[ppml] IPv6 flawed?
dean at av8.com
Mon Sep 17 16:57:16 EDT 2007
Ditto. Ted nailed it.
I can also give some examples of companies (e.g. large insurance
companies) also continuing to privately use the public address space of
their former providers, unable themselves to renumber, and unwilling to
spend the money on consulting to renumber the affected turnkey offices.
Other companies have the same problems with RFC1918 space; placing a NAT
is something than can be done today. Fixing things the right way takes
longer and costs more. Sometimes that means it won't get done.
I see nothing in IPv6 that makes that any easier; There are still going
to be devices that have or depend on static configuration, and therein
lies the problem. The autoconfiguration features in IPv6 make certain
things easier, and probably makes larger networks possible with the same
staff, but it doesn't eliminate the underlying problems of altering the
static configuration of equipment. As long as you have NVram, or a
tftpserver, or even a dhcp server with static configuration of
something, renumbering will remain a problem.
I'm not convinced that ULA is a solution, but I claim no expertise in
this subject. But the first thing that appears as a problem is: if I had
a large private network, I'd want to be able aggregate the routes. I
could be wrong, but non-aggregation seems to mean that it will take much
longer to do OSPFv6 graph calculation on each route, and it looks
impossible to do OSPF areas with ULA. It seems to preferable to have an
RFC1918-like space or PI space for IPv6 private networks.
Another issue occurs to me on this subject:
It seems to me that underlying many of these arguments, people are
concerned about the growth of the DFZ, and so want PI space allocation
policy limited in order to control the size of the DFZ. Yet, nowhere in
ARIN's charter do I see DFZ size as an objective or proper purpose of
ARIN, or of IANA either. Why shouldn't the market (the router vendors,
and the ISPs) control the DFZ size by its own cost structures?
Clearly, ARIN can influence the size of the IPv6 DFZ by denying IPv6 PI
space but why should ARIN, rather than the market, control this?
On Mon, 17 Sep 2007, Ted Mittelstaedt wrote:
> When are people going to realize that the renumbering issue
> is a big deal for some organizations, no matter whether your
> using IPv4 or IPv6, regardless of the new features in IPv6.
> Renumbering isn't about just changing interfaces, folks. For
> the sake of discussion (and since they aren't our customer anymore
> and can't do anything to us) I'll name names. As a disclaimer
> I will say it's been a couple years since I've touched that network,
> so they may have cleaned up their act. But, I don't believe it.
> We used to work on Legacy Health Systems internal network. For
> those of you who never had the pleasure there's literally dozens
> of IT groups under that umbrella - all very mistrustful of each other.
> There's a central numbering authority - I know his name but I
> won't make any more trouble for him - who is largely ignored
> by these groups until they do something stupid like use the same
> numbering for their networks and then want to talk to each other -
> even though he's designated as the number's Czar. And half the
> time the solution to this was to introduce yet another NAT device
> in between the conflicting networks rather than renumbering one
> or both of them. For various
> business/political reasons it's clearly obvious that the powers
> that be at the top like it this way.
> Firewalls are common and plentiful in that WAN/LAN all run by
> these different fiefdoms and they all use large access lists with
> hard-coded host numbers in them. There is really not one single
> person - in my humble opinion - who knows all about all applications
> on the network and all servers and who all is supposed to be using
> them. The typical MO to setup a worker bee in the organization can
> involve discussions with tens of different admins to get access
> to all the stuff the person needs.
> For the people that talk about IPv6 renumbering like you just flip a
> switch and change the prefix in the router, may I humbly suggest
> you are out of your fricking mind. If and when Legacy ever does
> switchover to IPv6, some bird-brained admin that tried that would
> be shot as it would knock hundreds of workers offline and generate
> numerous support calls, mostly to desktop support staff who would
> have no idea what the problem was and even less on how to solve it.
> And I might also add that LHS is easily large enough to qualify
> for their own IPv4 numbers let alone IPv6 - but they use RFC1918
> numbers like everyone else does - at least, all the parts of the
> network that we ever saw did. For all I know they might have
> public numbers widely deployed in some part of their network - not
> that most of the IT groups within would pay any attention to that.
> >-----Original Message-----
> >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of
> >Kevin Kargel
> >Sent: Monday, September 17, 2007 10:36 AM
> >To: ppml at arin.net
> >Subject: Re: [ppml] IPv6 flawed?
> > If you *could* easily renumber IP addresses not under your control
> >wouldn't that make them *under* your control?
> >> -----Original Message-----
> >> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On
> >> Behalf Of David Williamson
> >> Sent: Monday, September 17, 2007 11:22 AM
> >> To: Cort Buffington
> >> Cc: ppml at arin.net
> >> Subject: Re: [ppml] IPv6 flawed?
> >> On Mon, Sep 17, 2007 at 11:08:54AM -0500, Cort Buffington wrote:
> >> > Yep, that's right. I really don't do enough meaningful
> >> networking to
> >> > speak up here. I should have kept my mouth shut.
> >> I don't think that's the point.
> >> >From the sound of it, you've managed to renumber your local
> >> environment
> >> fairly easily. Congrats! It's nice to hear that someone has
> >> had a fairly easy renumbering experience with IPv6.
> >> Owen's point is valid, though - unless there is some
> >> mechanism for renumbering addresses stored in places not
> >> under your control, this isn't really any easier than with
> >> IPv4. For organnizations that don't utilize VPNs and don't
> >> have their addressess embedded all over the place, the two
> >> are mostly equivalent, although IPv6 has more natural methods
> >> for renumbering in a fairly painless way.
> >> Unfortunately, many orgs are not in that space, and
> >> renumbering is hard and painful. If there's a broad solution
> >> to that problem space, I'd really like to hear about it.
> >> That, I think, is the point.
> >> -David
> >> _______________________________________________
> >> PPML
> >> You are receiving this message because you are subscribed to
> >> the ARIN Public Policy Mailing List (PPML at arin.net).
> >> Unsubscribe or manage your mailing list subscription at:
> >> http://lists.arin.net/mailman/listinfo/ppml Please contact
> >> the ARIN Member Services Help Desk at info at arin.net if you
> >> experience any issues.
> >You are receiving this message because you are subscribed to the
> >ARIN Public Policy
> >Mailing List (PPML at arin.net).
> >Unsubscribe or manage your mailing list subscription at:
> >http://lists.arin.net/mailman/listinfo/ppml Please contact the
> >ARIN Member Services
> >Help Desk at info at arin.net if you experience any issues.
> You are receiving this message because you are subscribed to the ARIN Public Policy
> Mailing List (PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/ppml Please contact the ARIN Member Services
> Help Desk at info at arin.net if you experience any issues.
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
More information about the ARIN-PPML