Home page logo
/

nanog logo nanog mailing list archives

Re: dynamic or static IPv6 prefixes to residential customers
From: Owen DeLong <owen () delong com>
Date: Tue, 2 Aug 2011 17:03:46 -0700


On Aug 2, 2011, at 2:42 PM, james machado wrote:

Lets look at some issues here.

1) it's unlikely that a "normal" household with 2.5 kids and a dog/cat
will be able to qualify for their own end user assignment from ARIN.


Interesting...

I have a "normal household".
I lack 2.5 kids and have no dog or cat.

I have my own ARIN assignment.

Are you saying that the 2.5 kids and the dog/cat would disqualify them? I can't
find such a statement in ARIN policy.

Are you saying that a household that multihomes is abnormal? Perhaps today,
but, not necessarily so in the future.


Yes I am saying a household that mulithomes is abnormal and with
today's and contracted monopolies I expect that to continue.  You are
not a normal household in that 1) you multihome 2) you are willing to
pay $1500+ US a year for your own AS, IP assignments 3) Internet
service, much like cell phone service is a commodity product and many
people go for the lowest price.  They are not looking for the best
options.


1) yes.
2) Uh, no. I pay $100/year to ARIN for all of my IP resources. I really don't
        know where this $1,500+/year myth keeps coming from.
        I bet most households pay more than $100/year for their internet access.
        Heck, if you pay Comcast $5/month for a single static IP, you're paying
        more than half of what I pay for 1,208,925,819,614,629,174,706,944
        addresses and an AS Number. If you pay $9/month for 10 static IPs
        to Comcast (these are their current rates, btw), you are paying
        them MORE than I pay ($108 instead of $100) per year.
3) I think people do some of both. I think that if people can get static for the
        same price, they will choose static over dynamic. I think that some
        will even choose to use their dynamic to run tunnels where they
        can get static. You can get free static tunnels for IPv6 today.

So, no, the monopoly problem does not prevent what I am doing from
being done in most households because:

        1.      Most monopolies are actually at least duopolies with at least
                one cable and at least one DSL or PON provider.

        2.      Contract monopolies are actually reducing rather than growing.


2) if their router goes down they loose network connectivity on the
same subnet due to loosing their ISP assigned prefix.

I keep hearing this myth, and I really do not understand where it comes from.
If they get a static prefix from their ISP and configure it into their router and/or
other equipment, it does not go away when they loose their router. It simply
isn't true.

If they are using RA's to assign their network and the router goes
down they can loose the network as well as the router thus going to
link-local addresses.  This has been discusses ad-nauseum on this
list.  As I recall you played a big part of that discussion and it was
very interesting and informative.


1.      Why would you use RAs to assign numbers to things you want to work
        when the router goes down.

2.      This presumes they have only one router. There is no reason, given
        static addressing, that they cannot have a High and a Medium priority
        router. The High priority router provides connectivity to the ISP and the
        medium priority router is essentially /dev/null, but, keeps the addresses
        active.

Yes, it has been discussed before, but, it continues to be made clear that
people are still applying a mixture of misinformation and IPv4-think to
the IPv6 situation, so, I continue to work towards better education.


3) If they are getting dynamic IP's from their ISP and it changes they
may or may not be able to print, connect to a share, things like that.

Perhaps, but, this is another reason that I think sane customers will start demanding
static IPv6 from their providers in relatively short order.


I hope this happens but I'm guessing that with marketing and sales in
the mix it will be another up charge to get this "service" and enough
people won't pay it that we will be fighting these problems for a long
time.  Some businesses will pay it and some won't but the home user
will probably not.


Amusingly, I have, so far, refused to pay it to Comcast on my business
class service. Every once in a while, they renumber my address and I have
to reconfigure my tunnel. (I'm using commodity internet access for layer
2 transport into my home. The BGP is done between my home router and
routers in colo facilities via GRE).

these 3 items make a case for everybody having a ULA.  however while
many of the technical bent will be able to manage multiple addresses I
know how much tech support I'll be providing my parents with either an
IP address that goes away/changes or multiple IP addresses.  I'll set
them up on a ULA so there is consistency.


No, they don't. They make a great case for giving people static GUA.

These are businesses were talking about.  They are not going to "give"
anything away.


Interesting… Hurricane Electric is a business. We give away IPv6 /48s to
tunnel broker users. In fact, we give away IPv6 transit services and tunnel
access. I see lots of businesses giving things away to try and gain market
advantage and customer awareness all the time. Why do you think that
a business would not do so, given the overwhelming evidence to the
contrary?


Complain about NAT all you want but NAT + RFC 1918 addressing in IPv4
made things such as these much nicer in a home and business setting.


No, it really didn't. If IPv4 had contained enough addresses we probably
wouldn't have always-on dynamic connections in the first place.


Debatable but not worth an argument.  Having said that the ability to
1) not have to renumber internal address space on changing ISPs 2) not
having to give a printer (or other device with no security) a public
IP address or run multiple addressing schemes and the security
implications there of  3) change the internals of my network without
worrying about the world are all important and critical issues for me.


Addressing != security. This issue has definitely been rehashed on
here several times and the reality is that you can have just as secure
a permit/deny policy with just as much of a default deny with public
addresses as you can without them. The difference, of course, is that
with public addresses, you have the option of creating permit rules
that may not be possible with private addresses depending on your
particular implementation (or lack thereof) of address translation.

1.      Multihome and get portable GUA, problem solved. If it's actually
        important to you, this is easy.

2.      Since you can give it a public address and still block access
        between the internet and it if you so choose (I actually find
        it rather convenient to be able to print at home and the only
        extra crap that comes out of my printer so far arrives via the
        telephone line and the G3 protocol, not via IP), public GUA
        does not change the nature of this issue.

3.      I can change the internals of my network without worrying
        about the world. I'm not sure why you think I can't. Frankly,
        this claim makes no sense to me whatsoever.

I realize that these arguments are at layers 8 & 9 of the OSI model
(politics and religion) but that does not make them less real nor less
important.  They are not the same issues that ISP operators may
normally have to deal with but they are crucial to business operators.
The DSCP/RA arguments are of the same criticality and importance.

Agreed. However, misinformation and FUD remains misinformation
and FUD regardless of the ISO protocol layer in question.

Owen

Attachment: smime.p7s
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault