[ppml] article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)

David Williamson dlw+arin at tellme.com
Fri May 11 12:08:57 EDT 2007 

I hate to just parrot someone else's comments, but I'm entirely against
the entire concept of ULA-central for exactly the reasons Owen outlines
below.

(Thanks, Owen, for getting that written so I don't have to!)

-David

On Thu, May 10, 2007 at 11:12:21PM -0700, Owen DeLong wrote:
> ULA Central is intended so that some subset of the internet can reliably
> use it to interconnect while not being "globally" routed.
> 
> The problem I have with this theory is that the delta between a  
> collection
> of networks routing by mutual agreement and the internet is:
> 
> 	A.	Fuzzy
> 	B.	Non-Existant
> 	C.	There is no difference
> 	D.	Meaningless
> 	E.	Any and/or All of the above
> 
> Pick your favorite answer from the above and you've pretty much got it.
> If ULA central were limited to not exiting the local AS (in some  
> meaningful
> way, like routers won't forward routes or traffic to ULA addresses to  
> external
> adjacencies), then, I might see it as something other than an end-run on
> the RIR process.  However, in it's current state of "license for  
> anyone who
> wants to run a competing RIR for networks that choose to interoperate
> on this basis" I think it's a pretty bad idea.
> 
> Owen
> 
> 
> On May 11, 2007, at 12:03 AM, william(at)elan.net wrote:
> 
> >
> >I don't understand your point about why ULA need to be registered if
> >its not going to be globally routed. Also PI is not the same as ULA -
> >PI do come from RIRs and in IPv6 there was no way to get PI (except
> >in a few special cases) until recent ARIN's micro-allocation policy.
> >
> >On Fri, 11 May 2007, Tony Hain wrote:
> >
> >>I agree that this will help inform the debate, and while Iljitsch  
> >>did a good
> >>job of outlining the issue, he left out a significant point:::
> >>People explicitly chose to be in the state of "as there is  
> >>currently no
> >>obvious way to make services only available locally" by insisting  
> >>that the
> >>local-scope addressing range have a global-scope as far as  
> >>application
> >>developers were concerned. Now the application developers are  
> >>complaining
> >>about the consequences of their choice, because the alternative to  
> >>'no
> >>routing path for an attack' is to insert a device that has to make  
> >>policy
> >>decisions with limited information.
> >>
> >>The current ULA-central discussions will be directly involved in  
> >>this issue.
> >>It is critical that all of the RIR's have policies establishing a  
> >>mechanism
> >>for registering ULA-central prefixes & PI. For those who don't  
> >>recall, the
> >>reason ULA-central was tabled was that it was seen as a potential  
> >>end-run to
> >>acquire PI space in the absence of appropriate policy to do so out  
> >>of a
> >>range recognized for global routing.
> >>
> >>The need for keeping some things local while others are global is  
> >>real, and
> >>the lack of appropriate mechanisms to accomplish that through the  
> >>routing
> >>system that is designed to deal with path selection leads to entire
> >>industries for fragile work-arounds along with their increased  
> >>complexity.
> >>
> >>Tony
> >>
> >>
> >>>-----Original Message-----
> >>>From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On  
> >>>Behalf Of
> >>>vixie at vix.com
> >>>Sent: Thursday, May 10, 2007 9:59 PM
> >>>To: ppml at arin.net
> >>>Subject: [ppml] article about IPv6 vs firewalls vs NAT in  
> >>>arstechnica
> >>>(seen on slashdot)
> >>>
> >>>i think that this article will help inform the debate around the  
> >>>ipv6
> >>>transition:
> >>>
> >>>http://arstechnica.com/articles/paedia/ipv6-firewall-mixed- 
> >>>blessing.ars
> >>>_______________________________________________
> >>>This message sent to you through the ARIN Public Policy Mailing List
> >>>(PPML at arin.net).
> >>>Manage your mailing list subscription at:
> >>>http://lists.arin.net/mailman/listinfo/ppml
> >>
> >>_______________________________________________
> >>This message sent to you through the ARIN Public Policy Mailing List
> >>(PPML at arin.net).
> >>Manage your mailing list subscription at:
> >>http://lists.arin.net/mailman/listinfo/ppml
> >_______________________________________________
> >This message sent to you through the ARIN Public Policy Mailing List
> >(PPML at arin.net).
> >Manage your mailing list subscription at:
> >http://lists.arin.net/mailman/listinfo/ppml
> 



> _______________________________________________
> This message sent to you through the ARIN Public Policy Mailing List
> (PPML at arin.net).
> Manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/ppml

More information about the ARIN-PPML mailing list