IPV6 renumbering painless?

Stephen Sprunk stephen at sprunk.org
Sat Nov 13 18:22:56 UTC 2004


Thus spake "Owen DeLong" <owen at delong.com>
> If your organization is large enough to involve reconfiguring a 
> significant
> number of routers, it is unlikely to be small enough to have to use PA
> space instead of getting PI space in the v6 world.

That depends.  I consulted with an oil company that wanted to put IP 
connectivity out to all their gas stations (40,000 of them), with 64+ hosts 
per site, but would never qualify for PI space (under v4 or v6) because zero 
of those hosts would need Internet connectivity.  ULAs would be a perfect 
solution for them.  In fact, they have since merged with another oil company 
of equal size, meaning they'd need two ULA prefixes just to provide a single 
subnet to each site.

>  I would argue that ACL's in the v6 world should probably include A6
> support.

Security folks rarely, if ever, trust DNS enough to use it in ACLs.  And 
you're assuming that putting half a million entires in their ACLs is even 
remotely possible with today's routers.  With ULAs, you just put in one or 
two entries and you're done.  Not to mention the nightmare of keeping track 
of that many DNS records...

Oh, and as others have mentioned, A6 is dead.

> If you are large enough for IGP configuration for the new network to be a
> major undertaking, then, you probably qualify for PI space.  If you are
> large enough that BGP is more than a couple of routers that need
> changing, you probably qualify for PI space.

IMHO, you are overly optimistic on how easily end-user sites can get PI 
space.

> ??? Why not simply perform the address switch somewhere in the
> middle.  You should be able to get the prefix for use with the new
> provider some time before the link comes up, and, if you're disconnected,
> there's no harm in continuing to use the old provider's prefix during
> that time.  This makes no sense to me.

Multi6's current wet dream is that if the connection to a provider goes 
down, that prefix will be automatically un-delegated from all the downstream 
routers and hosts.  If your last connection goes away, you have no addresses 
left except link-local.

For sites which frequently detach from one network and attach to another, 
this is murder on internal communications.  Even a site that is normally 
multihomed may experience severe internal communication failures if a subset 
of their links flap.  Most application protocols assume that a TCP failure 
means the remote host is unavailable or aborted the transaction, and few 
will transparently try a different address pair and resume a transaction 
transparently to the user.

> If you take the last point as a given, but, to me, the last point seems
> irrational.  I still think NAT is evil cruft that had a purpose in the V4
> world, but, is highly undesirable in the v6 world.

I don't think anyone here disagrees with the idea that NAT is evil.  That's 
not the problem ULAs are intended to solve.

S

Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking 




More information about the NANOG mailing list