2015-03 New Policy Proposal (Assessment Criteria for IPv6 Initial Allocation Size)
Dear colleagues, A proposed change to the RIPE Document "IPv6 Address Allocation and Assignment Policy" now is open for discussion. The proposal aims to expand the criteria for evaluating initial IPv6 allocations larger than a /29. The RIPE NCC would consider additional aspects beyond only the number of existing users and extent of the organisation's infrastructure. You can find the full proposal at: https://www.ripe.net/participate/policies/proposals/2015-03 We encourage you to review this proposal and send your comments to <address-policy-wg@ripe.net> before 27 May 2015. Regards Marco Schmidt Policy Development Officer RIPE NCC
On 28 April 2015 at 13:00, Marco Schmidt <mschmidt@ripe.net> wrote:
The proposal aims to expand the criteria for evaluating initial IPv6 allocations larger than a /29. The RIPE NCC would consider additional aspects beyond only the number of existing users and extent of the organisation's infrastructure.
Support at current stage - may change after seeing IA J -- James Blessing 07989 039 476
Hello, I agree with this opinion. Therefore: +1 Carsten LIR de.government -----Ursprüngliche Nachricht----- Von: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net] Im Auftrag von James Blessing Gesendet: Dienstag, 28. April 2015 14:20 An: Address Policy Working Group Betreff: Re: [address-policy-wg] 2015-03 New Policy Proposal (Assessment Criteria for IPv6 Initial Allocation Size) On 28 April 2015 at 13:00, Marco Schmidt <mschmidt@ripe.net> wrote:
The proposal aims to expand the criteria for evaluating initial IPv6 allocations larger than a /29. The RIPE NCC would consider additional aspects beyond only the number of existing users and extent of the organisation's infrastructure.
Support at current stage - may change after seeing IA J -- James Blessing 07989 039 476
Hi all I support this proposal +1 From my background as Chair of the Swiss IPv6 Council and many years of working with large organizations such as enterprises and governments, I know that basing an allocation size on number of users and size of network is not sufficient and does not allow them to create address plans that meet their various requirements. I think the RIPE NCC needs an open framework to be able to make meaningful allocations to such organizations, and thereby support and maybe even accelerate the deployment of IPv6 in the RIPE region. I therefore support it. Silvia Chair Swiss IPv6 Council -----Ursprüngliche Nachricht----- Von: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net] Im Auftrag von LIR (BIT I 5) Gesendet: Donnerstag, 7. Mai 2015 11:57 An: Address Policy Working Group Betreff: Re: [address-policy-wg] 2015-03 New Policy Proposal (Assessment Criteria for IPv6 Initial Allocation Size) Hello, I agree with this opinion. Therefore: +1 Carsten LIR de.government -----Ursprüngliche Nachricht----- Von: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net] Im Auftrag von James Blessing Gesendet: Dienstag, 28. April 2015 14:20 An: Address Policy Working Group Betreff: Re: [address-policy-wg] 2015-03 New Policy Proposal (Assessment Criteria for IPv6 Initial Allocation Size) On 28 April 2015 at 13:00, Marco Schmidt <mschmidt@ripe.net> wrote:
The proposal aims to expand the criteria for evaluating initial IPv6 allocations larger than a /29. The RIPE NCC would consider additional aspects beyond only the number of existing users and extent of the organisation's infrastructure.
Support at current stage - may change after seeing IA J -- James Blessing 07989 039 476
On Tue, Apr 28, 2015 at 02:00:40PM +0200, Marco Schmidt wrote:
The proposal aims to expand the criteria for evaluating initial IPv6 allocations larger than a /29. The RIPE NCC would consider additional aspects beyond only the number of existing users and extent of the organisation's infrastructure.
1) I've some issues with the language of the proposal, namely the idea of "mitigating wastefulness" by prescribing or proscribing certain concepts and practices either by the NCC or the community. I believe that everyone runs their own network at the end of the day and neither the NCC, the membership nor the apwg community are qualified to judge individual members' network design decisions. 2) There is some issue with transparency if the text is removed as proposed insofar as there is, then, no guidance whatsoever on how an alloc request >/29 is judged. Perhaps this can be addressed in the NCC Impact Statement. 3) I'm inclined to support this proposal, however, if these issues are addressed. rgds, Sascha Luck rgds, Sascha Luck
On Tue, Apr 28, 2015 at 2:00 PM, Marco Schmidt <mschmidt@ripe.net> wrote:
Dear colleagues,
A proposed change to the RIPE Document "IPv6 Address Allocation and Assignment Policy" now is open for discussion.
The proposal aims to expand the criteria for evaluating initial IPv6 allocations larger than a /29. The RIPE NCC would consider additional aspects beyond only the number of existing users and extent of the organisation's infrastructure.
You can find the full proposal at:
I think this change makes sense. Although I'd personally like to see stricter requirements and smaller allocations sizes for IPv6 in general, the proposed change does not make things worse from my point of view. So I support it. :) -- Jan
Hi, On Mon, May 11, 2015 at 10:37:34AM +0200, Jan Ingvoldstad wrote:
Although I'd personally like to see stricter requirements and smaller allocations sizes for IPv6 in general,
Slightly off-track, but you made me curious. Given the number of /29s and /32s available in FP001, and the potential numbers of LIRs in the future (like, things explode and we'll see 100.000 LIRs) - where do you see the problem with our allocation sizes? I think we should balance between "too big" (aka: FP001 fills up, and new LIRs won't be able to get what they need [or we start using FP010]) and "too small" (aka: LIRs will have to squeeze inside, and resort to unwanted behaviour, like "give customers only a single /64" or even "single /128"). I see "/32 as default, up to /29 if you ask" as very reasonable middle ground... Gert Doering -- speaking as IPv6 user who does math -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
On 11/05/2015 11:10, Gert Doering wrote:
I see "/32 as default, up to /29 if you ask" as very reasonable middle ground...
/29 gives 2^19 /48s, or a little over 500k /48s or 134 million /56s. Before supporting this proposal, I'd be interested to see a real life addressing plan which needed more than this amount of bit space. Nick
On 11 May 2015, at 14:08, Nick Hilliard <nick@inex.ie> wrote:
Before supporting this proposal, I'd be interested to see a real life addressing plan which needed more than this amount of bit space.
+1
Hi Nick,
-----Original Message----- From: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net] On Behalf Of Nick Hilliard Sent: 11 May 2015 14:08
On 11/05/2015 11:10, Gert Doering wrote:
I see "/32 as default, up to /29 if you ask" as very reasonable middle ground...
/29 gives 2^19 /48s, or a little over 500k /48s or 134 million /56s.
Before supporting this proposal, I'd be interested to see a real life addressing plan which needed more than this amount of bit space.
That is a perfectly reasonable question to ask (assuming it was effectively a question!). My difficulty however is adequately answering it without inadvertently releasing too much information about the UK MOD's infrastructure to a public mailing list. That is no one's problem but my own though so let me see how far I can get by at least covering some of the key principles. One clarification to get out of the way first given that this branch of the thread was a slight diversion from the core topic is that I am not looking at changing the '/32 as default, up to /29 if you ask' position as, like Gert, I agree that this is a very sensible default position. The issue presented is how to deal with those organisations who cannot fit within a /29, of which the UK MOD is one... As context for those not familiar, the UK MOD and Armed Forces are a large and complex organisation with an annual budget of over £37 billion (€52 billion) which puts it in the world's 'top 5' militaries by such a measure. Its global IP infrastructure spans land, sea, air and space environments using practically all conceivable physical layer transport type. From an IPv6 addressing perspective, the best place to start is arguably with the end sites. There are 10's of thousands of end sites encompassing what you might regard as 'conventional' sites (office/corporate environments, datacentres, military bases, dockyards etc) as well as military platforms (tanks, aircraft, ships etc) some of which could be regarded as enterprises in their own right (e.g. aircraft carriers). These end sites achieve their wider connectivity via ISPs (generally, but not exclusively, 'private' ISPs whose services are exclusive to the UK MOD) of which there are hundreds in each different geographic operating area (fixed UK, fixed overseas, deployed etc). Most end sites would connect to multiple ISPs, either simultaneously or varying over time (long term infrastructure changes down to short term connectivity changes in support of operations) and there is expected to be a mix of how to deal with this from an addressing perspective (readdressing, multiple prefixes, mobile IP, etc). In order to achieve aggregation and efficiency of routing (within the MOD, to other nations' militaries and to the Internet) this 'geographic area > ISP > end site' hierarchy becomes a key part of the addressing strategy. It is not a flat network and cannot be treated as one by the addressing strategy hence a straightforward 'number of end sites' calculation does not result in sufficient address space to be allocated. The issue is further compounded by the fact that the UK MOD must abide by national security policy which requires that ALL information that is generated, collected, stored, processed or shared is afforded the appropriate degree of protection according to its sensitivity and level of threat it faces. Security classifications are used to categorise the different levels of sensitivity/threat and effective delivery of these lead to the requirement to operate completely independent infrastructures with discrete routing policies for each classification hence multiple allocations are effectively required. The option of 'luxuries' such as semantics, nibble boundaries, 'just in case' expansion bits etc do not feature in the UK MOD's IPv6 addressing strategy - it is very much a 'minimum fit'. Whilst it is recognised that such practices might be sensible and commonplace in many organisations who achieve the default /32-/29 allocation we must acknowledge that when operating in the high order bit space we need to be aware of the disproportionate impact that such approaches would have. Even though I may have been vague with the numbers and specifics, does it help shed any light on how we might struggle to fit into a /29 allocation? In many respects, for us I feel that the fact there are >500k /48's in a /29 is similar to the fact that a /64 subnet has 2^64 addresses within it - it doesn't necessarily mean what the figures might otherwise first suggest! Regards, Mathew
On Mon, May 11, 2015 at 9:27 PM, Mathew Newton < Mathew.Newton643@official.mod.uk> wrote: (..., yes, I read it all) Even though I may have been vague with the numbers and specifics, does it
help shed any light on how we might struggle to fit into a /29 allocation? In many respects, for us I feel that the fact there are >500k /48's in a /29 is similar to the fact that a /64 subnet has 2^64 addresses within it - it doesn't necessarily mean what the figures might otherwise first suggest!
This makes me curious. Your /29 is the equivalent of 8 IPv4 internets, if we ignore that /64 subnet thing. How do you manage your IPv4 space, then? Do you actually have routing that needs more than 8 total IPv4 spaces? -- Jan
Hi Jan, -----Original Message-----
From: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net] On Behalf Of Jan Ingvoldstad Sent: 12 May 2015 12:33
How do you manage your IPv4 space, then?
Not wishing to sound flippant, but the answer to that really is 'with some difficulty'. This is despite being in the fortunate position of holding a /8 IPv4 allocation (amongst other, smaller, ranges) in addition to widespread usage of (overlapping) RFC1918 address space.
Do you actually have routing that needs more than 8 total IPv4 spaces?
I cannot answer that directly because it is, in my view, a false dichotomy as it is far more complicated a situation than that. Besides which, migration to IPv6 would be a wasted opportunity if it was rolled out and configured in exactly the same way as IPv4 given all the existing problems and constraints that would continue to persist. Regards, Mathew
On Tue, May 12, 2015 at 2:26 PM, Mathew Newton < Mathew.Newton643@official.mod.uk> wrote:
Hi Jan,
Hi again, Matthew, and thanks for answering.
-----Original Message-----
From: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net] On Behalf Of Jan Ingvoldstad Sent: 12 May 2015 12:33
How do you manage your IPv4 space, then?
Not wishing to sound flippant, but the answer to that really is 'with some difficulty'. This is despite being in the fortunate position of holding a /8 IPv4 allocation (amongst other, smaller, ranges) in addition to widespread usage of (overlapping) RFC1918 address space.
Do you actually have routing that needs more than 8 total IPv4 spaces?
I cannot answer that directly because it is, in my view, a false dichotomy as it is far more complicated a situation than that.
What it does give you, is the opportunity to create 2048 times the amount of routes you could in your current IPv4 /8, without worrying about the things you could do in your internal networks with the remaining part of the /64. Besides which, migration to IPv6 would be a wasted opportunity if it was
rolled out and configured in exactly the same way as IPv4 given all the existing problems and constraints that would continue to persist.
Oh, I agree with that. Over here, we actively abuse the system by randomly generating /80 addresses for internal use, and reusing those in ways that apparently never were intended by those who designed the IPv6 address specification. What I do think is a problem, though, is that IPv6 address space is considered so plentiful that we're repeating the mistakes of when we thought the IPv4 address space was plentiful. I don't see a big problem with RIPE NCC evaluating requests for allocations up to e.g. /24 in some very rare cases. However, these things have a way of sliding down a slippery slope, and the IPv6 address space is most likely what we're going to be stuck with for our systems' lifetimes. The prospective system lifetimes are long, perhaps on the order of hundreds of years. And that's actually something we need to keep in mind when setting policy today. -- Jan
Hi,
On 12 May 2015, at 14:18, Jan Ingvoldstad <frettled@gmail.com> wrote:
On Tue, May 12, 2015 at 2:26 PM, Mathew Newton <Mathew.Newton643@official.mod.uk <mailto:Mathew.Newton643@official.mod.uk>> wrote: Hi Jan,
Hi again, Matthew, and thanks for answering.
-----Original Message-----
From: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net <mailto:address-policy-wg-bounces@ripe.net>] On Behalf Of Jan Ingvoldstad Sent: 12 May 2015 12:33
How do you manage your IPv4 space, then?
Not wishing to sound flippant, but the answer to that really is 'with some difficulty'. This is despite being in the fortunate position of holding a /8 IPv4 allocation (amongst other, smaller, ranges) in addition to widespread usage of (overlapping) RFC1918 address space.
Do you actually have routing that needs more than 8 total IPv4 spaces?
I cannot answer that directly because it is, in my view, a false dichotomy as it is far more complicated a situation than that.
What it does give you, is the opportunity to create 2048 times the amount of routes you could in your current IPv4 /8, without worrying about the things you could do in your internal networks with the remaining part of the /64.
Besides which, migration to IPv6 would be a wasted opportunity if it was rolled out and configured in exactly the same way as IPv4 given all the existing problems and constraints that would continue to persist.
Oh, I agree with that. Over here, we actively abuse the system by randomly generating /80 addresses for internal use, and reusing those in ways that apparently never were intended by those who designed the IPv6 address specification.
What I do think is a problem, though, is that IPv6 address space is considered so plentiful that we're repeating the mistakes of when we thought the IPv4 address space was plentiful.
I don't see a big problem with RIPE NCC evaluating requests for allocations up to e.g. /24 in some very rare cases.
However, these things have a way of sliding down a slippery slope, and the IPv6 address space is most likely what we're going to be stuck with for our systems' lifetimes. The prospective system lifetimes are long, perhaps on the order of hundreds of years.
And that's actually something we need to keep in mind when setting policy today.
We’re to date only allocating from 1/8th of the overall IPv6 address space. There’s 7/8ths remaining in which policy can be changed, if required. And I would put a bet on IPv6 not being the mainstream global / interplanetary communication protocol in hundreds of years, but I won’t be around to collect, so…. On the /64 boundary, I’d point you at RFC7421. Tim
On Tue, May 12, 2015 at 3:40 PM, Tim Chown <tjc@ecs.soton.ac.uk> wrote:
We’re to date only allocating from 1/8th of the overall IPv6 address space.
Which is actually an immensely huge part of it.
There’s 7/8ths remaining in which policy can be changed, if required.
Yes, fortunately.
And I would put a bet on IPv6 not being the mainstream global / interplanetary communication protocol in hundreds of years, but I won’t be around to collect, so….
Perhaps it won't, but if it won't, then the IPv6 design has failed. IPv4 already has been around for 34 years or so (IIRC, we got it in 1981), and will be something we have to work with for a couple of decades or more, depending on whether IPv6 actually can replace IPv6 use that quickly. So let's say, for simplicity's sake, that IPv4's lifetime turns out to be 50-60 years. If IPv6 shouldn't be the mainstream communication protocol for the timeframe I mentioned, someone had best get started on IPv7.
On the /64 boundary, I’d point you at RFC7421.
Well, I guess that's a nice document to point people to, if they're unfamiliar with the history of IPv6 and the issues that have been raised. I'll be sure to mention it if I run into someone who needs it, thanks! -- Jan
On May 12, 2015, at 09:07, Jan Ingvoldstad <frettled@gmail.com> wrote:
On Tue, May 12, 2015 at 3:40 PM, Tim Chown <tjc@ecs.soton.ac.uk> wrote: ..... On the /64 boundary, I’d point you at RFC7421.
Well, I guess that's a nice document to point people to, if they're unfamiliar with the history of IPv6 and the issues that have been raised. I'll be sure to mention it if I run into someone who needs it, thanks!
I'd like to call you attention to the following paragraph from the end of section 2 of RFC7421; The remainder of this document describes arguments that have been made against the current fixed IID length and analyzes the effects of a possible change. However, the consensus of the IETF is that the benefits of keeping the length fixed at 64 bits and the practical difficulties of changing it outweigh the arguments for change. The point being that neither RIPE nor the other RIRs are the place to discuss changes to the IPv6 architecture. If you feel changes to the IPv6 architecture needed, you need to participate in discussions in the IETF v6ops and 6man working groups. It would have been helpful to have added your voice in the the discussion of the Why64 draft that became RFC 7421. There was a lively discussion, but the paragraph above accurately reflects the current consensus. Participation in the discussion at the IETF is really the only way to change that consensus. Thanks -- =============================================== David Farmer Email: farmer@umn.edu Office of Information Technology University of Minnesota 2218 University Ave SE Phone: +1-612-626-0815 Minneapolis, MN 55414-3029 Cell: +1-612-812-9952 ===============================================
On Tue, May 12, 2015 at 4:07 PM, Jan Ingvoldstad <frettled@gmail.com> wrote:
On Tue, May 12, 2015 at 3:40 PM, Tim Chown <tjc@ecs.soton.ac.uk> wrote: <snip>
And I would put a bet on IPv6 not being the mainstream global / interplanetary communication protocol in hundreds of years, but I won’t be around to collect, so….
Perhaps it won't, but if it won't, then the IPv6 design has failed. IPv4 already has been around for 34 years or so (IIRC, we got it in 1981), and will be something we have to work with for a couple of decades or more, depending on whether IPv6 actually can replace IPv6 use that quickly. So let's say, for simplicity's sake, that IPv4's lifetime turns out to be 50-60 years.
If IPv6 shouldn't be the mainstream communication protocol for the timeframe I mentioned, someone had best get started on IPv7.
Are work being done in several forums on interplanetary communication, both with thoughts on delay and on address space. AFAIK some of it is already in production to using IPv6... wish my memory worked today so I could remember where I saw that discussion :-( -- Roger Jorgensen | ROJO9-RIPE rogerj@gmail.com | - IPv6 is The Key! http://www.jorgensen.no | roger@jorgensen.no
On Wed, May 13, 2015 at 11:56 AM, Roger Jørgensen <rogerj@gmail.com> wrote:
Are work being done in several forums on interplanetary communication, both with thoughts on delay and on address space. AFAIK some of it is already in production to using IPv6... wish my memory worked today so I could remember where I saw that discussion :-(
In the more immediate future, I think the main concern will be IOT-related. (IOT = Internet of Things) While this is a bit of a lame buzzword now, something on the scale of what Manfred Macx et al have in the early chapters of Charles Stross's Accelerando, may very well be how things work in a couple of decades. It's hard to predict. In any case, what's most important to us now, is to at least be aware of the potential challenges, and not enact policies that will make the future much more difficult. And, again, I don't think the proposal discussed here poses such a problem. -- Jan
-----Original Message-----
From: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net] On Behalf Of Jan Ingvoldstad Sent: 12 May 2015 14:18
Hi again, Matthew, and thanks for answering.
No problem at all - it is good to have this sort of open discussion and whilst it risks drifting off-topic I do fully concede that a proposal such as this cannot be divorced from the general issue of IPv6 addressing, usage and conservation etc.
What I do think is a problem, though, is that IPv6 address space is considered so plentiful that we're repeating the mistakes of when we thought the IPv4 address space was plentiful.
Understood. There is always the risk of the proverbial '640k is enough for anyone' situation occurring. Analogies can be dangerous however if the nuances that set the situations apart aren't given due consideration.
However, these things have a way of sliding down a slippery slope, and the IPv6 address space is most likely what we're going to be stuck with for our systems' lifetimes. The prospective system lifetimes are long, perhaps on the order of hundreds of years.
And that's actually something we need to keep in mind when setting policy today.
I do fully take your point, and in making this proposal I have no desire to ride roughshod over this very valid concern. 'Finding the balance' is the key even if that might be difficult, not least given that success or otherwise can only be determined at some point in the future and perhaps only with the benefit of hindsight. On the subject of balance however, I cannot ignore the fact that we cannot realistically progress with meaningful IPv6 migration until a reasonably mature addressing strategy (with associated allocation to support it) is in place. Regards, Mathew
Hi, On Tue, May 12, 2015 at 03:18:15PM +0200, Jan Ingvoldstad wrote:
And that's actually something we need to keep in mind when setting policy today.
Actually, I am (and I'm having an wary eye on the community :-) ). But I *do* the math. We're inside the very first /12 ever assigned to the NCC, and that is inside the FP 001 - so comparing the number of possible consumers of "huge address blocks" (MoDs, incumbents, ...) - basically, "a few per country in the RIPE region", totalling "a few hundred" - with the number of /24s inside the /12 (4096), this seems to be withing acceptable bounds (well, split the /12 into 2048 /24s and 65000 /29s, so "there is still enough for smaller LIRs"). And if the /12 fills up, we have 507 left inside FP001. And if *that* fills up, we get 6 more tries on a more conservative side. So, yes, I think we're making good use of the available space, but we're not overdoing it... Gert Doering -- community member -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Hi Mathew, yes, it was a question and thanks for answering it! It is clear that there are some larger organisations who fall outside the scope of the existing policy and that a policy change may be a good idea. Nick On 11/05/2015 21:27, Mathew Newton wrote:
Hi Nick,
-----Original Message----- From: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net] On Behalf Of Nick Hilliard Sent: 11 May 2015 14:08
On 11/05/2015 11:10, Gert Doering wrote:
I see "/32 as default, up to /29 if you ask" as very reasonable middle ground...
/29 gives 2^19 /48s, or a little over 500k /48s or 134 million /56s.
Before supporting this proposal, I'd be interested to see a real life addressing plan which needed more than this amount of bit space.
That is a perfectly reasonable question to ask (assuming it was effectively a question!). My difficulty however is adequately answering it without inadvertently releasing too much information about the UK MOD's infrastructure to a public mailing list. That is no one's problem but my own though so let me see how far I can get by at least covering some of the key principles.
One clarification to get out of the way first given that this branch of the thread was a slight diversion from the core topic is that I am not looking at changing the '/32 as default, up to /29 if you ask' position as, like Gert, I agree that this is a very sensible default position. The issue presented is how to deal with those organisations who cannot fit within a /29, of which the UK MOD is one...
As context for those not familiar, the UK MOD and Armed Forces are a large and complex organisation with an annual budget of over £37 billion (€52 billion) which puts it in the world's 'top 5' militaries by such a measure. Its global IP infrastructure spans land, sea, air and space environments using practically all conceivable physical layer transport type.
From an IPv6 addressing perspective, the best place to start is arguably with the end sites. There are 10's of thousands of end sites encompassing what you might regard as 'conventional' sites (office/corporate environments, datacentres, military bases, dockyards etc) as well as military platforms (tanks, aircraft, ships etc) some of which could be regarded as enterprises in their own right (e.g. aircraft carriers).
These end sites achieve their wider connectivity via ISPs (generally, but not exclusively, 'private' ISPs whose services are exclusive to the UK MOD) of which there are hundreds in each different geographic operating area (fixed UK, fixed overseas, deployed etc). Most end sites would connect to multiple ISPs, either simultaneously or varying over time (long term infrastructure changes down to short term connectivity changes in support of operations) and there is expected to be a mix of how to deal with this from an addressing perspective (readdressing, multiple prefixes, mobile IP, etc).
In order to achieve aggregation and efficiency of routing (within the MOD, to other nations' militaries and to the Internet) this 'geographic area > ISP > end site' hierarchy becomes a key part of the addressing strategy. It is not a flat network and cannot be treated as one by the addressing strategy hence a straightforward 'number of end sites' calculation does not result in sufficient address space to be allocated.
The issue is further compounded by the fact that the UK MOD must abide by national security policy which requires that ALL information that is generated, collected, stored, processed or shared is afforded the appropriate degree of protection according to its sensitivity and level of threat it faces. Security classifications are used to categorise the different levels of sensitivity/threat and effective delivery of these lead to the requirement to operate completely independent infrastructures with discrete routing policies for each classification hence multiple allocations are effectively required.
The option of 'luxuries' such as semantics, nibble boundaries, 'just in case' expansion bits etc do not feature in the UK MOD's IPv6 addressing strategy - it is very much a 'minimum fit'. Whilst it is recognised that such practices might be sensible and commonplace in many organisations who achieve the default /32-/29 allocation we must acknowledge that when operating in the high order bit space we need to be aware of the disproportionate impact that such approaches would have.
Even though I may have been vague with the numbers and specifics, does it help shed any light on how we might struggle to fit into a /29 allocation? In many respects, for us I feel that the fact there are
500k /48's in a /29 is similar to the fact that a /64 subnet has 2^64 addresses within it - it doesn't necessarily mean what the figures might otherwise first suggest!
Regards,
Mathew
On Mon, May 11, 2015 at 11:10 AM, Gert Doering <gert@space.net> wrote:
Slightly off-track, but you made me curious. Given the number of /29s and /32s available in FP001, and the potential numbers of LIRs in the future (like, things explode and we'll see 100.000 LIRs) - where do you see the problem with our allocation sizes?
It's the old argument about quadrillions upon quadrillions (and more), and how it's setting up for possible future failure in a way that's going to be impossible to reverse at a later point in time. I do think it's too late to put the cat back in the bag, at least for large parts of how IPv6 addressing is handled, but I also don't think we need to compound failure with failure. I think we should balance between "too big" (aka: FP001 fills up, and
new LIRs won't be able to get what they need [or we start using FP010]) and "too small" (aka: LIRs will have to squeeze inside, and resort to unwanted behaviour, like "give customers only a single /64" or even "single /128").
I'm not sure that this is undesirable behaviour. If it's undesirable, it's because the entire system has been rigged to create the situation where it is undesirable, and then that is used as an excuse for what I consider excesses.
I see "/32 as default, up to /29 if you ask" as very reasonable middle ground...
It is far more than reasonable, and even though someone can legitimately claim that they are making a setup where they can _use_ the entire IPv6 address space themselves by creating some convoluted network segmenting scheme, it doesn't mean it's reasonable to do so. Sure, having a /32 or greater permits us to easily use hexadecimal notation for 4-bit granularity network segmenting. I remain unconvinced, though, that this is necessary, even with an internet of things that's on the level of Karl Schroeder's Ventus. The change in policy text doesn't do anything about the practical limit, except leaving more up to the good minds at the NCC to consider this. Ideally, I'd think that there should be a hard limit at /29, and that there should be very good reasons – reasons that need to be taken as a policy debate or something like that – to go beyond that size. As Nick states, "I'd be interested to see a real life addressing plan which needed more than this amount of bit space." I'd actually be interested to see a real life addressing plan that needed a /32 bit address space, where the need isn't constructed based on the mere possibility of getting that space instead of merely e.g. a few hundre million times of the entire IPv4 space. -- Jan
On Mon, 11 May 2015, Jan Ingvoldstad wrote:
As Nick states, "I'd be interested to see a real life addressing plan which needed more than this amount of bit space." I'd actually be interested to see a real life addressing plan that needed a /32 bit address space, where the need isn't constructed based on the mere possibility of getting that space instead of merely e.g. a few hundre million times of the entire IPv4 space. -- Jan
Since it's perfectly valid to ask for /48 per customer, with companies having tens of millions of customers, it's not a problem to motivate larger than /29. The proposed change doesn't change this at all as far as I can tell. -- Mikael Abrahamsson email: swmike@swm.pp.se
On 11/05/2015 16:36, Mikael Abrahamsson wrote:
On Mon, 11 May 2015, Jan Ingvoldstad wrote:
As Nick states, "I'd be interested to see a real life addressing plan which needed more than this amount of bit space." I'd actually be interested to see a real life addressing plan that needed a /32 bit address space, where the need isn't constructed based on the mere possibility of getting that space instead of merely e.g. a few hundre million times of the entire IPv4 space. -- Jan
Since it's perfectly valid to ask for /48 per customer, with companies having tens of millions of customers, it's not a problem to motivate larger than /29.
The proposed change doesn't change this at all as far as I can tell.
this is already catered for in the existing policy, though. Nick
Hi Jan,
I'd actually be interested to see a real life addressing plan that needed a /32 bit address space, where the need isn't constructed based on the mere possibility of getting that space instead of merely e.g. a few hundre million times of the entire IPv4 space.
Giving significantly more than a single /64 to a single (home) user is part of the way IPv6 was designed. A /48 was a standard size from RFC 3177. It's successor RFC6177 is the current BCP. When working according to that BCP a /32 and even a /29 is really not that much. If you don't agree with an RFC/BCP then this is not the place to deal with that... Cheers, Sander
On Mon, May 11, 2015 at 4:50 PM, Sander Steffann <sander@steffann.nl> wrote:
Hi Jan,
I'd actually be interested to see a real life addressing plan that needed a /32 bit address space, where the need isn't constructed based on the mere possibility of getting that space instead of merely e.g. a few hundre million times of the entire IPv4 space.
Giving significantly more than a single /64 to a single (home) user is part of the way IPv6 was designed. A /48 was a standard size from RFC 3177. It's successor RFC6177 is the current BCP. When working according to that BCP a /32 and even a /29 is really not that much.
If you don't agree with an RFC/BCP then this is not the place to deal with that...
I'll be sure not to answer when asked the next time, thanks. :P -- Jan
Hi,
I'll be sure not to answer when asked the next time, thanks. :P
Oh, please ask! :-) Be prepared to sometimes receive a redirect as an answer though ;) Cheers! Sander
On Mon, May 11, 2015 at 03:58:46PM +0200, Jan Ingvoldstad wrote:
As Nick states, "I'd be interested to see a real life addressing plan which needed more than this amount of bit space." I'd actually be interested to see a real life addressing plan that needed a /32 bit address space, where the need isn't constructed based on the mere possibility of getting that space instead of merely e.g. a few hundre million times of the entire IPv4 space.
The way I read the proposal, it is not about assignment sizes but about a "aggregation" vs "conservation" conflict. The proponents have, AIUI, a problem where they might not fully assign a /32 or /29 allocation but have different routing policies for parts of their network, which cannot be satisfied without violating s3.4 of ripe-641. rgds, Sascha Luck
On Mon, May 11, 2015 at 7:19 PM, Sascha Luck [ml] <apwg@c4inet.net> wrote:
On Mon, May 11, 2015 at 03:58:46PM +0200, Jan Ingvoldstad wrote:
As Nick states, "I'd be interested to see a real life addressing plan which needed more than this amount of bit space." I'd actually be interested to see a real life addressing plan that needed a /32 bit address space, where the need isn't constructed based on the mere possibility of getting that space instead of merely e.g. a few hundre million times of the entire IPv4 space.
The way I read the proposal, it is not about assignment sizes but about a "aggregation" vs "conservation" conflict. The proponents have, AIUI, a problem where they might not fully assign a /32 or /29 allocation but have different routing policies for parts of their network, which cannot be satisfied without violating s3.4 of ripe-641.
Apparently, my point was not very reader friendly, so I'll try again: Routing-wise, someone with 64 billion billion billion addresses, have about 16 billion billion ways to route the entire IPv4 internet, within the address space constraints of a /32 allocation. Even if we pretend that it's an extremely useful and necessary thing to have a /64 per end user, so that each end user can enumerate and route the entire EUI-64 space, a /32 is still the same as the entire IPv4 space. That there is a "need" for allocating as much as a /32 in the first place is a design failure in how the addressing segmentation has been handled, in my opinion. It's the IPv4 /8 allocation mistake all over again. Also, as I said, and obviously have to repeat for some people: that cat is out of the bag. It is what it is. But there is no need to compound this design failure. -- Jan
On Tue, May 12, 2015 at 01:28:39PM +0200, Jan Ingvoldstad wrote:
Apparently, my point was not very reader friendly, so I'll try again: Routing-wise, someone with 64 billion billion billion addresses, have about 16 billion billion ways to route the entire IPv4 internet, within the address space constraints of a /32 allocation.
In theory, yes. But the policy currently contradicts itself to an extent. Section 3.8 of ripe-641 clearly states: "In IPv6 address policy, the goal of aggregation is considered to be the most important." ss3.4 and 3.5 bear that out also. Yet, s5.1.2 seems to exclude aggregation as a valid reason for an allocation. The Proposal merely attempts to remove this contradiction. rgds, Sascha Luck
On Tue, May 12, 2015 at 2:34 PM, Sascha Luck [ml] <apwg@c4inet.net> wrote:
On Tue, May 12, 2015 at 01:28:39PM +0200, Jan Ingvoldstad wrote:
Apparently, my point was not very reader friendly, so I'll try again: Routing-wise, someone with 64 billion billion billion addresses, have about 16 billion billion ways to route the entire IPv4 internet, within the address space constraints of a /32 allocation.
In theory, yes. But the policy currently contradicts itself to an extent.
Section 3.8 of ripe-641 clearly states: "In IPv6 address policy, the goal of aggregation is considered to be the most important." ss3.4 and 3.5 bear that out also.
Yet, s5.1.2 seems to exclude aggregation as a valid reason for an allocation. The Proposal merely attempts to remove this contradiction.
Well, yes, that's why I first wrote "This change makes sense … I support it". -- Jan
On Tue, May 12, 2015 at 03:09:16PM +0200, Jan Ingvoldstad wrote:
Well, yes, that's why I first wrote "This change makes sense … I support it". -- Jan
Oh yes, so you did. Should have read further up in the thread... cheers, Sascha Luck
On Tue, Apr 28, 2015 at 02:00:40PM +0200, Marco Schmidt wrote:
Dear colleagues,
A proposed change to the RIPE Document "IPv6 Address Allocation and Assignment Policy" now is open for discussion.
The proposal aims to expand the criteria for evaluating initial IPv6 allocations larger than a /29. The RIPE NCC would consider additional aspects beyond only the number of existing users and extent of the organisation's infrastructure.
You can find the full proposal at:
https://www.ripe.net/participate/policies/proposals/2015-03
We encourage you to review this proposal and send your comments to <address-policy-wg@ripe.net> before 27 May 2015.
Regards
Marco Schmidt Policy Development Officer RIPE NCC
Having listened to the rationale in person for this proposal I would give tentative support to this proposal on the basis that the request provides appropriate justification. I also agree with Benedict's comment on the mic about ensuring that the allocation is required to be so large by virtue of an address plan for instance. Regards, Mick -- Mick O'Donovan | Network Engineer | BT Ireland | Website: http://www.btireland.net Looking Glass: http://lg.as2110.net Peering Record: http://as2110.peeringdb.com AS-SET Macro: AS-BTIRE | ASN: 2110
On 13.05.2015 11:43, Mick O Donovan wrote:
Having listened to the rationale in person for this proposal I would give tentative support to this proposal on the basis that the request provides appropriate justification.
At this point I want to mention, that NCC-Staff is doing (and have always been doing) a very good job reviewing requests for resources. And although I was kind of p*ssed on one or another request back because of not good enough formulated justification, I am happy that they did it. Thanks for this! For the ones asking for more conservation: I know a bunch of LIRs who received a /29, as /29 currently does not need any justification. I also know that those LIR will never ever use more than a /48 or /40 ... so if we care that much about conservation now, I am sure that those few (we are currently talking about 10 Requests and about 45 currently allocated <= /28) requesters of larger V6-Space are nothing against the amount of /29 assignments which will never be used. Best regards -- Jens Ott Opteamax GmbH Simrockstr. 4b 53619 Rheinbreitbach Tel.: +49 2224 969500 Fax: +49 2224 97691059 Email: jo@opteamax.de HRB: 23144, Amtsgericht Montabaur Umsatzsteuer-ID.: DE264133989
Dear WG, As one of the authors behind 2015-03 please accept my apologies for not being able to attend today's AP WG session, and a particularly apology (and thanks!) to Alexander for letting him have to take the virtual stage and face the questions by himself! I would like to respond to a query raised by a gentleman in the audience (apologies I couldn't catch the name) regarding, if I understood correctly, a concern that the large allocations that the policy proposal is intended to provide for may lead to growth in the Internet routing table. Whilst I cannot speak for anyone's IPv6 addressing strategy but the UK MOD's I can confirm that concern over routing table growth was one of the key drivers behind the requirement for what ends up being a large allocation as the hierarchy and aggregation that this affords us mean we can summarise external routes far more easily than would otherwise be possible. Whilst the policy proposal is not intended to cater solely for the UK MOD, and therefore I want to try and stay clear of discussing issues specific to the UK MOD if at all possible (happy to try and do so when requested/required though), I can understand if there are specific concerns about an allocation being made to what is such a large and complex organisation like ours - and a relatively unique one at that. However, I should highlight that given the security constraints and connectivity requirements of the environment we operate in the vast majority of external routing announcements will only be visible to coalition partners (other nations' military networks, NATO infrastructure, etc) and will not appear in the routing tables of what you might call the 'publicly visible' portion of the Internet. The general point still stands though - aggregation and summarisation is (and should be) key regardless of how much equivalent address space is being allocated. Perhaps I have misunderstood the comment/concern? Happy to continue the discussion either way though. Regards, Mathew P.S. I am not au fait with the etiquette of this mailing list - should specific sub-discussions of a given proposal be split off with their own subject line?
participants (15)
-
David Farmer
-
Gert Doering
-
James Blessing
-
Jan Ingvoldstad
-
Jim Reid
-
LIR (BIT I 5)
-
Marco Schmidt
-
Mathew Newton
-
Mick O Donovan
-
Mikael Abrahamsson
-
Nick Hilliard
-
Opteamax GmbH
-
Roger Jørgensen
-
Sander Steffann
-
Sascha Luck [ml]
-
Silvia Hagen
-
Tim Chown