[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 w.g. Last Call on "Unique Local IPv6 Unicast Addresses"





Brian E Carpenter wrote:

>Alain,
>
>Do you think it is better to let the RIRs develop a policy for
>allocating PA space for local use, i.e. create a swamp like IPv4?
>
PA... Do you PI for Provider Independant?
If it is the case, yes I think it would be less damaging to do that.
See below.

>
>In detail..
>
[Focusing on technology as I think that the other dicussions will
 simply not go anywhere in this forum]

>>impact:
>>                - what about reverse DNS?
>>    
>>
>
>Suggestions? Is reverse DNS needed for these addresses? You're correct that
>this needs analysis.
>
A valid enough reason to get a -02 published.

>>                - what about address selection rules?
>>    
>>
>
>These addresses behave like global scope for that purpose.
>
In terms of scope, you're right. Now take the multi-party
communication example that was described by Erik earlier on,
there is a problem. So you need to add an extra selection rule
and an API to reverse that choice for the cases it does not make
sense.
Note: you cannot do that just by adding entries in the preference
table, this table is global and you need a per-socket oprtion.

>>                - what about address leakage?
>>    
>>
>
>These addresses are unique, so leakage is nothing like as harmful
>as with RFC 1918. They are also known to be unrouteable globally, so
>can be blackholed at domain boundaries. I thought that was discussed in
>the draft.
>
>  
>
>>                - how to debug those networks when they will leak?
>>    
>>
>
>You don't need to. If you see one of these addresses out of its intended
>domain, you only need to drop it. I'm not saying this lightly - I really
>think this is not an issue. There is nothing to debug. You just don't care.
>  
>
I disagree. You cannot say that. Examples:
- you're under security attack from one of those addresses,
   you'd like to trace it back. Any tiny bit helps.

- you're doing a complex merge of several local address spaces
   and things get ugly. You'd like to have a simple way (like whois)
   to know who those prefixes belongs to.

>>                  and it is impossible to map those prefixes back to their owner?
>>    
>>
>
>Doesn't matter. You just drop them.
>
No. see above.



>>In a rush to create something to replace the Site Local addresses,
>>    
>>
>
>It isn't replacing site-local. It's filling a widely perceived need that
>has emerged (with our better understanding of the needs of enterprise and
>inter-enterprise networking) since site-local was invented. 
>
>The rush, as I
>said at the top, is to prevent widespread misuse of PA prefixes and to give
>us a chance of preventing NAT6.
>
>If this doesn't get done soon, I think the emphasis will rapidly change to
>working with the RIRs to get a rough and ready policy in place for
>private use of PA space.
>
The real requirement is to have addresses that are not bound to any 
provider,
as this because renumbering will never be painless and multi-homing solution
a la Multi6 will take years to be developped.

So the question is what to do in the meantine. 3 alternatives:
1- Give a limited amount of PI to those who really want it and let
     them pay $$$ to get their ISP to route them
2- Create this 'local address' kludge that will stay for a long time
3- Speed up the work in Multi6.

None of this comes for free, however my take is that the combination
of 1 and 3 is much less expensive that 2.

    - Alain.





--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------