It shouldn't be the only reason to get IPv6 PI, it should be combined with a different routing policy or the usage ratio should be high enough to get another IPv6 PI range (unlikely in most cases). HTTPS - 1 IP per SSL certificate should be enough (and with IPv6 you get many IPs with a /48). Sometimes PA isn't enough (for example someone uses uplinks from 2 networks to create their own network but isn't a LIR). It may also be because changing it in the future is not nice (read: if you have many servers with different configurations an IP change makes changing networks almost impossible!). It is (or was) possible to get IPv4 PI with (almost) the same argumentation and to move those organizations to IPv6 it might be required to offer it in the IPv6 PI policy. Just changing DNS is with advanced configurations never enough to change a host. Also when servers have to be moved DNS is normally not fast enough with changing (because many DNS resolvers don't follow the TTL you did set). I didn't say they don't qualify in the current policy. I asked IF they qualify yet or not. This is because some people say yes they qualify and some others say they don't qualify. Some people say that it is not allowed to use a single IP for a VPN you or client uses and others say feel free to use 65k IPv6 addresses for that. Some people say it is not allowed to offer co location clients (they have the same routing policy) 2 IPv6 addresses if you only have IPv6 PI and others say give them 65k IPv6 addresses per server or per client. Because of the many times we moved between networks in the past we always prefer PI above PA. With IPv6 it is even more important to not change IP addresses (because of the many IP addresses you will probably use after sometime). Regards, Mark -----Original Message----- From: Jeroen Massar [mailto:jeroen@unfix.org] Sent: dinsdag 14 juli 2009 14:36 To: Stream Service || Mark Scholten Cc: 'Address Policy Working Group' Subject: Re: [address-policy-wg] IPv6 PI Stream Service || Mark Scholten wrote:
Hello,
Are there people here that say that a small change of the current policy is a problem?
There are always people who will say that change is a problem.
The change would be that the list I did mention earlier is a valid reason to get a IPv6 PI range.
You gave a "list", quoting back from that email:
- dedicated servers (servers are owned by us) - co located servers (servers are owned by clients) - VPN (we have a few clients that use it, per VPN client at least 1) - VPS guests (per VPS guest at least 1 IP) - https (per host an IP)
If no one is saying that it is a problem at this moment to create a formal proposal to change it (or a new proposal based on the current one) I would like to create it the coming week. The target of the change will be to make it a little bit easier to get IPv6 PI for organizations, so more organizations could start offering their services on IPv6 (PA isn't enough for many organizations if they are not
How many addresses and prefixes are you talking about? How is routing arranged for these, are the in different ASNs etc? I don't see how that "list" would suddenly make you qualify for "PI" especially as there are no details at all, just that you have some hosts somewhere. "HTTPS" seems to always be a great target for claiming you need an extra IP address, but why can't you host that in PA space? DNS can be updated quite easily and voila host moved. the LIR). And why and how don't they qualify for the current IPv6-PI rules? Greets, Jeroen