dougb at dougbarton.us
Tue Feb 12 00:01:09 CET 2013
On 02/11/2013 02:47 PM, Tim Chown wrote:
> On 11 Feb 2013, at 22:26, Doug Barton <dougb at dougbarton.us
> <mailto:dougb at dougbarton.us>> wrote:
>> On 02/11/2013 02:13 PM, Tim Chown wrote:
>>> Indeed. I would still maintain that a medium size
>>> enterprise/organisation should be able to acquire and use IPv6 PI.
>> I haven't kept up with this as much as I should, but are the RIRs
>> handing out PI space to orgs that don't have ASNs nowadays?
> I believe all you need to do now is find a sponsoring LIR, and meet
> http://www.ripe.net/ripe/docs/ripe-552#IPv6_PI_Assignments; the
> multihoming requirement, at least in RIPEland, has apparently recently
> gone, see http://www.ripe.net/ripe/policies/proposals/2011-02.
> Maybe someone who really knows the latest status can put this to bed -
> or maybe policy has become divergent in different RIRs?
Thanks to you and Nick for the update on RIPE. I'm pretty sure ARIN
(where almost all of my effort is concentrated nowadays) has a different
policy, but that's not central to my argument.
>>> But it's perhaps easier to apply the "IPv4 way of thinking" to the
>>> problem, which may lead them into NPTv6. Personally, I would rather
>>> take the (relatively small) financial cost of PI than the
>>> architectural cost of NPTv6. But each to their own, I guess.
>> NPTv6 for free, or hassle + $cost for IPv6 PI (if it's even available)
>> ... to enterprises for whom OpEx is an infinitely more important
>> factor than mythical devotion to an architecture that disappeared 15
>> years ago (namely, 99.9% of them) this is not even a decision.
> PI avoids the architectural gotchas with NPTv6 though.
Maybe you can start a separate thread and describe your concerns on this
topic? I think that would be an interesting/useful discussion.
> I guess it
> depends if your deployment scenario can avoid those. Referrals being
> one case.
>> If I went into the room and told my clients to do this I'd be laughed
>> out of the room. It's way past time that people in the IPv6 ivory
>> towers started paying attention to the real world.
> Our worlds are 'real' to each of us :)
Oddly enough, psychotics believe the same thing. :)
> We've had a production IPv6 network for maybe 10 years. It's not PI, as
> our provider is pretty much a shoe-in, but it could be, and in similar
> networks in the US, it is. For the complexity of network and
> applications, I'd not want to have to live with address translation,
> even NPTv6. Maybe it's because most universities have lived without any
> form of NAT due to being early IPv4 adopters, with their internal
> network being largely or exclusively on public IPs, and the same
> "thinking" is being happily, even if you think it's naively, applied for
I'm not saying it's naive, and I'm certainly not saying that everyone
should do what I'm suggesting. If your org can absorb the costs of using
PI space internally, more power to you!
My point (and I think I've made it sufficiently by now, so hopefully
this is the last repetition) is that for the overwhelming majority of
enterprises that is just not possible, nor is it even desirable. The
thing that most IETF'ers (and other ivory tower dwellers) really
seriously don't "get" is that in the world outside people actually
_like_ NAT. Maybe for the "wrong" reasons, almost certainly in part
because they don't understand the difference between NAT and a SPIF, but
they _do_ like it. And when we come along and say, "Ok, that's lovely,
but you're doing it all wrong, and now you have to do it this way
instead" they react pretty much like you did. "Um, no ... what I have is
working for me just fine, please go away."
It's even _more_ important to understand this in the context of end-user
networks. Currently they have absolutely ZERO motivation to deploy IPv6.
There is no IPv6-only content now, nor is there likely to be in the next
5 years certainly, maybe even 10. So NATv4 is a perfectly good solution
for them, and they have no motivation at all to stop using it. (Note,
I'm purposely excluding ultra-large enterprises who have outgrown all of
1918 space, since they are an edge case.)
That doesn't mean that I don't think IPv6 is important, or necessary;
it's actually becoming more of both every day. But we have to be
realistic about the environment we're working in, and what will and will
not "sell" in that market.
More information about the ipv6-ops