[ppml] IPv6 flawed?
michael.dillon at bt.com
michael.dillon at bt.com
Fri Sep 14 07:24:33 EDT 2007
> I disagree. We have worse than jack because nothing prevents
> any network admin from simply picking an unused portion of
> the IPv6 space and calling that private and slapping an IPv6
> NAT in front of it.
Nothing prevents that today. I know of several IPv4 networks which do
just that. There is also at least one network that used to be a customer
of a company that we acquired 15 years ago. They still use the addresses
that they were allocated way back when and we only found out when some
bright spark decided to send some spam from their mailservers behind the
NAT.
In another incident 3 years ago, a former customer threatened to sue us
because we had reused the PA addresses that had once been assigned to
him. It was somehow interfering with his ability to communicate with an
important customer.
The fact is that using random addresses behind NAT works just fine. The
only downside is that you are unable to communicate to the network which
has registered those addresses, but if you don't need to communicate to
them, no loss. As you pointed out, the much larger IPv6 space gets rid
of that downside because there is a vast unallocated region from which
you can pick your random addresses.
I wouldn't recommend doing this in IPv6 since ULA addresses will do just
as well. See RFC 4193 for details http://www.ietf.org/rfc/rfc4193.txt
and if you are concerned that someone else might choose the same block,
then select your block using this tool
http://www.sixxs.net/tools/grh/ula/ which will reduce the chances of
collision.
> If IPv6 is assigned sequentially and it is as big as everyone
> claims, then how soon do you think the RIRs will run out of
> IPv6 assignments?
> 10 years? 50 years? 100 years?
You need to read these PPML messages
http://lists.arin.net/pipermail/ppml/2005-May/003674.html
http://lists.arin.net/pipermail/ppml/2005-May/003704.html
Before we put /56s into the equation, the runout date was no less than
120 years from now. And, as Tony noted in the second message, a minor
change to the HD ratio pushes that out to 1200 years from now.
In any case, I am opposed to policies which would deny my descendants
from having thorny addressing problems to solve. Assuming that they
survive the meteorite collisons in 2029 and 2036, and the flooding of
coastal cities caused by global warming, and the destruction of the
Eastern seabord of North America (including ARIN) from the tsunamic
caused by the volcanic eruption of the Canary Islands.
By the way, nothing that we can do will prevent people from doing weird
things with IPv6, NAT included. I consider NAT and address-borrowing to
be corner cases. We need to focus on ISP networks, consumer Internet
access and medium-to-large enterprise access.
--Michael Dillon
More information about the ARIN-PPML
mailing list