site-local != NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Disclaimer: I started out reading the whole thread, but lately I've
had to skim.  I might have missed it if someone already said this.

If people want to use private addresses to avoid having to renumber
when their provider renumbers, and they use addresses their provider
won't route, then they need to NAT those addresses if they want the
hosts using them to be able to talk to the rest of the world.  Fine.

In the old days, we recommended that sites register blocks of
addresses whether they were connecting them to the net or not, if they
ever intended to connect them to the net in the future.  That way,
each address could be globally unique, since they were all going
through a central registry.

For several reasons, we began to have to put more stringent conditions
on granting address blocks out of the pool.  People stopped being able
to just ask for a /24 for their own use, and get it.  Partly this was
because we saw the address space running out if we kept letting anyone
get address space, and partly it was because people expected routing
for the addresses they were granted.

RFC1918 was a solution to the problems in the last paragraph.  The
drawbacks of RFC1918 are obvious.  If an address leaks, it might make
its way to somewhere where it looks locally valid, by coincidence.
And when networks merge, they may have collisions.  We live with it
because we need it.

If the IPv6 address space is big enough, we should be able to revert
to the old ways.  We should be able to make a policy for the RIRs that
allows, once again, for people to ask for unique address space.  Do we
have enough address space that everyone can get a reasonable amount
just by asking for it?  If so, people can NAT their private nets to
their heart's content, without requiring anything like RFC1918 or
site-local.  I've done the same thing with IPv4 with old portable
address blocks.

I think today's implied identity of "private address space" and
"locally scoped addresses" is really muddying the discussion.  If we
have a world where anyone who asks can get a unique address block
assigned to them to use for their private network... THEN what are the
remaining reasons why people would want to use site-local addresses?

  --  Cos (Ofer Inbar)       --   cos@aaaaa.org  http://cos.polyamory.org/
   "OSI is a beautiful dream, and TCP/IP is living it!"
     -- Einar Stefferud <Stef@nma.com>, IETF mailing list, 12 May 1992
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]