IPV6 renumbering painless?

Owen DeLong owen at delong.com
Thu Nov 11 23:45:04 UTC 2004


>> I still think that we should pursue making the design work and not
>> adopt
>> cruft as standards (ULA).
>
> ULAs aren't cruft. They serve a purpose. If you don't need them, don't
> use them and they won't get in your way.
>
ULAs aren't cruft so long as providers do not start exchanging ULA routes
in the general routing table.  When economics start forcing this issue, then
ULAs become a crufty form of PI space.  Since I believe the economics will
force this issue sooner rather than later, I regard ULAs as cruft whether
you agree or not.

> The actual distribution of new IP addresses to boxes is fairly trivial in
> IPv6. DNS is somewhat problematic but nothing a good search and replace
> can't handle. The real issues are IP address based access restrictions
> and problems with ingress filtering when addresses from two ISPs are in
> use at the same time.
>
Agreed.  That is why I would like to see access restrictions move to 
something
more meaningful than the IP address.  Of course, doing so, requires some
easy form of strong host authentication, such as AH on all packets that must
traverse access restrictions.

Ingress filtering shouldn't be that hard, since at least on a theoretical
level you shouldn't, in those cases, be leaking provider A's addresses to
provider B's network and certainly, answers are unlikely to come back from
the other provider.

>>> - Until very recently DNS software did not support A6 records at
>>>   all, and "chain" support for A6 records still seems to be a work
>>>   in progress.
>
>> This is getting resolved and I suspect will be long since functional by
>> the time v6 comes to widespread deployment consideration.
>
> Quite the opposite. There was A6 support in BIND AFAIK, but it's removed
> as it's unworkable. Learn to love AAAA.
>
That's most unfortunate.  A6 had much more promise than AAAA for a variety
of applications.  Oh well.

>> If your organization is large enough to involve reconfiguring a
>> significant
>> number of routers, it is unlikely to be small enough to have to use PA
>> space instead of getting PI space in the v6 world.
>
> There is currently no PI in IPv6 unless you're an internet exchange or a
> root server. Whether there will be is anyone's guess, but it's not
> currently in the pipeline.
>
If we allow ULA, there definitely will be.  If we don't, then, it will be
interesting to see how many ISPs spring up with a single customer 
(themselves).

>> I still think NAT is evil cruft that had a purpose in the V4
>> world, but, is highly undesirable in the v6 world.
>
> Regardless of the merit of NAT, there is little merit in IPv6+NAT as it
> has all the downsides of both. If you can live with NAT, stay in IPv4 and
> talk to the IPv6 world over IPv4<->IPv6 NAT.
>
Agreed.



Owen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20041111/98805200/attachment.sig>


More information about the NANOG mailing list