Re: [GLOBAL-V6] IPV4 to IPv6 migration

To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: [GLOBAL-V6] IPV4 to IPv6 migration
From: bill fumerola <billf@opendns.com>
Date: Tue, 3 Jun 2008 19:08:29 +0000
Cc: sapumal jayatissa <sjayatissa@hotmail.com>, global-v6@lists.apnic.net
Delivered-to: global-v6@clove.apnic.net
In-reply-to: <4844BB30.1070503@gmail.com>
List-archive: <http://mailman.apnic.net/mailing-lists/global-v6>
List-help: <mailto:global-v6-request@lists.apnic.net?subject=help>
List-id: Discussion of new global IPv6 policy development <global-v6.lists.apnic.net>
List-post: <mailto:global-v6@lists.apnic.net>
List-subscribe: <http://mailman.apnic.net/mailman/listinfo/global-v6>, <mailto:global-v6-request@lists.apnic.net?subject=subscribe>
List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/global-v6>, <mailto:global-v6-request@lists.apnic.net?subject=unsubscribe>
References: <C4694F4D.4A86%david.conrad@icann.org> <48446724.1090908@gmail.com> <0A120AB3-94C6-4950-9F42-CF97CB121979@virtualized.org> <4844BB30.1070503@gmail.com>
User-agent: Mutt/1.5.9i

On Tue, 03 Jun 2008, Brian E Carpenter wrote:
> I'm toying with the idea of positively advocating a ULA
> prefix as the *preferred* prefix for all internal purposes
> (especially network management). Then, adding and removing
> PA prefixes would not impact internal operations (especially
> network management) in any way.

[ speaking as an end-site administrator - not a NSP/backbone type. ]

i've used this model twice, both with small networks (5-10 locations,
some with direct connectivity, some with tunnels). as long as you get
the address selection logic right, it has all the benefits of RFC1918 w/o
the collision drawbacks. i used PI space both times - but that represents
the current reality of IPv6 routing, not any hard rule.

one ULA /48 for infrastructure, a /48 per-site/per-provider, and a PI
allocation large enough to cover the entire network (internally allocating
/48s and /56s to sites, depending on inter-site connectivity) would be
my ideal layout. it allows for me to push more policy decisions down
to the host level ("bottom barrel transit? source w/ this address.",
"top-tier transit? source w/ this address.", and similar. these tricks
can be done w/ filter based forwarding - at a cost to infrastructure.

there are a few things that would force me to break away from ULA
addressing on infrastructure. if enough operators repeat the same mistakes
often made in deploying IPv4 - blocking all RFC1918 (even important ICMPs)
and/or all ICMP - translated to blocking all ULA and/or all ICMPv6. maybe
as a community can get this one right this time, but probably not.

-- bill

References:
- Re: [GLOBAL-V6] IPV4 to IPv6 migration
  - From: David Conrad <david.conrad@icann.org>
- Re: [GLOBAL-V6] IPV4 to IPv6 migration
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: [GLOBAL-V6] IPV4 to IPv6 migration
  - From: David Conrad <drc@virtualized.org>
- Re: [GLOBAL-V6] IPV4 to IPv6 migration
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>

Prev by Date: Re: [GLOBAL-V6] IPV4 to IPv6 migration
Next by Date: Re: [GLOBAL-V6] IPV4 to IPv6 migration
Previous by thread: Re: [GLOBAL-V6] IPV4 to IPv6 migration
Next by thread: Re: [GLOBAL-V6] IPV4 to IPv6 migration
Index(es):
- Date
- Thread