[128087] in North American Network Operators' Group
Re: Addressing plan exercise for our IPv6 course
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sat Jul 24 13:44:38 2010
From: Owen DeLong <owen@delong.com>
In-Reply-To: <4C4B0BC4.5030908@matthew.at>
Date: Sat, 24 Jul 2010 10:42:19 -0700
To: matthew@matthew.at
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jul 24, 2010, at 8:50 AM, Matthew Kaufman wrote:
> Owen DeLong wrote:
>>=20
>> Why on earth would you do that? Why not just put the =
provider-assigned
>> addresses on the interfaces along side the ULA addresses? Using ULA
>> in that manner is horribly kludgy and utterly unnecessary.
>> =20
> Because, although one of the original goals of IPv6 was for hosts to =
be easily multihomed at multiple addresses like this, host software (and =
even some of the required specifications) isn't really isn't there yet, =
and often the wrong thing happens.
>=20
Host software is there, but, it requires some education on how to =
configure it.
You do have to properly set up the rules for which addresses to use for =
what
communication properly. It breaks less if you forego the ULA brokenness,
but, some people insist for whatever reason.
> Never mind that the timescale for IPv6 deployment, no matter how long =
it is, will be shorter than the timescale for updating PCI, HIPPA, and =
SOX audit checklists to remove the requirements around "hide internal =
topology" and "do not use public addresses on any interface of critical =
hosts".
I expect the PCI changes to be out in less than a year. HIPPA and SOX =
may
take closer to two years, maybe even three.
I don't expect enterprise-wide adoption of IPv6 to be significant in =
less than
5 years. The big push for IPv6 right now needs to be on the =
public-facing
services side which doesn't have hidden topology by definition.
>>=20
>> Why is that easier/cheaper than changing your RAs to the new provider =
and
>> letting the old provider addresses time out?
>> =20
> This would *also* require multihoming to actually work properly, only =
worse as the rules for selecting ULA vs PA routes are usually more right =
than the rules for selecting one PA vs another PA as an outbound =
interface, even if your host does multiple default routes properly. Even =
if all your hosts end up with external connectivity that works, the odds =
that they can reliably talk to each other is low.
>=20
Why use rules for selection... Simply have the RAs contain proper =
priorities
for the ones you want to use at any particular moment and change the RA
priorities as needed.
Owen
