IETF Logo Mail Archive

Re: [homenet] I-D Action: draft-haddad-homenet-multihomed-00

Michael Thomas <mike@mtcc.com> Mon, 22 October 2012 19:18 UTC

Return-Path: <mike@mtcc.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F48011E809C for <homenet@ietfa.amsl.com>; Mon, 22 Oct 2012 12:18:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.562
X-Spam-Level:
X-Spam-Status: No, score=-2.562 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bojqZPFCwwah for <homenet@ietfa.amsl.com>; Mon, 22 Oct 2012 12:18:55 -0700 (PDT)
Received: from mtcc.com (mtcc.com [IPv6:2001:5a8:4:9fe0:224:8cff:feaa:6d9b]) by ietfa.amsl.com (Postfix) with ESMTP id 96E3B21F86EB for <homenet@ietf.org>; Mon, 22 Oct 2012 12:18:55 -0700 (PDT)
Received: from takifugu.mtcc.com (takifugu.mtcc.com [50.0.18.224]) (authenticated bits=0) by mtcc.com (8.14.3/8.14.3) with ESMTP id q9MJIpBM032481 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Mon, 22 Oct 2012 12:18:51 -0700
Message-ID: <50859C1B.7070707@mtcc.com>
Date: Mon, 22 Oct 2012 12:18:51 -0700
From: Michael Thomas <mike@mtcc.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.22) Gecko/20090605 Thunderbird/2.0.0.22 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: james woodyatt <jhw@apple.com>
References: <201210011801.q91I1tfW056624@gateway1.orleans.occnc.com> <506A07D1.8050605@gmail.com> <10328E81-3C94-455B-9A37-B421200A5C38@ecs.soton.ac.uk> <EMEW3|19238916f7ff9a0ada655caf80bba8cao9AAbJ03tjc|ecs.soton.ac.uk|10328E81-3C94-455B-9A37-B421200A5C38@ecs.soton.ac.uk> <7F6EA97D-5DA8-4872-A647-D879B1955824@gmail.com> <49FCFE49-9DFB-44D2-ADAD-636A3C80F906@ecs.soton.ac.uk> <EMEW3|09bc323dc12a06be7c21e18f2752cd05o9LECn03tjc|ecs.soton.ac.uk|49FCFE49-9DFB-44D2-ADAD-636A3C80F906@ecs.soton.ac.uk> <7F4B245F-9355-4134-9176-EB7DB1634469@apple.com> <77A8749D-DF81-4816-8277-CB69861E524A@fugue.com> <C3720598-400C-4B83-9CEC-878B3FA8109E@ecs.soton.ac.uk> <EMEW3|3e5d3f7836c5b4ddbd99d74df88ecc6ao9LJ8r03tjc|ecs.soton.ac.uk|C3720598-400C-4B83-9CEC-878B3FA8109E@ecs.soton.ac.uk> <5085905A.8030206@mtcc.com> <52E31542-3B7C-4EC1-9B2C-3C9D8E6B3BB1@apple.com>
In-Reply-To: <52E31542-3B7C-4EC1-9B2C-3C9D8E6B3BB1@apple.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2769; t=1350933534; x=1351797534; c=relaxed/simple; s=thundersaddle.kirkwood; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z=From:=20Michael=20Thomas=20<mike@mtcc.com> |Subject:=20Re=3A=20[homenet]=20I-D=20Action=3A=20draft-had dad-homenet-multihomed-00 |Sender:=20 |To:=20james=20woodyatt=20<jhw@apple.com> |Content-Type:=20text/plain=3B=20charset=3DISO-8859-1=3B=20 format=3Dflowed |Content-Transfer-Encoding:=207bit |MIME-Version:=201.0; bh=EohFHdeSAq87UTpWQuDAH8pickj3cbp6l3ihpBFFn/8=; b=rhgg/tHPxaSsitm/j5Cx7XouUVckMc4x4WGFfChtGSLqpHQEji3kjnU9Y7 BwNlhFjNPJ7ISSvh+GyJejoN0BN7XWGnbOC6hVQgT5t0jAmguPokOARaPT3x ZlSZNmfdxNkE8zKjYRd4LpFcKKlL42HMZKqIiOLSHSq4rHCvDAXDA=;
Authentication-Results: ; v=0.1; dkim=pass header.i=mike@mtcc.com ( sig from mtcc.com/thundersaddle.kirkwood verified; ); dkim-asp=pass header.From=mike@mtcc.com
Cc: homenet@ietf.org
Subject: Re: [homenet] I-D Action: draft-haddad-homenet-multihomed-00
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Oct 2012 19:18:56 -0000

On 10/22/2012 11:57 AM, james woodyatt wrote:
> On Oct 22, 2012, at 11:28 , mike <mike@mtcc.com> wrote:
>> I'd say that until we have source address selection that actually works and is widely
>> deployed, that taking anything off the table is premature. Source address selection
>> applies just as much on a homenet as anyplace else.
> Disagree.  My opinion is that the potential for catastrophic damage to the utility of the Internet by the ubiquitous deployment of NPT66 in residential gateways poses too grave a risk for us to continue seriously entertaining it as a viable approach to any of the problems in our ambit.  I would say that it MUST be deprecated by the arch document.
>
> For anyone arguing in favor of using NPT66 in residential gateways, I think it's fair to ask them for solutions to the problem statement in I-D.carpenter-referral-ps <http://tools.ietf.org/html/draft-carpenter-referral-ps> in support of that idea. Referral in IPv4 was badly broken by the introduction of NAT44, and the ubiquitous deployment of NPT66 in residential gateways would repeat the error with IPv6.
>
> I would say HOMENET should not be seriously considering that as an option.  Is there any significant disagreement on that point?  Are there people here who might be willing to stand up and argue that the referral problem is secondary to other objectives well served by deploying NPT66 in home network access routers?  If so, then what are those objectives?  I'm having a hard time understanding what they might be.

I'm not saying that I like NPT66. I'm saying that IETF has failed to deal with
source address selection such that we're now at the point of address exhaustion
with v4 with nothing working in real devices besides 3484 which is inadequate,
and a lead time of 5+ years before anything is likely to be widely deployed.

So we all know what happens when host devices don't do it: the network in
its own hacked way does it for them. So regardless of whether we like it or
not, NPT and other kinds of network hackery are just an expedient away.
NPT at least doesn't have some of the most egregious sins of NAT.

>> Probably even moreso when you consider corporate VPN's.
> Actually, VPN is usually just a special case of MIF, i.e. individual hosts are multihomed, not the whole homenet.  This is a much simpler situation to manage, and solutions for that space are already ubiquitous.
>

No, sorry. Corporate VPN's using v6 and the lack of a coherent source address
selection mechanism causes breakage in bizarre and unpredictable ways.
You are not going to get the results you hope for if your mac uses an ISP prefix
to get back inside the corpro firewall, uRPF if nothing else. SLAAC changes
a lot of things over v4.

Mike

v2.23.0 | Report a Bug | By Email