Hi Jan, On 10/1/13 9:35 AM, Jan Ingvoldstad wrote: [...]
You are right, it was not our intention to remove that line from section 1.1. However, even with the old policy, my understanding was that you should have assigned a /64 for the SSL certificate and not a /128.
Uhm, no, that would be – and sorry for the strong word use here – insane.
What you're essentially saying is that for any case where one would create a reverse pointer, there would have to be a /64.
I'm not talking about how much you would use on your router or reverse dns. I'm talking about how much to 'reserve' as minimum for a point-to-point link or for a service.
This does not scale at all.
In terms of routing, it currently makes sense to ensure that address space smaller than a /64 is not announced globally via BGP.
But preventing actual _use_ of smaller address space is a very bad idea.
It's not preventing use of a smaller prefix, it's preventing assigning/sub-allocating less than a /64 for anything.
One of the HUGE gains of IPv6 is that you can easily encode more information in the IP address itself than you could with IPv4. There is an enormous amount of flexibility thanks to the 128-bit size of the address space.
Also, if the rightmost /64 cannot ever be used, then IPv6 should've been a 64-bit address space, and I don't think policing this here is relevant.
Well, I used to work as an IPRA at the RIPE NCC and my understanding of the policy then (and now) was that assignments and/or sub-allocations of anything below a /64 is out of scope and even if one IPv6 address is used within a /64, the whole subnet is considered to be used.
I am not sure that removing that line makes any difference, let's see what the others think and we could add it back if it really changes the policy scope.
From a n00b's point of view, the old policy reads something like this, in brief:
"This policy does not apply to address space smaller than /64"
And the old policy reads:
"This policy applies to address space regardless of its size"
I see, you may be right, this will be a second slide on the presentation made in Athens and we'll discuss it there.
To me, this is the difference between letting me use e.g. 2a01:5b40::80:88:dead:beef:cafe as the IPv6 address for www.oyet.no <http://www.oyet.no>, and having to use e.g. 2a01:5b40:88:cafe::1/64.
I don't actually see it like that. You can still use the whole IPv6 address to number a device, it's just that you can not split a /64 for different services. For example, you can use a /64 to number, let's say, 100 devices that are in the same vlan doing the same thing and providing the same service but you can not number 100 different customers within a /64. cheers, elvis