About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

[address-policy-wg] closed network and need for global uniqe IP space

  • To:
    ,
  • From: Roger Jorgensen <
    >
  • Date: Fri, 25 Nov 2005 10:12:35 +0100 (CET)
  • Cc: 
Sorry for cross-posting but not sure where it really belong...
-----------

Hi,

First, the question is more, what is the correct way of dealing with 
situation like this? 




I work for a entity with a big and closed network where security and 
being closed came first. We're not governement but we have our mandate 
defined by them.
Our only connection to Internet are through several uplinks with few 
public IP where we run proxy solution for the little traffic that are 
allowed to hit internet. Are in reality no incoming routes to us, and none 
out.
Internal we use RFC1918 IP space,(private IP) and we for now have enough 
IP space but we are experience conflicts between IP space when connecting 
to other big closed network. Not to forget the size, we will probably run 
out of IP space to... (and I know others have run out of RFC1918 space on 
their internal network)


Most would suggest request a /48 or bigger from your uplink right now and 
that's not going to work for several reasons:
* size, just one of bigger sites connected probably need more than a /48 
just for themself, and we have several of them, and alot of smaller 
sites/network. We're probably talking /32 or more if I have to guess.

* scalability, we could of course get /48 and break the /64 boundary, 
a thought I seriously hate. But that will give us other kind of problems, 
sites needing a /64 or more due to some equipment or so... 

* there are other BIGGER network of the same type.

* control over who is using what IP and where etc... as said above, 
security and being closed are probably the two most important factors for 
us.

* need global unique IP's since we're connecting to other network of the 
same type, and NAT are not really the way we want to go with IPv6

... and probably more I can't remember right now.


The solutions aren't really that tricky but let me mention a few 
options...
* Site local would have solved our problem BUT it's obsolite, quite 
stupid really.

* just take a prefix and use it... this will give us problem in the future 
due to not being unique. 

* extensiv usage of NAT, eh do we really want to even consider THAT for 
IPv6?

* become LIR and request the needed IP space.

* let one of our uplinks request the IP space for us.



I'm in favour of the last two options, any of them... and they are as I 
see it the really two options as things are now. Any thoughts? comments?



-- 

------------------------------
Roger Jorgensen              |
rogerj@localhost        | - IPv6 is The Key!
http://www.jorgensen.no      | roger@localhost
-------------------------------------------------------
Post To The List:

Replies

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community