[address-policy-wg] Re: [ppml] article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)

On Tue, May 15, 2007 at 12:47:09PM +0100, Nick Hilliard wrote:
> bmanning at karoshi.com wrote:
> >	er... perhaps I misread.  you stated; "you can stop it from 
> >	being useful PI space, which is all you need to do." 
> >	i understand this as you (party Q) being able to effect any
> >	communications between myself (party R) and Gert (party S)...
> >	the single time this is effective is when party Q is in the
> >	transit path btwn R & S. 
> 
> "you" == RIRs/whoever publishing these blocks in a list of prefixes which 
> should not be seen on the public ipv6 internet, due to community mandate.

	i have problems w/ the term "public [I,i]nternet"  - could you
	please define it?

> - do you want to base your bilateral communications and possibly your 
> business on an something which is frankly unsupported as designed and 
> could stop working at any stage if operator Q were to implement 
> uncontroversial prefix filters?

	are you suggesting that party Q is the only option for communications
	btwn parties R & S?

> -  do you want to go beyond communications between R and S?

	sure... 
 
> Prove the point, Bill.  Go ahead and advertise 10/8 and use it in anger on 
> the public ipv4 internet.  When you've got some good figures which 
> indicate how useful it is, let us know.

	not a chance.  i will note that there are a whole bunch of folks
	who do use 10.0.0.0/8 "in anger" on the internet - i see many packets
	w/ this netblock as a source address.

> >>The point is, if a block is carved out and marked specifically as being 
> >>non-routable on the public v6 internet, it will have degraded 
> >>connectivity to some degree or other.
> >
> >	do i care? 
> 
> Given your position on announcing 3ffe::/24 and 3ffe:800::/24 until fairly 
> recently, evidently not :-)

	marked by whom?   (and wrt 3ffe:: space...  folks are still using it
	and so i still annouce it.  it remains useful for them. :)


> > does that effect the usefulness of a given prefix
> >	if some ISP someplace filters out (refuses to listen) to the 
> >	announcements? i posit that:
> >		a) i have zero influence on your operational behaviour
> >		   when i have zero business relationship w/ you
> >		b) you have the ability to set whatever policies you like
> >		   for packet acceptance into your network and packet 
> >		   egress from your network.
> 
> No argument there.  But we're talking about different things. So far, 
> you're talking about connectivity between exactly two specific parties. 
> I'm not.

	so your talking about multicast?  last i checked, nearly all traffic
	was unicast; e.g. end to end, e.g. between exactly two specific parties.

> 
> >>On a related issue, I'd be interested to know what the reachability 
> >>degradation was like for the last of the 3ffe:: space after 6/6/6?  You 
> >>didn't happen to do any measurements on it?
> >
> >	your general qustion (prefix reachability) is based on (imho again)
> >	a flawed premise...  if i may, could you clarify the two endpoints 
> >	for
> >	such a reachability study?  
> 
> I was thinking more of X = time, Y = % of ipv6 space reachable from 
> ${3ffe}, where 100% at a particular timepoint would be # of reachable 
> prefixes from some place known to be relatively well connected (cue flames 
> for fuzzy specification).  Given your reaction to the question, it sounds 
> like you haven't done looked into this, which is a minor pity.

	but that is the wrong question.  how in the world do you ensure reachability
	across thousands of ASNs, each of which is willing/able to set their own
	policies about prefix acceptance?  I'm almost persuaded that I don't WANT
	reachability to all that v6 space...  too many places to hid spambots.
	(and yes, the fuzzy specification is hard to code to... :)

> Nick,
> bill's friend(tm)

	thats a new one... :)  care to take out a partnership in "Bills Bait & Sushi"	... there are franchise ops available.