On Tue, Sep 28, 1999 at 09:11:41AM -0700, Mr. James W. Laferriere wrote:
....
> > Single addresses are *so* much simpler...
>
> Speaking as an Network engineer, Ha !
>
> There isn't anything easier than setting up routing (given clue
> on both ends) . Dynamic on the other hand requires a great deal
> of consideration & forthought on whether to use a Dhcp / Bootp /
> allow the terminal server to do the allocations /... ,
Your thinking goes along:
"I am a wizard with special support from my ISP"
Also you neglect a "minor" thing that supporting hundreds of
thousands of online users does NOT allow such special tricks
at USD 10-20 per month prices, like they are these days..
(Boxes are cheap, people who do configurations and customer
help, now those cost a lot..)
For individual special treatment you WILL be charged premium
price. Static addresses are SPECIAL TREATMENT, THEY DON'T SCALE!
You will get special numbers for calling, general bulk internet
dialup is not compatible with such things.
Thus back to topic:
An ISP can supply you easily /128, /124, and perhaps even /120
subnets at the dynamic pools. Because world WANTS reversers
registered for used addresses, that ISP must generate them,
but no wild-card is ok, because TCP-Wrapper(-like) systems
want to check that reversed PTR can find AAAA record.
Thus: for /128 there is ONE PTR/AAAA pair, for /124 there are
16 pairs, and for /120 there are 256 pairs. It blows up so
fast that pre-provisioning bigger subnets will not be feasible,
when static zone files are used.
Ok, given that bind-8.2+ has various weird hacks, like URL-
calculator, arithmetically generated reverse/forward names
are possible, and thus e.g. /64 subnets might be possible for
DYNAMIC dialup lines => $DYNFWD6{64,ip:v6:pre:fix}.some.suffix.
produced for e.g. 0123456789abcdef.some.suffix an AAAA record
of: ip:v6:pre:fix:0123:4567:89ab:cdef and analogously
some hyphothetical: $DYNREV6{64,.some.suffix.}....ip6.int.
would produce that original forward request.
(now who would implement that for bind-8 ?)
A method out of the "net renumbering at dialup" problem might
be NAT variant called RSIP (Realm Specific IP addresses; now in
NAT-wg at the IETF), which supports even IPSec (which NAT doesn't
support).
Your RSIP gateway would be the one which does a dial-in, and
then uses address pool it receives as a (sub)net at IP6CP
(and DHCP replies). Your LAN will not need to renumber.
All client application protocol stacks will just need RSIP
support...
Of course RSIP (without further layering) doesn't give you
static addresses by which your machines can be reached, but
you can get static addresses thru RSIP/Mobile-IP gateway
which is located at a suitable spot in the network, and which
you reach via those dynamically allocated/RSIPed addresses.
(Layers on layers.)
An entirely separate issue is that a IPv4 <-> IPv6 NAT/MASQ
thing would be nice. If only as transitionary service before
IPv6 services appear in global scale.
> Right now I have a class 'C of my own . I dialin At -my- prodivers
> and tell him (them if I so desire) where my routes should go .
> Zebra / Gated / Whoever the next one is , IS YOUR FRIEND .
> Routing protocols are the only thing that stand between endusers
> and the internet . they(routing protocols) can/should/will be
> used eventually to cure the problem you are speaking about .
>
> Nothing else is in the way of the end user BUT GREAD . Twyl, JimL
The word you are looking for is "greed", but you are blinded by
thinking that it is the real reason why large ISPs supply only
non-user-static addresses at their general user dialup pools.
(Addresses are dedicated to boxes, but calling numbers may end
up at dozens, or hundreds of boxes, and successive calls won't
likely end up at the same box..)
Definitely "greed" is A reason; Businesses (ISP and others) are
not for public good, they are there to generate income, and bottom
line rules. Less expenses (as little support work for users as
(in-)humanly possible), less complicated technology (let M$ rule
the average desktop). Every user who calls helpdesk does cost
real money for that ISP. How to limit the ways by which users
can get themselves confused ? Limit (radically) their options!
That is also one of the reasons why transparent web-proxies are
catching on...
Lets take published magnitude of AOL: if every user are given
STATIC address (and presuming the addresses don't cost anything
e.g. because ARIN/RIPE/APNIC puts a 0 price at the allocations).
That means 10-20 million static addresses which are user specific,
(many even short living, but IPv6 space is *large*), and may be
activated at any possible dialup server site around US and Europe.
(Individual addresses, or nets, doesn't matter in following.)
AOL is an example of an "ISP", which actually buys dialup capacity
whole-sale from several providers, and thus those pools are not
in any single LAN, or even small WAN which would enable "easy"
OSPF link-state based routing changes.
Say on average a call lasts 30 minutes, and there are 100 000 dialup
lines in use. That would mean link-state change frequency of about
110 ons/offs per SECOND. (Not to mention 100 000 individual routes..)
( during the peak times, of course )
I don't think ANY system can handle such a flutter of routes.
STATIC ADDRESSES DON'T SCALE! (And this is ignoring that static
address allocated in California won't work in Florida, unless the
entire Alternet (or whatever) backbone in between carries individual
OSPF routes (it doesn't) -- or user DOES call to Californian number
from Florida, but they don't want to do that, do they ?)
Smaller ISPs use hardware which manufacturers make, and features
at those systems are most commonly dictated by the large ISPs
(because they buy a lot of them..), thus small ISPs get same
facilities with dynamic pools as what large ISPs must do for
purely technical reasons.
About users:
On average even with semi-cluefull university students in campus
network I have seen (in my former life) that people put routed
into their (Linux) workstation where they have ONE network inter-
face, and then they (accidentally?) advertice/proxy-arp all possible
addresses thru that machine, and thru same interface down to the
real external router. (Of course it disturbs only the broadcast
area, but that can be a floor, or a building, or a few buildings
of dorms, or faculty buildings, or ..)
While those Linux users are semi-cluefull, your average WINDOWS
users definitely are not, and they can not be allowed to tinker
with routing protocols. (And for guidance reasons they can not
be expected to tinker with routing.)
So no, your average clueless user MUST NOT be expected to run
any routing protocol, all such things must be coming from ISP's
dialup access control system.
> | James W. Laferriere | System Techniques | Give me VMS |
> | Network Engineer | 25416 22nd So | Give me Linux |
> | [EMAIL PROTECTED] | DesMoines WA 98198 | only on AXP |
/Matti Aarnio <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
