This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[address-policy-wg] 2015-03 New Policy Proposal (Assessment Criteria for IPv6 Initial Allocation Size)
- Previous message (by thread): [address-policy-wg] 2015-03 New Policy Proposal (Assessment Criteria for IPv6 Initial Allocation Size)
- Next message (by thread): [address-policy-wg] 2015-03 New Policy Proposal (Assessment Criteria for IPv6 Initial Allocation Size)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nick Hilliard
nick at inex.ie
Thu May 14 14:56:10 CEST 2015
Hi Mathew, yes, it was a question and thanks for answering it! It is clear that there are some larger organisations who fall outside the scope of the existing policy and that a policy change may be a good idea. Nick On 11/05/2015 21:27, Mathew Newton wrote: > Hi Nick, > >> -----Original Message----- From: address-policy-wg >> [mailto:address-policy-wg-bounces at ripe.net] On Behalf Of Nick >> Hilliard Sent: 11 May 2015 14:08 >> >> On 11/05/2015 11:10, Gert Doering wrote: >>> I see "/32 as default, up to /29 if you ask" as very reasonable >>> middle ground... >> >> /29 gives 2^19 /48s, or a little over 500k /48s or 134 million /56s. >> >> Before supporting this proposal, I'd be interested to see a real life >> addressing plan which needed more than this amount of bit space. > > That is a perfectly reasonable question to ask (assuming it was > effectively a question!). My difficulty however is adequately answering > it without inadvertently releasing too much information about the UK > MOD's infrastructure to a public mailing list. That is no one's problem > but my own though so let me see how far I can get by at least covering > some of the key principles. > > One clarification to get out of the way first given that this branch of > the thread was a slight diversion from the core topic is that I am not > looking at changing the '/32 as default, up to /29 if you ask' position > as, like Gert, I agree that this is a very sensible default position. > The issue presented is how to deal with those organisations who cannot > fit within a /29, of which the UK MOD is one... > > As context for those not familiar, the UK MOD and Armed Forces are a > large and complex organisation with an annual budget of over £37 billion > (€52 billion) which puts it in the world's 'top 5' militaries by such a > measure. Its global IP infrastructure spans land, sea, air and space > environments using practically all conceivable physical layer transport > type. > > From an IPv6 addressing perspective, the best place to start is arguably > with the end sites. There are 10's of thousands of end sites > encompassing what you might regard as 'conventional' sites > (office/corporate environments, datacentres, military bases, dockyards > etc) as well as military platforms (tanks, aircraft, ships etc) some of > which could be regarded as enterprises in their own right (e.g. aircraft > carriers). > > These end sites achieve their wider connectivity via ISPs (generally, > but not exclusively, 'private' ISPs whose services are exclusive to the > UK MOD) of which there are hundreds in each different geographic > operating area (fixed UK, fixed overseas, deployed etc). Most end sites > would connect to multiple ISPs, either simultaneously or varying over > time (long term infrastructure changes down to short term connectivity > changes in support of operations) and there is expected to be a mix of > how to deal with this from an addressing perspective (readdressing, > multiple prefixes, mobile IP, etc). > > In order to achieve aggregation and efficiency of routing (within the > MOD, to other nations' militaries and to the Internet) this 'geographic > area > ISP > end site' hierarchy becomes a key part of the addressing > strategy. It is not a flat network and cannot be treated as one by the > addressing strategy hence a straightforward 'number of end sites' > calculation does not result in sufficient address space to be > allocated. > > The issue is further compounded by the fact that the UK MOD must abide > by national security policy which requires that ALL information that is > generated, collected, stored, processed or shared is afforded the > appropriate degree of protection according to its sensitivity and level > of threat it faces. Security classifications are used to categorise the > different levels of sensitivity/threat and effective delivery of these > lead to the requirement to operate completely independent > infrastructures with discrete routing policies for each classification > hence multiple allocations are effectively required. > > The option of 'luxuries' such as semantics, nibble boundaries, 'just in > case' expansion bits etc do not feature in the UK MOD's IPv6 addressing > strategy - it is very much a 'minimum fit'. Whilst it is recognised that > such practices might be sensible and commonplace in many organisations > who achieve the default /32-/29 allocation we must acknowledge that when > operating in the high order bit space we need to be aware of the > disproportionate impact that such approaches would have. > > Even though I may have been vague with the numbers and specifics, does > it help shed any light on how we might struggle to fit into a /29 > allocation? In many respects, for us I feel that the fact there are > >500k /48's in a /29 is similar to the fact that a /64 subnet has 2^64 > addresses within it - it doesn't necessarily mean what the figures might > otherwise first suggest! > > Regards, > > Mathew >
- Previous message (by thread): [address-policy-wg] 2015-03 New Policy Proposal (Assessment Criteria for IPv6 Initial Allocation Size)
- Next message (by thread): [address-policy-wg] 2015-03 New Policy Proposal (Assessment Criteria for IPv6 Initial Allocation Size)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]