[ppml] [address-policy-wg] Those pesky ULAs again

Leo Bicknell bicknell at ufp.org
Wed May 30 17:53:13 EDT 2007 

In a message written on Wed, May 30, 2007 at 12:56:15PM -0700, John Paul Morrison wrote:
>    I'm curious about the opposition to EUI64. The process for numbering

It's quite simply the worst of all worlds.  Pick your reason:

* EUI-48 is here to stay, even if we run out.  Or are we going to
  replace every bit of deployed ethernet, fddi, and token ring silicon?
* If EUI-64 eliminated the need for duplicate address detection, it
  would be a step forward.  It doesn't, so we have that code complexity.
* We still have to handle collisions.  Duplicate addresses are bad.  
  Are you going to let your PBX get taken out for even a few seconds 
  because of a collision with a duplicate address by stateless autoconfig?
* It's a permanent cookie that identifies the user.
* If we assume randomized addresses to fix the cookie issue,
  and we simply use DAD to make sure there are no duplicates, than it's
  AppleTalk like, and it did quite happily in 16 bits rather than 64,
  even with large subnets.
* Subnets are sparse, and I would argue getting sparser.  Where I had
  4096 host subnets in 1993, I now have 32 host subnets because virtual
  interfaces and vlans are now free.  Why would anyone think of
  providing more host bits?
* It puts a fixed boundary in the system.  CIDR taught us fixed
  boundaries are bad.  Fortunately no one has put them in silicon
  yet, but it will happen, and it will be bad.
* Getting just an address is useless.  You can't even browse just the
  web without nameservers as well.
* The system is not extensible to other attributes, so it has to be
  thrown out entirely. (DHCP6)
* Users with servers are going to fixed assign them, in order, from the
  bottom, because they put in static DNS, IP's in load balancers, and so
  on.  The protocol dictates these uses waste on the order of 56+ bits.
* Since they are sparse, they make designing robust hardware more
  difficult.  Your router can't have enough ram for 2^64 entries per
  subnet, but if it doesn't there's a DDOS potential when you get scanned.
  You will get scanned, even in IPv6.
* When you swap out hardware, your interface changes, screwing up DNS,
  access lists, and other items.  Do you want a BGP session that won't
  come back because you replaced a faulty card?

When it comes to "auto configuration", AppleTalk did it easier, DECNet
did it better.  The market has spoken.

>    EUI64: I know stateless auto-config isn't for routers, but that
>    doesn't mean some protocol like it couldn't be used to bring up router
>    interfaces betwewen the same OSPF/IS-IS area. There's often no point
>    to having an IP address on an interface, when a link local or
>    unnumbered address would do. Other protocols don't even use them
>    explicitly.

There's lots of reasons to have IP's unique IP's on a router interface:

* So you can set up DNS to make traceroute et all useful.
* So you can configure protocols like BGP, MSDP, IPSec and others to it.
* So you can explicitly reach the device over various paths.
* So you can test the device on specific interfaces.
* So you can have physical addresses independent of virtual addresses.

I'm sure I forgot a few.

>    For some (imaginary) router you would simply have:

Humm, smells like DecNet to me.

>    Nowadays, hosts often have multiple, dynamic interfaces, so it would
>    be nice to have a single host identifier, and let eui64 and icmp
>    router solicitation or
>    other dynamic protocols figure out the routing.

No they don't.  I don't know where people get this crazy idea.

Yes, my laptop has wired and wireless ethernet.  The times I go
between the two are few and far between.  When I do, it's because
one is broken, and there's no state to move to the other connection.

Yes, my server has two ethernet ports, plugged into the same VLAN
on two different switches, running NIC Teaming so both are never
active at the same time, and sharing a virtual address.

I would venture that less than 1/100th of a percent of all machines
on the Internet right now have two active interfaces in two different
subnets.  I'll bet 80% of them are routers of some sort.  Think of all
the home PC's...the work desktops, the vast numbers do NOT have two
connections.  Of the legit servers that are on two networks, most are
front end / back end splits, and they are not dynamic, and they do not
interchange in any way.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20070530/78b1a294/attachment.sig>

More information about the ARIN-PPML mailing list