> Thus spake "Perry Lorier" <[EMAIL PROTECTED]>
> > Stephen Sprunk wrote:
> >> The fact that one _can_ assign both ULAs and PA space to hosts is
> >> irrelevant; I'm well aware of that. NAT is perceived by IT folks as less
> >> hassle than renumbering hosts. PA space implies frequent renumbering.
> >> Therefore, many (most?) IT depts who cannot get PI space will use NAT
> >> rather than assign PA space to hosts.
> >
> > However in IPv4 you can have PA xor PI space, you can't have both at the
> > same time. With IPv6 you can have PA+"private PI" (aka ULA) space.
>
> See above.
>
> > Changing your PI space every time your modem dials up is perhaps a bit
> > extreme, but it shows that you can ""renumber"" your network rapidly in
> > some situations.
>
> A single host is easy to renumber. A small network with one router is only
> slightly more complicated. However, renumbering a medium-sized or large
> network can take months to years to accomplish and hundreds of thousands of
> dollars in manpower.
>
> > Problems occur for externally facing services,
>
> As a general rule, clients are easy to renumber, whereas servers are
> difficult and firewalls are even worse. And I'm including human costs and
> resistance in that; changing the address on an interface is almost a
> nonevent in comparison.
>
> > but that doesn't seem insurmountable for an organisation that's likely to
> > only change PI space at most every year or so.
>
> Why would you ever change PI space? The issue is changing PA space, and
> that's something that may need to be done every few weeks as upstream links
> go up and down. Compare to the cost of a NAT box and the choice is easy.
Please justify this assumption.
Are you still thinking that there would be a single PA per
host? If you are connected to the same upstream via multiple
paths then there is/should be no need to renumber. If you
are connected to multiple upstreams then you have multiple
PA prefixes on each and every box. It should be be as easy
as having the routers deprecating the prefix advertisements
to have all the end systems select alternate PA addresses
when initiating sessions.
> > If your choices are PI vs PA then yeah NAT does look very attractive, but
> > if you can have PA and "private"-PI (aka ULA) then things look a lot less
> > blurred (IMHO).
>
> IMHO, you underestimate how much IT folks hate renumbering.
>
> S
>
> Stephen Sprunk "Those people who think they know everything
> CCIE #3723 are a great annoyance to those of us who do."
> K5SSS --Isaac Asimov
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> [email protected]
> Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
