Re: stable addressing

[Iljitsch van Beijnum <iljitsch@muada.com>]

On 16-apr-04, at 16:25, Brian E Carpenter wrote:

> > Things are different however for class 4. Here, renumbering is not a
> > realistic option. Even if renumbering the actual network 
> > infrastructure
> > were to be doable, changing the associated filters and related 
> > security
> > setups is too much work to undertake at regular intervals.

> I would dispute this. All that changes is the /48 prefix, and the 
> normal
> case in IPv6 is to be running with several of those simultaneously on
> any large site. Actually the filters and internal routing setup will
> need to treat the top 48 bits as don't care bits.

This can only work if the bottom 80 bits aren't random. And today they 
are, to all intents and purposes. But obviously something like 
draft-van-beijnum-multi6-cbhi-00.txt could change that.

> So it seems to me that
> relatively simple operational procedures can deal with prefix changes.

Even if security isn't an issue and there is decent address agility 
higher up in the stack, changing addresses introduces instability and 
rendezvous issues.

> Nevertheless, I assume that all large enterprises will choose to
> use a draft-ietf-ipv6-unique-local-addr-03.txt prefix for internal
> traffic and some VPN uses. For external traffic I assume they will use
> ISP-delegated prefxes, which is where multi6 comes in.

Aarrgghh, multi-faced DNS. It would be better to automatically map 
these addresses to PA addresses where desired. This way, all the 
multiadressing issues are nicely hidden in a layer that really knows 
how to handle them rather than spread around different applications and 
transport protocols, some of which will handle this beautifully, and 
some of which will fail miserably.