[address-policy-wg] 2013-06 New Policy Proposal (PA/PI Unification IPv6 Address Space)
- Previous message (by thread): [address-policy-wg] 2013-06 New Policy Proposal (PA/PI Unification IPv6 Address Space)
- Next message (by thread): [address-policy-wg] 2013-06 New Policy Proposal (PA/PI Unification IPv6 Address Space)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Elvis Velea
elvis at velea.eu
Tue Oct 1 11:11:05 CEST 2013
Hi Jan, On 10/1/13 9:35 AM, Jan Ingvoldstad wrote: [...] > You are right, it was not our intention to remove that line from > section 1.1. However, even with the old policy, my understanding was > that you should have assigned a /64 for the SSL certificate and not > a /128. > > > Uhm, no, that would be – and sorry for the strong word use here – insane. > > What you're essentially saying is that for any case where one would > create a reverse pointer, there would have to be a /64. > I'm not talking about how much you would use on your router or reverse dns. I'm talking about how much to 'reserve' as minimum for a point-to-point link or for a service. > This does not scale at all. > > In terms of routing, it currently makes sense to ensure that address > space smaller than a /64 is not announced globally via BGP. > > But preventing actual _use_ of smaller address space is a very bad idea. It's not preventing use of a smaller prefix, it's preventing assigning/sub-allocating less than a /64 for anything. > > One of the HUGE gains of IPv6 is that you can easily encode more > information in the IP address itself than you could with IPv4. There is > an enormous amount of flexibility thanks to the 128-bit size of the > address space. > > Also, if the rightmost /64 cannot ever be used, then IPv6 should've been > a 64-bit address space, and I don't think policing this here is relevant. > Well, I used to work as an IPRA at the RIPE NCC and my understanding of the policy then (and now) was that assignments and/or sub-allocations of anything below a /64 is out of scope and even if one IPv6 address is used within a /64, the whole subnet is considered to be used. > > I am not sure that removing that line makes any difference, let's > see what the others think and we could add it back if it really > changes the policy scope. > > > >From a n00b's point of view, the old policy reads something like this, > in brief: > > "This policy does not apply to address space smaller than /64" > > And the old policy reads: > > "This policy applies to address space regardless of its size" I see, you may be right, this will be a second slide on the presentation made in Athens and we'll discuss it there. > > To me, this is the difference between letting me use e.g. > 2a01:5b40::80:88:dead:beef:cafe as the IPv6 address for www.oyet.no > <http://www.oyet.no>, and having to use e.g. 2a01:5b40:88:cafe::1/64. I don't actually see it like that. You can still use the whole IPv6 address to number a device, it's just that you can not split a /64 for different services. For example, you can use a /64 to number, let's say, 100 devices that are in the same vlan doing the same thing and providing the same service but you can not number 100 different customers within a /64. cheers, elvis
- Previous message (by thread): [address-policy-wg] 2013-06 New Policy Proposal (PA/PI Unification IPv6 Address Space)
- Next message (by thread): [address-policy-wg] 2013-06 New Policy Proposal (PA/PI Unification IPv6 Address Space)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]