[address-policy-wg] 2013-06 New Policy Proposal (PA/PI Unification IPv6 Address Space)

Hi Jan,

On 10/1/13 9:35 AM, Jan Ingvoldstad wrote:
[...]
>     You are right, it was not our intention to remove that line from
>     section 1.1. However, even with the old policy, my understanding was
>     that you should have assigned a /64 for the SSL certificate and not
>     a /128.
>
>
> Uhm, no, that would be – and sorry for the strong word use here – insane.
>
> What you're essentially saying is that for any case where one would
> create a reverse pointer, there would have to be a /64.
>

I'm not talking about how much you would use on your router or reverse dns.

I'm talking about how much to 'reserve' as minimum for a point-to-point 
link or for a service.

> This does not scale at all.
>
> In terms of routing, it currently makes sense to ensure that address
> space smaller than a /64 is not announced globally via BGP.
>
> But preventing actual _use_ of smaller address space is a very bad idea.

It's not preventing use of a smaller prefix, it's preventing 
assigning/sub-allocating less than a /64 for anything.

>
> One of the HUGE gains of IPv6 is that you can easily encode more
> information in the IP address itself than you could with IPv4. There is
> an enormous amount of flexibility thanks to the 128-bit size of the
> address space.
>
> Also, if the rightmost /64 cannot ever be used, then IPv6 should've been
> a 64-bit address space, and I don't think policing this here is relevant.
>

Well, I used to work as an IPRA at the RIPE NCC and my understanding of 
the policy then (and now) was that assignments and/or sub-allocations of 
anything below a /64 is out of scope and even if one IPv6 address is 
used within a /64, the whole subnet is considered to be used.

>
>     I am not sure that removing that line makes any difference, let's
>     see what the others think and we could add it back if it really
>     changes the policy scope.
>
>
>  >From a n00b's point of view, the old policy reads something like this,
> in brief:
>
> "This policy does not apply to address space smaller than /64"
>
> And the old policy reads:
>
> "This policy applies to address space regardless of its size"

I see, you may be right, this will be a second slide on the presentation 
made in Athens and we'll discuss it there.

>
> To me, this is the difference between letting me use e.g.
> 2a01:5b40::80:88:dead:beef:cafe as the IPv6 address for www.oyet.no
> <http://www.oyet.no>, and having to use e.g. 2a01:5b40:88:cafe::1/64.

I don't actually see it like that. You can still use the whole IPv6 
address to number a device, it's just that you can not split a /64 for 
different services.

For example, you can use a /64 to number, let's say, 100 devices that 
are in the same vlan doing the same thing and providing the same service 
but you can not number 100 different customers within a /64.

cheers,
elvis