quietly....

david raistrick drais at icantclick.org
Thu Feb 3 11:36:51 CST 2011


On Thu, 3 Feb 2011, Brian Johnson wrote:

>> 1) To allow yourself to change or maintain multiple upstreams without
>> renumbering.
>
> Not sure what you mean here. So having PI space can't accomplish this?


Using PI space means paying significantly more money per year than using 
PA space, particularly if you factor in the "recommended" subnet sizing 
and that your v6 address space requirements signficantly increase over 
v4+NAT.

Remember that we're not talking about ISPs and large enterprises who are 
used to shelling out artifically inflated $$ per year to use PI space.

We're talking about telling folks who were happy using PA space (or 
who have PI space from before IANA) that they now have to rent addresses 
if they want to avoid internal renumbering.


>> 6) Because you have allocated a single address to a machine that later
>> on actually represents n differerent actual network entities, and
>> retrofitting them with their own unique IPv6 subnet presents a problem.
>
> Huh?

I understood that.

I have a customer in my datacenter with 50 servers behind a firewall. 
(that "customer" could be an internal team at my enterprise, or a customer 
at a colo, or even a customer at the end of a telco circuit).

I need to renumber.

The coordination effort involved in renumbering @ the firewall, vs 
renumbering the -entirety- of the customer's internal subnets is 
significant.

One customer side example?  Oracle RAC.  With v4 and NAT, RAC would never 
have to know anything.  With no NAT, I have to shut down RAC, shut down 
OCFS2, reconfigure the cluster filesystem (which is a nontrival task with 
nontrival risk), reconfigure RAC (which goes OK, other than that I have to 
reconfigure potentially a half dozen config files on every server that 
connects to it), restart ocfs, restart RAC....

That's all new work, because I told my customer they cannot use NAT.

And I have to do that with -every- customer.

With v4, I just helped the customer configure his firewall to support both 
the old and new addresses, changed external facing DNS, waited for all 
traffic to move over, removed the old addresses, and we were done.





--
david raistrick        http://www.netmeister.org/news/learn2quote.html
drais at icantclick.org             http://www.expita.com/nomime.html





More information about the NANOG mailing list