Hi, On Wed, Mar 30, 2011 at 7:14 AM, Gert Doering <gert@space.net> wrote:
On Wed, Mar 30, 2011 at 11:54:55AM +0200, Jan Tuomi wrote:
Setting up an SSL-webhost is also sub-allocating?
This is very grey area. Technically, it's "giving an address to a 3rd party", but personally I'd see this is as "it's still the same machine under *your* control".
Right. I want to take this further by revisiting some core networking principles with a touch of v6: Control of usage of addresses, even in times of /64 v6 SLAAC-enabled LANs, remains with the party that switches and routes them, normally but not necessarily, to and on the Internet. This is the reality. Consider this for a while. APWG is fooling itself in thinking that it can control what addresses anyone configures on a host. Influence (in only a small way), yes. Control, no. The core registry function of RIPE *is* to facilitate Internetworking by avoiding addressing collisions. Put different, RIPE concerns itself primarily with assisting in organizing addressing, allowing networks to communicate, *not* specific hosts. The networks concern themselves with making hosts communicate. A host can have any address configured, free of consequence, until it is connected to a network. Much of the pain from APWGs policies comes, IMO, from the distance of the disconnect a policy has with reality. The further the disconnect, the greater the resulting pain and lies. Close the gap, reduce the pain and lies. PIv6 has a very big disconnect with reality right now IMO, which lately has become very evident. Tieing the "user" of addresses (in RIR sense) closer to the party that routes and switches them(*), ie the network, and away from the ones who configures them on a host stack, is 100% in line with RIPE's role as a registry. In IPv6 with SLAAC, this is particularly true. * For administrative reasons, it becomes at some point very burdensome to track usage (in RIR sense) at the RIR level of individual end-users (ie, home users) which is why a lower threshold of "allocations" in IPv4 of /30 was established long time ago. I believe the equivalent value in IPv6 is /48, which in itself probably is subject to considerations w.r.t BCP157 now. Conceptually, each organizational level in the addressing hierarchy should (for abuse- and law-enforcement purposes, I suppose..) be able to provide a pointer, a next-hop to the next entity in charge of something. In theory, RIPE's only pointer to resources delegated to a LIR could be to the LIR itself (who of course is free to keep its record in a public database such as RIPE's).
But we already know that datacenter has all the range from "very obviously *not* sub-allocation" to "very obviously this *is* sub-allocation", and as such, distinction between "what is OK" and "what is not" is tricky at best.
So let's substitute it for something that is clear, logical and consequential. :) Regards, Martin