Hi Jan,
I come across customers who want to get into IPv6 and have their own IP addresses. However they don’t want to multi-home (yet), they want to have the flexibility to change providers if needed without having to re-number their complete infrastructure / vpn devices / dns servers etc etc
The only way for those customers to help them currently is to tell them to:
A: become a LIR, pay 3300 euro sign-up and yearly cost for the first year. And nobody will ask if you are going to multi-home or not. There are plenty of LIR’s who are not multi-homed or just have some other company run their IP space under another AS.
B: Request PI IPv6, invest in multi-homing equipment and knowledge, connect to a competitor and proceed.
As LIR’s don’t have the requirement to multihome their IP space, means that the community is in agreement that this PI IPv6 space required a hurdle in order to stop a wild-growth on the IPv6 routing table growth, however if someone pays their way into the community (become a LIR), nobody cares anymore about the routing table growth and we gladly take your money and proceed.
Having said that, this is a financial decision and not a technical routing table growth mediation rule. And it should be treated as such. The proposal change I’ve done is to remove the multi-homing requirement, and ask the GM meeting to increase the cost for PI IPv6 from 50 euro to 250 euro to keep all things equal. That would still allow customers who want their own PI IPv6 to be able to request it for their own infrastructure, without having them to force them into my competitors arms or having them to shell-out 3300 euro to become a LIR, if they don’t want to become a LIR for their specific reasons.
There is no difference for those kind of customers in the routing table if you would receive a /32 (new LIR) or a /48 (new PI IPv6 without multi-homing).
On the part of colocation services as what you are doing / describing (your customer financially OWNS their servers), that is against the intention of PI (both IPv4 and IPv6) space. And as such your request got denied is my guess.
Regards,
Erik Bais
From: Jan Tuomi [mailto:tuomi@ventiro.se]
Sent: Wednesday, March 30, 2011 1:02 PM
To: Erik Bais
Cc: address-policy-wg@ripe.net
Subject: Re: [address-policy-wg] IPv6 PI request is turned down for my multihomed hosting facility - Why?
Hi Erik,
Why remove the multi-homing requirement? if you are not multihomed you could go with the PA-space you get from your single upstream provider?
My problem is that I actually am multi-homed, therefor I need IPv6-PI....
And if my customers have their servers in my facility they also are multihomed? So they could request for their own PI? that really doesnt make sensee, that would really clog down the routing tables....
The hosting network is today set up so each customer get their own IPv4 /29 of Private addresses, then I NAT a public IP on a first come-first served basis.
The reason they have an own IPv4 Net on the inside is to gain some security between servers in the facility...
With IPv6 I obviously dont want to use NAT, so I will set up a small IPv6 Network for each server, just as i do with IPv4, but without the NAT-part.. So instead of setting up a singe IP to the server I set up a network, but basically its the same...
so the change request about removing multi-homing requirement doesnt make sense in my case.... I think the requirement is a good thing because i dont see ANy reason to get PI-space if you are not multihomed.
// Janne
_______________________ V E N T I R O ______
Janne Tuomi, tuomi@ventiro.se
Tel: +46-11-36 52 00
GSM: +46-70-224 6000
Fax: +46-11-36 52 05
On 30 mar 2011, at 12.32, Erik Bais wrote:
Hi Jan,
If you are providing SSL hosting on your shared, dedicated of VPS webservers, you are allowed to use PI space, as long as you don’t provide blocks to a specific customers to use. That is considered assigning, so if you use a first come, first served assignment strategy on PI IP’s, that is acceptable for PI is my experience with the IPRA’s.
If your customer is hosting SSL sites on their equipment (read: you are providing collocation), you would need to sign up as a LIR for now, as your customer isn’t multi-homed (I assume) and that is (still) another requirement for IPv6 PI.
I have a policy change requested through the formal channels to remove the multi-homing requirement for PI IPv6, so expect some more discussion on PI IPv6 on the list soon.
Regards,
Erik Bais
From: address-policy-wg-admin@ripe.net [mailto:address-policy-wg-admin@ripe.net] On Behalf Of Jan Tuomi
Sent: Wednesday, March 30, 2011 11:55 AM
To: address-policy-wg@ripe.net
Subject: Re: [address-policy-wg] IPv6 PI request is turned down for my multihomed hosting facility - Why?
On 30 mar 2011, at 11.08, Adrian Czapek wrote:
> W dniu 2011-03-30 10:58, Tero Toikkanen pisze:
>> Hi,
>>
>> As far as I’m concerned, there seems to be a strange discrepancy between
>> IPv4 PI and IPv6 PI. Apparently Janne has already successfully obtained
>> IPv4 PI and has now requested IPv6 PI, declaring the same intended use.
>> Could someone please point out where in the policy documents it says one
>> can use IPv4 PI for hosting, but not IPv6 PI? I’m having a hard time
>> finding such terms.
>>
> http://www.ripe.net/ripe/docs/ripe-512#_8._IPv6_Provider
>
> Most important is the last sentence:
> The PI assignment cannot be further assigned to other organisations.
>
> And according to IPRA, if you provide hosting services on your own infratructure to other companies, you are sub-allocating part of your PI address space to them, so you cannot use PI address space for that purpose.
>
> Regards
> --
> Adrian
>
So what this means is that if a customer puts their server in my facility I am sub-allocating?
To sub-allocate I have to be an LIR and request an own PA-space?
For each customer I have to assign their own /64 and register it in the ripe-database?
Setting up an SSL-webhost is also sub-allocating? so to set up an ssl-host I have to again allocate an own /64 for the host, register it in the database, set up VLANS and routing on the webserver and network equipment since its a different IP-network? this will cause a lot of problem with stateful inspection in the firewall because i need to use multiple default gateways on the same server. So in the end I have to set up a whole new webbserver for each customer who needs SSL to get things running smoothly?
hmm.. seems that I have to forget about IPv6 and continue running IPv4 only....
// Janne
_______________________ V E N T I R O ______
Janne Tuomi, tuomi@ventiro.se
Tel: +46-11-36 52 00
GSM: +46-70-224 6000
Fax: +46-11-36 52 05
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1204 / Virus Database: 1498/3537 - Release Date: 03/29/11