[6bone] Is minimum allocation /64 now?

[Jeroen Massar]

-----BEGIN PGP SIGNED MESSAGE-----

Dan Reeder [mailto:dan@reeder.name] wrote:

> I think you've misinterpreted his comments Jeroen

I quote:
"Single-user products are the most obviously ones."

"Many ISP's charge for extra ip addresses, and they dont do it just because
they have to type in 3 commands on their router. NAT gives a certain ammount
of security for end-users."

1 user, not 1 endsite, not 1 ptp tunnel.
If it where a "enduser product" there would be going
a /48 to that enduser.

That simply is requiring the user to NAT and not giving
them full internet access. NAT as 'security' is bullshit
If you want to give them 'security' then offer a standard
firewalling service like many ISP's do. And of course if
you do offer it also offer the option to turn it off for
the clued people.

> To me it merely meant a /126 ("single user endpoint") as a 
> means to reach a customer's /48 or /64 prefix.

He never said no such thing. Though others are talking about it.
Remember "single user" product, not "multi appliance product".
Next to that he waived the idea for counting bandwidth.

> That seems perfectly acceptable for standard
> single-homed subnets.

I would not mind seeing that happen and it is something that
IPng has beeing doing using /127's. All the other POPs in
SixXS are using /64's though. Basically every POP has a /40
and there come 254 subnets (/48's) and one /48 is carved up
into /64's for endusers. When the first /40 runs out we just
use the next one... and the next one... Ofcourse one could
easily plan that much bigger.

> There's no intention of things becomming like NAT...
> its just intended to be the equivilant of ipv4 /30s
> Of course you'd increase it to perhaps /112 if the customer 
> wanted their subnet to be multihomed, or perhaps use
> the existing /126 with a new /126.

Why would 'multihoming' change your allocation length?

> It's not that we dont get the subject, indeed I think we do - 
> its just that goign to extremes such as saying /64s MUST be used for ptp 
> links because an RFC says so seems a little excessive.

Nobody requires one to do that, but it is insane when
one is limitting endusers to one IPv6 address and that
was what the above was about.

If he would say 'we give them a /126 and if they ask for
it we route a /48 to it' then that would be fine.
But they are limitting users to 1 IP address for the sole
purpose of asking more money for multiple IP addresses.
They should charge bandwidth, IP's are *not* the scarce
resource in IPv6. Also they are paying their upstream
for bandwidth not for IP addresses like I mentioned before.

> Certianly from a tunnel broker's perspective we'd prefer
> to assign something quite small (/127s as we've been
> doing - that may change to /126s or /112s after this thread) 
> for the ptp tunnelling, and then a larger block eg /64 or /48
> for their own LAN routing.

One should really stay away from /127's, when people started
upgrading to Linux 2.4.21+ they suddenly had anycast and
suddenly they where offline as they routed the POP endpoint
to localhost, well they didn't, the kernel did.
Using two /128's solves that problem, check our forums for
the long discussions and confusions :)

But indeed, a /126 or /112 or everything not /127 and then
routing a subnet to that enduser is perfect, you give them
the connectivity they expect and they can plug in and go.

>From the mouth of Timothy Lowe (RIPE NCC):
"if you suspect that there will be more than one subnet
at the endsite, give them a /48"

As wireless networks next to the ethernet LAN's common
in most homes make most endsites multi-netted give them a /48.
It also saves on administrative hassles:
"what should we give to that user a /64 or a /48"
"they have a /64 but are getting wireless, now need to renumber"
"..."

Ofcourse a TB is something different, but why shouldn't you.
Charge them if they use a lot of bandwidth.
Those are IP's are basically free for you too...

> But what happens when you do have a single user without a LAN 
> of their own wanting ipv6 access?
> Assigning a /64 would not be of any more benefit to
> them over assigning a /128.

You are talking Point To Point links here, not the subnet
that is, seperatly, routed to that enduser.

> Or do you reckon every user in 
> the world (eg dialup, home dsl) should be assigned a /64 via
> something like PPP in the off chance they do want to some subnetting?

One should *not* use any other IP's in a PtP link ofcourse.
Route them a *seperate* subnet.

Greets,
 Jeroen

-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/

iQA/AwUBP5pPJCmqKFIzPnwjEQJVqgCeOQ3+toQdAfL5szZSwKjR7CBMoHYAniV3
ER7fYdPkp1WzLZ897wgxc41D
=Edhr
-----END PGP SIGNATURE-----