Hi Erik,

Why remove the multi-homing requirement? if you are not multihomed you could go with the PA-space you get from your single upstream provider?

My problem is that I actually am multi-homed, therefor I need IPv6-PI....
And if my customers have their servers in my facility they also are multihomed? So they could request for their own PI? that really doesnt make sensee, that would really clog down the routing tables....

The hosting network is today set up so each customer get their own IPv4 /29 of Private addresses, then I NAT a public IP on a first come-first served basis.
The reason they have an own IPv4 Net on the inside is to gain some security between servers in the facility...

With IPv6 I obviously dont want to use NAT, so I will set up a small IPv6 Network for each server, just as i do with IPv4, but without the NAT-part.. So instead of setting up a singe IP to the server I set up a network, but basically its the same...

so the change request about removing multi-homing requirement doesnt make sense in my case.... I think the requirement is a good thing because i dont see ANy reason to get PI-space if you are not multihomed.

 // Janne


_______________________ V E N T I R O ______
Janne Tuomi, tuomi@ventiro.se
Tel: +46-11-36 52 00
GSM: +46-70-224 6000
Fax: +46-11-36 52 05

On 30 mar 2011, at 12.32, Erik Bais wrote:

Hi Jan,

 

If you are providing SSL hosting on your shared, dedicated of VPS webservers, you are allowed to use PI space, as long as you don’t provide blocks to a specific customers to use. That is considered assigning, so if you use a first come, first served assignment strategy on PI IP’s, that is acceptable for PI is my experience with the IPRA’s.

 

If your customer is hosting SSL sites on their equipment (read: you are providing collocation), you would need to sign up as a LIR for now, as your customer isn’t multi-homed (I assume) and that is (still)  another requirement for IPv6 PI.

 

I have a policy change requested through the formal channels to remove the multi-homing requirement for PI IPv6, so expect some more discussion on PI IPv6 on the list soon.

 

Regards,

Erik Bais

 

From: address-policy-wg-admin@ripe.net [mailto:address-policy-wg-admin@ripe.net] On Behalf Of Jan Tuomi
Sent: Wednesday, March 30, 2011 11:55 AM
To: address-policy-wg@ripe.net
Subject: Re: [address-policy-wg] IPv6 PI request is turned down for my multihomed hosting facility - Why?

 

On 30 mar 2011, at 11.08, Adrian Czapek wrote:

> W dniu 2011-03-30 10:58, Tero Toikkanen pisze:
>> Hi,
>>
>> As far as I’m concerned, there seems to be a strange discrepancy between
>> IPv4 PI and IPv6 PI. Apparently Janne has already successfully obtained
>> IPv4 PI and has now requested IPv6 PI, declaring the same intended use.
>> Could someone please point out where in the policy documents it says one
>> can use IPv4 PI for hosting, but not IPv6 PI? I’m having a hard time
>> finding such terms.
>>
> http://www.ripe.net/ripe/docs/ripe-512#_8._IPv6_Provider
>
> Most important is the last sentence:
> The PI assignment cannot be further assigned to other organisations.
>
> And according to IPRA, if you provide hosting services on your own infratructure to other companies, you are sub-allocating part of your PI address space to them, so you cannot use PI address space for that purpose.
>
> Regards
> --
> Adrian
>


So what this means is that if a customer puts their server in my facility I am sub-allocating?
To sub-allocate I have to be an LIR and request an own PA-space?
For each customer I have to assign their own /64 and register it in the ripe-database?

Setting up an SSL-webhost is also sub-allocating? so to set up an ssl-host I have to again allocate an own /64 for the host, register it in the database, set up VLANS and routing on the webserver and network equipment since its a different IP-network? this will cause a lot of problem with stateful inspection in the firewall because i need to use multiple default gateways on the same server. So in the end I have to set up a whole new webbserver for each customer who needs SSL to get things running smoothly?

hmm.. seems that I have to forget about IPv6 and continue running IPv4 only....

 // Janne

_______________________ V E N T I R O ______
Janne Tuomi, tuomi@ventiro.se
Tel: +46-11-36 52 00
GSM: +46-70-224 6000
Fax: +46-11-36 52 05


No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1204 / Virus Database: 1498/3537 - Release Date: 03/29/11