At 2:24 PM -0700 3/23/09, Fred Baker wrote:
>On Mar 23, 2009, at 1:50 PM, Ted Hardie wrote:
>
>> At 12:06 PM -0700 3/23/09, Fred Baker wrote:
>>> At the end of the day, I think that there is a place for PI - with a
>>> handwaving gesture, it ca be argued that anyone that can justify an
>>> AS
>>> number and in fact has multiple upstreams is probably well-served by
>>> PI. That said, the line of reasoning that takes the RIRs into PI
>>> space
>>> ultimately results in the same kind of swamp we have in the IPv4
>>> route
>>> table. If "insanity" is defined as "applying the same algorithms to
>>> the same data and expecting a different result", those who complain
>>> about the IPv4 route table and request PI space are insane.
>>
>> And those who recommend the general use of an address range which
>> is deliberately designed to have very limited aggregation are
>> not? ULAs don't do CIDR, last I heard.
>
>They do it just as well as any other /48, which is what the RIRs are
>allocating as PI space.
Well, I'm most familiar with the ARIN region, and its policy manual
says:
6.5.8. Direct assignments from ARIN to end-user organizations
6.5.8.1. Criteria
To qualify for a direct assignment, an organization must:
1. not be an IPv6 LIR; and
2. qualify for an IPv4 assignment or allocation from ARIN under
the IPv4 policy currently in effect, or demonstrate efficient utilization of
all direct IPv4 assignments and allocations, each of which must be covered by
any current ARIN RSA.
6.5.8.2. Initial assignment size
Organizations that meet the direct assignment criteria are eligible to receive
a direct assignment. The minimum size of the assignment is /48. Organizations
requesting a larger assignment must provide documentation justifying the need
for additional subnets. An HD-Ratio of .94 must be met for all assignments
larger than a /48.
These assignments shall be made from a distinctly identified prefix and shall
be made with a reservation for growth of at least a /44. This reservation may
be assigned to other organizations later, at ARIN's discretion.
6.5.8.3. Subsequent assignment size
Additional assignments may be made when the need for additional subnets is
justified. Justification will be determined based on the .94 HD-Ratio metric.
When possible, assignments will be made from an adjacent address block.
So /48 is the default, not the only size available, and they are likely
reserving
adjacent address blocks to hand out in case of need. So the aggregation
possibilities
look better to me in PI space from an RIR than they do in ULA space.
( Text taken from https://www.arin.net/policy/nrpm.html#six29 )
>
>So you would prefer to allocate PI space in /48s and guarantee the
>routing table explosion.
Note that in the thought experiment I just went through with you,
orgs with PI space can use this proposed mechanism and stay off
the global routing table. They only appear on it if they need to
move from PA-providers to announcing their own prefixes. That
is, they may not appear until the same moment that they would
appear in the "purchase a routing slot for your ULA" moment
(admittedly maybe earlier). The key is that they would be able to
go that route without opening the ULA floodgates *and* their
addresses could be aggregated.
>
>> I think that if the local "cost" to generate a ULA is anything above
>> 0 (and I include maintenance calls), the chance of deployment based
>> on link-local gets to be pretty high. If that doesn't worry you,
>> given
>> 3484, I'd like to understand why. All v6 scopes have collapsed at
>> that
>> point, right?
>
><head scratching>
> <delay/>
></head scratching>
>
>So I work for one of those evil vendor companies that makes these
>things. I find myself thinking in terms of "how difficult is it to
>make a ULA that is likely to be different than someone else's ULA". I
>find myself wondering not whether, but how many, random number
>generators are implemented in such devices, and whether a seed like
>the time of day at boot or the MAC address of the interior interface
>might come into play as a seed. Or what happens if I just use the
>lower N bits of the MAC address stuffed into the ULA top prefix.
I don't think you're thinking like the customer I have in mind. If a provider
finds that having all traffic originate from a single scope eliminates support
calls from grandma with her cable set-top box, why wouldn't they have their
boxes map from that single address scope and eliminate the previous global scope
entirely?
>And I think about the issues that using a link-local address in a non-
>NAT'd environment brings into play.
>
>I think the ULA would be orders of magnitude simpler than trying to
>use link-local in a non-local scope. really.
>
Maybe so.
>
>How does this relate to the NAT66 proposal?
It's at the boundaries of mapping from one v6 address range to others, and
I'm trying to understand where the boundaries of the proposals are. "Not
the target, but not logically excluded" seems to be the signpost on this
particular borderland.
Maybe I'm reading it wrong, of course, but that's my current take.
Ted
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
