[ppml] PIv6 for legacy holders (/w RSA + efficient use)
michael.dillon at bt.com
michael.dillon at bt.com
Mon Jul 30 08:55:34 EDT 2007
> > With IPv6, ULA addressing defined in RFC 4193
> > http://www.ietf.org/rfc/rfc4193.txt allows one to isolate
> most of the
> > internal network using non-routable addresses. Combine that
> with the
> > typical enterprise configuration of firewall, web proxy,
> and internal
> > email service. You don't even need NAT in this scenario.
> rfc4193 describes a mechanism for allocating local addresses
> that are not routed outside of a site.
> However, any node that needs to be reachable from outside of
> the site or any node that needs to communicate with nodes
> outside of the site also needs to have a global address.
> How does this help?
In network engineering, it is rare to find nice neat solutions that
cover 100% of the use cases. ULA addressing is not presented as a 100%
solution. But it does cover a number of important use cases,
particularly in Enterprise networks. Therefore ULA addressing does help
roll out IPv6 services.
As for global access, the most straightforward way is to use PI or PA
addresses. But you could also decide to continue using existing IPv4
infrastructure for that. And since many enterprises purposely ban the
majority of their hosts from direct Internet access, the problem is
reduced to one of setting up appropriate proxy servers. In such
enterprises, a web proxy combined with IPv6 access to the corporate
email system is sufficient to cover the majority of use cases.
In my opinion, it would be foolish for any organization to attempt a
conversion from IPv4 to IPv6 at this time, even a phased conversion. It
makes far more sense to begin implementing IPv6 with the intent that in
the near future, all internal network GROWTH will be accomodated with
IPv6 infrastructure. IPv4 is not going away and if you have ARIN
allocations/assignments today, you will have them even after the global
IPv4 free pool is exhausted.
Once an organization is in a position where all necessary network growth
can be handled with IPv6 addresses, they are extremely unlikely to
suffer any negative consequences of IPv4 exhaustion. At that point, the
question of shutting off IPv4 or migrating away from IPv4 is a
completely separate issue that each organization should resolve
according to their own needs.
As far as ARIN is concerned, we want to encourage organizations to
deploy IPv6 sufficiently to mitigate any negative effects of IPv4
exhaustion, but we don't care whether they go any further than that. We
are stewards of the IPv4 space as well as IPv6 space, and as long as
people need a registry for globally unique IPv4 addresses, ARIN will
provide that service. I expect that it will be at least 25 years before
people seriously considering dropping IPv4 registry services.
More information about the ARIN-PPML