IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-ietf-v6ops-ula-usage-recommendations-02.txt

Owen DeLong <owen@delong.com> Mon, 17 February 2014 14:38 UTC

Return-Path: <owen@delong.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6F581A04DC for <v6ops@ietfa.amsl.com>; Mon, 17 Feb 2014 06:38:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.539
X-Spam-Level:
X-Spam-Status: No, score=-1.539 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, DKIM_SIGNED=0.1, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2pkNRFUFCf-q for <v6ops@ietfa.amsl.com>; Mon, 17 Feb 2014 06:38:06 -0800 (PST)
Received: from owen.delong.com (owen.delong.com [IPv6:2620:0:930::200:2]) by ietfa.amsl.com (Postfix) with ESMTP id 3BDF21A04D6 for <v6ops@ietf.org>; Mon, 17 Feb 2014 06:38:05 -0800 (PST)
Received: from [IPv6:2620::930:0:ca2a:14ff:fe3e:d024] ([IPv6:2620:0:930:0:ca2a:14ff:fe3e:d024]) (authenticated bits=0) by owen.delong.com (8.14.2/8.14.2) with ESMTP id s1HEZMOt007375 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 17 Feb 2014 06:35:23 -0800
X-DKIM: Sendmail DKIM Filter v2.8.3 owen.delong.com s1HEZMOt007375
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=delong.com; s=mail; t=1392647723; bh=PCEFPiRJLAu6aTQdaXmu59g+70U=; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc: Content-Transfer-Encoding:Message-Id:References:To; b=Gbol9sl9m8xWH9mVsy8VXXTuwJp3n6pOmCErCBU9Y0JuTiV3swvZWDhkQplO+Dd39 mS7TucqEMqujE5tS+HgIoHV5DVp5ENvr91javZeXYAEL/lW+gGqYI+lRlHFCFTGVp0 CaDcWKIGYWfx6VuMURTfZXx2W46RMA+kfs1QLNpg=
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Owen DeLong <owen@delong.com>
In-Reply-To: <20140217110013.GA31822@mushkin>
Date: Mon, 17 Feb 2014 06:35:16 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <62FF9B8A-2F21-4FDD-B1D2-82B8C02A21B3@delong.com>
References: <20140214091302.13219.20624.idtracker@ietfa.amsl.com> <m21tz6javn.wl%randy@psg.com> <1442fd6c81e.5859224653900445752.5189762259388794287@internetdraft.org> <52FEBE28.1010006@gmail.com> <8E2A8B56-6F05-4F09-BE7E-651B9CA42458@delong.com> <5300CE32.1050808@gmail.com> <BD473E46-E382-44E6-B474-A56D074318FA@delong.com> <530104B3.3070205@gmail.com> <53010E70.5000401@gmail.com> <20140217110013.GA31822@mushkin>
To: Jan-Frode Myklebust <janfrode@tanso.net>
X-Mailer: Apple Mail (2.1827)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0rc1 (owen.delong.com [IPv6:2620:0:930::200:2]); Mon, 17 Feb 2014 06:35:23 -0800 (PST)
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/QfNS20MbDtoAM57w4VEJuiApEL4
Cc: V6 Ops List <v6ops@ietf.org>
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-ula-usage-recommendations-02.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Feb 2014 14:38:07 -0000

On Feb 17, 2014, at 03:00 , Jan-Frode Myklebust <janfrode@tanso.net> wrote:

> On Mon, Feb 17, 2014 at 08:16:00AM +1300, Brian E Carpenter wrote:
>>>>> Le 15/02/2014 19:16, Owen DeLong a écrit :
>>>>>> Indeed, the situations where ULA usage is detrimental vastly
>>>>>> outnumbers those where it is actually beneficial.
>> 
>> That's an opinion, but it isn't an argument for abolishing
>> ULAs. It's actually an argument for improving this draft so
>> that it describes the cases in which ULAs are beneficial.
> 
>> Could we have a detailed conversation about whether those cases
>> are correctly described in the draft?
> 
> Yes please.
> 
> My use case is that we have a set of datacenter internal services/servers
> that should *never* be routed out. When not using ULA we've had a couple
> of incidents where the routes did leak out and servers that shouldn't
> have been available on the Internet was. So we've decided to use ULA for
> the same set of servers as we previously used rfc1918-adresses for. No
> NAT involved. No servers should reach Internet directly. Yes we could
> achieve the same by putting proper ACLs in place on the borders, but since
> we've failed to do that in the past, the belt and suspenders approach is
> attractive.
> 
> Is this a "valid" ULA usage? 
> 

Sure... As long as you don't mind renumbering when the connectedness (or not) requirement changes, then that is one of the few cases where ULA is not detrimental.

Cases that propose NPT, NAT, or other translation mechanisms are examples where it is detrimental.

Cases where it ends up getting routed amongst "cooperating" parties are likely to eventually lead to detrimental usage because the natural trend is for them to become increasingly routed across more and more ASNs and eventually to become a form of de facto registered address space not administered by any structured or reliable registry and without any form of community based policy process (such as the current RIRs).

Owen

v2.23.0 | Report a Bug | By Email