[184326] in North American Network Operators' Group
Re: How to wish you hadn't forced ipv6 adoption (was "How to force
daemon@ATHENA.MIT.EDU (Philip Dorr)
Fri Oct 2 00:15:08 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <560E00D4.7090400@invaluement.com>
From: Philip Dorr <tagno25@gmail.com>
Date: Thu, 1 Oct 2015 23:14:35 -0500
To: Rob McEwen <rob@invaluement.com>
Reply-To: tagno25@gmail.com
Cc: nanog group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Thu, Oct 1, 2015 at 10:58 PM, Rob McEwen <rob@invaluement.com> wrote:
> On 10/1/2015 11:44 PM, Mark Andrews wrote:
>>
>> IPv6 really isn't much different to IPv4. You use sites /48's
>> rather than addresses /32's (which are effectively sites). ISP's
>> still need to justify their address space allocations to RIR's so
>> their isn't infinite numbers of sites that a spammer can get.
>
>
> A /48 can be subdivided into 65K subnets. That is 65 *THOUSAND*... not the
> 256 IPs that one gets with an IPv4 /24 block. So if a somewhat legit hoster
> assigns various /64s to DIFFERENT customers of theirs... that is a lot of
> collateral damage that would be caused by listing at the /48 level, should
> just one customer be a bad-apple spammer, or just one legit customer have a
> compromised system one day.
As a provider (ISP or Hosting), you should hand the customers at a
minimum a /56, if not a /48. The provider should have at a minimum a
/32. If the provider is only giving their customers a /64, then they
deserve all the pain they receive.
