[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (multi6) Ease of re-numbering
On Fri, 26 Oct 2001, Michel Py wrote:
> You are both right, but the point that Tim and I are trying to make is
> that the pain of renumbering is not reachability (and to that regard
> IPv6 will be easier) but all the associated host, server and security
> configuration.
Agree. So the people who make host, server and security products have
their work cut out for them.
> What I have to deal with is dozens of frame-relay and point-to-point
> circuits to third-party entities including high-inertia ones such as
> governments, in several time zones. We don't provide connectivity to
> these guys, we provide services. Like it or not, there are still people
> that configure batch files based on IP address, static entries in the
> lmhosts files, that kind of stuff.
In my experience, the willingness to renumber has little to do with the
amount of work involved. I've seen massive organizations (not of the scale
you're talking about, but still very big for a single timezone) with many
hard to renumber items renumber without complaints, and fairly small
organizations with simple setups refuse to do so and keep their B block
even if they didn't even need a full /24.
But my real point is that renumbering is not a big deal compared to
maintanance work that has to be carried out anyway:
> And all of these guys have
> access-lists all over the place, and so do we.
And every time you get something new, these access lists have to change. I
used to work for the largest ISP here in The Netherlands, and we pretty
much had to change three access lists on all BGP speaking routers two or
three times a week.
> Even in a dream world
> where people would actually use DNS and quit configuring static routes,
> access-lists and firewall holes are still based on IP and renumbering a
> large setup is NOT an afternoon.
An afternoon is not a useful timeframe for renumbering. Either it has to
be done much quicker (30 seconds or so) or you can take much longer, up to
at least a month.
Is there no way we can come up with a way where hosts can keep their IPv4
address and happily run IPv4, where the other 96 bits are "automagically"
added and removed by a border router? That way, I can forever go on using
213.156.3.172, even if I have to renumber daily from
3ffe:1234:x::213.156.3.172 to 3ffe:1234:y::213.156.3.172 and so on.
It should be easy enough to do this for the local address, the only
problem is where to find the 96 missing bits of the remote address.
Iljitsch