shim6 @ NANOG (forwarded note from John Payne)
stephen at sprunk.org
Fri Mar 3 18:26:33 UTC 2006
Thus spake "Iljitsch van Beijnum" <iljitsch at muada.com>
> On 3-mrt-2006, at 17:04, Stephen Sprunk wrote:
>> Keep in mind that current RIR allocations/assignments are effectively
>> leases (though the RIRs deny that fact) and, like any landlord, they can
>> refuse to renew a lease or increase the rent at any point.
> I can only imagine the fun the lawyers are going to have with this:
> 1. Get address space from Internic, no questions asked
> 2. ARIN is formed and starts making policies that say address space isn't
> 3. ARIN never enforces these no ownership policies (that I know of)
> 4. ARIN tries to take away the addresses
> That's the best advertisement IPv6 could ever hope for: "no lawyers!"
Thanks for silently snipping the paragraph that partially answered that.
There may be some legal battles over it, but since the orgs have no records
of ever purchasing those legacy addresses, it's hard to claim true
ownership -- not that one could easily establish owning a number even with a
bill of sale.
My guess is we'll continue to grandfather them forever, but RIR policy will
change to requiring orgs to start paying rent on them in order to receive
any new assignments (either v4 or v6). Wait a few years, and we can reclaim
most of the space without the lawyers being able to interfere.
v6 does have an advantage (to the RIRs) of not having legacy issues, but
that's a disadvantage for the orgs getting space. Consider that the vast
majority of orgs with multiple legacy swamp allocations haven't traded them
in for a rent-free CIDR one; part of that is inertia, but part is the risk
that doing so will more likely expose them to rent in the future.
>>> So even if it's free, deploying IPv6 today isn't all that useful. But
>>> when you're the last one running IPv4, you'll really want to move over
>>> to IPv6, even if it's very expensive.
>> Ah, but why? As long as IPv4 has similar or better performance
>> characteristics to IPv6, why would anyone _need_ to migrate? Add to
>> that the near certainty that vendors will create NAT devices that will
>> allow an entire v4 enterprise to reach the v6 Internet...
> Don't they teach you IPv6 network design in CCIE school?
There weren't CCIE schools back when I got mine, but my understanding is
that the ones today still don't teach anything (or at least anything useful)
> Once you've worked with link local addressing/routing and generating
> addresses from EUI-64s you never want to go back to the tedious
> address and subnet management that's necessary in IPv4.
When you're using RFC1918 space, as nearly all leaf orgs do today, subnet
assignment isn't tedious: just give every VLAN a /24 or so and be done with
it; similar to assigning /64s. Maintaining DHCP servers sucks, but it's an
accepted cost that doesn't amount to much in the budget since they're
already paid for (or free with your routers).
I agree that IPv6 is better from this perspective, but unless one is
building out a greenfield network, the transition cost is higher than the
cost of status quo. Just upgrading all those L3 switches to v6-capable
models will cost large enterprises tens of millions of dollars (and don't
say regular upgrade cycles will fix that, as obsolete equipment just moves
out of the core to other places).
> So building boxes just so you can stick to IPv4 when the rest of the
> world is already on IPv6 seems a bit backward to me.
It's not a matter of building boxes: all that needs to happen is for Cisco
to release an upgrade for PIX (ditto for other vendors) that is free with a
maintenance contract, and every enterprise will be doing it overnight.
What's to stop the vendors from doing it? All it takes is one big (or
several small) RFP(s) asking for the feature, and it'll be there.
> Since you can't express the IPv6 address space in the IPv4 address space
> (the reverse is easy and available today), the translation needs to
> happen a bit higher in the stack.
Off-the-cuff solution: translate all incoming v6 addresses to temporary v4
addresses (172.16/12 will do nicely). You'll need to intercept DNS, but
most NAT devices do that today anyways for other reasons.
> When I was testing running IPv6-only I installed an Apache 2 proxy in
> order to reach the IPv4 web from my IPv6-only system. But it worked
> the other way around too, of course: using the proxy, I could visit
> sites over IPv6 with IPv4-only systems.
Which supports my point: why upgrade when you can proxy / translate /
whatever for (almost) free? Especially when you're using 10/8 internally
and thus will never directly feel any v4 exhaustion pain?
Stephen Sprunk "Stupid people surround themselves with smart
CCIE #3723 people. Smart people surround themselves with
K5SSS smart people who disagree with them." --Aaron Sorkin
More information about the NANOG