[6bone] Is minimum allocation /64 now?
Jørgen Hovland
jorgen@hovland.cx
Fri, 24 Oct 2003 22:03:21 +0100
----- Original Message -----
From: "Pekka Savola" <pekkas@netcore.fi>
From: "Gert Doering" <gert@space.net>
Cc: <6bone@ISI.EDU>
Sent: Friday, October 24, 2003 5:13 PM
Subject: Re: [6bone] Is minimum allocation /64 now?
...
>Is this some sort of "customer must hook only a single device to your
>service" product (which can be circumvented by application proxies,
>of course)?
...
>First, I'm not sure if I see the threat you raise? Could you describe the
>threat model a bit?
...
I'll give it a try.
"Anonymous P2P-connections"
If you use a /64 and give the peer an ip address, you have no guarantee it
will be using that address, or only that address, because you allocated the
whole /64.
Single-user products are the most obviously ones. When our product
descriptions says "one person only", and you give them a billion ip
addresses instead of the one they only needed, something tells me that abuse
will increase. Sure you can hook up several other devices through a proxy.
Thats what people do today, but we are trying to atleast shut the door
instead of leaving it wide open. You can sell internet to the whole world
with just one /64, and everybody will get their own ip address.
Many services today are filtered per ip address.
We are one of many who do just that: Limit webcast connections by 1 per ip
address. Prevent a person from registering a million new emailaccounts.
Prevent a person from sending more than 1 free mms daily and so on. Ip
address filtering is a part of the whole solution to limit abuse on many
services: Web-, mail-,chat- and smsservers... With ipv6 we have to skip the
whole thing.
On a local area network, a /64 is shared by everyone. On a P2P-link it is
only used by one person. How do you know if that particular /64 is being
used by a single person or 5000 persons? When you give each client/link so
many ip addresses its impossible to set any restrictions/filters based on ip
address because it could hurt innocent people.
>The standard *is* /64 (the RFC says so). Just to clarify.
RFC's are voidable when the majority says so.
Joergen Hovland ENK