who gets a /32 [Re: IPV6 renumbering painless?]

• Previous message (by thread): who gets a /32 [Re: IPV6 renumbering painless?]
• Next message (by thread): who gets a /32 [Re: IPV6 renumbering painless?]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thus spake "Iljitsch van Beijnum" <iljitsch at muada.com>
> On 19-nov-04, at 17:58, Stephen Sprunk wrote:
>> Don't have "real connectivity"?  I've personally worked with dozens of 
>> Fortune 500 companies that have internal FR/ATM networks that dwarf AT&T, 
>> UUnet, etc. in the number of sites connected.  Thousands of sites is 
>> common, and tens of thousands of sites in some cases.  Do you not 
>> consider these networks "real" because each site may only have a 16k PVC 
>> to talk to corporate?
>
> That's right. If you need internet access, you need it to be faster than 
> 16 kbps.

Who said the only purpose of IP was to connect to the Internet?  16kbps is 
the lowest I've seen only because that's the smallest you can buy in the FR 
world (Sprint's 0kbps PVCs aside).  Many businesses were fine (and still 
would be) using 2400 baud leased lines and upgraded to FR only because it 
cost slightly less.  A couple cashiers typing text into a green-screen app 
don't need blazingly-fast IP service, nor would their employer be interested 
in paying them to surf the web while customers are waiting.

> As far as I can tell, it's pretty rare for an organization of this size to 
> have
> their own IP network that they use to connect all their sites to the 
> global
> internet, for the simple reason that leased lines, framerelay or ATM
> capacity is generally more expensive than IP connectivity.

At higher bw levels, that might be true, but at sub-T1 rates FR/ATM are 
often cheaper to build your own network and certainly offer lower latency 
and higher reliability; ditto for outside major cities, where FR/ATM 
typically offers a zero-mile loop whereas IP connections may need to be 
backhauled a hundred miles or more.  If T1 Internet pipes are cheaper at a 
particular location, some people may choose to tunnel their corporate 
network over it, but that is typically _all_ traffic, not just internal 
traffic.

There's also a security motivation as well: it's much simpler to maintain a 
couple firewalls at central sites (with technical staff present) than to 
manage thousands out at every site with a handful or even zero human users 
which may not even be allowed Internet access in the first place.

Even Cisco, last I checked, only connected to the Internet in four places 
worldwide, though they have hundreds of offices (and full private internal 
connectivity).  Presumably they know what they're doing, or at least have a 
better clue than enterprises in other industries.  Consider that a best 
case.

> So a single large address block is of little use to such an organization, 
> unless they get to announce more specifics all over the place.

In my experience, they will announce the aggregate from all hub sites plus 
more-specifics for that hub and the sites directly connected to it.  Traffic 
that comes into the wrong hub due to prefix length filters (or Internet 
outages) is back-hauled inside the corporate backbone.

>>> learn to love renumbering. And again, IPv6+NAT makes no sense as NAT 
>>> works much better with IPv4 and with NAT you don't really need the 
>>> larger address space.
>
>> If I have a disconnected network, why would I use NATs or be forced to 
>> renumber periodically?
>
> I have no idea. Use unique local addresses instead.

Exactly.

>> Why should disconnected networks use global addresses (and pay rent to 
>> the RIRs) in the first place?
>
> There aren't many networks around that are truly disconnected. Even 
> "disconnected" networks connect to stuff that connects to other stuff that 
> connects to the internet at some point. This means that "disconnected" 
> address space must not overlap with addresses used on the internet. We 
> have that in RFC 1918. However, "disconnected" networks tend to 
> interconnect with other "disconnected" networks from time to time, which 
> means trouble if they both use the same address space. This is where ULAs 
> come to the rescue.

...and that's why ULAs were proposed by the IPv6 WG.  Even networks that 
have no connectivity to the Internet are often connected to each other, and 
a subset of those networks will eventually have connectivity to the Internet 
or another network that does.  But there are some truly disconnected 
networks as well, and ULAs are still a better choice than randomly picking a 
prefix out of 0::0.

S

Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking 

• Previous message (by thread): who gets a /32 [Re: IPV6 renumbering painless?]
• Next message (by thread): who gets a /32 [Re: IPV6 renumbering painless?]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]