[175185] in North American Network Operators' Group
Re: IPv6 Default Allocation - What size allocation are you giving out
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Oct 10 10:49:02 2014
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAPkb-7Dexwmdyv8-rOYzt7Rjz5MjugmFGtLMKfPu7J_haZ044w@mail.gmail.com>
Date: Fri, 10 Oct 2014 07:45:12 -0700
To: Baldur Norddahl <baldur.norddahl@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Oct 9, 2014, at 3:04 PM, Baldur Norddahl <baldur.norddahl@gmail.com> =
wrote:
> On 9 October 2014 23:18, Roland Dobbins <rdobbins@arbor.net> wrote:
>=20
>>=20
>> On Oct 10, 2014, at 4:13 AM, Baldur Norddahl =
<baldur.norddahl@gmail.com>
>> wrote:
>>=20
>>> My colleges wanted to completely drop using public IP addressing in =
the
>> infrastructure.
>>=20
>> Your colleagues are wrong. Again, see RFC6752.
>>=20
>=20
> Yes, for using private IP addressing RFC 6752 applies and it is why we =
are
> not doing it. But you seem to completely fail to understand that RFC =
6752
> does not apply to the proposed solution. NONE of the problems listed =
in RFC
> 6752 are a problem with using unnumbered interfaces. Traceroute works. =
ICMP
> works. There are no private IP addresses that gets filtered.
>=20
>> I am wondering if all the nay sayers would not agree that is it =
better to
>> have a single public loopback address shared between all my =
interfaces,
>> than to go with private addressing completely?
>>=20
>> This is a false dichotomy.
>>=20
>>> Because frankly, that is the alternative.
>>=20
>> It isn't the only alternative. The *optimal* alternative is to use
>> publicly-routable link addresses, and then protect your =
infrastructure
>> using iACLs, GTSM, CoPP, et. al.
>>=20
>>=20
> I will as soon as you send me the check to buy addresses for all my =
links.
> I got a few.
>=20
> But it appears you do not realize that we ARE using public IPs for our
> infrastructure. And we ARE using ACLs for protecting it. We are not =
using
> addresses for LINKS, neither public nor private. And it is not for =
security
> but to conserve expensive address space.
Addresses are not expensive.
You can get up to a /40 from ARIN for $500 one-tim and $100/year.
Are you really trying to convince me that you have ore than 16.7 million =
links?
(and that=92s assuming you assign a /64 per link).
I=92m sorry, but this argument utterly fails under any form of analysis.
Owen
