james woodyatt wrote:
On Jul 10, 2007, at 18:15, Scott Leibrand wrote:
I might suggest we say that "They are intended for use in
pre-arranged interconnection between organizations and sites in local
routing realms ranging in scale from small to very large."
I like that better, yes. I suppose we needn't tell people not to
waste money paying a registry service to avoid a N-in-2^40 chance
where N < 100. Reminds me: I need to buy a lottery ticket on the way
home.
Heh. Bummer the government has a monopoly on lotteries. I'd love to
sell you a few. :-)
In my opinion, it's not the statistical uniqueness of ULA-Ls that is
insufficient at scale, but the ability to keep track of netblock
ownership and DNS authority using local mechanisms. Those problems
were solved for the public Internet by a hierarchy of registries
providing WHOIS services, and by a distributed DNS infrastructure
providing .arpa reverse DNS resolution. I believe the same solutions
are applicable for ULA-G addresses.
As noted previously, synthesizing delegations for authoritative DNS
content servers and WHOIS servers (and probably whatever has to happen
for RPKI to work, I'll wager) can solve all those problems for all
forms of ULA, not just the centrally-assigned ones. If we're going to
do that, I'd like to see the general solution rather than one that
only works when I pay for a registration.
I'd love to see the details of such a solution. I haven't read up on
how synthesized delegations would work: all the schemes I've seen so far
are less scalable than the Internet's distributed DNS hierarchy.
What if using ULA-C actually *increases* my risk of number collision
at merge time because of registry service errors? Then I have to
choose between better assurance against having to renumber and
enjoying the [arguably dubious] benefits of centrally managed
authoritative DNS servers, WHOIS servers and what-not for my prefix.
Well, I suppose we could fit a few more angels on the head of the
pin... :-) (I don't think the risk of collision in either case is
something to worry about.)
Wouldn't it make more sense to provide all those service to ULA
prefixes regardless of how they are allocated?
The one remaining issue you bring up here is the need to keep track of
"ownership" of a local prefix. This seems kinda tautological to me,
but Tony Hain has probably explained the reason behind the perceived
need for this: the functional innumeracy of various bean-counters,
lawyers and other suits, which makes them incompetent risk managers.
Okay, I'll buy that. We need ULA-C as a technical solution to a
political problem. (I love those. It's the other way around that
makes me nervous.)
Well, it may solve some political problems, but it definitely meets some
real needs as well. For example, say I'm parsing mail logs in my spam
folder, and find a mail server that received my mail from a client using
a ULA-G address, and then sent it to my mail server using a PA address.
With whois to track ownership, I can look up the owner and abuse contact
of the infected client as well as the server that relayed the message.
I would propose the following alternate text: "The statistical
uniqueness of locally-assigned ULAs and the use of local methods for
registry and reverse DNS services are deemed adequate when routing
realms contain a small number of local prefixes, but insufficient in
the case where routing realms routinely comprise hundreds of
thousands or even millions of networks. A single, global federated
registry for assigning and providing registration services for unique
local prefixes is required to address these concerns."
I guess I don't have a problem with this edit, but if we're going to
specify synthetic delegations for registry and reverse DNS services
for *all* ULA, not just ULA-C/G, then it would seem to complicate the
introduction to mention it here. If we're not going to do that, then
yes: this is a good edit.
What's wrong with Christian Huitema's proposal to synthesize
delegations? It would seem to have the attraction of making the
methods for resolving reverse DNS and WHOIS (and what-not) to have the
following two desirable properties:
1) When two routing realms, which are each using the same ULA prefix
(by pseudorandom collision or registry service error), are *NOT*
merged, then interconnections to either of them from a third routing
realm will still work. They both have authoritative reverse DNS
servers and WHOIS servers that respond in their routing realm.
2) Resolving recursive reverse DNS and WHOIS for an unknown ULA prefix
doesn't depend on the availability and proper functioning of the
managed servers of a third party on the public Internet, i.e. your ULA
registry. This aids in the construction of ad-hoc networks.
Those sound like good properties. Can you point me to Christian
Huitema's proposal? I'm not sure I've seen it before.
Finally, I also think it's important to retain the text I proposed below:
Using ULAs for this purpose instead of Provider Independent
[RIR-PI] addresses has the attraction of making it easy to prevent
leakage of local prefixes into the default-free zone of the public
Internet, thereby enforcing the requirement to pre-arrange
interconnections.
I think it helps to make it clear *why* ULA-C is the preferred
alternative to RIR-PI for local routing realms that require a global
number registry service.
I agree, and didn't mean to imply that it should be removed.
-Scott
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------