shim6 @ NANOG (forwarded note from John Payne)

Stephen Sprunk stephen at
Thu Mar 2 10:09:24 UTC 2006

Thus spake "Joe Abley" <jabley at>
> On 1-Mar-2006, at 11:55, David Barak wrote:
>> It isn't fearing change to ask the question "it's not
>> broken today, why should I fix it?"
> What's broken today is that there's no mechanism available for people  who 
> don't qualify for v6 PI space to multi-home. That's what shim6 is  trying 
> to fix.

Shim6 is an answer to "what kind of multihoming can we offer to sites 
without PI space?"; it is yet to be seen if anyone cares about the answer to 
that question.

The question that folks with money are asking is "how do I ensure that any 
random user can get reliable access to my website", and that's a question 
that the IETF is, in general, uninterested in.

> However, it's not hard to find examples in today's v4 Internet where 
> reconvergence following a re-homing event can take 30 to 60 seconds  to 
> occur. In the case where such an event includes some interface  flapping, 
> it's not that uncommon to see paths suppressed due to  dampening for 20-30 
> minutes.

That may be acceptable compared to the general limitations of PA space. 
Folks have learned to deal with the limitations of BGP-based redundancy; 
asking them to give those benefits up without substantially greater benefits 
is foolhardy.

> I would expect (in some future, hypothetical implementation of shim6) 
> that the default failure detection timers to start rotating through  the 
> locator set far sooner than 30-60 seconds.

If we ever see shim6 (or its equivalent) widely deployed...  So far, we 
don't even have simple IPv6 on even a noticeable fraction of end nodes.

Any solution which requires upgrading all the end nodes is a non-starter, 
and the IETF needs to wake up to that fact.  It's taken over a _decade_ for 
simple IPv6 to make it into host stacks, and it's still not viable yet.  No 
host-dependent upgrade will matter to the Internet over the long run.

> No; maintain one address per PA netblock on each host.

And so, if I have 6 upstream providers, every one of my hosts has to keep 
track of the outbound policy I want for each?  How exactly am I supposed to 
keep track of that?  Even the outbound policy for a single host (aka 
firewall) is beyond most organizations' capabilities today...

Why is it even remotely rational that a corporate admin trust 100k+ hosts 
infested with worms, virii, spam, malware, etc. to handle multihoming 
decisions?  Especially when we don't even have a sample of working code 
today?  I don't even trust the <5 PCs I have at home to make those kind of 
decisions, much less every PC in my corporate network...

> There's a vast difference in impact on the state held in the core  between 
> deaggregating towards direct peers, and deaggregating towards  transit 
> providers and having the deaggregated swamp propagated globally.

Obviously, folks differ in their definition of "swamp".

I'd love a world where $large orgs could connect to N providers and not have 
to figure out the vagaries of BGP, but the reality is that if a large 
customer depends on the Internet for their financial health connectivity, 
the only answer today (with either v4 or v6) is PI space.

Now, some may take that as a sign the IETF needs to figure out how to handle 
10^6 BGP prefixes...  I'm not sure we'll be there for a few years with IPv6, 
but sooner or later we will, and someone needs to figure out what the 
Internet is going to look like at that point.  If the IETF isn't interested, 
some group of vendors will, if for no other reason than that's what will be 
needed for the vendors to sell routers in a few years.  Is it any surprise 
that $vendor is pushing how many millions of routes they can handle in the 
FIB today?

IPv6 is just a convenient placeholder for all the problems that today's ISPs 
are ignoring about today's Internet.


Stephen Sprunk        "Stupid people surround themselves with smart
CCIE #3723           people.  Smart people surround themselves with
K5SSS         smart people who disagree with them."  --Aaron Sorkin 

More information about the NANOG mailing list