North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IPV6 renumbering painless?

  • From: Stephen Sprunk
  • Date: Sat Nov 13 13:45:46 2004

Thus spake "Owen DeLong" <[email protected]>
If your organization is large enough to involve reconfiguring a significant
number of routers, it is unlikely to be small enough to have to use PA
space instead of getting PI space in the v6 world.
That depends. I consulted with an oil company that wanted to put IP connectivity out to all their gas stations (40,000 of them), with 64+ hosts per site, but would never qualify for PI space (under v4 or v6) because zero of those hosts would need Internet connectivity. ULAs would be a perfect solution for them. In fact, they have since merged with another oil company of equal size, meaning they'd need two ULA prefixes just to provide a single subnet to each site.

 I would argue that ACL's in the v6 world should probably include A6
support.
Security folks rarely, if ever, trust DNS enough to use it in ACLs. And you're assuming that putting half a million entires in their ACLs is even remotely possible with today's routers. With ULAs, you just put in one or two entries and you're done. Not to mention the nightmare of keeping track of that many DNS records...

Oh, and as others have mentioned, A6 is dead.

If you are large enough for IGP configuration for the new network to be a
major undertaking, then, you probably qualify for PI space.  If you are
large enough that BGP is more than a couple of routers that need
changing, you probably qualify for PI space.
IMHO, you are overly optimistic on how easily end-user sites can get PI space.

??? Why not simply perform the address switch somewhere in the
middle.  You should be able to get the prefix for use with the new
provider some time before the link comes up, and, if you're disconnected,
there's no harm in continuing to use the old provider's prefix during
that time.  This makes no sense to me.
Multi6's current wet dream is that if the connection to a provider goes down, that prefix will be automatically un-delegated from all the downstream routers and hosts. If your last connection goes away, you have no addresses left except link-local.

For sites which frequently detach from one network and attach to another, this is murder on internal communications. Even a site that is normally multihomed may experience severe internal communication failures if a subset of their links flap. Most application protocols assume that a TCP failure means the remote host is unavailable or aborted the transaction, and few will transparently try a different address pair and resume a transaction transparently to the user.

If you take the last point as a given, but, to me, the last point seems
irrational.  I still think NAT is evil cruft that had a purpose in the V4
world, but, is highly undesirable in the v6 world.
I don't think anyone here disagrees with the idea that NAT is evil. That's not the problem ULAs are intended to solve.

S

Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking