Re: IPv6 fc00::/7 — Unique local addresses

Fri Oct 22 03:25:53 UTC 2010

In message <4BC01459-B53A-4B2C-B75B-47D89550DFC5 at delong.com>, Owen DeLong write
s:
> 
> On Oct 21, 2010, at 3:15 PM, Mark Andrews wrote:
> 
> >=20
> > In message <E22A56B3-68F1-4A75-A091-E416800C485B at delong.com>, Owen =
> DeLong write
> > s:
> >>>>>=20
> >>>> Which is part one of the three things that have to happen to make =
> ULA
> >>>> really bad for the internet.
> >>>>=20
> >>>> Part 2 will be when the first provider accepts a large sum of money =
> to
> >>>> route it within their public network between multiple sites owned =
> by
> >>>> the same customer.
> >>>>=20
> >>>=20
> >>> That same customer is also going to have enough global address
> >>> space to be able to reach other global destinations, at least enough
> >>> space for all nodes that are permitted to access the Internet, if =
> not
> >>> more. Proper global address space ensures that if a global =
> destination
> >>> is reachable, then there is a high probability of successfully =
> reaching
> >>> it. The scope of external ULA reachability, regardless of how much
> >>> money is thrown at the problem, isn't going to be as good as proper
> >>> global addresses.
> >>>=20
> >> _IF_ they implement as intended and as documented. As you've
> >> noted there's a lot of confusion and a lot of people not reading the
> >> documents, latching onto ULA and deciding ti's good.
> >>=20
> >> It's not a big leap for some company to do a huge ULA deployment
> >> saying "this will never connect to the intarweb thingy" and 5-10 =
> years
> >> later not want to redeploy all their addressing, so, they start =
> throwing
> >> money at getting providers to do what they shouldn't instead of
> >> readdressing their networks.
> >=20
> > IPv4 think.
> >=20
> > You don't re-address you add a new address to every node.  IPv6 is
> > designed for multiple addresses.
> >=20
> That's a form of re-addressing. It's not removing the old addresses, =
> but,
> it is a major undertaking just the same in a large deployment.

I don't see any major difference in the amount of work required to
go from disconnected ULA to ULA + PA/PI or ULA + NAT compared to
disconnected PI to connected PI.  Whether the machines have one or
two address is inconsequential in the grand scheme of things.

> >>> For private site interconnect, I'd think it more likely that the
> >>> provider would isolate the customers traffic and ULA address space =
> via
> >>> something like a VPN service e.g. MPLS, IPsec.
> >>>=20
> >> One would hope, but, I bet laziness and misunderstanding trumps
> >> reason and adherence to RFCs over the long term. Since ULA
> >> won't get hard-coded into routers as unroutable (it can't),
> >=20
> > Actually it can be.  You just need a easy switch to turn it off.  The
> > router can even work itself out many times.  Configure multiple =
> interfaces
> > from the same ULA /48 and you pass traffic for the /48 between those
> > interfaces.  You also pass routes for that /48 via those interfaces.
> >=20
> If you have an easy switch to turn it off, it will get used, thus =
> meaning that
> it isn't hard coded, it's just default.

On by default will create a effective deterrent.

> >=20
> Owen
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org