Tony, Excellent response and educational for sure. It is my belief that the corporate business model today for operating networks may be broken and I think you supported that below? If not my apologies for bad parsing? Their models were fine for an IPv4 world where NAT was required and some even confuse NAT with securing ones network (and some programs in the U.S. Government) and that is simply bad policy and view. In the interim can this be resolved by RIRs creating some kind of additional wording that address reclaim will be done in manner that is negotiable, and do no harm to corporate or government business operations? This would buy us time to work on the issue and stop the FUD around this topic? Also I am willing to sponsor a world wide IPv6 Forum BOF on PI and addressing you can lead as ajunct to one of our regular meetings you can lead for an entire day and we get the right players in the room. So think about that as another option too. But do enjoy the beach this thread does not have to be resolved this week :--) Really want to hear from all of you and discussion Terry D., Latif, Yanick, Dave G. Mike B. etc. Thanks /jim
-----Original Message----- From: Tony Hain [mailto:alh-ietf@tndh.net] Sent: Friday, April 07, 2006 7:57 PM To: 'PPML'; address-policy-wg@ripe.net Cc: 'Richard Jimmerson'; Bound, Jim; 'Latif Ladid ("The New Internet based on IPv6")'; 'Davis, Terry L'; ollivier.robert@eurocontrol.fr; narten@us.ibm.com; 'Brig, Michael P CIV DISA GES-E'; Pouffary, Yanick; 'Green, David B RDECOM CERDEC STCD SRI' Subject: RE: Question
A public answer to a private question as I have been sitting on a beach for awhile without the laptop and missed some related conversations ... :)
Is the outcome really open for discussion on the PI issue? It doesn't sound like it is.
In the minds of some the route scaling issue outweighs any argument for PI. When taken to its extreme, there is a valid point that a broken routing system serves no one. At the same time the dogmatic stance by the ISPs enforcing lock-in is just as broken both for large organizations with financial or legal requirements for operational stability, and the individual consumer/small business with limited budgets looking for true competition. The hard part is finding the middle ground in a way that limits the exposure to a potential routing collapse.
I personally refuse to declare some needs legitimate and others not, as the only point of such differentiation is to establish a power broker. When all uses are legitimate, the problem boils down to the technical approach that can be scaled as necessary to contain growth in the routing system. This is the logic that leads me to the bit-interleaved geo that can be aggregated in varying size pockets as necessary using existing BGP deployments. We can start flat and implement aggregation over time when a region becomes too large to handle. One nice side effect of this geo approach is that it mitigates the continuing political demands for sovereign rights to IPv6 space.
Any aggregation approach will force the business models to change from current practice. That is not as bad a thing as the alarmists will make it out to be, because their accountants are claiming the current model is a broken money looser as it is (which if so means they will eventually change anyway). The primary difference is that there will need to be aggregation intermediaries between the last-mile and transit providers. The current model eliminates these middle-men by trading off their routing mitigation service against a larger routing table (actually they already exist in the right places but are currently limited to layer2 media aggregators). The anti-PI bunch is trying to use social engineering to directly counter the bottom line business reality that the customer will always win in the end. Rather than accept this situation and constructively work on the necessary business model and technology developments, they effectively stall progress by staunchly claiming there is no acceptable technical approach that works within the current business structure.
Making the RIRs be the police deciding who qualifies for PI and who does not just adds to their workload and raises costs. The beneficiaries of this gatekeeper approach are the ISPs that claim they need full routing knowledge everywhere, while the cost burden for supporting the waste-of-time qualification/evaluation work is borne by the applicant. Given that the most vocal and organized membership in the RIR community are the ISPs it is easy to understand why it would seem like the PI issue is already decided as closed. I tend to believe it will just drag out until enough of the corporate world becomes aware of the IPv4 exhaustion in light of their growth needs that they collectively appear at their RIR and demand an immediate solution. Unfortunately this 'wait till the last minute' tactic will likely result in a reactionary quickie with its own set of long term side effects.
A while back I tried to hold a BOF on geo PI in the IETF, but was told that shim6 was the anointed solution. Now that at least nanog has told the IAB where to put shim6 it might be possible to get the current IESG to reconsider. In any case the result would be a technical approach that would still require RIRs to establish policies around. As long as they are dominated by the ISPs it will be difficult to get real PI.
Tony
The technical community should fix this one before the ITU sees this as another chance to have a political say on the IPv6 addressing. These things leak fast. My advice is that ARIN should seriously own this issue before the ITU turns it to a sovereignty issue, which they could for sure win this time. I know one of their noodles is sizzling at it. Cheers Latif -----Original Message----- From: Bound, Jim [mailto:Jim.Bound@hp.com] Sent: 08 April 2006 14:52 To: Tony Hain; PPML; address-policy-wg@ripe.net Cc: Richard Jimmerson; Latif Ladid ("The New Internet based on IPv6"); Davis, Terry L; ollivier.robert@eurocontrol.fr; narten@us.ibm.com; Brig, Michael P CIV DISA GES-E; Pouffary, Yanick; Green, David B RDECOM CERDEC STCD SRI; Bound, Jim Subject: RE: Question Tony, Excellent response and educational for sure. It is my belief that the corporate business model today for operating networks may be broken and I think you supported that below? If not my apologies for bad parsing? Their models were fine for an IPv4 world where NAT was required and some even confuse NAT with securing ones network (and some programs in the U.S. Government) and that is simply bad policy and view. In the interim can this be resolved by RIRs creating some kind of additional wording that address reclaim will be done in manner that is negotiable, and do no harm to corporate or government business operations? This would buy us time to work on the issue and stop the FUD around this topic? Also I am willing to sponsor a world wide IPv6 Forum BOF on PI and addressing you can lead as ajunct to one of our regular meetings you can lead for an entire day and we get the right players in the room. So think about that as another option too. But do enjoy the beach this thread does not have to be resolved this week :--) Really want to hear from all of you and discussion Terry D., Latif, Yanick, Dave G. Mike B. etc. Thanks /jim
-----Original Message----- From: Tony Hain [mailto:alh-ietf@tndh.net] Sent: Friday, April 07, 2006 7:57 PM To: 'PPML'; address-policy-wg@ripe.net Cc: 'Richard Jimmerson'; Bound, Jim; 'Latif Ladid ("The New Internet based on IPv6")'; 'Davis, Terry L'; ollivier.robert@eurocontrol.fr; narten@us.ibm.com; 'Brig, Michael P CIV DISA GES-E'; Pouffary, Yanick; 'Green, David B RDECOM CERDEC STCD SRI' Subject: RE: Question
A public answer to a private question as I have been sitting on a beach for awhile without the laptop and missed some related conversations ... :)
Is the outcome really open for discussion on the PI issue? It doesn't sound like it is.
In the minds of some the route scaling issue outweighs any argument for PI. When taken to its extreme, there is a valid point that a broken routing system serves no one. At the same time the dogmatic stance by the ISPs enforcing lock-in is just as broken both for large organizations with financial or legal requirements for operational stability, and the individual consumer/small business with limited budgets looking for true competition. The hard part is finding the middle ground in a way that limits the exposure to a potential routing collapse.
I personally refuse to declare some needs legitimate and others not, as the only point of such differentiation is to establish a power broker. When all uses are legitimate, the problem boils down to the technical approach that can be scaled as necessary to contain growth in the routing system. This is the logic that leads me to the bit-interleaved geo that can be aggregated in varying size pockets as necessary using existing BGP deployments. We can start flat and implement aggregation over time when a region becomes too large to handle. One nice side effect of this geo approach is that it mitigates the continuing political demands for sovereign rights to IPv6 space.
Any aggregation approach will force the business models to change from current practice. That is not as bad a thing as the alarmists will make it out to be, because their accountants are claiming the current model is a broken money looser as it is (which if so means they will eventually change anyway). The primary difference is that there will need to be aggregation intermediaries between the last-mile and transit providers. The current model eliminates these middle-men by trading off their routing mitigation service against a larger routing table (actually they already exist in the right places but are currently limited to layer2 media aggregators). The anti-PI bunch is trying to use social engineering to directly counter the bottom line business reality that the customer will always win in the end. Rather than accept this situation and constructively work on the necessary business model and technology developments, they effectively stall progress by staunchly claiming there is no acceptable technical approach that works within the current business structure.
Making the RIRs be the police deciding who qualifies for PI and who does not just adds to their workload and raises costs. The beneficiaries of this gatekeeper approach are the ISPs that claim they need full routing knowledge everywhere, while the cost burden for supporting the waste-of-time qualification/evaluation work is borne by the applicant. Given that the most vocal and organized membership in the RIR community are the ISPs it is easy to understand why it would seem like the PI issue is already decided as closed. I tend to believe it will just drag out until enough of the corporate world becomes aware of the IPv4 exhaustion in light of their growth needs that they collectively appear at their RIR and demand an immediate solution. Unfortunately this 'wait till the last minute' tactic will likely result in a reactionary quickie with its own set of long term side effects.
A while back I tried to hold a BOF on geo PI in the IETF, but was told that shim6 was the anointed solution. Now that at least nanog has told the IAB where to put shim6 it might be possible to get the current IESG to reconsider. In any case the result would be a technical approach that would still require RIRs to establish policies around. As long as they are dominated by the ISPs it will be difficult to get real PI.
Tony
-----Original Message----- From: Latif Ladid ("The New Internet based on IPv6") [mailto:latif.ladid@village.uunet.lu] Sent: Saturday, April 08, 2006 6:53 AM To: 'Bound, Jim'; 'Tony Hain'; 'PPML'; address-policy-wg@ripe.net Cc: 'Richard Jimmerson'; Davis, Terry L;
narten@us.ibm.com; 'Brig, Michael P CIV DISA GES-E'; 'Pouffary, Yanick'; 'Green, David B RDECOM CERDEC STCD SRI' Subject: RE: Question
The technical community should fix this one before the ITU sees this as another chance to have a political say on the IPv6 addressing. These things leak fast. My advice is that ARIN should seriously own this issue before the ITU turns it to a sovereignty issue, which they could for sure win
time. I know one of their noodles is sizzling at it.
Cheers Latif
-----Original Message----- From: Bound, Jim [mailto:Jim.Bound@hp.com] Sent: 08 April 2006 14:52 To: Tony Hain; PPML; address-policy-wg@ripe.net Cc: Richard Jimmerson; Latif Ladid ("The New Internet based on IPv6"); Davis, Terry L; ollivier.robert@eurocontrol.fr; narten@us.ibm.com; Brig, Michael P CIV DISA GES-E; Pouffary, Yanick; Green, David B RDECOM CERDEC STCD SRI; Bound, Jim Subject: RE: Question
Tony,
Excellent response and educational for sure. It is my belief that the corporate business model today for operating networks may be broken and I think you supported that below? If not my apologies for bad parsing?
Their models were fine for an IPv4 world where NAT was required and some even confuse NAT with securing ones network (and some programs in the U.S. Government) and that is simply bad policy and view.
In the interim can this be resolved by RIRs creating some kind of additional wording that address reclaim will be done in manner that is negotiable, and do no harm to corporate or government business operations? This would buy us time to work on the issue and stop the FUD around this topic?
Also I am willing to sponsor a world wide IPv6 Forum BOF on PI and addressing you can lead as ajunct to one of our regular meetings you can lead for an entire day and we get the right players in the room. So
about that as another option too.
But do enjoy the beach this thread does not have to be resolved this week :--)
Really want to hear from all of you and discussion Terry D., Latif, Yanick, Dave G. Mike B. etc.
Thanks /jim
-----Original Message----- From: Tony Hain [mailto:alh-ietf@tndh.net] Sent: Friday, April 07, 2006 7:57 PM To: 'PPML'; address-policy-wg@ripe.net Cc: 'Richard Jimmerson'; Bound, Jim; 'Latif Ladid ("The New Internet based on IPv6")'; 'Davis, Terry L'; ollivier.robert@eurocontrol.fr; narten@us.ibm.com; 'Brig, Michael P CIV DISA GES-E'; Pouffary, Yanick; 'Green, David B RDECOM CERDEC STCD SRI' Subject: RE: Question
A public answer to a private question as I have been sitting on a beach for awhile without the laptop and missed some related conversations ... :)
Is the outcome really open for discussion on the PI issue? It doesn't sound like it is.
In the minds of some the route scaling issue outweighs any argument for PI. When taken to its extreme, there is a valid point that a broken routing system serves no one. At the same time the dogmatic stance by the ISPs enforcing lock-in is just as broken both for large organizations with financial or legal requirements for operational stability, and the individual consumer/small business with limited budgets looking for true competition. The hard part is finding the middle ground in a way that limits the exposure to a potential routing collapse.
I personally refuse to declare some needs legitimate and others not, as the only point of such differentiation is to establish a power broker. When all uses are legitimate, the problem boils down to the technical approach that can be scaled as necessary to contain growth in the routing system. This is the logic that leads me to the bit-interleaved geo that can be aggregated in varying size pockets as necessary using existing BGP deployments. We can start flat and implement aggregation over time when a region becomes too large to handle. One nice side effect of this geo approach is that it mitigates the continuing political demands for sovereign rights to IPv6 space.
Any aggregation approach will force the business models to change from current practice. That is not as bad a thing as the alarmists will make it out to be, because their accountants are claiming the current model is a broken money looser as it is (which if so means they will eventually change anyway). The primary difference is that there will need to be aggregation intermediaries between the last-mile and transit providers. The current model eliminates these middle-men by trading off their routing mitigation service against a larger routing table (actually they already exist in the right places but are currently limited to layer2 media aggregators). The anti-PI bunch is trying to use social engineering to directly counter the bottom line business reality that the customer will always win in the end. Rather than accept this situation and constructively work on the necessary business model and technology developments, they effectively stall progress by staunchly claiming there is no acceptable technical approach that works within the current business structure.
Making the RIRs be the police deciding who qualifies for PI and who does not just adds to their workload and raises costs. The beneficiaries of this gatekeeper approach are the ISPs that claim
need full routing knowledge everywhere, while the cost burden for supporting the waste-of-time qualification/evaluation work is borne by the applicant. Given that the most vocal and organized membership in the RIR community are the ISPs it is easy to understand why it would seem
the PI issue is already decided as closed. I tend to believe it will just drag out until enough of the corporate world becomes aware of
Latif The ITU is one of my top concerns also. I am hearing the same tune it sounds like you are; they are chomping at the bit to get a chance to step in and "save the Internet". I'll respond with some longer thoughts tomorrow. Between Tony's and Jim's last response, I have some thinking to do to see how it might be made to work technically and politically with some of the caveats they mention. One of my open thoughts, is if I have PA space, can I get somehow get routing service (multi-homing) from more than the single ISP that provided the addressing? Take care Terry ollivier.robert@eurocontrol.fr; this think they like the
IPv4 exhaustion in light of their growth needs that they
collectively > > appear at their RIR and demand an immediate solution. Unfortunately > > this 'wait till the last minute' tactic will likely result in a > > reactionary quickie with its own set of long term side effects. > > > > A while back I tried to hold a BOF on geo PI in the IETF, but was told > > that > > shim6 was the anointed solution. Now that at least nanog has told the > > IAB where to put shim6 it might be possible to get the current IESG to > > reconsider. In any case the result would be a technical approach that > > would still require RIRs to establish policies around. As long as they > > are dominated by the ISPs it will be difficult to get real PI. > > > > Tony > > > >
Hi, On Sun, Apr 09, 2006 at 05:40:01PM -0700, Davis, Terry L wrote:
One of my open thoughts, is if I have PA space, can I get somehow get routing service (multi-homing) from more than the single ISP that provided the addressing?
You can, and it works. It has its own set of problems, though. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 88685 SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234
Hi! it does _NOT_ work for IPv6 in the wild, by the way.
Hi,
On Sun, Apr 09, 2006 at 05:40:01PM -0700, Davis, Terry L wrote:
One of my open thoughts, is if I have PA space, can I get somehow get routing service (multi-homing) from more than the single ISP that provided the addressing?
You can, and it works. It has its own set of problems, though.
Gert Doering -- NetMaster
-- WBR, Maxim V. Tulyev (MT6561-RIPE, 2:463/253@FIDO)
On Wed, 19 Apr 2006, Maxim V. Tulyev wrote:
it does _NOT_ work for IPv6 in the wild, by the way.
FWIW, many consider 'not working' a feature, not a bug :-) -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Hi, (thanks for doing proper quoting - which is *below* *properly trimmed* original articles)
On Sun, Apr 09, 2006 at 05:40:01PM -0700, Davis, Terry L wrote:
One of my open thoughts, is if I have PA space, can I get somehow get routing service (multi-homing) from more than the single ISP that provided the addressing?
You can, and it works. It has its own set of problems, though.
On Wed, Apr 19, 2006 at 03:45:37PM +0400, Maxim V. Tulyev wrote:
it does _NOT_ work for IPv6 in the wild, by the way.
Well, YMMV, but my customers claim "it does work" - with IPv6, and in the wild. But as I said: it has its own set of problems - the biggest being "inconsistant filter policies in a remote AS, and thus bad routing for the more-specific network". Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 88685 SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234
Hi,
(thanks for doing proper quoting - which is *below* *properly trimmed* original articles)
This sticks to me as the good FIDONet behaviour ;)
it does _NOT_ work for IPv6 in the wild, by the way. Well, YMMV, but my customers claim "it does work" - with IPv6, and in the wild.
I tried to announce network 2001:4058::/48, and in fact, I couldn't get working connectivity. Of course, if you have two channels, and one of them also announces entire /32, it will be "seems to work", because you will get incoming traffic from there. But if that channel fails, you will lose connectivity at all. So, why? Local peerings? Something else? That's NOT like PI or more specific IPv4 that can be announced and is working in the wild as an independent part of Internet. -- WBR, Maxim V. Tulyev (MT6561-RIPE, 2:463/253@FIDO)
Hi, On Thu, Apr 20, 2006 at 01:08:20PM +0400, Maxim V. Tulyev wrote:
(thanks for doing proper quoting - which is *below* *properly trimmed* original articles) This sticks to me as the good FIDONet behaviour ;)
Thanks.
it does _NOT_ work for IPv6 in the wild, by the way. Well, YMMV, but my customers claim "it does work" - with IPv6, and in the wild.
I tried to announce network 2001:4058::/48, and in fact, I couldn't get working connectivity.
Of course, if you have two channels, and one of them also announces entire /32, it will be "seems to work", because you will get incoming traffic from there.
Yes, that's the underlying assumption when using "PA slice multihoming" - the aggregate is always visible in the global table.
But if that channel fails, you will lose connectivity at all.
... to destinations that filter the /48 and have no default route. Which is not so much different from "if one of your upstreams is messing up their routing completely, you'll have problems reaching parts of the internet". There is no way anyone can guarantee reachability to any place at all times.
So, why? Local peerings? Something else?
That's NOT like PI or more specific IPv4 that can be announced and is working in the wild as an independent part of Internet.
As long as the aggregate is visible, reachability is as good as for IPv4 PI space, if not better. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 88685 SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234
On Thu, 20 Apr 2006, Gert Doering wrote: [v6 aggregate and a leaked more specific]
As long as the aggregate is visible, reachability is as good as for IPv4 PI space, if not better.
But note that if the most direct path filters out the /48, following /48 will result in going a "round-about" route, possibly through all kinds of 6bone-oriented experimental networks. I (and many others, no doubt) have seen packs crossing the Atlantic multiple times -- caused by some folks (e.g., longer path) allowing the /48 through, others (the shortest path) filtering it out. I wouldn't recommend advertising more specifics to anyone... and again, I consider that a feature :-) -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Hi, On Thu, Apr 20, 2006 at 04:14:47PM +0300, Pekka Savola wrote:
I wouldn't recommend advertising more specifics to anyone... and again, I consider that a feature :-)
Well, the combination of "no PI", "no working non-PI/BGP-multihoming solution" and "PA+BGP multihoming not working either" is certainly not something that makes currently-multihomed customers want to move to IPv6... Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 88685 SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234
Hi, Gert Doering schrieb:
Hi,
On Thu, Apr 20, 2006 at 04:14:47PM +0300, Pekka Savola wrote:
I wouldn't recommend advertising more specifics to anyone... and again, I consider that a feature :-)
Well, the combination of "no PI", "no working non-PI/BGP-multihoming solution" and "PA+BGP multihoming not working either" is certainly not something that makes currently-multihomed customers want to move to IPv6...
so, let's switch to discussing http://www.ripe.net/ripe/policies/proposals/2006-01.html :-) P.S.: The question is, if any Prefix longer than /32 makes any sense at all after years of propagating "/32 and shorter only!!!" - you can't force anyone to undo his filter descisions, let alone fix orphaned IPv6 setups (similar to the good old IPv4-IANA-reserverd-space-filter problematic). -- ======================================================================== = Sascha Lenz SLZ-RIPE slz@baycix.de = = Network Operations = = BayCIX GmbH, Landshut * PGP public Key on demand * = ========================================================================
On Thursday 20 April 2006 15:24, Sascha Lenz wrote:
Hi,
Gert Doering schrieb:
Hi,
On Thu, Apr 20, 2006 at 04:14:47PM +0300, Pekka Savola wrote:
I wouldn't recommend advertising more specifics to anyone... and again, I consider that a feature :-)
Well, the combination of "no PI", "no working non-PI/BGP-multihoming solution" and "PA+BGP multihoming not working either" is certainly not something that makes currently-multihomed customers want to move to IPv6...
so, let's switch to discussing
I would support this policy proposal. This would be a sound alternative to those that need to be a LIR today but do not really have to be a LIR but only require address-space that does not tie them with 1 or 2 providers "for life" and gives them the possibility to have global multi-homing (so for example, 2 access points to the Net: 1x US, 1x Europe and a private global corporate network to provide internal connectivity). Marc van Selm -- -- This mail is personal -- All statements in this mail are made from my own personal perspective and do not necessarily reflect my employer's opinions or policies.
On Mon, 24 Apr 2006 09:10:26 +0200, Marc van Selm wrote:
so, let's switch to discussing
I would support this policy proposal.
This would be a sound alternative to those that need to be a LIR today but do not really have to be a LIR but only require address-space that does not tie them with 1 or 2 providers "for life" and gives them the possibility to have global multi-homing (so for example, 2 access points to the Net: 1x US, 1x Europe and a private global corporate network to provide internal connectivity).
This argument is absolutely correct, the impact on the BGP table will be negligible and can - as proven by IPv4 - be handled by modern routing hardware, thus: I support your argument and the proposal, too. Best Regards Oliver Bartels Oliver Bartels F+E + Bartels System GmbH + 85435 Erding, Germany oliver@bartels.de + http://www.bartels.de + Tel. +49-8122-9729-0
Hi, On Mon, Apr 24, 2006 at 10:52:43AM +0200, Oliver Bartels wrote:
This argument is absolutely correct, the impact on the BGP table will be negligible and can - as proven by IPv4 - be handled by modern routing hardware, thus:
Does someone have numbers on the amount of IPv6 prefixes that currently deployed Cisco and Juniper routers can handle? I know that the Cisco Sup720/3B can handle 256k routes for IPv4+IPv6 *together* (TCAM space), which limits the "unlimited growth of IPv6" a bit (but which can be fixed by upgrading to 3BXL). Please let's not discuss "how stupid router vendors are" now, just collect facts - there must be some upper limits in the hardware for GSR line cards and Juniper IPII-ASICs as well. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 92315 SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234
On Mon, 24 Apr 2006 10:59:47 +0200, "Gert Doering" <gert@space.net> said:
Does someone have numbers on the amount of IPv6 prefixes that currently deployed Cisco and Juniper routers can handle?
Another interesting statistic in this discussion would be a historic overview of the avg headroom in core backbone routers (unused space in the form of RIB-entries total and % of the the available) going back at least a decade. //per -- Per Heldal http://heldal.eml.cc/
Oliver Bartels wrote:
On Mon, 24 Apr 2006 09:10:26 +0200, Marc van Selm wrote:
so, let's switch to discussing
[ ... ]
I support your argument and the proposal, too.
<taking off all hats other than a long-term 'netizen and LIR manager> I very strongly tend to support the proposal, with some questions and qualifications (peculiar to the NCC) attached: - As the proposal is worded now, it implicitely states that an applicant can "walk in from the street" and ask for an assignment. However, some time ago, we consciously supported the NCC to _exclusively_ do business with LIRs. Whenever an entity requests resources that are not "directly" tied in with an ISP, this entity has to find someone (an existing LIR) to act on their behalf. - Looking at the text further under the heading "Expiry for Assignments" there is the possibility to the holder of such an assignment to become an LIR Given that setup, and the fact that (from an RIR's point of view there is not too much difference in handling when cmparing PA and PI address space, I would propose to *require* the applicant to become an LIR in the 1st place. At that point in time when this LIR does no longer need the resources, and has returned them properly, it can cancel the contract (and stop paying the annual fee) I have the very strong opinion that any entity requesting "core resources" from or using services from an an RIR (big address blocks, AS numbers, rev. delegations,...) should also contribute to the operational cost *and* be alerted to the responsibilties of holding/using such resources. Which then goes hand in hand with the privilege of providing guidance to the RIR's operation by way of e.g. voting rights in the GM. Potentially inventing a separate fee structure or dedicated size category is a minor administrative exercise, I think. Please note that the "nice" thing about that approach is to vent a lot of steam regarding PA(good) and PI(bad). Very simplistically put - this proposal is a way around the (dreaded) 200 "customer" rule, isn't it ;-) Wilfried.
Hi Wilfried, Thanks for the extensive comments. See below, in-line. Regards, Jordi
De: "Wilfried Woeber, UniVie/ACOnet" <Woeber@CC.UniVie.ac.at> Organización: UniVie - ACOnet Responder a: <Woeber@CC.UniVie.ac.at> Fecha: Mon, 24 Apr 2006 12:32:10 +0000 Para: Oliver Bartels <oliver@bartels.de> CC: "address-policy-wg@ripe.net" <address-policy-wg@ripe.net> Asunto: Re: [address-policy-wg] RE: Question
Oliver Bartels wrote:
On Mon, 24 Apr 2006 09:10:26 +0200, Marc van Selm wrote:
so, let's switch to discussing
[ ... ]
I support your argument and the proposal, too.
<taking off all hats other than a long-term 'netizen and LIR manager>
I very strongly tend to support the proposal, with some questions and qualifications (peculiar to the NCC) attached:
- As the proposal is worded now, it implicitely states that an applicant can "walk in from the street" and ask for an assignment. However, some time ago, we consciously supported the NCC to _exclusively_ do business with LIRs. Whenever an entity requests resources that are not "directly" tied in with an ISP, this entity has to find someone (an existing LIR) to act on their behalf.
Not necessarily. It is still not worded out in the proposal, but I thing that need to be some contractual binging with RIPE NCC for the applicant to get the PI and consequently some yearly recurrent fee.
- Looking at the text further under the heading "Expiry for Assignments" there is the possibility to the holder of such an assignment to become an LIR
Given that setup, and the fact that (from an RIR's point of view there is not too much difference in handling when cmparing PA and PI address space, I would propose to *require* the applicant to become an LIR in the 1st place.
That's why I think there should be a contract already, wait an see in my slides today that comparison among both PA and PI cases.
At that point in time when this LIR does no longer need the resources, and has returned them properly, it can cancel the contract (and stop paying the annual fee)
I believe only those PI "customers" that really want to become a LIR will do it, and probably will be a reduced numbers if/when we have an alternative solution.
I have the very strong opinion that any entity requesting "core resources" from or using services from an an RIR (big address blocks, AS numbers, rev. delegations,...) should also contribute to the operational cost *and* be alerted to the responsibilties of holding/using such resources.
Agree, I didn't included that in the current proposal text, because I assumed is something worked out by the board or whatever apart from the proposal itself. It will be worded out in the next version.
Which then goes hand in hand with the privilege of providing guidance to the RIR's operation by way of e.g. voting rights in the GM.
Potentially inventing a separate fee structure or dedicated size category is a minor administrative exercise, I think.
Please note that the "nice" thing about that approach is to vent a lot of steam regarding PA(good) and PI(bad).
Very simplistically put - this proposal is a way around the (dreaded) 200 "customer" rule, isn't it ;-)
I agree that the 200 customer rule is very bad, but not really sure if both things should be mixed up ...
Wilfried.
********************************************** The IPv6 Portal: http://www.ipv6tf.org Barcelona 2005 Global IPv6 Summit Slides available at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
On Monday 24 April 2006 13:32, Wilfried Woeber, UniVie/ACOnet wrote:
Given that setup, and the fact that (from an RIR's point of view there is not too much difference in handling when cmparing PA and PI address space, I would propose to *require* the applicant to become an LIR in the 1st place.
Even though I am practically a member of the "PI for Everyone" camp, I fully agree with this proposal, although I would just change policy so as to require anyone (who isn't just a PA end-user) to simply become a member of a RIR. They don't necessarily need to be a full LIR as they are not likely to ever sub-assign PA space. This should assure equal treatment for all IP users (as much as that is possible) and, as Wilfried states, gives them more of a 'voice' in the address management community. Maybe some of the additional income could also be funnelled into offering training to those that may require it. The downside is that such a policy would be open to challenge as a 'RIR monopoly' and to the establishment, by legislation, of competing 'IP address providers' such as has happened with the DNS system. The thing to keep in mind is, that the goal should be to increase adoption of IPv6 in the first place, otherwise all this is is an academic exercise... rgds, s.
On Monday 24 April 2006 13:32, Wilfried Woeber, UniVie/ACOnet wrote:
Given that setup, and the fact that (from an RIR's point of view there is not too much difference in handling when cmparing PA and PI address space, I would propose to *require* the applicant to become an LIR in the 1st place.
Even though I am practically a member of the "PI for Everyone" camp, I fully agree with this proposal, although I would just change policy so as to require anyone (who isn't just a PA end-user) to simply become a member of a RIR. They don't necessarily need to be a full LIR as they are not likely to ever sub-assign PA space. This should assure equal treatment for all IP users (as much as that is possible) and, as Wilfried states, gives them more of a 'voice' in the address management community. Maybe some of the additional income could also be funnelled into offering training to those that may require it. The downside is that such a policy would be open to challenge as a 'RIR monopoly' and to the establishment, by legislation, of competing 'IP address providers' such as has happened with the DNS system. The thing to keep in mind is, that the goal should be to increase adoption of IPv6 in the first place, otherwise all this is is an academic exercise... rgds, s.
Hi,
But if that channel fails, you will lose connectivity at all. ... to destinations that filter the /48 and have no default route.
No. When I tried to announce /48 last time (near one year ago) - it was filtered out at third hop or so. Also it wasn't present at all looking glasses. Hm. Now it is interesting to try out it now. Just try tomorrow and say the result ;)
That's NOT like PI or more specific IPv4 that can be announced and is working in the wild as an independent part of Internet.
As long as the aggregate is visible, reachability is as good as for IPv4 PI space, if not better.
As long as the aggregate is visible, assuming I have connectivity from my primary uplink. And when it is not visible - I can't get connectivity at all :( -- WBR, Maxim V. Tulyev (MT6561-RIPE, 2:463/253@FIDO)
Hi, On Thu, Apr 20, 2006 at 08:48:50PM +0400, Maxim V. Tulyev wrote:
That's NOT like PI or more specific IPv4 that can be announced and is working in the wild as an independent part of Internet.
As long as the aggregate is visible, reachability is as good as for IPv4 PI space, if not better.
As long as the aggregate is visible, assuming I have connectivity from my primary uplink.
If the primary and secondary uplink peer with each other, and the primary accepts the /48 from the secondary (which would be a good thing to do), you are always reachable as long as the aggregate is up - the aggregate will draw the traffic "near to" the primary uplink, and at some point, it will hit a router that will also know the /48, and send the packets to the secondary uplink. As I said: we do this with customers, and it works better than the currently available alternatives. (It's not perfect, no.)
And when it is not visible - I can't get connectivity at all :(
Not to people that have no default and decide to filter your more-specific route, yes. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 92315 SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234
Hi,
And when it is not visible - I can't get connectivity at all :(
Not to people that have no default and decide to filter your more-specific route, yes.
So "in the wild" - I'll loose connectivity. That means more specific is not a way to make backups :( -- WBR, Maxim V. Tulyev (MT6561-RIPE, 2:463/253@FIDO)
The NAv6TF is in the ARIN region. If individuals associated with it think that ARIN should adopt a policy or change an existing policy they should not only say so they should propose such a policy. Remember policies in the ARIN region, like in all of the RIRs is made not by the RIR organization staff and board but by the community in the region. ARIN staff will be more than happy to help anyone through the process, which by the way, while an orderly and formal process is not onerous, but one designed to provide for an open and honest discussion of any policy proposal before it is adopted. If you are interested in pursuing this, please contact me and I will get a staff member to assist you. Ray
-----Original Message----- From: address-policy-wg-admin@ripe.net [mailto:address-policy-wg- admin@ripe.net] On Behalf Of Latif Ladid ("The New Internet based on IPv6") Sent: Saturday, April 08, 2006 9:53 AM To: 'Bound, Jim'; 'Tony Hain'; 'PPML'; address-policy-wg@ripe.net Cc: 'Richard Jimmerson'; 'Davis, Terry L'; ollivier.robert@eurocontrol.fr; narten@us.ibm.com; 'Brig, Michael P CIV DISA GES-E'; 'Pouffary, Yanick'; 'Green, David B RDECOM CERDEC STCD SRI' Subject: [address-policy-wg] RE: Question
The technical community should fix this one before the ITU sees this as another chance to have a political say on the IPv6 addressing. These things leak fast. My advice is that ARIN should seriously own this issue before the ITU turns it to a sovereignty issue, which they could for sure win this time. I know one of their noodles is sizzling at it.
Cheers Latif
-----Original Message----- From: Bound, Jim [mailto:Jim.Bound@hp.com] Sent: 08 April 2006 14:52 To: Tony Hain; PPML; address-policy-wg@ripe.net Cc: Richard Jimmerson; Latif Ladid ("The New Internet based on IPv6"); Davis, Terry L; ollivier.robert@eurocontrol.fr; narten@us.ibm.com; Brig, Michael P CIV DISA GES-E; Pouffary, Yanick; Green, David B RDECOM CERDEC STCD SRI; Bound, Jim Subject: RE: Question
Tony,
Excellent response and educational for sure. It is my belief that the corporate business model today for operating networks may be broken and I think you supported that below? If not my apologies for bad parsing?
Their models were fine for an IPv4 world where NAT was required and some even confuse NAT with securing ones network (and some programs in the U.S. Government) and that is simply bad policy and view.
In the interim can this be resolved by RIRs creating some kind of additional wording that address reclaim will be done in manner that is negotiable, and do no harm to corporate or government business operations? This would buy us time to work on the issue and stop the FUD around this topic?
Also I am willing to sponsor a world wide IPv6 Forum BOF on PI and addressing you can lead as ajunct to one of our regular meetings you can lead for an entire day and we get the right players in the room. So think about that as another option too.
But do enjoy the beach this thread does not have to be resolved this week :--)
Really want to hear from all of you and discussion Terry D., Latif, Yanick, Dave G. Mike B. etc.
Thanks /jim
-----Original Message----- From: Tony Hain [mailto:alh-ietf@tndh.net] Sent: Friday, April 07, 2006 7:57 PM To: 'PPML'; address-policy-wg@ripe.net Cc: 'Richard Jimmerson'; Bound, Jim; 'Latif Ladid ("The New Internet based on IPv6")'; 'Davis, Terry L'; ollivier.robert@eurocontrol.fr; narten@us.ibm.com; 'Brig, Michael P CIV DISA GES-E'; Pouffary, Yanick; 'Green, David B RDECOM CERDEC STCD SRI' Subject: RE: Question
A public answer to a private question as I have been sitting on a beach for awhile without the laptop and missed some related conversations ... :)
Is the outcome really open for discussion on the PI issue? It doesn't sound like it is.
In the minds of some the route scaling issue outweighs any argument for PI. When taken to its extreme, there is a valid point that a broken routing system serves no one. At the same time the dogmatic stance by the ISPs enforcing lock-in is just as broken both for large organizations with financial or legal requirements for operational stability, and the individual consumer/small business with limited budgets looking for true competition. The hard part is finding the middle ground in a way that limits the exposure to a potential routing collapse.
I personally refuse to declare some needs legitimate and others not, as the only point of such differentiation is to establish a power broker. When all uses are legitimate, the problem boils down to the technical approach that can be scaled as necessary to contain growth in the routing system. This is the logic that leads me to the bit-interleaved geo that can be aggregated in varying size pockets as necessary using existing BGP deployments. We can start flat and implement aggregation over time when a region becomes too large to handle. One nice side effect of this geo approach is that it mitigates the continuing political demands for sovereign rights to IPv6 space.
Any aggregation approach will force the business models to change from current practice. That is not as bad a thing as the alarmists will make it out to be, because their accountants are claiming the current model is a broken money looser as it is (which if so means they will eventually change anyway). The primary difference is that there will need to be aggregation intermediaries between the last-mile and transit providers. The current model eliminates these middle-men by trading off their routing mitigation service against a larger routing table (actually they already exist in the right places but are currently limited to layer2 media aggregators). The anti-PI bunch is trying to use social engineering to directly counter the bottom line business reality that the customer will always win in the end. Rather than accept this situation and constructively work on the necessary business model and technology developments, they effectively stall progress by staunchly claiming there is no acceptable technical approach that works within the current business structure.
Making the RIRs be the police deciding who qualifies for PI and who does not just adds to their workload and raises costs. The beneficiaries of this gatekeeper approach are the ISPs that claim they need full routing knowledge everywhere, while the cost burden for supporting the waste-of-time qualification/evaluation work is borne by the applicant. Given that the most vocal and organized membership in the RIR community are the ISPs it is easy to understand why it would seem like the PI issue is already decided as closed. I tend to believe it will just drag out until enough of the corporate world becomes aware of the IPv4 exhaustion in light of their growth needs that they collectively appear at their RIR and demand an immediate solution. Unfortunately this 'wait till the last minute' tactic will likely result in a reactionary quickie with its own set of long term side effects.
A while back I tried to hold a BOF on geo PI in the IETF, but was told that shim6 was the anointed solution. Now that at least nanog has told the IAB where to put shim6 it might be possible to get the current IESG to reconsider. In any case the result would be a technical approach that would still require RIRs to establish policies around. As long as they are dominated by the ISPs it will be difficult to get real PI.
Tony
On Sat, 8 Apr 2006 15:52:56 +0200, "Latif Ladid (The New Internet based on IPv6)" <latif.ladid@village.uunet.lu> said:
The technical community should fix this one before the ITU sees this as another chance to have a political say on the IPv6 addressing. These things leak fast. My advice is that ARIN should seriously own this issue before the ITU turns it to a sovereignty issue, which they could for sure win this time. I know one of their noodles is sizzling at it.
ARIN, and all the other RIRs, represent the interests of people in their region. Anybody who is interested, yourself included, is welcome to suggest changes to current policies. I'm sure RIR-staff are happy to guide you through the process. However, to succeed you need to convince the RIR community that there is a need for a change. It's interesting to see how people are worried about ITU involvement. I share some concerns, but remember; the ITU and their OSI protocols were once at the core of everything in large-scale networking. Those were left behind because they were not flexible enough to keep up with the pace of internet growth in the '90s. ITU as an organization is just as inflexible today as they were 10 or 15 years ago, maybe even worse. To consider ITU a threat to the internet community speaks heaps about how the community has deteriorated over the last decade. Parts of the community are already mirroring ITU behaviour, with or without ITU-involvement. //per -- Per Heldal http://heldal.eml.cc/
-----Original Message----- From: Bound, Jim [mailto:Jim.Bound@hp.com] Sent: Saturday, April 08, 2006 5:52 AM To: Tony Hain; PPML; address-policy-wg@ripe.net Cc: Richard Jimmerson; Latif Ladid ("The New Internet based on IPv6"); Davis, Terry L; ollivier.robert@eurocontrol.fr; narten@us.ibm.com; Brig, Michael P CIV DISA GES-E; Pouffary, Yanick; Green, David B RDECOM CERDEC STCD SRI; Bound, Jim Subject: RE: Question
Tony,
Excellent response and educational for sure. It is my belief that the corporate business model today for operating networks may be broken and I think you supported that below? If not my apologies for bad
Jim/All I am going to respond in two parts here on PI issues; one in terms of aviation and one in terms of corporate. This one is on aviation. The next two paragraphs are from an original response to Thomas Narten, that I didn't see make the list. ---- I view systems that run "critical infrastructure" entirely different from those used to run anything else; especially systems that can directly impact the safety of the people using or relying on them. Safety engineering is just like security engineering; both depend on our ability to build in layers of defense and reliability trying to never rely entirely on a single system. By forcing an industry like aviation to accept the potential of address changing in a global fleet, an element of extreme risk is added as the system's overall reliability is decreased. ---- We know that in the next decade that there will be development initiated for a new air traffic control system. It will likely be built upon IP and if so, likely IP-v6. And ICAO currently has a working group studying this and the committee is leaning towards IP-v6 although there is a strong component that is pushing for IP-v4 and a continuation the NAT type usage currently required in the aviation industry by Arinc 664. And I do definitely agree with Jim here, the use IP-v4 and NAT would create huge risks; if in nothing else, the potential for mis-addressing through one of the hundreds of NAT gateways that would be required. I'll respectfully disagree with Jim in that I believe address change in a complex global system like air traffic control can create a hazard. Keep in mind, that the air traffic control system spans virtually every nation on globe and most everything manmade that flies. Likewise the technical and operational capabilities vary from extraordinary to very minimal; like the 30 or so aviation operators that the EU just banned from flying into EU countries because of their poor safety and maintenance performance record. Coordinating an address change across this type of infrastructure with aircraft and ground infrastructure in almost every nation on the globe, is simply beyond my ability comprehend. Assuming the technology would work flawlessly (discussed below), the politics of when and how to implement the change would likely end up on the floor of the UN for debate. Likewise, if a decision was made to implement a change, we would be dealing with such different levels of expertise around the world that no amount of pre-planning could ensure that implementation failures would not occur. Now just a bit about where ATC systems are likely going and why their criticality will likely grow over the next couple decades. Unless we suddenly develop anti-gravity capabilities to allow slow vertical takeoffs, we are stuck with the airports we have and only minimal abilities to expand them (cost, environmental, noise, etc). The only real way we can expand their capacity is with bigger airplanes and more flights. The "more flights" part is where this gets complicated and critical. To handle more flights, we have to decrease landing and takeoff separations and speed up aircraft ground movements so an airport can handle more aircraft per hour. We are about to human capacity with the current systems which means that these improvements will need to move more and more to relying on precise control systems; a minutes interruption here will be a really big deal. Also we as an industry are just beginning to migrate from bus data communications on the aircraft to networks. The commercial aircraft flying today are already largely computer controlled and as I mentioned above we try very hard not design the aircraft to be critically reliant on any one system. In almost all cases, it requires a cascading series of failures to present an aircraft with a catastrophic hazard. Now as I said, we are starting to put networks on the aircraft and as Arinc 664 shows; we are not the world's greatest network engineers (at least not yet..). In a decade or so, we will have hundreds of networked systems on an aircraft. I think the risk here in re-addressing is clear; how well will they all react. And yes we can probably take most of the risk down in certification testing but keep in mind variation in technical competence of the operators around the world and that we are continually accepting upgraded systems from our vendors as replacement parts and this could also inject potential failures in re-addressing. If we were to use 3178 without a single global address space, I still don't think this would scale as we then would be using probably in the neighborhood of 50 or more ISP's (you don't always get to pick your ISP's and while a country might accept addressing from an industry block, they'd probably insist on using theirs otherwise) around the world for the service. And the way I read it, I would still have lots of unnecessary backhauling to the other side of the planet and some very complicated policy routing to set up. Besides and then with mix of address spaces, I would probably be perpetually leaking with the global Internet in what should be a closed network. Finally at the moment with our existing certification processes, I'm not sure that we would even be permitted to change the aircraft addresses without re-issuing all the affected software with new part numbers. (I'll bet you assumed we used DHCP to address the current aircraft; nope we hard code address everything, remember "bus engineering" 101 ;-) With today's current rules, we haven't put any "critical systems" on anything but a closed onboard network. We are just discussing the ability upload new IP_tables/firewall-rules and authentication certs/passwords to the non-critical networks and I believe that this will be solved in the next couple years. And now also keep in mind that every aviation rule-making body around the world would also have to approve of the address change for an ATC network and define how they were going to certify the change. ====================================================================== Finally now having said all this Jim, I think it is possible for aviation to remain conforming. We have probably only two primary needs for stable IP addressed networks; one for Air Traffic Control and one for Airline Operations. These are industry traffic type designations that have safety related functions that are carried out over them. As we have discussed before, I expect both of them to be run as "closed networks" and should never (IMHO) be seen in the global routing tables; a closed network will provide them with a layer of security, better routing performance, the multi-homing that an aircraft needs, and more options for mobility solutions. Further, two organizations already exist that could legitimately hold the addresses; ICAO for the ATC network as they already govern it and the AEEC for "airline operations" whose members already essentially own "Arinc" which is an ISP already. If it were possible to convince these orgs, to apply for space and the registries to grant them, that would seem to be a solution. Take care Terry PS: Apologies for the length.. PSS: Back to "critical infrastructure" networks a moment, I'd say that any network that wanted to declare itself "critical infrastructure" could obtain PI space, BUT to me this type of network should always be run as a "closed network" with exchanges to the Internet only through "mediation gateways" operating at the application level, not at the routing level. Just food for thought but perhaps there is a class of IP-v6 networks for "critical infrastructure" that have their own PI space, but are prohibited from the participating in "Internet routing". Such a concept might solve lots of problems. parsing?
Their models were fine for an IPv4 world where NAT was required and
some
even confuse NAT with securing ones network (and some programs in the U.S. Government) and that is simply bad policy and view.
In the interim can this be resolved by RIRs creating some kind of additional wording that address reclaim will be done in manner that is negotiable, and do no harm to corporate or government business operations? This would buy us time to work on the issue and stop the FUD around this topic?
Also I am willing to sponsor a world wide IPv6 Forum BOF on PI and addressing you can lead as ajunct to one of our regular meetings you can lead for an entire day and we get the right players in the room. So think about that as another option too.
But do enjoy the beach this thread does not have to be resolved this week :--)
Really want to hear from all of you and discussion Terry D., Latif, Yanick, Dave G. Mike B. etc.
Thanks /jim
-----Original Message----- From: Tony Hain [mailto:alh-ietf@tndh.net] Sent: Friday, April 07, 2006 7:57 PM To: 'PPML'; address-policy-wg@ripe.net Cc: 'Richard Jimmerson'; Bound, Jim; 'Latif Ladid ("The New Internet based on IPv6")'; 'Davis, Terry L'; ollivier.robert@eurocontrol.fr; narten@us.ibm.com; 'Brig, Michael P CIV DISA GES-E'; Pouffary, Yanick; 'Green, David B RDECOM CERDEC STCD SRI' Subject: RE: Question
A public answer to a private question as I have been sitting on a beach for awhile without the laptop and missed some related conversations ... :)
Is the outcome really open for discussion on the PI issue? It doesn't sound like it is.
In the minds of some the route scaling issue outweighs any argument for PI. When taken to its extreme, there is a valid point that a broken routing system serves no one. At the same time the dogmatic stance by the ISPs enforcing lock-in is just as broken both for large organizations with financial or legal requirements for operational stability, and the individual consumer/small business with limited budgets looking for true competition. The hard part is finding the middle ground in a way that limits the exposure to a potential routing collapse.
I personally refuse to declare some needs legitimate and others not, as the only point of such differentiation is to establish a power broker. When all uses are legitimate, the problem boils down to the technical approach that can be scaled as necessary to contain growth in the routing system. This is the logic that leads me to the bit-interleaved geo that can be aggregated in varying size pockets as necessary using existing BGP deployments. We can start flat and implement aggregation over time when a region becomes too large to handle. One nice side effect of this geo approach is that it mitigates the continuing political demands for sovereign rights to IPv6 space.
Any aggregation approach will force the business models to change from current practice. That is not as bad a thing as the alarmists will make it out to be, because their accountants are claiming the current model is a broken money looser as it is (which if so means they will eventually change anyway). The primary difference is that there will need to be aggregation intermediaries between the last-mile and transit providers. The current model eliminates these middle-men by trading off their routing mitigation service against a larger routing table (actually they already exist in the right places but are currently limited to layer2 media aggregators). The anti-PI bunch is trying to use social engineering to directly counter the bottom line business reality that the customer will always win in the end. Rather than accept this situation and constructively work on the necessary business model and technology developments, they effectively stall progress by staunchly claiming there is no acceptable technical approach that works within the current business structure.
Making the RIRs be the police deciding who qualifies for PI and who does not just adds to their workload and raises costs. The beneficiaries of this gatekeeper approach are the ISPs that claim they need full routing knowledge everywhere, while the cost burden for supporting the waste-of-time qualification/evaluation work is borne by the applicant. Given that the most vocal and organized membership in the RIR community are the ISPs it is easy to understand why it would seem like the PI issue is already decided as closed. I tend to believe it will just drag out until enough of the corporate world becomes aware of the IPv4 exhaustion in light of their growth needs that they collectively appear at their RIR and demand an immediate solution. Unfortunately this 'wait till the last minute' tactic will likely result in a reactionary quickie with its own set of long term side effects.
A while back I tried to hold a BOF on geo PI in the IETF, but was told that shim6 was the anointed solution. Now that at least nanog has told the IAB where to put shim6 it might be possible to get the current IESG to reconsider. In any case the result would be a technical approach that would still require RIRs to establish policies around. As long as they are dominated by the ISPs it will be difficult to get real PI.
Tony
participants (15)
-
Bound, Jim -
Davis, Terry L -
Gert Doering -
JORDI PALET MARTINEZ -
Latif Ladid ("The New Internet based on IPv6") -
Marc van Selm -
Maxim V. Tulyev -
Oliver Bartels -
Pekka Savola -
Per Heldal -
Ray Plzak -
Sascha Lenz -
Sascha Luck -
Sascha Luck -
Wilfried Woeber, UniVie/ACOnet