Re: An Internet IPv6 Transition Plan
I'm wondering if we should really be considering a "transition" plan at this point? From what I can see, there will be many IPv4 only networks around for many years to come. The technology doesn't have an expiration date. Rather than focusing on "transitioning" every network from v4 to v6, shouldn't this draft focus on how an "initial implementation of v6" is going to interop with v4 as we know it today? Personally, I see v6 as something that needed and desired by the certain groups. However, when looking at the enterprise, for example, better solutions are needed for things like multi-homing, last I checked. IPv4 will get more expensive as time goes on, but some will be willing to pay that price. Perhaps the biggest challenge, IMO, in this much more dynamic network, is DNS. How do I (or my new vendor) readdress every node at my site, and actually know what device has what address? rtadvd doesn't do DNS updates. DHCPv6 doesn't even hand out addresses. I've seen host-based approaches, is that the answer? How does all this happen securely? DNSSEC comes to mind, but that's a whole different story. Add, since a host can have many preferred addresses, which to use? How do deprecated addresses get withdrawn from DNS? I think a more successful approach would be to address how we plan to add v6 to the current network. Perhaps a transition plan is appropriate for some networks. But, I don't think this is a one-size fits all issue. This is the part that I have issue with: 2.3.4 Service Providers area MAY continue to offer IPv4-based Internet connectivity to their customers. Organizations MAY continue to use IPv4-based Internet connectivity. Organizations MAY remove IPv4-based Internet connectivity from Internet-facing servers. If I'm an IPv4 only site outside of this "perfect world", I just lost connectivity to parts those that moved to IPv6. Not everyone will follow this plan, and this will happen. For now, we need to learn how to co-exist. Thanks for your time, Chad
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Chad Oleary Sent: Tuesday, July 24, 2007 10:02 AM To: nanog@merit.edu Subject: Re: An Internet IPv6 Transition Plan
Personally, I see v6 as something that needed and desired by the certain groups. However, when looking at the enterprise, for example, better solutions are needed for things like multi-homing, last I checked.
It is just the same multi-homing as v4. No better for sure.
Perhaps the biggest challenge, IMO, in this much more dynamic network, is DNS. How do I (or my new vendor) readdress every node at my site, and actually know what device has what address? rtadvd doesn't do DNS updates. DHCPv6 doesn't even hand out addresses.
This is not correct. DHCPv6 does hand out addresses. The status of DHCPv6 implemenations has improved dramatically over what it was 12-18 months ago. See the article in the IETF journal about the DHCPv6 bake-off we did at RIPE-NCC last March.
DNSSEC comes to mind, but that's a whole different story. Add, since a host can have many preferred addresses, which to use? How do deprecated addresses get withdrawn from DNS?
This is a very good point. Having multiple addresses per interface introduce a lot a complexity that is not well understood today. However, nothing forces you there. If you do not run ULA, but run PA or PI space, you can very well manage only one v6 address per interface. - Alain.
On 7/24/07, Durand, Alain <Alain_Durand@cable.comcast.com> wrote:
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Chad Oleary Sent: Tuesday, July 24, 2007 10:02 AM To: nanog@merit.edu Subject: Re: An Internet IPv6 Transition Plan
Personally, I see v6 as something that needed and desired by the certain groups. However, when looking at the enterprise, for example, better solutions are needed for things like multi-homing, last I checked.
It is just the same multi-homing as v4. No better for sure.
Perhaps the biggest challenge, IMO, in this much more dynamic network, is DNS. How do I (or my new vendor) readdress every node at my site, and actually know what device has what address? rtadvd doesn't do DNS updates. DHCPv6 doesn't even hand out addresses.
This is not correct. DHCPv6 does hand out addresses. The status of DHCPv6 implemenations has improved dramatically over what it was 12-18 months ago. See the article in the IETF journal about the DHCPv6 bake-off we did at RIPE-NCC last March.
DNSSEC comes to mind, but that's a whole different story. Add, since a host can have many preferred addresses, which to use? How do deprecated addresses get withdrawn from DNS?
This is a very good point. Having multiple addresses per interface introduce a lot a complexity that is not well understood today. However, nothing forces you there. If you do not run ULA, but run PA or PI space, you can very well manage only one v6 address per interface.
- Alain.
Ok, thank you for the technical corrections. However, what I'm trying to understand is why the motivation to rapidly go from v4 to v6 only? What are the factors I'm missing in operating v4/v6 combined for some time? Chad
However, what I'm trying to understand is why the motivation to rapidly go from v4 to v6 only? What are the factors I'm missing in operating v4/v6 combined for some time?
Growth. Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light. By offering pure IPv6 edge services, you can continue to grow the network unhampered by IPv4 exhaustion. For instance, offering consumer Internet connectivity using pure IPv6 from your edge router/DSLAM/termserver to the customer. If the customer sends you IPv4 packets, you drop them because you only route IPv6 for them. At the very least this will involve running some kind of proxy farm so that IPv6-only customers can still access IPv4-only Internet services. And it will also require fully functional IPv6 peering and transit agreements so that the IPv6 traffic can get to and from the IPv6 Internet effectively. You will be running a mixed v4/v6 network for the next 25 years, because IPv4 is not going away but if you refuse to add commercial IPv6 capability to your network, then you are putting the brakes on growth. Pure and simple. --Michael Dillon P.S. I think this is the real IPv6 killer app, i.e. helping the CEO keep market analysts happy and keeping the company alive through the IPv4 exhaustion crisis. A lot of telecoms companies will not survive this crisis.
You posit that running out of bread (ipv4 address space) encourages people to bake more bread. Unfortunately it often makes them scream for bread lines (rationing, central control, privilege.) It'd be nice if there were a more positive reason to go ipv6 than getting out of the bread lines, but the killer ipv6 app remains elusive. -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
On Tue, Jul 24, 2007 at 09:34:01PM +0100, michael.dillon@bt.com wrote:
However, what I'm trying to understand is why the motivation to rapidly go from v4 to v6 only? What are the factors I'm missing in operating v4/v6 combined for some time?
Growth.
Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light.
What exactly will cease to grow tho? The 4 billion IPs that have always been around will continue to be. I think you overestimate the effects.. All the existing big businesses can operate with what they already have, Google and Yahoo are not going to face any sort of crisis for the foreseeable future. And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them. Steve
At 11:52 AM +0100 7/25/07, Stephen Wilcox wrote:
On Tue, Jul 24, 2007 at 09:34:01PM +0100, michael.dillon@bt.com wrote:
However, what I'm trying to understand is why the motivation to rapidly go from v4 to v6 only? What are the factors I'm missing in operating v4/v6 combined for some time?
Growth.
Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light.
What exactly will cease to grow tho? The 4 billion IPs that have always been around will continue to be. I think you overestimate the effects..
All the existing big businesses can operate with what they already have, Google and Yahoo are not going to face any sort of crisis for the foreseeable future. And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them.
Steve - Putting them back into circulation doesn't work unless its done in very large chucks to major ISPs. If this isn't the model followed, then we will see a lot more routes for the equivalent number of new customers. People complaining about the ability to carry both IPv6 and IPv4 routing need to think carefully about how long we'll actually last if the ISP's are injecting thousands of unaggregatable routes from recovered address space each day. Additionally, the run rate for IPv4 usage approximates 10 /8 equivalents per year and increasing. Even given great legacy recovery, you've only gained a few more years and then still have to face the problem. /John
On Wed, Jul 25, 2007 at 07:14:49AM -0400, John Curran wrote:
At 11:52 AM +0100 7/25/07, Stephen Wilcox wrote:
On Tue, Jul 24, 2007 at 09:34:01PM +0100, michael.dillon@bt.com wrote:
However, what I'm trying to understand is why the motivation to rapidly go from v4 to v6 only? What are the factors I'm missing in operating v4/v6 combined for some time?
Growth.
Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light.
What exactly will cease to grow tho? The 4 billion IPs that have always been around will continue to be. I think you overestimate the effects..
All the existing big businesses can operate with what they already have, Google and Yahoo are not going to face any sort of crisis for the foreseeable future. And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them.
Steve -
Putting them back into circulation doesn't work unless its done in very large chucks to major ISPs. If this isn't the model followed, then we will see a lot more routes for the equivalent number of new customers. People complaining about the ability to carry both IPv6 and IPv4 routing need to think carefully about how long we'll actually last if the ISP's are injecting thousands of unaggregatable routes from recovered address space each day.
Additionally, the run rate for IPv4 usage approximates 10 /8 equivalents per year and increasing. Even given great legacy recovery, you've only gained a few more years and then still have to face the problem.
Hi John, I fully agree on that.. but I am disagreeing as to the timescales. There is some opinion that when IANA hands out the last of its IP blocks things will change overnight, and I dont see any reason for that to be the case. I think there are a lot of IPs currently allocated to ISPs but as yet unassigned to customers, and I think there will be a lot of policy changes to make more efficient use of the space that is already out there - I specifically think that will come from ISPs reusing IPs and setting costs that ensure they continually have IPs available to customers willing to pay for them. I think the combined effect of these things means - we will not be running into a wall at any time - availability of IPs will slowly decrease over time (as cost slowly increases) - adoption of NAT and v6 will be an ongoing trend with no sudden increase This means no end of the world as we know it, and no overnight adoption of new technology.. just business as usual in an evolving environment. Steve
At 12:30 PM +0100 7/25/07, Stephen Wilcox wrote:
Hi John, I fully agree on that.. but I am disagreeing as to the timescales.
There is some opinion that when IANA hands out the last of its IP blocks things will change overnight, and I dont see any reason for that to be the case. I think there are a lot of IPs currently allocated to ISPs but as yet unassigned to customers, and I think there will be a lot of policy changes to make more efficient use of the space that is already out there - I specifically think that will come from ISPs reusing IPs and setting costs that ensure they continually have IPs available to customers willing to pay for them.
In the ARIN region, we've got major ISP's coming back every 6 months with high utilization rates seeking their next block to allow customer growth. While I'm certain that some internal recovery is possible, there's a realistic limit of how long any ISP can make their air supply last.
I think the combined effect of these things means - we will not be running into a wall at any time - availability of IPs will slowly decrease over time (as cost slowly increases) - adoption of NAT and v6 will be an ongoing trend with no sudden increase
Unless the policy changes you suggest somehow dramatically change the current usage rate, we're going to have a very serious rate of change when the IANA/RIR pool hits zero. That sort of defines "hitting a wall", by my definition. Please propose the magical policy changes asap... we need to get them through the public process and adopted in record time to have any affect on the usage rate.
This means no end of the world as we know it, and no overnight adoption of new technology.. just business as usual in an evolving environment.
Note: I'm not advocating an "overnight" technology deployment; just advising those folks who presently rely on continuous availability of new address blocks from the RIR's that we're going to see a change. At present, there's a few years for these folks to switch to IPv6 for their growth. It requires cooperation from the Internet, in that we all need to recognize that there will be IPv6 customers out there soon, and even if you don't plan on having those, please make your public facing servers IPv6 reachable in the next few years. /John
On Wed, Jul 25, 2007 at 07:50:05AM -0400, John Curran wrote:
At 12:30 PM +0100 7/25/07, Stephen Wilcox wrote:
Hi John, I fully agree on that.. but I am disagreeing as to the timescales.
There is some opinion that when IANA hands out the last of its IP blocks things will change overnight, and I dont see any reason for that to be the case. I think there are a lot of IPs currently allocated to ISPs but as yet unassigned to customers, and I think there will be a lot of policy changes to make more efficient use of the space that is already out there - I specifically think that will come from ISPs reusing IPs and setting costs that ensure they continually have IPs available to customers willing to pay for them.
In the ARIN region, we've got major ISP's coming back every 6 months with high utilization rates seeking their next block to allow customer growth. While I'm certain that some internal recovery is possible, there's a realistic limit of how long any ISP can make their air supply last.
I think the combined effect of these things means - we will not be running into a wall at any time - availability of IPs will slowly decrease over time (as cost slowly increases) - adoption of NAT and v6 will be an ongoing trend with no sudden increase
Unless the policy changes you suggest somehow dramatically change the current usage rate, we're going to have a very serious rate of change when the IANA/RIR pool hits zero. That sort of defines "hitting a wall", by my definition.
Well, you already say you have major ISPs submitting requests every 6 months, and I guess that is your high water mark so everyone else should be longer (at lease here under RIPE you are supposed to be allocated space for 2 yrs at a time). So, we have IANA out of space at eof 2009.. that will then take the RIRs 12 to 24 mo to allocate that out before there is any impact on ISPs. Once that occurs we still have your 6mo-2yr+ period that ISPs have in their allocated and unused pool to be giving to customers. Add all that together and you have 18mo-4yrs of 'greyness', no overnight wall. And I'm saying each of the events plus that grey period will cause evolution in the market place to occur such that there are no walls or catastraphies from a continuity or economical point of view.
Please propose the magical policy changes asap... we need to get them through the public process and adopted in record time to have any affect on the usage rate.
Well, thats a different story. Inflating the price of IPs would have been a good thing but I think that horse has already bolted now.
This means no end of the world as we know it, and no overnight adoption of new technology.. just business as usual in an evolving environment.
Note: I'm not advocating an "overnight" technology deployment; just advising those folks who presently rely on continuous availability of new address blocks from the RIR's that we're going to see a change.
Indeed they will, but it wont happen to everyone at the same time (as they all have months or years of IPs left) and they have plenty of time to figure out how to adapt their products and business models.
At present, there's a few years for these folks to switch to IPv6 for their growth. It requires cooperation from the Internet, in that we all need to recognize that there will be IPv6 customers out there soon, and even if you don't plan on having those, please make your public facing servers IPv6 reachable in the next few years.
I'm not sure there is time for v6 to be ready before companies find different ways to manage this. There are many things that need to happen to enable v6 and I dont think any of them are happening in a big way. Whether the large CDNs deploy v6, if v6 can be purchased in volume as transit are likely to be the major factors.. Steve
At 1:15 PM +0100 7/25/07, Stephen Wilcox wrote:
At present, there's a few years for these folks to switch to IPv6 for their growth. It requires cooperation from the Internet, in that we all need to recognize that there will be IPv6 customers out there soon, and even if you don't plan on having those, please make your public facing servers IPv6 reachable in the next few years.
I'm not sure there is time for v6 to be ready before companies find different ways to manage this. There are many things that need to happen to enable v6 and I dont think any of them are happening in a big way. Whether the large CDNs deploy v6, if v6 can be purchased in volume as transit are likely to be the major factors..
Steve - Are you unable to make your public facing servers IPv6-reachable? /John
On Wed, Jul 25, 2007 at 08:18:30AM -0400, John Curran wrote:
At 1:15 PM +0100 7/25/07, Stephen Wilcox wrote:
At present, there's a few years for these folks to switch to IPv6 for their growth. It requires cooperation from the Internet, in that we all need to recognize that there will be IPv6 customers out there soon, and even if you don't plan on having those, please make your public facing servers IPv6 reachable in the next few years.
I'm not sure there is time for v6 to be ready before companies find different ways to manage this. There are many things that need to happen to enable v6 and I dont think any of them are happening in a big way. Whether the large CDNs deploy v6, if v6 can be purchased in volume as transit are likely to be the major factors..
Steve -
Are you unable to make your public facing servers IPv6-reachable?
Well, I wear a few hats these days :) but.. I think the short answer is yes, I'm unable. Most stuff I am involved in is modern enough that the servers have a v6 stack so that could be enabled. But the apps themselves are not all v6 so they would either need to be upgraded or fixed. We would of course need to configure these and ensure all dependncies are v6 capable, particularly if we're sending address info back to customers we dont want to switch them in and out of v4/v6. Then the network gear tends to be v6 enabled in the core and not at the edges where older gear has been redeployed. And a lot of the gear that claims to be v6 doesnt handle hardware switching properly so that needs investigating and would be an issue. Then we'd need to make sure all security and policies are uniform and working equally across v6. Assuming we sort it tho then we need to bring up v6 transit, more v6 peers and drop any v4 tunnels as they cant be expected to handle production load. I guess theres abstraction to fix too - my CMS, monitoring, allocation, much of which is automated and all of which relies on storing address info would all need to be rewritten to allow v6 addresses on hosts, interfaces, customers etc So fix all that and yes we could have v6 servers, but you also said reachable and according to my BGPv6 table theres very little reachable out there right now - about 700 prefixes when compared to 25000 v4 ASNs that should each be visible. So you can break this into two elements - stuff I control and stuff I dont. For the stuff I control I think the summary is that I'd need to build an ISP from scratch essentially (if not in terms of capex purchases then certainly in terms of design and implementation). And the stuff I dont control, well.. I cant do much about that. Steve
Hi Stephen, I have run many times in the kind of problems that you describe, and always was able to find a suitable alternative solution, at least a temporary one (for instance until specific hardware can be upgrades, such as L3 switches, and the solution was working fine at least for initial "small" IPv6 traffic). For example, I've been able to use with IPv6 many applications that don't support it, but means of using portproxy. I'm probably able to help you (and/or other folks) with more specific examples, so if you're interested, write me offline. Regards, Jordi
De: Stephen Wilcox <steve.wilcox@packetrade.com> Responder a: <owner-nanog@merit.edu> Fecha: Wed, 25 Jul 2007 13:41:57 +0100 Para: John Curran <jcurran@mail.com> CC: <nanog@merit.edu> Asunto: Re: An Internet IPv6 Transition Plan
On Wed, Jul 25, 2007 at 08:18:30AM -0400, John Curran wrote:
At 1:15 PM +0100 7/25/07, Stephen Wilcox wrote:
At present, there's a few years for these folks to switch to IPv6 for their growth. It requires cooperation from the Internet, in that we all need to recognize that there will be IPv6 customers out there soon, and even if you don't plan on having those, please make your public facing servers IPv6 reachable in the next few years.
I'm not sure there is time for v6 to be ready before companies find different ways to manage this. There are many things that need to happen to enable v6 and I dont think any of them are happening in a big way. Whether the large CDNs deploy v6, if v6 can be purchased in volume as transit are likely to be the major factors..
Steve -
Are you unable to make your public facing servers IPv6-reachable?
Well, I wear a few hats these days :) but.. I think the short answer is yes, I'm unable.
Most stuff I am involved in is modern enough that the servers have a v6 stack so that could be enabled. But the apps themselves are not all v6 so they would either need to be upgraded or fixed.
We would of course need to configure these and ensure all dependncies are v6 capable, particularly if we're sending address info back to customers we dont want to switch them in and out of v4/v6.
Then the network gear tends to be v6 enabled in the core and not at the edges where older gear has been redeployed. And a lot of the gear that claims to be v6 doesnt handle hardware switching properly so that needs investigating and would be an issue. Then we'd need to make sure all security and policies are uniform and working equally across v6.
Assuming we sort it tho then we need to bring up v6 transit, more v6 peers and drop any v4 tunnels as they cant be expected to handle production load.
I guess theres abstraction to fix too - my CMS, monitoring, allocation, much of which is automated and all of which relies on storing address info would all need to be rewritten to allow v6 addresses on hosts, interfaces, customers etc
So fix all that and yes we could have v6 servers, but you also said reachable and according to my BGPv6 table theres very little reachable out there right now - about 700 prefixes when compared to 25000 v4 ASNs that should each be visible.
So you can break this into two elements - stuff I control and stuff I dont. For the stuff I control I think the summary is that I'd need to build an ISP from scratch essentially (if not in terms of capex purchases then certainly in terms of design and implementation). And the stuff I dont control, well.. I cant do much about that.
Steve
********************************************** The IPv6 Portal: http://www.ipv6tf.org Bye 6Bone. Hi, IPv6 ! http://www.ipv6day.org This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
At 1:15 PM +0100 7/25/07, Stephen Wilcox wrote:
I'm not sure there is time for v6 to be ready before companies find different ways to manage this. There are many things that need to happen to enable v6 and I dont think any of them are happening in a big way.
Let's agree on "18mo-4yrs of 'greyness' " (as you put it), and that indeed different companies find different ways to manage this... Some of the companies are going to select IPv6 because it's has some level of support in existing end systems and network gear (even considering the various implementation flaws, lack of hardware support, etc), and because it supports a generally hierarchical addressing/routing model which works (again, despite recognition that the routing system has some serious long-term scalability questions which need to be looked into). For their choice to work, it's necessary that your public-facing servers accept IPv6 connections. It's really not a hard concept, and it's based on the simple premise stated by Jon: "In general, an implementation should be conservative in its sending behavior, and liberal in its receiving behavior." You've stated a long list of items that need to be changed, but that's if you want to serve as an ISP using IPv6 for customers, and change your internal infrastructure to IPv6, and that's not required. You've already said you are going to take another path to manage things, and that's cool. The question is whether you still recognize the need to deploy IPv6 on the very edge of your network for your public services such as web and email. You could even have someone host this for you, it's not that hard, and there's two to 4 years to get it done. If you're saying that no one at all needs to use IPv6, so you aren't going to worry about IPv6 connectivity for your public facing servers, then it would be best to explain how global routing is supposed to work when ISP's aren't using predominantly hierarchical address assignments for their growth. /John
On 25 Jul 2007, at 14:15, Stephen Wilcox wrote: [...]
Well, you already say you have major ISPs submitting requests every 6 months, and I guess that is your high water mark so everyone else should be longer (at lease here under RIPE you are supposed to be allocated space for 2 yrs at a time).
A recent policy change means that "The RIPE NCC allocates enough address space to LIRs to meet their needs for a period of up to 12 months." http://www.ripe.net/ripe/docs/ipv4-policies.html#5
So, we have IANA out of space at eof 2009.. that will then take the RIRs 12 to 24 mo to allocate that out before there is any impact on ISPs.
If there isn't a run on the bank. Leo
On 25-jul-2007, at 6:30, Stephen Wilcox wrote:
I think the combined effect of these things means - we will not be running into a wall at any time - availability of IPs will slowly decrease over time (as cost slowly increases)
I have to disagree here. 10% of the requests are for 90% of the 170 - 200 million IPv4 addresses given out per year. These are going to large broadband ISPs in blocks of a quarter million or (much) larger, upto /8. At some point, the RIRs will be out of large enough blocks to satisfy these requests. Nothing to be done about that. The decrease over time / address market stuff only applies to the 90% of requests for very smal blocks that together only use 17 - 20 million addresses per year. Those can be satisfied from reclaimed address space for years to come.
On Wed, Jul 25, 2007 at 06:15:23PM -0500, Iljitsch van Beijnum wrote:
On 25-jul-2007, at 6:30, Stephen Wilcox wrote:
I think the combined effect of these things means - we will not be running into a wall at any time - availability of IPs will slowly decrease over time (as cost slowly increases)
I have to disagree here. 10% of the requests are for 90% of the 170 - 200 million IPv4 addresses given out per year. These are going to large broadband ISPs in blocks of a quarter million or (much) larger, upto /8. At some point, the RIRs will be out of large enough blocks to satisfy these requests. Nothing to be done about that.
um, so thats consistent with what i said.. in fact it implies only a very small number of organisations need to pay close attention and those are the ones best suited to implementing policy changes to ensure their users continue to have a good service this means 90% of orgs can probably wait and see what the 10% do first.. Steve
At 11:18 AM +0100 7/26/07, Stephen Wilcox wrote:
um, so thats consistent with what i said.. in fact it implies only a very small number of organisations need to pay close attention and those are the ones best suited to implementing policy changes to ensure their users continue to have a good service
this means 90% of orgs can probably wait and see what the 10% do first..
Completely incorrect. In order that we can continue to have reasonable routing growth during new customer add, those 10% need to move to IPv6. While you don't have to move your entire infrastructure to IPv6, you need to add IPv6 to the public-facing servers that you'd like to still be Internet connected. /John
On Thu, Jul 26, 2007 at 06:21:59AM -0400, John Curran wrote:
At 11:18 AM +0100 7/26/07, Stephen Wilcox wrote:
um, so thats consistent with what i said.. in fact it implies only a very small number of organisations need to pay close attention and those are the ones best suited to implementing policy changes to ensure their users continue to have a good service
this means 90% of orgs can probably wait and see what the 10% do first..
Completely incorrect. In order that we can continue to have reasonable routing growth during new customer add, those 10% need to move to IPv6. While you don't have to move your entire infrastructure to IPv6, you need to add IPv6 to the public-facing servers that you'd like to still be Internet connected.
well, the empirical data which is confirmed here is saying that those 10% are burning most of the v4 addresses and we are not seeing them rollout v6 whether they 'need to' or not so you sound right in theory, but in practice your data doesnt show that is occuring and it also suggests those 10% are actively supporting 'the wall' approach. Steve
At 2:01 PM +0100 7/26/07, Stephen Wilcox wrote:
well, the empirical data which is confirmed here is saying that those 10% are burning most of the v4 addresses and we are not seeing them rollout v6 whether they 'need to' or not
Wow... you mean that they're not announcing general IPv6 availability two years before they have to? I'm so surprised. ;-)
so you sound right in theory, but in practice your data doesnt show that is occuring and it also suggests those 10% are actively supporting 'the wall' approach.
The number of major backbone operators looking into IPv6 is already quite high, and will likely approach 100%. The alternative is carriers having to explain to the analyst community that they lack a business plan for new data customer growth once large IPv4 blocks are no longer generally available. /John
On Thu, Jul 26, 2007 at 01:25:51PM -0400, John Curran wrote:
At 2:01 PM +0100 7/26/07, Stephen Wilcox wrote:
well, the empirical data which is confirmed here is saying that those 10% are burning most of the v4 addresses and we are not seeing them rollout v6 whether they 'need to' or not
Wow... you mean that they're not announcing general IPv6 availability two years before they have to? I'm so surprised. ;-)
they need to be announcing availability well in advance of a forced need to transition and based on the projected timescales 2 yrs in advance has already passed them by
so you sound right in theory, but in practice your data doesnt show that is occuring and it also suggests those 10% are actively supporting 'the wall' approach.
The number of major backbone operators looking into IPv6 is already quite high, and will likely approach 100%. The alternative is carriers having to explain to the analyst community that they lack a business plan for new data customer growth once large IPv4 blocks are no longer generally available.
ah yes of course.. looking into, producing reports. but where are they at really? : - how many of those have obtained address space sufficient to cover their customer base already? - how many of those networks have made the trivial step of announcing their v6 blocks in BGP? - how many of them have already got native v6 running in their backbones and on their services (mail, dns etc).. fundemental advance prerequisites to any complicated end user deployment i think the number with one of the above is a reasonable percentage, with two of the above is small and three of the above.. are there any? Steve
John, On Jul 25, 2007, at 1:14 PM, John Curran wrote:
All the existing big businesses can operate with what they already have, Google and Yahoo are not going to face any sort of crisis for the foreseeable future. And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them. Putting them back into circulation doesn't work unless its done in very large chucks to major ISPs. If this isn't the model followed, then we will see a lot more routes for the equivalent number of new customers. People complaining about the ability to carry both IPv6 and IPv4 routing need to think carefully about how long we'll actually last if the ISP's are injecting thousands of unaggregatable routes from recovered address space each day.
Been there, done that, got several t-shirts. Longer prefixes _will_ hit the routing system. ISPs will react by (re-)implementing prefix length filters. Many people will whine.
Additionally, the run rate for IPv4 usage approximates 10 /8 equivalents per year and increasing. Even given great legacy recovery, you've only gained a few more years and then still have to face the problem.
This assumes consumption patterns remain the same which is, I believe, naive. In a world where you have to pay non-trivial amounts for address space utilization, people will only use the address space they actually need and you'll see even more proliferation of NAT for client-only services. Rgds, -drc
At 2:02 PM +0200 7/25/07, David Conrad wrote:
This assumes consumption patterns remain the same which is, I believe, naive. In a world where you have to pay non-trivial amounts for address space utilization, people will only use the address space they actually need and you'll see even more proliferation of NAT for client-only services.
I believe that we'll see extensive use of NAT for client-only services (just look at many broadband residential services today), but that won't help business customers who want a block for the DMZ servers. They'll pay, but the question is whether they can afford the actual global cost of routing table entry, or whether it will even be accountable. ISP's can figure out the cost of "obtaining" IPv4 blocks, but the imputed cost of injecting these random blocks into the DFZ routing table is harder to measure and inflicted on everyone else. /John
John, On Jul 25, 2007, at 2:13 PM, John Curran wrote:
I believe that we'll see extensive use of NAT for client-only services (just look at many broadband residential services today), but that won't help business customers who want a block for the DMZ servers.
Well yes. However there are likely to be far fewer devices in the DMZ that need numbers. In addition, renumbering DMZ servers is a whole lot less painful than renumbering your entire network, so perhaps PA space would be more acceptable. I can easily imagine a world where ISPs migrate their internal infrastructure that is currently numbering in IPv4 space over to IPv6, thereby freeing up a large amount of IPv4 space that could then be used for customer DMZ servers. My point is that once you associate a non-trivial cost per address, people will tend to use address space more efficiently (either by reusing space more efficiently or reducing the amount of space they need). As such address consumption rates will change.
They'll pay, but the question is whether they can afford the actual global cost of routing table entry, or whether it will even be accountable.
It never has been. Not sure why this would change. As we've seen in the past, it's much easier to do prefix length filters when it becomes an issue.
ISP's can figure out the cost of "obtaining" IPv4 blocks, but the imputed cost of injecting these random blocks into the DFZ routing table is harder to measure and inflicted on everyone else.
http://en.wikipedia.org/wiki/Tragedy_of_the_commons Rgds, -drc
I believe that we'll see extensive use of NAT for client-only services (just look at many broadband residential services today), but that won't help business customers who want a block for the DMZ servers.
think a few million /27s or /29s with publicly accessible services on one of those addresses. randy
Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light.
What exactly will cease to grow tho? The 4 billion IPs that have always been around will continue to be. I think you overestimate the effects..
I think you misunderstand the dictionary definition of growth. Yes, the IPv4 addresses, and much of the network infrastructure using them, will continue to be. But growth is about expansion, adding more, increasing the size and scope of the network. Few businesses are satisfied with collecting the same monthly recurring revenue from the same customer base. They either want to grow the customer base or grow the monthly revenue per customer. In the Internet business the main engine of revenue growth is growing the customer base by growing the network and adding more customers.
All the existing big businesses can operate with what they already have, Google and Yahoo are not going to face any sort of crisis for the foreseeable future.
I disagree. In reality, the customer base of a business is never static. If the company does not grow their base, they certainly will see that base shrink through attrition, churn, etc. Customers will die, move to another town/country, and switch suppliers for some reason or other. In order to keep from fading away, a company has to grow its base, and if there are hard geographic limits to growth because of IPv4 exhaustion, that makes it complex (and therefore expensive) to maintain a steady state.
And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them.
And when your Internet supplier tells you that there will be a $10 per month increase in fees to cover the increase cost of IPv4 addresses, will you be happy? Will you start shopping for an IPv6 Internet supplier? When IPv6 Internet access is cheaper due to IPv4 address costs, then ISPs face a wholesale loss of their customer base. Of course, most business managers are smart enough to see this coming and resist paying for IPv4 addresses in the first place. Let's face it, the majority of ISP and telecom executives in place today, have spent their careers navigating through a period of growth and abundant resources. They don't know how to manage through scarcity and constraints and shortages. Many of them realize this and will steer their businesses to avoid scarcity and constraints and shortages. That means that most of them will see IPv6 as an opportunity to see who can race the fastest and build market share before the competition does. They know how to do this, and the investment bankers also understand this model of business. When the IPv4 shortage begins to bite, then you will see enormous amounts of money and effort put into IPv6 conversions (and new IPv6 startups who intend to unseat Google, Yahoo, etc.). There's another killer application of IPv6. --Michael Dillon
On Wed, Jul 25, 2007 at 12:21:04PM +0100, michael.dillon@bt.com wrote:
Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light.
What exactly will cease to grow tho? The 4 billion IPs that have always been around will continue to be. I think you overestimate the effects..
I think you misunderstand the dictionary definition of growth. Yes, the IPv4 addresses, and much of the network infrastructure using them, will continue to be. But growth is about expansion, adding more, increasing the size and scope of the network. Few businesses are satisfied with collecting the same monthly recurring revenue from the same customer base. They either want to grow the customer base or grow the monthly revenue per customer. In the Internet business the main engine of revenue growth is growing the customer base by growing the network and adding more customers.
I dont think paypal's growth is tied to how many IPs they have... I think it relates to how many hits www.paypal.com receives and what their products look like. IP availability is unlikely to ever have more than the briefest mention in the boardroom and probably only in response to a news article quoting the end of the internet being imminent.
And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them.
And when your Internet supplier tells you that there will be a $10 per month increase in fees to cover the increase cost of IPv4 addresses, will you be happy? Will you start shopping for an IPv6 Internet supplier? When IPv6 Internet access is cheaper due to IPv4 address costs, then ISPs face a wholesale loss of their customer base. Of course, most business managers are smart enough to see this coming and resist paying for IPv4 addresses in the first place.
I'll sell you v6 today for 1/4 of the price of v4. Providing you understand theres not a lot out there. I agree on your cost comparison, but consider what investment and costs are needed to be able to get to that point.
this model of business. When the IPv4 shortage begins to bite, then you will see enormous amounts of money and effort put into IPv6 conversions (and new IPv6 startups who intend to unseat Google, Yahoo, etc.).
You will just see redeployment of existing budgets.. why would you pay more to see the same webpage be delivered just because of some techno mumbo jumbo Any investor would be crazy to invest in a v6 competitor to Google.. enter a mature market using a new technology that 99% of the planet cant get to? The only folks getting into v6 are the ones controlling the v4 market with enough spare R&D cash currently. Steve
On Wed, Jul 25, 2007, Stephen Wilcox wrote:
Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light.
What exactly will cease to grow tho? The 4 billion IPs that have always been around will continue to be. I think you overestimate the effects..
All the existing big businesses can operate with what they already have, Google and Yahoo are not going to face any sort of crisis for the foreseeable future. And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them.
I'm not sure what your definition of "really tiny" is, but out here IPs are a dollar or two each a year from APNIC. I'm sure ARIN's IP charges aren't $0.00. Adrian
On Wed, Jul 25, 2007 at 07:52:19PM +0800, Adrian Chadd wrote:
On Wed, Jul 25, 2007, Stephen Wilcox wrote:
Lack of IPv4 addresses will put the brakes on growth of the Internet which will have a major impact on revenue growth. Before long stock market analysts are going to be asking tough questions, and CEOs are suddenly going to see the IPv6 light.
What exactly will cease to grow tho? The 4 billion IPs that have always been around will continue to be. I think you overestimate the effects..
All the existing big businesses can operate with what they already have, Google and Yahoo are not going to face any sort of crisis for the foreseeable future. And as I've been saying for a while and Randy put in his presentation, supply and demand will simply cause the cost of having public IPs to go up from zero to something tiny - enough to see IPs being put back into the pool to those who really need them.
I'm not sure what your definition of "really tiny" is, but out here IPs are a dollar or two each a year from APNIC. I'm sure ARIN's IP charges aren't $0.00.
RIPE is a couple thousands Euros to be an LIR which gets you all the IPs you need.. $1/yr is like 8c/month - well into the realm of being sunk into the cost when you provide a hosting service or DSL line. Its close enough to zero to be lost in the overheads of any business operation. Now, if you suddenly charge $2.50/mo to have a public IP or $15/mo for a /28 it does become a consideration to the customer as to if they _REALLY_ need it Steve
Petri Helenius wrote:
Stephen Wilcox wrote:
Now, if you suddenly charge $2.50/mo to have a public IP or $15/mo for a /28 it does become a consideration to the customer as to if they _REALLY_ need it
Where would this money go to?
To ip-squatters. Get your allocation now and turn it into gold tommorow. p2p people will be happy if they can get rid of their tunnels. With rfc 1918 addresses for all there will be no more filesharing, voip, spam and troyans. Cheers Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de mail: peter@echnaton.arl.pirates http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/
On Sun, Jul 29, 2007 at 10:50:10AM +0200, Peter Dambier wrote:
Petri Helenius wrote:
Stephen Wilcox wrote:
Now, if you suddenly charge $2.50/mo to have a public IP or $15/mo for a /28 it does become a consideration to the customer as to if they _REALLY_ need it
Where would this money go to?
you could subsidise all those v6 rollouts everyone is talking about ;p seriously, figuring out what to do with some spare money shouldnt be a big concern.. if we dont pool it centrally under collective authority then what pete says below will happen:
To ip-squatters.
Get your allocation now and turn it into gold tommorow.
p2p people will be happy if they can get rid of their tunnels. With rfc 1918 addresses for all there will be no more filesharing, voip, spam and troyans.
really? because p2p doesnt work behind NAT, and computers behind NAT dont get infected? this is the Internet today and NAT has no effect on the above. Steve
Stephen Wilcox wrote:
On Sun, Jul 29, 2007 at 10:50:10AM +0200, Peter Dambier wrote:
p2p people will be happy if they can get rid of their tunnels. With rfc 1918 addresses for all there will be no more filesharing, voip, spam and troyans.
really? because p2p doesnt work behind NAT, and computers behind NAT dont get infected?
this is the Internet today and NAT has no effect on the above.
I am pessimistic. The malware will find its way. It is port 25 smtp that goes away and takes part of the spam away too. Ways have been found to drill holes into NAT-routers and firewalls, but they are working only as long as it is only you who wants to break out of the NAT. As soon as the mainstream has only left rfc 1918 addresses p2p will stop. I see lots of p2p-ers already communicating via IPv6 tunnels. They are prepared. Kind regards Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de mail: peter@echnaton.arl.pirates http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/
On 7/29/07, Peter Dambier <peter@peter-dambier.de> wrote:
Ways have been found to drill holes into NAT-routers and firewalls, but they are working only as long as it is only you who wants to break out of the NAT. As soon as the mainstream has only left rfc 1918 addresses p2p will stop.
really? http://samy.pl/chownat/ NAT stops nothing. The concept in the above script (which has been around for several years) would be trivial for any P2P software to implement if it detects it is behind a NAT; in fact, this method may well be in use already. -- darkuncle@{gmail.com,darkuncle.net} || 0x5537F527 encrypted email to the latter address please http://darkuncle.net/pubkey.asc for public key
Scott Francis wrote:
On 7/29/07, Peter Dambier <peter@peter-dambier.de> wrote:
Ways have been found to drill holes into NAT-routers and firewalls, but they are working only as long as it is only you who wants to break out of the NAT. As soon as the mainstream has only left rfc 1918 addresses p2p will stop.
really?
NAT stops nothing. The concept in the above script (which has been around for several years) would be trivial for any P2P software to implement if it detects it is behind a NAT; in fact, this method may well be in use already.
I have read that is what skype is doing and probably some troyans. Still you have to "talk" to your NAT-router and the other party has to talk to their NAT-router to make those two NAT-routers talk to each other. When those two router cannot see each other because they too are living behind NAT then you have got a problem. I guess you can solve it but the number of ports is limited and things get a lot trickier. When you try to get out of the big NAT (china) then the number of available ports versus the number of users who want to get out - is the limit. Kind regards Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de mail: peter@echnaton.arl.pirates http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/
On Tue, Jul 31, 2007 at 10:12:28PM +0200, Peter Dambier wrote:
Scott Francis wrote:
On 7/29/07, Peter Dambier <peter@peter-dambier.de> wrote:
Ways have been found to drill holes into NAT-routers and firewalls, but they are working only as long as it is only you who wants to break out of the NAT. As soon as the mainstream has only left rfc 1918 addresses p2p will stop.
really?
NAT stops nothing. The concept in the above script (which has been around for several years) would be trivial for any P2P software to implement if it detects it is behind a NAT; in fact, this method may well be in use already.
I have read that is what skype is doing and probably some troyans.
Still you have to "talk" to your NAT-router and the other party has to talk to their NAT-router to make those two NAT-routers talk to each other. When those two router cannot see each other because they too are living behind NAT then you have got a problem.
I guess you can solve it but the number of ports is limited and things get a lot trickier. When you try to get out of the big NAT (china) then the number of available ports versus the number of users who want to get out - is the limit.
Firstly, all p2p nets use some process to register with the network. It is simple to imagine a way to ensure these superpeers are publically addressed and let them coordinate the NATted hosts. Secondly, there is no big NAT in china. And even if there was, very large private networks should flourish for p2p sharing amongst each other. I think you're trying to demonstrate NAT to be a security mechanism and its long been known that that is not the case. Steve
Stephen Wilcox wrote: ...
Firstly, all p2p nets use some process to register with the network. It is simple to imagine a way to ensure these superpeers are publically addressed and let them coordinate the NATted hosts.
e.g. dyndns (no-ip.com) or OpenDHD and other not so wellknown. Bots very often use IRC channels, also not strictly p2p, sometimes. You may not like them (I dont) but they still are p2p applications, if not the most popular.
Secondly, there is no big NAT in china.
China is meant as a bad example. They will be the first to grow out of IPv4 space and their IPv9 is kind of a big NAT.
And even if there was, very large private networks should flourish for p2p sharing amongst each other.
Indeed if the island is becomming big enough. But there is no communication to the outside.
I think you're trying to demonstrate NAT to be a security mechanism and its long been known that that is not the case.
No, I think NAT is a pain in the backside and should never have been. Indeed a lot of fools get tricked into believing NAT is kind of a firewall. It is like closing your eyes so the attacker cannot see you. Talking about spam and malware going away with NAT behind NAT ... I meant communication via email would go away in the first place. I should have marked that as sarkasm. Kind regards Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de mail: peter@echnaton.arl.pirates http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/
On Jul 29, 2007, at 5:02 AM, Peter Dambier wrote:
I am pessimistic. The malware will find its way.
It is port 25 smtp that goes away and takes part of the spam away too.
IPv6:25 will not work, or will not be accepted? There are IPv6 translators that dynamically share IPv4 address space.
Ways have been found to drill holes into NAT-routers and firewalls, but they are working only as long as it is only you who wants to break out of the NAT. As soon as the mainstream has only left rfc 1918 addresses p2p will stop.
I see lots of p2p-ers already communicating via IPv6 tunnels. They are prepared.
An ISP must provide at least some flavor of IP address, even addresses that might be shared. Dealing with shared IP address space by tunneling with IPv6 addresses is a feature built into Windows Vista, where XP can be updated to provide this as well. With Vista being remarkably slow, who can tell when a delay might be due to malware. These systems will always chat with Internet "peers" to keep NAT holes open. Knowing when network traffic is abnormal has become a new problem. IPv4 address space shortages will not reduce spam or malware. Expect even greater amounts of nefarious network traffic. IPv6 and a massive amount of tunneling is likely to overwhelm efforts to monitor nefarious traffic. It seems doubtful IPv6 address black-hole lists will adequately deal with a future of such complex topology. Will the Internet become fragmented into the Internets? Perhaps bang addressing will see a comeback. -Doug
Thus spake "Adrian Chadd" <adrian@creative.net.au>
I'm not sure what your definition of "really tiny" is, but out here IPs are a dollar or two each a year from APNIC. I'm sure ARIN's IP charges aren't $0.00.
The 73 "Xtra Large" LIRs that consume 79% of ARIN's v4 space today are paying no more than USD 0.03 per IP per year. That's not quite zero, but it's close enough the effect is the same. Until the cost of v4 space to these folks is more than a rounding error, they have absolutely no incentive to conserve. It doesn't matter what the other 2550 LIRs do because they're insignificant factors in overall consumption. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov
At 10:04 AM -0500 7/25/07, Stephen Sprunk wrote:
The 73 "Xtra Large" LIRs that consume 79% of ARIN's v4 space today are paying no more than USD 0.03 per IP per year. That's not quite zero, but it's close enough the effect is the same. Until the cost of v4 space to these folks is more than a rounding error, they have absolutely no incentive to conserve. It doesn't matter what the other 2550 LIRs do because they're insignificant factors in overall consumption.
In every region, there are major carriers that: 1) Require additional addresses for new customer connections, 2) Must exchange routes with all other DFZ players and cannot meaningfully filter when they want to announce the same routes, 3) Currently add many, many new customers for each additional routing table entry in the DFZ. This model does have tolerable scaling characteristics (which are retained if IPv6 blocks are used for the same purpose in the future). These providers do have motivation to conserve, but also compete for customers. You're not going to see major ISP's moving to one DMZ IP address for new customers (even with higher "costs"), since their conservation efforts will impact new sales. If people really want such changes to slow down utilization, it's going to take policy. /John
On Tue, 24 Jul 2007, Durand, Alain wrote:
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Chad Oleary Sent: Tuesday, July 24, 2007 10:02 AM To: nanog@merit.edu Subject: Re: An Internet IPv6 Transition Plan
Personally, I see v6 as something that needed and desired by the certain groups. However, when looking at the enterprise, for example, better solutions are needed for things like multi-homing, last I checked.
It is just the same multi-homing as v4. No better for sure.
yup, and see below for a bug-a-boo
DNSSEC comes to mind, but that's a whole different story. Add, since a host can have many preferred addresses, which to use? How do deprecated addresses get withdrawn from DNS?
This is a very good point. Having multiple addresses per interface introduce a lot a complexity that is not well understood today. However, nothing forces you there. If you do not run ULA, but run PA or PI space, you can very well manage only one v6 address per interface.
I think you mean 'PI' not 'PA or PI' because if you have PA and multihome you'll have 2 addresses then have to play the 'which one is 'best' game...
On Tue, Jul 24, 2007 at 10:01:44AM -0400, Chad Oleary wrote:
DHCPv6 doesn't even hand out addresses.
I wasn't going to say anything because Alain already said something. But we've gotten this question from at least two other sources in the last two days who read this and wanted to ask us what that was about. "What were they thinking?" It does seem pretty weird. So hopefully it will help people who don't have a geek to ask if I were to explain what's going on here: There are 'stateless' and 'stateful' ways to implement DHCPv6. You don't get address assignment unless you do 'stateful' DHCPv6 (and then it's complicated by wether you mean 'normal' addresses, 'temporary' addresses which change every renew, or 'prefix delegation'). But DHCPv6 does give out addresses. The easy way to think of DHCPv6 stateful vs stateless is to realize we have the same relationship in DHCPv4 - you can get an address like people normally do with DHCPv4, or you can use a DHCPINFORM if you already have one...so you can get configuration values like nameservers and such without allocating an address. That's all stateless DHCPv6 is. What Alain said is that until 12-18 months prior to today, there have not been very many sources of stateful DHCPv6 implementations. There are several implementations out now, many appearing enabled by default on production software you probably already have in your networks. -- Ash bugud-gul durbatuluk agh burzum-ishi krimpatul. Why settle for the lesser evil? https://secure.isc.org/store/t-shirt/ -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
participants (19)
-
Adrian Chadd
-
Barry Shein
-
Chad Oleary
-
Chris L. Morrow
-
David Conrad
-
David W. Hankins
-
Douglas Otis
-
Durand, Alain
-
Iljitsch van Beijnum
-
John Curran
-
JORDI PALET MARTINEZ
-
Leo Vegoda
-
michael.dillon@bt.com
-
Peter Dambier
-
Petri Helenius
-
Randy Bush
-
Scott Francis
-
Stephen Sprunk
-
Stephen Wilcox