dynamic or static IPv6 prefixes to residential customers
Hi all, I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes. Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4. I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up. Regards, Jordi ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
On 2011-07-26 16:58 , JORDI PALET MARTINEZ wrote:
Hi all,
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up.
You are forgetting the simple fact that you can charge for static addresses and unblocked connectivity. THAT is the reason for dynamic addresses, as on the ISP level there are still enough IPv4 addresses and they can still, even today, ask for more from their RIR. Abuse/accounting/etc all become much simpler with static addresses. But as long as you give those users dynamic addresses, they might not run a SMTP/HTTP/xxx server on their link as changing IPs is kind-of-annoying (but doable with the proper DNS setup and low TTLs) Thus, you give them dynamic stuff, or only 1 IP address and ask them for lots of moneys when they want a static address or hey lots more moneys (in the form of a 'business connection') when they want multiple addresses routed to their host. And don't bother asking for proper reverse setup in a lot of cases either, let alone delegation of that. Greets, Jeroen Happily using the same static IPv6 /48 for almost a decade ;)
Agree with all your points. Also, one can argue that a dynamic prefix facilitates privacy However, if ISPs or third party companies (and thus users ask for more and more bw) want to offer new services and apps with IPv6, it will be much easier to implement with static prefixes. Regards, Jordi -----Mensaje original----- De: Jeroen Massar <jeroen@unfix.org> Organización: Unfix Responder a: <jeroen@unfix.org> Fecha: Tue, 26 Jul 2011 17:05:41 +0200 Para: Jordi Palet Martinez <jordi.palet@consulintel.es> CC: NANOG list <nanog@nanog.org> Asunto: Re: dynamic or static IPv6 prefixes to residential customers
On 2011-07-26 16:58 , JORDI PALET MARTINEZ wrote:
Hi all,
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up.
You are forgetting the simple fact that you can charge for static addresses and unblocked connectivity. THAT is the reason for dynamic addresses, as on the ISP level there are still enough IPv4 addresses and they can still, even today, ask for more from their RIR.
Abuse/accounting/etc all become much simpler with static addresses.
But as long as you give those users dynamic addresses, they might not run a SMTP/HTTP/xxx server on their link as changing IPs is kind-of-annoying (but doable with the proper DNS setup and low TTLs)
Thus, you give them dynamic stuff, or only 1 IP address and ask them for lots of moneys when they want a static address or hey lots more moneys (in the form of a 'business connection') when they want multiple addresses routed to their host.
And don't bother asking for proper reverse setup in a lot of cases either, let alone delegation of that.
Greets, Jeroen Happily using the same static IPv6 /48 for almost a decade ;)
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
On Tue, Jul 26, 2011 at 11:18:37AM -0400, JORDI PALET MARTINEZ wrote:
Also, one can argue that a dynamic prefix facilitates privacy
In Germany, there is significant political pushback against the idea to give residential mom+pop static prefixed for that very reason. I seriously doubt that any operator with any residential customer base of relevance would go static, here. Upsell opportunity and avoiding customers running services don't seem to be the highest on the list of reasons against static, from what I see. Wether operators enforce randomization of WAN IP and delegated prefix though is another question. There are operators who have "stickyness" for IPv4 (upon reconnect, give the CPE the address it asks for if it's still available). So leases are generally pretty stable over time in that scenario. Others configure their DHCP platform to intentionally randomize. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Actually all addresses are dynamic. There are just different lease periods. Year vs day or hours. One can also hand out *multiple* prefixes. Ones with a lease period of year and one with a lease period in hours and let the customer use the most appropriate one for the particular usage needs. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Jul 26, 2011, at 3:30 PM, Mark Andrews wrote:
Actually all addresses are dynamic. There are just different lease periods. Year vs day or hours.
An interesting way to look at it. Perhaps arguably true with IPv6. However, one must face the reality that at some levels, it's year with virtually guaranteed option to renew every year, making it effectively static. Owen
You wrote:
Also, one can argue that a dynamic prefix facilitates privacy Š
In Germany, there is significant political pushback against the idea to give residential mom+pop static prefixed for that very reason.
Do German web sites not track users with cookies, then? Regards, Leo
On Jul 26, 2011, at 4:02 PM, Leo Vegoda wrote:
You wrote:
Also, one can argue that a dynamic prefix facilitates privacy Š
In Germany, there is significant political pushback against the idea to give residential mom+pop static prefixed for that very reason.
Do German web sites not track users with cookies, then?
Regards,
Leo
No, it's just a case of the German government not being very smart about privacy. Owen
On Tue, 26 Jul 2011 16:02:14 PDT, Leo Vegoda said:
Do German web sites not track users with cookies, then?
There's a subtle but significant difference between what cookies give you, which is "This is the same entity that visited our page at 7:48PM last Tuesday", and what easily trackable IP addresses give you, which is "This is an entity located at 1948 Durhof Street". Yes, it's often possible to to map between one and the other - but anonymous and pseudonymous are two different things. It's quite reasonable for somebody to want to be one but not the other - though it can be difficult in practice. It's even quite reasonable for somebody to wish to be positively identified, but their location not easily determined - for instance, I'm posting this as myself, but I may wish where I'm posting *from* to remain a secret (for instance, if my location reveals I'm not at home and thus burgling my residence is more feasible).
On Jul 26, 2011, at 5:06 PM, Valdis.Kletnieks@vt.edu wrote:
On Tue, 26 Jul 2011 16:02:14 PDT, Leo Vegoda said:
Do German web sites not track users with cookies, then?
There's a subtle but significant difference between what cookies give you, which is "This is the same entity that visited our page at 7:48PM last Tuesday", and what easily trackable IP addresses give you, which is "This is an entity located at 1948 Durhof Street".
Yes, it's often possible to to map between one and the other - but anonymous and pseudonymous are two different things. It's quite reasonable for somebody to want to be one but not the other - though it can be difficult in practice. It's even quite reasonable for somebody to wish to be positively identified, but their location not easily determined - for instance, I'm posting this as myself, but I may wish where I'm posting *from* to remain a secret (for instance, if my location reveals I'm not at home and thus burgling my residence is more feasible).
Yes, but, your network prefix will generally reveal that to roughly the same extent whether it is static or dynamic. Owen
On Jul 26, 2011, at 20:08, Valdis.Kletnieks@vt.edu wrote:
There's a subtle but significant difference between what cookies give you, which is "This is the same entity that visited our page at 7:48PM last Tuesday", and what easily trackable IP addresses give you, which is "This is an entity located at 1948 Durhof Street".
With how much identifying information user agents leak nowadays [1] this is almost a moot point. If you can be uniquely identified through the user agent- does it really matter that they can uniquely ID the household as well based on prefix information? ~Matt 1: http://panopticlick.eff.org/
On Jul 26, 2011, at 8:29 PM, Matt Addison wrote:
On Jul 26, 2011, at 20:08, Valdis.Kletnieks@vt.edu wrote:
There's a subtle but significant difference between what cookies give you, which is "This is the same entity that visited our page at 7:48PM last Tuesday", and what easily trackable IP addresses give you, which is "This is an entity located at 1948 Durhof Street".
With how much identifying information user agents leak nowadays [1] this is almost a moot point. If you can be uniquely identified through the user agent- does it really matter that they can uniquely ID the household as well based on prefix information?
That depends on what happens when ISPs do start giving residences /48s and ARIN starts asking for the SWIP details on blocks that large. Matthew Kaufman
On Jul 26, 2011, at 6:10 PM, Matthew Kaufman wrote:
On Jul 26, 2011, at 8:29 PM, Matt Addison wrote:
On Jul 26, 2011, at 20:08, Valdis.Kletnieks@vt.edu wrote:
There's a subtle but significant difference between what cookies give you, which is "This is the same entity that visited our page at 7:48PM last Tuesday", and what easily trackable IP addresses give you, which is "This is an entity located at 1948 Durhof Street".
With how much identifying information user agents leak nowadays [1] this is almost a moot point. If you can be uniquely identified through the user agent- does it really matter that they can uniquely ID the household as well based on prefix information?
That depends on what happens when ISPs do start giving residences /48s and ARIN starts asking for the SWIP details on blocks that large.
Matthew Kaufman
I believe that the existing residential customer privacy policy covers this. Owen
On Tue, 2011-07-26 at 11:18 -0400, JORDI PALET MARTINEZ wrote:
Also, one can argue that a dynamic prefix facilitates privacy
Not really - not unless they use privacy addresses or DHCPv6 as well. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob) GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687 Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
On Jul 26, 2011, at 8:05 AM, Jeroen Massar wrote:
On 2011-07-26 16:58 , JORDI PALET MARTINEZ wrote:
Hi all,
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes.
We (Hurricane Electric) provide statics to all of our customers.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up.
You are forgetting the simple fact that you can charge for static addresses and unblocked connectivity. THAT is the reason for dynamic addresses, as on the ISP level there are still enough IPv4 addresses and they can still, even today, ask for more from their RIR.
You can only charge for static addresses as long as your competitors don't. Hopefullly with IPv6, that model will go the way of the dodo.
Abuse/accounting/etc all become much simpler with static addresses.
But as long as you give those users dynamic addresses, they might not run a SMTP/HTTP/xxx server on their link as changing IPs is kind-of-annoying (but doable with the proper DNS setup and low TTLs)
Let's face it, the users that are going to run an SMTP/HTTP/xxx server on their link are probably the ones that know how to use dyndns or some other mechanism to cope with the dynamic address issue. The ones that aren't already running such services with dynamic IPs are probably not significantly more likely to do so with static.
Thus, you give them dynamic stuff, or only 1 IP address and ask them for lots of moneys when they want a static address or hey lots more moneys (in the form of a 'business connection') when they want multiple addresses routed to their host.
I don't think this will fly with IPv6 since free tunnels are a simple solution where you can get a /48 for free regardless of what your ISP does to you. I think that this is a temporary problem and that IPv6 will prove to be a game-changer in this arena.
And don't bother asking for proper reverse setup in a lot of cases either, let alone delegation of that.
Again, I think other than cable MSOs where they have strong topological reasons to prevent static addressing, IPv6 will see the return of unfettered static addressing and multiple addresses as the default for end users. I realize there is some resistance to the idea of /48s among some residential providers at this point, but, the majority of them are talking about at least using /56s or better, so, I don't think /128s are at all likely.
Greets, Jeroen Happily using the same static IPv6 /48 for almost a decade ;)
Owen Happily using the same RIR-direct-assigned /48 at home for almost 4 years.
On 7/26/2011 12:06 PM, Owen DeLong wrote:
On Jul 26, 2011, at 8:05 AM, Jeroen Massar wrote:
On 2011-07-26 16:58 , JORDI PALET MARTINEZ wrote:
Hi all,
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes.
We (Hurricane Electric) provide statics to all of our customers.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up. You are forgetting the simple fact that you can charge for static addresses and unblocked connectivity. THAT is the reason for dynamic addresses, as on the ISP level there are still enough IPv4 addresses and they can still, even today, ask for more from their RIR.
You can only charge for static addresses as long as your competitors don't. Hopefullly with IPv6, that model will go the way of the dodo.
Abuse/accounting/etc all become much simpler with static addresses.
But as long as you give those users dynamic addresses, they might not run a SMTP/HTTP/xxx server on their link as changing IPs is kind-of-annoying (but doable with the proper DNS setup and low TTLs)
Let's face it, the users that are going to run an SMTP/HTTP/xxx server on their link are probably the ones that know how to use dyndns or some other mechanism to cope with the dynamic address issue. The ones that aren't already running such services with dynamic IPs are probably not significantly more likely to do so with static.
Thus, you give them dynamic stuff, or only 1 IP address and ask them for lots of moneys when they want a static address or hey lots more moneys (in the form of a 'business connection') when they want multiple addresses routed to their host.
I don't think this will fly with IPv6 since free tunnels are a simple solution where you can get a /48 for free regardless of what your ISP does to you. I think that this is a temporary problem and that IPv6 will prove to be a game-changer in this arena.
And don't bother asking for proper reverse setup in a lot of cases either, let alone delegation of that.
Again, I think other than cable MSOs where they have strong topological reasons to prevent static addressing, IPv6 will see the return of unfettered static addressing and multiple addresses as the default for end users. I realize there is some resistance to the idea of /48s among some residential providers at this point, but, the majority of them are talking about at least using /56s or better, so, I don't think /128s are at all likely.
Greets, Jeroen Happily using the same static IPv6 /48 for almost a decade ;)
Owen Happily using the same RIR-direct-assigned /48 at home for almost 4 years.
It's very interesting to hear the majority of you promoting static over dynamic. We are just now starting to work with IPv6 now that our upstreams are willing to give us dual-stack. We've always been a static shop, but sales has been pushing for dynamic for years due to what people have mentioned earlier, the ability to up-sell statics to customers. We prefer static because of the easy tracking of customers for abuse/spam/DMCA complaints and we don't need to worry about DHCP servers. It's heartening to see others of the same mindset encouraging static for IPv6 allocation. Jason
In message <4E2EFACC.4010906@thebaughers.com>, Jason Baugher writes:
On Jul 26, 2011, at 8:05 AM, Jeroen Massar wrote:
On 2011-07-26 16:58 , JORDI PALET MARTINEZ wrote:
Hi all,
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes .
We (Hurricane Electric) provide statics to all of our customers.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up . You are forgetting the simple fact that you can charge for static addresses and unblocked connectivity. THAT is the reason for dynamic addresses, as on the ISP level there are still enough IPv4 addresses and they can still, even today, ask for more from their RIR.
You can only charge for static addresses as long as your competitors don't. Hopefullly with IPv6, that model will go the way of the dodo.
Abuse/accounting/etc all become much simpler with static addresses.
But as long as you give those users dynamic addresses, they might not run a SMTP/HTTP/xxx server on their link as changing IPs is kind-of-annoying (but doable with the proper DNS setup and low TTLs)
Let's face it, the users that are going to run an SMTP/HTTP/xxx server on t heir link are probably the ones that know how to use dyndns or some other mechan ism to cope with the dynamic address issue. The ones that aren't already runnin g such services with dynamic IPs are probably not significantly more likely t o do so with static.
Thus, you give them dynamic stuff, or only 1 IP address and ask them for lots of moneys when they want a static address or hey lots more moneys (in the form of a 'business connection') when they want multiple addresses routed to their host.
I don't think this will fly with IPv6 since free tunnels are a simple solut ion where you can get a /48 for free regardless of what your ISP does to you. I think
On 7/26/2011 12:06 PM, Owen DeLong wrote: that
this is a temporary problem and that IPv6 will prove to be a game-changer in this arena.
And don't bother asking for proper reverse setup in a lot of cases either, let alone delegation of that.
Again, I think other than cable MSOs where they have strong topological reasons to prevent static addressing, IPv6 will see the return of unfettere d static addressing and multiple addresses as the default for end users. I realize there is some resistance to the idea of /48s among some residenti al providers at this point, but, the majority of them are talking about at lea st using /56s or better, so, I don't think /128s are at all likely.
Greets, Jeroen Happily using the same static IPv6 /48 for almost a decade ;)
Owen Happily using the same RIR-direct-assigned /48 at home for almost 4 years.
It's very interesting to hear the majority of you promoting static over dynamic. We are just now starting to work with IPv6 now that our upstreams are willing to give us dual-stack. We've always been a static shop, but sales has been pushing for dynamic for years due to what people have mentioned earlier, the ability to up-sell statics to customers. We prefer static because of the easy tracking of customers for abuse/spam/DMCA complaints and we don't need to worry about DHCP servers. It's heartening to see others of the same mindset encouraging static for IPv6 allocation.
Static and be done with DHCP or manually.
Jason
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Jul 26, 2011 7:58 AM, "JORDI PALET MARTINEZ" <jordi.palet@consulintel.es> wrote:
Hi all,
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up.
Regards, Jordi
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware
In mobile, v6 addresses will be dynamic with no persistence across link state changes. Cb that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
Hi Cameron, What about routers ? In some locations, users may have only the choice of cellular broadband instead of DSL, cable or fiber. Regards, Jordi -----Mensaje original----- De: Cameron Byrne <cb.list6@gmail.com> Responder a: <cb.list6@gmail.com> Fecha: Tue, 26 Jul 2011 08:34:36 -0700 Para: Jordi Palet Martinez <jordi.palet@consulintel.es> CC: NANOG list <nanog@nanog.org> Asunto: Re: dynamic or static IPv6 prefixes to residential customers
On Jul 26, 2011 7:58 AM, "JORDI PALET MARTINEZ" <jordi.palet@consulintel.es> wrote:
Hi all,
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up.
In mobile, v6 addresses will be dynamic with no persistence across link state changes. Cb
Regards, Jordi
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
given how often the cellular address changes on my Verizon 4g router not to mention the external ip address on their LSN I think I can speculate... joel On Jul 26, 2011, at 12:11 PM, JORDI PALET MARTINEZ wrote:
Hi Cameron,
What about routers ? In some locations, users may have only the choice of cellular broadband instead of DSL, cable or fiber.
Regards, Jordi
-----Mensaje original----- De: Cameron Byrne <cb.list6@gmail.com> Responder a: <cb.list6@gmail.com> Fecha: Tue, 26 Jul 2011 08:34:36 -0700 Para: Jordi Palet Martinez <jordi.palet@consulintel.es> CC: NANOG list <nanog@nanog.org> Asunto: Re: dynamic or static IPv6 prefixes to residential customers
On Jul 26, 2011 7:58 AM, "JORDI PALET MARTINEZ" <jordi.palet@consulintel.es> wrote:
Hi all,
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up.
In mobile, v6 addresses will be dynamic with no persistence across link state changes. Cb
Regards, Jordi
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
On Tue, Jul 26, 2011 at 9:11 AM, JORDI PALET MARTINEZ <jordi.palet@consulintel.es> wrote:
Hi Cameron,
What about routers ? In some locations, users may have only the choice of cellular broadband instead of DSL, cable or fiber.
From an architectural perspective, mobile broadband routers are
treated the same and can expect only ephemeral address assignments. This is the general case for generic mobile devices accessing the internet, there can be specific arrangements for specific industrial use cases (this traffic signal/ gas meter/ windmill always gets this address). Cameron
Regards, Jordi
-----Mensaje original----- De: Cameron Byrne <cb.list6@gmail.com> Responder a: <cb.list6@gmail.com> Fecha: Tue, 26 Jul 2011 08:34:36 -0700 Para: Jordi Palet Martinez <jordi.palet@consulintel.es> CC: NANOG list <nanog@nanog.org> Asunto: Re: dynamic or static IPv6 prefixes to residential customers
On Jul 26, 2011 7:58 AM, "JORDI PALET MARTINEZ" <jordi.palet@consulintel.es> wrote:
Hi all,
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up.
In mobile, v6 addresses will be dynamic with no persistence across link state changes. Cb
Regards, Jordi
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
Hi,
Hi all,
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up.
well, it does make sense for most of the residential customers nowadays, because they are indoctrinated with this idea of dynamic+NAT == privacy for over a decade now and don't know any better. So, i don't think it's a good idea to hand out static prefixes to residential customers by default, it might cause pain. The best current practice would be, to default to a dynamic prefix, but enable your more advanced customers to change that to a static prefix at will in your customer service web-portal or something. But i have no idea how to sell this to your marketing department. They again are usually used to sell static IPs for an extra fee, and usually don't want to change that with IPv6. That's bullshit for IPv6 of course. (Another idea, which i scrapped after thinking about it in depth was, to hand out a dynamic P2P prefix (/64) + a /56 (or /48) static on top, so the customer/CPE could chose what to use, but that is actually too complicated in the end and would need support in the CPE firmware) -- Mit freundlichen Grüßen / Kind Regards Sascha Lenz [SLZ-RIPE] Senior System- & Network Architect
On Jul 26, 2011, at 12:28 PM, Sascha Lenz wrote:
Hi,
Hi all,
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up.
well, it does make sense for most of the residential customers nowadays, because they are indoctrinated with this idea of dynamic+NAT == privacy for over a decade now and don't know any better.
IMNSHO, education is always a better alternative than preserving ignorance or worse, mis-information.
So, i don't think it's a good idea to hand out static prefixes to residential customers by default, it might cause pain.
I think it is an excellent idea to do so. I think that any delusions of privacy achieved through dynamic+NAT are exactly that and need to be shattered. The sooner, the better.
The best current practice would be, to default to a dynamic prefix, but enable your more advanced customers to change that to a static prefix at will in your customer service web-portal or something.
Sounds unnecessarily complicated and with absolutely no benefit whatsoever.
But i have no idea how to sell this to your marketing department. They again are usually used to sell static IPs for an extra fee, and usually don't want to change that with IPv6. That's bullshit for IPv6 of course.
It was mostly bullshit for IPv4.
(Another idea, which i scrapped after thinking about it in depth was, to hand out a dynamic P2P prefix (/64) + a /56 (or /48) static on top, so the customer/CPE could chose what to use, but that is actually too complicated in the end and would need support in the CPE firmware)
By default, we (Hurricane Electric) hand out a static /64 for the tunnel point-to-point and a static /64 for the customer LAN. Upon request we will also issue the customer a static /48 for their LAN structure. Owen
Hi Owen,
Hi all,
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up.
well, it does make sense for most of the residential customers nowadays, because they are indoctrinated with this idea of dynamic+NAT == privacy for over a decade now and don't know any better.
IMNSHO, education is always a better alternative than preserving ignorance or worse, mis-information.
I'm fully with you there, probably i should have elaborated a bit more. In general, what Daniel said - at least in germany we have this problem that static vs. dynamic Internet address assignments make a whole lot of a difference in privacy when it comes to legal issues. AND, even though we have next to no IPv6-deployment on a big scale here, there is plenty of "education" going on in various media about how IPv6 will kill privacy with "life-long IP addresses" and so on. It's just not possible to counter that with technical arguments, at least not in the short-term. I apologize for generalizing the situation in germany without explaining. I really hope it's different in other markets and you are right. But you will lose customers here if you don't offer some kind of dynamic prefixes, and if you're dealing with the mass-market, you can't afford that. Hence, my suggestion to just let your customers chose. Problem solved.
The best current practice would be, to default to a dynamic prefix, but enable your more advanced customers to change that to a static prefix at will in your customer service web-portal or something.
Sounds unnecessarily complicated and with absolutely no benefit whatsoever.
In this case, i beg to differ though. It's not complicated but as easy as some change in your RADIUS database. And, in contrast to things like NAT66, it doesn't break anything. So, in my opinion, this is about giving the customers a choice, with no downsides. It's somewhat similar to "privacy extensions - yes or no? default or not?" in the end. One could discuss what the default should be, dynamic or static. But just handing out static addresses even though it's relatively easy to give your customers a choice, might be seen as "dictating" rather than "educating". On a side-note: It's totally different with NAT of course, giving the people the choice to use NAT will break things in the internet, again. I never would opt for that.
But i have no idea how to sell this to your marketing department. They again are usually used to sell static IPs for an extra fee, and usually don't want to change that with IPv6. That's bullshit for IPv6 of course.
It was mostly bullshit for IPv4.
Selling IPs? Indeed. But there's nothing in any RIR policy to prevent that (anymore). -- Mit freundlichen Grüßen / Kind Regards Sascha Lenz [SLZ-RIPE] Senior System- & Network Architect
On Jul 27, 2011, at 6:14 AM, Sascha Lenz wrote:
Hi Owen,
Hi all,
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up.
well, it does make sense for most of the residential customers nowadays, because they are indoctrinated with this idea of dynamic+NAT == privacy for over a decade now and don't know any better.
IMNSHO, education is always a better alternative than preserving ignorance or worse, mis-information.
I'm fully with you there, probably i should have elaborated a bit more.
In general, what Daniel said - at least in germany we have this problem that static vs. dynamic Internet address assignments make a whole lot of a difference in privacy when it comes to legal issues.
I don't doubt it… The German government has a long history of misunderstanding privacy and what is required for real privacy.
AND, even though we have next to no IPv6-deployment on a big scale here, there is plenty of "education" going on in various media about how IPv6 will kill privacy with "life-long IP addresses" and so on.
I think you are confusing "education" with mis-information. We have the same problem with the media in the US. Especially Fox and other Rupert Murdoch organizations. (Yes, I realize you quoted "education" to emphasize this, but, when we call it by their terms, we propagate the myth that it is education.) More effort is needed to re-educate the media and show them the true threats to privacy. The reality is that a life-long prefix doesn't tell me anything more than the neighborhood prefix will without other data. You aren't going to be able to get around the neighborhood prefix issue no matter how often you renumber your subscribers, and the other information will still provide the same correlations.
It's just not possible to counter that with technical arguments, at least not in the short-term.
I disagree. It may not be possible to win the debate in the short term, but, that's no excuse for failing to make the argument. We may be forced to do dumb things, but, we can at least point out that they are dumb while we do them.
I apologize for generalizing the situation in germany without explaining. I really hope it's different in other markets and you are right.
It is. In the US, the government is working hard to eliminate privacy anyway, so, there is no such government opposition no matter how misinformed they are about the issue. ;-)
But you will lose customers here if you don't offer some kind of dynamic prefixes, and if you're dealing with the mass-market, you can't afford that.
As I said, we may be forced to do dumb things, either by customer demand or by government intervention. However, it never gets better if we fail to point out that what we are doing is dumb along the way.
Hence, my suggestion to just let your customers chose. Problem solved.
I have no problem with the solution, but, I have a serious problem with simply rolling over with the solution and not making a technical argument as to why it is both costly and counter-productive. Worst of all, your customers have this false sense of security believing that their dynamic addresses actually provide some measure of privacy.
The best current practice would be, to default to a dynamic prefix, but enable your more advanced customers to change that to a static prefix at will in your customer service web-portal or something.
Sounds unnecessarily complicated and with absolutely no benefit whatsoever.
In this case, i beg to differ though. It's not complicated but as easy as some change in your RADIUS database. And, in contrast to things like NAT66, it doesn't break anything.
It's not particularly complicated, but, it is unnecessarily complicated. It is more complicated than straight static addressing and there is no need for it other than FUD and misperception. Yes, there are worse solutions available. Heart failure is worse than kidney disease. I would prefer to avoid both.
So, in my opinion, this is about giving the customers a choice, with no downsides. It's somewhat similar to "privacy extensions - yes or no? default or not?" in the end.
In my opinion, it is not without down-sides. It complicates several things, such as troubleshooting, management, support systems, lawful intercept (ok, complicating this may not be a bad thing), log and event correlation, trend analysis, etc. It has additional costs that result from those complications.
One could discuss what the default should be, dynamic or static. But just handing out static addresses even though it's relatively easy to give your customers a choice, might be seen as "dictating" rather than "educating".
So far, none of our customers have objected, including thousands of tunnel broker users in Germany.
On a side-note: It's totally different with NAT of course, giving the people the choice to use NAT will break things in the internet, again. I never would opt for that.
Glad to hear it. Yes, NAT is worse than what you propose and I don't really have a problem with the solution where it is required for whatever (marketing, government, FUD, or misperception) reason. However, I wouldn't tout it as the ideal case, but, rather the necessary and minimal compromise to meet the unreasonable and inaccurate expectations.
But i have no idea how to sell this to your marketing department. They again are usually used to sell static IPs for an extra fee, and usually don't want to change that with IPv6. That's bullshit for IPv6 of course.
It was mostly bullshit for IPv4.
Selling IPs? Indeed. But there's nothing in any RIR policy to prevent that (anymore).
Actually I don't believe LACNIC or AfriNIC have policies to allow that at this time. Owen
How dynamic will dynamic addresses be under IPv6? IPv4 addresses, with most ISP's, change relatively rarely. Once or twice a year is not atypical, and sometimes they go for much longer. The impression I get is that most of the need to renumber is driven by technological needs, either the subnet sizes and need to use all addresses in a block, or the combining and splitting of "segments" (channels, etc) on the cable infrastructure. With a /64 on each segment the former goes away. Subnet size will never dictate renumbering. The segments issue could keep driving it, but it's not hard to imagine a world where your router gets a dynamic IP out of a /64, and then does DHCP-PD to get your home block. This block may in fact never need to change. Basically, in IPv6, even if addresses are assigned "dynamically" (really automatically) won't the consumer pretty much always have the same address for the lifetime of their service, for the majority of consumers? -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
In a message written on Tue, Jul 26, 2011 at 10:29:12PM -0700, Majdi S. Abbas wrote:
On Tue, Jul 26, 2011 at 04:24:21PM -0700, Leo Bicknell wrote:
How dynamic will dynamic addresses be under IPv6?
With or without privacy extensions enabled?
I think that is orthogonal to my question. My question revolves around the reasons why a DHCPv6 or DHCPv6-PD allocation my change. If, after receiving one of those you choose to use privacy extensions there is no change on the DHCP side of things. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Jordi, We're doing: - dynamic /64 on the link to the customer (PPPoE at this stage) so that PPP directly to a PC will work. (ie. we run SLAAC on this). - static /56 for the customer via DHCPv6 Prefix Delegation. Given our architecture a dynamic /56 would have been better (smaller routing tables in some places), but the reality is we've been somewhat wedged and a static range proves to be a better outcome. FWIW - we're doing IPv6 to customers, today, from our production BNG/BRAS/LNS (whatever you want to call them). MMC -- Matthew Moyle-Croft Peering Manager and Team Lead - Commercial and DSLAMs Internode /Agile Level 5, 150 Grenfell Street, Adelaide, SA 5000 Australia Email: mmc@internode.com.au<mailto:mmc@internode.com.au> Web: http://www.on.net<http://www.on.net/> Direct: +61-8-8228-2909 Mobile: +61-419-900-366 Reception: +61-8-8228-2999 Fax: +61-8-8235-6909
JORDI PALET MARTINEZ <jordi.palet@consulintel.es> writes:
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up.
We will do "semi-static" PD for residential users. In practice most users will see this as static, but we may reallocate users if necessary to preserve aggregation. One point I often miss in the endless discussions wrt dynamic/static IPv6 with references to the dynamic IPv4 world, is the lack of RFC1918 addressing for IPv6. The fact is that all residential users are used to, and depend on, static IPv4 addressing within their own network. They assign e.g. 192.168.5.5 to their printer and 192.168.5.6 to their NAS, and trust that those addresses are static. Now moving to IPv6, their choices are either link local or a static delegated prefix. Link local will of course work and be completely static for a given device, but does have a couple of drawbacks which I believe will make most users want a static global prefix instead: - ugly addresses, often not configurable - the need to specify outgoing interface on any PC/whatever you want to talk to the link local addresss For this reason, I argue that residential users are used to static IPv4 addresses and will demand static IPv6 addresses. The fact that their globally routed IPv4 address is dynamic is completely irrelevant as long as a similar mechanism isn't available for IPv6 (no, I won't mention NAT66). Bjørn
In message <877h6w9emi.fsf@nemi.mork.no>, =?utf-8?Q?Bj=C3=B8rn_Mork?= writes:
JORDI PALET MARTINEZ <jordi.palet@consulintel.es> writes:
I will like to know, from those deploying IPv6 services to residential customers, if you are planning to provide static or dynamic IPv6 prefixes.
Just to be clear, I'm for static prefix delegation to residential customers, however I heard that some ISPs are doing dynamic delegations, the same way as is common today with IPv4.
I don't thin it make sense, as the main reason for doing so in IPv4 was address exhaustion and legacy oversubscription models such as PPP/dial-up.
We will do "semi-static" PD for residential users. In practice most users will see this as static, but we may reallocate users if necessary to preserve aggregation.
One point I often miss in the endless discussions wrt dynamic/static IPv6 with references to the dynamic IPv4 world, is the lack of RFC1918 addressing for IPv6. The fact is that all residential users are used to, and depend on, static IPv4 addressing within their own network. They assign e.g. 192.168.5.5 to their printer and 192.168.5.6 to their NAS, and trust that those addresses are static.
Now moving to IPv6, their choices are either link local or a static delegated prefix. Link local will of course work and be completely static for a given device, but does have a couple of drawbacks which I believe will make most users want a static global prefix instead: - ugly addresses, often not configurable - the need to specify outgoing interface on any PC/whatever you want to talk to the link local addresss
For this reason, I argue that residential users are used to static IPv4 addresses and will demand static IPv6 addresses. The fact that their globally routed IPv4 address is dynamic is completely irrelevant as long as a similar mechanism isn't available for IPv6 (no, I won't mention NAT66).=20
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 60:33:4b:01:75:85 inet6 fe80::6233:4bff:fe01:7585%en1 prefixlen 64 scopeid 0x5 inet 192.168.191.223 netmask 0xffffff00 broadcast 192.168.191.255 inet6 fd92:7065:b8e::6233:4bff:fe01:7585 prefixlen 64 autoconf inet6 2001:470:1f00:820:6233:4bff:fe01:7585 prefixlen 64 autoconf media: autoselect status: active Note the multiple prefixes. IPv6 is not just IPv4 with bigger addresses. If you want to give your printers, etc. stable IPv6 addesses use ULAs.
Bj=C3=B8rn
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 60:33:4b:01:75:85 inet6 fe80::6233:4bff:fe01:7585%en1 prefixlen 64 scopeid 0x5 inet 192.168.191.223 netmask 0xffffff00 broadcast 192.168.191.255 inet6 fd92:7065:b8e::6233:4bff:fe01:7585 prefixlen 64 autoconf inet6 2001:470:1f00:820:6233:4bff:fe01:7585 prefixlen 64 autoconf media: autoselect status: active
Note the multiple prefixes. IPv6 is not just IPv4 with bigger addresses. If you want to give your printers, etc. stable IPv6 addesses use ULAs.
Icky. Better yet, just subscribe to an ISP that will give you a static prefix. Owen
On Aug 2, 2011, at 10:17 AM, Owen DeLong wrote:
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 60:33:4b:01:75:85 inet6 fe80::6233:4bff:fe01:7585%en1 prefixlen 64 scopeid 0x5 inet 192.168.191.223 netmask 0xffffff00 broadcast 192.168.191.255 inet6 fd92:7065:b8e::6233:4bff:fe01:7585 prefixlen 64 autoconf inet6 2001:470:1f00:820:6233:4bff:fe01:7585 prefixlen 64 autoconf media: autoselect status: active
Note the multiple prefixes. IPv6 is not just IPv4 with bigger addresses. If you want to give your printers, etc. stable IPv6 addesses use ULAs.
Icky.
Better yet, just subscribe to an ISP that will give you a static prefix.
Some (probably all) networks need addressing even when they're not attached to a provider. while link-local is necessary it's also probably not sufficient.
Owen
On Aug 2, 2011, at 10:28 AM, Joel Jaeggli wrote:
On Aug 2, 2011, at 10:17 AM, Owen DeLong wrote:
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 60:33:4b:01:75:85 inet6 fe80::6233:4bff:fe01:7585%en1 prefixlen 64 scopeid 0x5 inet 192.168.191.223 netmask 0xffffff00 broadcast 192.168.191.255 inet6 fd92:7065:b8e::6233:4bff:fe01:7585 prefixlen 64 autoconf inet6 2001:470:1f00:820:6233:4bff:fe01:7585 prefixlen 64 autoconf media: autoselect status: active
Note the multiple prefixes. IPv6 is not just IPv4 with bigger addresses. If you want to give your printers, etc. stable IPv6 addesses use ULAs.
Icky.
Better yet, just subscribe to an ISP that will give you a static prefix.
Some (probably all) networks need addressing even when they're not attached to a provider.
I don't understand why this is a problem if your ISP gives you a static address. There are, of course, other sources of addresses available as well. Nobody has yet presented me a situation where I would prefer to use ULA over GUA.
while link-local is necessary it's also probably not sufficient.
True. Owen
I don't understand why this is a problem if your ISP gives you a static address. There are, of course, other sources of addresses available as well. Nobody has yet presented me a situation where I would prefer to use ULA over GUA.
while link-local is necessary it's also probably not sufficient.
t True.
Owen
Lets look at some issues here. 1) it's unlikely that a "normal" household with 2.5 kids and a dog/cat will be able to qualify for their own end user assignment from ARIN. 2) if their router goes down they loose network connectivity on the same subnet due to loosing their ISP assigned prefix. 3) If they are getting dynamic IP's from their ISP and it changes they may or may not be able to print, connect to a share, things like that. these 3 items make a case for everybody having a ULA. however while many of the technical bent will be able to manage multiple addresses I know how much tech support I'll be providing my parents with either an IP address that goes away/changes or multiple IP addresses. I'll set them up on a ULA so there is consistency. Complain about NAT all you want but NAT + RFC 1918 addressing in IPv4 made things such as these much nicer in a home and business setting. james
----- Original Message -----
From: "james machado" <hvgeekwtrvl@gmail.com>
Complain about NAT all you want but NAT + RFC 1918 addressing in IPv4 made things such as these much nicer in a home and business setting.
An argument I've been making right along. Concern about what's happening network-wise outside my edge router belongs to my edge router, *and no other device on my LAN* should be held hostage by problems there. That's my best practice advice (to my clients, at least), and if IPv6 makes that impossible, well, then, things are gonna get messy, until someone figures out a way around it, cause I'm sure I'm not the only person who views it that way... Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Oh please, you know practical, operational, and security concerns mean nothing next to the beauty and purity of the perfect network protocol design. Jamie -----Original Message----- From: Jay Ashworth [mailto:jra@baylink.com] Sent: Tuesday, August 02, 2011 3:56 PM To: NANOG Subject: Re: dynamic or static IPv6 prefixes to residential customers ----- Original Message -----
From: "james machado" <hvgeekwtrvl@gmail.com>
Complain about NAT all you want but NAT + RFC 1918 addressing in IPv4 made things such as these much nicer in a home and business setting.
An argument I've been making right along. Concern about what's happening network-wise outside my edge router belongs to my edge router, *and no other device on my LAN* should be held hostage by problems there. That's my best practice advice (to my clients, at least), and if IPv6 makes that impossible, well, then, things are gonna get messy, until someone figures out a way around it, cause I'm sure I'm not the only person who views it that way... Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
----- Original Message -----
From: "Jamie Bowden" <jamie@photon.com>
Oh please, you know practical, operational, and security concerns mean nothing next to the beauty and purity of the perfect network protocol design.
I was just replying to Dave, who reminded me that IPv6 is not v4 with bigger addresses, that I thought that was the Worst Imaginable Approach. :-) Cheers -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Aug 2, 2011, at 12:51 PM, james machado wrote:
I don't understand why this is a problem if your ISP gives you a static address. There are, of course, other sources of addresses available as well. Nobody has yet presented me a situation where I would prefer to use ULA over GUA.
while link-local is necessary it's also probably not sufficient.
t True.
Owen
Lets look at some issues here.
1) it's unlikely that a "normal" household with 2.5 kids and a dog/cat will be able to qualify for their own end user assignment from ARIN.
Interesting... I have a "normal household". I lack 2.5 kids and have no dog or cat. I have my own ARIN assignment. Are you saying that the 2.5 kids and the dog/cat would disqualify them? I can't find such a statement in ARIN policy. Are you saying that a household that multihomes is abnormal? Perhaps today, but, not necessarily so in the future.
2) if their router goes down they loose network connectivity on the same subnet due to loosing their ISP assigned prefix.
I keep hearing this myth, and I really do not understand where it comes from. If they get a static prefix from their ISP and configure it into their router and/or other equipment, it does not go away when they loose their router. It simply isn't true.
3) If they are getting dynamic IP's from their ISP and it changes they may or may not be able to print, connect to a share, things like that.
Perhaps, but, this is another reason that I think sane customers will start demanding static IPv6 from their providers in relatively short order.
these 3 items make a case for everybody having a ULA. however while many of the technical bent will be able to manage multiple addresses I know how much tech support I'll be providing my parents with either an IP address that goes away/changes or multiple IP addresses. I'll set them up on a ULA so there is consistency.
No, they don't. They make a great case for giving people static GUA.
Complain about NAT all you want but NAT + RFC 1918 addressing in IPv4 made things such as these much nicer in a home and business setting.
No, it really didn't. If IPv4 had contained enough addresses we probably wouldn't have always-on dynamic connections in the first place. Owen
Lets look at some issues here.
1) it's unlikely that a "normal" household with 2.5 kids and a dog/cat will be able to qualify for their own end user assignment from ARIN.
Interesting...
I have a "normal household". I lack 2.5 kids and have no dog or cat.
I have my own ARIN assignment.
Are you saying that the 2.5 kids and the dog/cat would disqualify them? I can't find such a statement in ARIN policy.
Are you saying that a household that multihomes is abnormal? Perhaps today, but, not necessarily so in the future.
Yes I am saying a household that mulithomes is abnormal and with today's and contracted monopolies I expect that to continue. You are not a normal household in that 1) you multihome 2) you are willing to pay $1500+ US a year for your own AS, IP assignments 3) Internet service, much like cell phone service is a commodity product and many people go for the lowest price. They are not looking for the best options.
2) if their router goes down they loose network connectivity on the same subnet due to loosing their ISP assigned prefix.
I keep hearing this myth, and I really do not understand where it comes from. If they get a static prefix from their ISP and configure it into their router and/or other equipment, it does not go away when they loose their router. It simply isn't true.
If they are using RA's to assign their network and the router goes down they can loose the network as well as the router thus going to link-local addresses. This has been discusses ad-nauseum on this list. As I recall you played a big part of that discussion and it was very interesting and informative.
3) If they are getting dynamic IP's from their ISP and it changes they may or may not be able to print, connect to a share, things like that.
Perhaps, but, this is another reason that I think sane customers will start demanding static IPv6 from their providers in relatively short order.
I hope this happens but I'm guessing that with marketing and sales in the mix it will be another up charge to get this "service" and enough people won't pay it that we will be fighting these problems for a long time. Some businesses will pay it and some won't but the home user will probably not.
these 3 items make a case for everybody having a ULA. however while many of the technical bent will be able to manage multiple addresses I know how much tech support I'll be providing my parents with either an IP address that goes away/changes or multiple IP addresses. I'll set them up on a ULA so there is consistency.
No, they don't. They make a great case for giving people static GUA.
These are businesses were talking about. They are not going to "give" anything away.
Complain about NAT all you want but NAT + RFC 1918 addressing in IPv4 made things such as these much nicer in a home and business setting.
No, it really didn't. If IPv4 had contained enough addresses we probably wouldn't have always-on dynamic connections in the first place.
Debatable but not worth an argument. Having said that the ability to 1) not have to renumber internal address space on changing ISPs 2) not having to give a printer (or other device with no security) a public IP address or run multiple addressing schemes and the security implications there of 3) change the internals of my network without worrying about the world are all important and critical issues for me. I realize that these arguments are at layers 8 & 9 of the OSI model (politics and religion) but that does not make them less real nor less important. They are not the same issues that ISP operators may normally have to deal with but they are crucial to business operators. The DSCP/RA arguments are of the same criticality and importance.
Owen
james
On Aug 2, 2011, at 2:42 PM, james machado wrote:
Lets look at some issues here.
1) it's unlikely that a "normal" household with 2.5 kids and a dog/cat will be able to qualify for their own end user assignment from ARIN.
Interesting...
I have a "normal household". I lack 2.5 kids and have no dog or cat.
I have my own ARIN assignment.
Are you saying that the 2.5 kids and the dog/cat would disqualify them? I can't find such a statement in ARIN policy.
Are you saying that a household that multihomes is abnormal? Perhaps today, but, not necessarily so in the future.
Yes I am saying a household that mulithomes is abnormal and with today's and contracted monopolies I expect that to continue. You are not a normal household in that 1) you multihome 2) you are willing to pay $1500+ US a year for your own AS, IP assignments
while I don't disagree with the assertion that this is unrealistic the annual fee is $100 per org-id for direct assignments.
3) Internet service, much like cell phone service is a commodity product and many people go for the lowest price. They are not looking for the best options.
2) if their router goes down they loose network connectivity on the same subnet due to loosing their ISP assigned prefix.
I keep hearing this myth, and I really do not understand where it comes from. If they get a static prefix from their ISP and configure it into their router and/or other equipment, it does not go away when they loose their router. It simply isn't true.
If they are using RA's to assign their network and the router goes down they can loose the network as well as the router thus going to link-local addresses. This has been discusses ad-nauseum on this list. As I recall you played a big part of that discussion and it was very interesting and informative.
3) If they are getting dynamic IP's from their ISP and it changes they may or may not be able to print, connect to a share, things like that.
Perhaps, but, this is another reason that I think sane customers will start demanding static IPv6 from their providers in relatively short order.
I hope this happens but I'm guessing that with marketing and sales in the mix it will be another up charge to get this "service" and enough people won't pay it that we will be fighting these problems for a long time. Some businesses will pay it and some won't but the home user will probably not.
these 3 items make a case for everybody having a ULA. however while many of the technical bent will be able to manage multiple addresses I know how much tech support I'll be providing my parents with either an IP address that goes away/changes or multiple IP addresses. I'll set them up on a ULA so there is consistency.
No, they don't. They make a great case for giving people static GUA.
These are businesses were talking about. They are not going to "give" anything away.
Complain about NAT all you want but NAT + RFC 1918 addressing in IPv4 made things such as these much nicer in a home and business setting.
No, it really didn't. If IPv4 had contained enough addresses we probably wouldn't have always-on dynamic connections in the first place.
Debatable but not worth an argument. Having said that the ability to 1) not have to renumber internal address space on changing ISPs 2) not having to give a printer (or other device with no security) a public IP address or run multiple addressing schemes and the security implications there of 3) change the internals of my network without worrying about the world are all important and critical issues for me.
I realize that these arguments are at layers 8 & 9 of the OSI model (politics and religion) but that does not make them less real nor less important. They are not the same issues that ISP operators may normally have to deal with but they are crucial to business operators. The DSCP/RA arguments are of the same criticality and importance.
Owen
james
On Tue, Aug 2, 2011 at 3:28 PM, Joel Jaeggli <joelja@bogus.com> wrote:
On Aug 2, 2011, at 2:42 PM, james machado wrote:
Lets look at some issues here.
1) it's unlikely that a "normal" household with 2.5 kids and a dog/cat will be able to qualify for their own end user assignment from ARIN.
Interesting...
I have a "normal household". I lack 2.5 kids and have no dog or cat.
I have my own ARIN assignment.
Are you saying that the 2.5 kids and the dog/cat would disqualify them? I can't find such a statement in ARIN policy.
Are you saying that a household that multihomes is abnormal? Perhaps today, but, not necessarily so in the future.
Yes I am saying a household that mulithomes is abnormal and with today's and contracted monopolies I expect that to continue. You are not a normal household in that 1) you multihome 2) you are willing to pay $1500+ US a year for your own AS, IP assignments
while I don't disagree with the assertion that this is unrealistic the annual fee is $100 per org-id for direct assignments.
sorry was unclear - I was guessing $1500+ for ASnumer + IP Assignments but not counting ISP costs for a year. Looks like ARIN is charging about $1250 per year for a new IPv6 assignment and the AS yearly cost is rolled into that. Granted ISP costs will probably be in the ballpark of $150 per month for 2 consumer grade connections and more for business or better connections. James
On Aug 2, 2011, at 3:37 PM, james machado wrote:
Yes I am saying a household that mulithomes is abnormal and with today's and contracted monopolies I expect that to continue. You are not a normal household in that 1) you multihome 2) you are willing to pay $1500+ US a year for your own AS, IP assignments
while I don't disagree with the assertion that this is unrealistic the annual fee is $100 per org-id for direct assignments.
sorry was unclear - I was guessing $1500+ for ASnumer + IP Assignments but not counting ISP costs for a year. Looks like ARIN is charging about $1250 per year for a new IPv6 assignment and the AS yearly cost is rolled into that. Granted ISP costs will probably be in the ballpark of $150 per month for 2 consumer grade connections and more for business or better connections.
multihomed end users (e.g. generally businesses) are not ISPs they pay only once for the assignment, and annually only $100 in total to maintain their orgid. https://www.arin.net/fees/fee_schedule.html
James
On Aug 2, 2011, at 3:37 PM, james machado wrote:
On Tue, Aug 2, 2011 at 3:28 PM, Joel Jaeggli <joelja@bogus.com> wrote:
On Aug 2, 2011, at 2:42 PM, james machado wrote:
Lets look at some issues here.
1) it's unlikely that a "normal" household with 2.5 kids and a dog/cat will be able to qualify for their own end user assignment from ARIN.
Interesting...
I have a "normal household". I lack 2.5 kids and have no dog or cat.
I have my own ARIN assignment.
Are you saying that the 2.5 kids and the dog/cat would disqualify them? I can't find such a statement in ARIN policy.
Are you saying that a household that multihomes is abnormal? Perhaps today, but, not necessarily so in the future.
Yes I am saying a household that mulithomes is abnormal and with today's and contracted monopolies I expect that to continue. You are not a normal household in that 1) you multihome 2) you are willing to pay $1500+ US a year for your own AS, IP assignments
while I don't disagree with the assertion that this is unrealistic the annual fee is $100 per org-id for direct assignments.
sorry was unclear - I was guessing $1500+ for ASnumer + IP Assignments but not counting ISP costs for a year. Looks like ARIN is charging about $1250 per year for a new IPv6 assignment and the AS yearly cost is rolled into that. Granted ISP costs will probably be in the ballpark of $150 per month for 2 consumer grade connections and more for business or better connections.
James
No, you still have it wrong. There is a one-time charge of $500 for your ASN and $1250 for your /48. After that, it is just $100/year, period. The ISP costs do not have to be significantly more than what you already pay for commodity access. My ISP costs total roughly $140/month, but, for that I am subscribing to 50Mbps down and 7Mbps up and usually get about 70Mbps down and close to 10Mbps up as well as a slower DSL circuit for backup. Yes, it's more than $20/month, but, decent business class service from one provider is going to be around $60/month or more. So, if you double that ($120), you're not far off from what I'm paying and for the small incremental cost, I'm getting quite a bit more. Owen
On Aug 2, 2011, at 2:42 PM, james machado wrote:
Lets look at some issues here.
1) it's unlikely that a "normal" household with 2.5 kids and a dog/cat will be able to qualify for their own end user assignment from ARIN.
Interesting...
I have a "normal household". I lack 2.5 kids and have no dog or cat.
I have my own ARIN assignment.
Are you saying that the 2.5 kids and the dog/cat would disqualify them? I can't find such a statement in ARIN policy.
Are you saying that a household that multihomes is abnormal? Perhaps today, but, not necessarily so in the future.
Yes I am saying a household that mulithomes is abnormal and with today's and contracted monopolies I expect that to continue. You are not a normal household in that 1) you multihome 2) you are willing to pay $1500+ US a year for your own AS, IP assignments 3) Internet service, much like cell phone service is a commodity product and many people go for the lowest price. They are not looking for the best options.
1) yes. 2) Uh, no. I pay $100/year to ARIN for all of my IP resources. I really don't know where this $1,500+/year myth keeps coming from. I bet most households pay more than $100/year for their internet access. Heck, if you pay Comcast $5/month for a single static IP, you're paying more than half of what I pay for 1,208,925,819,614,629,174,706,944 addresses and an AS Number. If you pay $9/month for 10 static IPs to Comcast (these are their current rates, btw), you are paying them MORE than I pay ($108 instead of $100) per year. 3) I think people do some of both. I think that if people can get static for the same price, they will choose static over dynamic. I think that some will even choose to use their dynamic to run tunnels where they can get static. You can get free static tunnels for IPv6 today. So, no, the monopoly problem does not prevent what I am doing from being done in most households because: 1. Most monopolies are actually at least duopolies with at least one cable and at least one DSL or PON provider. 2. Contract monopolies are actually reducing rather than growing.
2) if their router goes down they loose network connectivity on the same subnet due to loosing their ISP assigned prefix.
I keep hearing this myth, and I really do not understand where it comes from. If they get a static prefix from their ISP and configure it into their router and/or other equipment, it does not go away when they loose their router. It simply isn't true.
If they are using RA's to assign their network and the router goes down they can loose the network as well as the router thus going to link-local addresses. This has been discusses ad-nauseum on this list. As I recall you played a big part of that discussion and it was very interesting and informative.
1. Why would you use RAs to assign numbers to things you want to work when the router goes down. 2. This presumes they have only one router. There is no reason, given static addressing, that they cannot have a High and a Medium priority router. The High priority router provides connectivity to the ISP and the medium priority router is essentially /dev/null, but, keeps the addresses active. Yes, it has been discussed before, but, it continues to be made clear that people are still applying a mixture of misinformation and IPv4-think to the IPv6 situation, so, I continue to work towards better education.
3) If they are getting dynamic IP's from their ISP and it changes they may or may not be able to print, connect to a share, things like that.
Perhaps, but, this is another reason that I think sane customers will start demanding static IPv6 from their providers in relatively short order.
I hope this happens but I'm guessing that with marketing and sales in the mix it will be another up charge to get this "service" and enough people won't pay it that we will be fighting these problems for a long time. Some businesses will pay it and some won't but the home user will probably not.
Amusingly, I have, so far, refused to pay it to Comcast on my business class service. Every once in a while, they renumber my address and I have to reconfigure my tunnel. (I'm using commodity internet access for layer 2 transport into my home. The BGP is done between my home router and routers in colo facilities via GRE).
these 3 items make a case for everybody having a ULA. however while many of the technical bent will be able to manage multiple addresses I know how much tech support I'll be providing my parents with either an IP address that goes away/changes or multiple IP addresses. I'll set them up on a ULA so there is consistency.
No, they don't. They make a great case for giving people static GUA.
These are businesses were talking about. They are not going to "give" anything away.
Interesting… Hurricane Electric is a business. We give away IPv6 /48s to tunnel broker users. In fact, we give away IPv6 transit services and tunnel access. I see lots of businesses giving things away to try and gain market advantage and customer awareness all the time. Why do you think that a business would not do so, given the overwhelming evidence to the contrary?
Complain about NAT all you want but NAT + RFC 1918 addressing in IPv4 made things such as these much nicer in a home and business setting.
No, it really didn't. If IPv4 had contained enough addresses we probably wouldn't have always-on dynamic connections in the first place.
Debatable but not worth an argument. Having said that the ability to 1) not have to renumber internal address space on changing ISPs 2) not having to give a printer (or other device with no security) a public IP address or run multiple addressing schemes and the security implications there of 3) change the internals of my network without worrying about the world are all important and critical issues for me.
Addressing != security. This issue has definitely been rehashed on here several times and the reality is that you can have just as secure a permit/deny policy with just as much of a default deny with public addresses as you can without them. The difference, of course, is that with public addresses, you have the option of creating permit rules that may not be possible with private addresses depending on your particular implementation (or lack thereof) of address translation. 1. Multihome and get portable GUA, problem solved. If it's actually important to you, this is easy. 2. Since you can give it a public address and still block access between the internet and it if you so choose (I actually find it rather convenient to be able to print at home and the only extra crap that comes out of my printer so far arrives via the telephone line and the G3 protocol, not via IP), public GUA does not change the nature of this issue. 3. I can change the internals of my network without worrying about the world. I'm not sure why you think I can't. Frankly, this claim makes no sense to me whatsoever.
I realize that these arguments are at layers 8 & 9 of the OSI model (politics and religion) but that does not make them less real nor less important. They are not the same issues that ISP operators may normally have to deal with but they are crucial to business operators. The DSCP/RA arguments are of the same criticality and importance.
Agreed. However, misinformation and FUD remains misinformation and FUD regardless of the ISO protocol layer in question. Owen
Nothing I can disagree with in your statements and I am not trying to argumentative, but I know my customer base and I can assure you there is not one one them that could tell you what ARIN Multi-home BGP OSPF RA or a host of other terms in your response are, let alone what they mean, why they would care, what they would do with it, etc. And you obviously live in a metropolitan area because there isn't DSL in most of my service are, nor is there cable, fiber of any kind and sometimes even satellite doesn't work. Very few of my customers could be dual-homed, let alone mutil-homed, if they wanted to. So, in order to keep the discussion general and to cover all the customer types, skill levels, etc., I really think we need to assume your are not a "normal" household that purchase Internet connectivity to play a game and check Facebook. One other comment. Even those of us the run very small businesses give away things for market share, visibility, etc. On 8/2/2011 8:03 PM, Owen DeLong wrote:
On Aug 2, 2011, at 2:42 PM, james machado wrote:
Lets look at some issues here.
1) it's unlikely that a "normal" household with 2.5 kids and a dog/cat will be able to qualify for their own end user assignment from ARIN.
Interesting...
I have a "normal household". I lack 2.5 kids and have no dog or cat.
I have my own ARIN assignment.
Are you saying that the 2.5 kids and the dog/cat would disqualify them? I can't find such a statement in ARIN policy.
Are you saying that a household that multihomes is abnormal? Perhaps today, but, not necessarily so in the future.
Yes I am saying a household that mulithomes is abnormal and with today's and contracted monopolies I expect that to continue. You are not a normal household in that 1) you multihome 2) you are willing to pay $1500+ US a year for your own AS, IP assignments 3) Internet service, much like cell phone service is a commodity product and many people go for the lowest price. They are not looking for the best options.
1) yes. 2) Uh, no. I pay $100/year to ARIN for all of my IP resources. I really don't know where this $1,500+/year myth keeps coming from. I bet most households pay more than $100/year for their internet access. Heck, if you pay Comcast $5/month for a single static IP, you're paying more than half of what I pay for 1,208,925,819,614,629,174,706,944 addresses and an AS Number. If you pay $9/month for 10 static IPs to Comcast (these are their current rates, btw), you are paying them MORE than I pay ($108 instead of $100) per year. 3) I think people do some of both. I think that if people can get static for the same price, they will choose static over dynamic. I think that some will even choose to use their dynamic to run tunnels where they can get static. You can get free static tunnels for IPv6 today.
So, no, the monopoly problem does not prevent what I am doing from being done in most households because:
1. Most monopolies are actually at least duopolies with at least one cable and at least one DSL or PON provider.
2. Contract monopolies are actually reducing rather than growing.
2) if their router goes down they loose network connectivity on the same subnet due to loosing their ISP assigned prefix. I keep hearing this myth, and I really do not understand where it comes from. If they get a static prefix from their ISP and configure it into their router and/or other equipment, it does not go away when they loose their router. It simply isn't true. If they are using RA's to assign their network and the router goes down they can loose the network as well as the router thus going to link-local addresses. This has been discusses ad-nauseum on this list. As I recall you played a big part of that discussion and it was very interesting and informative.
1. Why would you use RAs to assign numbers to things you want to work when the router goes down.
2. This presumes they have only one router. There is no reason, given static addressing, that they cannot have a High and a Medium priority router. The High priority router provides connectivity to the ISP and the medium priority router is essentially /dev/null, but, keeps the addresses active.
Yes, it has been discussed before, but, it continues to be made clear that people are still applying a mixture of misinformation and IPv4-think to the IPv6 situation, so, I continue to work towards better education.
3) If they are getting dynamic IP's from their ISP and it changes they may or may not be able to print, connect to a share, things like that.
Perhaps, but, this is another reason that I think sane customers will start demanding static IPv6 from their providers in relatively short order.
I hope this happens but I'm guessing that with marketing and sales in the mix it will be another up charge to get this "service" and enough people won't pay it that we will be fighting these problems for a long time. Some businesses will pay it and some won't but the home user will probably not.
Amusingly, I have, so far, refused to pay it to Comcast on my business class service. Every once in a while, they renumber my address and I have to reconfigure my tunnel. (I'm using commodity internet access for layer 2 transport into my home. The BGP is done between my home router and routers in colo facilities via GRE).
these 3 items make a case for everybody having a ULA. however while many of the technical bent will be able to manage multiple addresses I know how much tech support I'll be providing my parents with either an IP address that goes away/changes or multiple IP addresses. I'll set them up on a ULA so there is consistency.
No, they don't. They make a great case for giving people static GUA. These are businesses were talking about. They are not going to "give" anything away.
Interesting… Hurricane Electric is a business. We give away IPv6 /48s to tunnel broker users. In fact, we give away IPv6 transit services and tunnel access. I see lots of businesses giving things away to try and gain market advantage and customer awareness all the time. Why do you think that a business would not do so, given the overwhelming evidence to the contrary?
Complain about NAT all you want but NAT + RFC 1918 addressing in IPv4 made things such as these much nicer in a home and business setting.
No, it really didn't. If IPv4 had contained enough addresses we probably wouldn't have always-on dynamic connections in the first place.
Debatable but not worth an argument. Having said that the ability to 1) not have to renumber internal address space on changing ISPs 2) not having to give a printer (or other device with no security) a public IP address or run multiple addressing schemes and the security implications there of 3) change the internals of my network without worrying about the world are all important and critical issues for me.
Addressing != security. This issue has definitely been rehashed on here several times and the reality is that you can have just as secure a permit/deny policy with just as much of a default deny with public addresses as you can without them. The difference, of course, is that with public addresses, you have the option of creating permit rules that may not be possible with private addresses depending on your particular implementation (or lack thereof) of address translation.
1. Multihome and get portable GUA, problem solved. If it's actually important to you, this is easy.
2. Since you can give it a public address and still block access between the internet and it if you so choose (I actually find it rather convenient to be able to print at home and the only extra crap that comes out of my printer so far arrives via the telephone line and the G3 protocol, not via IP), public GUA does not change the nature of this issue.
3. I can change the internals of my network without worrying about the world. I'm not sure why you think I can't. Frankly, this claim makes no sense to me whatsoever.
I realize that these arguments are at layers 8& 9 of the OSI model (politics and religion) but that does not make them less real nor less important. They are not the same issues that ISP operators may normally have to deal with but they are crucial to business operators. The DSCP/RA arguments are of the same criticality and importance. Agreed. However, misinformation and FUD remains misinformation and FUD regardless of the ISO protocol layer in question.
Owen
-- Scott Reed Owner NewWays Networking, LLC Wireless Networking Network Design, Installation and Administration Mikrotik Advanced Certified www.nwwnet.net (765) 855-1060 (765) 439-4253 (855) 231-6239
From your description below, I am pretty sure that one of the following is true: 1. Your service area covers ≤1% of the population of whatever state or province you are in. or 2. Your state or province has a population ≤1% of the US national population. I would argue that I am not an "abnormal" household by any definition other than my internet access and that even by that definition, I am not particularly abnormal where I live. There are many people I know of with much more expensive and elaborate internet connectivity to their houses than what I have within 30 miles of me. While I don't think I represent the typical residential ISP customer, I do think that the typical customer will eventually learn what static addressing is and will want it for a variety of reasons. Owen On Aug 2, 2011, at 5:29 PM, Scott Reed wrote:
Nothing I can disagree with in your statements and I am not trying to argumentative, but I know my customer base and I can assure you there is not one one them that could tell you what ARIN Multi-home BGP OSPF RA or a host of other terms in your response are, let alone what they mean, why they would care, what they would do with it, etc. And you obviously live in a metropolitan area because there isn't DSL in most of my service are, nor is there cable, fiber of any kind and sometimes even satellite doesn't work. Very few of my customers could be dual-homed, let alone mutil-homed, if they wanted to. So, in order to keep the discussion general and to cover all the customer types, skill levels, etc., I really think we need to assume your are not a "normal" household that purchase Internet connectivity to play a game and check Facebook.
One other comment. Even those of us the run very small businesses give away things for market share, visibility, etc.
On 8/2/2011 8:03 PM, Owen DeLong wrote:
On Aug 2, 2011, at 2:42 PM, james machado wrote:
Lets look at some issues here.
1) it's unlikely that a "normal" household with 2.5 kids and a dog/cat will be able to qualify for their own end user assignment from ARIN.
Interesting...
I have a "normal household". I lack 2.5 kids and have no dog or cat.
I have my own ARIN assignment.
Are you saying that the 2.5 kids and the dog/cat would disqualify them? I can't find such a statement in ARIN policy.
Are you saying that a household that multihomes is abnormal? Perhaps today, but, not necessarily so in the future.
Yes I am saying a household that mulithomes is abnormal and with today's and contracted monopolies I expect that to continue. You are not a normal household in that 1) you multihome 2) you are willing to pay $1500+ US a year for your own AS, IP assignments 3) Internet service, much like cell phone service is a commodity product and many people go for the lowest price. They are not looking for the best options.
1) yes. 2) Uh, no. I pay $100/year to ARIN for all of my IP resources. I really don't know where this $1,500+/year myth keeps coming from. I bet most households pay more than $100/year for their internet access. Heck, if you pay Comcast $5/month for a single static IP, you're paying more than half of what I pay for 1,208,925,819,614,629,174,706,944 addresses and an AS Number. If you pay $9/month for 10 static IPs to Comcast (these are their current rates, btw), you are paying them MORE than I pay ($108 instead of $100) per year. 3) I think people do some of both. I think that if people can get static for the same price, they will choose static over dynamic. I think that some will even choose to use their dynamic to run tunnels where they can get static. You can get free static tunnels for IPv6 today.
So, no, the monopoly problem does not prevent what I am doing from being done in most households because:
1. Most monopolies are actually at least duopolies with at least one cable and at least one DSL or PON provider.
2. Contract monopolies are actually reducing rather than growing.
2) if their router goes down they loose network connectivity on the same subnet due to loosing their ISP assigned prefix. I keep hearing this myth, and I really do not understand where it comes from. If they get a static prefix from their ISP and configure it into their router and/or other equipment, it does not go away when they loose their router. It simply isn't true. If they are using RA's to assign their network and the router goes down they can loose the network as well as the router thus going to link-local addresses. This has been discusses ad-nauseum on this list. As I recall you played a big part of that discussion and it was very interesting and informative.
1. Why would you use RAs to assign numbers to things you want to work when the router goes down.
2. This presumes they have only one router. There is no reason, given static addressing, that they cannot have a High and a Medium priority router. The High priority router provides connectivity to the ISP and the medium priority router is essentially /dev/null, but, keeps the addresses active.
Yes, it has been discussed before, but, it continues to be made clear that people are still applying a mixture of misinformation and IPv4-think to the IPv6 situation, so, I continue to work towards better education.
3) If they are getting dynamic IP's from their ISP and it changes they may or may not be able to print, connect to a share, things like that.
Perhaps, but, this is another reason that I think sane customers will start demanding static IPv6 from their providers in relatively short order.
I hope this happens but I'm guessing that with marketing and sales in the mix it will be another up charge to get this "service" and enough people won't pay it that we will be fighting these problems for a long time. Some businesses will pay it and some won't but the home user will probably not.
Amusingly, I have, so far, refused to pay it to Comcast on my business class service. Every once in a while, they renumber my address and I have to reconfigure my tunnel. (I'm using commodity internet access for layer 2 transport into my home. The BGP is done between my home router and routers in colo facilities via GRE).
these 3 items make a case for everybody having a ULA. however while many of the technical bent will be able to manage multiple addresses I know how much tech support I'll be providing my parents with either an IP address that goes away/changes or multiple IP addresses. I'll set them up on a ULA so there is consistency.
No, they don't. They make a great case for giving people static GUA. These are businesses were talking about. They are not going to "give" anything away.
Interesting… Hurricane Electric is a business. We give away IPv6 /48s to tunnel broker users. In fact, we give away IPv6 transit services and tunnel access. I see lots of businesses giving things away to try and gain market advantage and customer awareness all the time. Why do you think that a business would not do so, given the overwhelming evidence to the contrary?
Complain about NAT all you want but NAT + RFC 1918 addressing in IPv4 made things such as these much nicer in a home and business setting.
No, it really didn't. If IPv4 had contained enough addresses we probably wouldn't have always-on dynamic connections in the first place.
Debatable but not worth an argument. Having said that the ability to 1) not have to renumber internal address space on changing ISPs 2) not having to give a printer (or other device with no security) a public IP address or run multiple addressing schemes and the security implications there of 3) change the internals of my network without worrying about the world are all important and critical issues for me.
Addressing != security. This issue has definitely been rehashed on here several times and the reality is that you can have just as secure a permit/deny policy with just as much of a default deny with public addresses as you can without them. The difference, of course, is that with public addresses, you have the option of creating permit rules that may not be possible with private addresses depending on your particular implementation (or lack thereof) of address translation.
1. Multihome and get portable GUA, problem solved. If it's actually important to you, this is easy.
2. Since you can give it a public address and still block access between the internet and it if you so choose (I actually find it rather convenient to be able to print at home and the only extra crap that comes out of my printer so far arrives via the telephone line and the G3 protocol, not via IP), public GUA does not change the nature of this issue.
3. I can change the internals of my network without worrying about the world. I'm not sure why you think I can't. Frankly, this claim makes no sense to me whatsoever.
I realize that these arguments are at layers 8& 9 of the OSI model (politics and religion) but that does not make them less real nor less important. They are not the same issues that ISP operators may normally have to deal with but they are crucial to business operators. The DSCP/RA arguments are of the same criticality and importance. Agreed. However, misinformation and FUD remains misinformation and FUD regardless of the ISO protocol layer in question.
Owen
-- Scott Reed Owner NewWays Networking, LLC Wireless Networking Network Design, Installation and Administration
Mikrotik Advanced Certified
www.nwwnet.net (765) 855-1060 (765) 439-4253 (855) 231-6239
I would argue that I am not an "abnormal" household by any definition other than my internet access and that even by that definition, I am not particularly abnormal where I live.
your based out of san jose, there might not be any other area like that in the U.S. as far as connectivity and concentration of i.t. savy. there might be 10 cities in the U.S. with the same infrastructure and availability as you have accessible. there are not 50. while not abnormal where you live, it is abnormal to the rest of the country.
There are many people I know of with much more expensive and elaborate internet connectivity to their houses than what I have within 30 miles of me.
While I don't think I represent the typical residential ISP customer, I do think that the typical customer will eventually learn what static addressing is and will want it for a variety of reasons.
Owen
scott's user base is more typical than what you can find in your neighborhood. i am sure some of the same users live within 30 miles of you too but you,i, scott, or anybody else on this list can not be considered normal in this respect. james
On Aug 2, 2011, at 6:18 PM, james machado wrote:
I would argue that I am not an "abnormal" household by any definition other than my internet access and that even by that definition, I am not particularly abnormal where I live.
your based out of san jose, there might not be any other area like that in the U.S. as far as connectivity and concentration of i.t. savy. there might be 10 cities in the U.S. with the same infrastructure and availability as you have accessible. there are not 50. while not abnormal where you live, it is abnormal to the rest of the country.
Sir, if that is true, then it is a truly sad state of affairs in the U.S. For the connectivity situation in San Jose for residential is rather poor in most areas with the only options being relatively low bandwidth DSL and CMTS. The CMTS is now halfway decent (less than 2 years ago, it was largely poor as well). There is not a PON system to be had in most of San Jose and the WISP situation is similarly dismal. In my neighborhood, I have about the best connectivity that money can buy short of installing a fiber node and paying for a DS-3 or better at business rates on a monthly basis and waiting for a rather extensive build-out that may involve a multi-million dollar installation charge. That's 50mbps/7mbps on the CMTS (I asked, the higher tier products are not to be had where I live), and the 1.5mbps/384kbps DSL.
There are many people I know of with much more expensive and elaborate internet connectivity to their houses than what I have within 30 miles of me.
While I don't think I represent the typical residential ISP customer, I do think that the typical customer will eventually learn what static addressing is and will want it for a variety of reasons.
Owen
scott's user base is more typical than what you can find in your neighborhood. i am sure some of the same users live within 30 miles of you too but you,i, scott, or anybody else on this list can not be considered normal in this respect.
The majority of the US population has access to at least cable (CMTS) and DSL. Claiming otherwise is, well, specious. Owen
3) I think people do some of both. I think that if people can get static for the same price, they will choose static over dynamic. I think that some will even choose to use their dynamic to run tunnels where they can get static. You can get free static tunnels for IPv6 today.
Experience from IPv4 suggests otherwise. We (as an ISP) normally hand out dynamic IPv4 addresses to residential customers, and static IPv4 addresses to business customers. - We have plenty of business customers who *want* dynamic addresses, even if static is available as a standard part of their product. - There are quite a few ISPs here that offer static IPv4 addresses to residential customers. Those ISPs haven't captured the whole market, strangely enough. So I completely disagree with the claim that (all) people will choose static over dynamic if it is available at the same price. From my POV the market here clearly wants both options - and both are available. Steinar Haug, Nethelp consulting, sthaug@nethelp.no
On Aug 3, 2011, at 12:14 AM, sthaug@nethelp.no wrote:
3) I think people do some of both. I think that if people can get static for the same price, they will choose static over dynamic. I think that some will even choose to use their dynamic to run tunnels where they can get static. You can get free static tunnels for IPv6 today.
Experience from IPv4 suggests otherwise. We (as an ISP) normally hand out dynamic IPv4 addresses to residential customers, and static IPv4 addresses to business customers.
- We have plenty of business customers who *want* dynamic addresses, even if static is available as a standard part of their product.
- There are quite a few ISPs here that offer static IPv4 addresses to residential customers. Those ISPs haven't captured the whole market, strangely enough.
So I completely disagree with the claim that (all) people will choose static over dynamic if it is available at the same price. From my POV the market here clearly wants both options - and both are available.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Europe is a little odd in that way, especially DE and NO in that there seems to be this weird FUD running around claiming that static addresses are in some way more antithetical to privacy. Owen
Experience from IPv4 suggests otherwise. We (as an ISP) normally hand out dynamic IPv4 addresses to residential customers, and static IPv4 addresses to business customers.
- We have plenty of business customers who *want* dynamic addresses, even if static is available as a standard part of their product.
- There are quite a few ISPs here that offer static IPv4 addresses to residential customers. Those ISPs haven't captured the whole market, strangely enough.
So I completely disagree with the claim that (all) people will choose static over dynamic if it is available at the same price. From my POV the market here clearly wants both options - and both are available.
Europe is a little odd in that way, especially DE and NO in that there seems to be this weird FUD running around claiming that static addresses are in some way more antithetical to privacy.
I haven't noticed FUD like that here in Norway. From my POV the reason quite a few customers *want* dynamic has much more to do with ease of use: - Dynamic address: Customer connects PC (defaults to DHCP) or router/ firewall with DHCP for the WAN interface plus NAT for the LAN side. Necessary configuration: Small to none. - Static address: Customer needs to configure PC or router/firewall with static address(es). This is no longer a "small touch/zero touch" configuration. For a customer who doesn't know a lot about computers and networking the difference between these two alternatives can be dramatic... Steinar Haug, Nethelp consulting, sthaug@nethelp.no
On Aug 3, 2011, at 1:04 AM, sthaug@nethelp.no wrote:
Experience from IPv4 suggests otherwise. We (as an ISP) normally hand out dynamic IPv4 addresses to residential customers, and static IPv4 addresses to business customers.
- We have plenty of business customers who *want* dynamic addresses, even if static is available as a standard part of their product.
- There are quite a few ISPs here that offer static IPv4 addresses to residential customers. Those ISPs haven't captured the whole market, strangely enough.
So I completely disagree with the claim that (all) people will choose static over dynamic if it is available at the same price. From my POV the market here clearly wants both options - and both are available.
Europe is a little odd in that way, especially DE and NO in that there seems to be this weird FUD running around claiming that static addresses are in some way more antithetical to privacy.
I haven't noticed FUD like that here in Norway. From my POV the reason quite a few customers *want* dynamic has much more to do with ease of use:
- Dynamic address: Customer connects PC (defaults to DHCP) or router/ firewall with DHCP for the WAN interface plus NAT for the LAN side. Necessary configuration: Small to none.
- Static address: Customer needs to configure PC or router/firewall with static address(es). This is no longer a "small touch/zero touch" configuration.
That's only true if you don't make static DHCP lease available to customers that want static addresses. You are confusing auto configured addresses with dynamic addresses. They are not the same thing.
For a customer who doesn't know a lot about computers and networking the difference between these two alternatives can be dramatic…
I agree that autoconf is desirable. Now, please explain to me why it is desirable for the address to change at random intervals from the customer perspective? (i.e. why would one want dynamic rather than static auto configuration?) Owen
On 8/3/11 4:13 AM, Owen DeLong wrote:
I agree that autoconf is desirable. Now, please explain to me why it is desirable for the address to change at random intervals from the customer perspective? (i.e. why would one want dynamic rather than static auto configuration?)
Because IPv6 was originally designed with the goal of completely transparent renumbering. Indeed, after many WG meetings over many years debating renumbering and all the problems that entailed for IPv4, some of my drafts proposed that IANA would renumber IPv6 for every ISP and IX at regular intervals! Thus, enforcing that all the dynamic configuration protocols actually work. :-) And nobody starts issuing licenses based on IP addresses anymore. :-(
Also good for customer privacy. LE can still subpoena ISP logs, but e-commerce sites can't track users quite as easily. -Bill On Aug 3, 2011, at 9:55, "William Allen Simpson" <william.allen.simpson@gmail.com> wrote:
On 8/3/11 4:13 AM, Owen DeLong wrote:
I agree that autoconf is desirable. Now, please explain to me why it is desirable for the address to change at random intervals from the customer perspective? (i.e. why would one want dynamic rather than static auto configuration?)
Because IPv6 was originally designed with the goal of completely transparent renumbering. Indeed, after many WG meetings over many years debating renumbering and all the problems that entailed for IPv4, some of my drafts proposed that IANA would renumber IPv6 for every ISP and IX at regular intervals!
Thus, enforcing that all the dynamic configuration protocols actually work. :-) And nobody starts issuing licenses based on IP addresses anymore. :-(
On Wed, Aug 03, 2011 at 10:00:37AM -0700, Bill Woodcock wrote:
Also good for customer privacy. LE can still subpoena ISP logs, but e-commerce sites can't track users quite as easily.
So... you're in that alternate universe populated by people who *aren't* constantly logged onto facebook. Good to know. - Matt
On Wed, 3 Aug 2011, sthaug@nethelp.no wrote:
- Dynamic address: Customer connects PC (defaults to DHCP) or router/ firewall with DHCP for the WAN interface plus NAT for the LAN side. Necessary configuration: Small to none.
DHCP doesn't imply dynamic address. It implies customer doesn't have to configure an address him/herself. DHCP can very well always hand out the same address every time. -- Mikael Abrahamsson email: swmike@swm.pp.se
- Dynamic address: Customer connects PC (defaults to DHCP) or router/ firewall with DHCP for the WAN interface plus NAT for the LAN side. Necessary configuration: Small to none.
DHCP doesn't imply dynamic address. It implies customer doesn't have to configure an address him/herself. DHCP can very well always hand out the same address every time.
Absolutely, and in our network it does - in most cases. However, ensuring that DHCP hands out a *real* static address every time, in the face of non SP controlled CPEs, changing MAC addresses etc is non-trivial. Steinar Haug, Nethelp consulting, sthaug@nethelp.no
On Wed, 3 Aug 2011, Owen DeLong wrote:
Europe is a little odd in that way, especially DE and NO in that there seems to be this weird FUD running around claiming that static addresses are in some way more antithetical to privacy.
Yes, I agree. I know people who choose provider based on the availability of static addresses, I know very few who avoid static address ISPs because of this fact. FUD indeed. -- Mikael Abrahamsson email: swmike@swm.pp.se
----- Original Message -----
From: "Mikael Abrahamsson" <swmike@swm.pp.se>
On Wed, 3 Aug 2011, Owen DeLong wrote:
Europe is a little odd in that way, especially DE and NO in that there seems to be this weird FUD running around claiming that static addresses are in some way more antithetical to privacy.
Yes, I agree. I know people who choose provider based on the availability of static addresses, I know very few who avoid static address ISPs because of this fact.
FUD indeed.
You guys aren't *near* paranoid enough. :-) If the ISP a) Assigns dynamic addresses to customers, and b) changes those IPs on a relatively short scale (days) then c) outside parties *who are not the ISP or an LEO* will have a relatively harder time tying together two visits solely by the IP address. While this isn't "privacy", per se, that "making harder" is at least somewhat useful to a client in reducing the odds that such non-ISP/LEO parties will be unable to tie their visits, assuming they've controlled the items they *can* control (cookies, flash cookies, etc). Imperfect security != no security, *as long as you know where the holes are*. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Aug 3, 2011, at 6:55 AM, Jay Ashworth wrote:
----- Original Message -----
From: "Mikael Abrahamsson" <swmike@swm.pp.se>
On Wed, 3 Aug 2011, Owen DeLong wrote:
Europe is a little odd in that way, especially DE and NO in that there seems to be this weird FUD running around claiming that static addresses are in some way more antithetical to privacy.
Yes, I agree. I know people who choose provider based on the availability of static addresses, I know very few who avoid static address ISPs because of this fact.
FUD indeed.
You guys aren't *near* paranoid enough. :-)
If the ISP
a) Assigns dynamic addresses to customers, and b) changes those IPs on a relatively short scale (days)
then
c) outside parties *who are not the ISP or an LEO* will have a relatively harder time tying together two visits solely by the IP address.
ROFL... Yeah, right... Because the MAC suffix won't do anything.
While this isn't "privacy", per se, that "making harder" is at least somewhat useful to a client in reducing the odds that such non-ISP/LEO parties will be unable to tie their visits, assuming they've controlled the items they *can* control (cookies, flash cookies, etc).
Which is something, what, 1% of people probably even know how to do, let alone practice on a regular basis.
Imperfect security != no security, *as long as you know where the holes are*.
If people want this, they can use RFC-4193 to just about the same effect. The ISP modifying the prefix regularly simply doesn't do much. Owen
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
On Aug 3, 2011, at 6:55 AM, Jay Ashworth wrote:
You guys aren't *near* paranoid enough. :-)
If the ISP
a) Assigns dynamic addresses to customers, and b) changes those IPs on a relatively short scale (days)
then
c) outside parties *who are not the ISP or an LEO* will have a relatively harder time tying together two visits solely by the IP address.
ROFL... Yeah, right... Because the MAC suffix won't do anything.
Did I mention I haven't implemented v6 yet? :-) *Really*? It bakes the endpoint MAC into the IP? Well, that's miserably poor architecture design.
While this isn't "privacy", per se, that "making harder" is at least somewhat useful to a client in reducing the odds that such non-ISP/LEO parties will be unable to tie their visits, assuming they've controlled the items they *can* control (cookies, flash cookies, etc).
Which is something, what, 1% of people probably even know how to do, let alone practice on a regular basis.
Yup; let's go out of our way to penalize the smart people; that's a *great* plan; I so enjoy it when people do it -- and they do it *far* too often for my tastes.
Imperfect security != no security, *as long as you know where the holes are*.
If people want this, they can use RFC-4193 to just about the same effect. The ISP modifying the prefix regularly simply doesn't do much.
I'll make a note of it. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Aug 3, 2011, at 10:53 AM, Jay Ashworth wrote:
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
On Aug 3, 2011, at 6:55 AM, Jay Ashworth wrote:
You guys aren't *near* paranoid enough. :-)
If the ISP
a) Assigns dynamic addresses to customers, and b) changes those IPs on a relatively short scale (days)
then
c) outside parties *who are not the ISP or an LEO* will have a relatively harder time tying together two visits solely by the IP address.
ROFL... Yeah, right... Because the MAC suffix won't do anything.
Did I mention I haven't implemented v6 yet? :-)
No, you didn't. Perhaps you should spend some time learning about it before you opine on how it should or should not be implemented. FWIW, I have implemented IPv6 in multiple organizations, including my home where I've been running with it for several years.
*Really*? It bakes the endpoint MAC into the IP? Well, that's miserably poor architecture design.
It can and it is a common default. It is not required. It's actually rather elegant architecture design for the goals it was implemented to accomplish.
While this isn't "privacy", per se, that "making harder" is at least somewhat useful to a client in reducing the odds that such non-ISP/LEO parties will be unable to tie their visits, assuming they've controlled the items they *can* control (cookies, flash cookies, etc).
Which is something, what, 1% of people probably even know how to do, let alone practice on a regular basis.
Yup; let's go out of our way to penalize the smart people; that's a *great* plan; I so enjoy it when people do it -- and they do it *far* too often for my tastes.
No, my point is that if you use RFC-4193, there's not really much benefit from altering the prefix, so, nobody gets penalized and you can still have static addresses. Further, I consider myself relatively smart and by not having static prefixes, you're blocking things I want, so, arguably dynamic prefixes also penalize the smart people.
Imperfect security != no security, *as long as you know where the holes are*.
If people want this, they can use RFC-4193 to just about the same effect. The ISP modifying the prefix regularly simply doesn't do much.
I'll make a note of it.
Let me know if you have further questions. Owen
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
Did I mention I haven't implemented v6 yet? :-)
No, you didn't. Perhaps you should spend some time learning about it before you opine on how it should or should not be implemented.
Perhaps. But that's a SHOULD, not a MUST; it's possible to make useful observations without having every single implementation detail, quite often.
FWIW, I have implemented IPv6 in multiple organizations, including my home where I've been running with it for several years.
You continue to put your home network up as an examplar, Owen, for many things. I don't think it's an exemplar of most of the things you do -- it is *specifically* not a Home Network as that term of art is, I think, currently understood by most people, even though it's a network, in a home.
*Really*? It bakes the endpoint MAC into the IP? Well, that's miserably poor architecture design.
It can and it is a common default. It is not required.
Good to know.
It's actually rather elegant architecture design for the goals it was implemented to accomplish.
I will look up what those are. I'm not wilfully blind, and I don't have opinions that are unchangeable.
Let me know if you have further questions.
I'll do that, thanks. Has ORA done an IPv6 book? My Borders seems to be having a sale... Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Wed, Aug 3, 2011 at 20:38 UTC, Jay Ashworth <jra@baylink.com> wrote:
From: "Owen DeLong" <owen@delong.com>
Did I mention I haven't implemented v6 yet? :-)
No, you didn't. Perhaps you should spend some time learning about it before you opine on how it should or should not be implemented.
Perhaps. But that's a SHOULD, not a MUST; it's possible to make useful observations without having every single implementation detail, quite often.
It's also possible to demonstrate you're talking out your ass with IPv4 assumptions about IPv6 issues in front of a few thousand people who aren't ignorant of IPv6. Cheers, Dave Hart
On Wed, 3 Aug 2011, Owen DeLong wrote: [...]
No, my point is that if you use RFC-4193, there's not really much benefit from altering the prefix, so, nobody gets penalized and you can still have static addresses. [...]
If anyone is aware of any other widely-used applications in home/office computing, or apps or devices in mobile telecoms, that use RFC-4193 *by default* I would be very interested to learn about them for a paper I am working on. -- A. Michael Froomkin, http://www.law.tm Blog: http://www.discourse.net Laurie Silvers & Mitchell Rubenstein Distinguished Professor of Law Editor, Jotwell: The Journal of Things We Like (Lots), jotwell.com U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA +1 (305) 284-4285 | +1 (305) 284-6506 (fax) | froomkin@law.tm -->It's hot here.<--
On Wed, Aug 03, 2011 at 01:14:52PM -0700, Owen DeLong wrote:
*Really*? It bakes the endpoint MAC into the IP? Well, that's miserably poor architecture design.
It can and it is a common default. It is not required.
It's actually rather elegant architecture design for the goals it was implemented to accomplish.
<http://tools.ietf.org/html/draft-iesg-serno-privacy-00> warned against using hardware serial numbers in End-to-End protocols. As Privacy Extensions and DAD actually work great in my environments I will stay with that option. Servers will get static IP addresses. I don't see a need for embedding serial numbers into IP addresses. gruss, Hannes
You wrote: [...]
c) outside parties *who are not the ISP or an LEO* will have a relatively harder time tying together two visits solely by the IP address.
ROFL... Yeah, right... Because the MAC suffix won't do anything.
Did I mention I haven't implemented v6 yet? :-)
*Really*? It bakes the endpoint MAC into the IP? Well, that's miserably poor architecture design.
The vast majority of people use Windows as an OS and Windows defaults to using RFC 4941 privacy extensions. I *think* it changes it address every two hours. Regards, Leo
----- Original Message -----
From: "Leo Vegoda" <leo.vegoda@icann.org>
*Really*? It bakes the endpoint MAC into the IP? Well, that's miserably poor architecture design.
The vast majority of people use Windows as an OS and Windows defaults to using RFC 4941 privacy extensions. I *think* it changes it address every two hours.
Microsoft did something right. ::Jay falls to the floor:: Cheers, -- jr 'ouch' a -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On 03/08/2011, at 11:25 PM, Jay Ashworth wrote:
----- Original Message -----
From: "Mikael Abrahamsson" <swmike@swm.pp.se>
On Wed, 3 Aug 2011, Owen DeLong wrote:
Europe is a little odd in that way, especially DE and NO in that there seems to be this weird FUD running around claiming that static addresses are in some way more antithetical to privacy.
Yes, I agree. I know people who choose provider based on the availability of static addresses, I know very few who avoid static address ISPs because of this fact.
FUD indeed.
You guys aren't *near* paranoid enough. :-)
If the ISP
a) Assigns dynamic addresses to customers, and b) changes those IPs on a relatively short scale (days)
then
c) outside parties *who are not the ISP or an LEO* will have a relatively harder time tying together two visits solely by the IP address.
While this isn't "privacy", per se, that "making harder" is at least somewhat useful to a client in reducing the odds that such non-ISP/LEO parties will be unable to tie their visits, assuming they've controlled the items they *can* control (cookies, flash cookies, etc).
We've gone with static /56 v6 ranges for customers. Why? Customers told us they wanted address stability. Pretty much more than anything else. Admittedly the people who opt'ed into the trial part are not typical customers, but it's something they were all fairly adamant about. We're small globally, but we're the 5th largest broadband provider in Australia and we've actually gone and delivered IPv6 natively to our broadband customer base (as well as corporate and other clients). We also sell only v6 capable ADSL CPE (ie. have actual firmware that works with dual stack broadband. MMC
And just how are you going to make all of us small ISPs, or the big ones for that matter, do that? I don't disagree with you, but I think the conversation needs to continue assuming that is not going to happen. And that may not be what happens within a large organization that uses private connections to consolidate connects to the Internet. On 8/2/2011 1:17 PM, Owen DeLong wrote:
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 60:33:4b:01:75:85 inet6 fe80::6233:4bff:fe01:7585%en1 prefixlen 64 scopeid 0x5 inet 192.168.191.223 netmask 0xffffff00 broadcast 192.168.191.255 inet6 fd92:7065:b8e::6233:4bff:fe01:7585 prefixlen 64 autoconf inet6 2001:470:1f00:820:6233:4bff:fe01:7585 prefixlen 64 autoconf media: autoselect status: active
Note the multiple prefixes. IPv6 is not just IPv4 with bigger addresses. If you want to give your printers, etc. stable IPv6 addesses use ULAs.
Icky.
Better yet, just subscribe to an ISP that will give you a static prefix.
Owen
-- Scott Reed Owner NewWays Networking, LLC Wireless Networking Network Design, Installation and Administration Mikrotik Advanced Certified www.nwwnet.net (765) 855-1060 (765) 439-4253 (855) 231-6239
On Aug 2, 2011, at 12:46 PM, Scott Reed wrote:
And just how are you going to make all of us small ISPs, or the big ones for that matter, do that?
Well, if you want my business, you'll do it. If not, I'll route around you as damage. If enough customers approach the problem this way, it will happen. In addition, I think a large number of providers are already seeing that static is, for the most part, just simpler to manage in IPv6 and considering going that way. The cable MSOs are the obvious exception for semi-obvious reasons specific to their technology.
I don't disagree with you, but I think the conversation needs to continue assuming that is not going to happen.
Why assume the less likely case will come to pass? IMHO, static is more likely than dynamic given the forces at play.
And that may not be what happens within a large organization that uses private connections to consolidate connects to the Internet.
A large organization that does that should get their own PI space and multihome. Why would they do anything else? Owen
On 8/2/2011 1:17 PM, Owen DeLong wrote:
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 60:33:4b:01:75:85 inet6 fe80::6233:4bff:fe01:7585%en1 prefixlen 64 scopeid 0x5 inet 192.168.191.223 netmask 0xffffff00 broadcast 192.168.191.255 inet6 fd92:7065:b8e::6233:4bff:fe01:7585 prefixlen 64 autoconf inet6 2001:470:1f00:820:6233:4bff:fe01:7585 prefixlen 64 autoconf media: autoselect status: active
Note the multiple prefixes. IPv6 is not just IPv4 with bigger addresses. If you want to give your printers, etc. stable IPv6 addesses use ULAs.
Icky.
Better yet, just subscribe to an ISP that will give you a static prefix.
Owen
-- Scott Reed Owner NewWays Networking, LLC Wireless Networking Network Design, Installation and Administration
Mikrotik Advanced Certified
www.nwwnet.net (765) 855-1060 (765) 439-4253 (855) 231-6239
On 8/2/2011 4:05 PM, Owen DeLong wrote:
On Aug 2, 2011, at 12:46 PM, Scott Reed wrote:
And just how are you going to make all of us small ISPs, or the big ones for that matter, do that? Well, if you want my business, you'll do it.
If not, I'll route around you as damage. If enough customers approach the problem this way, it will happen.
No disrespect intended, but I don't think you're representative of the average or even above average ISP customer. For that matter neither are the majority of the participants on this list.
In addition, I think a large number of providers are already seeing that static is, for the most part, just simpler to manage in IPv6 and considering going that way. The cable MSOs are the obvious exception for semi-obvious reasons specific to their technology.
From my observations only the cable MSOs are even somewhat prepared for IPv6 because Cablelabs included it in the DOCSIS 3.0 spec. The DSL and FTTx networks I've seen are much further behind to the point that only some kind of tunneling (mainly RD) makes sense as a transition technology because of the layer 2 challenges.
A large organization that does that should get their own PI space and multihome. Why would they do anything else? Owen
I thought we were talking about residential users specifically here... -- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
On 2011-08-02 11:17, Owen DeLong wrote:
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 60:33:4b:01:75:85 inet6 fe80::6233:4bff:fe01:7585%en1 prefixlen 64 scopeid 0x5 inet 192.168.191.223 netmask 0xffffff00 broadcast 192.168.191.255 inet6 fd92:7065:b8e::6233:4bff:fe01:7585 prefixlen 64 autoconf inet6 2001:470:1f00:820:6233:4bff:fe01:7585 prefixlen 64 autoconf media: autoselect status: active
Note the multiple prefixes. IPv6 is not just IPv4 with bigger addresses. If you want to give your printers, etc. stable IPv6 addesses use ULAs.
Icky.
Better yet, just subscribe to an ISP that will give you a static prefix.
Well, judging by his prefixes, he does. Also:
Are you saying that a household that multihomes is abnormal? Perhaps today, but, not necessarily so in the future.
I technically multi-homed back in 2001-2004. I didn't have BGP or anything; my DSL provider offered it to me half-jokingly once, but since the other side (Time Warner Cable) wouldn't to it, I didn't take them up on it. Alas, I will maintain that any household that multi-homes at this stage is, indeed, abnormal. Jima
Or, alternately, don't care what your printer's ridiculously long IPv6 IP is at this moment, (ULA/GUA/assigned: it really doesn't matter) and use mdns like normal people. Otherwise we're ignoring the forest for the trees, I don't expect to try to explain to my grandma how to type in 2001:45ea:344b:dead:beef::27 and/or remember it, when "printer1" will do. This just makes me think of this: http://bash.org/?14258 If we need a way to mdns to work across subnet boundries in a single administrative domain, so be it. If we need a better mdns, lets make that too, but we *really* need to get away from direct IPs in general. -Blake
On Aug 2, 2011, at 9:33 PM, Blake Dunlap wrote:
Or, alternately, don't care what your printer's ridiculously long IPv6 IP is at this moment, (ULA/GUA/assigned: it really doesn't matter) and use mdns like normal people. Otherwise we're ignoring the forest for the trees, I don't expect to try to explain to my grandma how to type in 2001:45ea:344b:dead:beef::27 and/or remember it, when "printer1" will do.
This just makes me think of this: http://bash.org/?14258
If we need a way to mdns to work across subnet boundries in a single administrative domain, so be it. If we need a better mdns, lets make that too, but we *really* need to get away from direct IPs in general.
-Blake
In IPv6, that should be a relatively simple matter of changing the MDNS address from starting with ff01 to ff02 or ff04. Owen
In message <CAJvB4tnPS4CsJSf37sc4a4mqOx0UuWKvPNiEcoFqaLXOwk+VmA@mail.gmail.com> , Blake Dunlap writes:
Or, alternately, don't care what your printer's ridiculously long IPv6 IP is at this moment, (ULA/GUA/assigned: it really doesn't matter) and use mdns like normal people. Otherwise we're ignoring the forest for the trees, I don't expect to try to explain to my grandma how to type in 2001:45ea:344b:dead:beef::27 and/or remember it, when "printer1" will do.
This just makes me think of this: http://bash.org/?14258
If we need a way to mdns to work across subnet boundries in a single administrative domain, so be it. If we need a better mdns, lets make that too, but we *really* need to get away from direct IPs in general.
You are totally missing the point which is that the printer has a *routable* address when the home, with possibly multiple subnets, is disconnected or has never connected to the global network. link-locals are insufficient for a routed home. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Aug 2, 2011, at 9:52 PM, Mark Andrews wrote:
In message <CAJvB4tnPS4CsJSf37sc4a4mqOx0UuWKvPNiEcoFqaLXOwk+VmA@mail.gmail.com> , Blake Dunlap writes:
Or, alternately, don't care what your printer's ridiculously long IPv6 IP is at this moment, (ULA/GUA/assigned: it really doesn't matter) and use mdns like normal people. Otherwise we're ignoring the forest for the trees, I don't expect to try to explain to my grandma how to type in 2001:45ea:344b:dead:beef::27 and/or remember it, when "printer1" will do.
This just makes me think of this: http://bash.org/?14258
If we need a way to mdns to work across subnet boundries in a single administrative domain, so be it. If we need a better mdns, lets make that too, but we *really* need to get away from direct IPs in general.
You are totally missing the point which is that the printer has a *routable* address when the home, with possibly multiple subnets, is disconnected or has never connected to the global network.
link-locals are insufficient for a routed home.
I get that and I have that with GUA without resorting to ULA. Owen
In message <4E38C59D.8000201@jima.tk>, Jima writes:
On 2011-08-02 11:17, Owen DeLong wrote:
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 60:33:4b:01:75:85 inet6 fe80::6233:4bff:fe01:7585%en1 prefixlen 64 scopeid 0x5 inet 192.168.191.223 netmask 0xffffff00 broadcast 192.168.191.255 inet6 fd92:7065:b8e::6233:4bff:fe01:7585 prefixlen 64 autoconf inet6 2001:470:1f00:820:6233:4bff:fe01:7585 prefixlen 64 autoconf media: autoselect status: active
Note the multiple prefixes. IPv6 is not just IPv4 with bigger addresses. If you want to give your printers, etc. stable IPv6 addesses use ULAs.
Icky.
Better yet, just subscribe to an ISP that will give you a static prefix.
Well, judging by his prefixes, he does.
Indeed it is static but that doesn't change the argument that having a ULA works. The address selection algorithms choose the right source address for the correct destination address. The RA's for 2001:470:1f00:820::/64 could be withdrawn and the network would continue to work. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On 03/08/2011, at 1:20 PM, Jima wrote:
Alas, I will maintain that any household that multi-homes at this stage is, indeed, abnormal.
I'll go out on a limb and suggest that most people loathe their telcos with an undying venomous passion, and can think of nothing worse than dealing with any more of them than they do now. Widespread multihoming might be technically pure, but I reckon most customers would rather eat their firstborns than take up the option. - mark -- Mark Newton Email: newton@internode.com.au (W) Network Engineer Email: newton@atdot.dotat.org (H) Internode Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
On Aug 2, 2011, at 9:56 PM, Mark Newton wrote:
On 03/08/2011, at 1:20 PM, Jima wrote:
Alas, I will maintain that any household that multi-homes at this stage is, indeed, abnormal.
I'll go out on a limb and suggest that most people loathe their telcos with an undying venomous passion, and can think of nothing worse than dealing with any more of them than they do now.
Widespread multihoming might be technically pure, but I reckon most customers would rather eat their firstborns than take up the option.
There are likely a few orders of magnitude more people who have more than one internet service available at the same time at home then there are people with two bgp speaking peers. there are 38453 ASes that appear in the DFZ this week and I don't see that number growing to 1 billion anytime soon.
- mark
-- Mark Newton Email: newton@internode.com.au (W) Network Engineer Email: newton@atdot.dotat.org (H) Internode Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
On Tue, 02 Aug 2011 22:37:55 PDT, Joel Jaeggli said:
there are 38453 ASes that appear in the DFZ this week and I don't see that number growing to 1 billion anytime soon.
Exactly. Right now, how many routes flap if Comcast drops a state's worth of cable customers for a moment? What does *your* router do when that happens? Does it even notice or care? And what will your router do with the tsunami of link updates if all those customers were multihomed? Yeah, there's that whole routing table explosion problem when everybody and their pet llama multihomes. And till you address that little problem, 99.44% of people's multihoming will be "Darn, Comcast died again, let me turn on the AT&T wifi card and try that instead".
You wrote:
One point I often miss in the endless discussions wrt dynamic/static IPv6 with references to the dynamic IPv4 world, is the lack of RFC1918 addressing for IPv6. The fact is that all residential users are used to, and depend on, static IPv4 addressing within their own network. They assign e.g. 192.168.5.5 to their printer and 192.168.5.6 to their NAS, and trust that those addresses are static.
They can do this with a ULA prefix if they want (RFC 4193). It is both private and most likely (really, very, very likely) unique. This assumes they only want their printer or NAS to be accessible on their own local network. Regards, Leo
that those addresses are static.
They can do this with a ULA prefix if they want (RFC 4193). It is both private and most likely (really, very, very likely) unique. This assumes they only want their printer or NAS to be accessible on their own local network.
Regards,
Leo
That is the case in the vast majority of situations. Many users want to be able to access their home network resources remotely on occasion but they don't want everyone else to be able to and printers and other appliances have little if any security built into them. The paradigm of internal versus external networking is going to be very hard to educate past given that most users are comfortable with how it works today. -- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
participants (35)
-
Bill Woodcock
-
Bjørn Mork
-
Blake Dunlap
-
Cameron Byrne
-
Daniel Roesen
-
Dave Hart
-
Hannes Frederic Sowa
-
james machado
-
Jamie Bowden
-
Jason Baugher
-
Jay Ashworth
-
Jeroen Massar
-
Jima
-
Joel Jaeggli
-
JORDI PALET MARTINEZ
-
Karl Auer
-
Leo Bicknell
-
Leo Vegoda
-
Majdi S. Abbas
-
Mark Andrews
-
Mark Newton
-
Matt Addison
-
Matthew Kaufman
-
Matthew Moyle-Croft
-
Matthew Palmer
-
Michael Froomkin - U.Miami School of Law
-
Mikael Abrahamsson
-
Owen DeLong
-
Sascha Lenz
-
Scott Helms
-
Scott Reed
-
Seth Mattinen
-
sthaug@nethelp.no
-
Valdis.Kletnieks@vt.edu
-
William Allen Simpson