On Mon, 8 Sep 2003, Brian E Carpenter wrote: > Pekka Savola wrote: > ... > > > > Sure, but there are also other ways to obtain addresses. > > > > > > Really? Would you care naming one available today? > > > > a) talk to your ISP (or one of its upstreams), which his hopefully a LIR, > > or > > > > b) talk to any LIR, and pay him e.g. 100$/mo. He'll gladly give you > > address space even though you don't want physical connectivity at all. > > This simply doesn't fly. First of all, 100$/mo is far too much for a > small office, school etc or for every Winnebago in the USA. Free, or > $10 one-time fee, is more like it.
It was just an example, I don't know how it would go in reality. One time fees don't fly in this context. They don't have the business model. See the thread with Michel. > Secondly, even if we get past that, it's the wrong answer. If I get a > /48 from ISP A, and want to use it in "private" mode to set up VPNs > to business partners who have their public connectivity from ISPs A, B > and C, this /48 is going to cause various forms of head scratching > for the operations people at all those business partners, and if it > leaks, at all those ISPs. What is this /48 from ISP A doing on a site > connected to B or C, or to a different part of A? Yes, this can all > be configured to work, but it will be a much greater source of > operational confusion than a /48 which by inspection can be seen to > be private (not globally routeable) space. I don't see anything problematic that didn't happen already here. Let's see. Let's say the non-routed address ia "Enterprise A" /48. ISP B or C doesn't know about Enterprise A. They don't see it unless it leaks. They only know the ISP A's aggregate. If they try to traceroute to the address, it goes to ISP A, and returns ICMP network unreachable (or something like that). Nothing peculiar there. ISP A, on the other hand, knows that the prefix is non-routed. If someone asks, they can tell as much. Or even register it in RIR DB as "an unnumbered non-routed customer" (if they don't want to reveal more information on that) .. no big deal there. The possible leakage could happen e.g. in the form of source addresses from Enterprise A coming to any of ISPs through the business partners. If ingress filtering is done, this is nothing paranormal. Packets just get dropped, or might trigger an alarm. If ingress filtering is not done, nothing special will be detected anyway. On the other hand, the business partners would never advertise w/ BGP Enterprise A's (private) address space; or if they tried, it would most likely be blocked by the ISP's BGP filtering. But even if it wasn't, this is no weirder than advertising more specifics today. The bottom line is, I don't see anything particularly disturbing here, especially if the special non-routable blocks are registered (at least anonymously or similar to domain names) in a database, like ones used today every day. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
