> In trying to formulate an answer to this it occurs > to me that there's a better question to ask: if it > is inevitable that we need PI space for > disconnected networks, then do you concede that we > will end up with (a) NAT's and (b) route growth > (due to advertizing /48's) for people who decide > to get and (ab)use them?
I don't see either of these results as inevitable. I think that we can make rules that say "no NATs in IPv6" and "advertisements of PI prefixes on the public Internet should be filtered" and that those rules will have a useful effect. They might not entirely prevent either practice, but they may make them rare enough that they do not cause huge problems. In the case of NATs, I believe users will be less eager to deploy NATs in IPv6 because (a) the absence of NATs in IPv6 allows the Internet to support new kinds of applications that will drive deployment and (b) IPv6 gives users better ways to solve some problems (renumbering, attachment of a home network) whereas in IPv4 NATs were the best tools available. That and there is a greater awareness of NAT problems than there used to be. IMHO the big wildcard is security- whether users will realize that NATs actually provide very little security benefit as compared to say, stateless firewalls (which themselves provide only a marginal benefit). Just as with poorly-chosen countermeasures against spam and terrorism, there's currently a widespread belief that any countermeasure against network attack is justified, no matter how little protection it provides and how much damage to functionality it does. Eventually people will learn better, but I don't know how long this will take. In the case of advertising PI prefixes, I believe ISPs will understand the wisdom of filtering them. They might not start filtering them immediately, but if routers get overloaded, the price of advertising a PI prefix will increase rapidly. It might become cheaper to buy redundancy using PA prefixes than to buy it using PI prefixes. (I could even imagine allocating PA prefixes to small sets of ISPs, for use by customers that get connectivity from more than one of them.) And I suspect that if we recommend it, and get buyin from network operators' groups, a substantial fraction of ISPs will filter PI prefix advertisements from peers. That and I'm convinced that it's possible to "aggregate" non-adjacent prefixes for route computation purposes with only small changes in BGP (which doesn't do much for router memory size but does a lot for routing computation overhead). So basically I think there are lots of ways to solve this problem. Of course, we do need to provide better solutions for scalable routing renumbering, and multihoming. We also need a better security architecture. My impression is that we are devoting too much energy to freaking out, when there are important problems we need to be working on. In particular, we need to get ourselves out of the habit of crying "that will lead to NAT" or "that will lead to route explosion" and using these as excuses to stop investigating a solution path. Of course these are hazards that should be respected, and I think everyone here understands that. But none of us knows with anything resembling certainty what the market will demand, and so treating either of these as the "kiss of death" for an idea serves no purpose other than to prevent us from investigating (and thus, failing to discover) potential solutions. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
