[ppml] IPv6 flawed?
Kevin Kargel
kkargel at polartel.com
Thu Sep 13 14:14:59 EDT 2007
There is nothing preventing any sysadmin now from grabbing a chunk of
IPv4 space that they have no need of communicating with and
commandeering it for "private" space. The only penalty will be that
they will be unable to communicate with the legitimate IP. I have
actually dealt with some of my customers who have VPN's to major
corporations and their VPN space uses IP's that belong to someone in
another RIR.
I still don't understand the controversy about private IPv6 space. My
IPv6 allocation is plenty big. If I want a private section of it all I
have to do is set an access list for it in my edge routers denying
traffic for that subnet in or out of my network. Voila, I have a
private network.
Then I have the added advantage that if I ever need temporary access to
the world for an internal box (let's say I want to update patches) all I
have to do is punch a temporary hole in the access list. No setting up
NAT, no renumbering, nothing fancy at all, it just instantly works.
If I decide to peer with another network and allow them access to my
"private" space it is the same algorythm, I just set an access list
allowing traffic to and from their "private" IP space to my "private" IP
space. No big deal. I do have to rely on them not to transit traffic
to/from my space, but that same concern exists with NAT. I assume if I
am going to initiate peering with a neighboring network their sysadmin
and I will actually have a conversation before we implement the merger.
Part of that conversation would be the exchange of "private" netblock
info.
If I buy another company or they buy me, and our networks completely
merge, I would see it as an advantage to maintain separate netblocks for
the disparate sites anyway. If it is mandatory for some reason to have
a homogenous and contiguaous address space, then most likely someone is
going to be renumbering no matter what ULA type scheme we are using.
I am sure there is some aspect I am not paying attention to in my
limited need case, but for me it is not a big deal.
> -----Original Message-----
> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On
> Behalf Of Paul Vixie
> Sent: Thursday, September 13, 2007 12:28 PM
> To: ARIN PPML
> Subject: Re: [ppml] IPv6 flawed?
>
> > ... nothing prevents any network admin from simply picking
> an unused
> > portion of the IPv6 space and calling that private and slapping an
> > IPv6 NAT in front of it.
>
> easier and less risky to use ULA (see RFC 4193). it's when
> you want to be able to do ad-hoc networking with partners and
> customers that the lack of centralized WHOIS and IN-ADDR will
> bite you (with either the RFC 4193 approach or the
> above-quoted suggestion, equally.)
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/ppml Please contact
> the ARIN Member Services Help Desk at info at arin.net if you
> experience any issues.
>
More information about the ARIN-PPML
mailing list