quietly....
david raistrick
drais at icantclick.org
Thu Feb 3 17:36:51 UTC 2011
On Thu, 3 Feb 2011, Brian Johnson wrote:
>> 1) To allow yourself to change or maintain multiple upstreams without
>> renumbering.
>
> Not sure what you mean here. So having PI space can't accomplish this?
Using PI space means paying significantly more money per year than using
PA space, particularly if you factor in the "recommended" subnet sizing
and that your v6 address space requirements signficantly increase over
v4+NAT.
Remember that we're not talking about ISPs and large enterprises who are
used to shelling out artifically inflated $$ per year to use PI space.
We're talking about telling folks who were happy using PA space (or
who have PI space from before IANA) that they now have to rent addresses
if they want to avoid internal renumbering.
>> 6) Because you have allocated a single address to a machine that later
>> on actually represents n differerent actual network entities, and
>> retrofitting them with their own unique IPv6 subnet presents a problem.
>
> Huh?
I understood that.
I have a customer in my datacenter with 50 servers behind a firewall.
(that "customer" could be an internal team at my enterprise, or a customer
at a colo, or even a customer at the end of a telco circuit).
I need to renumber.
The coordination effort involved in renumbering @ the firewall, vs
renumbering the -entirety- of the customer's internal subnets is
significant.
One customer side example? Oracle RAC. With v4 and NAT, RAC would never
have to know anything. With no NAT, I have to shut down RAC, shut down
OCFS2, reconfigure the cluster filesystem (which is a nontrival task with
nontrival risk), reconfigure RAC (which goes OK, other than that I have to
reconfigure potentially a half dozen config files on every server that
connects to it), restart ocfs, restart RAC....
That's all new work, because I told my customer they cannot use NAT.
And I have to do that with -every- customer.
With v4, I just helped the customer configure his firewall to support both
the old and new addresses, changed external facing DNS, waited for all
traffic to move over, removed the old addresses, and we were done.
--
david raistrick http://www.netmeister.org/news/learn2quote.html
drais at icantclick.org http://www.expita.com/nomime.html
More information about the NANOG
mailing list