[arin-ppml] Draft Policy 2008-3: Community Networks IPv6 Assignment
Ted Mittelstaedt
tedm at ipinc.net
Tue Mar 24 20:29:58 EDT 2009
> -----Original Message-----
> From: Lea Roberts [mailto:lea.roberts at stanford.edu]
> Sent: Tuesday, March 24, 2009 4:36 PM
> To: Ted Mittelstaedt
> Cc: arin-ppml at arin.net
> Subject: Re: [arin-ppml] Draft Policy 2008-3: Community
> Networks IPv6 Assignment
>
> On Tue, 24 Mar 2009, Owen DeLong wrote:
>
> > There is a disconnect between original IPv6 marketing hype
> and reality
> > here.
>
> regardless of marketing hype, there are many things that were
> said at even the IETF level which have not been delivered in
> the protocol that exists today...
>
> > The "simple renumbering" and independent internal
> addressing structure
> > capabilities are not fully baked and have not as yet
> materialized in
> > IPv6.
>
> FWIW, the simple changing of prefixes on host interfaces, by
> adding a new router advertisement and deprecating the old,
> has been demonstrated to work (mostly). unfortunately,
> however, there exists no tie-in from that mechanism to
> access-lists and firewall rules and such that still remain
> administrator intensive.
>
Even a devils advocate would agree that firewall ruleset mods are
a bigger problem than interface renumbering under IPv6. Granted
they will likely occur during a renumber - but not exclusively
because of renumbering, of course. I am also assuming that a
network that's purely for the purpose of providing access would not
be much interested in deploying extensive firewalling. After
all, it's charter is to provide access, not be responsible for
whether some user who turns off Windows Firewall gets hit by
an attack.
> > On Mar 24, 2009, at 12:08 PM, Ted Mittelstaedt wrote:
> >
> > >
> > > I had thought that one of the big advantages of IPv6 is
> that it was
> > > designed to be simple to renumber.
>
> certain parts of the renumbering process are simple but still
> require several steps even if the exceptions noted above are
> not involved. one of the cool things that works but has yet
> to have practical uses is that an interface can have multiple
> prefixes assigned. the hard problem there is how you decide,
> among multiple prefixes with global scope, which one to
> choose as best to initiate a connection off-site... this is
> the kind of thing that the "experimenter" type of community
> network might be able to help develop and test.
>
> > > Thus I am not sure why having "a stable and globally
> unique address
> > > assignment" has anything to do with having "a stable internal
> > > address structure" under IPv6. I can understand why a community
> > > network would need the second thing, but I don't see why
> they can't
> > > have this under a globally unique address assignment
> that's made by
> > > a LIR instead of by ARIN.
>
> you seem to assume that they would have a stable provider
> (i.e. LIR) connection, which the proposers indicated was not
> the case for many community networks. a better argument
> would be for them to use ULA but that's not guaranteed to be
> globally unique.
>
> > > The community network's internal address structure would
> NOT change
> > > when their connections to outside networks come and go -
> under IPv6.
>
> once they have an assignment, that is true. but if not from an LIR???
>
> > > Could the proposers explain what they need, here? We all what to
> > > support non-profit community networks that help poor people get
> > > online, but at first blush this looks like the proposal
> authors are
> > > assuming IPv6 == IPv4.
>
> I assure you they (and we on the AC) are quite aware of the
> difference...
>
> since you ask for disclosure: I am one the AC shepherds for
> this policy and I am in favor of this policy. My co-shepherd
> is very much against it.
> under the new PDP, I've edited the suggestions from other AC
> members into the text as posted and rewrote the rationale
> (obviously not well enough...
> :-) so while I'm not one of the original proposers, I guess
> it's on me as more like an author of what you now see. I'm
> sorry to have failed to explain clearly enough why allowing
> these IPv6 assignments is worthwhile.
>
The way I look at it is in terms of how do we design policy
to most easily allow everyone access on the Internet. That is
why I've been apalled at the lack of maintainence on WHOIS.
Having a large number of POC's that have no usable contact
info encourages the creation of lots of dark matter on the
Internet which harbor all kinds of parasites like spammers who
make life miserable for the rest of us, and raise the cost of
connecting and staying connected. With portable numbering, if
we are too tight on allowing it, then networks that need it
will do end-runs around what they are supposed to be doing - they
will be spurred into tunneling and doing all kinds of stuff
that make it more difficult for the rest of us to deal with
them - which also creates more dark matter on the Internet
as well. But, on the other side of the teeter-totter, if
you make addressing policy too liberal and just hand them out
to anyone (including individuals) once more you create other
problems which increase the cost of access to the Internet
for the rest of us.
It is a balancing act. The proposal rationale just didn't
go into enough depth to weight the teeter-totter in favor
of it, for me. But that doesn't mean that more weight
couldn't have been put on there. Your explanation helps
some - but it's still lacking in specifics. Could we have
an example, at least just one, of a community net that is
active right now, that really -needs- this, and why specifically,
rather than why generally? I think a specific example of a
network would be more illustrative (you don't have to
say the actual name of the network, just describe it's
specifics, is all) and more effective than just hand-waving.
Ted
More information about the ARIN-PPML
mailing list