North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: who gets a /32 [Re: IPV6 renumbering painless?]

  • From: Stephen Sprunk
  • Date: Sat Nov 20 13:08:07 2004

Thus spake "Iljitsch van Beijnum" <[email protected]>
On 19-nov-04, at 17:58, Stephen Sprunk wrote:
Don't have "real connectivity"? I've personally worked with dozens of Fortune 500 companies that have internal FR/ATM networks that dwarf AT&T, UUnet, etc. in the number of sites connected. Thousands of sites is common, and tens of thousands of sites in some cases. Do you not consider these networks "real" because each site may only have a 16k PVC to talk to corporate?
That's right. If you need internet access, you need it to be faster than 16 kbps.
Who said the only purpose of IP was to connect to the Internet? 16kbps is the lowest I've seen only because that's the smallest you can buy in the FR world (Sprint's 0kbps PVCs aside). Many businesses were fine (and still would be) using 2400 baud leased lines and upgraded to FR only because it cost slightly less. A couple cashiers typing text into a green-screen app don't need blazingly-fast IP service, nor would their employer be interested in paying them to surf the web while customers are waiting.

As far as I can tell, it's pretty rare for an organization of this size to have
their own IP network that they use to connect all their sites to the global
internet, for the simple reason that leased lines, framerelay or ATM
capacity is generally more expensive than IP connectivity.
At higher bw levels, that might be true, but at sub-T1 rates FR/ATM are often cheaper to build your own network and certainly offer lower latency and higher reliability; ditto for outside major cities, where FR/ATM typically offers a zero-mile loop whereas IP connections may need to be backhauled a hundred miles or more. If T1 Internet pipes are cheaper at a particular location, some people may choose to tunnel their corporate network over it, but that is typically _all_ traffic, not just internal traffic.

There's also a security motivation as well: it's much simpler to maintain a couple firewalls at central sites (with technical staff present) than to manage thousands out at every site with a handful or even zero human users which may not even be allowed Internet access in the first place.

Even Cisco, last I checked, only connected to the Internet in four places worldwide, though they have hundreds of offices (and full private internal connectivity). Presumably they know what they're doing, or at least have a better clue than enterprises in other industries. Consider that a best case.

So a single large address block is of little use to such an organization, unless they get to announce more specifics all over the place.
In my experience, they will announce the aggregate from all hub sites plus more-specifics for that hub and the sites directly connected to it. Traffic that comes into the wrong hub due to prefix length filters (or Internet outages) is back-hauled inside the corporate backbone.

learn to love renumbering. And again, IPv6+NAT makes no sense as NAT works much better with IPv4 and with NAT you don't really need the larger address space.

If I have a disconnected network, why would I use NATs or be forced to renumber periodically?
I have no idea. Use unique local addresses instead.

Why should disconnected networks use global addresses (and pay rent to the RIRs) in the first place?
There aren't many networks around that are truly disconnected. Even "disconnected" networks connect to stuff that connects to other stuff that connects to the internet at some point. This means that "disconnected" address space must not overlap with addresses used on the internet. We have that in RFC 1918. However, "disconnected" networks tend to interconnect with other "disconnected" networks from time to time, which means trouble if they both use the same address space. This is where ULAs come to the rescue.
...and that's why ULAs were proposed by the IPv6 WG. Even networks that have no connectivity to the Internet are often connected to each other, and a subset of those networks will eventually have connectivity to the Internet or another network that does. But there are some truly disconnected networks as well, and ULAs are still a better choice than randomly picking a prefix out of 0::0.


Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking