[ppml] draft-ietf-ipv6-ula-central-02.txt use cases

Scott Leibrand sleibrand at internap.com
Wed Jun 27 20:05:58 EDT 2007 

>> On Tue, 2007-06-26 at 23:48 -0500, Stephen Sprunk wrote:
>>     
>>> If we want to issue address space to folks for "private" use, it needs
>>> to be out of the same block(s) that the RIRs use to allocate space for
>>> "public" use, because sooner or later those "private" networks are going to end up being publicly routed.
>>>       
>> But if we do this shouldn't we also take steps to prevent abuse
>> (hijacking etc) of those "private" blocks. History has shown that
>> unannounced PI-blocks that nobody is missing can be abused for a long
>> time before anybody cries foul. We may have made a hash of v4, but
>> shouldn't have to make the same mistake from the start with v6. Maybe
>> RIRs should announce "private" or otherwise "quarantined" blocks from a
>> special AS so that they can easily be identified and filtered ...
>> although they'd end up wasting space in the DFZ (whatever that is;).
>>
>>     

shamilton at exactor.com wrote:
>   I totally agree with Stephen and others than regardless of original
> intent 'private' PI routes will end up public, whether by intention down
> the road, by accident, or by hi-jacking.  It strikes me that the way to
> address this is after the allocation process by means of routing
> authentication only - RADB and it's ilk now, certificates later maybe. 
>   

I believe this should be addressed as well, and the simplest way to take 
steps to prevent abuse of private space is to allocate it all out of a 
single block, and encourage operators to filter any announcements they 
see out of that block ("deny FC00::/7").  There's no need for routing 
authentication, certificates, special ASNs, etc.

If that's not good enough, then we need to just go ahead and adopt a 
liberal PI policy for IPv6 and be done with it. 

It seems to me that this debate is stuck between those who think any 
sort of ULA-C or liberalized PI is going too far, and those who think 
that ULA-C doesn't go far enough, and want liberalized PI instead.  IMO, 
ULA-C is the best middle ground we have, and if the folks who think it 
doesn't go far enough aren't willing to support a step in that 
direction, then we'll just have to sit where we're at until there's 
enough demand for liberalized PI. 

-Scott

More information about the ARIN-PPML mailing list