shim6 @ NANOG (forwarded note from John Payne)

Stephen Sprunk stephen at
Fri Mar 3 18:26:33 UTC 2006

Thus spake "Iljitsch van Beijnum" <iljitsch at>
> On 3-mrt-2006, at 17:04, Stephen Sprunk wrote:
>> Keep in mind that current RIR allocations/assignments are  effectively 
>> leases (though the RIRs deny that fact) and, like any  landlord, they can 
>> refuse to renew a lease or increase the rent at  any point.
> I can only imagine the fun the lawyers are going to have with this:
> 1. Get address space from Internic, no questions asked
> 2. ARIN is formed and starts making policies that say address space  isn't 
> owned
> 3. ARIN never enforces these no ownership policies (that I know of)
> 4. ARIN tries to take away the addresses
> That's the best advertisement IPv6 could ever hope for: "no lawyers!"

Thanks for silently snipping the paragraph that partially answered that.

There may be some legal battles over it, but since the orgs have no records 
of ever purchasing those legacy addresses, it's hard to claim true 
ownership -- not that one could easily establish owning a number even with a 
bill of sale.

My guess is we'll continue to grandfather them forever, but RIR policy will 
change to requiring orgs to start paying rent on them in order to receive 
any new assignments (either v4 or v6).  Wait a few years, and we can reclaim 
most of the space without the lawyers being able to interfere.

v6 does have an advantage (to the RIRs) of not having legacy issues, but 
that's a disadvantage for the orgs getting space.  Consider that the vast 
majority of orgs with multiple legacy swamp allocations haven't traded them 
in for a rent-free CIDR one; part of that is inertia, but part is the risk 
that doing so will more likely expose them to rent in the future.

>>> So even if it's  free, deploying IPv6 today isn't all that useful.  But 
>>> when you're the  last one running IPv4, you'll really want to  move over 
>>> to IPv6, even  if it's very expensive.
>> Ah, but why?  As long as IPv4 has similar or better performance 
>> characteristics to IPv6, why would anyone _need_ to migrate?  Add  to 
>> that the near certainty that vendors will create NAT devices  that will 
>> allow an entire v4 enterprise to reach the v6 Internet...
> Don't they teach you IPv6 network design in CCIE school?

There weren't CCIE schools back when I got mine, but my understanding is 
that the ones today still don't teach anything (or at least anything useful) 
about IPv6.

> Once you've worked with link local addressing/routing and generating
> addresses from EUI-64s you never want to go back to the tedious
> address and subnet management that's necessary in IPv4.

When you're using RFC1918 space, as nearly all leaf orgs do today, subnet 
assignment isn't tedious: just give every VLAN a /24 or so and be done with 
it; similar to assigning /64s.  Maintaining DHCP servers sucks, but it's an 
accepted cost that doesn't amount to much in the budget since they're 
already paid for (or free with your routers).

I agree that IPv6 is better from this perspective, but unless one is 
building out a greenfield network, the transition cost is higher than the 
cost of status quo.  Just upgrading all those L3 switches to v6-capable 
models will cost large enterprises tens of millions of dollars (and don't 
say regular upgrade cycles will fix that, as obsolete equipment just moves 
out of the core to other places).

> So building boxes just so you can stick to IPv4 when the rest of the
> world is already on IPv6 seems a bit backward to me.

It's not a matter of building boxes: all that needs to happen is for Cisco 
to release an upgrade for PIX (ditto for other vendors) that is free with a 
maintenance contract, and every enterprise will be doing it overnight. 
What's to stop the vendors from doing it?  All it takes is one big (or 
several small) RFP(s) asking for the feature, and it'll be there.

> Since you can't express the IPv6 address space in the IPv4 address  space 
> (the reverse is easy and available today), the translation  needs to 
> happen a bit higher in the stack.

Off-the-cuff solution: translate all incoming v6 addresses to temporary v4 
addresses (172.16/12 will do nicely).  You'll need to intercept DNS, but 
most NAT devices do that today anyways for other reasons.

> When I was testing running IPv6-only I installed an Apache 2 proxy in
> order to reach the IPv4 web from my IPv6-only system. But it worked
> the other way around too, of course: using the proxy, I could visit
> sites over IPv6 with IPv4-only systems.

Which supports my point: why upgrade when you can proxy / translate / 
whatever for (almost) free?  Especially when you're using 10/8 internally 
and thus will never directly feel any v4 exhaustion pain?


Stephen Sprunk        "Stupid people surround themselves with smart
CCIE #3723           people.  Smart people surround themselves with
K5SSS         smart people who disagree with them."  --Aaron Sorkin 

More information about the NANOG mailing list