[ppml] IPv6 flawed?
Kevin Kargel
kkargel at polartel.com
Mon Sep 17 16:25:36 EDT 2007
Ah, but every rule and law we have in our society is more important than
the human. The highway patrol officer doesn't care that there was
nobody else on the road when you were going 85mph completely under
control in a safe vehicle.. even if you did have a pressing need because
you didn't organize your schedule efficiently.. Granted there are
extenuating circumstances like life or limb, but I doubt being late for
your job or working more efficiently would be accepted.
It would be great if we could make a policy that said "just be good and
play nice with others" and everyone would do that.. but I don't really
expect that to work.
BTW, I personally think we owe Legacy owners something. Those were by
and large the folks that jumped in and did the early experimenting, they
spent the big chunks of R&D money when it was expensive and paved the
way for the rest of us. We are living in the results of their work and
dreams and adventurousness. I think they actually deserve a little
extra consideration. So (imho) if they want to continue using the IP
space that was granted them back when nobody else cared or wanted it I
say "More power to em".. If they are not using the space and see their
way to return it I will think nicer things about them, but I won't think
bad things if they want to keep what they have.
Kevin
:$s/worry/happy/g
> -----Original Message-----
> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On
> Behalf Of Ted Mittelstaedt
> Sent: Monday, September 17, 2007 2:51 PM
> To: Cort Buffington
> Cc: ppml at arin.net
> Subject: Re: [ppml] IPv6 flawed?
>
>
> "Solved" and "eased" are two different things. This thread
> wasn't about "solving" things as I recall.
>
> Of course, I agree the proper way to fix a mess like I
> outlined is to sweep it away and start over. I'd love to do
> that with a lot of things. When my kid spits out some nasty
> phrase he learned watching some movie or TV program of course
> I think it would be better if it was just swept out of his
> vocabulary. But the real world doesen't work that way as
> much as we want it to.
>
> Legacy's operational problems won't be solved by IPv6 no
> matter what we do to the protocol. I have full confidence
> that when they do deploy IPv6 they will botch it. They will
> end up with an
> IPv6 network that would be as difficult to renumber as their
> current IPv4 network. Their admins know this, and so most
> likely when they do renumber, they will not accept IPv6
> addresses assigned from a "local registry AKA ISP" They
> aren't completely stupid after all, at least some of the
> admins there do know how screwed they really are.
>
> Most likely they will go with RFC 4193
> addresses - assuming that RFC 4193 does in fact become a
> standard instead of merely a proposal - and if it doesen't,
> why then as I pointed out earlier, they will just use any old
> addresses out of the IPv6 address space. To hell if its
> assigned to someone else or not. Then they will go find some
> vendor who will cobble together some proprietary NAT proxy
> solution for them.
>
> So, getting back to the original point of the thread - what
> do you want? I'm guessing you are of the camp that would
> look at Legacy and say "screw them, they get what they deserve"
>
> I am from the camp that has a bit more compassion. It is no
> skin off my nose if RFC 4193 is standardized or not, or if
> IETF standardizes IPv6 NAT or not. It completely doesen't
> hurt or harm me if those standards exist. So, because of
> this, and because the existence of those things would help
> make life just a bit more bearable for the poor admins that
> do have to work in an environment like LHS - I don't
> understand how people like you can take such a cold attitude.
>
> After all, these things like network protocols and suchlike
> are mere devices, created to make life easier for us humans.
> When we start worshipping the machine as more important than
> the human - which I feel is at the base of these "network
> purity" religious wars - we lose sight of what is important.
>
> Ted
>
>
> >-----Original Message-----
> >From: Cort Buffington [mailto:cort at kanren.net]
> >Sent: Monday, September 17, 2007 11:56 AM
> >To: Ted Mittelstaedt
> >Cc: michael.dillon at bt.com; ppml at arin.net
> >Subject: Re: [ppml] IPv6 flawed?
> >
> >
> >Concerning the example organization we're talking about (which is
> >typical of the large healthcare networks we have encountered -- for
> >some reason healthcare seems to really struggle): Their problems are
> >organizational, not technical. They will not be solved with
> an network
> >layer protocol.
> >
> >On Sep 17, 2007, at 1:51 PM, Ted Mittelstaedt wrote:
> >
> >>
> >>
> >>> -----Original Message-----
> >>> From: ppml-bounces at arin.net
> [mailto:ppml-bounces at arin.net]On Behalf
> >>> Of michael.dillon at bt.com
> >>> Sent: Monday, September 17, 2007 11:15 AM
> >>> To: ppml at arin.net
> >>> Subject: Re: [ppml] IPv6 flawed?
> >>>
> >>>
> >>>
> >>>> Firewalls are common and plentiful in that WAN/LAN all
> run by these
> >>>> different fiefdoms and they all use large access lists with
> >>>> hard-coded host numbers in them. There is really not one single
> >>>> person - in my humble opinion - who knows all about all
> >>>> applications on the network and all servers and who all
> is supposed
> >>>> to be using them. The typical MO to setup a worker bee in the
> >>>> organization can involve discussions with tens of
> different admins
> >>>> to get access to all the stuff the person needs.
> >>>
> >>> And every single one of those devices needs to be CHANGED
> in order
> >>> to convert it to IPv6. At the time of conversion (or preferably
> >>> during the audit preceding conversion) it makes sense to
> try and get
> >>> some control over these ACLs to facilitate renumbering.
> >>>
> >>
> >> I agree. However I think you missed the part where I said
> that the
> >> network is organized - a misuse of the term organized if I
> ever heard
> >> of one - into a set of fiefdoms, and the powers that be
> like it that
> >> way.
> >>
> >> What this means is that UNLESS the board of directors empowers the
> >> CIO to tell every last group in the organization that they
> are going
> >> to do it this way or the highway, then a conversion is
> simply going
> >> to muck it up worse than it is now. You think it is bad
> when 2 IPv4
> >> networks use back-to-back NAT to communicate within that
> org - just
> >> wait til you have 2 fiefdoms switched to IPv6 and a
> fiefdom that is
> >> used to connect the 2 that refuses to switch to IPv6, and
> the 2 IPv6
> >> fiefdoms now want to send IPv6 to each other.
> >>
> >> I very strongly suspect with LHS that if they ever had to
> go to IPv6
> >> to get internet connectivity, that they will just put in
> proxies. I
> >> fully expect that their internal net will be IPv4 long after most
> >> companies have switched. Forunately, my doctor doesen't
> work in that
> >> company. ;-)
> >>
> >>> Of course, one solution is to not convert certain devices to IPv6
> >>> but just live with the IPv4 stuff that works. When those networks
> >>> become isolated IPv4 islands in an IPv6 network, it will
> never again
> >>> be necessary to renumber the IPv4 interfaces.
> >>>
> >>>> For the people that talk about IPv6 renumbering like you
> just flip
> >>>> a switch and change the prefix in the router, may I
> humbly suggest
> >>>> you are out of your fricking mind.
> >>>
> >>> The people who tell you to renumber this way, also point out how
> >>> they planned and prepared from the time they were first
> installing
> >>> their network. The real lesson, is not that IPv6 networks can be
> >>> renumbered at a flick of a switch, but that building
> renumberability
> >>> in from the start, makes it very easy to do. Also, note that IPv6
> >>> requires two switch flicks. One to turn on the new
> prefix, and the
> >>> other to turn off the old prefix after a delay of days or weeks.
> >>>
> >>> During those interim weeks, you could probably renumber the
> >>> firewalls one by one.
> >>>
> >>
> >> At least half the firewalls simply aren't even required.
> They exist
> >> for political reasons - to justify someone's position in
> the company.
> >> A doctor group in that company may have their own IT group because
> >> they always had one, or because they are primma-donnas who
> think the
> >> normal desktop support people aren't fast enough, or because they
> >> think it's a badge of status like a marked parking spot,
> or because
> >> they think they make so much money for the company that
> they can do
> >> what they want, and they just like sticking it to authority.
> >> And I couldn't renumber those firewalls because I would have to
> >> convince every admin in charge of them that renumbering
> was necessary
> >> - and if they didn't understand IPv6 they likely would not do it.
> >>
> >> Seriously, if LHS came to me and asked me to organize a renumber I
> >> would not do it unless I got 20 million bucks up front
> that would be
> >> forfeited to me if they did not uphold their end of the contract -
> >> and I would have written in to the contract that I could
> tell any IT
> >> person or user in the company that they had to follow my IT
> >> guidelines or figure out how to do their jobs without benefit of
> >> connectivity to the network. No, on second thought, make that 200
> >> million bucks. It would have to be large enough to be
> noticed by the
> >> stockholders. 20 million is pocket change for that company.
> >>
> >> Without that kind of big stick, that network could not ever be
> >> organized. Even the CEO and chairman of the board of that company
> >> don't have that big of a stick.
> >>
> >>> IPv6 is *NOT* just IPv4 with more bits. It works differently and
> >>> seemingly small differences have larger knock-on effects.
> >>>
> >>
> >> For companies like LHS that are 2 steps away from network anarchy,
> >> IPv6 will come just like all other network upgrades on
> that network
> >> come - in bits and pieces, here and there on their
> network. It will
> >> not be organized. But it will serve to perpetuate the
> beaucracy and
> >> the people who have manufactured positions in that org for
> themselves
> >> will continue to have their positions.
> >>
> >> Ted
> >> _______________________________________________
> >> PPML
> >> You are receiving this message because you are subscribed
> to the ARIN
> >> Public Policy Mailing List (PPML at arin.net).
> >> Unsubscribe or manage your mailing list subscription at:
> >> http://lists.arin.net/mailman/listinfo/ppml Please contact
> the ARIN
> >> Member Services Help Desk at info at arin.net if you experience any
> >> issues.
> >>
> >
> >--
> >Cort Buffington
> >Assistant Director for Technical Services The Kansas Research and
> >Education Network cort at kanren.net
> >Office: +1-785-856-9800 x301
> >Mobile: +1-785-865-7206
> >
> >
> >
> >
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/ppml Please contact
> the ARIN Member Services Help Desk at info at arin.net if you
> experience any issues.
>
More information about the ARIN-PPML
mailing list