[arin-ppml] ULA, GUA, NCN and the potential for abuse
Owen DeLong
owen at delong.com
Thu Mar 18 23:54:06 EDT 2010
On Mar 18, 2010, at 4:34 PM, Leo Vegoda wrote:
> On 18 Mar 2010, at 4:13, Matthew Petach wrote:
>
> [...]
>
>>> 3. Maintain the same qualification and assignment criteria for both
>>> groups of IPv6 unicast addresses. Do not differentiate them at
>>> the fee structure, either.
>>
>> I think this is going to be the biggest stumbling point.
>>
>> Today, there's no fee for a private organization to use
>> RFC1918 addresses internally. If they're building
>> a massive internal test network, and use most of 10/8
>> to do it, but only need a /29 from their upstream ISP
>> for minimal external connectivity, they don't pay ARIN
>> for the ability to use 10/8 internally.
>>
>> In your model, the network would now have to pay
>> annual ARIN fees to use IPv6 addresses internally,
>> *even* if they are never using them on the global
>> internet.
>
> Assuming this proposal is accepted, they would only have to do this if they were unwilling to use a /48 from the unique local space already set aside in RFC 4193. If RFC 1918 address space is good enough in IPv4 I find it hard to understand why RFC 4193 space would not be good enough in IPv6. RFC 4193 is far, far less likely to suffer from any address clash problems and is very unlikely to ever be routed across the Internet.
>
RFC-1918 is, in most cases, a barely tolerated necessary evil.
As to the likelihood of RFC-4193 being routed, if it is centrally registered and
has guaranteed uniqueness, then, if RIR policies are regarded as overly
restrictive, it is not at all unlikely it will get used as routable address space
at least within some meaningful portion of the internet.
> I can't help but think that the number of people who use RFC 1918 space now instead of requesting unique addresses but would not be happy with RFC 4193 for a similar private network is going to be quite small. While such cases might exist, people with special needs generally understand that their needs are special and understand what that means. If it means paying a registration fee of some kind then presumably that would be acceptable to most people if it gave them the guarantee they were after.
>
ULA (RFC-4193) was, IMHO, an IETF hack to get around the lack of good
RIR policy in this area. If we solve the problem more generically at the
RIR level as I have proposed, then, networks that believe they do not
need to connect to the internet now, but, may need to connect later
would be free to use valid global unicast space for that purpose and
be able to change the connectedness of their network when that was
desired. Those that need space labeled as "non-routable" by
accepted convention, OTOH, would be able to get such space. This
would primarily be to satisfy audit and/or other political requirements
such as PCI.
Owen
More information about the ARIN-PPML
mailing list