On 02/11/2012 04:52, Ralph Droms wrote:
On Feb 11, 2012, at 12:27 AM 2/11/12, Doug Barton wrote:
Ok, let's go with that. We already have a way to make collisions
"very unlikely," don't use either of 192.168.[01]. Fortunately this
method doesn't require allocation of a new block.
But, what we've been told by operators in the discussion about this
draft is that "very unlikely" is not "sufficiently unlikely", and
that no /10 within the set of RFC 1918 addresses makes the
probability of a collision sufficiently unlikely. You may disagree
with that claim, but I think we have to respect it.
Why do we have to respect it? Completely aside from the issue of
trusting the fox to report on the security conditions of the henhouse,
we haven't been provided any data to support the claim. What they're
saying is, "We don't have data for this, and we won't generate it. But
we want you to trust us anyway that doing this thing that overwhelmingly
benefits us is the right thing to do."
Now on its face that's a bad deal no matter how you look at it. Now add
in the fact that this issue has been created by the same foxes refusing
to invest in IPv6, AND the assertion from people who know better than I
that most of the problem can be dealt with by avoiding 2 1918 /24s, it
just keeps getting worse.
Make no mistake, I understand what they are asking for, and I'm very
confident that I understand why they're asking for it. It makes their
job infinitely easier if they can be given a /10 that, at least in the
short term, they can be close to 100% certain will not be used inside a
customer network. That way they don't have to think hard about their
network design (and don't have to take as many customer service calls),
and they will have N more years to diddle away until customers start
using that block internally. And then the whole thing goes pear-shaped
again.
So no, I don't have to respect what they're telling us.
So now what we're talking about is how much we're willing to pay to
make the collisions how much more unlikely?
I would certainly feel more comfortable with better data, but it
seems highly unlikely that we can generate it.
Generating the data on what CPEs use what blocks by default and how
prevalent each of them are in the market is simply a matter of time and
money. These types of surveys have already been done for DNSSEC, so we
know exactly what it takes to do them. The fact that the same people who
want us to spend valuable public IPv4 addresses so that they can save
time and money with their CGN deployments are also refusing to spend the
time and money necessary to back up their claims should, really, be
making more people angry than it seems already are.
And while I'm at it, John Klensin's post today about the "get everyone a
new CPE" topic was a much more thorough treatment than I'm capable of,
so I'll just add a +1.
Doug
--
It's always a long day; 86400 doesn't fit into a short.
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf