who gets a /32 [Re: IPV6 renumbering painless?]

Paul_A_Vixie · November 22, 2004, 4:53pm

> you are drastically misunderstanding my hopes, my goals, and my role.

Please explain them then.

briefly, because i consider myself off-topic and sue probably does also.

the problem statement answered by the ipngwg was wrong. they thought they
were supposed to "solve the shortage of address space problem", but that
wasn't the most serious problem then (and is not now). the right problem
statement would be to "solve the shortage of PORTABLE address space problem".
note the insertion of the word "portable" before "address space". the big
problem in 1992 and the big problem now is that a wal-mart corporate desktop
will either have an ambigious address (behind a NAT), or a hard-to-renumber
isp-price-locked address (provider assigned), or a takes-a-slot-in-the-global
routing-table address (provider independent). three strikes and you're out!
none of those three things is acceptable, not even as a compromise.

i have not looked in on the multi6 wg this year. my bad. perhaps you've
come up with a fourth alternative, or a way of softening one of the three
existing alternatives to the point where its benefits outweigh its costs.
but everything i've actually looked at either resolves the cost/benefit in
favour of some minority of which neither isc nor wal-mart is a part, or
which would have been equally applicable to ipv4 such that all we needed
was the gimmick itself, not 128-bit addresses, if only we'd been willing to
pay this much pain back before ipngwg's work was complete.

ipng needed rapid renumbering, including renumbering tcp endpoints realtime
and including multihoming where you can add and delete PA interface addresses
whe way commercial RAID vendors add and delete disk drives. the people in
putative "charge" of this said either (a) they didn't agree, (b) they didn't
understand, or (c) they didn't have time to add more requirements.

now it's 2004 and lo and behold, the problems of 1992 are still with us, but
now we have better terminology to describe them. you can be locked into a
provider's pricing and service quality; or you can run NAT; or you can find
a way to get your own slot in the global routing table. we have the same
shortage of portable addresses now that we had in 1992, even though we have
increased the overall supply of address space by a factor of 2**96. if multi6
offers a fourth alternative, it would probably also have worked with ipv4, in
which case why did we spend years working on 128-bit addressing?

i strongly believe that the isp community who pays ARIN's bills will decide
that the best way to grow the industry is to let folks like ford and wal-mart
have their own /32's, and that there will be a spectrum of

r e n u m b e r i n g d i f f i c u l t y
easy--------------------------moderate------------------------impossible

with PA+NAT on the left (home dsl, cable); wal-mart and ford on the right
with endsystem PI, and folks like isc in the middle, doing some kind of
multi6 thing, whose costs while high will be lower than the renumbering
penalty.

since the arin BoT has no policy formation role, i'm expecting to be able
to voice an opinion that weighs exactly as much as everybody else's, and
to vote ultimately on whatever the policy formation function comes up with.

so there. those are my views. aren't you glad you asked?

It's wrong if these issues that have global impact are decided regionally.

yes. i understand that the acid rain people, the ozone layer people, the
ice cap people, the whale people, and the ocean oxygen level people, all
have that same complaint. human nature on a grand scale isn't always pretty.

Jeroen_Massar1 · November 22, 2004, 5:07pm

> > you are drastically misunderstanding my hopes, my goals, and my role.
>
> Please explain them then.

briefly, because i consider myself off-topic and sue probably does also.

The off-topicness is most likely only as this is an enduser/site
problem.

the problem statement answered by the ipngwg was wrong. they thought they
were supposed to "solve the shortage of address space problem", but that
wasn't the most serious problem then (and is not now). the right problem
statement would be to "solve the shortage of PORTABLE address space problem".
note the insertion of the word "portable" before "address space". the big
problem in 1992 and the big problem now is that a wal-mart corporate desktop
will either have an ambigious address (behind a NAT), or a hard-to-renumber
isp-price-locked address (provider assigned), or a takes-a-slot-in-the-global
routing-table address (provider independent). three strikes and you're out!
none of those three things is acceptable, not even as a compromise.

The current solution I see for this is still IPv6. Except that one moves
the complete 'Independence' problem a layer higher. Enter:

HIP: Host Identity Protocol:
http://www.ietf.org/html.charters/hip-charter.html

I've looked quite a bit at the various 'solutions' that got offered by
folks and came to the conclusion that HIP, and don't mind any related
protocols, are one of the very plausible solutions. Say we have 50k
ISP's worldwide, they get a /32 or so from the RIR's and announce it.
ISP is here 'a network not used by users' aka 'only routers', the ISP
could of course take a /48 out of their /32 and be a client of
themselves. Any organization can then use one or more /48's from one or
more (upstream) ISP's in combination with HIP. Problem solved.

There is one issue though that comes forth: a large organization, say
Shell, will get quite a number of /48's. An /48 per site as allocated
from the ISP that is serving them at that moment. If one wants to do
firewalling or make other assumptions based on the prefix you will have
quite a hell of a time updating them, certainly in such a large
organization. Then again, what are those folks doing who are being
called managers ?

No connectivity to the internet? -> use ULA, quick, easy, cheap.

Greets,
Jeroen

bill3 · November 22, 2004, 6:36pm

No connectivity to the internet? -> use ULA, quick, easy, cheap.

  ULA leaves a bad taste for a number of reasons, some of which
  have seen some discussion. What has not occured, and seems to
  be a major tenent of the ULA zelots, is how conflict resolution
  is to be done.

if ULA is sufficent, in and of itself, then why do we need to
have all the rest of the 128bits of space?

if ULA users ever have a conflict (and yes, they will) how will
the conflict be resolved?

  and then there is the nasty delusion of "Internet"... protestations
  to the contrary, the VSNL view of the "Internet" is vastly different
  than the US DOD view of the "Internet", is vastly different than the
  GE view, is different than the AS 701 view, is different than the
  Chinese R&E Network (CERN) view.... which one(s) count? Policy
  routing dictates that there is no such thing as a "global" routing
  table...
  For me, as long as I have IP reachability to those folks whom I want
  or need to talk to, I could care less about the "rest" of the folks
  using IP to move datagrams about ...

Iljitsch_van_Beijnum · November 23, 2004, 12:11am

so there. those are my views. aren't you glad you asked?

Sure.

It seems to me though, that if renumbering is such a problem, maybe we should deal with it directly rather than dump the fallout in the three most critical parts of the internet machinery.

It's wrong if these issues that have global impact are decided regionally.

yes. i understand that the acid rain people, the ozone layer people, the
ice cap people, the whale people, and the ocean oxygen level people, all
have that same complaint. human nature on a grand scale isn't always pretty.

Well if you feel you need to take your cues from environmental semi-criminals, obviously there isn't much that I can say to stop you.

I'm thoroughly unhappy with the way this is handled at RIPE (regardless of the outcome) and I'm not about to go sponsor the airline industry some more in order to experience the same frustration in APNIC, LACNIC and ARIN meetings. If we're going to make stupid decisions we might as well streamline the process to make them as efficiently as possible...

Stephen_Sprunk3 · November 25, 2004, 8:08pm

Thus spake <bmanning@vacation.karoshi.com>

> No connectivity to the internet? -> use ULA, quick, easy, cheap.

ULA leaves a bad taste for a number of reasons, some of which
have seen some discussion. What has not occured, and seems to
be a major tenent of the ULA zelots, is how conflict resolution
is to be done.

if ULA is sufficent, in and of itself, then why do we need to
have all the rest of the 128bits of space?

You need some bits at the top to denote the ULA portion of the address
space, you need bits at the bottom for the host address, and you need bits
in the middle for internal network structure. Consensus was that 40 bits
was enough for the "unique" portion of the prefix.

ULAs were not intended to solve all problems, just like neither link-local,
PA, or PI addresses do not solve all problems by themselves.

if ULA users ever have a conflict (and yes, they will) how will
the conflict be resolved?

There is negligible chance of conflict between any two parties thanks to the
40-bit prefix space, and the odds of collision are still neglibigble even
when hundreds of networks are interconnected.

Sure, sooner or later two networks will happen to generate the same prefix.
When that happens -- and assuming those networks want to talk to each other,
one of them simply generates a new prefix and renumbers. This is a
significantly better situation than with RFC1918 (or SLAs) where a collision
is _guaranteed_.

and then there is the nasty delusion of "Internet"... protestations
to the contrary, the VSNL view of the "Internet" is vastly different
than the US DOD view of the "Internet", is vastly different than the
GE view, is different than the AS 701 view, is different than the
Chinese R&E Network (CERN) view.... which one(s) count? Policy
routing dictates that there is no such thing as a "global" routing
table...

There are clearly many parts of the Internet that are "private" and one
large part in the middle that is clearly "public". ULAs are intended to
only be used within the "private" parts or even totally disconnected IP
networks.

For me, as long as I have IP reachability to those folks whom I want
or need to talk to, I could care less about the "rest" of the folks
using IP to move datagrams about ...

Exactly. However, the scope of who you want/need to talk to dictates what
sort of addresses you need (with the current routing architecture) and where
you get them.

S

Stephen Sprunk "Stupid people surround themselves with smart
CCIE #3723 people. Smart people surround themselves with
K5SSS smart people who disagree with them." --Aaron Sorkin

bill3 · November 26, 2004, 4:21am

Sure, sooner or later two networks will happen to generate the same prefix.
When that happens -- and assuming those networks want to talk to each other,
one of them simply generates a new prefix and renumbers. This is a
significantly better situation than with RFC1918 (or SLAs) where a collision
is _guaranteed_.

  unmanaged delegations _will_ create collisions. and the problem
  is not when these sites want to talk w/ each other, its when your
  packets go to (one) of the other places using the identical
  prefix.

> and then there is the nasty delusion of "Internet"... protestations
> to the contrary, the VSNL view of the "Internet" is vastly different
> than the US DOD view of the "Internet", is vastly different than the
> GE view, is different than the AS 701 view, is different than the
> Chinese R&E Network (CERN) view.... which one(s) count? Policy
> routing dictates that there is no such thing as a "global" routing
> table...

There are clearly many parts of the Internet that are "private" and one
large part in the middle that is clearly "public". ULAs are intended to
only be used within the "private" parts or even totally disconnected IP
networks.

that model -might- have been accurate once, but has not been
an accurate representation for several years. there is no middle,

> For me, as long as I have IP reachability to those folks whom I want
> or need to talk to, I could care less about the "rest" of the folks
> using IP to move datagrams about ...

Exactly. However, the scope of who you want/need to talk to dictates what
sort of addresses you need (with the current routing architecture) and where
you get them.

  the "scope" of who I want to talk to varies over time.
  just because the list of folks I want to talk to does not
  intersect w/ yours does not give you the right to tell me
  that I must use "private" or ULA or site-local addresses.
  we should each be able to be delegated address space which
  has -zero- chance of collison w/o a means to arbitrate.

  ULAs have no defined arbitration technique defined, other than
  through the legal system. RIR managed space has the arbitration
  technique as an intergral component of the delegation process.

roughly - ULA == the lawless west
RIR == civilized society

-IF- ula space is ever approved, my advice to all transit providers
is to never filter it.