On Jul 17, 2011, at 1:53 AM, Philip Homburg wrote: > In your letter dated Sun, 17 Jul 2011 11:32:37 +0930 you wrote: >> The quite novel technique of allocation transient addresses to >> applications/processes to assist with firewalling also takes advantage >> of IPv6's large address space and that hosts can have multiple >> addresses at once. It'd be a shame to loose the opportunity to do that >> or similar innovative things with the large IPv6 address space - > > A more scalable approach is to simply route a /96 to the host. There paper > already suggests that: > > "If necessary in a given environment, this could be faked by hav- > "ing a host pretend to be a stub router; however, this would require > "the host to participate in routing protocols, which is generally > "considered to be a bad idea. A better solution would be to extend > "NDP to handle host address prefix lengths. > > I guess the authors didn't know about DHCPv6 prefix delegation. > > I think the same applies to hosts with lots of VMs: maintaining a potentially > large number of NC entries for a single MAC address is unlikely to scale. > This is what routing is designed for.
One issue to think about has to do with virtual machines. If I have one physical platform that appears to the network to be many virtual platforms, I would likely want to give it many IPv6 addresses. In a cloud computing environment, if I move a virtual machine from one platform to another, I would like to move the address and its routing, by changing the MAC address associated with the IPv6 address. Forcing a /96 here would limit my options - to change the routing, I would be forced to change the address, which is something in a cloud computing environment that I don't want to do. I could imagine a mix of the proposals, though. I could imagine using a /80 for a rack or a /96 per platform for virtual machines that reside there, with a smattering of /128s within the data center for virtual machines that have moved - and if there was a long term movement, I could imagine renumbering the machine by adding a new address to it in its new /96, changing the DNS name, waiting an appropriate interval, and then removing the old address's /128 from routing and from the virtual machine. -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
