IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Mon, 07 August 2017 10:35 UTC

Return-Path: <prvs=13920e8dc8=jordi.palet@consulintel.es>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 785FD1201F2 for <v6ops@ietfa.amsl.com>; Mon, 7 Aug 2017 03:35:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es; domainkeys=pass (1024-bit key) header.from=jordi.palet@consulintel.es header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rFI1tgQFe6PG for <v6ops@ietfa.amsl.com>; Mon, 7 Aug 2017 03:35:35 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [217.126.185.215]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8313D13201B for <v6ops@ietf.org>; Mon, 7 Aug 2017 03:35:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1502102132; x=1502706932; q=dns/txt; h=DomainKey-Signature: Received:User-Agent:Date:Subject:From:To:Message-ID:Thread-Topic: References:In-Reply-To:Mime-version:Content-type: Content-transfer-encoding:Reply-To; bh=A/t7PVVW202RJSVJAIq43FWA+ jzjjjY5YwQRcbeA6ew=; b=pNIa1t3hqt7RsdrzOxWHDEVVZFmfcAeqdqrmbu7Vd T5UzNay5y1BQPtpGxDI4tozDB3dxyp5T5zN8mTmMtyoyB5GuxZ9lwGpc8P8AjKD0 ph7hspSZOmYaHCbjk9/P9rkQjTmhBGWeVWcjv24vVye2BRjzQ/sIJDsBsm6LNXKv zg=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=consulintel.es; c=simple; q=dns; h=from:message-id; b=bhs02PCnha4aDvOW+p1wdr3aPD91fBebj6bBJ1tHHGU4kndWtk9RMdlGirJl f9WNEfN99gNre6gweFMR5UKX13lssUfkIWSHV4fuvhj+jPMbzBbTj9rdd GjfERIIn0TZ1Sh8S6ZcvhinaOofTppsdR/7cBB5bcAE6+/1vejXn7Q=;
X-MDAV-Processed: mail.consulintel.es, Mon, 07 Aug 2017 12:35:32 +0200
X-Spam-Processed: mail.consulintel.es, Mon, 07 Aug 2017 12:35:31 +0200
Received: from [10.10.10.135] by mail.consulintel.es (MDaemon PRO v11.0.3) with ESMTP id md50005498417.msg for <v6ops@ietf.org>; Mon, 07 Aug 2017 12:35:31 +0200
X-MDOP-RefID: re=0.000,fgs=0 (_st=1 _vt=0 _iwf=0)
X-Authenticated-Sender: jordi.palet@consulintel.es
X-HashCash: 1:20:170807:md50005498417::eVhACxu3zIfBAFDG:00000tZy
X-Return-Path: prvs=13920e8dc8=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: v6ops@ietf.org
User-Agent: Microsoft-MacOutlook/f.24.1.170721
Date: Mon, 07 Aug 2017 12:35:25 +0200
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: v6ops list <v6ops@ietf.org>
Message-ID: <3A69468C-98E4-4631-A52F-3D8772646EEE@consulintel.es>
Thread-Topic: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt
References: <150148445751.17707.15424999122129322815@ietfa.amsl.com> <E6AC9174-3D6E-4FAD-B84B-B7E58FB149BC@gmail.com> <CAO42Z2xEs6RauD6Oo_NbqOh+FRVAu3NuveewSvRx7g1hS2-ToQ@mail.gmail.com> <94BC4E17-D490-4F50-9E99-2AAA081CD43C@gmail.com> <CAO42Z2zR_bWPqOHM7-RNsPX78np45UV=J67YD5gbpoCPUaLkAQ@mail.gmail.com> <FB14455C-F00E-49A4-936F-03BD44C4D42C@gmail.com> <CAO42Z2zLgw3cYapf=1y9pm4cWMZZ32DT2ryfPb6BGUFjCfmrMg@mail.gmail.com> <4939D55E-D37D-4551-9EB0-916FBACBC2BD@thehobsons.co.uk> <CAO42Z2wJBCo1yjguWSy-jzSvndeZTPgtN71FfdEhvqrVAUhZUA@mail.gmail.com> <9bd9f886-f53b-109f-d998-1d4c7adaf3b1@gmail.com> <B6A257C9-7E8A-452D-9C0F-0B10A31990CB@thehobsons.co.uk> <796A0ED0-0F58-43FA-9F81-D4D736A35F3B@steffann.nl> <BD3B4153-2EEF-4BFB-832D-D126A75AEC11@thehobsons.co.uk> <CAN-Dau2jzbQPuE5diEz-XzfRBHY=O1znE8hfy8P-Eee=MVwC_w@mail.gmail.com> <7C6C4FCC-26B9-493D-9992-4663DE6EB9CE@jisc.ac.uk>
In-Reply-To: <7C6C4FCC-26B9-493D-9992-4663DE6EB9CE@jisc.ac.uk>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Reply-To: jordi.palet@consulintel.es
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/CyeMReVLxLG61tL_w59F9UakVaU>
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 10:35:38 -0000

My take on this.

Most of the RIR policies allow a shorter prefix than /48 for a single site if justified. As Tim said, there are already examples of /44 and I’ve seen others (/47).

If you are using a single /64 per host, and furthermore an IETF RFC documents it, a RIR policy can’t block it. In the worst case, a RIR policy can always be modified by the community, and I think this can happen in general in less than 4-6 months in most of the regions, looking at most of the PDP process overall length.

Regards,
Jordi
 

-----Mensaje original-----
De: v6ops <v6ops-bounces@ietf.org> en nombre de Tim Chown <Tim.Chown@jisc.ac.uk>
Responder a: <Tim.Chown@jisc.ac.uk>
Fecha: lunes, 7 de agosto de 2017, 12:05
Para: David Farmer <farmer@umn.edu>
CC: Simon Hobson <linux@thehobsons.co.uk>, v6ops list <v6ops@ietf.org>
Asunto: Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt

    Hi,
    
    > On 7 Aug 2017, at 07:08, David Farmer <farmer@umn.edu> wrote:
    > 
    > On Sun, Aug 6, 2017 at 3:42 PM, Simon Hobson <linux@thehobsons.co.uk> wrote:
    > Sander Steffann <sander@steffann.nl> wrote:
    > 
    > > Most (all?) RIRs allow a /48 per site. I haven't seen ISPs give one /48 to a customer and then divide it over the connections ("sites") that that customer has. It far more convenient for everybody to just give each connection/site a separate /48. And business-ISP really shouldn't give any customer any less.
    > 
    > What about businesses with multiple sites (or even, just multiple buildings on a large site), connected by leased lines or whatever, and one central internet connection ? It's not that uncommon. Some time ago (different job) I managed a network with 45 sites and only one internet connection - 40 of them were retail outlets, using dial on demand ISDN, and the ONLY networking they had was back to head office for PoS systems. OK, not typical, but as I say, not all that rare either.
    > These days it would be mostly done with DSL lines and VPNs - but we'd still not be allowing local use of the internet connection at each store.
    > 
    > As I've been pointing out - there are comments along the lines of "we must not block future innovation". Yet at the same time there are limitation being hardcoded in that do exactly that. Just think about it, even if the entire /48 is used on one network, then that only gives 16 bits for host selection - with 60+ bits "wasted". While at the same time there are those saying that anything less than 64 bits to pick an address from is inadequate.
    > 
    > This discussion seem to be rapidly spinning out of the IETF's preview, but it is still important. I think the RIR assignment and allocation policies aren't as stingy as some might think.  Organizations with multiple sites should not be limited to only a /48, in fact /48 is really just the staring point, at least in the ARIN region /44s and /40s are not that difficult to justify for most organizations. 
    
    Two UK universities have a /44 due to their internal organisation.
    
    > ARIN's policy explicitly allows the assignment of a /48 for each site of a multi-site end-user, either by an ISP or directly by ARIN (if one of several qualifications is meet by the end-user), further additional /48s per site can be assigned if 16,384 /64 subnets are used in an single x-large site.  However, the policy is really a ceiling for ISPs, and ISPs are free to assign less if they see fit. Also, it could very well be the case that if an end-user has multiple sites behind a single connection to an ISP, the ISP might not realize the end-user has multiple site unless the end-user requests a block larger than /48. It seems quit logical for an ISP to assume a connection is just one site, unless the customer informs them otherwise.
    > 
    > ARIN's IPv6 end-user policy;
    > https://www.arin.net/policy/nrpm.html#six58
    > 
    > The follow allow ISPs or LIRs to make IPv6 assignment based on the above end-user policy;
    > https://www.arin.net/policy/nrpm.html#six54
    >  
    > On the other hand as I have been listening to this discussion, and I've become a little concerned that some may think this new model of a /64 per host should replace or obsolete the more traditional subnet model of multiple hosts within a subnet for any and all use cases. However, it should be noted that the primary use case for this model is public internet access, or public WiFi. There are several arguments that the traditional subnet model has always been a bad fit for this use case, in that you end up mixing totally unrelated users and hosts on the same subnet, there are several security and privacy issues with that. This isn't necessarily true of other use cases.
    > 
    > So, the /64 prefix per host model solves some important problems for this, and maybe other use cases too. But, that doesn't mean it should be viewed as a universal replacement for the traditional multiple host per subnet model for all use cases we have. There are plenty of use cases left where traditional multiple host per subnet model still works just fine.
    
    The question though, as and as you say it’s not one really in the IETF’s scope, more the RIR communities, is if a site has a /48, and uses it up (or 16,384 /64s of it up) implementing draft-ietf-v6ops-unique-ipv6-prefix-per-host, will that be deemed appropriate use to allow a further assignment?
    
    A large university may choose to implement this on its wifi/eduroam, for example.
    
    Tim
    _______________________________________________
    v6ops mailing list
    v6ops@ietf.org
    https://www.ietf.org/mailman/listinfo/v6ops
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.

v2.23.0 | Report a Bug | By Email