nanog mailing list archives
RE: quietly....
From: david raistrick <drais () icantclick org>
Date: Thu, 3 Feb 2011 12:36:51 -0500 (EST)
On Thu, 3 Feb 2011, Brian Johnson wrote:
1) To allow yourself to change or maintain multiple upstreams without renumbering.Not sure what you mean here. So having PI space can't accomplish this?
Using PI space means paying significantly more money per year than using PA space, particularly if you factor in the "recommended" subnet sizing and that your v6 address space requirements signficantly increase over v4+NAT.
Remember that we're not talking about ISPs and large enterprises who are used to shelling out artifically inflated $$ per year to use PI space.
We're talking about telling folks who were happy using PA space (or who have PI space from before IANA) that they now have to rent addresses if they want to avoid internal renumbering.
6) Because you have allocated a single address to a machine that later on actually represents n differerent actual network entities, and retrofitting them with their own unique IPv6 subnet presents a problem.Huh?
I understood that.I have a customer in my datacenter with 50 servers behind a firewall. (that "customer" could be an internal team at my enterprise, or a customer at a colo, or even a customer at the end of a telco circuit).
I need to renumber.The coordination effort involved in renumbering @ the firewall, vs renumbering the -entirety- of the customer's internal subnets is significant.
One customer side example? Oracle RAC. With v4 and NAT, RAC would never have to know anything. With no NAT, I have to shut down RAC, shut down OCFS2, reconfigure the cluster filesystem (which is a nontrival task with nontrival risk), reconfigure RAC (which goes OK, other than that I have to reconfigure potentially a half dozen config files on every server that connects to it), restart ocfs, restart RAC....
That's all new work, because I told my customer they cannot use NAT. And I have to do that with -every- customer.With v4, I just helped the customer configure his firewall to support both the old and new addresses, changed external facing DNS, waited for all traffic to move over, removed the old addresses, and we were done.
-- david raistrick http://www.netmeister.org/news/learn2quote.html drais () icantclick org http://www.expita.com/nomime.html
Current thread:
- Re: Failure modes: NAT vs SPI, (continued)
- Re: Failure modes: NAT vs SPI Iljitsch van Beijnum (Feb 07)
- Re: quietly.... Iljitsch van Beijnum (Feb 03)
- Re: quietly.... Jon Lewis (Feb 03)
- Re: quietly.... Iljitsch van Beijnum (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Jack Bates (Feb 03)
- Re: quietly.... Matthew Palmer (Feb 03)
- Re: quietly.... Jack Bates (Feb 03)
- Re: quietly.... Jay Ashworth (Feb 03)
- Re: quietly.... sthaug (Feb 03)
- RE: quietly.... david raistrick (Feb 03)
- Re: quietly.... Mark Andrews (Feb 02)
- RE: quietly.... Frank Bulk (Feb 13)
- Re: quietly.... Iljitsch van Beijnum (Feb 02)
- Re: quietly.... Owen DeLong (Feb 02)
- Re: quietly.... Iljitsch van Beijnum (Feb 02)
- Re: quietly.... Nick Hilliard (Feb 02)
- Re: quietly.... Owen DeLong (Feb 02)
- Re: quietly.... Iljitsch van Beijnum (Feb 02)
- Re: quietly.... Chris Adams (Feb 02)
- Re: quietly.... Matt Addison (Feb 02)