Minutes from the IPv6 WG @ RIPE 83
Hello, Here are the minutes from RIPE 83, if you have any comments or remarks, please let us know before 20.12 so we can have them published. RIPE 83 RIPE IPv6 Working Group Minutes Date: 25 November, 13:00-14:00 (UTC+1) Chairs: Raymond Jetten, Benedikt Stockebrand Scribe: Suzanne Taylor Status: Draft Welcome, Administrative Matters Raymond Jetten, Working Group Co-Chair Raymond Jetten, Working Group Co-Chair, welcomed everyone to the session and went over some rules of engagement. There were no questions or comments. Building IPv4 Islands for Fun and Profit Nico Schottelius, ungleich This presentation is available at: https://ripe83.ripe.net/wp-content/uploads/presentations/86-ripe83-ipv4-isla... Nico discussed the technical details of how to set up IPv6-only networks that need to incorporate IPv6-incompatible devices (such as x-ray or ultrasound scanners, LoraWAN gateways, printers, power plants) by setting up IPv4 "islands" for those devices. Benedikt Stockebrand commented that there are many different approaches to this issue and that if this particular method doesn't work, then attendees should be encouraged to reach out on the mailing list rather than simply give up on deploying IPv6. Nico said he fully agreed. Michael Richardson, Sandelman Software Works, thanked Nico for his explanation and said he had also been doing something similar. He said he thought another name is needed, however, other than "islands". Nico said he was open to other suggestions. Raymond suggested that ideas could be discussed on the mailing list. There were no further questions or comments. To ULA or not ULA Nico Schottelius This presentation is available at: https://ripe83.ripe.net/wp-content/uploads/presentations/87-ripe83-to-ula-or... In his second presentation, Nico gave an overview of ULAs (unique local addresses), which are used in community networks and other use cases but aren't generally visible on the Internet. He explained how his company has been asked to run a ULA registry and asked for opinions about how - and whether there was consensus - to support community projects by running a ULA registry. Jordi Palet Martínez, Moremar - The IPv6 Company, said that the right way to have a registry is to revive the ULA-Central work, which he tried already in the IETF and with the RIRs. He said there is possibly a need for a global policy on running a central IANA registry or coordination for that among the RIRs, but that it didn't work. He offered to continue working on that if there were community support. Nico said that was an interesting approach and that there were also recent discussions around where to register IP space for aerospace technology and that this could be a way to go, or that the RIRs could have a subsection for ULA community space. He said he would reach out to Jordi after the meeting. Niall O'Reilly, speaking as a "ULA user", asked Nico whether he imported registrations from SixXS to the new registry. Nico responded that everything had been imported and that some have already been deleted because they saw old information in the registry. Marco Hogewoning, RIPE NCC, said that the EU Cybersecurity Strategy suggests a possible sunset clause for IPv4 if insufficient progress is made with IPv6 and asked what the RIPE community thought could be done other than avoiding legislation to force a particular technical choice. He asked whether the community, for example, would advise forcing the use of IPv6 or discouraging the use (or forcing the disuse) of IPv4. He commented that this strategy is focuses on the market and not just the public sector. Nico said that is a difficult question. He said the market is already at play, given the increasing price of IPv4 and that some governments are going IPv6-only. He said that an RIR like the RIPE NCC can encourage IPv6 deployment, and that he sees a role for open-source solutions to support this shift and enable bottom-up development and innovation. Rüdiger Volk, my UNorganized self, said he remembered when Internet number resources were essentially available for free and the one registry was funded by the US federal government. He said that, in order to support communities that were outside of the very small Internet at the time that wanted to install TCP/IP locally or regionally with a limited view to interconnect globally, volunteers started to hand out things and get centrally registered space and create sub-registries. Essentially, he said, the RIPE NCC registry grew from there. He said he felt that if the address space you're using has enough free resources for everyone to be globally unique, then you should do that - but if the current ICANN anchored registry system doesn't offer a way for all communities to adequately address their needs, that should be a trigger to question how to do that. He said that, in some ways, the precursor to ULA was the RFC 1918 space, but it was meant to just be local and was not meant to require a registry (unless your enterprise network isn't connected to anything else and runs as a very closed system, in which case a local registry might be used). Nico said he saw Rüdiger's point and said that perhaps this work should be a community/volunteer effort. He said this topic already came up on the IETF mailing list, along with the usual question of who would pay for the project. He said the idea of handing out GUA (global unique addresses) was also discussed on the IETF mailing list, which he thought was good, as it would offer uniqueness along with global addressability. He added that sponsoring the address space is one thing, but sponsoring the work was another thing and being recognised, a third consideration. He encouraged anyone interested in contributing to the project to contact him. Peter Hessler, speaking as an "open source enthusiast", asked how much space the community should request from the RIPE NCC if it were to group together and form a LIR to request and manage IPv6 address space. Nico said you can start with a /32 and simply request another as needed, because the addresses don't need to be consecutive. Raymond added that you can get a /29 without any justification. Michael Richardson said he had been a proponent of a non-connected IPv6 space for a long time and that he had first come across this before in using it in a data centre through VPNs as a management network. He said that in his experience, these inevitably leak and when they do, you don't know who to tell. He said this was also why he doesn't like ULA random. He said that the value of Whois is high and provides a feeling that no one will come and do something terrible to you because you're using the address space. He also said the possibility of reverse DNS really matters in IPv6 space. For those reasons, he said he would like to have a registry but was agnostic as to whether it should be a /29 of carefully managed global address space that is unannounced in RPKI, or ULA central or fd/8 if that were ever to work. He said there should be a nominal, one-time fee to register the space. He said he oftens sees a need for this in equipment chassis and gave the example of a networked fishing boat. He said he would rather it wasn't RFC1918 but IPv6, and if there were too much paperwork, you could use 1.1 or 11 network because 1918 is on the other interface and using NAT, so you don't know what is there. He said engineers don't use IPv6 because they think they can't get it and don't use ULA random because they need something different for every boat (in the example), which is correct, but he said it should be within the network you own. He said the community needs to enable this and that a small registration fee should make it your own in perpetuity. Benedikt said that one use case that tends to be forgotten about, as most in the community are LIRs, is having a provider aggregated addresses and wanting to maintain some independence from your ISP, ULAs can be very helpful in renumbering. He said there's a big difference between IPv4 and IPv6 in that IPv6 was designed to support multiple addresses per interface, and this can be very useful. He also cautioned against starting a separate address space that is sort of connected with people using ULAs across the Internet via tunnels where they really shouldn't. Raymond closed the queue to further questions in the interest of time. RIPE-554bis Jan Žorž, 6connect This presentation is available at: https://ripe83.ripe.net/wp-content/uploads/presentations/73-RIPE554bis-RIPE8... Jan gave some background and history on updating RIPE-554 and RIPE-554bis, which provides guidance on how to procure IPv6-capable equipment and software for enterprises. He explained which updates were deemed necessary, such as adding fundamental RFCs like "IPv6 over Ethernet" and removing BOUNDv6, as it no longer exists. There are new requirements for hosts and enterprise/ISP switches, and some other changes for routers, CPEs, mobile devices, load balancers and software. He stressed the need to publish an update to RIPE-554 as soon as possible and asked the group whether there was consensus on RIPE-554bis. Blake Willis, Zayo, asked whether RFC8950/RFC5549 BGP tunnel signalling was within the document's scope. Jan replied that it included IPv6-specific things and he would need to look into it. Sander Steffann, 6connect and RIPE-554bis co-author, said he was also not certain. Jan said he did not think RFC8950 was included but that they could consider it for the next version, as they didn't want to expand the scope of this version since it would take too long to update it. Éric Vyncke, Cisco and IETF but speaking mainly as an "IPv6 evangelist", said he couldn't find in the draft RIPE-554bis document Jan's reference during his presentation to not using a /64 and RFC8200 now including atomic/overlapping fragments. Jan said the RFC8200 was in the section on requirements for host equipment, and that it's basically the same document, just updated. Sander said he thought he found the section that Éric was referring to, which was from RFC7608 (IPv6 prefix length recommendations for forwarding), which mentions that prefix lengths longer than /64 must be supported in forwarding. Éric said the other two RFCs mentioned were removed from the RIPE-554bis document and that the presentation had not been updated to reflect the most recent Google doc. Christoph Berkemeier, DB Station & Service AG, asked whether Jan was aware of automated or semi-automated test scripts/environments for the recommendations. Jan responded that this was a mistake many people were making, and that the document was meant to be used as a template. He said that, for example, "if support for tunnelling and duo-stack is required, the device must support basic transition mechanisms for IPv6 hosts and routers" then it could be technically possible to build a script to test this, but you would need to include everything you want and need, which would be complicated. He said that you need to take the parts of the document that apply to your situation. But, he said, if someone wanted to build something like that, then he would be happy to include it. Sander said that Blake Willis was referring on the chat to the University of New Hampshire's independent testing lab. Jan said there are asterisks on some of the requirements in the draft policy that indicate they are being tested. Jan asked the collective whether there was consensus. Benedikt said that no one would complain if they wanted to do the work. Raymond said he was happy to move forward but suggested leaving the mailing list open until the following Wednesday for any other potential objections to consensus, which Jan agreed to. Jan and Raymond thanked everyone for their hard work. Raymond thanked the scribe and said that there had been no comments on the minutes from RIPE 82, which had been online for some time, so declared them approved. He said that he hoped to see everyone at a meeting in person soon and closed the session. Rgds, Ray
Hola all, I'll add something that I also mentioned in the WG chat during the call (but did not want to waste the call's time with) and that I told Nico before he copied the SixXS ULA list (Nico asked if he could btw and as the page says one can) and what has been told to many people in the background too over the last ~15 years:
The SixXS ULA Registry was a practical joke !!!! <<<<<
Many people fell and are still falling for it, it was just a big test to see who and why and how many: ULA is so random (if done right) you will never collide with another /48. The ULA RFC https://datatracker.ietf.org/doc/html/rfc4193/#section-3.2.3 shows a nice table: even if you would make 10.000 connections to other networks, the probability that you have a collision is 4.54*10^-05 ... Anybody want to play the lottery instead, because you will have better odds, or you know a plane crash would have better odds.. (See randomly first hit in elducky: https://www.thebalance.com/what-are-the-odds-of-winning-the-lottery-3306232) The fun thing was, there have been multiple times that there had been a collision in the SixXS ULA registry: because people did not randomly generate their prefix, but just picked fd42:dead:f00d::/48 and similar things (most of those have been culled from the SixXS ULA registry, as they did not belong there... as they are not properly generated, if one did generate that, play the lottery and watch out for planes and sharks...) The moment you want a 'check if the prefix is used' you got the RIR system: somebody needs to maintain that list of numbers. That is why ULA-C went nowhere, as it would just be a new RIR. The other thing is: everything that gets connected will want Internet access at one point or another. Using RIR-provided address space solves all of that: - one does not have to route (all of) a prefix you get - one has a central unique registry with WHOIS for contact info - one has functional reverse DNS (but did people not want 'disconnected' networks!?) Nevertheless, I also think this is an IETF matter, where over the years this has been discussed to death: ULA-C never went anywhere, because it is solved already with real addresses. Any LIR could simply take a /32 out of their prefix and delegate it for "disconnected use"... seeing that there are bunches of LIRs doing that kind of 'business' already, .... solved problem all of it, not? Greets, Jeroen
On 9 Dec 2021, at 10:29, Jeroen Massar via ipv6-wg <ipv6-wg@ripe.net> wrote:
Any LIR could simply take a /32 out of their prefix and delegate it for "disconnected use"... seeing that there are bunches of LIRs doing that kind of 'business' already, .... solved problem all of it, not?
All, This sentence triggered me, knowing that back in the days we had looked at it. So a colleague was kind enough to cobble together some fresh scripts and put the two data sets next to each other… At the moment we count 24043 IPv6 allocations and assignments, comparing those to the routing information collected by RIS: 8773 are seen as exact match in RIS 2648 have at least one "more specific" route in RIS 12622 are not seen at all Now of course no doubt RIS has a few blindspots, so there is a level of inaccuracy here, also because this is based on a single snapshot taken somewhere yesterday afternoon, which means we may have come across an outage somewhere. Anyway, ballpark 50% of the IPv6 space could be categorised as "disconnected". As we probably all very well know, deployment takes time so probably soe of these are "in the pipeline" and hopefully will be seen and "connected" very soon. Yet, in my personal view the number is still somewhat high. There might be a few who purposely choose not to announce (all of) their IPv6 address space. But I suspect that is not the 12k+ we observe right now. Maybe not to far off to conclude that the address allocations outpace deployments or turning that on its side: "getting address space is not the cause of the delayed deployment". I just leave it here as a datapoint, but if anybody has any bright ideas to get more space visible because of deployment, no doubt many are interested. Best, MarcoH PS: thanks Rene!
Good morning everyone, a follow up from the RIPE83 IPv6 WG meeting: I had a few talk afterwards and at I got the feeling that "not to ULA, but to GUA" would be the most sustainable way forward. ## Motivation The Motivation is: - with GUA, potential connectivity to the Internet later does not require renumbering - with GUA, reverse DNS is easily possible We had a bit of a discussion on the IETF mailing list before [0] and this comes with the obvious question "who is going to pay for it", where "it" is mainly related to building, maintaining and supporting such space. ## Target Audience ("consumer") The target audience is "organisation who cannot afford to become an LIR" [1], because if an organisation can become an LIR, they preferably should. ## Target Audience ("provider") Coming back to the who is going to provide such a thing, I believe this might require sponsoring from one or more organisations. Obviously ungleich as an Open Source/IPv6 provider is in for this, but I think it would be beneficial if a couple of "core members" would drive such a project. ## Project structure In particular I imagine a free GUA service to be split into two phases: * Initial setup (see below) * Running / Maintenance / Support ## Initial setup As the ULA registry [2] is fully open source and a django project, it could potentially be used as a code basis. Aside from the actual self service portal, other issues need to be addressed: * Integration with the RIRs (mostly: whois DBs) * Definition of policies * Definition of support channels ## Running / Maintenance / Support Now in the spirit of GUA space for community projects, I would envision not *one*, but potentially *many* free GUA registries, potentially using the same code base, but offering different policies. This would allow registries with different objectives: * A free GUA registry for a particular territory (f.i. "North of Swiss Alps") * A free GUA registry for a particular target group (f.i. "Only for hackers") * A free GUA registry with non-monetary conditions [3] And this brings me to the final aspect: ## Decentralised, free GUA registries IPv6 can be a real enabler for decentralisation, because everything can be made accessible. The very same principle also applies for a free GUA registry: instead of having one free GUA registry, nothing would speak against having multiple of them. As a matter of fact, it might even be a good tone as an involved LIR to provide some free GUA space. Anyone thinking of HE.net right now? Yes, that's the direction I am thinking: Free GUA registries as a concept that can easily be cloned and re-applied. ## Next steps: RFC / CfP So how to go from here? I would be interested in an exchange on this mailing list and also to hear if there are other parties here that would be interested in helping out, either by - reviewing the proposal, - coding, - helping in the policy area, - supporting the first free GUA registry (read: handling support requests), - maintining the first free GUA registry (read: keeping the platform up-to-date), - or contributing financially One of the unclear items from my side is whether or not there should be some governing organisations like a foundation, but I guess this can be clarified on the way. All that said, I am very much looking forward to hearing your opinions. Best regards from 50cm of snow[4], Nico [0] https://mailarchive.ietf.org/arch/msg/ipv6/fFpPHY55pwKlEopyyAZyZI8azg0/ [1] Community networks, NPO, NGO, Maker spaces, maybe even SME are target groups that come to my mind / are organisations I talked to. [2] https://ungleich.ch/u/projects/ipv6ula/ [3] I don't want to elaborate to much on this one already as it has a lot of discussion potential - but the motivation is as follows: community projects usually don't have money, but time. So instead of having users pay some kind of a fee by time, a payment by "proof of work" might be feasible. The details of such an arrangement can be complex, but there might also be easy solutions for it. To be discussed & decided. [4] https://www.openstreetmap.org/#map=18/46.95037/9.03041&layers=N Marco Hogewoning <marcoh@ripe.net> writes:
On 9 Dec 2021, at 10:29, Jeroen Massar via ipv6-wg <ipv6-wg@ripe.net> wrote:
Any LIR could simply take a /32 out of their prefix and delegate it for "disconnected use"... seeing that there are bunches of LIRs doing that kind of 'business' already, .... solved problem all of it, not?
All,
This sentence triggered me, knowing that back in the days we had looked at it. So a colleague was kind enough to cobble together some fresh scripts and put the two data sets next to each other…
At the moment we count 24043 IPv6 allocations and assignments, comparing those to the routing information collected by RIS:
8773 are seen as exact match in RIS 2648 have at least one "more specific" route in RIS 12622 are not seen at all
Now of course no doubt RIS has a few blindspots, so there is a level of inaccuracy here, also because this is based on a single snapshot taken somewhere yesterday afternoon, which means we may have come across an outage somewhere.
Anyway, ballpark 50% of the IPv6 space could be categorised as "disconnected". As we probably all very well know, deployment takes time so probably soe of these are "in the pipeline" and hopefully will be seen and "connected" very soon.
Yet, in my personal view the number is still somewhat high. There might be a few who purposely choose not to announce (all of) their IPv6 address space. But I suspect that is not the 12k+ we observe right now. Maybe not to far off to conclude that the address allocations outpace deployments or turning that on its side: "getting address space is not the cause of the delayed deployment".
I just leave it here as a datapoint, but if anybody has any bright ideas to get more space visible because of deployment, no doubt many are interested.
Best,
MarcoH PS: thanks Rene!
-- Sustainable and modern Infrastructures by ungleich.ch
Hi Nico, On Mon, Dec 20, 2021 at 6:24 AM Nico Schottelius via ipv6-wg <ipv6-wg@ripe.net> wrote:
Good morning everyone,
a follow up from the RIPE83 IPv6 WG meeting: I had a few talk afterwards and at I got the feeling that "not to ULA, but to GUA" would be the most sustainable way forward.
## Motivation
The Motivation is:
- with GUA, potential connectivity to the Internet later does not require renumbering - with GUA, reverse DNS is easily possible
I don't understand the motivation. What kind of organisation would have so much "not Internet connected" infrastructure that renumbering would be a significant burden but not be able to afford the RIPE NCC's annual membership fee? Looking at the fees published at https://www.ripe.net/publications/ripe-ncc-organisational-documents/charging... they appear to have gone down over the last decade. Is there a class of organisation that has lots of infrastructure but can't budget for these relatively modest annual fees? And if the registry or registries you propose are charging so much less, or even free at the point of use, how can they provide a resilient and robust set of registry and DNS services that will last for as long as the users need? I'd love to get a better understanding of the needs of the anticipated user base and the risks that they need to protect themselves from. Many thanks, Leo
There is a much bigger problem than the hassle with RIPE formalities and fees. It is the size of the Internet table. If just businesses would get PA addresses (GUA) then all routers on the Internet would need a 30M routing table (30x from now, routers now have 1-4M now) If subscribers would join this club then the Internet table should grow to 2B. It is impossible even for 2100 year. Good chances that the world would revert back to IPv4 NAT under such circumstances because IPv6 would just crash. Stability ("no renumbering") should be achieved by ULA. No choice. Eduard -----Original Message----- From: ipv6-wg [mailto:ipv6-wg-bounces@ripe.net] On Behalf Of Leo Vegoda Sent: Monday, December 20, 2021 6:04 PM To: Nico Schottelius <nico.schottelius@ungleich.ch> Cc: Marco Hogewoning <marcoh@ripe.net>; ipv6-wg@ripe.net Subject: Re: [ipv6-wg] Free GUA space for community projects [CfP/RFC] (was: Minutes from the IPv6 WG @ RIPE 83) Hi Nico, On Mon, Dec 20, 2021 at 6:24 AM Nico Schottelius via ipv6-wg <ipv6-wg@ripe.net> wrote:
Good morning everyone,
a follow up from the RIPE83 IPv6 WG meeting: I had a few talk afterwards and at I got the feeling that "not to ULA, but to GUA" would be the most sustainable way forward.
## Motivation
The Motivation is:
- with GUA, potential connectivity to the Internet later does not require renumbering - with GUA, reverse DNS is easily possible
I don't understand the motivation. What kind of organisation would have so much "not Internet connected" infrastructure that renumbering would be a significant burden but not be able to afford the RIPE NCC's annual membership fee? Looking at the fees published at https://www.ripe.net/publications/ripe-ncc-organisational-documents/charging... they appear to have gone down over the last decade. Is there a class of organisation that has lots of infrastructure but can't budget for these relatively modest annual fees? And if the registry or registries you propose are charging so much less, or even free at the point of use, how can they provide a resilient and robust set of registry and DNS services that will last for as long as the users need? I'd love to get a better understanding of the needs of the anticipated user base and the risks that they need to protect themselves from. Many thanks, Leo -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ipv6-wg
Hi, On Tue, Dec 21, 2021 at 09:18:16AM +0000, Vasilenko Eduard via ipv6-wg wrote:
Stability ("no renumbering") should be achieved by ULA. No choice.
Renumbering a SoHo network (= mostly unmanaged, there is some sort of plastic router and a cable + wifi, no DNS records beyond mDNS / AD, etc) is not actually hard. Now, multihoming a SoHo network with homenet and Dual-/48s, *that* would have been some great stuff... Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Hi Eduard, On Tue, Dec 21, 2021 at 1:18 AM Vasilenko Eduard <vasilenko.eduard@huawei.com> wrote:
There is a much bigger problem than the hassle with RIPE formalities and fees. It is the size of the Internet table. If just businesses would get PA addresses (GUA) then all routers on the Internet would need a 30M routing table (30x from now, routers now have 1-4M now) If subscribers would join this club then the Internet table should grow to 2B. It is impossible even for 2100 year. Good chances that the world would revert back to IPv4 NAT under such circumstances because IPv6 would just crash.
Stability ("no renumbering") should be achieved by ULA. No choice.
Can you explain why so many small and medium sized businesses would want unique stable addresses? I can see the need in large, managed networks but my experience of networks in small and medium sized organisations is that there is no systematic management of any kind at all. They just plug stuff in and expect it to work. Regards, Leo
Hi Leo, Almost any business (even small) would like to have Internet resiliency in the form of redundant connections through the different Carriers. Then hosts should have PA addresses from different carriers. Hosts are not capable to choose properly which one address to choose for the particular flow. If the address of Carrier 1 would be used as the source for the packet going to Carrier2 then Carrier2 would drop the packet as a result of spoofing protection (uRPF check). If the connection to the carrier is lost then the respective PA address should be withdrawn (by the way, not resolved problem in IETF). There are only 2 currently available solutions for Internet connections resiliency: 1. Request PI from RIR. Then the Internet table would be the size of all businesses in the world. 2. Use ULA internally and NPT (prefix translation to proper PA) on the CPEs connecting to the Carrier. We are pushing to fix ND to open the opportunity for other solutions: https://datatracker.ietf.org/doc/html/draft-vv-6man-nd-prefix-robustness-01 But looks like nobody cares. Even for the non-redundant site, ULA is needed to preserve the local communication when the site is disconnected. Eduard -----Original Message----- From: Leo Vegoda [mailto:leo@vegoda.org] Sent: Tuesday, December 21, 2021 5:04 PM To: Vasilenko Eduard <vasilenko.eduard@huawei.com> Cc: Nico Schottelius <nico.schottelius@ungleich.ch>; Marco Hogewoning <marcoh@ripe.net>; ipv6-wg@ripe.net Subject: Re: [ipv6-wg] Free GUA space for community projects [CfP/RFC] (was: Minutes from the IPv6 WG @ RIPE 83) Hi Eduard, On Tue, Dec 21, 2021 at 1:18 AM Vasilenko Eduard <vasilenko.eduard@huawei.com> wrote:
There is a much bigger problem than the hassle with RIPE formalities and fees. It is the size of the Internet table. If just businesses would get PA addresses (GUA) then all routers on the Internet would need a 30M routing table (30x from now, routers now have 1-4M now) If subscribers would join this club then the Internet table should grow to 2B. It is impossible even for 2100 year. Good chances that the world would revert back to IPv4 NAT under such circumstances because IPv6 would just crash.
Stability ("no renumbering") should be achieved by ULA. No choice.
Can you explain why so many small and medium sized businesses would want unique stable addresses? I can see the need in large, managed networks but my experience of networks in small and medium sized organisations is that there is no systematic management of any kind at all. They just plug stuff in and expect it to work. Regards, Leo
Hi, On Wed, Dec 22, 2021 at 08:09:59AM +0000, Vasilenko Eduard via ipv6-wg wrote:
Almost any business (even small) would like to have Internet resiliency in the form of redundant connections through the different Carriers. Then hosts should have PA addresses from different carriers.
Hosts are not capable to choose properly which one address to choose for the particular flow. If the address of Carrier 1 would be used as the source for the packet going to Carrier2 then Carrier2 would drop the packet as a result of spoofing protection (uRPF check).
If the connection to the carrier is lost then the respective PA address should be withdrawn (by the way, not resolved problem in IETF).
There are only 2 currently available solutions for Internet connections resiliency: 1. Request PI from RIR. Then the Internet table would be the size of all businesses in the world. 2. Use ULA internally and NPT (prefix translation to proper PA) on the CPEs connecting to the Carrier.
3. use proper source based routing on the ISP routers -> see homenet WG. Of course NAT is good (https://www.youtube.com/watch?v=v26BAlfWBm8) but not really needed here. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
3. use proper source based routing on the ISP routers -> see homenet WG. a) homenet is not available on real products b) if a particular resource is in the walled garden of one Carrier (access from other carriers are filtered), then source routing would not help, proper source address should be chosen first on the host. Only NPT resolves this situation now. c) homenet did not try to resolve ND problems of proper withdrawal for stale prefixes. If uplink to one carrier would be lost - it does not discuss how it would be informed to the hosts on the first hop. Hence, no - solution 3 does not exist. Ed/ -----Original Message----- From: Gert Doering [mailto:gert@space.net] Sent: Wednesday, December 22, 2021 11:18 AM To: Vasilenko Eduard <vasilenko.eduard@huawei.com> Cc: Leo Vegoda <leo@vegoda.org>; Marco Hogewoning <marcoh@ripe.net>; ipv6-wg@ripe.net Subject: Re: [ipv6-wg] Free GUA space for community projects [CfP/RFC] (was: Minutes from the IPv6 WG @ RIPE 83) Hi, On Wed, Dec 22, 2021 at 08:09:59AM +0000, Vasilenko Eduard via ipv6-wg wrote:
Almost any business (even small) would like to have Internet resiliency in the form of redundant connections through the different Carriers. Then hosts should have PA addresses from different carriers.
Hosts are not capable to choose properly which one address to choose for the particular flow. If the address of Carrier 1 would be used as the source for the packet going to Carrier2 then Carrier2 would drop the packet as a result of spoofing protection (uRPF check).
If the connection to the carrier is lost then the respective PA address should be withdrawn (by the way, not resolved problem in IETF).
There are only 2 currently available solutions for Internet connections resiliency: 1. Request PI from RIR. Then the Internet table would be the size of all businesses in the world. 2. Use ULA internally and NPT (prefix translation to proper PA) on the CPEs connecting to the Carrier.
3. use proper source based routing on the ISP routers -> see homenet WG. Of course NAT is good (https://www.youtube.com/watch?v=v26BAlfWBm8) but not really needed here. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Hi, On Wed, Dec 22, 2021 at 08:33:40AM +0000, Vasilenko Eduard wrote:
3. use proper source based routing on the ISP routers -> see homenet WG.
a) homenet is not available on real products
Your employer is in a situation to fix that.
b) if a particular resource is in the walled garden of one Carrier (access from other carriers are filtered), then source routing would not help, proper source address should be chosen first on the host. Only NPT resolves this situation now.
How can a NPT based solution know that "ISP A" is a walled garden? How will a NPT based solution create proper router redundancy? Terminating both ISPs on the same router is not what I'd call "redundant connections".
c) homenet did not try to resolve ND problems of proper withdrawal for stale prefixes. If uplink to one carrier would be lost - it does not discuss how it would be informed to the hosts on the first hop.
This has been addressed independent of Homenet, because it affects ISP flash renumbering as well.
Hence, no - solution 3 does not exist.
If phrased that way, neither do "solution 1" or "solution 2" today. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Hi Gert,
How can a NPT based solution know that "ISP A" is a walled garden? By DNS. I did stress below that host has the same ULA in all cases (no need for the choice of proper GUA). Wherever routing or source routing would push the traffic, it would be the possibility for the last CPE (in front of Carrier) to NPT to proper GUA.
How will a NPT based solution create proper router redundancy? Terminating both ISPs on the same router is not what I'd call "redundant connections". It is not mandatory. NPT Routers could be different. Like it was for NAT44. The design could be simple with uncontrolled load balancing between CPEs or it could be source-routing - it is up to the Admin.
This has been addressed independent of Homenet, because it affects ISP flash renumbering as well. The current solution that is accepted in 6man is to cut the preferred lifetime from 1 week to 2h. IMHO: there is no solution in the discussion for "flash renumbering". I have heard from many people that "it is not important" problem. I do believe it is important: https://datatracker.ietf.org/doc/html/draft-vv-6man-nd-prefix-robustness-01
Eduard -----Original Message----- From: Gert Doering [mailto:gert@space.net] Sent: Wednesday, December 22, 2021 11:37 AM To: Vasilenko Eduard <vasilenko.eduard@huawei.com> Cc: Gert Doering <gert@space.net>; Leo Vegoda <leo@vegoda.org>; Marco Hogewoning <marcoh@ripe.net>; ipv6-wg@ripe.net Subject: Re: [ipv6-wg] Free GUA space for community projects [CfP/RFC] (was: Minutes from the IPv6 WG @ RIPE 83) Hi, On Wed, Dec 22, 2021 at 08:33:40AM +0000, Vasilenko Eduard wrote:
3. use proper source based routing on the ISP routers -> see homenet WG.
a) homenet is not available on real products
Your employer is in a situation to fix that.
b) if a particular resource is in the walled garden of one Carrier (access from other carriers are filtered), then source routing would not help, proper source address should be chosen first on the host. Only NPT resolves this situation now.
How can a NPT based solution know that "ISP A" is a walled garden? How will a NPT based solution create proper router redundancy? Terminating both ISPs on the same router is not what I'd call "redundant connections".
c) homenet did not try to resolve ND problems of proper withdrawal for stale prefixes. If uplink to one carrier would be lost - it does not discuss how it would be informed to the hosts on the first hop.
This has been addressed independent of Homenet, because it affects ISP flash renumbering as well.
Hence, no - solution 3 does not exist.
If phrased that way, neither do "solution 1" or "solution 2" today. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Hi Eduard, On Wed, Dec 22, 2021 at 12:10 AM Vasilenko Eduard <vasilenko.eduard@huawei.com> wrote:
Hi Leo, Almost any business (even small) would like to have Internet resiliency in the form of redundant connections through the different Carriers.
That is not my experience. In my experience, small and medium sized business owners would prefer to pay a little extra for a more resilient service from a single provider than double up on the procurement, accounting, and equipment needed when taking service from two different providers. I think my experience is most true in areas where IP services tend to be provided over infrastructure owned by a monopoly provider. Is there any research that can take us out of the realm of anecdote? Kind regards, Leo
Hi Leo, Real resiliency is possible only if everything is redundant, including the last mile. What is the point to rent 2 fiber strands or 2 copper pairs in one cable? This cable would be cut at the same time. The non-redundant L2 device that has been used to connect this fiber may fail at the same time. No one carrier in the world could double last-mile infrastructure. Access is 70% of their cost. Access is always non-redundant. Moreover, access itself is typically non-redundant (just aggregation switches) couple of hops from the last mile. Well, some Carriers have redundancy on the next nodes upstream. I am long enough on this market. I have seen many cases when different types of businesses were trying to do redundancy for the Internet. Of course, they prefer 2 different wireline providers, but in the majority of cases, they do not have a choice between wireline providers. Hence, the second link was 3GPP in most cases. 3GPP could be from the same Carrier as PON, but I have never heard about good coordination between wireline and wireless departments - they act as independent Carriers. PS: In regards to anecdotes: I am not hired/paid to collect proper information and prove anything here. It is just my opinion based on my 25 years of experience. The real anecdote in the industry is that there is only ULA+NPT that works for Internet site resiliency. Everything else is broken for some reason. Not many people know this anecdote. Eduard -----Original Message----- From: Leo Vegoda [mailto:leo@vegoda.org] Sent: Wednesday, December 22, 2021 5:39 PM To: Vasilenko Eduard <vasilenko.eduard@huawei.com> Cc: Nico Schottelius <nico.schottelius@ungleich.ch>; Marco Hogewoning <marcoh@ripe.net>; ipv6-wg@ripe.net Subject: Re: [ipv6-wg] Free GUA space for community projects [CfP/RFC] (was: Minutes from the IPv6 WG @ RIPE 83) Hi Eduard, On Wed, Dec 22, 2021 at 12:10 AM Vasilenko Eduard <vasilenko.eduard@huawei.com> wrote:
Hi Leo, Almost any business (even small) would like to have Internet resiliency in the form of redundant connections through the different Carriers.
That is not my experience. In my experience, small and medium sized business owners would prefer to pay a little extra for a more resilient service from a single provider than double up on the procurement, accounting, and equipment needed when taking service from two different providers. I think my experience is most true in areas where IP services tend to be provided over infrastructure owned by a monopoly provider. Is there any research that can take us out of the realm of anecdote? Kind regards, Leo
Hi Eduard, While I'm sure we can all agree that resilient and reliable Internet access is a good thing, I think it is quite a leap from that to most small businesses both wanting it and having a realistic option. And then needing not just a ULA with a ridiculously low probability of prefix clashes on site merger events to needing a registered prefix that offers everything available from an RIR except for Internet routability. I'm not convinced that the market either desires or needs registered ULAs. Regards, Leo On Thu, Dec 23, 2021 at 1:02 AM Vasilenko Eduard <vasilenko.eduard@huawei.com> wrote:
Hi Leo, Real resiliency is possible only if everything is redundant, including the last mile. What is the point to rent 2 fiber strands or 2 copper pairs in one cable? This cable would be cut at the same time. The non-redundant L2 device that has been used to connect this fiber may fail at the same time. No one carrier in the world could double last-mile infrastructure. Access is 70% of their cost. Access is always non-redundant. Moreover, access itself is typically non-redundant (just aggregation switches) couple of hops from the last mile. Well, some Carriers have redundancy on the next nodes upstream.
I am long enough on this market. I have seen many cases when different types of businesses were trying to do redundancy for the Internet. Of course, they prefer 2 different wireline providers, but in the majority of cases, they do not have a choice between wireline providers. Hence, the second link was 3GPP in most cases. 3GPP could be from the same Carrier as PON, but I have never heard about good coordination between wireline and wireless departments - they act as independent Carriers.
PS: In regards to anecdotes: I am not hired/paid to collect proper information and prove anything here. It is just my opinion based on my 25 years of experience.
The real anecdote in the industry is that there is only ULA+NPT that works for Internet site resiliency. Everything else is broken for some reason. Not many people know this anecdote.
Eduard -----Original Message----- From: Leo Vegoda [mailto:leo@vegoda.org] Sent: Wednesday, December 22, 2021 5:39 PM To: Vasilenko Eduard <vasilenko.eduard@huawei.com> Cc: Nico Schottelius <nico.schottelius@ungleich.ch>; Marco Hogewoning <marcoh@ripe.net>; ipv6-wg@ripe.net Subject: Re: [ipv6-wg] Free GUA space for community projects [CfP/RFC] (was: Minutes from the IPv6 WG @ RIPE 83)
Hi Eduard,
On Wed, Dec 22, 2021 at 12:10 AM Vasilenko Eduard <vasilenko.eduard@huawei.com> wrote:
Hi Leo, Almost any business (even small) would like to have Internet resiliency in the form of redundant connections through the different Carriers.
That is not my experience. In my experience, small and medium sized business owners would prefer to pay a little extra for a more resilient service from a single provider than double up on the procurement, accounting, and equipment needed when taking service from two different providers. I think my experience is most true in areas where IP services tend to be provided over infrastructure owned by a monopoly provider.
Is there any research that can take us out of the realm of anecdote?
Kind regards,
Leo
Hi Leo, I did not say anything about "registered ULAs". Registration initiative has a lot of pros and cons. I am not sure. I did react to the claim that ULA is not needed. Because I am sure that ULA is very much needed. It is the only way to keep Internet table at reasonable size. Or else businesses would blow it up by PI. Eduard -----Original Message----- From: Leo Vegoda [mailto:leo@vegoda.org] Sent: Thursday, December 23, 2021 6:18 PM To: Vasilenko Eduard <vasilenko.eduard@huawei.com> Cc: Nico Schottelius <nico.schottelius@ungleich.ch>; Marco Hogewoning <marcoh@ripe.net>; ipv6-wg@ripe.net Subject: Re: [ipv6-wg] Free GUA space for community projects [CfP/RFC] (was: Minutes from the IPv6 WG @ RIPE 83) Hi Eduard, While I'm sure we can all agree that resilient and reliable Internet access is a good thing, I think it is quite a leap from that to most small businesses both wanting it and having a realistic option. And then needing not just a ULA with a ridiculously low probability of prefix clashes on site merger events to needing a registered prefix that offers everything available from an RIR except for Internet routability. I'm not convinced that the market either desires or needs registered ULAs. Regards, Leo On Thu, Dec 23, 2021 at 1:02 AM Vasilenko Eduard <vasilenko.eduard@huawei.com> wrote:
Hi Leo, Real resiliency is possible only if everything is redundant, including the last mile. What is the point to rent 2 fiber strands or 2 copper pairs in one cable? This cable would be cut at the same time. The non-redundant L2 device that has been used to connect this fiber may fail at the same time. No one carrier in the world could double last-mile infrastructure. Access is 70% of their cost. Access is always non-redundant. Moreover, access itself is typically non-redundant (just aggregation switches) couple of hops from the last mile. Well, some Carriers have redundancy on the next nodes upstream.
I am long enough on this market. I have seen many cases when different types of businesses were trying to do redundancy for the Internet. Of course, they prefer 2 different wireline providers, but in the majority of cases, they do not have a choice between wireline providers. Hence, the second link was 3GPP in most cases. 3GPP could be from the same Carrier as PON, but I have never heard about good coordination between wireline and wireless departments - they act as independent Carriers.
PS: In regards to anecdotes: I am not hired/paid to collect proper information and prove anything here. It is just my opinion based on my 25 years of experience.
The real anecdote in the industry is that there is only ULA+NPT that works for Internet site resiliency. Everything else is broken for some reason. Not many people know this anecdote.
Eduard -----Original Message----- From: Leo Vegoda [mailto:leo@vegoda.org] Sent: Wednesday, December 22, 2021 5:39 PM To: Vasilenko Eduard <vasilenko.eduard@huawei.com> Cc: Nico Schottelius <nico.schottelius@ungleich.ch>; Marco Hogewoning <marcoh@ripe.net>; ipv6-wg@ripe.net Subject: Re: [ipv6-wg] Free GUA space for community projects [CfP/RFC] (was: Minutes from the IPv6 WG @ RIPE 83)
Hi Eduard,
On Wed, Dec 22, 2021 at 12:10 AM Vasilenko Eduard <vasilenko.eduard@huawei.com> wrote:
Hi Leo, Almost any business (even small) would like to have Internet resiliency in the form of redundant connections through the different Carriers.
That is not my experience. In my experience, small and medium sized business owners would prefer to pay a little extra for a more resilient service from a single provider than double up on the procurement, accounting, and equipment needed when taking service from two different providers. I think my experience is most true in areas where IP services tend to be provided over infrastructure owned by a monopoly provider.
Is there any research that can take us out of the realm of anecdote?
Kind regards,
Leo
Hi Eduard, On Thu, Dec 23, 2021 at 11:55 PM Vasilenko Eduard <vasilenko.eduard@huawei.com> wrote:
Hi Leo, I did not say anything about "registered ULAs". Registration initiative has a lot of pros and cons. I am not sure.
I did react to the claim that ULA is not needed. Because I am sure that ULA is very much needed.
Ah, I misunderstood you. Sorry. Kind regards, Leo
Hey Eduard, Vasilenko Eduard <vasilenko.eduard@huawei.com> writes:
There is a much bigger problem than the hassle with RIPE formalities and fees. It is the size of the Internet table.
While the size of the global table is a concern, using it as an argument for reducing access to global IPv6 addresses feels wrong to me. For the sake of the routing table, it would be best if only a handful of companies are in the Internet, the best would be very centralised Internet at a single location.
From my perspective, this is the opposite of how the Internet is supposed to work - in a robust and decentralised fashion.
Keeping the global routing table manageable is a valid concern, but I don't think it's a good argument for preventing organisations to get their own /48 and connect to the Internet. Aside from that, it is probably not realistic that billions of users are opting in for getting a) their unique address space and b) getting and connected to the global Internet. Best regards, Nico -- Sustainable and modern Infrastructures by ungleich.ch
Hi Nico, I agree that ordinary subscribers would probably not request Internet redundancy. Hence, no need for PI. But just small businesses could drive the Internet table well beyond what is possible for hardware in this century. Unfortunately, Nobody is interested in the 3rd alternative: to fix current protocols (primarily ND and Source Address Selection on the host) to support PAs from many Carriers at the same time. Eduard -----Original Message----- From: Nico Schottelius [mailto:nico.schottelius@ungleich.ch] Sent: Friday, December 24, 2021 12:20 AM To: Vasilenko Eduard <vasilenko.eduard@huawei.com> Cc: Leo Vegoda <leo@vegoda.org>; Nico Schottelius <nico.schottelius@ungleich.ch>; Marco Hogewoning <marcoh@ripe.net>; ipv6-wg@ripe.net Subject: Re: [ipv6-wg] Free GUA space for community projects [CfP/RFC] (was: Minutes from the IPv6 WG @ RIPE 83) Hey Eduard, Vasilenko Eduard <vasilenko.eduard@huawei.com> writes:
There is a much bigger problem than the hassle with RIPE formalities and fees. It is the size of the Internet table.
While the size of the global table is a concern, using it as an argument for reducing access to global IPv6 addresses feels wrong to me. For the sake of the routing table, it would be best if only a handful of companies are in the Internet, the best would be very centralised Internet at a single location.
From my perspective, this is the opposite of how the Internet is supposed to work - in a robust and decentralised fashion.
Keeping the global routing table manageable is a valid concern, but I don't think it's a good argument for preventing organisations to get their own /48 and connect to the Internet. Aside from that, it is probably not realistic that billions of users are opting in for getting a) their unique address space and b) getting and connected to the global Internet. Best regards, Nico -- Sustainable and modern Infrastructures by ungleich.ch
Hey Leo, Leo Vegoda <leo@vegoda.org> writes:
## Motivation
The Motivation is:
- with GUA, potential connectivity to the Internet later does not require renumbering - with GUA, reverse DNS is easily possible
I don't understand the motivation. What kind of organisation would have so much "not Internet connected" infrastructure that renumbering would be a significant burden but not be able to afford the RIPE NCC's annual membership fee?
This is basically any community driven organisation which consist of volunteers.
Looking at the fees published at https://www.ripe.net/publications/ripe-ncc-organisational-documents/charging... they appear to have gone down over the last decade. Is there a class of organisation that has lots of infrastructure but can't budget for these relatively modest annual fees?
While I am not arguing against RIPE's (or ARIN or any RIR) fee, we are talking about 1400 Euro yearly, or roughly 100 Euro/month. Doesn't sounds a lot, but is quite a committment from what I can see. I am aware of clubs or organisations which are barely making a 0 at the end of the month or year in terms of finances. But I think you have a point, the question is who cannot afford it and who would actually be interested in it. To clarify this question, I've setup a small survey on https://ungleich.ch/u/blog/2021-12-23-ipv6-addresses-for-free/
And if the registry or registries you propose are charging so much less, or even free at the point of use, how can they provide a resilient and robust set of registry and DNS services that will last for as long as the users need?
The idea would be to go with a sponsored (companies/organisations) or volunteer based service matching the target audience.
I'd love to get a better understanding of the needs of the anticipated user base and the risks that they need to protect themselves from.
<claim> The status quo is: - Community projects use ULA, because it's easy and free <---------------------------------| - ULA does not have an official registry (and seems to be unlikely that we go there) | - GUA might be an easy way out of this | - However GUA costs real money -------------------------------------------------------------| </claim> And the motivation is to reach: - Community projects can use GUA for free <--| \------------------------------------------| Does it make sense? Cheers, Nico -- Sustainable and modern Infrastructures by ungleich.ch
Hi Nico, On Thu, Dec 23, 2021 at 1:12 PM Nico Schottelius <nico.schottelius@ungleich.ch> wrote: [...]
The status quo is:
- Community projects use ULA, because it's easy and free <---------------------------------| - ULA does not have an official registry (and seems to be unlikely that we go there) | - GUA might be an easy way out of this | - However GUA costs real money -------------------------------------------------------------| </claim>
ULA does not have a registry because it is highly improbable that there will be prefix clashes because the available space is so vast. That is why it can be free and users can feel comfortable that their prefix is unique.
And the motivation is to reach:
- Community projects can use GUA for free <--| \------------------------------------------|
Does it make sense?
You suggest that the users should get registration and DNS for free but someone else should pay for it. Who should pay and why would they do so? And why would this commitment to fund a registry over multiple decades be considered reliable enough that the users who pay nothing should put their trust in it? Kind regards, Leo
The status quo is:
- Community projects use ULA, because it's easy and free <---------------------------------| - ULA does not have an official registry (and seems to be unlikely that we go there) | - GUA might be an easy way out of this | - However GUA costs real money -------------------------------------------------------------| </claim>
ULA does not have a registry because it is highly improbable that there will be prefix clashes because the available space is so vast.
... if generated truly randomly and people would not tend towards using "feed", "f00d", "cafe" or other words [0] in their IPv6 networks, yes. However even if you check the original sixxs registry or our import of it or if you check the DN42 registry, both contain "not so random values".
That is why it can be free and users can feel comfortable that their prefix is unique.
I think the reality is somewhat different, as users "want to be sure" and thus registries are requested, born and filled - for ULA. Whether or not the actually collision probability is higher or lower than the chance of everyone adding to a registry, which is a different risk to calculate.
And the motivation is to reach:
- Community projects can use GUA for free <--| \------------------------------------------|
Does it make sense?
You suggest that the users should get registration and DNS for free but someone else should pay for it.
Yes and no: - registration: yes - dns, connectivity, routing, associated services: not for free I think the former is mostly a case of "support", while the latter causes real costs and thus costs need to be forwarded.
Who should pay and why would they do so?
For the who: individuals and organisations who think that everyone should have access to GUA.
And why would this commitment to fund a registry over multiple decades be considered reliable enough that the users who pay nothing should put their trust in it?
That is a very good question and the only correct answer I have at the moment is: time has to tell. Thanks a lot for your input, much appreciated. Best regards, Nico [0] https://redmine.ungleich.ch/projects/ipv6/wiki/IPv6_words_-_name_your_networ... -- Sustainable and modern Infrastructures by ungleich.ch
On Thu, Dec 23, 2021 at 1:40 PM Nico Schottelius <nico.schottelius@ungleich.ch> wrote: [...]
ULA does not have a registry because it is highly improbable that there will be prefix clashes because the available space is so vast.
... if generated truly randomly and people would not tend towards using "feed", "f00d", "cafe" or other words [0] in their IPv6 networks, yes. However even if you check the original sixxs registry or our import of it or if you check the DN42 registry, both contain "not so random values".
In those cases where the network is managed but a basic error like this has been made there is little that can be done to save the organisation from its own people. There are plenty of web pages that will generate a prefix for you based on the process described in the RFC e.g. https://cd34.com/rfc4193/ along with lots of open sourced code to do the same. Also, as Jeroen noted [0] on 9 December, the SixXS ULA registry was intended as a joke and we can assume that a good number of the registrations in it were jokes, too. [...]
Who should pay and why would they do so?
For the who: individuals and organisations who think that everyone should have access to GUA.
And why would this commitment to fund a registry over multiple decades be considered reliable enough that the users who pay nothing should put their trust in it?
That is a very good question and the only correct answer I have at the moment is: time has to tell.
I think the IETF will need a more convincing argument if it is to register a /8 of IPv6 space to a speculative registry with an unproven business model. Regards, Leo [0] https://www.ripe.net/ripe/mail/archives/ipv6-wg/2021-December/003751.html
On 20 Dec 2021, at 14:29, Nico Schottelius <nico.schottelius@ungleich.ch> wrote: [..] ## Running / Maintenance / Support
Now in the spirit of GUA space for community projects, I would envision not *one*, but potentially *many* free GUA registries, potentially using the same code base, but offering different policies. This would allow registries with different objectives:
* A free GUA registry for a particular territory (f.i. "North of Swiss Alps") * A free GUA registry for a particular target group (f.i. "Only for hackers") [..]
See https://dn42.dev Hackers already solved their problem by using a chunk of ULA with their own registry. I really do not see who would be using it. But any LIR can just offer a chunk of their space up for 'non routed purposes' that is up to the LIR. Of course, when the LIR folds there is an issue for the user's but if you want independence, become a LIR of use a big one that cannot fold (too big to fail! :) Greets, Jeroen
participants (7)
-
Gert Doering -
Jeroen Massar -
Jetten Raymond -
Leo Vegoda -
Marco Hogewoning -
Nico Schottelius -
Vasilenko Eduard