Re: [PLUG] Using IPv6 with dynamic endpoints

[Rich Freeman <r-plug@thefreemanclan.net>]

On Wed, Mar 5, 2014 at 1:22 PM,  <gary@duzan.org> wrote:
>
>    FWIW, HE gives you /48 prefixes, so you have 64k networks to play with.

Yup - just seems wasteful all the same.  We'll see what VZ eventually does.

>    In theory, VZ could assign an IPv6 address to your VZ router based on
> its MAC, then route your personal /48 (or /52, or whatever) to that.

Sure, but that would make the routing more complex on their end - it
would be very difficult to aggregate routes if any /48 with a globally
routable address could show up anywhere else on their network.

Don't get me wrong - I don't expect to keep the same IP if I move to a
new house or anything like that.  I don't mind if once every few years
they need to renumber me with notice.  I just don't want to have the
router reboot and I end up with a new IP, or even to get one after a
power failure/etc.

> The nice thing about having 128 bits to play with is
> that address space is cheap enough to throw around without having to
> worry too much about running out.

Well, kind-of - you only get 64-bits of routable address space under
the design.  Certainly it gives you a lot more than you have with
IPv4, but a /48 is considered generous (which gives you 8 bits of
routable space), and apparently some ISPs issue /64s, which gives you
no routable address space.  I found a story from somebody who was
assigned a /96 which means that they can't route, and they also can't
use stateless autoconfig.

>    Whether VZ would do something sensible like this is another matter, but
> I think the point is to try to avoid dynamic reconfiguration as much as
> possible. (Well, except for RFC-3041 privacy-enhanced address
> generation which randomizes the host interface address, but then you
> would most likely do that on clients, not servers, so DNS addressing is
> less of an issue, and routing is a non-issue.)

Apparently some ISPs in Germany are making things dynamic to improve
privacy, which of course causes problems.  The real concern I'd have
is that Verizon would hand out dynamic IPs just to make a static IP
something they can upsell.

Also, as pointed out in that slide deck, keeping things dynamic makes
it easier for the ISP to deal with their own network changes.  I can't
really fault them for that.  The problem is that if NAT goes away this
has a much bigger impact on end-users, and apparently IPv6 makes it
harder to use NAT in the first place (link-local addresses don't work
for many things, can't be forwarded across subnets, etc).

Now, one thing I did think about is that I could get rid of the need
to even run a local DNS server if my addresses were all globally
routable.  I could just put all my internal hosts on my public DNS -
the addresses would all work just fine (though of course they'd be
blocked at the firewall).  I guess nothing stops me from doing that
today either - no reason you can't put private addresses on a
publicly-visible DNS server.  I'd still need to run DHCP for PXE, and
if my prefix is dynamic I still have that problem with IPv6.

Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug