Thus spake "Iljitsch van Beijnum" <iljitsch@muada.com>
On 3-mrt-2006, at 17:04, Stephen Sprunk wrote:
Keep in mind that current RIR allocations/assignments are effectively leases (though the RIRs deny that fact) and, like any landlord, they can refuse to renew a lease or increase the rent at any point.
I can only imagine the fun the lawyers are going to have with this:
1. Get address space from Internic, no questions asked 2. ARIN is formed and starts making policies that say address space isn't owned 3. ARIN never enforces these no ownership policies (that I know of) 4. ARIN tries to take away the addresses
That's the best advertisement IPv6 could ever hope for: "no lawyers!"
Thanks for silently snipping the paragraph that partially answered that. There may be some legal battles over it, but since the orgs have no records of ever purchasing those legacy addresses, it's hard to claim true ownership -- not that one could easily establish owning a number even with a bill of sale. My guess is we'll continue to grandfather them forever, but RIR policy will change to requiring orgs to start paying rent on them in order to receive any new assignments (either v4 or v6). Wait a few years, and we can reclaim most of the space without the lawyers being able to interfere. v6 does have an advantage (to the RIRs) of not having legacy issues, but that's a disadvantage for the orgs getting space. Consider that the vast majority of orgs with multiple legacy swamp allocations haven't traded them in for a rent-free CIDR one; part of that is inertia, but part is the risk that doing so will more likely expose them to rent in the future.
So even if it's free, deploying IPv6 today isn't all that useful. But when you're the last one running IPv4, you'll really want to move over to IPv6, even if it's very expensive.
Ah, but why? As long as IPv4 has similar or better performance characteristics to IPv6, why would anyone _need_ to migrate? Add to that the near certainty that vendors will create NAT devices that will allow an entire v4 enterprise to reach the v6 Internet...
Don't they teach you IPv6 network design in CCIE school?
There weren't CCIE schools back when I got mine, but my understanding is that the ones today still don't teach anything (or at least anything useful) about IPv6.
Once you've worked with link local addressing/routing and generating addresses from EUI-64s you never want to go back to the tedious address and subnet management that's necessary in IPv4.
When you're using RFC1918 space, as nearly all leaf orgs do today, subnet assignment isn't tedious: just give every VLAN a /24 or so and be done with it; similar to assigning /64s. Maintaining DHCP servers sucks, but it's an accepted cost that doesn't amount to much in the budget since they're already paid for (or free with your routers). I agree that IPv6 is better from this perspective, but unless one is building out a greenfield network, the transition cost is higher than the cost of status quo. Just upgrading all those L3 switches to v6-capable models will cost large enterprises tens of millions of dollars (and don't say regular upgrade cycles will fix that, as obsolete equipment just moves out of the core to other places).
So building boxes just so you can stick to IPv4 when the rest of the world is already on IPv6 seems a bit backward to me.
It's not a matter of building boxes: all that needs to happen is for Cisco to release an upgrade for PIX (ditto for other vendors) that is free with a maintenance contract, and every enterprise will be doing it overnight. What's to stop the vendors from doing it? All it takes is one big (or several small) RFP(s) asking for the feature, and it'll be there.
Since you can't express the IPv6 address space in the IPv4 address space (the reverse is easy and available today), the translation needs to happen a bit higher in the stack.
Off-the-cuff solution: translate all incoming v6 addresses to temporary v4 addresses (172.16/12 will do nicely). You'll need to intercept DNS, but most NAT devices do that today anyways for other reasons.
When I was testing running IPv6-only I installed an Apache 2 proxy in order to reach the IPv4 web from my IPv6-only system. But it worked the other way around too, of course: using the proxy, I could visit sites over IPv6 with IPv4-only systems.
Which supports my point: why upgrade when you can proxy / translate / whatever for (almost) free? Especially when you're using 10/8 internally and thus will never directly feel any v4 exhaustion pain? S Stephen Sprunk "Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin