subject:"IPv6 end user addressing"


On Aug 10, 2011, at 8:29 PM, Joel Jaeggli wrote:

 
 On Aug 10, 2011, at 6:52 PM, Brian E Carpenter wrote:
 
 On 2011-08-11 12:45, james machado wrote:
 
 what is the life expectancy of IPv6?  It won't live forever and we
 can't reasonably expect it too.  I understand we don't want run out of
 addresses in the next 10-40 years but what about 100? 200? 300?
 
 We will run out and our decedents will go through re-numbering again.
 The question becomes what is the life expectancy of IPv6 and does the
 allocation plan make a reasonable attempt to run out of addresses
 around the end of the expected life of IPv6.
 
 Well, we know that the human population will stabilise somewhere below
 ten billion by around 2050. The current unicast space provides for about
 15 trillion /48s. Let's assume that the RIRs and ISPs retain their current
 level of engineering common sense - i.e. the address space will begin to be
 really full when there are about 25% of those /48s being routed... that makes
 3.75 trillion /48s routed for ten billion people, or 375 /48s per man, woman
 and child. (Or about 25 million /64s if you prefer.)
 
 It's not the humans that are going to soak up the address space, so it seems 
 a little misguided to count up the humans a reference for the bounding 
 properties on growth. That said I think 2000::/3 will last long enough, that 
 we shouldn't be out rewriting policy anytime soon.
 

I disagree. I think current policy in several RIRs (APNIC, especially) is far 
too conservative
and that we do need to rewrite it. That's why I submitted prop-090 which has 
taken the
feedback I received into account and become prop-098.

Owen

RE: IPv6 end user addressing

2011-08-11 Thread Jamie Bowden

Owen wrote:

 -Original Message-
 From: Owen DeLong [mailto:o...@delong.com]
 Sent: Wednesday, August 10, 2011 9:58 PM
 To: William Herrin
 Cc: nanog@nanog.org
 Subject: Re: IPv6 end user addressing

 On Aug 10, 2011, at 6:46 PM, William Herrin wrote:

  On Wed, Aug 10, 2011 at 9:32 PM, Owen DeLong o...@delong.com
wrote:
  Someday, I expect the pantry to have a barcode reader on it
 connected back
  a computer setup for the kitchen someday.  Most of us already use
 barcode
  readers when we shop so its not a big step to home use.

  Nah... That's short-term thinking. The future holds advanced
 pantries with
  RFID sensors that know what is in the pantry and when they were
 manufactured,
  what their expiration date is, etc.

  And since your can of creamed corn is globally addressable, the rest
  of the world knows what's in your pantry too. ;)

 This definitely helps explain your misconceptions about NAT as a
 security tool.

 Globally addressable != globally reachable.

 Things can have global addresses without having global reachability.
 There are
 these tools called access control lists and routing policies. Perhaps
 you've heard
 of them. They can be quite useful.

And your average home user, whose WiFi network is an open network named
linksys is going to do that how?

Jamie

RE: IPv6 end user addressing

2011-08-11 Thread Frank Bulk

This same Vendor C wants us to upgrade our 7206VXR's to ASR1K's just so we
have the (hopefully working) IPv6 features in IOS-XE that are broken in
12.x.

Frank

-Original Message-
From: Mark Newton [mailto:new...@internode.com.au] 
Sent: Wednesday, August 10, 2011 10:12 PM
To: Cameron Byrne
Cc: NANOG
Subject: Re: IPv6 end user addressing

On 11/08/2011, at 12:30 PM, Cameron Byrne wrote:
 Finally a useful post in this thread.  Good work on the deployment of real
ipv6!

Thanks. And thanks to Vendor-C for helping us through it.  The IPv6
Broadband
featureset on the ASR platform starting from IOS-XR 3.1 is a vast
improvement
on its predecessors.

Biggest hassle with IPv6 in production right now:  DNS support is woefully 
undercooked.  I don't think anyone has put anywhere near as much effort into
making it fluid, user-friendly, and automated.  Simple questions like, How
are reverse mappings supposed to work when you can't predict an end-user's
address? have no good answer.  If any systems folks want a nice meaty
problem
domain to focus their efforts on, DNS would be da shiznit.

  - mark

--
Mark Newton   Email:  new...@internode.com.au
(W)
Network Engineer  Email:  new...@atdot.dotat.org
(H)
Internode Pty Ltd Desk:   +61-8-82282999
Network Man - Anagram of Mark Newton  Mobile: +61-416-202-223

Re: IPv6 end user addressing

On Aug 11, 2011, at 5:41 AM, Jamie Bowden wrote:

 Owen wrote:

 -Original Message-
 From: Owen DeLong [mailto:o...@delong.com]
 Sent: Wednesday, August 10, 2011 9:58 PM
 To: William Herrin
 Cc: nanog@nanog.org
 Subject: Re: IPv6 end user addressing

 On Aug 10, 2011, at 6:46 PM, William Herrin wrote:

 On Wed, Aug 10, 2011 at 9:32 PM, Owen DeLong o...@delong.com
 wrote:
 Someday, I expect the pantry to have a barcode reader on it
 connected back
 a computer setup for the kitchen someday.  Most of us already use
 barcode
 readers when we shop so its not a big step to home use.

 Nah... That's short-term thinking. The future holds advanced
 pantries with
 RFID sensors that know what is in the pantry and when they were
 manufactured,
 what their expiration date is, etc.

 And since your can of creamed corn is globally addressable, the rest
 of the world knows what's in your pantry too. ;)

 This definitely helps explain your misconceptions about NAT as a
 security tool.

 Globally addressable != globally reachable.

 Things can have global addresses without having global reachability.
 There are
 these tools called access control lists and routing policies. Perhaps
 you've heard
 of them. They can be quite useful.

 And your average home user, whose WiFi network is an open network named
 linksys is going to do that how?

Because the routers that come on pantries and refrigerators will probably be
made by people smarter than the folks at Linksys?

Owen

Re: IPv6 end user addressing

2011-08-11 Thread sthaug

  And your average home user, whose WiFi network is an open network named
  linksys is going to do that how?
 
 Because the routers that come on pantries and refrigerators will probably be
 made by people smarter than the folks at Linksys?

One could argue that routing and access control is even less of a core
business feature for pantry and refrigerator manufacturers than it is
for Linksys. So I wouldn't rule this out - but I'm definitely in the
sceptical camp.

Steinar Haug, Nethelp consulting, sth...@nethelp.no

Re: IPv6 end user addressing

2011-08-11 Thread Greg Ihnen


On Aug 11, 2011, at 1:04 PM, Owen DeLong wrote:

 
 On Aug 11, 2011, at 5:41 AM, Jamie Bowden wrote:
 
 Owen wrote:
 
 -Original Message-
 From: Owen DeLong [mailto:o...@delong.com]
 Sent: Wednesday, August 10, 2011 9:58 PM
 To: William Herrin
 Cc: nanog@nanog.org
 Subject: Re: IPv6 end user addressing
 
 
 On Aug 10, 2011, at 6:46 PM, William Herrin wrote:
 
 On Wed, Aug 10, 2011 at 9:32 PM, Owen DeLong o...@delong.com
 wrote:
 Someday, I expect the pantry to have a barcode reader on it
 connected back
 a computer setup for the kitchen someday.  Most of us already use
 barcode
 readers when we shop so its not a big step to home use.
 
 Nah... That's short-term thinking. The future holds advanced
 pantries with
 RFID sensors that know what is in the pantry and when they were
 manufactured,
 what their expiration date is, etc.
 
 And since your can of creamed corn is globally addressable, the rest
 of the world knows what's in your pantry too. ;)
 
 
 This definitely helps explain your misconceptions about NAT as a
 security tool.
 
 
 Globally addressable != globally reachable.
 
 Things can have global addresses without having global reachability.
 There are
 these tools called access control lists and routing policies. Perhaps
 you've heard
 of them. They can be quite useful.
 
 And your average home user, whose WiFi network is an open network named
 linksys is going to do that how?
 
 
 Because the routers that come on pantries and refrigerators will probably be
 made by people smarter than the folks at Linksys?
 
 Owen
 
 

I respectfully disagree. If appliance manufacturers jump on the bandwagon to 
make their device *Internet Ready!* we'll see appliance makers who have way 
less networking experience than Linksys/Cisco getting into the fray. I highly 
doubt the pontifications of these Good Morning America technology gurus who 
predict all these changes are coming to the home. Do we really think appliance 
manufacturers are going to agree on standards for keeping track of how much 
milk is in the fridge, especially as not just manufacturing but also 
engineering is moving to countries like China? How about the predictions that 
have been around for years about appliances which will alert the manufacturer 
about impending failure so they can call you and you can schedule the repair 
before there's a breakdown? Remember that one? We don't even have an appliance 
about to break, call repairman idiot light on appliances yet.

But I predict the coming of IPv6 to the home in a big way will have unintended 
consequences.

I think the big shock for home users regarding IPv6 will be suddenly having 
their IPv4 NAT firewall being gone and all their devices being exposed naked to 
everyone on the internet. Suddenly all their security shortcomings (no 
passwords, password for the password etc) are going to have catastrophic 
consequences. I foresee an exponential leap in the  number of hacks of consumer 
devices which will have repercussions well beyond their local network. In my 
opinion that's going to be the biggest problem with IPv6, not all the concerns 
about the inner workings of the protocols. I'm guessing the manufacturers of 
consumer grade networkable devices are still thinking about security as it 
applies to LANs with rfc 1918 address space behind a firewall and haven't 
rethought security as it applies to IPv6.

Greg

Re: IPv6 end user addressing

2011-08-11 Thread Chris Adams

Once upon a time, Owen DeLong o...@delong.com said:
 Because the routers that come on pantries and refrigerators will probably be
 made by people smarter than the folks at Linksys?

That's highly doubtful, especially when Linksys is the best networking
equipment the average person will buy (at Best Buy, Wal-Mart, etc.).

-- 
Chris Adams cmad...@hiwaay.net
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

Re: IPv6 end user addressing


On Aug 11, 2011, at 10:41 AM, sth...@nethelp.no wrote:

 And your average home user, whose WiFi network is an open network named
 linksys is going to do that how?
 
 Because the routers that come on pantries and refrigerators will probably be
 made by people smarter than the folks at Linksys?
 
 One could argue that routing and access control is even less of a core
 business feature for pantry and refrigerator manufacturers than it is
 for Linksys. So I wouldn't rule this out - but I'm definitely in the
 sceptical camp.
 
 Steinar Haug, Nethelp consulting, sth...@nethelp.no

Let's face it... CPE security needs are going to be radically different and 
consumer
expectations are going to rise quickly in this area with IPv6.

I suspect both refrigerator/pantry makers _AND_ Linksys et. al. will be forced
to adapt.

Owen

Re: IPv6 end user addressing

2011-08-11 Thread Jeff Johnstone

On Thu, Aug 11, 2011 at 10:52 AM, Greg Ihnen os10ru...@gmail.com wrote:


 On Aug 11, 2011, at 1:04 PM, Owen DeLong wrote:

 
  On Aug 11, 2011, at 5:41 AM, Jamie Bowden wrote:
 
  Owen wrote:
 
  -Original Message-
  From: Owen DeLong [mailto:o...@delong.com]
  Sent: Wednesday, August 10, 2011 9:58 PM
  To: William Herrin
  Cc: nanog@nanog.org
  Subject: Re: IPv6 end user addressing
 
 
  On Aug 10, 2011, at 6:46 PM, William Herrin wrote:
 
  On Wed, Aug 10, 2011 at 9:32 PM, Owen DeLong o...@delong.com
  wrote:
  Someday, I expect the pantry to have a barcode reader on it
  connected back
  a computer setup for the kitchen someday.  Most of us already use
  barcode
  readers when we shop so its not a big step to home use.
 
  Nah... That's short-term thinking. The future holds advanced
  pantries with
  RFID sensors that know what is in the pantry and when they were
  manufactured,
  what their expiration date is, etc.
 
  And since your can of creamed corn is globally addressable, the rest
  of the world knows what's in your pantry too. ;)
 
 
  This definitely helps explain your misconceptions about NAT as a
  security tool.
 
 
  Globally addressable != globally reachable.
 
  Things can have global addresses without having global reachability.
  There are
  these tools called access control lists and routing policies. Perhaps
  you've heard
  of them. They can be quite useful.
 
  And your average home user, whose WiFi network is an open network named
  linksys is going to do that how?
 
 
  Because the routers that come on pantries and refrigerators will probably
 be
  made by people smarter than the folks at Linksys?
 
  Owen
 
 

 I respectfully disagree. If appliance manufacturers jump on the bandwagon
 to make their device *Internet Ready!* we'll see appliance makers who have
 way less networking experience than Linksys/Cisco getting into the fray. I
 highly doubt the pontifications of these Good Morning America technology
 gurus who predict all these changes are coming to the home. Do we really
 think appliance manufacturers are going to agree on standards for keeping
 track of how much milk is in the fridge, especially as not just
 manufacturing but also engineering is moving to countries like China? How
 about the predictions that have been around for years about appliances which
 will alert the manufacturer about impending failure so they can call you and
 you can schedule the repair before there's a breakdown? Remember that one?
 We don't even have an appliance about to break, call repairman idiot light
 on appliances yet.

 But I predict the coming of IPv6 to the home in a big way will have
 unintended consequences.

 I think the big shock for home users regarding IPv6 will be suddenly having
 their IPv4 NAT firewall being gone and all their devices being exposed naked
 to everyone on the internet. Suddenly all their security shortcomings (no
 passwords, password for the password etc) are going to have catastrophic
 consequences. I foresee an exponential leap in the  number of hacks of
 consumer devices which will have repercussions well beyond their local
 network. In my opinion that's going to be the biggest problem with IPv6, not
 all the concerns about the inner workings of the protocols. I'm guessing the
 manufacturers of consumer grade networkable devices are still thinking about
 security as it applies to LANs with rfc 1918 address space behind a firewall
 and haven't rethought security as it applies to IPv6.

 Greg


+1

I think this is currently the biggest hole in IPV6 adoption. We need a drop
in firewall appliance along the lines of IPCOP for IPV6. This type of closed
unless tinkered with protection would encourage people to try it out and not
be too scared to move forward. This is a huge opportunity for some
Company/Open Source Developers Group to grab a huge chucnk of an emerging
market...   hint hint :)

cheers
Jeff

Re: IPv6 end user addressing

2011-08-11 Thread Michael Thomas


On 08/11/2011 11:18 AM, Owen DeLong wrote:

On Aug 11, 2011, at 10:41 AM, sth...@nethelp.no wrote:

   

And your average home user, whose WiFi network is an open network named
linksys is going to do that how?
 

Because the routers that come on pantries and refrigerators will probably be
made by people smarter than the folks at Linksys?
   

One could argue that routing and access control is even less of a core
business feature for pantry and refrigerator manufacturers than it is
for Linksys. So I wouldn't rule this out - but I'm definitely in the
sceptical camp.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
 

Let's face it... CPE security needs are going to be radically different and 
consumer
expectations are going to rise quickly in this area with IPv6.

I suspect both refrigerator/pantry makers _AND_ Linksys et. al. will be forced
to adapt.
   


Radically? How so? I have little confidence that the urge to do as little
as possible about security is going to change just because of IPv6. The
goal of router manufacturers is to turn a profit, not save the world.

Mike

The fact that you're immediately going to routing means you don't
understand the problem. The costs I'm talking about don't have anything
to do with routing or any of the core gear and everything to do with the
pieces at the customer premise. Routers cost more to purchase than
bridges because there is more complexity (silicon software). Routers
also cost more to manage for a service provider in almost all cases for
residential customers. There are reasons to deploy routing CPE in some
cases (the use cases are increasing with IP video in DOCSIS systems) but
they are still very nascent.

On 8/10/2011 7:24 PM, Owen DeLong wrote:

I'm pretty sure that I understand those things reasonably well. I'm quite
certain that it doesn't
cost an ISP significantly more to deploy /48s than /56s as addresses don't have
much of a
cost and there is little or no difficulty in obtaining large allocations for
ISPs that have lots of
residential users. The difference between handing a user's CPE a /56 and a /48
will not make
for significant difference in support costs, either, other than the possible
additional costs of
the phone calls when users start to discover that /56s were not enough.

Owen

On Aug 10, 2011, at 11:43 AM, Scott Helms wrote:

Tim,

Hence the might. I worry when people start throwing around terms like routing in
the home that they don't understand the complexities of balancing the massive CPE installed base,
technical features, end user support, ease of installation managemenet, and (perhaps most
importantly) the economics of mass adoption. This one of the choices that made DSL deployments
more complex and expensive than DOCSIS cable deployments which in turn caused the CEO of ATT
to say their entire DSL network is obsolete.
http://goo.gl/exwqu

On 8/10/2011 12:57 PM, Tim Chown wrote:

On 10 Aug 2011, at 16:11, Scott Helms wrote:

Neither of these are true, though in the future we _might_ have deployable
technology that allows for automated routing setup (though I very seriously
doubt it) in the home. Layer 2 isolation is both easier and more reliable than
attempting it at layer 3 which is isolation by agreement, i.e. it doesn't
really exist.

Well, there is some new effort on this in the homenet WG in IETF.

For snooping IPv6 multicast it's MLD snooping rather than IGMP. We use it in
our enterprise since we have multiple multicast video channels in use.

Tim

On 8/10/2011 9:02 AM, Owen DeLong wrote:

Bridging eliminates the multicast isolation that you get from routing.

This is not a case for bridging, it's a case for making it possible to do real
routing in the home and we now have the space and the technology to
actually do it in a meaningful and sufficiently automatic way as to be
applicable to Joe 6-Mac.

--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000

http://twitter.com/kscotthelms

--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000

http://twitter.com/kscotthelms

--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000

http://twitter.com/kscotthelms

Re: IPv6 end user addressing

You're talking about the front end residential gateway that you manage. I'm 
talking about
the various gateways and things you might not yet expect to provide gateways 
that residential
end users will deploy on their own within their environments.

The fact that you are talking about an entirely different problem space than I 
am shows that
it is you who does not understand either the problem I am describing or the 
solution space
that is applicable.

Of course, in order for the ISP to properly support these things in the home, 
the ISP
needs to terminate some form of IPv6 on some form of CPE head-end router in the
home to which he will (statically or otherwise) route the /48 whether it is 
statically
assigned or configured via DHCPv6-PD.

Owen

On Aug 11, 2011, at 1:28 PM, Scott Helms wrote:

 Owen,
 
The fact that you're immediately going to routing means you don't 
 understand the problem.  The costs I'm talking about don't have anything to 
 do with routing or any of the core gear and everything to do with the pieces 
 at the customer premise.  Routers cost more to purchase than bridges because 
 there is more complexity (silicon  software).  Routers also cost more to 
 manage for a service provider in almost all cases for residential customers.  
 There are reasons to deploy routing CPE in some cases (the use cases are 
 increasing with IP video in DOCSIS systems) but they are still very nascent.
 
 On 8/10/2011 7:24 PM, Owen DeLong wrote:
 I'm pretty sure that I understand those things reasonably well. I'm quite 
 certain that it doesn't
 cost an ISP significantly more to deploy /48s than /56s as addresses don't 
 have much of a
 cost and there is little or no difficulty in obtaining large allocations for 
 ISPs that have lots of
 residential users. The difference between handing a user's CPE a /56 and a 
 /48 will not make
 for significant difference in support costs, either, other than the possible 
 additional costs of
 the phone calls when users start to discover that /56s were not enough.
 
 
 Owen
 
 On Aug 10, 2011, at 11:43 AM, Scott Helms wrote:
 
 Tim,
 
Hence the might.  I worry when people start throwing around terms like 
 routing in the home that they don't understand the complexities of 
 balancing the massive CPE installed base, technical features, end user 
 support, ease of installation  managemenet, and (perhaps most importantly) 
 the economics of mass adoption.  This one of the choices that made DSL 
 deployments more complex and expensive than DOCSIS cable deployments which 
 in turn caused the CEO of ATT to say their entire DSL network is obsolete.
 http://goo.gl/exwqu
 
 
 
 On 8/10/2011 12:57 PM, Tim Chown wrote:
 On 10 Aug 2011, at 16:11, Scott Helms wrote:
 
 Neither of these are true, though in the future we _might_ have 
 deployable technology that allows for automated routing setup (though I 
 very seriously doubt it) in the home.  Layer 2 isolation is both easier 
 and more reliable than attempting it at layer 3 which is isolation by 
 agreement, i.e. it doesn't really exist.
 Well, there is some new effort on this in the homenet WG in IETF.
 
 For snooping IPv6 multicast it's MLD snooping rather than IGMP.  We use it 
 in our enterprise since we have multiple multicast video channels in use.
 
 Tim
 
 On 8/10/2011 9:02 AM, Owen DeLong wrote:
 Bridging eliminates the multicast isolation that you get from routing.
 
 This is not a case for bridging, it's a case for making it possible to 
 do real
 routing in the home and we now have the space and the technology to
 actually do it in a meaningful and sufficiently automatic way as to be
 applicable to Joe 6-Mac.
 
 -- 
 Scott Helms
 Vice President of Technology
 ISP Alliance, Inc. DBA ZCorum
 (678) 507-5000
 
 http://twitter.com/kscotthelms
 
 
 
 -- 
 Scott Helms
 Vice President of Technology
 ISP Alliance, Inc. DBA ZCorum
 (678) 507-5000
 
 http://twitter.com/kscotthelms
 
 
 
 
 -- 
 Scott Helms
 Vice President of Technology
 ISP Alliance, Inc. DBA ZCorum
 (678) 507-5000
 
 http://twitter.com/kscotthelms

Re: IPv6 end user addressing

 
 I respectfully disagree. If appliance manufacturers jump on the bandwagon to 
 make their device *Internet Ready!* we'll see appliance makers who have way 
 less networking experience than Linksys/Cisco getting into the fray. I highly 
 doubt the pontifications of these Good Morning America technology gurus who 
 predict all these changes are coming to the home. Do we really think 
 appliance manufacturers are going to agree on standards for keeping track of 
 how much milk is in the fridge, especially as not just manufacturing but also 
 engineering is moving to countries like China? How about the predictions that 
 have been around for years about appliances which will alert the manufacturer 
 about impending failure so they can call you and you can schedule the repair 
 before there's a breakdown? Remember that one? We don't even have an 
 appliance about to break, call repairman idiot light on appliances yet.
 
What standards?  The RFID tag on the milk carton will, essentially, replace the 
bar code once RFID tags become cheap enough. It'll be like an uber-barcode with 
a bunch more information.

For keeping track of how much, cheap sensitive pressure transducers will know 
by the position of the RFID tag combined with the weight of the thing at that 
location in the refrigerator. There's no new standard required.

The technology to do this exists today. The integration and mainstream 
acceptance is still years, if not decades off, but, IPv6 should last for 
decades, so, if we don't plan for at least the things we can see coming today 
and already know feasible ways to implement, we're doomed for the other 
unexpected things we don't see coming.

 But I predict the coming of IPv6 to the home in a big way will have 
 unintended consequences.
 

Definitely.


 I think the big shock for home users regarding IPv6 will be suddenly having 
 their IPv4 NAT firewall being gone and all their devices being exposed naked 
 to everyone on the internet. Suddenly all their security shortcomings (no 
 passwords, password for the password etc) are going to have catastrophic 
 consequences. I foresee an exponential leap in the  number of hacks of 
 consumer devices which will have repercussions well beyond their local 
 network. In my opinion that's going to be the biggest problem with IPv6, not 
 all the concerns about the inner workings of the protocols. I'm guessing the 
 manufacturers of consumer grade networkable devices are still thinking about 
 security as it applies to LANs with rfc 1918 address space behind a firewall 
 and haven't rethought security as it applies to IPv6.
 

Sigh... 

Continuing to propagate this myth doesn't make it any more true than it was 10 
years ago.

NAT != Security
End-to-End addressing != End-to-End connectivity
It will not be long before the average residential IPv6 gateway comes with a 
default deny all inbound stateful firewall built in. Once you have that, your 
hosts are not exposed naked to everyone on the internet. In fact, they are no 
more exposed than with NAT with the key difference being that if you choose to 
expose one or more hosts, you have the option of deliberately doing so.

Actually, I know for certain that most of the CPE manufacturers are 
participating in the effort to draft better security requirements for 
residential gateways as a current ID and hopefully an RFC soon. I believe, as a 
matter of fact, that this is a BIS document being intended as a more 
comprehensive improvement over the initial version.

Owen

Re: IPv6 end user addressing

2011-08-11 Thread Scott Helms


On 8/11/2011 5:28 PM, Owen DeLong wrote:

You're talking about the front end residential gateway that you manage. I'm 
talking about
the various gateways and things you might not yet expect to provide gateways 
that residential
end users will deploy on their own within their environments.


The question I asked you is why should I as the service provider deploy 
routers rather than bridges as CPE gear for residential customers.  If 
you didn't understand the question or didn't want to address that 
specific questions that's fine, but you certainly didn't answer that 
question.



Of course, in order for the ISP to properly support these things in the home, 
the ISP
needs to terminate some form of IPv6 on some form of CPE head-end router in the
home to which he will (statically or otherwise) route the /48 whether it is 
statically
assigned or configured via DHCPv6-PD.


What is a CPE head-end router?  That seems like an oxymoron.  Where 
would such an animal live, in the home or the head end/central office?  
Who is responsible for purchasing it and managing it in your mind?




Owen

On Aug 11, 2011, at 1:28 PM, Scott Helms wrote:


Owen,

The fact that you're immediately going to routing means you don't understand 
the problem.  The costs I'm talking about don't have anything to do with routing or 
any of the core gear and everything to do with the pieces at the customer premise.  
Routers cost more to purchase than bridges because there is more complexity 
(silicon  software).  Routers also cost more to manage for a service provider 
in almost all cases for residential customers.  There are reasons to deploy routing 
CPE in some cases (the use cases are increasing with IP video in DOCSIS systems) 
but they are still very nascent.

On 8/10/2011 7:24 PM, Owen DeLong wrote:

I'm pretty sure that I understand those things reasonably well. I'm quite 
certain that it doesn't
cost an ISP significantly more to deploy /48s than /56s as addresses don't have 
much of a
cost and there is little or no difficulty in obtaining large allocations for 
ISPs that have lots of
residential users. The difference between handing a user's CPE a /56 and a /48 
will not make
for significant difference in support costs, either, other than the possible 
additional costs of
the phone calls when users start to discover that /56s were not enough.


Owen

On Aug 10, 2011, at 11:43 AM, Scott Helms wrote:


Tim,

Hence the might.  I worry when people start throwing around terms like routing in 
the home that they don't understand the complexities of balancing the massive CPE installed base, 
technical features, end user support, ease of installation   managemenet, and (perhaps most 
importantly) the economics of mass adoption.  This one of the choices that made DSL deployments 
more complex and expensive than DOCSIS cable deployments which in turn caused the CEO of ATT 
to say their entire DSL network is obsolete.
http://goo.gl/exwqu



On 8/10/2011 12:57 PM, Tim Chown wrote:

On 10 Aug 2011, at 16:11, Scott Helms wrote:


Neither of these are true, though in the future we _might_ have deployable 
technology that allows for automated routing setup (though I very seriously 
doubt it) in the home.  Layer 2 isolation is both easier and more reliable than 
attempting it at layer 3 which is isolation by agreement, i.e. it doesn't 
really exist.

Well, there is some new effort on this in the homenet WG in IETF.

For snooping IPv6 multicast it's MLD snooping rather than IGMP.  We use it in 
our enterprise since we have multiple multicast video channels in use.

Tim


On 8/10/2011 9:02 AM, Owen DeLong wrote:

Bridging eliminates the multicast isolation that you get from routing.

This is not a case for bridging, it's a case for making it possible to do real
routing in the home and we now have the space and the technology to
actually do it in a meaningful and sufficiently automatic way as to be
applicable to Joe 6-Mac.


--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000

http://twitter.com/kscotthelms




--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000

http://twitter.com/kscotthelms




--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000

http://twitter.com/kscotthelms






--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000

http://twitter.com/kscotthelms

Re: IPv6 end user addressing

2011-08-11 Thread Brian E Carpenter

Eugen,

On 2011-08-11 21:53, Eugen Leitl wrote:
 On Thu, Aug 11, 2011 at 01:52:10PM +1200, Brian E Carpenter wrote:
 
 Well, we know that the human population will stabilise somewhere below
 ten billion by around 2050. The current unicast space provides for about
 
 How about the machine population? How about self-replicating systems?

I think considering the size of such systems as a function of
the size of the human population is quite reasonable, in terms
of thinking about natural and economic limits to growth.

 How about geography-based address allocation, to go away with global routing
 tables? 

That is a whole discussion in itself, but in any case it surely
won't be part of 2000::/3. Additionally, the number of prefixes
needed for any reasonable geographic scheme is quite trivial
compared to the trillions available.

 How about InterPlaNet, such as LEO routers, solar power
 satellites, controlling industrial production on the Moon and elsewhere?

Probably also trivial numbers compared to 15 trillion /48s,
but if not, again, we are not limited to 2000::/3 for ever.

EOF for me on this sub-topic.

   Brian

Re: IPv6 end user addressing


On Aug 11, 2011, at 2:53 PM, Scott Helms wrote:

 On 8/11/2011 5:28 PM, Owen DeLong wrote:
 You're talking about the front end residential gateway that you manage. I'm 
 talking about
 the various gateways and things you might not yet expect to provide gateways 
 that residential
 end users will deploy on their own within their environments.
 
 The question I asked you is why should I as the service provider deploy 
 routers rather than bridges as CPE gear for residential customers.  If you 
 didn't understand the question or didn't want to address that specific 
 questions that's fine, but you certainly didn't answer that question.
 

I think i did below. However, in my region of the world, most service providers 
don't provide the
CPE and most customers are BYOB.

 Of course, in order for the ISP to properly support these things in the 
 home, the ISP
 needs to terminate some form of IPv6 on some form of CPE head-end router in 
 the
 home to which he will (statically or otherwise) route the /48 whether it is 
 statically
 assigned or configured via DHCPv6-PD.
 
 What is a CPE head-end router?  That seems like an oxymoron.  Where would 
 such an animal live, in the home or the head end/central office?  Who is 
 responsible for purchasing it and managing it in your mind?
 

In the home and the consumer is responsible. The fact that you utterly want to 
avoid
the concept of topology in the home shows me that you really aren't 
understanding
where things already are in many homes and where they are going in the future.

ISP-CPE Head End Router-Multiple additional routers and other deivces some 
of which have additional routers and or topology behind them.

Some definitions of the above pseudo-diagram already exist in many people's
homes (and I am including Joe six-pack in this) today.

Lots of users string wired and wireless routers together in multiple layers 
with and
without NAT in various (and often creative albeit not necessarily constructive) 
ways
within their homes.

Today, all of that is hidden from you because their CPE head end router (the one
that talks to your supplied bridge in most cases) NATs it all behind one 
address.

In the future, it will be semi-visible in that you'll see the additional 
addresses, but,
you still won't have to do anything about it because it's routed and all you 
have
to do is deliver the /48 instead of delivering the /128 (equivalent of the /32 
you
deliver today).

Owen

 
 Owen
 
 On Aug 11, 2011, at 1:28 PM, Scott Helms wrote:
 
 Owen,
 
The fact that you're immediately going to routing means you don't 
 understand the problem.  The costs I'm talking about don't have anything to 
 do with routing or any of the core gear and everything to do with the 
 pieces at the customer premise.  Routers cost more to purchase than bridges 
 because there is more complexity (silicon  software).  Routers also cost 
 more to manage for a service provider in almost all cases for residential 
 customers.  There are reasons to deploy routing CPE in some cases (the use 
 cases are increasing with IP video in DOCSIS systems) but they are still 
 very nascent.
 
 On 8/10/2011 7:24 PM, Owen DeLong wrote:
 I'm pretty sure that I understand those things reasonably well. I'm quite 
 certain that it doesn't
 cost an ISP significantly more to deploy /48s than /56s as addresses don't 
 have much of a
 cost and there is little or no difficulty in obtaining large allocations 
 for ISPs that have lots of
 residential users. The difference between handing a user's CPE a /56 and a 
 /48 will not make
 for significant difference in support costs, either, other than the 
 possible additional costs of
 the phone calls when users start to discover that /56s were not enough.
 
 
 Owen
 
 On Aug 10, 2011, at 11:43 AM, Scott Helms wrote:
 
 Tim,
 
Hence the might.  I worry when people start throwing around terms 
 like routing in the home that they don't understand the complexities of 
 balancing the massive CPE installed base, technical features, end user 
 support, ease of installation   managemenet, and (perhaps most 
 importantly) the economics of mass adoption.  This one of the choices 
 that made DSL deployments more complex and expensive than DOCSIS cable 
 deployments which in turn caused the CEO of ATT to say their entire DSL 
 network is obsolete.
 http://goo.gl/exwqu
 
 
 
 On 8/10/2011 12:57 PM, Tim Chown wrote:
 On 10 Aug 2011, at 16:11, Scott Helms wrote:
 
 Neither of these are true, though in the future we _might_ have 
 deployable technology that allows for automated routing setup (though I 
 very seriously doubt it) in the home.  Layer 2 isolation is both easier 
 and more reliable than attempting it at layer 3 which is isolation by 
 agreement, i.e. it doesn't really exist.
 Well, there is some new effort on this in the homenet WG in IETF.
 
 For snooping IPv6 multicast it's MLD snooping rather than IGMP.  We use 
 it in our enterprise since we have multiple multicast video

Re: IPv6 end user addressing

2011-08-11 Thread Greg Ihnen


On Aug 11, 2011, at 5:05 PM, Owen DeLong wrote:

 
 I respectfully disagree. If appliance manufacturers jump on the bandwagon to 
 make their device *Internet Ready!* we'll see appliance makers who have way 
 less networking experience than Linksys/Cisco getting into the fray. I 
 highly doubt the pontifications of these Good Morning America technology 
 gurus who predict all these changes are coming to the home. Do we really 
 think appliance manufacturers are going to agree on standards for keeping 
 track of how much milk is in the fridge, especially as not just 
 manufacturing but also engineering is moving to countries like China? How 
 about the predictions that have been around for years about appliances which 
 will alert the manufacturer about impending failure so they can call you and 
 you can schedule the repair before there's a breakdown? Remember that one? 
 We don't even have an appliance about to break, call repairman idiot light 
 on appliances yet.
 
 What standards?  The RFID tag on the milk carton will, essentially, replace 
 the bar code once RFID tags become cheap enough. It'll be like an 
 uber-barcode with a bunch more information.
 
 For keeping track of how much, cheap sensitive pressure transducers will know 
 by the position of the RFID tag combined with the weight of the thing at that 
 location in the refrigerator. There's no new standard required.
 
 The technology to do this exists today. The integration and mainstream 
 acceptance is still years, if not decades off, but, IPv6 should last for 
 decades, so, if we don't plan for at least the things we can see coming today 
 and already know feasible ways to implement, we're doomed for the other 
 unexpected things we don't see coming.
 

What reads the RFID's and the pressure sensors? What server or application 
receives this data and deals with it according to the user's desires? How does 
that data or the information and alerts this system would generate get to the 
user's devices? There has to be a device in the home or a server somewhere for 
a service the home owner subscribes to which keeps an inventory of all these 
things and acts on it. 

Do you really think it's going to be common place for people to have this kind 
of technology and more importantly use it?

I think the kitchen you foresee is the kind of dream kitchen the kind of people 
who imbed RFID chips in themselves so they can have a house that opens the 
doors and turns on the lights as they approach.

You don't have a chip in you, do you?


 But I predict the coming of IPv6 to the home in a big way will have 
 unintended consequences.
 
 
 Definitely.
 
 
 I think the big shock for home users regarding IPv6 will be suddenly having 
 their IPv4 NAT firewall being gone and all their devices being exposed naked 
 to everyone on the internet. Suddenly all their security shortcomings (no 
 passwords, password for the password etc) are going to have catastrophic 
 consequences. I foresee an exponential leap in the  number of hacks of 
 consumer devices which will have repercussions well beyond their local 
 network. In my opinion that's going to be the biggest problem with IPv6, not 
 all the concerns about the inner workings of the protocols. I'm guessing the 
 manufacturers of consumer grade networkable devices are still thinking about 
 security as it applies to LANs with rfc 1918 address space behind a firewall 
 and haven't rethought security as it applies to IPv6.
 
 
 Sigh... 
 
 Continuing to propagate this myth doesn't make it any more true than it was 
 10 years ago.

I'm sorry, what was the myth there? The public overall uses bad passwords and 
knowingly does not comply with security best practices? More connectivity is 
going to bring more problems and exploits? Those myths?

 
 NAT != Security
 End-to-End addressing != End-to-End connectivity
 It will not be long before the average residential IPv6 gateway comes with a 
 default deny all inbound stateful firewall built in. Once you have that, your 
 hosts are not exposed naked to everyone on the internet. In fact, they are no 
 more exposed than with NAT with the key difference being that if you choose 
 to expose one or more hosts, you have the option of deliberately doing so.

We'll see.

 
 Actually, I know for certain that most of the CPE manufacturers are 
 participating in the effort to draft better security requirements for 
 residential gateways as a current ID and hopefully an RFC soon. I believe, as 
 a matter of fact, that this is a BIS document being intended as a more 
 comprehensive improvement over the initial version.
 
 Owen

Re: IPv6 end user addressing

2011-08-11 Thread Matthew Moyle-Croft


On 11/08/2011, at 1:33 PM, Owen DeLong wrote:

 
 On Aug 10, 2011, at 7:45 PM, Mark Newton wrote:
 
 
 On 11/08/2011, at 8:42 AM, Owen DeLong wrote:
 
 I suppose that limiting enough households to too small an allocation
 will have that effect. I would rather we steer the internet deployment
 towards liberal enough allocations to avoid such disability for the
 future.
 
 
 I see the lack of agreement on whether /48 or /56 or /60 is good for a
 home network to be a positive thing.
 
 As long as there's no firm consensus, router vendors will have to implement
 features which don't make silly hard-coded assumptions.
 
 Yes and no. In terms of potential innovations, if enough of the market chooses
 /60, they will hard code the assumption that they cannot count on more than
 a /60 being available into their development process regardless of what
 gets into the router. Sure, they won't be able to assume you can't get a /48,
 but, they also won't necessarily implement features that would take advantage
 of a /48.


Abundance doesn't drive innovations.  Scarcity does.  IPv6 does not have a 
scarcity issue.  I assert that IPv6 addressing is not going to now or ever do 
anything particularly innovative that can't be done better at other, more 
relevant, layers.  

The time for arguing about arbitrary things that make no difference to the end 
customers has passed.  The navel gazing must cease and we must move forward on 
IPv6 to the home rather than continuing the confusion about this and other IPv6 
arbitrary bit obsession stuff.

We need to stop spending our time on rearranging the Titanic's deckchairs and 
get the profanity on with stopping the crashing into the iceberg by providing 
clear leadership on getting IPv6 to the masses to enable their APPLICATIONS and 
EXPERIENCE without the impending doom of IPv4 CGN.

My name is Matthew, I HAVE given my customers the ability to get IPv6 and I 
don't give a flying one about the prefix length, I care about getting ANY 
prefix to the end users so they can use it and solve the issues at their end.  
I AM enabling innovation just by doing that.  

MMC

Re: IPv6 end user addressing


On Aug 11, 2011, at 5:08 PM, Matthew Moyle-Croft wrote:

 
 On 11/08/2011, at 1:33 PM, Owen DeLong wrote:
 
 
 On Aug 10, 2011, at 7:45 PM, Mark Newton wrote:
 
 
 On 11/08/2011, at 8:42 AM, Owen DeLong wrote:
 
 I suppose that limiting enough households to too small an allocation
 will have that effect. I would rather we steer the internet deployment
 towards liberal enough allocations to avoid such disability for the
 future.
 
 
 I see the lack of agreement on whether /48 or /56 or /60 is good for a
 home network to be a positive thing.
 
 As long as there's no firm consensus, router vendors will have to implement
 features which don't make silly hard-coded assumptions.
 
 Yes and no. In terms of potential innovations, if enough of the market 
 chooses
 /60, they will hard code the assumption that they cannot count on more than
 a /60 being available into their development process regardless of what
 gets into the router. Sure, they won't be able to assume you can't get a /48,
 but, they also won't necessarily implement features that would take advantage
 of a /48.
 
 
 Abundance doesn't drive innovations.  Scarcity does.  IPv6 does not have a 
 scarcity issue.  I assert that IPv6 addressing is not going to now or ever do 
 anything particularly innovative that can't be done better at other, more 
 relevant, layers.  
 

Abundance won't drive innovation, but, scarcity can block it.

If enough providers limit their residential customers to /60s, then, that will 
become the defining limit to which vendors implement.

 The time for arguing about arbitrary things that make no difference to the 
 end customers has passed.  The navel gazing must cease and we must move 
 forward on IPv6 to the home rather than continuing the confusion about this 
 and other IPv6 arbitrary bit obsession stuff.
 

On that I believe we are in complete agreement. Let's deploy IPv6 to end users 
and give them /48s and move on.

 We need to stop spending our time on rearranging the Titanic's deckchairs and 
 get the profanity on with stopping the crashing into the iceberg by 
 providing clear leadership on getting IPv6 to the masses to enable their 
 APPLICATIONS and EXPERIENCE without the impending doom of IPv4 CGN.
 

Again, no argument.

 My name is Matthew, I HAVE given my customers the ability to get IPv6 and I 
 don't give a flying one about the prefix length, I care about getting ANY 
 prefix to the end users so they can use it and solve the issues at their end. 
  I AM enabling innovation just by doing that.  
 

My name is Owen. I work for an ISP that gives IPv6 to our customers and anyone 
else who cares to connect.

We care about prefix length because we believe it will impact innovation for 
many years.

Yes, getting something to end users is more important than how big of a prefix 
we give them. On that, MMC and I are in complete agreement.

However, there are choices to be made in how we do it and giving out /48s costs 
virtually nothing and yields real potential benefits. There
is no meaningful advantage to placing arbitrary limits below /48 on residential 
customers.

Owen

Re: IPv6 end user addressing

2011-08-11 Thread Cameron Byrne

On Aug 11, 2011 5:25 PM, Owen DeLong o...@delong.com wrote:


 On Aug 11, 2011, at 5:08 PM, Matthew Moyle-Croft wrote:

 
  On 11/08/2011, at 1:33 PM, Owen DeLong wrote:
 
 
  On Aug 10, 2011, at 7:45 PM, Mark Newton wrote:
 
 
  On 11/08/2011, at 8:42 AM, Owen DeLong wrote:
 
  I suppose that limiting enough households to too small an allocation
  will have that effect. I would rather we steer the internet
deployment
  towards liberal enough allocations to avoid such disability for the
  future.
 
 
  I see the lack of agreement on whether /48 or /56 or /60 is good for a
  home network to be a positive thing.
 
  As long as there's no firm consensus, router vendors will have to
implement
  features which don't make silly hard-coded assumptions.
 
  Yes and no. In terms of potential innovations, if enough of the market
chooses
  /60, they will hard code the assumption that they cannot count on more
than
  a /60 being available into their development process regardless of what
  gets into the router. Sure, they won't be able to assume you can't get
a /48,
  but, they also won't necessarily implement features that would take
advantage
  of a /48.
 
 
  Abundance doesn't drive innovations.  Scarcity does.  IPv6 does not have
a scarcity issue.  I assert that IPv6 addressing is not going to now or ever
do anything particularly innovative that can't be done better at other, more
relevant, layers.
 

 Abundance won't drive innovation, but, scarcity can block it.

 If enough providers limit their residential customers to /60s, then, that
will become the defining limit to which vendors implement.

  The time for arguing about arbitrary things that make no difference to
the end customers has passed.  The navel gazing must cease and we must move
forward on IPv6 to the home rather than continuing the confusion about this
and other IPv6 arbitrary bit obsession stuff.
 

 On that I believe we are in complete agreement. Let's deploy IPv6 to end
users and give them /48s and move on.

  We need to stop spending our time on rearranging the Titanic's
deckchairs and get the profanity on with stopping the crashing into the
iceberg by providing clear leadership on getting IPv6 to the masses to
enable their APPLICATIONS and EXPERIENCE without the impending doom of IPv4
CGN.
 

 Again, no argument.

  My name is Matthew, I HAVE given my customers the ability to get IPv6
and I don't give a flying one about the prefix length, I care about getting
ANY prefix to the end users so they can use it and solve the issues at their
end.  I AM enabling innovation just by doing that.
 

 My name is Owen. I work for an ISP that gives IPv6 to our customers and
anyone else who cares to connect.

 We care about prefix length because we believe it will impact innovation
for many years.

 Yes, getting something to end users is more important than how big of a
prefix we give them. On that, MMC and I are in complete agreement.

 However, there are choices to be made in how we do it and giving out /48s
costs virtually nothing and yields real potential benefits. There
 is no meaningful advantage to placing arbitrary limits below /48 on
residential customers.


I agree that this debate  is confusing people and will not be solved here.
Let's move on to a more productive topic. There is more than one way to
deploy ipv6. Do what's right for your own users and network.

Cb
 Owen

Re: IPv6 end user addressing

2011-08-11 Thread Mark Newton


On 12/08/2011, at 7:23 AM, Scott Helms wrote:

 The question I asked you is why should I as the service provider deploy 
 routers rather than bridges as CPE gear for residential customers. 

As a service provider, you don't want to burn an expensive TCAM slot to make
IPv6 ND work for every device a customer places on their LAN.

As a service provider, it's better to burn one TCAM slot per customer for the
prefix you route to them, and leave adjacency relationships within their home
to them.

Think of MAC address table size limits on switches.  Similar problem.

  - mark


--
Mark Newton   Email:  new...@internode.com.au (W)
Network Engineer  Email:  new...@atdot.dotat.org  (H)
Internode Pty Ltd Desk:   +61-8-82282999
Network Man - Anagram of Mark Newton  Mobile: +61-416-202-223

Re: IPv6 end user addressing

2011-08-10 Thread Alexander Harrowell

On Monday 08 Aug 2011 22:00:52 Owen DeLong wrote:
 
 On Aug 8, 2011, at 7:12 AM, Mohacsi Janos wrote:
 
  
  
  On Mon, 8 Aug 2011, valdis.kletni...@vt.edu wrote:
  
  On Mon, 08 Aug 2011 10:15:17 +0200, Mohacsi Janos said:
  
  - Home users - they usually don't know what is subnet. Setting up
  different subnets in their SOHO router can be difficult. Usually 
the
  simple 1 subnet for every device is enough for them. Separating 
some
  devices into  a separate subnets is usually enough for the most
  sophisticated home users. If  not then he can opt for business 
service
  
  You don't want to make the assumption that just because Joe Sixpack 
doesn't
  know what a subnet is, that Joe Sixpack's CPE doesn't know either.
  
  And remember that if it's 3 hops from one end of Joe Sixpack's 
internal net to
  the other, you're gonna burn a few bits to support heirarchical 
routing so you
  don't need a routing protocol. So if Joe's exterior-facing CPU gets 
handed a
  /56 by the provider, and it hands each device it sees a /60 in case 
it's a
  device that routes too, it can only support 14 devices.  And if one 
of the
  
  more exactly 16 routing devices. You don't have to count the all 0 
and all 1 as reserved maybe each deeice can see /57 or /58 or 
/59 depending of capabilities your devices
  
  I think daisy chaining of CPE routers is bad idea - as probably done 
in several IPv4 home networks. Why would you build several hierarchy 
into you network if it is unnecessary?
  
  
 I can see things like wanting to have an entertainment systems network 
that is fronted
 by a router with additional networks for each entertainment system 
fronted by their
 own router, segmentation of various appliance networks with possibly 
an appliance
 front-end router, etc.
 
 There are lots of possibilities we haven't thought of here yet. 
Limiting end-users
 to /56 or worse will only stifle the innovation that will help us 
identify the possibilities.
 For this, if no other reason, (and I cite the limitations under which 
we have begun
 to frame our assumptions about how the internet works as a result of 
NAT as an
 example), I think we should avoid preserving this cultural 
conditioning in IPv6.
 
 
 Owen
 
 


Thinking about the CPE thread, isn't this a case for bridging as a 
feature in end-user devices? If Joe's media-centre box etc would bridge 
its downstream ports to the upstream port, the devices on them could 
just get an address, whether by DHCPv6 from the CPE router's delegation 
or by SLAAC, and then register in local DNS or more likely do multicast-
DNS so they could find each other. 


And then it really doesn't matter; everything gets its address, nothing 
is NATted, every address is mapped to a meaningful hostname.


Perhaps you'd need more aggregation and routing in the glorious one-IP-
per-nanite-and-Facebook-fridges future, but that's for another day once 
we've got fusion and a rational system of government out of the way:-) 
Joe's network as described isn't big enough or clever enough to need 
multiple routers. It's just a small LAN and it's only Joe's weirdness in 
using a $500 Roku as a $5 hank of cat5e and a $20 4-port switch that 
prevents it from being so.


Not all problems should be solved by routing - but a list full of 
router people is inherently likely to try to solve all its problems 
with more routers and routing.
-- 
The only thing worse than e-mail disclaimers...is people who send e-mail 
to lists complaining about them


signature.asc
Description: This is a digitally signed message part.

Re: IPv6 end user addressing

 
 Thinking about the CPE thread, isn't this a case for bridging as a 
 feature in end-user devices? If Joe's media-centre box etc would bridge 
 its downstream ports to the upstream port, the devices on them could 
 just get an address, whether by DHCPv6 from the CPE router's delegation 
 or by SLAAC, and then register in local DNS or more likely do multicast-
 DNS so they could find each other. 
 
Why do I want my kid's network seeing all the multicast packets that are
streaming the adult video from the player to the TV and the Amp in the
master bedroom?

Why do I want my appliance network's multicast packets getting tossed
around on the guest wireless?

Bridging eliminates the multicast isolation that you get from routing.

This is not a case for bridging, it's a case for making it possible to do real
routing in the home and we now have the space and the technology to
actually do it in a meaningful and sufficiently automatic way as to be
applicable to Joe 6-Mac.

 
 And then it really doesn't matter; everything gets its address, nothing 
 is NATted, every address is mapped to a meaningful hostname.
 

This assumption that an entire household should be a single broadcast
(or multicast) domain is fundamentally broken and needs to change
going forward.

 
 Perhaps you'd need more aggregation and routing in the glorious one-IP-
 per-nanite-and-Facebook-fridges future, but that's for another day once 
 we've got fusion and a rational system of government out of the way:-) 
 Joe's network as described isn't big enough or clever enough to need 
 multiple routers. It's just a small LAN and it's only Joe's weirdness in 
 using a $500 Roku as a $5 hank of cat5e and a $20 4-port switch that 
 prevents it from being so.
 

I think that the nanites and fridges that talk to other kitchen storage
systems will actually happen well before fusion or rational government.

Just because what you describe of today's situation is an accurate
picture of today does not mean it is how we should plan IPv6. Remember,
we don't want to have to replan IPv6 or switch to yet another numbering
system for several years, if not decades. In case you hadn't noticed, doing
so at today's scale is hard. Imagine what it will be like next time.

 
 Not all problems should be solved by routing - but a list full of 
 router people is inherently likely to try to solve all its problems 
 with more routers and routing.

There are reasons to route and reasons to switch. I don't consider myself
a router person, but, I do consider myself a network engineer, so, I try
to use the right tool for the right job. In the case of LAN isolation which
I can see several desirable applications for in a home, I think routing
is a better choice than switching.

Remember, the multicast scopes in IPv6 are interface, link, and larger.
There's no scope in between everything on this interface and everything
on this link. (link == layer 3 network).

Owen

Re: IPv6 end user addressing

2011-08-10 Thread Jeroen Massar

On 2011-08-10 15:02 , Owen DeLong wrote:
[..]
 Why do I want my appliance network's multicast packets getting tossed
 around on the guest wireless?

Even wikipedia knows the answer to that:
http://en.wikipedia.org/wiki/IGMP_snooping
which is the first hit for IGMP snooping, which is generally a feature
that is present in the better (and thus more expensive) switching gear
(and thus probably not present in every home, but those homes probably
also don't care about that).

Granted, routing is the better and more appropriate way to isolate these
kind of packets and definitely more appropriate for broadcast nastyness
(mDNS is such a nice one there too...).

That said, /56 or /48 to the home should be what is happening.

The whole point of settling on a single prefix btw is so that networks
can at least keep the same numbering plan when they switch from one PA
prefix to another.

Greets,
 Jeroen

PS: the more power to your kids if they can sniff the network for your
'adult content', decode it, and then actually watch it (though if they
are technically inclined actually not too difficult, but heck, is that
not where crypto comes into play, as when they can pull that off on your
kiddienetwork they can also just plug something into the kiddie-'adult
content'-network and sniff it off there... something with 802.1x comes
to mind to solve that step.

Re: IPv6 end user addressing

2011-08-10 Thread Alexander Harrowell

On Wednesday 10 Aug 2011 14:57:54 Jeroen Massar wrote:
 PS: the more power to your kids if they can sniff the network for your
 'adult content', decode it, and then actually watch it 

Indeed; I'd be more interested in making sure that, say, you can 
efficiently multicast the live footy to two different screens in the 
house, and things work automatically so they get used. 

I think we're operating on radically different Bayesian priors here and 
I wonder if a European/American issue is involved.

(PS, can you buy a switch that will do production grade IPv6, i.e. with 
things like RA guard, and not do IGMP-snooping?)


-- 
The only thing worse than e-mail disclaimers...is people who send e-mail 
to lists complaining about them


signature.asc
Description: This is a digitally signed message part.

Re: IPv6 end user addressing

2011-08-10 Thread Scott Helms

Neither of these are true, though in the future we _might_ have 
deployable technology that allows for automated routing setup (though I 
very seriously doubt it) in the home.  Layer 2 isolation is both easier 
and more reliable than attempting it at layer 3 which is isolation by 
agreement, i.e. it doesn't really exist.


On 8/10/2011 9:02 AM, Owen DeLong wrote:


Bridging eliminates the multicast isolation that you get from routing.

This is not a case for bridging, it's a case for making it possible to do real
routing in the home and we now have the space and the technology to
actually do it in a meaningful and sufficiently automatic way as to be
applicable to Joe 6-Mac.



--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000

http://twitter.com/kscotthelms

Re: IPv6 end user addressing

2011-08-10 Thread Tim Chown


On 10 Aug 2011, at 16:11, Scott Helms wrote:

 Neither of these are true, though in the future we _might_ have deployable 
 technology that allows for automated routing setup (though I very seriously 
 doubt it) in the home.  Layer 2 isolation is both easier and more reliable 
 than attempting it at layer 3 which is isolation by agreement, i.e. it 
 doesn't really exist.

Well, there is some new effort on this in the homenet WG in IETF.

For snooping IPv6 multicast it's MLD snooping rather than IGMP.  We use it in 
our enterprise since we have multiple multicast video channels in use.

Tim

 On 8/10/2011 9:02 AM, Owen DeLong wrote:
 
 Bridging eliminates the multicast isolation that you get from routing.
 
 This is not a case for bridging, it's a case for making it possible to do 
 real
 routing in the home and we now have the space and the technology to
 actually do it in a meaningful and sufficiently automatic way as to be
 applicable to Joe 6-Mac.
 
 
 -- 
 Scott Helms
 Vice President of Technology
 ISP Alliance, Inc. DBA ZCorum
 (678) 507-5000
 
 http://twitter.com/kscotthelms

Re: IPv6 end user addressing


On Aug 10, 2011, at 6:57 AM, Jeroen Massar wrote:

 On 2011-08-10 15:02 , Owen DeLong wrote:
 [..]
 Why do I want my appliance network's multicast packets getting tossed
 around on the guest wireless?
 
 Even wikipedia knows the answer to that:
 http://en.wikipedia.org/wiki/IGMP_snooping
 which is the first hit for IGMP snooping, which is generally a feature
 that is present in the better (and thus more expensive) switching gear
 (and thus probably not present in every home, but those homes probably
 also don't care about that).
 

That would be the answer to why I DON'T want that happening, but, why
would I WANT it to happen when, as you said, the better and more
appropriate solution is to route.

Unless you have some benefit to offer from NOT Routing, I stand by
my statement.

 Granted, routing is the better and more appropriate way to isolate these
 kind of packets and definitely more appropriate for broadcast nastyness
 (mDNS is such a nice one there too...).
 
 That said, /56 or /48 to the home should be what is happening.
 

That said, /48 to the home should be what is happening, and /56 is
a better compromise than anything smaller.

 The whole point of settling on a single prefix btw is so that networks
 can at least keep the same numbering plan when they switch from one PA
 prefix to another.
 

That would be nice as well, but, unfortunately, it is obvious at this point
that some ISPs will unfortunately refuse to give home users /48s.

 Greets,
 Jeroen
 
 PS: the more power to your kids if they can sniff the network for your
 'adult content', decode it, and then actually watch it (though if they
 are technically inclined actually not too difficult, but heck, is that
 not where crypto comes into play, as when they can pull that off on your
 kiddienetwork they can also just plug something into the kiddie-'adult
 content'-network and sniff it off there... something with 802.1x comes
 to mind to solve that step.

The chances of the average amplifier and television supporting that
level of encryption in a way that the hypothetical kids in this situation
would be unable to decrypt a stream that does work between the
source and the television and amplifier are pretty slim IMHO.

Heck, I can't even get any one of those devices to speak IPv6 yet, let
alone all of them and with cryptography to boot.

Owen

Re: IPv6 end user addressing

On Wed, Aug 10, 2011 at 6:55 AM, Alexander Harrowell
a.harrow...@gmail.com wrote:
 Thinking about the CPE thread, isn't this a case for bridging as a
 feature in end-user devices? If Joe's media-centre box etc would bridge
 its downstream ports to the upstream port, the devices on them could
 just get an address, whether by DHCPv6 from the CPE router's delegation
 or by SLAAC, and then register in local DNS or more likely do multicast-
 DNS so they could find each other.

This would require the ISP gateway to have IPv6 ND entries for all of
the end-user's devices.  If that is only a few devices, like the
typical SOHO LAN today, that's probably fine.  It is not fine if I
purchase some IPv6-connected nanobots.  Given today's routers, it is
probably not even fine if the average SOHO goes from 1 state entry to
just 20 or 30.  I have about 20 devices in my home that use the
Internet -- TVs, DVRs, VoIP telephones, printer, mobile phones with
Wi-Fi, a couple of video game consoles, etc.  I imagine that is not
atypical these days.

-- 
Jeff S Wheeler j...@inconcepts.biz
Sr Network Operator  /  Innovative Network Concepts

Re: IPv6 end user addressing

On Wed, Aug 10, 2011 at 2:03 PM, Owen DeLong o...@delong.com wrote:
 That said, /48 to the home should be what is happening, and /56 is
 a better compromise than anything smaller.

Is hierarchical routing within the SOHO network the reason you believe
/48 is useful?  You don't really imagine that end-users will require
more than 2^8 subnets, but that they will want several levels of very
simple, nibble-aligned routers within their network?

This is perhaps a good discussion to have.  I, for one, see CPE
vendors still shipping products without IPv6 support at all, let alone
any mechanism for creating an address or routing hierarchy within the
home without the end-user configuring it himself.  I am not aware of
any automatic means to do this, or even any working group trying to
produce that feature.

Is it true that there is no existing work on this?  If that is the
case, why would we not try to steer any such future work in such a way
that it can manage to do what the end-user wants without requiring a
/48 in their home?

-- 
Jeff S Wheeler j...@inconcepts.biz
Sr Network Operator  /  Innovative Network Concepts

Re: IPv6 end user addressing

2011-08-10 Thread Scott Helms


Tim,

Hence the might.  I worry when people start throwing around terms 
like routing in the home that they don't understand the complexities of 
balancing the massive CPE installed base, technical features, end user 
support, ease of installation  managemenet, and (perhaps most 
importantly) the economics of mass adoption.  This one of the choices 
that made DSL deployments more complex and expensive than DOCSIS cable 
deployments which in turn caused the CEO of ATT to say their entire DSL 
network is obsolete.

http://goo.gl/exwqu



On 8/10/2011 12:57 PM, Tim Chown wrote:

On 10 Aug 2011, at 16:11, Scott Helms wrote:


Neither of these are true, though in the future we _might_ have deployable 
technology that allows for automated routing setup (though I very seriously 
doubt it) in the home.  Layer 2 isolation is both easier and more reliable than 
attempting it at layer 3 which is isolation by agreement, i.e. it doesn't 
really exist.

Well, there is some new effort on this in the homenet WG in IETF.

For snooping IPv6 multicast it's MLD snooping rather than IGMP.  We use it in 
our enterprise since we have multiple multicast video channels in use.

Tim


On 8/10/2011 9:02 AM, Owen DeLong wrote:

Bridging eliminates the multicast isolation that you get from routing.

This is not a case for bridging, it's a case for making it possible to do real
routing in the home and we now have the space and the technology to
actually do it in a meaningful and sufficiently automatic way as to be
applicable to Joe 6-Mac.


--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000

http://twitter.com/kscotthelms









--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000

http://twitter.com/kscotthelms

Re: IPv6 end user addressing

There is some deployable technology that allows some aspects of this today.
Yes, it's in its infancy. Small prefix limitations will guarantee it never sees 
the
light of day just as NAT precluded many useful innovations from getting 
deployed.

Layer 3 isolation is only isolation by agreement if the hosts have some way
to get on the same physical or logical LAN layer 2 segment. Otherwise, layer 3
isolation is as effective as any firewall. Layer 2 isolation, OTOH, is both
harder to administer and no more effective than layer 3. If you can bypass 
layer 3
by connecting to the same LAN segment, chances are you can bypass layer 2
by making that LAN segment one which doesn't go through the enforcement
switch between the two devices in question.

Owen

On Aug 10, 2011, at 8:11 AM, Scott Helms wrote:

 Neither of these are true, though in the future we _might_ have deployable 
 technology that allows for automated routing setup (though I very seriously 
 doubt it) in the home.  Layer 2 isolation is both easier and more reliable 
 than attempting it at layer 3 which is isolation by agreement, i.e. it 
 doesn't really exist.
 
 On 8/10/2011 9:02 AM, Owen DeLong wrote:
 
 Bridging eliminates the multicast isolation that you get from routing.
 
 This is not a case for bridging, it's a case for making it possible to do 
 real
 routing in the home and we now have the space and the technology to
 actually do it in a meaningful and sufficiently automatic way as to be
 applicable to Joe 6-Mac.
 
 
 -- 
 Scott Helms
 Vice President of Technology
 ISP Alliance, Inc. DBA ZCorum
 (678) 507-5000
 
 http://twitter.com/kscotthelms

Re: IPv6 end user addressing


On Aug 10, 2011, at 11:17 AM, Jeff Wheeler wrote:

 On Wed, Aug 10, 2011 at 2:03 PM, Owen DeLong o...@delong.com wrote:
 That said, /48 to the home should be what is happening, and /56 is
 a better compromise than anything smaller.
 
 Is hierarchical routing within the SOHO network the reason you believe
 /48 is useful?  You don't really imagine that end-users will require
 more than 2^8 subnets, but that they will want several levels of very
 simple, nibble-aligned routers within their network?
 

Not necessarily nibble aligned, but, multiple bits per level, yes.

 This is perhaps a good discussion to have.  I, for one, see CPE
 vendors still shipping products without IPv6 support at all, let alone
 any mechanism for creating an address or routing hierarchy within the
 home without the end-user configuring it himself.  I am not aware of
 any automatic means to do this, or even any working group trying to
 produce that feature.
 

If we are stingy in address allocations, it will stifle such innovations as
the vendors tend to develop to the lowest common denominator. If we
make the allocations available, innovative ideas will make use of them.

 Is it true that there is no existing work on this?  If that is the
 case, why would we not try to steer any such future work in such a way
 that it can manage to do what the end-user wants without requiring a
 /48 in their home?
 

No, it is not true.

I suppose that limiting enough households to too small an allocation
will have that effect. I would rather we steer the internet deployment
towards liberal enough allocations to avoid such disability for the
future.

Have we learned nothing from the way NAT shaped the (lack of)
innovation in the home?

Owen

Re: IPv6 end user addressing

On Wed, Aug 10, 2011 at 7:12 PM, Owen DeLong o...@delong.com wrote:
 Is it true that there is no existing work on this?  If that is the
 case, why would we not try to steer any such future work in such a way
 that it can manage to do what the end-user wants without requiring a
 /48 in their home?

 No, it is not true.

Can you give any example of a product, or on-going work?  I have read
two posts from you today saying that something either exists already,
or is being worked on.  I haven't read this anywhere else.

 I suppose that limiting enough households to too small an allocation
 will have that effect. I would rather we steer the internet deployment
 towards liberal enough allocations to avoid such disability for the
 future.

 Have we learned nothing from the way NAT shaped the (lack of)
 innovation in the home?

I am afraid we may not have learned from exhausting IPv4.  If I may
use the Hurricane Electric tunnel broker as an example again,
supposing that is an independent service with no relation to your
hosting, transit, etc. operations, it can justify a /24 allocation
immediately under 2011-3, without even relying on growth projections.
That's a middle ground figure that we can all live with, but it is
based on you serving (at this moment) only 8000 tunnels at your
busiest tunnel gateway.  If your tunnel gateways could serve 12,288 +
1 users each, then your /24 justification grows to a /20.  So you
would have a pretty significant chunk of the available IPv6 address
space for a fairly small number of end-users -- about 72,543 at
present.

It isn't hard to do some arithmetic and guess that if every household
in the world had IPv6 connectivity from a relatively low-density
service like the above example, we would still only burn through about
3% of the IPv6 address space on end-users (nothing said about server
farms, etc. here) but what does bother me is that the typical end-user
today has one, single IP address; and now we will be issuing them 2^16
subnets; yet it is not too hard to imagine a future where the global
IPv6 address pool becomes constrained due to service-provider
inefficiency.

I would like to have innovations in SOHO devices, too; who knows what
these may be.  But I fear we may repeat the mistake that caused NAT to
be a necessity in IPv4 -- exhausting address space -- by foolishly
assuming that every household is going to need twenty-four orders of
magnitude more public addresses than it has today.

That is what these practices do -- they literally give end-users
twenty-four orders of magnitude more addresses, while it is easy to
imagine that we will come within one order of magnitude of running
completely out of IPv6 addresses for issuing to service providers.

I didn't know what the digit 1 followed by twenty-four zeroes was
called.  I had to look it up.  So our end-users will be receiving
about one-Septillion addresses to use in their home, but no one seems
to be asking what future technology we may be harming by possibly
constraining the global address pool.

-- 
Jeff S Wheeler j...@inconcepts.biz
Sr Network Operator  /  Innovative Network Concepts

Re: IPv6 end user addressing

2011-08-10 Thread Mark Andrews


In message capwatbj0kgzabcjugvbce3_njawmdu3azqli3jqv4zp6ivx...@mail.gmail.com
, Jeff Wheeler writes:
 On Wed, Aug 10, 2011 at 7:12 PM, Owen DeLong o...@delong.com wrote:
  Is it true that there is no existing work on this? =A0If that is the
  case, why would we not try to steer any such future work in such a way
  that it can manage to do what the end-user wants without requiring a
  /48 in their home?
 
  No, it is not true.
 
 Can you give any example of a product, or on-going work?  I have read
 two posts from you today saying that something either exists already,
 or is being worked on.  I haven't read this anywhere else.
 
  I suppose that limiting enough households to too small an allocation
  will have that effect. I would rather we steer the internet deployment
  towards liberal enough allocations to avoid such disability for the
  future.
 
  Have we learned nothing from the way NAT shaped the (lack of)
  innovation in the home?
 
 I am afraid we may not have learned from exhausting IPv4.  If I may
 use the Hurricane Electric tunnel broker as an example again,
 supposing that is an independent service with no relation to your
 hosting, transit, etc. operations, it can justify a /24 allocation
 immediately under 2011-3, without even relying on growth projections.
 That's a middle ground figure that we can all live with, but it is
 based on you serving (at this moment) only 8000 tunnels at your
 busiest tunnel gateway.  If your tunnel gateways could serve 12,288 +
 1 users each, then your /24 justification grows to a /20.  So you
 would have a pretty significant chunk of the available IPv6 address
 space for a fairly small number of end-users -- about 72,543 at
 present.
 
 It isn't hard to do some arithmetic and guess that if every household
 in the world had IPv6 connectivity from a relatively low-density
 service like the above example, we would still only burn through about
 3% of the IPv6 address space on end-users (nothing said about server
 farms, etc. here) but what does bother me is that the typical end-user
 today has one, single IP address; and now we will be issuing them 2^16
 subnets; yet it is not too hard to imagine a future where the global
 IPv6 address pool becomes constrained due to service-provider
 inefficiency.

No.  A typical user has 10 to 20 addresses NAT'd to one public address.
My household has

* game consoles
* laptops
* desktops
* cell phones
* voip phones
* printers

all connected to the net.  It doesn't yet have a media server but otherwise
it is pretty typical.

Someday, I expect the pantry to have a barcode reader on it connected back
a computer setup for the kitchen someday.  Most of us already use barcode
readers when we shop so its not a big step to home use.

Just about anything with fireware in it will eventually connect to the net.

The typical household already has 1 or 2 subnets.

 I would like to have innovations in SOHO devices, too; who knows what
 these may be.  But I fear we may repeat the mistake that caused NAT to
 be a necessity in IPv4 -- exhausting address space -- by foolishly
 assuming that every household is going to need twenty-four orders of
 magnitude more public addresses than it has today.
 
 That is what these practices do -- they literally give end-users
 twenty-four orders of magnitude more addresses, while it is easy to
 imagine that we will come within one order of magnitude of running
 completely out of IPv6 addresses for issuing to service providers.

Housholds can get as much internal addressing as they need today and as
many nets as they need today with RFC1918.  10/8 broken up into
to /24 is equivalent to a /48 broken up into /64s.

A /56 is equivalent to 192.168/16 broken up into its class C's.
 
 I didn't know what the digit 1 followed by twenty-four zeroes was
 called.  I had to look it up.  So our end-users will be receiving
 about one-Septillion addresses to use in their home, but no one seems
 to be asking what future technology we may be harming by possibly
 constraining the global address pool.

There was a concious decision made a decade and a half ago to got to
128 bits instead of 64 bits and give each subnet 64 bits so we would
never have to worry about the size of a subnet again.  IPv6 is about
managing networks not managing addresses.
 
 --=20
 Jeff S Wheeler j...@inconcepts.biz
 Sr Network Operator=A0 /=A0 Innovative Network Concepts
 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: IPv6 end user addressing

2011-08-10 Thread james machado

 It isn't hard to do some arithmetic and guess that if every household
 in the world had IPv6 connectivity from a relatively low-density
 service like the above example, we would still only burn through about
 3% of the IPv6 address space on end-users (nothing said about server
 farms, etc. here) but what does bother me is that the typical end-user
 today has one, single IP address; and now we will be issuing them 2^16
 subnets; yet it is not too hard to imagine a future where the global
 IPv6 address pool becomes constrained due to service-provider
 inefficiency.


what is the life expectancy of IPv6?  It won't live forever and we
can't reasonably expect it too.  I understand we don't want run out of
addresses in the next 10-40 years but what about 100? 200? 300?

We will run out and our decedents will go through re-numbering again.
The question becomes what is the life expectancy of IPv6 and does the
allocation plan make a reasonable attempt to run out of addresses
around the end of the expected life of IPv6.


 Jeff S Wheeler j...@inconcepts.biz
 Sr Network Operator  /  Innovative Network Concepts



james

Re: IPv6 end user addressing

2011-08-10 Thread Mark Andrews


In message CADVasu5qev5gUX_oQ=LyJ2JZom=vf5s56kgeq4byeq20gd7...@mail.gmail.com
, james machado writes:
  It isn't hard to do some arithmetic and guess that if every household
  in the world had IPv6 connectivity from a relatively low-density
  service like the above example, we would still only burn through about
  3% of the IPv6 address space on end-users (nothing said about server
  farms, etc. here) but what does bother me is that the typical end-user
  today has one, single IP address; and now we will be issuing them 2^16
  subnets; yet it is not too hard to imagine a future where the global
  IPv6 address pool becomes constrained due to service-provider
  inefficiency.
 
 
 what is the life expectancy of IPv6?  It won't live forever and we
 can't reasonably expect it too.  I understand we don't want run out of
 addresses in the next 10-40 years but what about 100? 200? 300?
 
 We will run out and our decedents will go through re-numbering again.
 The question becomes what is the life expectancy of IPv6 and does the
 allocation plan make a reasonable attempt to run out of addresses
 around the end of the expected life of IPv6.

It really depends on whether the RIR's recover and, importantly,
reallocate address space that is not being paid for or not.  If
they do this should last for the forseeable future.  It would also
be my recommendation that RIR's start doing this immediately, if
they are not already doing so, so that there is no expectation that
you can use address space forever without paying for it.

  Jeff S Wheeler j...@inconcepts.biz
  Sr Network Operator=A0 /=A0 Innovative Network Concepts
 
 
 
 james
 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: IPv6 end user addressing

On Wed, Aug 10, 2011 at 8:40 PM, Mark Andrews ma...@isc.org wrote:
 No.  A typical user has 10 to 20 addresses NAT'd to one public address.

I'd say this is fair.  Amazingly enough, it all basically works right
with one IP address today.  It will certainly be nice to have the
option to give all these devices public IP addresses, or even have a
few public subnets; but it does require more imagination than any of
us have demonstrated to figure out how any end-user will need more
than 2^8 subnets.  That's still assuming that device-makers won't
decide they need to be able to operate with subnets of arbitrary size,
rather than fixed-size /64 subnets.

 There was a concious decision made a decade and a half ago to got to
 128 bits instead of 64 bits and give each subnet 64 bits so we would
 never have to worry about the size of a subnet again.  IPv6 is about
 managing networks not managing addresses.

Thanks for the explanation of how to subnet IPv4 networks and use
RFC1918.  I hope most readers are already familiar with these
concepts.  You should note that IPv6 was not, in fact, originally
envisioned with /64 subnets; that figure was to be /80 or /96.  In the
mid-1990s, it was believed that dramatically increasing the number of
bits available for ISP routing flexibility was very beneficial, as
well as making access subnets so big that they should never need to
grow.  Then SLAAC came along.  Except SLAAC doesn't do necessary
things that DHCPv6 does, and the cost of implementing things like
DHCPv6 in very small, inexpensive devices has gone down dramatically.

I am amazed that so few imagine we might, in within the lifetime of
IPv6, like to have more bits of address space for routing structure
within ISP networks; but these people do think that end-users need
1.2e+24 addresses for the devices they'll have in their home.

I don't have to use my imagination to think of ways that additional
bits on the network address side would have been advantageous -- all I
need is my memory.  In the 90s, it was suggested that a growing number
of dual-homed networks cluttering the DFZ could be handled more
efficiently by setting aside certain address space for customers who
dual-homed to pairs of the largest ISPs.  The customer routes would
then not need to be carried by anyone except those two ISPs, who are
earning money from the customer.  This never happened for a variety of
good reasons, but most of the technical reasons would have gone away
with the adoption of IPv6, as it was envisioned in the mid-90s.

There seems to be a lot of imagination being used for SOHO networks,
and none on the ISP side.  What a shame that is.

Owen, I do agree with the point you made off-list, that if huge
mistakes are made now and the IPv6 address space is consumed more
rapidly than the community is comfortable with, there should be plenty
of opportunity to fix that down the road.

-- 
Jeff S Wheeler j...@inconcepts.biz
Sr Network Operator  /  Innovative Network Concepts

Re: IPv6 end user addressing

 
 Someday, I expect the pantry to have a barcode reader on it connected back
 a computer setup for the kitchen someday.  Most of us already use barcode
 readers when we shop so its not a big step to home use.
 

Nah... That's short-term thinking. The future holds advanced pantries with
RFID sensors that know what is in the pantry and when they were manufactured,
what their expiration date is, etc. The refrigerator will have not only the
necessary RFID sensors, but, multiple pressure transducers capable of
recognizing not only that there is a carton of milk in the refrigerator, but,
how much milk is remaining.

You'll be able to scan a QR code in the grocery store that links to a recipe
for something you thought would be good for dinner, pass the ingredient
list to the web server in the refrigerator and get back a nearly instant
reply containing the relevant inventory list and a list of items you need
to buy to complete the recipe.

 Just about anything with fireware in it will eventually connect to the net.
 
I think you meant firmware, and, I'd say that a lot of things (cans, jars,
milk cartons, etc.) that don't currently connect to the net will actually
form IP adjacencies in the future.

 The typical household already has 1 or 2 subnets.
 
Or even more in some cases (LAN, WLAN, WLAN Guest, DMZ for example).

 I would like to have innovations in SOHO devices, too; who knows what
 these may be.  But I fear we may repeat the mistake that caused NAT to
 be a necessity in IPv4 -- exhausting address space -- by foolishly
 assuming that every household is going to need twenty-four orders of
 magnitude more public addresses than it has today.
 
 That is what these practices do -- they literally give end-users
 twenty-four orders of magnitude more addresses, while it is easy to
 imagine that we will come within one order of magnitude of running
 completely out of IPv6 addresses for issuing to service providers.
 
 Housholds can get as much internal addressing as they need today and as
 many nets as they need today with RFC1918.  10/8 broken up into
 to /24 is equivalent to a /48 broken up into /64s.
 
 A /56 is equivalent to 192.168/16 broken up into its class C's.
 
Good point.

 I didn't know what the digit 1 followed by twenty-four zeroes was
 called.  I had to look it up.  So our end-users will be receiving
 about one-Septillion addresses to use in their home, but no one seems
 to be asking what future technology we may be harming by possibly
 constraining the global address pool.
 
 There was a concious decision made a decade and a half ago to got to
 128 bits instead of 64 bits and give each subnet 64 bits so we would
 never have to worry about the size of a subnet again.  IPv6 is about
 managing networks not managing addresses.
 
Yep.

Owen

Re: IPv6 end user addressing

2011-08-10 Thread William Herrin

On Wed, Aug 10, 2011 at 2:17 PM, Jeff Wheeler j...@inconcepts.biz wrote:
 On Wed, Aug 10, 2011 at 2:03 PM, Owen DeLong o...@delong.com wrote:
 That said, /48 to the home should be what is happening, and /56 is
 a better compromise than anything smaller.

 You don't really imagine that end-users will require
 more than 2^8 subnets, but that they will want several levels of very
 simple, nibble-aligned routers within their network?

Hi Jeff,

In Owen's world, the refrigerator, toaster and microwave each request
a /64 from the GE Home Appliance Controller, those /64's being
necessary to address each appliance's internal button, light and
sensor networks. To accommodate all of these appliances, the HAC has
acquired a /59 for all the home appliances from the Home Automation
System (HAS) which also has its own LAN and supplied a big block to
the furnace and a smaller block to the security system. So, the HAS
needed a /58 which it got from the Linksys Home Router.

The Sony Home Entertainment Network (HEN) Controller also needed a /58
from the Home Router to accommodate the Playstation 5's need for a /62
(one /64 for its internal network, another for the PSN VPN and a third
for the peripherals network). The Ultra-NES 512 only needed one /64,
but the amplifier insisted on a /60 so it could delegate /64's to the
cassette tape deck, cd player, mp3 player, etc.

The Ford Home Automotive Network (HAN) also grabbed a block from which
to delegate /62's to the three parked cars. Because you know: you need
separate networks in each car for the life safety systems, the
non-safety systems and the entertainment systems. I mean really, why
wouldn't the life safety system in a car dynamically acquire its
globally-addressable IPv6 addresses from the customer's cheap home
Internet equipment? So they'll each need their /64's which means the
car as a whole needs a /62. But the HAN only needed a /60 for for all
of it since there were only 3 cars.

Now, the Windows 9 PC sat on the /64 PC LAN directly connected to the
Home Router, but it needed an additional /64 for its virtual machine
network hosting the Windows XP VM needed to run older software. And
the wireless LAN only ended up consuming a single /64. But after the
two /58's, that meant the Home Router needed a full /56 from the
Internet Router.

Finally, the Internet Router connects two networks... the customer's
web server DMZ (/64) and the home router (/56). So after you figure in
the HAC, the HAN, the HAS, the HEN and all the other connections you
need at least a /55... which doesn't fit in a /56 but does fit in a
/48. Qed. *



Now, in Bill's world, the appliances don't expose their internals.
When they employ any form of IP networking inside, which they
generally don't, they use fe80 link-local addresses inside or maybe a
ULA prefix.  So even you have a Smart Fridge within the time span that
you care about for today's home user IPv6 assignments, it occupies a
single public address on your home's flat /64. Ditto the game consoles
and tape decks. With maybe two other /64's: one for servers and one
for the wireless LAN. And that /62 need easily fits in your /56
assignment.


Regards,
Bill Herrin


* I say this with trepidation. A quarter century ago I used a similar
reductio ad absurdum with a friend who suggested making every road a
toll road. Back out of the driveway. Pay the toll. Turn on to main.
Pay the toll. Left on 15th. Pay the toll. Wouldn't you know, E-Z Pass
came along and brought it to the edge of possible. Then again,
possible doesn't necessarily mean advisable.

-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: http://bill.herrin.us/
Falls Church, VA 22042-3004

Re: IPv6 end user addressing

2011-08-10 Thread William Herrin

On Wed, Aug 10, 2011 at 9:32 PM, Owen DeLong o...@delong.com wrote:
 Someday, I expect the pantry to have a barcode reader on it connected back
 a computer setup for the kitchen someday.  Most of us already use barcode
 readers when we shop so its not a big step to home use.

 Nah... That's short-term thinking. The future holds advanced pantries with
 RFID sensors that know what is in the pantry and when they were manufactured,
 what their expiration date is, etc.

And since your can of creamed corn is globally addressable, the rest
of the world knows what's in your pantry too. ;)

Regards,
Bill Herrin


-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: http://bill.herrin.us/
Falls Church, VA 22042-3004

Re: IPv6 end user addressing

2011-08-10 Thread Brian E Carpenter

On 2011-08-11 12:45, james machado wrote:

 what is the life expectancy of IPv6?  It won't live forever and we
 can't reasonably expect it too.  I understand we don't want run out of
 addresses in the next 10-40 years but what about 100? 200? 300?
 
 We will run out and our decedents will go through re-numbering again.
 The question becomes what is the life expectancy of IPv6 and does the
 allocation plan make a reasonable attempt to run out of addresses
 around the end of the expected life of IPv6.

Well, we know that the human population will stabilise somewhere below
ten billion by around 2050. The current unicast space provides for about
15 trillion /48s. Let's assume that the RIRs and ISPs retain their current
level of engineering common sense - i.e. the address space will begin to be
really full when there are about 25% of those /48s being routed... that makes
3.75 trillion /48s routed for ten billion people, or 375 /48s per man, woman
and child. (Or about 25 million /64s if you prefer.)

At that point, IANA would have to release unicast space other than 2000::/3
and we could start again with a new allocation policy.

I am *really* not worried about this. Other stuff, such as BGP4, will break
irrevocably long before this.

   Brian

Re: IPv6 end user addressing

 
 I don't have to use my imagination to think of ways that additional
 bits on the network address side would have been advantageous -- all I
 need is my memory.  In the 90s, it was suggested that a growing number
 of dual-homed networks cluttering the DFZ could be handled more
 efficiently by setting aside certain address space for customers who
 dual-homed to pairs of the largest ISPs.  The customer routes would
 then not need to be carried by anyone except those two ISPs, who are
 earning money from the customer.  This never happened for a variety of
 good reasons, but most of the technical reasons would have gone away
 with the adoption of IPv6, as it was envisioned in the mid-90s.
 


I think that can still be very realistically achieved within the existing 
available
address space.

 There seems to be a lot of imagination being used for SOHO networks,
 and none on the ISP side.  What a shame that is.
 

I disagree.

 Owen, I do agree with the point you made off-list, that if huge
 mistakes are made now and the IPv6 address space is consumed more
 rapidly than the community is comfortable with, there should be plenty
 of opportunity to fix that down the road.
 

Precisely, so, let's risk a small chance of a mistake here now so that we don't
cut off innovation so early.

Owen

Re: IPv6 end user addressing


On Aug 10, 2011, at 6:46 PM, William Herrin wrote:

 On Wed, Aug 10, 2011 at 9:32 PM, Owen DeLong o...@delong.com wrote:
 Someday, I expect the pantry to have a barcode reader on it connected back
 a computer setup for the kitchen someday.  Most of us already use barcode
 readers when we shop so its not a big step to home use.
 
 Nah... That's short-term thinking. The future holds advanced pantries with
 RFID sensors that know what is in the pantry and when they were manufactured,
 what their expiration date is, etc.
 
 And since your can of creamed corn is globally addressable, the rest
 of the world knows what's in your pantry too. ;)
 

This definitely helps explain your misconceptions about NAT as a security tool.


Globally addressable != globally reachable.

Things can have global addresses without having global reachability. There are
these tools called access control lists and routing policies. Perhaps you've 
heard
of them. They can be quite useful.

Owen

Re: IPv6 end user addressing


On Aug 10, 2011, at 6:43 PM, William Herrin wrote:

 On Wed, Aug 10, 2011 at 2:17 PM, Jeff Wheeler j...@inconcepts.biz wrote:
 On Wed, Aug 10, 2011 at 2:03 PM, Owen DeLong o...@delong.com wrote:
 That said, /48 to the home should be what is happening, and /56 is
 a better compromise than anything smaller.
 
 You don't really imagine that end-users will require
 more than 2^8 subnets, but that they will want several levels of very
 simple, nibble-aligned routers within their network?
 
 Hi Jeff,
 
 In Owen's world, the refrigerator, toaster and microwave each request
 a /64 from the GE Home Appliance Controller, those /64's being
 necessary to address each appliance's internal button, light and
 sensor networks. To accommodate all of these appliances, the HAC has
 acquired a /59 for all the home appliances from the Home Automation
 System (HAS) which also has its own LAN and supplied a big block to
 the furnace and a smaller block to the security system. So, the HAS
 needed a /58 which it got from the Linksys Home Router.
 
 The Sony Home Entertainment Network (HEN) Controller also needed a /58
 from the Home Router to accommodate the Playstation 5's need for a /62
 (one /64 for its internal network, another for the PSN VPN and a third
 for the peripherals network). The Ultra-NES 512 only needed one /64,
 but the amplifier insisted on a /60 so it could delegate /64's to the
 cassette tape deck, cd player, mp3 player, etc.
 
 The Ford Home Automotive Network (HAN) also grabbed a block from which
 to delegate /62's to the three parked cars. Because you know: you need
 separate networks in each car for the life safety systems, the
 non-safety systems and the entertainment systems. I mean really, why
 wouldn't the life safety system in a car dynamically acquire its
 globally-addressable IPv6 addresses from the customer's cheap home
 Internet equipment? So they'll each need their /64's which means the
 car as a whole needs a /62. But the HAN only needed a /60 for for all
 of it since there were only 3 cars.
 
 Now, the Windows 9 PC sat on the /64 PC LAN directly connected to the
 Home Router, but it needed an additional /64 for its virtual machine
 network hosting the Windows XP VM needed to run older software. And
 the wireless LAN only ended up consuming a single /64. But after the
 two /58's, that meant the Home Router needed a full /56 from the
 Internet Router.
 
 Finally, the Internet Router connects two networks... the customer's
 web server DMZ (/64) and the home router (/56). So after you figure in
 the HAC, the HAN, the HAS, the HEN and all the other connections you
 need at least a /55... which doesn't fit in a /56 but does fit in a
 /48. Qed. *
 
 
Thanks... An excellent write up, even if it was intended tongue in cheek.

However, you left out the need for addressing for the RFID tags that will
end up on most groceries, etc.

 
 Now, in Bill's world, the appliances don't expose their internals.
 When they employ any form of IP networking inside, which they
 generally don't, they use fe80 link-local addresses inside or maybe a
 ULA prefix.  So even you have a Smart Fridge within the time span that
 you care about for today's home user IPv6 assignments, it occupies a
 single public address on your home's flat /64. Ditto the game consoles
 and tape decks. With maybe two other /64's: one for servers and one
 for the wireless LAN. And that /62 need easily fits in your /56
 assignment.
 

I'm glad I live in Owen's world and not Bill's. I think my appliance vendors
will make much cooler and more useful products than yours.

Owen

Re: IPv6 end user addressing

2011-08-10 Thread Philip Dorr

On Wed, Aug 10, 2011 at 8:56 PM, Owen DeLong o...@delong.com wrote:

 I'm glad I live in Owen's world and not Bill's. I think my appliance vendors
 will make much cooler and more useful products than yours.

In Owen's world the fridge and pantry would know what they have, the
amounts, and possibly location. The recipe book would be able to check
what is in the fridge and pantry and tell if you need to buy more.  It
could then set the oven to the correct temperature when you reach the
correct step in the recipe.

Yes, all that could be done with servers on the pantry and fridge, but
then there would be different implementations of each protocol and
incompatibilities between the fridge, pantry, recipe book, and oven.

Re: IPv6 end user addressing


On 11/08/2011, at 8:42 AM, Owen DeLong wrote:
 
 I suppose that limiting enough households to too small an allocation
 will have that effect. I would rather we steer the internet deployment
 towards liberal enough allocations to avoid such disability for the
 future.


I see the lack of agreement on whether /48 or /56 or /60 is good for a
home network to be a positive thing.

As long as there's no firm consensus, router vendors will have to implement
features which don't make silly hard-coded assumptions.

Innovation will still happen, features will still be implemented, we'll
still climb out of the NAT morass.  But we'll do it with CPE that allows for
a richer spectrum of variation than we would if we just said, Dammit, /48 for
everyone.

It's all good.  At this stage of the game, any amount of moving forward is
better than staying where we are.

(which reminds me: http://www.internode.on.net/news/2011/08/238.php It ain't
that hard)

  - mark

--
Mark Newton   Email:  new...@internode.com.au (W)
Network Engineer  Email:  new...@atdot.dotat.org  (H)
Internode Pty Ltd Desk:   +61-8-82282999
Network Man - Anagram of Mark Newton  Mobile: +61-416-202-223

Re: IPv6 end user addressing


On 11/08/2011, at 12:04 PM, Philip Dorr wrote:

 On Wed, Aug 10, 2011 at 8:56 PM, Owen DeLong o...@delong.com wrote:
 
 I'm glad I live in Owen's world and not Bill's. I think my appliance vendors
 will make much cooler and more useful products than yours.
 
 In Owen's world the fridge and pantry would know what they have, the
 amounts, and possibly location. The recipe book would be able to check
 what is in the fridge and pantry and tell if you need to buy more.  It
 could then set the oven to the correct temperature when you reach the
 correct step in the recipe.


The wine cellar will know how much you drank last night, and communicate with
the life-critical systems in the car to prevent engine start while you're
over the limit.  When the home BMS network notices that the flow sensor on the
shower hasn't started at the usual time the next morning, it'll play an IVR
out of your home PBX network to tell the boss you're too hungover to come to
work.

Owen's world has built in automated protection to help you through the fact that
IPv6 subnetting will turn you to drink :-)

  - mark

--
Mark Newton   Email:  new...@internode.com.au (W)
Network Engineer  Email:  new...@atdot.dotat.org  (H)
Internode Pty Ltd Desk:   +61-8-82282999
Network Man - Anagram of Mark Newton  Mobile: +61-416-202-223

Re: IPv6 end user addressing

2011-08-10 Thread Cameron Byrne

On Aug 10, 2011 7:45 PM, Mark Newton new...@internode.com.au wrote:


 On 11/08/2011, at 8:42 AM, Owen DeLong wrote:
 
  I suppose that limiting enough households to too small an allocation
  will have that effect. I would rather we steer the internet deployment
  towards liberal enough allocations to avoid such disability for the
  future.


 I see the lack of agreement on whether /48 or /56 or /60 is good for a
 home network to be a positive thing.

 As long as there's no firm consensus, router vendors will have to
implement
 features which don't make silly hard-coded assumptions.

 Innovation will still happen, features will still be implemented, we'll
 still climb out of the NAT morass.  But we'll do it with CPE that allows
for
 a richer spectrum of variation than we would if we just said, Dammit, /48
for
 everyone.

 It's all good.  At this stage of the game, any amount of moving forward
is
 better than staying where we are.

 (which reminds me: http://www.internode.on.net/news/2011/08/238.php It
ain't
 that hard)


Finally a useful post in this thread.  Good work on the deployment of real
ipv6!

Cb

  - mark

 --
 Mark Newton   Email:  new...@internode.com.au(W)
 Network Engineer  Email:  new...@atdot.dotat.org (H)
 Internode Pty Ltd Desk:   +61-8-82282999
 Network Man - Anagram of Mark Newton  Mobile: +61-416-202-223

Re: IPv6 end user addressing


On 11/08/2011, at 12:30 PM, Cameron Byrne wrote:
 Finally a useful post in this thread.  Good work on the deployment of real 
 ipv6!
 

Thanks. And thanks to Vendor-C for helping us through it.  The IPv6 Broadband
featureset on the ASR platform starting from IOS-XR 3.1 is a vast improvement
on its predecessors.

Biggest hassle with IPv6 in production right now:  DNS support is woefully 
undercooked.  I don't think anyone has put anywhere near as much effort into
making it fluid, user-friendly, and automated.  Simple questions like, How
are reverse mappings supposed to work when you can't predict an end-user's
address? have no good answer.  If any systems folks want a nice meaty problem
domain to focus their efforts on, DNS would be da shiznit.

  - mark

--
Mark Newton   Email:  new...@internode.com.au (W)
Network Engineer  Email:  new...@atdot.dotat.org  (H)
Internode Pty Ltd Desk:   +61-8-82282999
Network Man - Anagram of Mark Newton  Mobile: +61-416-202-223

Re: IPv6 end user addressing


On 11/08/2011, at 12:41 PM, Mark Newton wrote:

 
 On 11/08/2011, at 12:30 PM, Cameron Byrne wrote:
 Finally a useful post in this thread.  Good work on the deployment of real 
 ipv6!
 
 
 Thanks. And thanks to Vendor-C for helping us through it.  The IPv6 Broadband
 featureset on the ASR platform starting from IOS-XR 3.1 is a vast improvement
 on its predecessors.

Oops.  s/XR/XE/

  - mark


--
Mark Newton   Email:  new...@internode.com.au (W)
Network Engineer  Email:  new...@atdot.dotat.org  (H)
Internode Pty Ltd Desk:   +61-8-82282999
Network Man - Anagram of Mark Newton  Mobile: +61-416-202-223

Re: IPv6 end user addressing

2011-08-10 Thread Michael Hare


On 8/10/2011 8:46 PM, William Herrin wrote:

On Wed, Aug 10, 2011 at 9:32 PM, Owen DeLongo...@delong.com  wrote:

Someday, I expect the pantry to have a barcode reader on it connected back
a computer setup for the kitchen someday.  Most of us already use barcode
readers when we shop so its not a big step to home use.


Nah... That's short-term thinking. The future holds advanced pantries with
RFID sensors that know what is in the pantry and when they were manufactured,
what their expiration date is, etc.


And since your can of creamed corn is globally addressable, the rest
of the world knows what's in your pantry too. ;)


I can't believe no one has made a joke yet about a kernel.

Sorry for the bad joke,
-Michael



Regards,
Bill Herrin

Re: IPv6 end user addressing


On 11/08/2011, at 1:33 PM, Owen DeLong wrote:

 Yes and no. In terms of potential innovations, if enough of the market chooses
 /60, they will hard code the assumption that they cannot count on more than
 a /60 being available into their development process regardless of what
 gets into the router. Sure, they won't be able to assume you can't get a /48,
 but, they also won't necessarily implement features that would take advantage
 of a /48.

They will on their premium high price point CPE and/or service provider
offerings.  It'll be a product differentiator.  

If enough customers are attracted to it, it'll win.  If they
aren't, it'll lose.

The process of invention and innovation will happen anyway.  We're
not really talking about that here, we're talking about post-innovation
marketing.

Maybe ISP#2 in Australia will launch onto the market with /48's for everyone,
and we'll respond competitively.  Dunno.  Whatever, it's all kinda arbitrary
really.  Not worth arguing about, and certainly not worth delaying 
implementation until you finish debating the right answer.

 Perhaps far more than most of you wanted to know about navigation, but, at 
 least worth
 considering when we think that all forward movement is good forward movement.


The 1-in-60 rule I learned during my pilots license training is a lot easier
to explain, without diagrams and with no need for trigonometry.

Another useful judgement call when you're flying is to understand that
as long as you know where you are and where you want to be, any forward 
progress whatsoever is a positive when there's a growing thunderstorm
behind you :-)

  - mark


--
Mark Newton   Email:  new...@internode.com.au (W)
Network Engineer  Email:  new...@atdot.dotat.org  (H)
Internode Pty Ltd Desk:   +61-8-82282999
Network Man - Anagram of Mark Newton  Mobile: +61-416-202-223

Re: IPv6 end user addressing

2011-08-10 Thread Joel Jaeggli


On Aug 10, 2011, at 6:52 PM, Brian E Carpenter wrote:

 On 2011-08-11 12:45, james machado wrote:
 
 what is the life expectancy of IPv6?  It won't live forever and we
 can't reasonably expect it too.  I understand we don't want run out of
 addresses in the next 10-40 years but what about 100? 200? 300?
 
 We will run out and our decedents will go through re-numbering again.
 The question becomes what is the life expectancy of IPv6 and does the
 allocation plan make a reasonable attempt to run out of addresses
 around the end of the expected life of IPv6.
 
 Well, we know that the human population will stabilise somewhere below
 ten billion by around 2050. The current unicast space provides for about
 15 trillion /48s. Let's assume that the RIRs and ISPs retain their current
 level of engineering common sense - i.e. the address space will begin to be
 really full when there are about 25% of those /48s being routed... that makes
 3.75 trillion /48s routed for ten billion people, or 375 /48s per man, woman
 and child. (Or about 25 million /64s if you prefer.)

It's not the humans that are going to soak up the address space, so it seems a 
little misguided to count up the humans a reference for the bounding properties 
on growth. That said I think 2000::/3 will last long enough, that we shouldn't 
be out rewriting policy anytime soon.

 At that point, IANA would have to release unicast space other than 2000::/3
 and we could start again with a new allocation policy.
 
 I am *really* not worried about this. Other stuff, such as BGP4, will break
 irrevocably long before this.

We have a few problems to solve along the way. Running the current network is 
hard enough as it is.

   Brian

Re: IPv6 end user addressing

2011-08-09 Thread Joel Jaeggli


On Aug 8, 2011, at 5:14 PM, Owen DeLong wrote:

 I'm sure there will be platforms that end up on both sides of this question.

I know of no asic in a switch that claims to support ipv6 that does it this 
way... That would tend to place you at a competitive disadvantage to 
broadcom/marvell/fulcrum/juniper/cisco if you implemented it that way... it's 
easier I imagine to simply reduce the size of the fib...

given that switches routinely have to forward to neighbors on /126 or /127 
prefix links I think that would be something of a mistake.

 YES: We made a less expensive box by cutting the width of the TCAM required 
 in half

 NO: We spared no expense and passed the costs (and a nice profit margin) on 
 to you so
   that you can do whatever you like in IPv6 at wire speed.
 
 I'm sure the market will chose products from both sides of the line for the 
 same reasons.
 
 Owen
 
 On Aug 8, 2011, at 4:34 PM, Randy Carpenter wrote:
 
 
 I heard at one time that hardware manufacturers were likely to route in 
 hardware only down to a /64, and that any smaller subnets would be subject 
 to the slow path as ASICs were being designed with 64-bit address tables. 
 I have no idea of the validity of that claim. Does anyone have any concrete 
 evidence for or against this argument?
 
 If true, it would make /64s even more attractive.
 
 -Randy
 
 
 - Original Message -
 we assign /112 per end user vlan (or server) at this moment...
 works
 perfectly fine (and thats even a bit too big).
 
 - nobody wants to use dynamic ips on -servers- or -router links-
 anyway
 
 i -really- can't see why people don't just use subnets with just the
 required number of addresses.
 
 take one /64 (for /64's sake ;), split it up into subnets which each
 have
 the required number of addresses (lets say you have 2-4 addresses for
 each
 bgp/router link, so you simply split it up into subnets that size)
 
 etc.
 
 no need to use /64 for -everything- at all, just because it fits
 (ethernet) mac addresses (as if ethernet will be around longer than
 ipv6
 ha-ha, someone will come up with something faster tomorrow and then
 its
 bye bye ethernet, the 10ge variant is getting slow, and the 100ge
 variant
 is not even standardized yet, and trunking is a bottleneck ;)
 
 we don't use /24's for -everything- on ipv4 now do we :P
 
 (oh wait, there once was a time where we did.. due to another
 retarded
 semi-automatic configuration thingy, called RIP , which also only
 seemed
 to understand /24 or bigger ;)
 
 --
 Greetings,
 
 Sven Olaf Kamphuis,
 CB3ROB Ltd.  Co. KG
 =
 Address: Koloniestrasse 34 VAT Tax ID:  DE267268209
 D-13359   Registration:HRA 42834 B
 BERLINPhone:
   +31/(0)87-8747479
 Germany   GSM:
 +49/(0)152-26410799
 RIPE:CBSK1-RIPEe-Mail:  s...@cb3rob.net
 =
 penpen C3P0, der elektrische Westerwelle
 http://www.facebook.com/cb3rob
 =
 
 Confidential: Please be advised that the information contained in
 this
 email message, including all attached documents or files, is
 privileged
 and confidential and is intended only for the use of the individual
 or
 individuals addressed. Any other use, dissemination, distribution or
 copying of this communication is strictly prohibited.
 
 
 On Mon, 8 Aug 2011, Owen DeLong wrote:
 
 
 On Aug 7, 2011, at 4:26 PM, Jeff Wheeler wrote:
 
 On Sun, Aug 7, 2011 at 6:58 PM, Mark Andrews ma...@isc.org
 wrote:
 So you want HE to force all their clients to renumber.
 
 No.  I am simply pointing out that Owen exaggerated when he stated
 that he implements the following three practices together on his
 own
 networks:
 * hierarchical addressing
 * nibble-aligned addressing
 * /48 per access customer
 
 You can simply read the last few messages in this thread to learn
 that
 his recommendations on this list are not even practical for his
 network today, because as Owen himself says, they are not yet able
 to
 obtain additional RIR allocations.  HE certainly operates a
 useful,
 high-profile tunnel-broker service which is IMO a very great asset
 to
 the Internet at-large; but if you spend a few minutes looking at
 the
 publicly available statistics on this service, they average only
 around 10,000 active tunnels across all their tunnel termination
 boxes
 combined.  They have not implemented the policies recommended by
 Owen
 because, as he states, a /32 is not enough.
 
 Do I think the position he advocates will cause the eventual
 exhaustion of IPv6?  Well, let's do an exercise:
 
 There has been some rather simplistic arithmetic posted today,
 300m
 new subnets per year, etc. with zero consideration of
 address/subnet
 utilization

Re: IPv6 end user addressing

2011-08-09 Thread Owen DeLong

It's at least true of how some of the Cisco platforms cope with IPv6 access 
lists.

Owen

On Aug 8, 2011, at 11:54 PM, Joel Jaeggli wrote:

 
 On Aug 8, 2011, at 5:14 PM, Owen DeLong wrote:
 
 I'm sure there will be platforms that end up on both sides of this question.
 
 I know of no asic in a switch that claims to support ipv6 that does it this 
 way... That would tend to place you at a competitive disadvantage to 
 broadcom/marvell/fulcrum/juniper/cisco if you implemented it that way... it's 
 easier I imagine to simply reduce the size of the fib...
 
 given that switches routinely have to forward to neighbors on /126 or /127 
 prefix links I think that would be something of a mistake.
 
 YES: We made a less expensive box by cutting the width of the TCAM required 
 in half
 
 NO: We spared no expense and passed the costs (and a nice profit margin) on 
 to you so
  that you can do whatever you like in IPv6 at wire speed.
 
 I'm sure the market will chose products from both sides of the line for the 
 same reasons.
 
 Owen
 
 On Aug 8, 2011, at 4:34 PM, Randy Carpenter wrote:
 
 
 I heard at one time that hardware manufacturers were likely to route in 
 hardware only down to a /64, and that any smaller subnets would be subject 
 to the slow path as ASICs were being designed with 64-bit address tables. 
 I have no idea of the validity of that claim. Does anyone have any concrete 
 evidence for or against this argument?
 
 If true, it would make /64s even more attractive.
 
 -Randy
 
 
 - Original Message -
 we assign /112 per end user vlan (or server) at this moment...
 works
 perfectly fine (and thats even a bit too big).
 
 - nobody wants to use dynamic ips on -servers- or -router links-
 anyway
 
 i -really- can't see why people don't just use subnets with just the
 required number of addresses.
 
 take one /64 (for /64's sake ;), split it up into subnets which each
 have
 the required number of addresses (lets say you have 2-4 addresses for
 each
 bgp/router link, so you simply split it up into subnets that size)
 
 etc.
 
 no need to use /64 for -everything- at all, just because it fits
 (ethernet) mac addresses (as if ethernet will be around longer than
 ipv6
 ha-ha, someone will come up with something faster tomorrow and then
 its
 bye bye ethernet, the 10ge variant is getting slow, and the 100ge
 variant
 is not even standardized yet, and trunking is a bottleneck ;)
 
 we don't use /24's for -everything- on ipv4 now do we :P
 
 (oh wait, there once was a time where we did.. due to another
 retarded
 semi-automatic configuration thingy, called RIP , which also only
 seemed
 to understand /24 or bigger ;)
 
 --
 Greetings,
 
 Sven Olaf Kamphuis,
 CB3ROB Ltd.  Co. KG
 =
 Address: Koloniestrasse 34 VAT Tax ID:  DE267268209
D-13359   Registration:HRA 42834 B
BERLINPhone:
  +31/(0)87-8747479
Germany   GSM:
+49/(0)152-26410799
 RIPE:CBSK1-RIPEe-Mail:  s...@cb3rob.net
 =
 penpen C3P0, der elektrische Westerwelle
 http://www.facebook.com/cb3rob
 =
 
 Confidential: Please be advised that the information contained in
 this
 email message, including all attached documents or files, is
 privileged
 and confidential and is intended only for the use of the individual
 or
 individuals addressed. Any other use, dissemination, distribution or
 copying of this communication is strictly prohibited.
 
 
 On Mon, 8 Aug 2011, Owen DeLong wrote:
 
 
 On Aug 7, 2011, at 4:26 PM, Jeff Wheeler wrote:
 
 On Sun, Aug 7, 2011 at 6:58 PM, Mark Andrews ma...@isc.org
 wrote:
 So you want HE to force all their clients to renumber.
 
 No.  I am simply pointing out that Owen exaggerated when he stated
 that he implements the following three practices together on his
 own
 networks:
 * hierarchical addressing
 * nibble-aligned addressing
 * /48 per access customer
 
 You can simply read the last few messages in this thread to learn
 that
 his recommendations on this list are not even practical for his
 network today, because as Owen himself says, they are not yet able
 to
 obtain additional RIR allocations.  HE certainly operates a
 useful,
 high-profile tunnel-broker service which is IMO a very great asset
 to
 the Internet at-large; but if you spend a few minutes looking at
 the
 publicly available statistics on this service, they average only
 around 10,000 active tunnels across all their tunnel termination
 boxes
 combined.  They have not implemented the policies recommended by
 Owen
 because, as he states, a /32 is not enough.
 
 Do I think the position he advocates will cause the eventual
 exhaustion of IPv6?  Well, let's do an exercise:
 
 There has

Re: IPv6 end user addressing

2011-08-09 Thread Tim Franklin

 Silly confidentiality notices are usually enforced by silly corporate
 IT departments and cannot be removed by mere mortal employees.
 They are an unavoidable part of life, like Outlook top posting and
 spam.

Alternatively, if your corporate email imposes stupid policies and / or a 
stupid email client (note: it's possible to quote properly and not top-post 
with Outlook, it's just hard work), don't subscribe to mailing lists from your 
corporate email.  Of all the mailing list communities, I'd expect this one not 
to struggle very much with arranging an alternative...

Regards,
Tim.

Re: IPv6 end user addressing

2011-08-09 Thread Chris Adams

Once upon a time, Jimmy Hess mysi...@gmail.com said:
 If you must not have someone plugging into your server LAN without
 permission, you
 turn unused ports off, or preferably, place them in a VLAN island with
 no topological
 connection to anything.

That's about what I do; unused ports are in a different VLAN.  I have a
separate LAN for notebooks, etc. that has DHCP (and will have a v6 /64
when I get v6 to that point).

-- 
Chris Adams cmad...@hiwaay.net
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

Re: IPv6 end user addressing

2011-08-09 Thread Valdis . Kletnieks

On Tue, 09 Aug 2011 11:24:03 +1200, Jonathon Exley said:
 Silly confidentiality notices are usually enforced by silly corporate IT
 departments and cannot be removed by mere mortal employees.
 They are an unavoidable part of life, like Outlook top posting and spam.

They may all three be things that we continually receive from clueless
netizens. However, it is not at all difficult for anybody clued enough to get
subscribed to NANOG to find ways to avoid inflicting all three on the rest of
us.



pgpgSTYWyhxo0.pgp
Description: PGP signature

Re: IPv6 end user addressing

2011-08-08 Thread Mohacsi Janos




On Fri, 5 Aug 2011, Brian Mengel wrote:


In reviewing IPv6 end user allocation policies, I can find little
agreement on what prefix length is appropriate for residential end
users.  /64 and /56 seem to be the favorite candidates, with /56 being
slightly preferred.

I am most curious as to why a /60 prefix is not considered when trying
to address this problem.  It provides 16 /64 subnetworks, which seems
like an adequate amount for an end user.

Does anyone have opinions on the BCP for end user addressing in IPv6?


For business customers I would give /48 and home users who might have 1-2 
subnet I would give /56 or /60.

Reasons:
- Business customers night grow where you have to provide bigger amount of 
subnet - allow space for future extension -


- Home users - they usually don't know what is subnet. Setting up 
different subnets in their SOHO router can be difficult. Usually the 
simple 1 subnet for every device is enough for them. Separating some 
devices into  a separate subnets is usually enough for the most 
sophisticated home users. If  not then he can opt for business service


Just my 2 cents

Best Regards,
Janos Mohacsi

Re: IPv6 end user addressing

2011-08-08 Thread Valdis . Kletnieks

On Mon, 08 Aug 2011 10:15:17 +0200, Mohacsi Janos said:

 - Home users - they usually don't know what is subnet. Setting up 
 different subnets in their SOHO router can be difficult. Usually the 
 simple 1 subnet for every device is enough for them. Separating some 
 devices into  a separate subnets is usually enough for the most 
 sophisticated home users. If  not then he can opt for business service

You don't want to make the assumption that just because Joe Sixpack doesn't
know what a subnet is, that Joe Sixpack's CPE doesn't know either.

And remember that if it's 3 hops from one end of Joe Sixpack's internal net to
the other, you're gonna burn a few bits to support heirarchical routing so you
don't need a routing protocol. So if Joe's exterior-facing CPU gets handed a
/56 by the provider, and it hands each device it sees a /60 in case it's a
device that routes too, it can only support 14 devices.  And if one of the
things that got handed a /60 is a wireless access point or something, it's only
going to be able to support 15 or so subnets. So a simple topology of only a
half dozen devices can burn up 8 bits of subnet addressing real fast. Yes, you
can conserve bits by being more clever, but then you probably need an IGP of
some sort




pgp3hzjjr0ugC.pgp
Description: PGP signature

Re: IPv6 end user addressing

2011-08-08 Thread Mohacsi Janos




On Mon, 8 Aug 2011, valdis.kletni...@vt.edu wrote:


On Mon, 08 Aug 2011 10:15:17 +0200, Mohacsi Janos said:


- Home users - they usually don't know what is subnet. Setting up
different subnets in their SOHO router can be difficult. Usually the
simple 1 subnet for every device is enough for them. Separating some
devices into  a separate subnets is usually enough for the most
sophisticated home users. If  not then he can opt for business service


You don't want to make the assumption that just because Joe Sixpack doesn't
know what a subnet is, that Joe Sixpack's CPE doesn't know either.

And remember that if it's 3 hops from one end of Joe Sixpack's internal net to
the other, you're gonna burn a few bits to support heirarchical routing so you
don't need a routing protocol. So if Joe's exterior-facing CPU gets handed a
/56 by the provider, and it hands each device it sees a /60 in case it's a
device that routes too, it can only support 14 devices.  And if one of the


more exactly 16 routing devices. You don't have to count the all 0 and all 
1 as reserved maybe each deeice can see /57 or /58 or /59 
depending of capabilities your devices


I think daisy chaining of CPE routers is bad idea - as probably done in 
several IPv4 home networks. Why would you build several hierarchy into you 
network if it is unnecessary?



Best Regards,
Janos Mohacsi

Re: IPv6 end user addressing

2011-08-08 Thread Mark Andrews


In message 174561.1312807...@turing-police.cc.vt.edu, valdis.kletni...@vt.edu
 writes:
 --==_Exmh_1312807411_38980P
 Content-Type: text/plain; charset=us-ascii
 
 On Mon, 08 Aug 2011 10:15:17 +0200, Mohacsi Janos said:
 
  - Home users - they usually don't know what is subnet. Setting up 
  different subnets in their SOHO router can be difficult. Usually the 
  simple 1 subnet for every device is enough for them. Separating some 
  devices into  a separate subnets is usually enough for the most 
  sophisticated home users. If  not then he can opt for business service
 
 You don't want to make the assumption that just because Joe Sixpack doesn't
 know what a subnet is, that Joe Sixpack's CPE doesn't know either.
 
 And remember that if it's 3 hops from one end of Joe Sixpack's internal net t
 o
 the other, you're gonna burn a few bits to support heirarchical routing so yo
 u
 don't need a routing protocol. So if Joe's exterior-facing CPU gets handed a
 /56 by the provider, and it hands each device it sees a /60 in case it's a
 device that routes too, it can only support 14 devices.  And if one of the
 things that got handed a /60 is a wireless access point or something, it's on
 ly
 going to be able to support 15 or so subnets. So a simple topology of only a
 half dozen devices can burn up 8 bits of subnet addressing real fast. Yes, yo
 u
 can conserve bits by being more clever, but then you probably need an IGP of
 some sort

Which is why CPE devices shouldn't do heirarchical assignment by default.
PD supports multiple upstream requests.  

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: IPv6 end user addressing

2011-08-08 Thread Valdis . Kletnieks

On Mon, 08 Aug 2011 16:12:00 +0200, Mohacsi Janos said:
  You don't have to count the all 
 0 and all
 1 as reserved maybe each deeice can see /57 or /58 or /59
 depending of capabilities your devices

As I said further down the note - you can conserve bits but then it gets more
complicated.  You don't want to go to a static subdivide whatever you got 16
ways if you can, you have to get more clever.  Sure, that one device may only
need a /61 right now because there's only 3 devices behind it.  So the upstream
bridge allocates the first /61 to that device, and allocates the next /63 to 
the next
device that comes online.  Then somebody adds a 4th device to that first router
and now it needs a /60, but you can't just expand the allocation to a /60
because somebody is in the way.  Somebody's gonna have to renumber.

Or you can just say I can support 16 devices so I need 4 bits of space.  Or
you can bite the bullet and do something more clever.

 I think daisy chaining of CPE routers is bad idea - as probably done in
 several IPv4 home networks. Why would you build several hierarchy into you
 network if it is unnecessary?

Because we're talking Joe Sixpack here - and he can't *spell* hierarchy.  All
he knows is that he's got one box that his cable company sent him, then he
plugged his wireless access point into the cable company box, then he plugged
all the stuff in the media center into a box and connected that box to the
cable company box (He couldn't plug it all into the cable company box because
that only had 4 RJ45's, and one got used for the wireless, and he's got 9(*)
things in the media center that have RJ45s).  You're at 2 levels of heirarchy
already.  Now if he decides to get lazy and not run a cable to the upstairs
bedroom he wants to use as a home office, and gets another box that's really
similar to the on in his media center except it will do wirelesss, he just
added a third level of heirarchy.

And I don't think that's an at all unreasonable scenario.  Feel free to
redesign that network to get rid of one level, let me know what you ended up
doing.  Oh, and explain it in terms Joe Sixpack can understand. ;)

(*) Yes, 9 isn't at all unreasonable - I know plenty of people that have
a Wii, a PS/2, a PS/3, an XBox, a TV that will talk to the Internet, a DVR
that wants to talk to the Internet, and a PC. That's 7 already.

On Tue, 09 Aug 2011 00:18:57 +1000, Mark Andrews said:
 In message 174561.1312807...@turing-police.cc.vt.edu, 
 valdis.kletni...@vt.edu
  half dozen devices can burn up 8 bits of subnet addressing real fast. Yes, 
  you
  can conserve bits by being more clever, but then you probably need an IGP of
  some sort

 Which is why CPE devices shouldn't do heirarchical assignment by default.
 PD supports multiple upstream requests.

As I said - you can conserve bits using PD or similar, but then you need a
routing solution - you can use PD to hand out prefixes, but then you still need
routing.  Consider the case above - the wireless box asks for a prefix
delegation, then the media center box asks for one. Then the home office asks
for one - and now you need to make sure there's a way for the stuff behind the
media center box to know that to get to the printer that''s hanging off the
home office box, it has to route to the wireless box.

Anybody got gear that can do that and is ready for Joe Sixpack?



pgpDE2rtvOZrO.pgp
Description: PGP signature

Re: IPv6 end user addressing


On Aug 7, 2011, at 12:00 PM, Jeff Wheeler wrote:

 On Sat, Aug 6, 2011 at 7:26 PM, Owen DeLong o...@delong.com wrote:
 Well, you aren't actually doing this on your network today.  If you
 practiced what you are preaching, you would not be carrying aggregate
 routes to your tunnel broker gateways across your whole backbone.
 
 Yes we would.
 
 No, if you actually had a hierarchical addressing scheme, you would
 issue tunnel broker customer /64s from the same aggregate prefix that
 is used for their /48s.  You'd then summarize at your ABRs so the
 entire POP need only inject one route for customer addressing into the
 backbone.  Of course, this is not what you do today, and not because
 of limited RIR allocation policies -- but because you simply did not
 design your network with such route aggregation in mind.
 
You are, once again, conflating two related, but, not identical terms.

A hierarchical addressing scheme is NOT a hierarchical routing structure
and vice versa. Yes, a hierarchical routing scheme requires a hierarchical
addressing scheme, but, a hierarchical addressing scheme does NOT
require a hierarchical routing scheme.

We have a hierarchical addressing scheme. The fact that you dont' like
our idea of having two parallel hierarchies for two different addressing
structures is also getting in the way here.

For us, using parallel similar hierarchies for the /64 and /48 prefix blocks
works quite well and produces certain scaling advantages in our system.

As to the details of how our IGP works. I'm not going to debate that
with you because it is an internal matter and not really part of this
discussion. If you want to talk in the abstract about good ways to structure
routing, I'm happy to do that. However, it's a different (though related
as described above) subject from hierarchical addressing.

 Those are artifacts of a small allocation (/32) from a prior RIR policy.
 The fact that those things haven't worked out so well for us was one of
 the motivations behind developing policy 2011-3.
 
 There was nothing stopping you from using one /48 out of the /37s you
 use to issue customer /48 networks for issuing the default /64 blocks
 your tunnel broker hands out.
 

I was talking about the fact we were using /37s.

We have actually recognized significant advantages from using
different prefix blocks to assign /48s and /64s in the environment and
I don't expect us to change that practice even when we do get enough
address space to build out the hierarchy the way we want.

Those advantages, however, may well be unique to our tunnelbroker
structure and may not be applicable to other networks.

 We give a minimum /48 per customer with the small exception that
 customers who only want one subnet get a /64.
 
 You assign a /64 by default.  Yes, customers can click a button and
 get themselves a /48 instantly, but let's tell the truth when talking
 about your current defaults -- customers are assigned a /64, not a
 /48.
 

We assign a /64 by default only to tunnelbroker customers and to
customers without routers in our datacenters. I believe all others
default to a /48 per site.

I told the truth... We give a minimum /48 per customer with the small
exception that customers who only want one subnet get a /64. If you
didn't want only one subnet, presumably you would click the button
to get your instant /48.

 We do have a hierarchical addressing plan. I said nothing about routing,
 but, we certainly could implement hierarchical routing if we arrived at a
 point where it was advantageous because we have designed for it.
 
 How have you designed for it?  You already missed easy opportunities
 to inject fewer routes into your backbone, simply by using different
 aggregate prefixes for customer /64s vs /48s.
 

You are correct... With present hind-sight, we could have designed things
in such a way that we could have cut the number of aggregates to be
injected into the backbone from 50 to 25. Assuming that our network
doubles in size every year for the next 4 years, that would take us to
a total of 800 routes that could be 400. OTOH, since we get some other
advantages from this relatively small increment in prefixes, I think
we'll probably stick with the architecture we have for the advantages
it offers in other areas.

Reducing prefix count is not the only consideration in running a network.

 However, requesting more than a /32 is perfectly reasonable. In
 the ARIN region, policy 2011-3.
 
 My read of that policy, and please correct me if I misunderstand, is
 that it recognizes only a two-level hierarchy.  This would mean that
 an ISP could use some bits to represent a geographic region, a POP, or
 an aggregation router / address pool, but it does not grant them
 justification to reserve bits for all these purposes.
 
 
 While that's theoretically true, the combination of 25% minfree ,
 nibble boundaries, and equal sized allocations for all POPs based
 on your largest one allows for that in practical terms in

Re: IPv6 end user addressing


On Aug 7, 2011, at 3:09 PM, Jonathon Exley wrote:

 This has probably been said before, but it makes me uncomfortable to think of 
 everybody in the world being given /48 subnets by default.
 All of a sudden that wide expanse of 2^128 IP addresses shrinks to 2^48 
 sites. Sure that's still 65535 times more than 2^32 IPv4 addresses, but 
 wouldn't it be wise to apply some conservatism now to allow the IPv6 address 
 space to last for many more years? 
 After all, there are only 4 bits of IP version field so the basic packet 
 format won't last forever.
 

Let's look at this realistically.

In 30+ years of internet development, giving IP addresses to lots of things 
besides just single sites, we still haven't
completely used up the 32 bit space. This includes reserving 1/16th of it for 
unknown purposes that are never to be.

65,536 times enough space for all the sites we deployed in 30+ years will more 
than likely outlast the lifetime of the
protocol, so, yeah, I'm OK with giving every end-site in the world (note an 
end-site is not a  person, it's a building,
structure, or tenant in a multi-tenant building or structure).

Owen

P.S. Jonathon: If anything in your email was confidential, too bad. You posted 
it to a public list. Silly notice at the
bottom to that effect removed.




smime.p7s
Description: S/MIME cryptographic signature

Re: IPv6 end user addressing


On Aug 7, 2011, at 4:26 PM, Jeff Wheeler wrote:

 On Sun, Aug 7, 2011 at 6:58 PM, Mark Andrews ma...@isc.org wrote:
 So you want HE to force all their clients to renumber.
 
 No.  I am simply pointing out that Owen exaggerated when he stated
 that he implements the following three practices together on his own
 networks:
 * hierarchical addressing
 * nibble-aligned addressing
 * /48 per access customer
 
 You can simply read the last few messages in this thread to learn that
 his recommendations on this list are not even practical for his
 network today, because as Owen himself says, they are not yet able to
 obtain additional RIR allocations.  HE certainly operates a useful,
 high-profile tunnel-broker service which is IMO a very great asset to
 the Internet at-large; but if you spend a few minutes looking at the
 publicly available statistics on this service, they average only
 around 10,000 active tunnels across all their tunnel termination boxes
 combined.  They have not implemented the policies recommended by Owen
 because, as he states, a /32 is not enough.
 
 Do I think the position he advocates will cause the eventual
 exhaustion of IPv6?  Well, let's do an exercise:
 
 There has been some rather simplistic arithmetic posted today, 300m
 new subnets per year, etc. with zero consideration of address/subnet
 utilization efficiency within ISP networks and individual aggregation
 router pools.  That is foolish.  We can all pull out a calculator and
 figure that 2000::/3 has space for 35 trillion /48 networks.  That
 isn't how they will be assigned or routed.
 
 The effect of 2011-3 is that an out-sized ISP like ATT has every
 justification for deciding to allocate 24 bits worth of subnet ID for
 their largest POP, say, one that happens to terminate layer-3
 services for all customers in an entire state.  They then have policy
 support for allocating the same sized subnet for every other POP, no
 matter how small.  After all, the RIR policy permits them to obtain
 additional allocations as soon as one POP subnet has become full.
 
 So now you have a huge ISP with a few huge POPs, and a lot of small
 ones, justified in assigning the same size aggregate prefix, suitable
 for 2^24 subnets, to all those small POPs as well.  How many layer-3
 POPs might this huge ISP have?  Any number.  It could be every central
 office with some kind of layer-3 customer aggregation router.  It
 could even be every road-side hut for FTTH services.  Perhaps they
 will decide to address ten thousand POPs this way.
 
 Now the nibble-aligned language in the policy permits them to round up
 from 10,000 POPs to 16 bits worth of address space for POP ID.  So
 ATT is quite justified in requesting:
48 (customer subnet length) - 24 (largest POP subnet ID size) - 16
 (POP ID) == a /8 subnet for themselves.
 
Right up until you read:

6.5.3 (d):
If an LIR has already reached a /12 or more, ARIN will
allocate a single additional /12 rather than continue
expanding nibble boundaries.
As you can see, there is a safety valve in the policy at /12 for just
this reason.


 Now you can see how this policy, and addressing scheme, is utterly
 brain-dead.  It really does put you (and me, and everyone else) in
 real danger of exhausting the IPv6 address space.  All it takes is a
 few out-sized ISPs, with one large POP each and a bunch of smaller
 ones, applying for the maximum amount of address space permitted them
 under 2011-3.
 

Even by your calculations, it would take 256 such outsized ISPs without
a safety valve. With the safety valve that is built into the policy at /12,
it would take 4,096 such ISPs. I do not believe that there are more than
about 20 such ISPs world wide at this time and would put the foreseeable
likely maximum at less than 100 due to the need for customers to support
such outsized ISPs and the limited base that would have to be divided
among them.

Owen



smime.p7s
Description: S/MIME cryptographic signature

Re: IPv6 end user addressing


On Aug 8, 2011, at 1:15 AM, Mohacsi Janos wrote:

 
 
 On Fri, 5 Aug 2011, Brian Mengel wrote:
 
 In reviewing IPv6 end user allocation policies, I can find little
 agreement on what prefix length is appropriate for residential end
 users.  /64 and /56 seem to be the favorite candidates, with /56 being
 slightly preferred.
 
 I am most curious as to why a /60 prefix is not considered when trying
 to address this problem.  It provides 16 /64 subnetworks, which seems
 like an adequate amount for an end user.
 
 Does anyone have opinions on the BCP for end user addressing in IPv6?
 
 For business customers I would give /48 and home users who might have 1-2 
 subnet I would give /56 or /60.
 Reasons:
 - Business customers night grow where you have to provide bigger amount of 
 subnet - allow space for future extension -
 
 - Home users - they usually don't know what is subnet. Setting up different 
 subnets in their SOHO router can be difficult. Usually the simple 1 subnet 
 for every device is enough for them. Separating some devices into  a separate 
 subnets is usually enough for the most sophisticated home users. If  not then 
 he can opt for business service….
 

This utterly ignores the reality of DHCPv6, DHCP-PD, and technologies currently 
being developed for rational automatic hierarchies of topology.

Owen



smime.p7s
Description: S/MIME cryptographic signature

Re: IPv6 end user addressing


On Aug 8, 2011, at 5:43 AM, valdis.kletni...@vt.edu wrote:

 On Mon, 08 Aug 2011 10:15:17 +0200, Mohacsi Janos said:
 
 - Home users - they usually don't know what is subnet. Setting up 
 different subnets in their SOHO router can be difficult. Usually the 
 simple 1 subnet for every device is enough for them. Separating some 
 devices into  a separate subnets is usually enough for the most 
 sophisticated home users. If  not then he can opt for business service
 
 You don't want to make the assumption that just because Joe Sixpack doesn't
 know what a subnet is, that Joe Sixpack's CPE doesn't know either.
 
 And remember that if it's 3 hops from one end of Joe Sixpack's internal net to
 the other, you're gonna burn a few bits to support heirarchical routing so you
 don't need a routing protocol. So if Joe's exterior-facing CPU gets handed a
 /56 by the provider, and it hands each device it sees a /60 in case it's a
 device that routes too, it can only support 14 devices.  And if one of the
 things that got handed a /60 is a wireless access point or something, it's 
 only
 going to be able to support 15 or so subnets. So a simple topology of only a
 half dozen devices can burn up 8 bits of subnet addressing real fast. Yes, you
 can conserve bits by being more clever, but then you probably need an IGP of
 some sort
 
 

YOu lost a /60 somewhere in there…

I understand 1 /60 for the primary device.
You accounted for 14 /60s to other subordinate devices.
Presumably the /64(s) that connect the other subordinate devices to the
primary router are from within that first /60, so, where did the 16th /60 go?

Finally, for things that are building automatic hierarchical topologies, it
seems only sane to me that they would implement some form of OSPF
to facilitate the routing. There's no reason that can't be equally automated.

Owen



smime.p7s
Description: S/MIME cryptographic signature

Re: IPv6 end user addressing


On Aug 8, 2011, at 7:12 AM, Mohacsi Janos wrote:

 
 
 On Mon, 8 Aug 2011, valdis.kletni...@vt.edu wrote:
 
 On Mon, 08 Aug 2011 10:15:17 +0200, Mohacsi Janos said:
 
 - Home users - they usually don't know what is subnet. Setting up
 different subnets in their SOHO router can be difficult. Usually the
 simple 1 subnet for every device is enough for them. Separating some
 devices into  a separate subnets is usually enough for the most
 sophisticated home users. If  not then he can opt for business service
 
 You don't want to make the assumption that just because Joe Sixpack doesn't
 know what a subnet is, that Joe Sixpack's CPE doesn't know either.
 
 And remember that if it's 3 hops from one end of Joe Sixpack's internal net 
 to
 the other, you're gonna burn a few bits to support heirarchical routing so 
 you
 don't need a routing protocol. So if Joe's exterior-facing CPU gets handed a
 /56 by the provider, and it hands each device it sees a /60 in case it's a
 device that routes too, it can only support 14 devices.  And if one of the
 
 more exactly 16 routing devices. You don't have to count the all 0 and all 1 
 as reserved maybe each deeice can see /57 or /58 or /59 depending of 
 capabilities your devices
 
 I think daisy chaining of CPE routers is bad idea - as probably done in 
 several IPv4 home networks. Why would you build several hierarchy into you 
 network if it is unnecessary?
 
 
I can see things like wanting to have an entertainment systems network that is 
fronted
by a router with additional networks for each entertainment system fronted by 
their
own router, segmentation of various appliance networks with possibly an 
appliance
front-end router, etc.

There are lots of possibilities we haven't thought of here yet. Limiting 
end-users
to /56 or worse will only stifle the innovation that will help us identify the 
possibilities.
For this, if no other reason, (and I cite the limitations under which we have 
begun
to frame our assumptions about how the internet works as a result of NAT as an
example), I think we should avoid preserving this cultural conditioning in IPv6.


Owen



smime.p7s
Description: S/MIME cryptographic signature

Re: IPv6 end user addressing

2011-08-08 Thread Sven Olaf Kamphuis

we assign /112 per end user vlan (or server) at this moment... works 
perfectly fine (and thats even a bit too big).


- nobody wants to use dynamic ips on -servers- or -router links- anyway

i -really- can't see why people don't just use subnets with just the 
required number of addresses.


take one /64 (for /64's sake ;), split it up into subnets which each have 
the required number of addresses (lets say you have 2-4 addresses for each 
bgp/router link, so you simply split it up into subnets that size)


etc.

no need to use /64 for -everything- at all, just because it fits 
(ethernet) mac addresses (as if ethernet will be around longer than ipv6 
ha-ha, someone will come up with something faster tomorrow and then its 
bye bye ethernet, the 10ge variant is getting slow, and the 100ge variant 
is not even standardized yet, and trunking is a bottleneck ;)


we don't use /24's for -everything- on ipv4 now do we :P

(oh wait, there once was a time where we did.. due to another retarded 
semi-automatic configuration thingy, called RIP , which also only seemed 
to understand /24 or bigger ;)


--
Greetings,

Sven Olaf Kamphuis,
CB3ROB Ltd.  Co. KG
=
Address: Koloniestrasse 34 VAT Tax ID:  DE267268209
 D-13359   Registration:HRA 42834 B
 BERLINPhone:   +31/(0)87-8747479
 Germany   GSM: +49/(0)152-26410799
RIPE:CBSK1-RIPEe-Mail:  s...@cb3rob.net
=
penpen C3P0, der elektrische Westerwelle
http://www.facebook.com/cb3rob
=

Confidential: Please be advised that the information contained in this
email message, including all attached documents or files, is privileged
and confidential and is intended only for the use of the individual or
individuals addressed. Any other use, dissemination, distribution or
copying of this communication is strictly prohibited.


On Mon, 8 Aug 2011, Owen DeLong wrote:



On Aug 7, 2011, at 4:26 PM, Jeff Wheeler wrote:


On Sun, Aug 7, 2011 at 6:58 PM, Mark Andrews ma...@isc.org wrote:

So you want HE to force all their clients to renumber.


No.  I am simply pointing out that Owen exaggerated when he stated
that he implements the following three practices together on his own
networks:
* hierarchical addressing
* nibble-aligned addressing
* /48 per access customer

You can simply read the last few messages in this thread to learn that
his recommendations on this list are not even practical for his
network today, because as Owen himself says, they are not yet able to
obtain additional RIR allocations.  HE certainly operates a useful,
high-profile tunnel-broker service which is IMO a very great asset to
the Internet at-large; but if you spend a few minutes looking at the
publicly available statistics on this service, they average only
around 10,000 active tunnels across all their tunnel termination boxes
combined.  They have not implemented the policies recommended by Owen
because, as he states, a /32 is not enough.

Do I think the position he advocates will cause the eventual
exhaustion of IPv6?  Well, let's do an exercise:

There has been some rather simplistic arithmetic posted today, 300m
new subnets per year, etc. with zero consideration of address/subnet
utilization efficiency within ISP networks and individual aggregation
router pools.  That is foolish.  We can all pull out a calculator and
figure that 2000::/3 has space for 35 trillion /48 networks.  That
isn't how they will be assigned or routed.

The effect of 2011-3 is that an out-sized ISP like ATT has every
justification for deciding to allocate 24 bits worth of subnet ID for
their largest POP, say, one that happens to terminate layer-3
services for all customers in an entire state.  They then have policy
support for allocating the same sized subnet for every other POP, no
matter how small.  After all, the RIR policy permits them to obtain
additional allocations as soon as one POP subnet has become full.

So now you have a huge ISP with a few huge POPs, and a lot of small
ones, justified in assigning the same size aggregate prefix, suitable
for 2^24 subnets, to all those small POPs as well.  How many layer-3
POPs might this huge ISP have?  Any number.  It could be every central
office with some kind of layer-3 customer aggregation router.  It
could even be every road-side hut for FTTH services.  Perhaps they
will decide to address ten thousand POPs this way.

Now the nibble-aligned language in the policy permits them to round up
from 10,000 POPs to 16 bits worth of address space for POP ID.  So
ATT is quite justified in requesting:
   48 (customer subnet length) - 24 (largest POP subnet ID size) - 16
(POP ID) == a /8 subnet for themselves.


Right up until you read:

6.5.3

RE: IPv6 end user addressing

2011-08-08 Thread Jonathon Exley

Silly confidentiality notices are usually enforced by silly corporate IT 
departments and cannot be removed by mere mortal employees.
They are an unavoidable part of life, like Outlook top posting and spam.

Jonathon.

-Original Message-
From: Owen DeLong [mailto:o...@delong.com] 
Sent: Tuesday, 9 August 2011 8:26 a.m.
To: Jonathon Exley
Cc: nanog@nanog.org
Subject: Re: IPv6 end user addressing

[snip]

P.S. Jonathon: If anything in your email was confidential, too bad. You posted 
it to a public list. Silly notice at the
bottom to that effect removed.

This email and attachments: are confidential; may be protected by
privilege and copyright; if received in error may not be used,copied,
or kept; are not guaranteed to be virus-free; may not express the
views of Kordia(R); do not designate an information system; and do not
give rise to any liability for Kordia(R).

Re: IPv6 end user addressing

2011-08-08 Thread William Herrin

On Mon, Aug 8, 2011 at 6:52 PM, Sven Olaf Kamphuis s...@cb3rob.net wrote:
 we assign /112 per end user vlan (or server) at this moment... works
 perfectly fine (and thats even a bit too big).

 - nobody wants to use dynamic ips on -servers- or -router links- anyway

 i -really- can't see why people don't just use subnets with just the
 required number of addresses.

Hi Sven,

Stateless autoconfiguration (which is NOT dynamic IP addresses; the IP
address is static but tied to the ethernet card) does not work unless
the subnet mask is exactly /64.

Even on a server lan you'll occasionally want to plug in a PC for
diagnostics without having to poke in an IP address by hand.


There are some great reasons to use a /112s or even smaller blocks for
some applications. Use them that way, sure. But IMHO it's
short-sighted to _assign_ address blocks at that size -- it means the
person downstream has to come back to you and waste your time when
they want to do anything else. And your choice delays them and wastes
their time as well -- a fine customer service indeed.

Regards,
Bill Herrin


-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: http://bill.herrin.us/
Falls Church, VA 22042-3004

Re: IPv6 end user addressing

2011-08-08 Thread Randy Carpenter


I heard at one time that hardware manufacturers were likely to route in 
hardware only down to a /64, and that any smaller subnets would be subject to 
the slow path as ASICs were being designed with 64-bit address tables. I have 
no idea of the validity of that claim. Does anyone have any concrete evidence 
for or against this argument?

If true, it would make /64s even more attractive.

-Randy


- Original Message -
 we assign /112 per end user vlan (or server) at this moment...
 works
 perfectly fine (and thats even a bit too big).
 
 - nobody wants to use dynamic ips on -servers- or -router links-
 anyway
 
 i -really- can't see why people don't just use subnets with just the
 required number of addresses.
 
 take one /64 (for /64's sake ;), split it up into subnets which each
 have
 the required number of addresses (lets say you have 2-4 addresses for
 each
 bgp/router link, so you simply split it up into subnets that size)
 
 etc.
 
 no need to use /64 for -everything- at all, just because it fits
 (ethernet) mac addresses (as if ethernet will be around longer than
 ipv6
 ha-ha, someone will come up with something faster tomorrow and then
 its
 bye bye ethernet, the 10ge variant is getting slow, and the 100ge
 variant
 is not even standardized yet, and trunking is a bottleneck ;)
 
 we don't use /24's for -everything- on ipv4 now do we :P
 
 (oh wait, there once was a time where we did.. due to another
 retarded
 semi-automatic configuration thingy, called RIP , which also only
 seemed
 to understand /24 or bigger ;)
 
 --
 Greetings,
 
 Sven Olaf Kamphuis,
 CB3ROB Ltd.  Co. KG
 =
 Address: Koloniestrasse 34 VAT Tax ID:  DE267268209
   D-13359   Registration:HRA 42834 B
   BERLINPhone:
 +31/(0)87-8747479
   Germany   GSM:
   +49/(0)152-26410799
 RIPE:CBSK1-RIPEe-Mail:  s...@cb3rob.net
 =
 penpen C3P0, der elektrische Westerwelle
 http://www.facebook.com/cb3rob
 =
 
 Confidential: Please be advised that the information contained in
 this
 email message, including all attached documents or files, is
 privileged
 and confidential and is intended only for the use of the individual
 or
 individuals addressed. Any other use, dissemination, distribution or
 copying of this communication is strictly prohibited.
 
 
 On Mon, 8 Aug 2011, Owen DeLong wrote:
 
 
  On Aug 7, 2011, at 4:26 PM, Jeff Wheeler wrote:
 
  On Sun, Aug 7, 2011 at 6:58 PM, Mark Andrews ma...@isc.org
  wrote:
  So you want HE to force all their clients to renumber.
 
  No.  I am simply pointing out that Owen exaggerated when he stated
  that he implements the following three practices together on his
  own
  networks:
  * hierarchical addressing
  * nibble-aligned addressing
  * /48 per access customer
 
  You can simply read the last few messages in this thread to learn
  that
  his recommendations on this list are not even practical for his
  network today, because as Owen himself says, they are not yet able
  to
  obtain additional RIR allocations.  HE certainly operates a
  useful,
  high-profile tunnel-broker service which is IMO a very great asset
  to
  the Internet at-large; but if you spend a few minutes looking at
  the
  publicly available statistics on this service, they average only
  around 10,000 active tunnels across all their tunnel termination
  boxes
  combined.  They have not implemented the policies recommended by
  Owen
  because, as he states, a /32 is not enough.
 
  Do I think the position he advocates will cause the eventual
  exhaustion of IPv6?  Well, let's do an exercise:
 
  There has been some rather simplistic arithmetic posted today,
  300m
  new subnets per year, etc. with zero consideration of
  address/subnet
  utilization efficiency within ISP networks and individual
  aggregation
  router pools.  That is foolish.  We can all pull out a calculator
  and
  figure that 2000::/3 has space for 35 trillion /48 networks.  That
  isn't how they will be assigned or routed.
 
  The effect of 2011-3 is that an out-sized ISP like ATT has every
  justification for deciding to allocate 24 bits worth of subnet ID
  for
  their largest POP, say, one that happens to terminate layer-3
  services for all customers in an entire state.  They then have
  policy
  support for allocating the same sized subnet for every other POP,
  no
  matter how small.  After all, the RIR policy permits them to
  obtain
  additional allocations as soon as one POP subnet has become full.
 
  So now you have a huge ISP with a few huge POPs, and a lot of
  small
  ones, justified in assigning the same size aggregate prefix,
  suitable
  for 2^24 subnets, to all

Re: IPv6 end user addressing


On Aug 8, 2011, at 3:52 PM, Sven Olaf Kamphuis wrote:

 we assign /112 per end user vlan (or server) at this moment... works 
 perfectly fine (and thats even a bit too big).
 

Sigh… Too big for what?

 - nobody wants to use dynamic ips on -servers- or -router links- anyway
 

True… Guess what… Static addresses work in /64s as well.

Better yet, your /64 will support adding troubleshooting equipment rapidly 
without having to hunt
for an available address.

 i -really- can't see why people don't just use subnets with just the required 
 number of addresses.
 

Because we see real advantages to sparse addressing?

Because it would make our lives unnecessarily more complicated?

Because it will lead to additional human factors issues in most environments 
with more than a
single administrator and likely even in cases where it is a single 
administrator?

Because it reduces the potential for better automation?

I'm sure there are more reasons, but, these are just a few that come to mind 
off the top
of my head.

 take one /64 (for /64's sake ;), split it up into subnets which each have the 
 required number of addresses (lets say you have 2-4 addresses for each 
 bgp/router link, so you simply split it up into subnets that size)
 

The point of this being? What do you gain by doing this? I've shown you at 
least a few things you lose.

 etc.
 
 no need to use /64 for -everything- at all, just because it fits (ethernet) 
 mac addresses (as if ethernet will be around longer than ipv6 ha-ha, someone 
 will come up with something faster tomorrow and then its bye bye ethernet, 
 the 10ge variant is getting slow, and the 100ge variant is not even 
 standardized yet, and trunking is a bottleneck ;)
 

The /64 was chosen because it fits EUI-64 addresses. Ethernet MAC addresses are 
EUI-48.

Examples of network technologies that use EUI-64 include Firewire, Zigbee, 
6lowpan, etc.

So this argument is rather specious and orthogonal to your supposed point.

 we don't use /24's for -everything- on ipv4 now do we :P
 

Right.. We ran out of IPv4 and stopped doing that in order to artificially 
extend its life.

 (oh wait, there once was a time where we did.. due to another retarded 
 semi-automatic configuration thingy, called RIP , which also only seemed to 
 understand /24 or bigger ;)
 

The issuance of /24s was _NOT_ driven by RIP. Rather, the architecture of RIP 
was driven
by glassful addressing assumptions. There were many other reasons for classful 
addressing
and it still retains some of those advantages.

Owen
 
 Confidential: Please be advised that the information contained in this
 email message, including all attached documents or files, is privileged
 and confidential and is intended only for the use of the individual or
 individuals addressed. Any other use, dissemination, distribution or
 copying of this communication is strictly prohibited.
 

Guess you shouldn't have published it to a public list then.

 
 On Mon, 8 Aug 2011, Owen DeLong wrote:
 
 
 On Aug 7, 2011, at 4:26 PM, Jeff Wheeler wrote:
 
 On Sun, Aug 7, 2011 at 6:58 PM, Mark Andrews ma...@isc.org wrote:
 So you want HE to force all their clients to renumber.
 
 No.  I am simply pointing out that Owen exaggerated when he stated
 that he implements the following three practices together on his own
 networks:
 * hierarchical addressing
 * nibble-aligned addressing
 * /48 per access customer
 
 You can simply read the last few messages in this thread to learn that
 his recommendations on this list are not even practical for his
 network today, because as Owen himself says, they are not yet able to
 obtain additional RIR allocations.  HE certainly operates a useful,
 high-profile tunnel-broker service which is IMO a very great asset to
 the Internet at-large; but if you spend a few minutes looking at the
 publicly available statistics on this service, they average only
 around 10,000 active tunnels across all their tunnel termination boxes
 combined.  They have not implemented the policies recommended by Owen
 because, as he states, a /32 is not enough.
 
 Do I think the position he advocates will cause the eventual
 exhaustion of IPv6?  Well, let's do an exercise:
 
 There has been some rather simplistic arithmetic posted today, 300m
 new subnets per year, etc. with zero consideration of address/subnet
 utilization efficiency within ISP networks and individual aggregation
 router pools.  That is foolish.  We can all pull out a calculator and
 figure that 2000::/3 has space for 35 trillion /48 networks.  That
 isn't how they will be assigned or routed.
 
 The effect of 2011-3 is that an out-sized ISP like ATT has every
 justification for deciding to allocate 24 bits worth of subnet ID for
 their largest POP, say, one that happens to terminate layer-3
 services for all customers in an entire state.  They then have policy
 support for allocating the same sized subnet for every other POP, no
 matter how small.  After all, the RIR policy permits them

Re: IPv6 end user addressing