be kept properly  
local in all cases. In fact, there is an expectation that {routes,  
packets, something} would leak.

4. If some leaks are tolerated, then maybe, eventually, all leaks  
will be tolerated. Let's assume that will happen, just to see where  
it takes us.

5. If everybody has non-PA addresses (be they PI or ULA-*) and they  
are all leaked to the Internet, then the DFZ will suffer state  
explosion.

6. If operators can distinguish between should-be-local addresses  
(ULA-*) and allowed-to-be-global addresses (PI) in ASICs then  
operators can filter in order to head off the cataclysm looming in (5).

7. Since people were told up-front that their ULA-* addresses were no  
good for use on the Internet, step (6) shouldn't cause anybody to  
lock and load their lawyers.

(6) and (7) above ring true for ULA-* but not for PI-for-all. So, ULA- 
* would not harm the DFZ in the way that PI-for-all might harm the DFZ.


Joe

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

More information about the ARIN-PPML mailing list