[ppml] IPv6 flawed?
tedm at ipinc.net
Thu Sep 13 14:35:00 EDT 2007
You don't understand it because you are large enough to have your
For the orgs too small to meet justification requirements to get
a direct allocation of IPv6 from an RIR, it is a big problem.
They do not want to get IPv6 from an ISP AKA "local internet registry"
and put time and money into numbering all their servers and suchlike -
because if they find a better deal down the street from the ISP's
(I mean local internet registry's) competitor, they want to be free
to dump the existing ISP and go to the competitor without having to
This IMHO is the single largest reason so many orgs adopted NAT.
>From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of
>Sent: Thursday, September 13, 2007 11:15 AM
>To: ppml at arin.net
>Subject: Re: [ppml] IPv6 flawed?
>There is nothing preventing any sysadmin now from grabbing a chunk of
>IPv4 space that they have no need of communicating with and
>commandeering it for "private" space. The only penalty will be that
>they will be unable to communicate with the legitimate IP. I have
>actually dealt with some of my customers who have VPN's to major
>corporations and their VPN space uses IP's that belong to someone in
>I still don't understand the controversy about private IPv6 space. My
>IPv6 allocation is plenty big. If I want a private section of it all I
>have to do is set an access list for it in my edge routers denying
>traffic for that subnet in or out of my network. Voila, I have a
>Then I have the added advantage that if I ever need temporary access to
>the world for an internal box (let's say I want to update patches) all I
>have to do is punch a temporary hole in the access list. No setting up
>NAT, no renumbering, nothing fancy at all, it just instantly works.
>If I decide to peer with another network and allow them access to my
>"private" space it is the same algorythm, I just set an access list
>allowing traffic to and from their "private" IP space to my "private" IP
>space. No big deal. I do have to rely on them not to transit traffic
>to/from my space, but that same concern exists with NAT. I assume if I
>am going to initiate peering with a neighboring network their sysadmin
>and I will actually have a conversation before we implement the merger.
>Part of that conversation would be the exchange of "private" netblock
>If I buy another company or they buy me, and our networks completely
>merge, I would see it as an advantage to maintain separate netblocks for
>the disparate sites anyway. If it is mandatory for some reason to have
>a homogenous and contiguaous address space, then most likely someone is
>going to be renumbering no matter what ULA type scheme we are using.
>I am sure there is some aspect I am not paying attention to in my
>limited need case, but for me it is not a big deal.
>> -----Original Message-----
>> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On
>> Behalf Of Paul Vixie
>> Sent: Thursday, September 13, 2007 12:28 PM
>> To: ARIN PPML
>> Subject: Re: [ppml] IPv6 flawed?
>> > ... nothing prevents any network admin from simply picking
>> an unused
>> > portion of the IPv6 space and calling that private and slapping an
>> > IPv6 NAT in front of it.
>> easier and less risky to use ULA (see RFC 4193). it's when
>> you want to be able to do ad-hoc networking with partners and
>> customers that the lack of centralized WHOIS and IN-ADDR will
>> bite you (with either the RFC 4193 approach or the
>> above-quoted suggestion, equally.)
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> http://lists.arin.net/mailman/listinfo/ppml Please contact
>> the ARIN Member Services Help Desk at info at arin.net if you
>> experience any issues.
>You are receiving this message because you are subscribed to the
>ARIN Public Policy
>Mailing List (PPML at arin.net).
>Unsubscribe or manage your mailing list subscription at:
>http://lists.arin.net/mailman/listinfo/ppml Please contact the
>ARIN Member Services
>Help Desk at info at arin.net if you experience any issues.
More information about the ARIN-PPML