Shane Kerr wrote: [..]
The basic motivation for local IPv6 *seems* to be RFC 1918 space (10.0.0.0/8 and the like) for IPv6. That makes a certain amount of sense. RFC 4193 space basically works like that today, right?
Yes.
The motivation for a version with a central registry however is not so obvious to me. The only justification I can think of is that you can be sure not to pick the same /48 as someone else has picked. But the chances of that are *billions* (that's "thousands of millions" to British folk) to one!
Correct, though this is for bean counters of course who don't want to take that chance.
If you consider a 1:10000000000 odds too great for you, then there are a couple other options:
- get a /48 from someone with an RIR allocated block
This is IMHO the best option for those beancounters. If they really are so desperate to get a block, get one from the RIR. Especially as most likely one will be connecting to the Internet one day or another anyway and then suddenly you either need to renumber from your private block or pay enough cash to get it routed anyway. IMHO, Central ULA has no place, folks requiring that strict kind of allocation should simply get a publicly registered block. There is a side reason for me to say so, and that is simply because folks will want these blocks and start doing NAT for IPv6, just because they 'like it so much' and 'are used to it'. Discouraging that as much as possible is a good idea to keep the Internet end-to-end.
- take an IPv4 address that you have been assigned and convert it to a 2002::/48 block
Very sane one, but it might cause issues when you are going to try and route it to the $world as you will be forcing yourself to use other folks 6to4 relays, as such this is not an option. Remember you should not announce prefixes smaller than 2002::/16 into BGP. [..]
I don't have any answers about DNS, because frankly I think reverse DNS is stupid, and IPv6 reverse doubly so. Hey, I'm prejudiced, I know. :)
It's very handy in a lot more cases than you think ;) In combo with DNSSEC, or the believe that the DNS is giving you the right answer it can be used for access control based on DNS-labels/domains instead of IP numbers. It is great for logfiles (if you trust dns) and makes traceroutes much more visible. There are a load of other options that a lot of people do like and thus require it for. BUT as these would be LOCAL networks, the folks running these LOCAL and non-internet connected networks can easily set up their internal internet-disconnected DNS server to do the reserve resolving. Just like is currently already happening for RFC1918. This also means that it might be good if AS112 folks start adding these prefixes to their nameservers so that they can catch those prefixes. (or is it already being done? :) Greets, Jeroen