'RE: "unique enough" [RE: globally unique site local addresses]'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipng
Subject:    RE: "unique enough" [RE: globally unique site local addresses]
From:       "Michel Py" <michel () arneill-py ! sacramento ! ca ! us>
Date:       2003-01-23 21:41:49
[Download RAW message or body]

Brian,

>>> Erik Nordmark wrote:
>>> On the enterprise side I can see that folks have been
>>> bitting or are concerned about renumbering costs if they
>>> were to use PA addresses.
>>> But I don't have any data on how many consider having one
>>> PA prefix per ISP good enough since it allows some graceful
>>> cutover when changing ISPs.
 
>> Michel Py wrote:
>> Not many. We have had many contributions that multiple
>> addresses are a no-go to begin with.

> Brian E Carpenter wrote:
> Er, multiple addresses are part of the IPv6 architecture.
> And SCTP deals with them, even if TCP doesn't. It may be
> something new and different, but there's no way you can
> declare it a no-go.

This coin has two sides. One side is what you say above, which is very
true.
To set the record straight: contrary to multi6, ipv6mh has acknowledged
since the beginning that multi-address host solutions are part of the
big picture. They are in the charter and are being discussed. In
Atlanta, we had a 1hr+ presentation from Lode Coene about SCTP, another
by Christian Huitema about his solution. I'm not saying that
multi-address solutions are bad, I'm the one that made them part of the
big multihoming picture.


That being said, the other side of the coin is that most enterprise
network managers don't want multi-address schemes, and for good reasons.
A large organization implements, on one form or another:
- Defense in depth.
- Internal firewalling.
- Policy routing.
- Some model like core/distribution/access.
- Traffic engineering.

That means several hundreds or several thousands access-lists, firewall
policies, route-maps, etc. If you have three addresses per host, you
triple the configuration and double the complexity, not to mention
troubleshooting nightmares because you will now have to figure out which
address is being used before beginning to troubleshoot. Not good.

In many large organizations, there is a split between the Systems
manager that could be open to a multi-address solution and the Network
manager that does not want it. They might be office buddies, but they
also are mortal enemies because they compete for the same scarce budget
dollars. Bottom line is that in most situations, the network
administrator is the one that calls the shots in terms of addressing. 3
times the complexity is effectively a no-go.

In short: multiple addresses on hosts are half of the solution, but the
other half is a globally unique address used as an identifier in a
dual-space system.

Michel.


--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to majordomo@sunroof.eng.sun.com
--------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic