[ppml] Policy Proposal 2007-6 - Abandoned

Maruottolo, Richard RMaruottolo at bear.com
Thu May 24 08:47:11 EDT 2007 

ON  Thursday, May 24, 2007 1:15 AM David Williamson wrote in response to
Leo Bicknell's point:

> That's absolutely true.  We can renumber *most* of our space very
quickly.
> Unfortunately, the rest takes months, in the best case scenario.  
> And we can't exactly dictate aggressive contract terms to much larger
companies
> that are paying a premium to use our services.

Having had to IP renumber, here are some of the reasons for the *rest*
taking months:

*Firewall rules that are bound via IP addresses NOT DNS
*Application systems such as load balancers are mapped to IP addresses
NOT DNS.
*Legacy systems that are not DNS such as mainframe
*Need to maintain 99.999% application availability.  No room for error.

It can be done but there are in many cases significant hurdles and
potential risks to the firm renumbering that need to be handled.  I have
lost many hours of sleep on weekends doing such migrations for large
firms where the impact of a mistake or downtime in financial lost is
enormous.  Saying the *rest* can take months is an understatement in
many cases.

-Rick

-----Original Message-----
From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of
David Williamson
Sent: Thursday, May 24, 2007 1:15 AM
To: ppml at arin.net
Subject: Re: [ppml] Policy Proposal 2007-6 - Abandoned

On Wed, May 23, 2007 at 09:53:56PM -0400, Leo Bicknell wrote:
> I've been at several companies where each VPN is done with a /30 
> between the companies, and a NAT on BOTH sides.

You can do that, perhaps, unless you can't.  A few protocols just won't
work (SIP is a notable example), and you need someone with a clue about
how to setup a NAT on each end.  That's not a given.  We have one
partner that put their senior network architect on the phone with us.
When we inquired about using BGP for dynamic routing, he said, and I'm
not making this up, "what's bgp?"  That's another Fortune 100 company.
For obvious reasons, I won't identify which one.

> However, I think the point several other posters made is important.  
> We renumber businesses we purchase all the time.  You need to have 
> plans to renumber others and renumber yourself.  You need to invest in

> good DHCP tools, good DNS tools, and understand how to manage things 
> like static IP'ed printers.  This is all true even if you're on 1918
space.
> Anything else is a business continuity risk.

That's absolutely true.  We can renumber *most* of our space very
quickly.  Unfortunately, the rest takes months, in the best case
scenario.  And we can't exactly dictate aggresive contract terms to much
larger companies that are paying a premium to use our services.

I really think people who think renumbering is easy don't work for
ASP-like companies.  There's a few specific challenges that make it a
thorny problem.  A large amount of embedded addresses in vpns and
customer-controlled ACLs are just a nightmare, especially when NAT isn't
an option.

-David
_______________________________________________
This message sent to you through the ARIN Public Policy Mailing List
(PPML at arin.net).
Manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/ppml
***********************************************************************
Bear Stearns is not responsible for any recommendation, solicitation, 
offer or agreement or any information about any transaction, customer 
account or account activity contained in this communication.
***********************************************************************

More information about the ARIN-PPML mailing list