> It is more about creating a address space that can be used > for OTHER thing than the DFZ-way of thinking Internet we have now.
Up until now, I've been on the fence regarding ULA-centrally-registered address space, but after several comments in the past two days, I now support defining these addresses. Other factors that I think help make the case: 1) The RIR system is already in place to deal with DFZ grey areas. If we delegate the central registry function to the RIRs, they can deal with the details of how such addresses are handed out (automatically or on demand), charges for maintaining the registry and ip6.int services, and sorting out the issues of non-aggregation and global routing table entries. 2) These ULA addresses provide an additional layer of security in a layered security model. If I use my PI addresses for secret internal infrastructure, I must block those ranges in my firewall. Networks which I connect to will likely not block these ranges, so I have one layer of security. If I use ULA addresses, then the vast majority of other networks will block the entire ULA range, thus giving me an additional layer of security. If I need to use ULA addreses to talk to a peer, we can both punch holes in our filters/firewalls. 3) ULA addresses reduce the administrative burden. If I use some PI addresses for secret internal infrastructure, I must repeatedly update filters at the edge to block traffic to these ranges. If I use ULA addresses, then I simply block the entire ULA range and never need to update filters. In general, it seems to me that the benefits fall on the enterprise network side, and the possibly disadvantages fall on the ISP side. The IETF needs to provide technology that supports all users of IPv6. Since there are other mechanisms outside the IETF to deal with the ISPs' issues, I think we need to go ahead with ULA centrally-registered. Paul's draft which assigns 12 bits to each RIR seems to be the right thing since it clearly delineates which RIR is responsible for each subset range, and therefore if an RIR policy dictates special handling for certain ULA addresses, there is a simple technical means to accomplish this. I'm not sure what the status of Paul's document is since the drafts directory only contains this one: http://www.ietf.org/internet-drafts/draft-ietf-ipv6-ula-central-02.txt Is Paul's superceding that or is there a merge in process? --Michael Dillon -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------