Policy proposal: #gamma IPv6 Initial Allocation Criteria
The 200 /48s rule does fail the job, in the present environment. We should abolish it for the arbitrary, plucked from the air number, that it is. Why? Because there are networks which are not end sites, who do make assignments to customers (just not 200 of them right now - or within 2 years), which cannot wait for the i*tf to get off the pot with whatever multi6/shim6 thing they are doing, which cannot wait the N years it will take for vendors to implement whatever comes out of the i*tf. They need fully-functioning IPv6 connectivity which is not dependant on (the address space, services, operational stability, etc., of) an upstream carrier, right now, for whom large scale renumbering whenever they have to change upstream is not a realistic option. This can be achieved through an IPv6 address allocation which is functionally similar to the IPv4 PA allocation they are currently entitled to. Currently, the RIRs issue these in /32 chunks. Sure, routing tables will grow. A bit. That's because the Internet is (still) growing. IPv6 is part of that growth, yet I don't really think we've had a substantial sunrise period yet. The sun seems to be very low on the horizon from where I'm sat. I don't think we're talking about floodgates here. The majority seem to think there are enough safeguards to prevent "casual" users from successfully receiving an IPv6 allocation. I agree. Right now, the only strong objections I'm seeing appear to be somewhat Canutist, despite being otherwise well-informed. In case my opinion isn't clear, I support the proposal as it stands. If there is a genuine and well-founded concern about pulling the "200 number" without some other form of safeguard, maybe we go with the proposal as it stands, but add a commitment (by the Chairs? group as a whole? NCC?) to table a review of the situation once the i*tf do come up with something, and there is vendor support for it? Would that help to allay fears of wet feet? Regards, Mike -- Mike Hughes Chief Technical Officer London Internet Exchange mike@linx.net http://www.linx.net/ "Only one thing in life is certain: init is Process #1"
The 200 /48s rule does fail the job, in the present environment. We should abolish it for the arbitrary, plucked from the air number, that it is.
care to do some plucking?
add a commitment (by the Chairs? group as a whole? NCC?) to table a review of the situation once the i*tf do come up with something, and there is vendor support for it?
<pedantry> american readers beware the brits have the opposite meaning of 'table'. randy
On Wed, Apr 06, 2005 at 07:53:27AM -1000, Randy Bush wrote:
The 200 /48s rule does fail the job, in the present environment. We should abolish it for the arbitrary, plucked from the air number, that it is.
care to do some plucking?
Surely 'more than 1' should suffice? The air it comes from may be unusually logical, but since one of the main arguments AGAINST changing the policy seems to come down to a fear of making allocations to 'end-sites', then (assuming we can agree on it) the simplest resolution is to rely on the definition of an end-site for our answer. Taking a step back to a more general observation, I don't see how the proposed changes open the gates (flood-bearing or otherwise) for end-site allocations any wider than they already are.. If we're going to look at things so simplistically then I guess the only potential 'problem' I see is that smaller LIRs (in a world where size is apparently judged on a scale where the size of an ISP is exactly proportional to its customer headcount) will find themselves able to get an allocation so they can (gasp!) start making Serious v6 service offerings... ...and wouldn't that suck? Andy -- Andy Furnell <andy@linx.net> Mob: +44 (0) 7909 680019 London Internet Exchange http://www.linx.net
On 6-apr-05, at 19:20, Mike Hughes wrote:
The 200 /48s rule does fail the job, in the present environment.
Still waiting for the evidence on this one... Can someone show me a request that has been turned down that shouldn't have? You all know my feelings about IPv4-like PI in IPv6 by now, but on the issue of making PA available to people who should have them (= not used as stealth PI) I'm keeping an open mind. Still, just repeating "200 is a problem" to eachother doesn't help, we need to know where the 200 limit gets in the way in the real world.
Because there are networks which are not end sites, who do make assignments to customers (just not 200 of them right now - or within 2 years), which cannot wait for the i*tf to get off the pot with whatever multi6/shim6 thing they are doing, which cannot wait the N years it will take for vendors to implement whatever comes out of the i*tf.
Just curious: why is waiting suddenly a problem? IPv6 has been a long time in coming for a long time. (And the letter you're looking for is "E".)
This can be achieved through an IPv6 address allocation which is functionally similar to the IPv4 PA allocation they are currently entitled to. Currently, the RIRs issue these in /32 chunks.
"Entitled to"???
Right now, the only strong objections I'm seeing appear to be somewhat Canutist, despite being otherwise well-informed.
Wow, that word apears only 4 times on the entire internet. What does it mean?
In case my opinion isn't clear, I support the proposal as it stands.
If there is a genuine and well-founded concern about pulling the "200 number" without some other form of safeguard, maybe we go with the proposal as it stands, but add a commitment (by the Chairs? group as a whole? NCC?) to table a review of the situation once the i*tf do come up with something, and there is vendor support for it?
I'm still waiting for those requests that were turned down, but in the mean time I think it might be a good idea to instruct the hostmasters that for a limited time (such as 2 years) and limited number of prefixes (say 256) they should evaluate PA requests that don't meet the 200 requirement and determine that it's not for "stealth PI" or some other less than legitimate purpose without specifying explicit limits. When this experimental period is finished we can then evaluate which requests were granted and which were denied and distill a new policy at that point. Remember that very few organizations are adopting IPv6 wholesale, and IPv6 is relatively easy to renumber, so if a few organizations have to gain experience with provider address space now and we change the policy later so those organizations can get their own block at that point rather than immediately, that's not a disaster.
On Wednesday 06 April 2005 21:22, Iljitsch van Beijnum wrote:
Right now, the only strong objections I'm seeing appear to be somewhat Canutist, despite being otherwise well-informed.
Wow, that word apears only 4 times on the entire internet. What does it mean?
I assume it's somekind of reference to King Canute - the chap who supposedly tried to order the tide not to come in. What it's supposed to mean in this thread lord only knows. Jon
On Wed, Apr 06, 2005 at 10:22:49PM +0200, Iljitsch van Beijnum wrote:
On 6-apr-05, at 19:20, Mike Hughes wrote:
The 200 /48s rule does fail the job, in the present environment.
Still waiting for the evidence on this one... Can someone show me a request that has been turned down that shouldn't have?
I've seen an application fail from an LIR planning to make a large (/35) allocation to a downstream ISP, who would then be making (2000+) end-user /48 assignments. The direct assignments from the LIR itself would not total more than 20, and as such either the ISP would have to become an LIR to receive its own allocation (which could then have an allocation made for its upstream's use) or for the upstream LIR to assign directly to the ISP's customers. Perhaps more relevant to this particular discussion is that we (uk.linx) house a number of other projects to whom we currently make v4 assignments. But since our primary area of business is not being an ISP, getting 200 customers to service in this manner is not exactly our top priority.. 10 is probably closer to the mark. Even so, our needs and the needs of our customers are the same as those of any 200-customer-plus organisation, so what other differences are there (engineering or otherwise) between the 'us' and the 'them'? There are others. Perhaps the NCC have some useful stats..
Because there are networks which are not end sites, who do make assignments to customers (just not 200 of them right now - or within 2 years), which cannot wait for the i*tf to get off the pot with whatever multi6/shim6 thing they are doing, which cannot wait the N years it will take for vendors to implement whatever comes out of the i*tf.
Just curious: why is waiting suddenly a problem? IPv6 has been a long time in coming for a long time. (And the letter you're looking for is "E".)
Well, the noise from customers about when they can have IPv6 is certainly getting louder. Deals are being made and broken by an ISP's ability to offer a viable IPv6 solution, and it hurts especially badly when an ISP is unable to receive an allocation in the first place because their customer count simply isn't worthy enough.
In case my opinion isn't clear, I support the proposal as it stands.
If there is a genuine and well-founded concern about pulling the "200 number" without some other form of safeguard, maybe we go with the proposal as it stands, but add a commitment (by the Chairs? group as a whole? NCC?) to table a review of the situation once the i*tf do come up with something, and there is vendor support for it?
I'm still waiting for those requests that were turned down, but in the mean time I think it might be a good idea to instruct the hostmasters that for a limited time (such as 2 years) and limited number of prefixes (say 256) they should evaluate PA requests that don't meet the 200 requirement and determine that it's not for "stealth PI" or some other less than legitimate purpose without specifying explicit limits.
So how exactly do you propose to determine what's 'stealth PI' and what's not? Surely if an LIR is going to be assigning to other end-site organisations we're looking at a genuine PA request, regardless of how many assignments will be made.
When this experimental period is finished we can then evaluate which requests were granted and which were denied and distill a new policy at that point.
And when the NCC do come back with this magic metric as to what (exactly) a PA-worthy LIR is, for how long do you expect that data to be accurate? Do we really want to have to review this policy every 2 years as we discover another corner case that disproves the last batch of changes? Andy -- Andy Furnell <andy@linx.net> Mob: +44 (0) 7909 680019 London Internet Exchange http://www.linx.net
Iljitsch van Beijnum said:
Right now, the only strong objections I'm seeing appear to be somewhat Canutist, despite being otherwise well-informed. Wow, that word apears only 4 times on the entire internet. What does it mean?
King Cnut 'the Great' ruled England, Denmark, and Norway [1] in the 11th century. The story is told that his courtiers flattered him to the extent of claiming that the king was all-powerful. To prove them wrong, he had his throne set on the beach and pointed out that even the king could not stop the tide coming in. [1] By 1013 the English nobility were so disillusioned by the existing king, Ethelred II 'the Unready' [2], that they deposed him and acknowledged Sweyn "Forkbeard" as king. Following Sweyn's death the next year, Ethelred returned from exile in Normandy but died in April 1016. His son Edmund II "Ironside" took the throne but was defeated at the Battle of Ashingdon by Sweyn's son Cnut. Under the resulting peace treaty Edmund ruled Wessex while Cnut took the rest of England. Edmund died in November leaving Cnut undisputed master of the country. Cnut died in 1035. His sons Harold I "Harefoot" and Harthacanute split the country, the former taking Mercia and Northumbria and the latter Wessex. Up to Harold's death in 1040 [3], Harthacanute spent most of his time in Denmark (which he was also king of) leaving Harold to effectively rule England. Harthacanute died in 1042, to be succeeded by his half-brother (Ethelred's son) Edward III "the Confessor". On Edward's death in 1066 the throne was claimed by both Harold II (his brother-in-law) and William I (a relative by marriage); the matter was decided near Hastings. [2] This word actually means "un-wise" or "ill-advised", not "unprepared". [3] Also the year in which Macbeth succeeded Duncan I in Scotland. Macbeth died in 1057, succeeded by his son Lulach. -- Clive D.W. Feather | Work: <clive@demon.net> | Tel: +44 20 8495 6138 Internet Expert | Home: <clive@davros.org> | Fax: +44 870 051 9937 Demon Internet | WWW: http://www.davros.org | Mobile: +44 7973 377646 Thus plc | |
Right now, the only strong objections I'm seeing appear to be somewhat Canutist, despite being otherwise well-informed.
Wow, that word apears only 4 times on the entire internet. What does it mean?
You have to know the story of King Canute to understand. Read this: http://www.inspirationalstories.com/0/91.html --Michael Dillon
Hi, On Wed, Apr 06, 2005 at 10:22:49PM +0200, Iljitsch van Beijnum wrote:
as stealth PI) I'm keeping an open mind. Still, just repeating "200 is a problem" to eachother doesn't help, we need to know where the 200 limit gets in the way in the real world.
People are not making IPv6 allocation requests because they assume that they won't have 200 active IPv6 customers in two years time. Those that *do* make requests usually find a way to word their "plan" in a way that the request is granted, but a fair number of smaller ISPs have told me that they didn't send in a request at all, due to not wishing to tell lies. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 71007 (66629) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234
At 19:25 07/04/2005, Gert Doering wrote:
Hi,
On Wed, Apr 06, 2005 at 10:22:49PM +0200, Iljitsch van Beijnum wrote:
as stealth PI) I'm keeping an open mind. Still, just repeating "200 is a problem" to eachother doesn't help, we need to know where the 200 limit gets in the way in the real world.
People are not making IPv6 allocation requests because they assume that they won't have 200 active IPv6 customers in two years time.
Those that *do* make requests usually find a way to word their "plan" in a way that the request is granted, but a fair number of smaller ISPs have told me that they didn't send in a request at all, due to not wishing to tell lies.
We are probably in this camp. We manage two transit networks, one of which is intended to manage itself in 2-3 years. I was able to get PI v4 space to address its PoPs, but the existing policies won't allow me to do the same for v6, so no point in applying. Or does a transit network count as an exchange? We think the 200-customer criterion should be scrapped, and so support the proposal. -- Tim
On Thu, 2005-04-14 at 11:49 +0100, Tim Streater wrote:
At 19:25 07/04/2005, Gert Doering wrote:
Hi,
On Wed, Apr 06, 2005 at 10:22:49PM +0200, Iljitsch van Beijnum wrote:
as stealth PI) I'm keeping an open mind. Still, just repeating "200 is a problem" to eachother doesn't help, we need to know where the 200 limit gets in the way in the real world.
People are not making IPv6 allocation requests because they assume that they won't have 200 active IPv6 customers in two years time.
Those that *do* make requests usually find a way to word their "plan" in a way that the request is granted, but a fair number of smaller ISPs have told me that they didn't send in a request at all, due to not wishing to tell lies.
We are probably in this camp. We manage two transit networks, one of which is intended to manage itself in 2-3 years. I was able to get PI v4 space to address its PoPs, but the existing policies won't allow me to do the same for v6, so no point in applying.
Question, do you need: * Globally Unique Address Space or: * Globally Unique Address Space that is meant to be in the global routing tables(*1).
Or does a transit network count as an exchange?
IMHO, one can see it indeed as an exchange, in which case you will get the first option from the above question. But as it is a IX block it is not supposed to be in the routing tables as a single /48 and thus might not be globally routed. Greets, Jeroen (*1) because for eg a /48 there is no aggregate that would lead it to be sent to your box. Global Routing tables = a prefix which is available in most networks.
At 12:51 14/04/2005, Jeroen Massar wrote:
On Thu, 2005-04-14 at 11:49 +0100, Tim Streater wrote:
At 19:25 07/04/2005, Gert Doering wrote:
Hi,
On Wed, Apr 06, 2005 at 10:22:49PM +0200, Iljitsch van Beijnum wrote:
as stealth PI) I'm keeping an open mind. Still, just repeating "200 is a problem" to eachother doesn't help, we need to know where the 200 limit gets in the way in the real world.
People are not making IPv6 allocation requests because they assume that they won't have 200 active IPv6 customers in two years time.
Those that *do* make requests usually find a way to word their "plan" in a way that the request is granted, but a fair number of smaller ISPs have told me that they didn't send in a request at all, due to not wishing to tell lies.
We are probably in this camp. We manage two transit networks, one of which is intended to manage itself in 2-3 years. I was able to get PI v4 space to address its PoPs, but the existing policies won't allow me to do the same for v6, so no point in applying.
Question, do you need: * Globally Unique Address Space or: * Globally Unique Address Space that is meant to be in the global routing tables(*1).
Or does a transit network count as an exchange?
IMHO, one can see it indeed as an exchange, in which case you will get the first option from the above question. But as it is a IX block it is not supposed to be in the routing tables as a single /48 and thus might not be globally routed.
It does need to be globally routeable. Our customer networks may have access to some of our infrastructure items. Now, they could make a hole in their policy and accept a /48, but exceptions are best avoided. In addition, we may host our web-servers at a PoP, and occasionally host third-party workstations at PoPs when we collaborate with the third parties on research projects. Cheers, -- Tim
participants (10)
-
Andy Furnell -
Clive D.W. Feather -
Gert Doering -
Iljitsch van Beijnum -
Jeroen Massar -
Jon Lawrence -
Michael.Dillon@radianz.com -
Mike Hughes -
Randy Bush -
Tim Streater