Hi Mathew, yes, it was a question and thanks for answering it!
It is clear that there are some larger organisations who fall outside the scope of the existing policy and that a policy change may be a good idea. Nick On 11/05/2015 21:27, Mathew Newton wrote: > Hi Nick, > >> -----Original Message----- From: address-policy-wg >> [mailto:[email protected]] On Behalf Of Nick >> Hilliard Sent: 11 May 2015 14:08 >> >> On 11/05/2015 11:10, Gert Doering wrote: >>> I see "/32 as default, up to /29 if you ask" as very reasonable >>> middle ground... >> >> /29 gives 2^19 /48s, or a little over 500k /48s or 134 million /56s. >> >> Before supporting this proposal, I'd be interested to see a real life >> addressing plan which needed more than this amount of bit space. > > That is a perfectly reasonable question to ask (assuming it was > effectively a question!). My difficulty however is adequately answering > it without inadvertently releasing too much information about the UK > MOD's infrastructure to a public mailing list. That is no one's problem > but my own though so let me see how far I can get by at least covering > some of the key principles. > > One clarification to get out of the way first given that this branch of > the thread was a slight diversion from the core topic is that I am not > looking at changing the '/32 as default, up to /29 if you ask' position > as, like Gert, I agree that this is a very sensible default position. > The issue presented is how to deal with those organisations who cannot > fit within a /29, of which the UK MOD is one... > > As context for those not familiar, the UK MOD and Armed Forces are a > large and complex organisation with an annual budget of over £37 billion > (€52 billion) which puts it in the world's 'top 5' militaries by such a > measure. Its global IP infrastructure spans land, sea, air and space > environments using practically all conceivable physical layer transport > type. > > From an IPv6 addressing perspective, the best place to start is arguably > with the end sites. There are 10's of thousands of end sites > encompassing what you might regard as 'conventional' sites > (office/corporate environments, datacentres, military bases, dockyards > etc) as well as military platforms (tanks, aircraft, ships etc) some of > which could be regarded as enterprises in their own right (e.g. aircraft > carriers). > > These end sites achieve their wider connectivity via ISPs (generally, > but not exclusively, 'private' ISPs whose services are exclusive to the > UK MOD) of which there are hundreds in each different geographic > operating area (fixed UK, fixed overseas, deployed etc). Most end sites > would connect to multiple ISPs, either simultaneously or varying over > time (long term infrastructure changes down to short term connectivity > changes in support of operations) and there is expected to be a mix of > how to deal with this from an addressing perspective (readdressing, > multiple prefixes, mobile IP, etc). > > In order to achieve aggregation and efficiency of routing (within the > MOD, to other nations' militaries and to the Internet) this 'geographic > area > ISP > end site' hierarchy becomes a key part of the addressing > strategy. It is not a flat network and cannot be treated as one by the > addressing strategy hence a straightforward 'number of end sites' > calculation does not result in sufficient address space to be > allocated. > > The issue is further compounded by the fact that the UK MOD must abide > by national security policy which requires that ALL information that is > generated, collected, stored, processed or shared is afforded the > appropriate degree of protection according to its sensitivity and level > of threat it faces. Security classifications are used to categorise the > different levels of sensitivity/threat and effective delivery of these > lead to the requirement to operate completely independent > infrastructures with discrete routing policies for each classification > hence multiple allocations are effectively required. > > The option of 'luxuries' such as semantics, nibble boundaries, 'just in > case' expansion bits etc do not feature in the UK MOD's IPv6 addressing > strategy - it is very much a 'minimum fit'. Whilst it is recognised that > such practices might be sensible and commonplace in many organisations > who achieve the default /32-/29 allocation we must acknowledge that when > operating in the high order bit space we need to be aware of the > disproportionate impact that such approaches would have. > > Even though I may have been vague with the numbers and specifics, does > it help shed any light on how we might struggle to fit into a /29 > allocation? In many respects, for us I feel that the fact there are > >500k /48's in a /29 is similar to the fact that a /64 subnet has 2^64 > addresses within it - it doesn't necessarily mean what the figures might > otherwise first suggest! > > Regards, > > Mathew >
