[arin-ppml] ULA-C and reverse DNS
Owen DeLong
owen at delong.com
Mon Mar 22 14:03:37 EDT 2010
On Mar 22, 2010, at 9:30 AM, <michael.dillon at bt.com> wrote:
>> Are you suggesting that each sub part of an enterprise should
>> be able get its own /48? Are you suggesting there should be
>> no limit to the number of /48s a enterprise can get? It
>> sounds to me like that is what you are suggesting.
>
> There is a natural limit on the number of ULA-C prefixes that
> an enterprise can get. If they only want to route locally in
> some lab or local infrastructure, then they can get a ULA-C
> block. Later, if what they have built becomes valuable to the
> enterprise, they can route that ULA-C block enterprise wide
> with confidence that it won't break anything. But, the new
> block will not function enterprise wide unless they can
> convice the IT admins to unblock that network in their firewall
> ACLs. It is common for there to be multiple layers of firewalls
> internal to an enterprise and the policies are roughly to block
> all traffic that is not known and registered in their IT registry.
>
How does that pose a limit on the number of blocks they get?
The process you have described allows a very large enterprise
to get a ULA-C block for a lab, use it, tear it down, forget they ever
had it and apply for another one 3 months later. Lather, rinse,
repeat until you actually do manage to burn 40 bits worth of
address space.
There is nothing in your proposal to prevent failure to return
unused ULA-C and nothing to prevent merely applying for
more instead of reusing what you already have.
Given our experiences with the IPv4 swamp, I'm inclined to
believe that such a system is not in the best interests of the
internet community and does not represent good stewardship
of the address space.
Owen
More information about the ARIN-PPML
mailing list