Re: IPv6 fc00::/7 — Unique local addresses

Tue Oct 26 05:32:43 UTC 2010

On Oct 21, 2010, at 8:25 PM, Mark Andrews wrote:

> 
> In message <4BC01459-B53A-4B2C-B75B-47D89550DFC5 at delong.com>, Owen DeLong write
> s:
>> 
>> On Oct 21, 2010, at 3:15 PM, Mark Andrews wrote:
>> 
>>> =20
>>> In message <E22A56B3-68F1-4A75-A091-E416800C485B at delong.com>, Owen =
>> DeLong write
>>> s:
>>>>>>> =20
>>>>>> Which is part one of the three things that have to happen to make =
>> ULA
>>>>>> really bad for the internet.
>>>>>> =20
>>>>>> Part 2 will be when the first provider accepts a large sum of money =
>> to
>>>>>> route it within their public network between multiple sites owned =
>> by
>>>>>> the same customer.
>>>>>> =20
>>>>> =20
>>>>> That same customer is also going to have enough global address
>>>>> space to be able to reach other global destinations, at least enough
>>>>> space for all nodes that are permitted to access the Internet, if =
>> not
>>>>> more. Proper global address space ensures that if a global =
>> destination
>>>>> is reachable, then there is a high probability of successfully =
>> reaching
>>>>> it. The scope of external ULA reachability, regardless of how much
>>>>> money is thrown at the problem, isn't going to be as good as proper
>>>>> global addresses.
>>>>> =20
>>>> _IF_ they implement as intended and as documented. As you've
>>>> noted there's a lot of confusion and a lot of people not reading the
>>>> documents, latching onto ULA and deciding ti's good.
>>>> =20
>>>> It's not a big leap for some company to do a huge ULA deployment
>>>> saying "this will never connect to the intarweb thingy" and 5-10 =
>> years
>>>> later not want to redeploy all their addressing, so, they start =
>> throwing
>>>> money at getting providers to do what they shouldn't instead of
>>>> readdressing their networks.
>>> =20
>>> IPv4 think.
>>> =20
>>> You don't re-address you add a new address to every node.  IPv6 is
>>> designed for multiple addresses.
>>> =20
>> That's a form of re-addressing. It's not removing the old addresses, =
>> but,
>> it is a major undertaking just the same in a large deployment.
> 
> I don't see any major difference in the amount of work required to
> go from disconnected ULA to ULA + PA/PI or ULA + NAT compared to
> disconnected PI to connected PI.  Whether the machines have one or
> two address is inconsequential in the grand scheme of things.
> 
If it's all SLAAC, you're right. Most people have some servers and
some other machines that get static addresses. In those cases, those
machines have to be touched to facilitate the transition if you start with
ULA. If you start with GUA, then, it's just a matter of changing the firewall
policies and the router filters, and, possibly some routes.

>>>>> For private site interconnect, I'd think it more likely that the
>>>>> provider would isolate the customers traffic and ULA address space =
>> via
>>>>> something like a VPN service e.g. MPLS, IPsec.
>>>>> =20
>>>> One would hope, but, I bet laziness and misunderstanding trumps
>>>> reason and adherence to RFCs over the long term. Since ULA
>>>> won't get hard-coded into routers as unroutable (it can't),
>>> =20
>>> Actually it can be.  You just need a easy switch to turn it off.  The
>>> router can even work itself out many times.  Configure multiple =
>> interfaces
>>> from the same ULA /48 and you pass traffic for the /48 between those
>>> interfaces.  You also pass routes for that /48 via those interfaces.
>>> =20
>> If you have an easy switch to turn it off, it will get used, thus =
>> meaning that
>> it isn't hard coded, it's just default.
> 
> On by default will create a effective deterrent.
> 
We can agree to disagree about that. However, there's enough code out
there already that isn't on by default that I think that ship has sailed.

Owen