IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt

David Farmer <farmer@umn.edu> Mon, 07 August 2017 06:08 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62F72120227 for <v6ops@ietfa.amsl.com>; Sun, 6 Aug 2017 23:08:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.8
X-Spam-Level:
X-Spam-Status: No, score=-3.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SjB0BEPZHOIi for <v6ops@ietfa.amsl.com>; Sun, 6 Aug 2017 23:08:44 -0700 (PDT)
Received: from mta-p6.oit.umn.edu (mta-p6.oit.umn.edu [134.84.196.206]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C088128BC8 for <v6ops@ietf.org>; Sun, 6 Aug 2017 23:08:44 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mta-p6.oit.umn.edu (Postfix) with ESMTP id 25C9D6CD for <v6ops@ietf.org>; Mon, 7 Aug 2017 06:08:44 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p6.oit.umn.edu ([127.0.0.1]) by localhost (mta-p6.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id apKVqZ3EAhHQ for <v6ops@ietf.org>; Mon, 7 Aug 2017 01:08:43 -0500 (CDT)
Received: from mail-vk0-f72.google.com (mail-vk0-f72.google.com [209.85.213.72]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p6.oit.umn.edu (Postfix) with ESMTPS id D2C0D64F for <v6ops@ietf.org>; Mon, 7 Aug 2017 01:08:43 -0500 (CDT)
Received: by mail-vk0-f72.google.com with SMTP id u200so32000368vkd.1 for <v6ops@ietf.org>; Sun, 06 Aug 2017 23:08:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=g7nuD7p0NMfUnmh2mx5coAWpE8AtvkeeOLT0kKX3X0Y=; b=C/N7SQknD/gJlUR6LjNYjiP448YnuxDWMNTBK4hRLWM9AaeFimBZG7spuSXb7ic12Q nMXs5+8chU8cSBEkRYbCnS+zHg9W1o/IJm6x8KefeG4FkWWVP5k4hqVk0GYMvMV77oQ3 xZ6CmbhLUlX0ZDeP3zlB0eTwIG1GDOIgQE5Q1g3bFFKWrOrIMsckXXc/7/o568JLpK2d URgj1HrGj1MfugkOzU/0fPsyph2lLSRpQInarOcWQmVmb5OzC/a5iuuKKd7VMb/prAwU T6Omh8ApuGfctGRXUyAAhd7RmESDEPGVTwUJndLKQHl2sbluKv9XzbbHkzeP2Iyiho9v kJOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=g7nuD7p0NMfUnmh2mx5coAWpE8AtvkeeOLT0kKX3X0Y=; b=gToCd+6hpdyKNpLev3IMgFsDEW1GGof43By1kr/YZDOemIGb+tUZR7cnFNfsHg08DL YmlPCMnnxEaZAYXFYM7Z3JMZpxmV44KKUDvz9RYinu4nwq5mZVfGZc3YaFQ7zJ/OExWj 5RisnuKM2hccRHXM1uVNqXpHL+43qSjHrD0xi9Y5awPGKJM6Nv4X30qGebpCQtDF7432 PIBFjhoKNBpz1KqQ47w2Gxx/jPk15FlL3sa4DEYdE8lFdCJLFlZ+VVbvX7ca5m14WCsH cFk+7Rabq9C2ROy5UHRtNw6zs3mzXqju995kojIVIJnKXRm4TVZZlLpFV1svMuNz0DTE /tiQ==
X-Gm-Message-State: AHYfb5jEBEE3xb2/gJ0GUlUWcZVU4frmmMPtZR2tjCSy6kHHvGqHkFxw BNF0XFwsIOO2QYBZcPkVDMgpjRgdKXpEB//y9xC/eiCaZ8k3SwW3QGXPdvLN1fyUFlG4rrvwNjd Cmtml04n1Ca/KZoo6
X-Received: by 10.31.178.87 with SMTP id b84mr6337758vkf.4.1502086122971; Sun, 06 Aug 2017 23:08:42 -0700 (PDT)
X-Received: by 10.31.178.87 with SMTP id b84mr6337752vkf.4.1502086122735; Sun, 06 Aug 2017 23:08:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.72.221 with HTTP; Sun, 6 Aug 2017 23:08:41 -0700 (PDT)
In-Reply-To: <BD3B4153-2EEF-4BFB-832D-D126A75AEC11@thehobsons.co.uk>
References: <150148445751.17707.15424999122129322815@ietfa.amsl.com> <E6AC9174-3D6E-4FAD-B84B-B7E58FB149BC@gmail.com> <CAO42Z2xEs6RauD6Oo_NbqOh+FRVAu3NuveewSvRx7g1hS2-ToQ@mail.gmail.com> <94BC4E17-D490-4F50-9E99-2AAA081CD43C@gmail.com> <CAO42Z2zR_bWPqOHM7-RNsPX78np45UV=J67YD5gbpoCPUaLkAQ@mail.gmail.com> <FB14455C-F00E-49A4-936F-03BD44C4D42C@gmail.com> <CAO42Z2zLgw3cYapf=1y9pm4cWMZZ32DT2ryfPb6BGUFjCfmrMg@mail.gmail.com> <4939D55E-D37D-4551-9EB0-916FBACBC2BD@thehobsons.co.uk> <CAO42Z2wJBCo1yjguWSy-jzSvndeZTPgtN71FfdEhvqrVAUhZUA@mail.gmail.com> <9bd9f886-f53b-109f-d998-1d4c7adaf3b1@gmail.com> <B6A257C9-7E8A-452D-9C0F-0B10A31990CB@thehobsons.co.uk> <796A0ED0-0F58-43FA-9F81-D4D736A35F3B@steffann.nl> <BD3B4153-2EEF-4BFB-832D-D126A75AEC11@thehobsons.co.uk>
From: David Farmer <farmer@umn.edu>
Date: Mon, 07 Aug 2017 01:08:41 -0500
Message-ID: <CAN-Dau2jzbQPuE5diEz-XzfRBHY=O1znE8hfy8P-Eee=MVwC_w@mail.gmail.com>
To: Simon Hobson <linux@thehobsons.co.uk>
Cc: v6ops list <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="001a1143f066c4ad72055623adf8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/Hwy7Hp8NEMBjufZjaq5UHyf4Yzs>
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 06:08:47 -0000

On Sun, Aug 6, 2017 at 3:42 PM, Simon Hobson <linux@thehobsons.co.uk> wrote:

> Sander Steffann <sander@steffann.nl> wrote:
>
> > Most (all?) RIRs allow a /48 per site. I haven't seen ISPs give one /48
> to a customer and then divide it over the connections ("sites") that that
> customer has. It far more convenient for everybody to just give each
> connection/site a separate /48. And business-ISP really shouldn't give any
> customer any less.
>
> What about businesses with multiple sites (or even, just multiple
> buildings on a large site), connected by leased lines or whatever, and one
> central internet connection ? It's not that uncommon. Some time ago
> (different job) I managed a network with 45 sites and only one internet
> connection - 40 of them were retail outlets, using dial on demand ISDN, and
> the ONLY networking they had was back to head office for PoS systems. OK,
> not typical, but as I say, not all that rare either.
> These days it would be mostly done with DSL lines and VPNs - but we'd
> still not be allowing local use of the internet connection at each store.
>
> As I've been pointing out - there are comments along the lines of "we must
> not block future innovation". Yet at the same time there are limitation
> being hardcoded in that do exactly that. Just think about it, even if the
> entire /48 is used on one network, then that only gives 16 bits for host
> selection - with 60+ bits "wasted". While at the same time there are those
> saying that anything less than 64 bits to pick an address from is
> inadequate.
>

This discussion seem to be rapidly spinning out of the IETF's preview, but
it is still important. I think the RIR assignment and allocation policies
aren't as stingy as some might think.  Organizations with multiple sites
should not be limited to only a /48, in fact /48 is really just the staring
point, at least in the ARIN region /44s and /40s are not that difficult to
justify for most organizations.

ARIN's policy explicitly allows the assignment of a /48 for each site of a
multi-site end-user, either by an ISP or directly by ARIN (if one of
several qualifications is meet by the end-user), further additional /48s
per site can be assigned if 16,384 /64 subnets are used in an single
x-large site.  However, the policy is really a ceiling for ISPs, and ISPs
are free to assign less if they see fit. Also, it could very well be the
case that if an end-user has multiple sites behind a single connection to
an ISP, the ISP might not realize the end-user has multiple site unless the
end-user requests a block larger than /48. It seems quit logical for an ISP
to assume a connection is just one site, unless the customer informs them
otherwise.

ARIN's IPv6 end-user policy;
https://www.arin.net/policy/nrpm.html#six58

The follow allow ISPs or LIRs to make IPv6 assignment based on the above
end-user policy;
https://www.arin.net/policy/nrpm.html#six54

On the other hand as I have been listening to this discussion, and I've
become a little concerned that some may think this new model of a /64 per
host should replace or obsolete the more traditional subnet model of
multiple hosts within a subnet for any and all use cases. However, it
should be noted that the primary use case for this model is public internet
access, or public WiFi. There are several arguments that the traditional
subnet model has always been a bad fit for this use case, in that you end
up mixing totally unrelated users and hosts on the same subnet, there are
several security and privacy issues with that. This isn't necessarily true
of other use cases.

So, the /64 prefix per host model solves some important problems for this,
and maybe other use cases too. But, that doesn't mean it should be viewed
as a universal replacement for the traditional multiple host per subnet
model for all use cases we have. There are plenty of use cases left where
traditional multiple host per subnet model still works just fine.

Thanks.

-- 
===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email