static IPs [was Re: ipv6-ops Digest, Vol 159, Issue 1]
Bjørn Mork
bjorn at mork.no
Sun Oct 27 20:17:50 CET 2019
Gert Doering <gert at space.net> writes:
> s I said before, this insistence on "IPv6 prefixes must never change!!
I never said that.
What I say is that renumbering is painful, and we should therefore
minimize the number of changes. We avoid all the pain if we avoid
renumbering.
> So if they change, we do not care about the consequences, but complain
> about the change itself!!" is foolish to start with. People want to
> change ISPs, want to multihome, if they have two ISPs, one or the other
> might fail at times - so, getting our standards and implementations in
> order to actually *deal with reality* (= prefixes change) would result
> in a much nicer overall experience.
I agree that we must deal with changing prefixes. Dealing with with is
just not the best solution to the self imposed problem of forced
changes.
Mulithoming is a different problem. Using more than one stable prefix
is not much harder than using one. The problem is prefix instability,
not the number of prefixes involved.
The main problem with renumbering is the large number of configuration
files, or nvram variables on id^H^Hiot devices, containing prefixes in
some form. This is mostly services using ACLs to differentiate between
internal and external sources. Examples from one of my hosts:
/etc/mail/access
/etc/dkimkeys/internal-hosts
/etc/spamassassin/local.cf
/etc/bind/named.conf.options
/etc/milter-greylist/greylist.conf
/etc/ntp.conf
/etc/squid/squid.conf
In addition to that, I also have a few more self-imposed prefix hard
coding:
/etc/init.d/firewall6
/etc/systemd/system/transmission-daemon.service
/etc/network/interfaces
/etc/dhcp/dhcpd6.conf
I left all DNS entries out.
Automating updates of all this is semi-trivial. But it is scripts that
has to be written, tested and maintained. And that will fail. Or be
incomplete. You may want to note that most of the files I list above
use an ACL syntax unique to that file. Not much standardization found
here...
Renumbering will never be completely painless. We can and should strive
to make it better. But forcing renumbering on end users is harmful and
should be avoided.
Bjørn
More information about the ipv6-ops
mailing list