This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[address-policy-wg] Re: [ppml] article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)
- Previous message (by thread): [address-policy-wg] Re: Can the RIRs bypass the IETF and do their own thing?
- Next message (by thread): [address-policy-wg] Re: [ppml] article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
David Williamson
dlw+arin at tellme.com
Fri May 11 18:08:57 CEST 2007
I hate to just parrot someone else's comments, but I'm entirely against the entire concept of ULA-central for exactly the reasons Owen outlines below. (Thanks, Owen, for getting that written so I don't have to!) -David On Thu, May 10, 2007 at 11:12:21PM -0700, Owen DeLong wrote: > ULA Central is intended so that some subset of the internet can reliably > use it to interconnect while not being "globally" routed. > > The problem I have with this theory is that the delta between a > collection > of networks routing by mutual agreement and the internet is: > > A. Fuzzy > B. Non-Existant > C. There is no difference > D. Meaningless > E. Any and/or All of the above > > Pick your favorite answer from the above and you've pretty much got it. > If ULA central were limited to not exiting the local AS (in some > meaningful > way, like routers won't forward routes or traffic to ULA addresses to > external > adjacencies), then, I might see it as something other than an end-run on > the RIR process. However, in it's current state of "license for > anyone who > wants to run a competing RIR for networks that choose to interoperate > on this basis" I think it's a pretty bad idea. > > Owen > > > On May 11, 2007, at 12:03 AM, william(at)elan.net wrote: > > > > >I don't understand your point about why ULA need to be registered if > >its not going to be globally routed. Also PI is not the same as ULA - > >PI do come from RIRs and in IPv6 there was no way to get PI (except > >in a few special cases) until recent ARIN's micro-allocation policy. > > > >On Fri, 11 May 2007, Tony Hain wrote: > > > >>I agree that this will help inform the debate, and while Iljitsch > >>did a good > >>job of outlining the issue, he left out a significant point::: > >>People explicitly chose to be in the state of "as there is > >>currently no > >>obvious way to make services only available locally" by insisting > >>that the > >>local-scope addressing range have a global-scope as far as > >>application > >>developers were concerned. Now the application developers are > >>complaining > >>about the consequences of their choice, because the alternative to > >>'no > >>routing path for an attack' is to insert a device that has to make > >>policy > >>decisions with limited information. > >> > >>The current ULA-central discussions will be directly involved in > >>this issue. > >>It is critical that all of the RIR's have policies establishing a > >>mechanism > >>for registering ULA-central prefixes & PI. For those who don't > >>recall, the > >>reason ULA-central was tabled was that it was seen as a potential > >>end-run to > >>acquire PI space in the absence of appropriate policy to do so out > >>of a > >>range recognized for global routing. > >> > >>The need for keeping some things local while others are global is > >>real, and > >>the lack of appropriate mechanisms to accomplish that through the > >>routing > >>system that is designed to deal with path selection leads to entire > >>industries for fragile work-arounds along with their increased > >>complexity. > >> > >>Tony > >> > >> > >>>-----Original Message----- > >>>From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > >>>Behalf Of > >>>vixie at vix.com > >>>Sent: Thursday, May 10, 2007 9:59 PM > >>>To: ppml at arin.net > >>>Subject: [ppml] article about IPv6 vs firewalls vs NAT in > >>>arstechnica > >>>(seen on slashdot) > >>> > >>>i think that this article will help inform the debate around the > >>>ipv6 > >>>transition: > >>> > >>>http://arstechnica.com/articles/paedia/ipv6-firewall-mixed- > >>>blessing.ars > >>>_______________________________________________ > >>>This message sent to you through the ARIN Public Policy Mailing List > >>>(PPML at arin.net). > >>>Manage your mailing list subscription at: > >>>http://lists.arin.net/mailman/listinfo/ppml > >> > >>_______________________________________________ > >>This message sent to you through the ARIN Public Policy Mailing List > >>(PPML at arin.net). > >>Manage your mailing list subscription at: > >>http://lists.arin.net/mailman/listinfo/ppml > >_______________________________________________ > >This message sent to you through the ARIN Public Policy Mailing List > >(PPML at arin.net). > >Manage your mailing list subscription at: > >http://lists.arin.net/mailman/listinfo/ppml > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml
- Previous message (by thread): [address-policy-wg] Re: Can the RIRs bypass the IETF and do their own thing?
- Next message (by thread): [address-policy-wg] Re: [ppml] article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]