[ppml] IPv6 flawed?
tedm at ipinc.net
Mon Sep 17 14:02:25 EDT 2007
When are people going to realize that the renumbering issue
is a big deal for some organizations, no matter whether your
using IPv4 or IPv6, regardless of the new features in IPv6.
Renumbering isn't about just changing interfaces, folks. For
the sake of discussion (and since they aren't our customer anymore
and can't do anything to us) I'll name names. As a disclaimer
I will say it's been a couple years since I've touched that network,
so they may have cleaned up their act. But, I don't believe it.
We used to work on Legacy Health Systems internal network. For
those of you who never had the pleasure there's literally dozens
of IT groups under that umbrella - all very mistrustful of each other.
There's a central numbering authority - I know his name but I
won't make any more trouble for him - who is largely ignored
by these groups until they do something stupid like use the same
numbering for their networks and then want to talk to each other -
even though he's designated as the number's Czar. And half the
time the solution to this was to introduce yet another NAT device
in between the conflicting networks rather than renumbering one
or both of them. For various
business/political reasons it's clearly obvious that the powers
that be at the top like it this way.
Firewalls are common and plentiful in that WAN/LAN all run by
these different fiefdoms and they all use large access lists with
hard-coded host numbers in them. There is really not one single
person - in my humble opinion - who knows all about all applications
on the network and all servers and who all is supposed to be using
them. The typical MO to setup a worker bee in the organization can
involve discussions with tens of different admins to get access
to all the stuff the person needs.
For the people that talk about IPv6 renumbering like you just flip a
switch and change the prefix in the router, may I humbly suggest
you are out of your fricking mind. If and when Legacy ever does
switchover to IPv6, some bird-brained admin that tried that would
be shot as it would knock hundreds of workers offline and generate
numerous support calls, mostly to desktop support staff who would
have no idea what the problem was and even less on how to solve it.
And I might also add that LHS is easily large enough to qualify
for their own IPv4 numbers let alone IPv6 - but they use RFC1918
numbers like everyone else does - at least, all the parts of the
network that we ever saw did. For all I know they might have
public numbers widely deployed in some part of their network - not
that most of the IT groups within would pay any attention to that.
>From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of
>Sent: Monday, September 17, 2007 10:36 AM
>To: ppml at arin.net
>Subject: Re: [ppml] IPv6 flawed?
> If you *could* easily renumber IP addresses not under your control
>wouldn't that make them *under* your control?
>> -----Original Message-----
>> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On
>> Behalf Of David Williamson
>> Sent: Monday, September 17, 2007 11:22 AM
>> To: Cort Buffington
>> Cc: ppml at arin.net
>> Subject: Re: [ppml] IPv6 flawed?
>> On Mon, Sep 17, 2007 at 11:08:54AM -0500, Cort Buffington wrote:
>> > Yep, that's right. I really don't do enough meaningful
>> networking to
>> > speak up here. I should have kept my mouth shut.
>> I don't think that's the point.
>> >From the sound of it, you've managed to renumber your local
>> fairly easily. Congrats! It's nice to hear that someone has
>> had a fairly easy renumbering experience with IPv6.
>> Owen's point is valid, though - unless there is some
>> mechanism for renumbering addresses stored in places not
>> under your control, this isn't really any easier than with
>> IPv4. For organnizations that don't utilize VPNs and don't
>> have their addressess embedded all over the place, the two
>> are mostly equivalent, although IPv6 has more natural methods
>> for renumbering in a fairly painless way.
>> Unfortunately, many orgs are not in that space, and
>> renumbering is hard and painful. If there's a broad solution
>> to that problem space, I'd really like to hear about it.
>> That, I think, is the point.
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> http://lists.arin.net/mailman/listinfo/ppml Please contact
>> the ARIN Member Services Help Desk at info at arin.net if you
>> experience any issues.
>You are receiving this message because you are subscribed to the
>ARIN Public Policy
>Mailing List (PPML at arin.net).
>Unsubscribe or manage your mailing list subscription at:
>http://lists.arin.net/mailman/listinfo/ppml Please contact the
>ARIN Member Services
>Help Desk at info at arin.net if you experience any issues.
More information about the ARIN-PPML