Hi Nick,
-----Original Message----- From: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net] On Behalf Of Nick Hilliard Sent: 11 May 2015 14:08
On 11/05/2015 11:10, Gert Doering wrote:
I see "/32 as default, up to /29 if you ask" as very reasonable middle ground...
/29 gives 2^19 /48s, or a little over 500k /48s or 134 million /56s.
Before supporting this proposal, I'd be interested to see a real life addressing plan which needed more than this amount of bit space.
That is a perfectly reasonable question to ask (assuming it was effectively a question!). My difficulty however is adequately answering it without inadvertently releasing too much information about the UK MOD's infrastructure to a public mailing list. That is no one's problem but my own though so let me see how far I can get by at least covering some of the key principles. One clarification to get out of the way first given that this branch of the thread was a slight diversion from the core topic is that I am not looking at changing the '/32 as default, up to /29 if you ask' position as, like Gert, I agree that this is a very sensible default position. The issue presented is how to deal with those organisations who cannot fit within a /29, of which the UK MOD is one... As context for those not familiar, the UK MOD and Armed Forces are a large and complex organisation with an annual budget of over £37 billion (€52 billion) which puts it in the world's 'top 5' militaries by such a measure. Its global IP infrastructure spans land, sea, air and space environments using practically all conceivable physical layer transport type. From an IPv6 addressing perspective, the best place to start is arguably with the end sites. There are 10's of thousands of end sites encompassing what you might regard as 'conventional' sites (office/corporate environments, datacentres, military bases, dockyards etc) as well as military platforms (tanks, aircraft, ships etc) some of which could be regarded as enterprises in their own right (e.g. aircraft carriers). These end sites achieve their wider connectivity via ISPs (generally, but not exclusively, 'private' ISPs whose services are exclusive to the UK MOD) of which there are hundreds in each different geographic operating area (fixed UK, fixed overseas, deployed etc). Most end sites would connect to multiple ISPs, either simultaneously or varying over time (long term infrastructure changes down to short term connectivity changes in support of operations) and there is expected to be a mix of how to deal with this from an addressing perspective (readdressing, multiple prefixes, mobile IP, etc). In order to achieve aggregation and efficiency of routing (within the MOD, to other nations' militaries and to the Internet) this 'geographic area > ISP > end site' hierarchy becomes a key part of the addressing strategy. It is not a flat network and cannot be treated as one by the addressing strategy hence a straightforward 'number of end sites' calculation does not result in sufficient address space to be allocated. The issue is further compounded by the fact that the UK MOD must abide by national security policy which requires that ALL information that is generated, collected, stored, processed or shared is afforded the appropriate degree of protection according to its sensitivity and level of threat it faces. Security classifications are used to categorise the different levels of sensitivity/threat and effective delivery of these lead to the requirement to operate completely independent infrastructures with discrete routing policies for each classification hence multiple allocations are effectively required. The option of 'luxuries' such as semantics, nibble boundaries, 'just in case' expansion bits etc do not feature in the UK MOD's IPv6 addressing strategy - it is very much a 'minimum fit'. Whilst it is recognised that such practices might be sensible and commonplace in many organisations who achieve the default /32-/29 allocation we must acknowledge that when operating in the high order bit space we need to be aware of the disproportionate impact that such approaches would have. Even though I may have been vague with the numbers and specifics, does it help shed any light on how we might struggle to fit into a /29 allocation? In many respects, for us I feel that the fact there are >500k /48's in a /29 is similar to the fact that a /64 subnet has 2^64 addresses within it - it doesn't necessarily mean what the figures might otherwise first suggest! Regards, Mathew