nanog mailing list archives

RE: quietly....

From: david raistrick <drais () icantclick org>
Date: Thu, 3 Feb 2011 12:36:51 -0500 (EST)

On Thu, 3 Feb 2011, Brian Johnson wrote:

1) To allow yourself to change or maintain multiple upstreams without
renumbering.


Not sure what you mean here. So having PI space can't accomplish this?

Using PI space means paying significantly more money per year than usingPA space, particularly if you factor in the "recommended" subnet sizingand that your v6 address space requirements signficantly increase overv4+NAT.

Remember that we're not talking about ISPs and large enterprises who areused to shelling out artifically inflated $$ per year to use PI space.

We're talking about telling folks who were happy using PA space (orwho have PI space from before IANA) that they now have to rent addressesif they want to avoid internal renumbering.

6) Because you have allocated a single address to a machine that later
on actually represents n differerent actual network entities, and
retrofitting them with their own unique IPv6 subnet presents a problem.


Huh?


I understood that.

I have a customer in my datacenter with 50 servers behind a firewall.(that "customer" could be an internal team at my enterprise, or a customerat a colo, or even a customer at the end of a telco circuit).


I need to renumber.

The coordination effort involved in renumbering @ the firewall, vsrenumbering the -entirety- of the customer's internal subnets issignificant.

One customer side example? Oracle RAC. With v4 and NAT, RAC would neverhave to know anything. With no NAT, I have to shut down RAC, shut downOCFS2, reconfigure the cluster filesystem (which is a nontrival task withnontrival risk), reconfigure RAC (which goes OK, other than that I have toreconfigure potentially a half dozen config files on every server thatconnects to it), restart ocfs, restart RAC....


That's all new work, because I told my customer they cannot use NAT.

And I have to do that with -every- customer.

With v4, I just helped the customer configure his firewall to support boththe old and new addresses, changed external facing DNS, waited for alltraffic to move over, removed the old addresses, and we were done.






--
david raistrick        http://www.netmeister.org/news/learn2quote.html
drais () icantclick org             http://www.expita.com/nomime.html

Current thread:

Re: Failure modes: NAT vs SPI, (continued)
- - - Re: Failure modes: NAT vs SPI Iljitsch van Beijnum (Feb 07)
    - Re: quietly.... Iljitsch van Beijnum (Feb 03)
    - Re: quietly.... Jon Lewis (Feb 03)
    - Re: quietly.... Iljitsch van Beijnum (Feb 03)
    - RE: quietly.... Matthew Huff (Feb 03)
    - Re: quietly.... Jack Bates (Feb 03)
    - Re: quietly.... Matthew Palmer (Feb 03)
    - Re: quietly.... Jack Bates (Feb 03)
    - Re: quietly.... Jay Ashworth (Feb 03)
    - Re: quietly.... sthaug (Feb 03)
    - RE: quietly.... david raistrick (Feb 03)
    - Re: quietly.... Mark Andrews (Feb 02)
    - RE: quietly.... Frank Bulk (Feb 13)
    - Re: quietly.... Iljitsch van Beijnum (Feb 02)
    - Re: quietly.... Owen DeLong (Feb 02)
    - Re: quietly.... Iljitsch van Beijnum (Feb 02)
    - Re: quietly.... Nick Hilliard (Feb 02)
    - Re: quietly.... Owen DeLong (Feb 02)
    - Re: quietly.... Iljitsch van Beijnum (Feb 02)
    - Re: quietly.... Chris Adams (Feb 02)
    - Re: quietly.... Matt Addison (Feb 02)

(Thread continues...)