IPv6 Default Allocation - What size allocation are you giving out
Owen DeLong
owen at delong.com
Fri Oct 10 14:45:12 UTC 2014
On Oct 9, 2014, at 3:04 PM, Baldur Norddahl <baldur.norddahl at gmail.com> wrote:
> On 9 October 2014 23:18, Roland Dobbins <rdobbins at arbor.net> wrote:
>
>>
>> On Oct 10, 2014, at 4:13 AM, Baldur Norddahl <baldur.norddahl at gmail.com>
>> wrote:
>>
>>> My colleges wanted to completely drop using public IP addressing in the
>> infrastructure.
>>
>> Your colleagues are wrong. Again, see RFC6752.
>>
>
> Yes, for using private IP addressing RFC 6752 applies and it is why we are
> not doing it. But you seem to completely fail to understand that RFC 6752
> does not apply to the proposed solution. NONE of the problems listed in RFC
> 6752 are a problem with using unnumbered interfaces. Traceroute works. ICMP
> works. There are no private IP addresses that gets filtered.
>
>> I am wondering if all the nay sayers would not agree that is it better to
>> have a single public loopback address shared between all my interfaces,
>> than to go with private addressing completely?
>>
>> This is a false dichotomy.
>>
>>> Because frankly, that is the alternative.
>>
>> It isn't the only alternative. The *optimal* alternative is to use
>> publicly-routable link addresses, and then protect your infrastructure
>> using iACLs, GTSM, CoPP, et. al.
>>
>>
> I will as soon as you send me the check to buy addresses for all my links.
> I got a few.
>
> But it appears you do not realize that we ARE using public IPs for our
> infrastructure. And we ARE using ACLs for protecting it. We are not using
> addresses for LINKS, neither public nor private. And it is not for security
> but to conserve expensive address space.
Addresses are not expensive.
You can get up to a /40 from ARIN for $500 one-tim and $100/year.
Are you really trying to convince me that you have ore than 16.7 million links?
(and that’s assuming you assign a /64 per link).
I’m sorry, but this argument utterly fails under any form of analysis.
Owen
More information about the NANOG
mailing list