Tore Anderson wrote:
Being a data centre operator and LIR, I believe I cannot currently make an IPv6 PA assignment to a customer of mine who wants to run a cloud service where their customers can rent virtual servers in turn. (A customer of theirs may in turn run some sort of web hotel for another set of customers on those VMs, and so on and so on.)
This is a typical situation the policies do not address well. Optional example: I have one IPv6 PI and I would love to become a RIPE member which I can not afford since I run a non-profit network targeted at network beginners. The policies gave me more than one headache and are the reason why I joined this wg in the first place. AFAIK the only way to go is by deciding which policy violation is less harmful. And that is bad. If an e.g. /56 would be treated like a single IPv4 address is today the solution would be "the loophole" (see quote above). As soon as I give /64 to a single VM to isolate it from other VMs and I am not the "owner" of the VM I will get into policy trouble because I just sub-allocated a portion of my PI space. Since I regularly deal with networking beginners and their VMs it would be fine to isolate them a bit more. Instead it looks like this: Multiple VMs share a link and a VM's interface gets as many addresses from that subnet as required, not more and not less, still seeing other VMs in the neighbor cache. On Tue, Oct 29, 2013 at 4:23 PM, Daniel Stolpe <stolpe@resilans.se> wrote:
On Sun, 27 Oct 2013, Roger Jørgensen wrote:
Erik Bais's mail touch what is probably the only real difference between PI and PA, and our core problem:
From Erik Bais's post on this thread:
"Having garage-style 'hosters' do assignments, just because they can while using PI IPv6 space, is against the policy, however removing that distinction between PI and PA for v6 and allowing sub-assignments from PI space will basically open the door in the near future for cheap resources, without being an LIR. That will have an impact on the number of members the NCC will have once we are beyond the v4 era ... And less members will result in a high fee per member."
Isn't this really about what is the difference between being a member and not? It would be nice to get ride of the PI and PA, and at the same time keeping the difference between member (LIR) and none member (no-LIR).
Well, there has to be some benefits for the members, hasn't it? At the same time, what says RIPE has to have 10.000 members? Or 130 employees? And the current policy looks very much like a membership boosting construction: just sign up, pay the bill and get a /29 (compaired to ask a member to apply for a /48 with very restricted use and make life really hard if you ever want anything more).
What makes us think that PA holders/members are always responsible while PI holders/non-members are completely not trustworthy?
I would prefer policies to apply for addresses (let's say, thou shalt not assign less than a /xx to an yy) rather than the role play of today.
Best Regards,
Daniel Stolpe
_________________________________________________________________________________ Daniel Stolpe Tel: 08 - 688 11 81 stolpe@resilans.se Resilans AB Fax: 08 - 55 00 21 63 http://www.resilans.se/ Box 13 054 556741-1193 103 02 Stockholm
-- Dan Luedtke http://www.danrl.de