Re: Network merge [Re: RFC6724-bis?]

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 28 September 2022 09:30 UTC

From: Michael Richardson <mcr+ietf@sandelman.ca>
To: 6man WG <ipv6@ietf.org>
Subject: Re: Network merge [Re: RFC6724-bis?]
In-reply-to: <33031a7e-c099-e660-3575-12d45854604e@gmail.com>
References: <66892DC8-6DA4-4DC8-85B0-E1E1647CD9F7@gmail.com> <6edcc5d8-edf1-51de-103c-a4ac6060fef6@gmail.com> <29689d645d22409b962f6c361d71e098@huawei.com> <CAN-Dau3rwi4X4NqLbHMmPQQ=i7y23Kz70JK09ggsXSxkJfT5xA@mail.gmail.com> <bf7c7d74cc7744ef8ded7d043ceb3e5e@huawei.com> <CAN-Dau0=LD9MTYKJQoSw=b9S25nmrNuqRSyLdsztFZscG8ZbUg@mail.gmail.com> <CAPt1N1kjOWh8R70pNO0eH9EJUH-v6HyxGMqxpy0N2hydHN33LQ@mail.gmail.com> <CAM5+tA9mqjrtq3pTggv1pA4fOYXUODkZHy74vs8cffVOrBefbQ@mail.gmail.com> <0b6886d3-5ea9-0a1d-8b16-4e17daeb6924@gmail.com> <CAM5+tA9dAjh0MTRG3922xTe3_aChHFa9AYCFCGmt395KwuvBYA@mail.gmail.com> <395554.1664189125@dooku> <56a897a426084f9381abaf770f1ea35e@huawei.com> <CAO42Z2xgMnVXeH9t0p_u7bg2fY-Gg+AagkFMMRJstX4E-f8FPQ@mail.gmail.com> <CAPt1N1m-1600rghA7mXNm1fvqOp23EOpYcS0E6xnJut+-t-9nQ@mail.gmail.com> <CAO42Z2wHZ2k+UwRdh8VH4xHav9HwT+6C-_up+6RXrce3vuVrmg@mail.gmail.com> <09adb05f-4c2b-1f76-fed7-58fbfa9c2f3f@gmail.com> <be14b944395c4dd694ded6c9033790ab@huawei.com> <33031a7e-c099-e660-3575-12d 45854604e@gmail.com>
Comments: In-reply-to Brian E Carpenter <brian.e.carpenter@gmail.com> message dated "Wed, 28 Sep 2022 08:32:03 +1300."
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 28 Sep 2022 11:30:17 +0200
Message-ID: <85928.1664357417@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/SXaaGNWyaPyXpcB_J86DrHOpPyQ>
Precedence: list

On 27-Sep-22 21:02, Vasilenko Eduard wrote:
    ve> It is proposed here to have hundreds of PIOs

Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
    bc> No. Just one per router, and only when there is a new ULA prefix in
    bc> scope after a network merge.

If I were managing a merger of two enterprises that were actively using ULA
internally for services, what I'd do is:

  a) establish VPNs between DCs for each enterprise and setup routing
     of the ULAs into all the sites.
     I'd probably nominate one ULA as being the one that survives, assuming
     that one of them had a more sensible addressing plan, and that
     the whole enterprise could fit into a /48...
     [And I think that very few won't, and those that don't probably have a
     /48 per site already]
  
  b) configure these RIOs or PIOs (I'm unclear which actually) for the other
     ULA in each location in order to trigger this new mechanism.
     
  c) on networks where there are services that answer to ULAs, I'd
     turn the L=0 into L=1, and assign two ULAs to each host, and each server
     that needed reachability would get two AAAAs in the DNS.

  d) I'd deprecate the "old" ULA prefix announcement, shortening the
     lifetime.  When I thought I had eliminated all the servers with the old
     ULA, then I'd start turning the old ULA PIO from L=1 to L=0, and monitoring
     for 2x Lifetime.  After which I'd remove it.
     Remove DNS entries.
     Removing it should trigger the removal of the old ULA from the
     precedence table, causing hosts to pick the new ULA consistently.

I imagine that this effort would take 3-5 months.
A particularly active M&A company might have more than one of these active at
the same time.

I assume that each site has some set of ISP contracts that continue to
provide them with geographically and ISP aggregated GUAs, and I am not so
anal that I have to route all traffic through HQ.  (i.e. that my IDS systems
are sufficiently distributed).
The variety of ISP contracts is why I'm using ULA internally.
I also assume that my company was never smart/large enough to get a GUA and a
ASN to do it's own thing.   That's the situation today with IPv4, but many
companies now strain against having filled 10.0.0.0/8 with poor address
planning.




-- 
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc

RFC6724-bis? Tim Chown
RE: RFC6724-bis? Vasilenko Eduard
Re: RFC6724-bis? Brian E Carpenter
Re: RFC6724-bis? Brian E Carpenter
Re: RFC6724-bis? Nick Buraglio
Re: RFC6724-bis? Brian E Carpenter
Re: RFC6724-bis? Nick Buraglio
RE: RFC6724-bis? Vasilenko Eduard
Re: RFC6724-bis? Nick Buraglio
Re: RFC6724-bis? Nick Buraglio
Re: RFC6724-bis? Tim Chown
Re: RFC6724-bis? Nick Buraglio
Re: RFC6724-bis? Nick Buraglio
Re: RFC6724-bis? Bob Hinden
Re: RFC6724-bis? Brian E Carpenter
RE: RFC6724-bis? Vasilenko Eduard
Re: RFC6724-bis? Ted Lemon
RE: RFC6724-bis? Vasilenko Eduard
Re: RFC6724-bis? Mark Smith
Re: RFC6724-bis? Ted Lemon
RE: RFC6724-bis? Vasilenko Eduard
Re: RFC6724-bis? Ted Lemon
RE: RFC6724-bis? Vasilenko Eduard
Re: RFC6724-bis? Michael Richardson
Re: RFC6724-bis? David Farmer
RE: RFC6724-bis? Vasilenko Eduard
RE: RFC6724-bis? Vasilenko Eduard
Re: RFC6724-bis? Michael Richardson
Re: RFC6724-bis? Ted Lemon
Re: RFC6724-bis? Brian E Carpenter
Re: RFC6724-bis? Brian E Carpenter
Re: RFC6724-bis? Brian E Carpenter
Re: RFC6724-bis? Ted Lemon
Re: RFC6724-bis? Mark Smith
Re: RFC6724-bis? Ted Lemon
Re: RFC6724-bis? David Farmer
Re: RFC6724-bis? Ted Lemon
Re: RFC6724-bis? Brian E Carpenter
RE: RFC6724-bis? Vasilenko Eduard
Re: RFC6724-bis? David Farmer
RE: RFC6724-bis? Vasilenko Eduard
Re: RFC6724-bis? Ted Lemon
RE: RFC6724-bis? Vasilenko Eduard
Re: RFC6724-bis? Nick Buraglio
Re: RFC6724-bis? Ted Lemon
RE: RFC6724-bis? Vasilenko Eduard
Re: RFC6724-bis? Ted Lemon
Re: RFC6724-bis? David Farmer
Re: RFC6724-bis? Ted Lemon
Re: RFC6724-bis? Nick Buraglio
Re: RFC6724-bis? Brian E Carpenter
Re: RFC6724-bis? Nick Buraglio
Network merge [Re: RFC6724-bis?] Brian E Carpenter
Re: Network merge [Re: RFC6724-bis?] David Farmer
Re: Network merge [Re: RFC6724-bis?] Michael Richardson
RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
Re: Network merge [Re: RFC6724-bis?] Brian Carpenter
RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
RE: RFC6724-bis? Vasilenko Eduard
RE: RFC6724-bis? Vasilenko Eduard
Re: Network merge [Re: RFC6724-bis?] Michael Richardson
RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
Re: Network merge [Re: RFC6724-bis?] Nick Buraglio
Re: Network merge [Re: RFC6724-bis?] Brian E Carpenter
Re: Network merge [Re: RFC6724-bis?] Mark Smith
Re: Network merge [Re: RFC6724-bis?] Ted Lemon
Re: Network merge [Re: RFC6724-bis?] David Farmer
Re: Network merge [Re: RFC6724-bis?] Brian E Carpenter
Re: Network merge [Re: RFC6724-bis?] Mark Smith
Re: Network merge [Re: RFC6724-bis?] Brian E Carpenter
RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
Re: Network merge [Re: RFC6724-bis?] Michael Richardson
RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
Re: Network merge [Re: RFC6724-bis?] David Farmer
RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
Re: Network merge [Re: RFC6724-bis?] David Farmer
RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
Re: Network merge [Re: RFC6724-bis?] Brian E Carpenter
Re: Network merge [Re: RFC6724-bis?] Ole Troan
Re: Network merge [Re: RFC6724-bis?] Brian E Carpenter
RE: Network merge [Re: RFC6724-bis?] Vasilenko Eduard
Re: Network merge [Re: RFC6724-bis?] Ole Troan
Re: Network merge [Re: RFC6724-bis?] Timothy Winters
Re: Network merge [Re: RFC6724-bis?] Nick Buraglio
Re: Network merge [Re: RFC6724-bis?] Brian Carpenter
Re: Network merge [Re: RFC6724-bis?] Ole Troan
Re: Network merge [Re: RFC6724-bis?] Brian Carpenter
Re: Network merge [Re: RFC6724-bis?] Ole Troan
Re: Network merge [Re: RFC6724-bis?] David Farmer
Re: Network merge [Re: RFC6724-bis?] Brian E Carpenter
Re: Network merge [Re: RFC6724-bis?] Michael Richardson
Re: Network merge [Re: RFC6724-bis?] Ted Lemon
RE: RFC6724-bis? Vasilenko Eduard
Re: RFC6724-bis? Ted Lemon
Re: RFC6724-bis? Ted Lemon
Re: RFC6724-bis? Nick Buraglio
Re: RFC6724-bis? Michael Richardson

Re: Network merge [Re: RFC6724-bis?]

Attachment: signature.asc