[dhcwg] Delegated prefix managed by multiple entities
"Woundy, Richard" <Richard_Woundy@cable.comcast.com> Thu, 15 February 2007 05:33 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HHZF6-00034B-US; Thu, 15 Feb 2007 00:33:16 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HHZF5-00033Q-4J for dhcwg@ietf.org; Thu, 15 Feb 2007 00:33:15 -0500
Received: from paoakoavas09.cable.comcast.com ([208.17.35.58] helo=cable.comcast.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HHZEo-0003kG-UA for dhcwg@ietf.org; Thu, 15 Feb 2007 00:32:59 -0500
Received: from ([10.52.116.31]) by paoakoavas09.cable.comcast.com with ESMTP id KP-TDCH7.30402962; Thu, 15 Feb 2007 00:32:47 -0500
Received: from PACDCEXCMB05.cable.comcast.com ([24.40.15.116]) by PAOAKEXCSMTP02.cable.comcast.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 15 Feb 2007 00:32:46 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 15 Feb 2007 00:32:46 -0500
Message-ID: <EF2F0EC839870F43A6637360BC12ABD4010B0F1E@PACDCEXCMB05.cable.comcast.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Delegated prefix managed by multiple entities
Thread-Index: AcdQY3NT6b086CsYSsOe3MtHPVTS4gAWJKhA
From: "Woundy, Richard" <Richard_Woundy@cable.comcast.com>
To: dhcwg <dhcwg@ietf.org>
X-OriginalArrivalTime: 15 Feb 2007 05:32:46.0819 (UTC) FILETIME=[B96D8B30:01C750C2]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e367d58950869b6582535ddf5a673488
Cc: "Woundy, Richard" <Richard_Woundy@cable.comcast.com>
Subject: [dhcwg] Delegated prefix managed by multiple entities
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Errors-To: dhcwg-bounces@ietf.org
>> In the worst >> case, the delegated prefix is reachable from the Internet through >> another network path (perhaps unknown to the DHCP server), but because >> the delegated prefix is advertised by the DHCP server, traffic is >> drawn to the CMTS and is blackholed. It might even be possible for a >> routing loop to form. >This is the first time I think anyone has suggested that DHCPv6 delegated prefixes in this case would be administratively controlled by multiple independent entities. Please allow me to use a potentially controversial example in this reply. Suppose a business entity/organization approaches both a cable operator and an alternative broadband provider (e.g. a telco) for multihomed Internet connectivity, bringing their own Provider Independent prefix per <http://tools.ietf.org/wg/ipv6/draft-hain-ipv6-pi-addr-10.txt> and <http://tools.ietf.org/wg/ipv6/draft-hain-ipv6-pi-addr-use-10.txt>. Note: please do not use this example as an endorsement of PI addressing. The second draft enumerates why PI addressing is difficult for service providers. Anyway, suppose the cable operator uses DHCP-PD to send the PI prefix to the customer's cable modem, for broadband service over DOCSIS. Further suppose that the PI prefix is injected into the IGP by the DHCP server. The alternative provider sets up routing as appropriate to their environment. At this point, traffic to the customer's PI address on the cable operator's backbone would be forwarded to the CMTS (and to the CM), traffic on the alternative provider's backbone would be routed over the alternative broadband network, and general Internet traffic would be routed to either the cable operator or the alternative provider based on routing topology and preferences in various national/worldwide backbones. Now suppose that the customer's cable modem goes offline. From what I've seen, we don't have a mechanism for the DHCP server to figure out very quickly that the cable modem is offline, so the PI prefix remains in the cable backbone IGP routing tables. That means that cable network traffic directed to the customer's PI address will still be routed to the CMTS, where it will be blackholed. Some general Internet traffic to the PI address will also be blackholed. If the CMTS is responsible for PI prefix injection into the IGP, then the CMTS could detect the cable modem going offline in minutes, if not in seconds, and remove the PI prefix from the IGP routing tables. Then cable network traffic (and some Internet traffic) that would have otherwise been blackholed at the CMTS, could be routed to the alternate broadband provider's network -- thus enabling a highly available network connection for the multihomed organization. This is why having a "stale route" in the IGP can be an issue for multihomed customers. I think there are some other variations on the multihomed-customer theme (e.g. multihomed to the same provider using different access networks) that could be relevant here. -- Rich -----Original Message----- From: David W. Hankins [mailto:David_Hankins@isc.org] Sent: Wednesday, February 14, 2007 1:09 PM To: Woundy, Richard Cc: dhcwg Subject: Re: [dhcwg] dhc wg last call on agentopt-delegateand srsn-optiondrafts I'm not sure why we're talking about dynamic routing protocols. So bear with me while I nitpick and quibble about the topic I'm not sure we should be debating. The real content is after the '===' break below. On Mon, Feb 12, 2007 at 08:16:34PM -0500, Woundy, Richard wrote: > I believe you are correct. According to RFC 2740 (OSPF for IPv6), an > AS-external-LSA may include a "forwarding address"; see sections > 3.4.3.5 and A.4.7. Huh, I had no idea OSPF could do that. I doubt the facility is well used. But I'm not sure why a modern network operator would use OSPF for their "non-connected" IGP, so it's rather strange to postulate that situation. The general practice I've engaged in is to use OSPF only to distribute connected routes (subnets attached to routers' interfaces), and then to use BGP to distribute any static bindings, which are customer attachments that lack dynamic impetus, or any redistributed routes from other routing protocol states (such as a unique OSPF protocol state declared specifically to carry dynamic routes from a customer). In summary, the IGP carries prefixes directly connected to interfaces on routers, and BGP carries prefixes delivered to their remote ends. Both OSPF and ISIS have trouble scaling to large numbers of routes (even with areas there are low ceillings), so this works much better. Minimizing the size of the IGP, and maximizing the number of routes carried by BGP, which is more efficient at the task of carrying routes in bulk. This is not a different protocol from BGP, but the operational practice is commonly referred to as "iBGP" to differentiate between the task of carrying routes internally or externally. I'd honestly be pretty suprised if there were a single operator today that used BGP only for the aggregates they advertise externally, and consequently relied entirely upon OSPF (or even ISIS) for every more-specific route. So I'd also be pretty surprised, were I still an operator, if my IETF representatives came to any conclusions about how a system would work in my network based upon the principle of OSPF networks stuffed to the gills. > OSPF areas, implying that the DHCP server needs to participate in all > relevant OSPF areas. IFF you use "i"BGP, you require only one TCP connection over which to process BGP commands. Most operators would probably want more than one, and probably would also want more than one DHCPv6 server to perform the announcements, preferrably in different geographic locations. There are already quite appropriate tools in BGP router implementations for limiting the number of routes advertised to neighbors that don't wish to (or can't) carry a full table. I see no reason why a single generic filter can't be made to define "routes for CMTS's in facility X". > In the worst > case, the delegated prefix is reachable from the Internet through > another network path (perhaps unknown to the DHCP server), but because > the delegated prefix is advertised by the DHCP server, traffic is > drawn to the CMTS and is blackholed. It might even be possible for a > routing loop to form. This is the first time I think anyone has suggested that DHCPv6 delegated prefixes in this case would be administratively controlled by multiple independent entities. I understood that if the client was using the same prefix, and connected at a different location, that it would contact the same (or same group of) DHCPv6 servers. === What was the question again? As I said, I'm not sure why we're talking about dynamic routing protocols. In the various discussions we've had about this, it's been stipulated that one requirement is that the CMTS not be required to participate in any dynamic routing protocol at all. So the very notion should be impossible. We shouldn't even be able to consider a routing protocol solution to a problem that, I thought I understood, must span networks that do not implement any routing protocols. The implication being that the CMTS would enter only a local "pseudo-static" route in its table, thanks to this option. The "real" router it was connected to (possibly via other similarly non-dynamically-routing devices) would advertise the prefix's route dynamically (by also participating as a DHCPv6 relay, and being delivered similar options). Basically, to use DHCPv6 relay chaining to reach a router that does participate in dynamic routing, which either advertises the delegated prefix or relies upon external routing updates to direct it to send routes to the nearest non-dynamic router. This implication is reinforced by reports from various people in the WG and without, that CMTS operating software does not implement dynamic routing protocols, is not provisioned with sufficient processor power or memory (even to manage a "small" local network), or...since CMTS people are "RF people" and not "IP people"...simply aren't well suited in their implementation of the protocols. So I'm pretty confused by looking at a routing protocol centric view of solutions to this problem (which I thought was an impossible candidate), and placing upon it criticisms for limitations that are both the same and measurably worse in this DHCPv6-option centric view I've been delivered previously. So I don't get it. Either I'm dense (probable), the problem hasn't been explained sufficiently (possible), or there are so many problems and solutions that no one can keep them straight. So, may I make a suggestion? Let's have another look at draft-stenberg-pd-route-maintenance. I think at least one thing that has caused us to stumble is that RAAN is intentionally so general-purpose that none of us seem to agree about what it's going to be used for. The very first things I imagined by reading it were counterpositive to the CMTS environment that's been postulated ever since. He's already done a lot of great work towards enumerating the problems and solutions. If we could all take a moment to make sure they're all in there, and if Markus and Ole are willing, I'd like to get a handle on it. I feel somewhat responsible since my abstention was more vocal than I would have liked. I don't know how much time I'll have until Q2 '07, I've probably already spent too much time "away from my desk" just writing this (unjustifiably long) email this morning. -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Delegated prefix managed by multiple enti… Woundy, Richard
- Re: [dhcwg] Delegated prefix managed by multiple … Ted Lemon
- Re: [dhcwg] Delegated prefix managed by multiple … Markus Stenberg
- Re: [dhcwg] Delegated prefix managed by multiple … Ted Lemon
- Re: [dhcwg] Delegated prefix managed by multiple … Chuck Anderson
- RE: [dhcwg] Delegated prefix managed by multiple … Woundy, Richard
- Re: [dhcwg] Delegated prefix managed by multiple … Ted Lemon
- RE: [dhcwg] Delegated prefix managed by multiple … Woundy, Richard
- RE: [dhcwg] Delegated prefix managed by multiple … Woundy, Richard
- Re: [dhcwg] Delegated prefix managed by multiple … Ted Lemon
- Re: [dhcwg] Delegated prefix managed by multiple … Markus Stenberg
- Re: [dhcwg] Delegated prefix managed by multiple … Damien Neil
- Re: [dhcwg] Delegated prefix managed by multiple … Ted Lemon
- RE: [dhcwg] Delegated prefix managed by multiple … Woundy, Richard