[address-policy-wg] Re: [ppml] article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)
- Previous message (by thread): [address-policy-wg] Re: Can the RIRs bypass the IETF and do their own thing?
- Next message (by thread): [address-policy-wg] Re: [ppml] article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
David Williamson
dlw+arin at tellme.com
Fri May 11 18:08:57 CEST 2007
I hate to just parrot someone else's comments, but I'm entirely against the entire concept of ULA-central for exactly the reasons Owen outlines below. (Thanks, Owen, for getting that written so I don't have to!) -David On Thu, May 10, 2007 at 11:12:21PM -0700, Owen DeLong wrote: > ULA Central is intended so that some subset of the internet can reliably > use it to interconnect while not being "globally" routed. > > The problem I have with this theory is that the delta between a > collection > of networks routing by mutual agreement and the internet is: > > A. Fuzzy > B. Non-Existant > C. There is no difference > D. Meaningless > E. Any and/or All of the above > > Pick your favorite answer from the above and you've pretty much got it. > If ULA central were limited to not exiting the local AS (in some > meaningful > way, like routers won't forward routes or traffic to ULA addresses to > external > adjacencies), then, I might see it as something other than an end-run on > the RIR process. However, in it's current state of "license for > anyone who > wants to run a competing RIR for networks that choose to interoperate > on this basis" I think it's a pretty bad idea. > > Owen > > > On May 11, 2007, at 12:03 AM, william(at)elan.net wrote: > > > > >I don't understand your point about why ULA need to be registered if > >its not going to be globally routed. Also PI is not the same as ULA - > >PI do come from RIRs and in IPv6 there was no way to get PI (except > >in a few special cases) until recent ARIN's micro-allocation policy. > > > >On Fri, 11 May 2007, Tony Hain wrote: > > > >>I agree that this will help inform the debate, and while Iljitsch > >>did a good > >>job of outlining the issue, he left out a significant point::: > >>People explicitly chose to be in the state of "as there is > >>currently no > >>obvious way to make services only available locally" by insisting > >>that the > >>local-scope addressing range have a global-scope as far as > >>application > >>developers were concerned. Now the application developers are > >>complaining > >>about the consequences of their choice, because the alternative to > >>'no > >>routing path for an attack' is to insert a device that has to make > >>policy > >>decisions with limited information. > >> > >>The current ULA-central discussions will be directly involved in > >>this issue. > >>It is critical that all of the RIR's have policies establishing a > >>mechanism > >>for registering ULA-central prefixes & PI. For those who don't > >>recall, the > >>reason ULA-central was tabled was that it was seen as a potential > >>end-run to > >>acquire PI space in the absence of appropriate policy to do so out > >>of a > >>range recognized for global routing. > >> > >>The need for keeping some things local while others are global is > >>real, and > >>the lack of appropriate mechanisms to accomplish that through the > >>routing > >>system that is designed to deal with path selection leads to entire > >>industries for fragile work-arounds along with their increased > >>complexity. > >> > >>Tony > >> > >> > >>>-----Original Message----- > >>>From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > >>>Behalf Of > >>>vixie at vix.com > >>>Sent: Thursday, May 10, 2007 9:59 PM > >>>To: ppml at arin.net > >>>Subject: [ppml] article about IPv6 vs firewalls vs NAT in > >>>arstechnica > >>>(seen on slashdot) > >>> > >>>i think that this article will help inform the debate around the > >>>ipv6 > >>>transition: > >>> > >>>http://arstechnica.com/articles/paedia/ipv6-firewall-mixed- > >>>blessing.ars > >>>_______________________________________________ > >>>This message sent to you through the ARIN Public Policy Mailing List > >>>(PPML at arin.net). > >>>Manage your mailing list subscription at: > >>>http://lists.arin.net/mailman/listinfo/ppml > >> > >>_______________________________________________ > >>This message sent to you through the ARIN Public Policy Mailing List > >>(PPML at arin.net). > >>Manage your mailing list subscription at: > >>http://lists.arin.net/mailman/listinfo/ppml > >_______________________________________________ > >This message sent to you through the ARIN Public Policy Mailing List > >(PPML at arin.net). > >Manage your mailing list subscription at: > >http://lists.arin.net/mailman/listinfo/ppml > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml
- Previous message (by thread): [address-policy-wg] Re: Can the RIRs bypass the IETF and do their own thing?
- Next message (by thread): [address-policy-wg] Re: [ppml] article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]