On Wed, 28 May 2003 19:03:14 +0700 Robert Elz <[EMAIL PROTECTED]> wrote:
> Date: Tue, 27 May 2003 21:56:02 +1000 > From: George Michaelson <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > > | But like I said, the current experience shows that excluding routability > | we KNOW we can use a unitary-rooted process to divide the number field > | into disjoint pools to allocate from. > > Of course we can, that we can do that isn't the question. The question > here is why I, as a customer, would go pay you 10 Euros for a number > allocated this way, when "Joe's cheap numbers" is selling them at 1000 > for 1 Euro ? What is special about a number allocated by the "blessed > agency" in the case we're discussing? Strong admission checks into routing are going to make Joe's numbers less useful. Rhetorical questions aside, minor flaws don't stop people using systems which are 'modelled' as being perfect. Whats special is that the agency is seen to operate in a public policy/governance space, to not do what Joe does. Whats special is that for a larger space of routing, the behaviours work 'well enough'. If you want to deliberately go and break the global routing cloud you can do that. Sooner or later, you wil be caught. People even went and showed they could run alternate roots in DNS. But your punters, people who bought a thousand from Joe for $10 instead of leasing one from an RIR for $100, only do that once, if they fall into a hole fast enough. In this matter, there are no bargains. If you seek to avoid or buck the system, you will pay a cost, in some measure. > > Nothing else really matters for most organisations. Uniqueness is > irrelevant for all but a few, and even those few only really need > the number to be unique among their peers (and perhaps their peers) > that is, perhaps a few thousand sites, maybe 100K, which a random > number in a large enough N bits will almost certainly provide. Yes. And, if you select a suitable prefix, I don't see any reason not to say "this prefix is for sites to use random selection methods to get 'nearly unique' addresses, if you want that. People who don't want to see this can filter it! > > Don't misunderstand me, I'd like and prefer unique numbers. But I > won't be a party to telling people that's what we're providing, unless > we really are providing numbers that are unique (with at least a very > high degree of confidence). For a "central allocation" method of making > them unique, that means we need a high degree of confidence that the > one central authority is the only one that can ever exist (there needs > to be a reason for that). We appear to have reasonably high confidence in that process already. We appear to have an administrative process for complaints when it breaks down, as well. I think claiming the percentage of bad against good can only get worse would be true, but is that enough to decide to do something else? depends on the slope of the line... > > | But the property of uniqueness is preserved, if the processes followed in > | allocation preserve the same behaviours, of making <n> RIR look like one > | functional body, in as much as a shared pool is allocated with (at least) > | one useful condition: ie uniqueness. > > George, I know it can be done. The question is why anyone would bother > to do it - or more correctly, why *everyone* would bother to do it. > All it takes is one exception, and uniqueness is gone. No. this is like 'relatively prime' -if you are *reductionist* then you can't run an Internet anyway. one exception doesn't break 'practical' uniqueness. Nothing can stop somebody sniffing the wire, seeing an address, and deciding to try and add routes against it. even secured BGP won't be 'total' in that respect. We've been living with 'good enough' for a long time, in a lot of different fields, not just Internet/Networking. How many more than one does it take to make uniqueness practically useless? I think a HELL of a lot more. > > | If I heard the sense of the room right at the last two sessions > | of IPNG-like discussions at IETF right, people want to be able to know > that| their non-routed addresses aren't masking somebody elses routables, > > Yes, of course, that's important. But all that takes (and what these > various slightly different proposals all provide) is a common prefix > that says "no routable addresses in this block". So, you can take > that as a given. My non-routable address doesn't need to differ from > your non-routable address for this to work, > unless we happen to want to use them to communicate. Big unless. Very big unless. Now add back VPNs. one block+NAT is less useful than globally unique. its not about single point decisions. If 2 reasons exist making it useful isn't that enough? When you argue against one, does the other disappear? > > | > The question is why does anyone want that? What's it useful for? > | Peace of mind. > > But from where does that come, when you know that anyuone else who likes > can simply use the same number you are using, accidentally, or maliciously, > and not suffer at all because of that (nor for that matter, do you suffer). Well increasing trust in the routing cloud is a bigger problem. You need an identity check on the address, out of band, or some other mechanism like strong admission control to the routing cloud. Both of which either exist, or are in planning. I think a significant number of people continue(d) to use Sun's address space precisely because there is huge locality of reference in most of the network, and when there isn't the access path is mediated (proxies, caches, indirect access methods, name-to-address shifts) anyway. People re-using other address would see local service fine, and have a small percentage of problem in the wider net which was inexplicable unreachables (for them) and find ways round them (like proxies) or else debug it, and then fix their addressing model. > > | Plus, the ability to defer a decision to change ones mind later on. > > Change one's mind about what? About needing uniqueness. You can leave the egg whole and break it later, but its harder to glue it back together if you break it first and change your mind... -George > > kre -- George Michaelson | APNIC Email: [EMAIL PROTECTED] | PO Box 2131 Milton QLD 4064 Phone: +61 7 3367 0490 | Australia Fax: +61 7 3367 0482 | http://www.apnic.net -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
