Re: [homenet] dst/src routing drafts (for IETF-91 rtgwg)

David Lamparter <equinox@diac24.net> Thu, 30 October 2014 00:39 UTC

Return-Path: <equinox@diac24.net>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FF891ACE84; Wed, 29 Oct 2014 17:39:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t7mUoPCyNoKy; Wed, 29 Oct 2014 17:39:40 -0700 (PDT)
Received: from eidolon.nox.tf (eidolon.nox.tf [IPv6:2a02:238:f02a:8e2f:1::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1784A1ACE81; Wed, 29 Oct 2014 17:39:39 -0700 (PDT)
Received: from equinox by eidolon.nox.tf with local (Exim 4.84) (envelope-from <equinox@diac24.net>) id 1Xjdm1-000DwA-SK; Thu, 30 Oct 2014 01:39:34 +0100
Date: Thu, 30 Oct 2014 01:39:33 +0100
From: David Lamparter <equinox@diac24.net>
To: "Fred Baker (fred)" <fred@cisco.com>
Message-ID: <20141030003933.GS5186@eidolon>
References: <20141020204033.GD236844@jupiter.n2.diac24.net> <20141022190653.GB868521@jupiter.n2.diac24.net> <DFE4317C-E4B6-44AB-AED4-2FBBBD2888DA@cisco.com> <B445E8FD-13EE-4014-8D1C-7C9D4A188D2D@cisco.com> <544FF3F2.3050206@gmail.com> <20141029062837.GH5186@eidolon> <B6D9E5BD-8903-4133-8947-BB8AEAD97AA4@cisco.com> <5450D7ED.9010806@globis.net> <C9754B86-0A54-4FA5-91B5-4D4339E8D9C8@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <C9754B86-0A54-4FA5-91B5-4D4339E8D9C8@cisco.com>
User-Agent: Mutt/1.5.22 (2013-10-16)
Archived-At: http://mailarchive.ietf.org/arch/msg/homenet/8gTXAeMgl0H27hrS_cbPsRwqN2s
Cc: Ole Troan <ot@cisco.com>, Ray Hunter <v6ops@globis.net>, David Lamparter <equinox@diac24.net>, "homenet@ietf.org" <homenet@ietf.org>, "rtgwg@ietf.org" <rtgwg@ietf.org>, Mikael Abrahamsson <swmike@swm.pp.se>
Subject: Re: [homenet] dst/src routing drafts (for IETF-91 rtgwg)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Oct 2014 00:39:42 -0000

[plucking a paragraph from the middle]
On Wed, Oct 29, 2014 at 04:09:15PM +0000, Fred Baker (fred) wrote:
> I suspect the company you are discussing might have a number of small
> offices in as many cities, and as many PA prefixes as it takes. The
> company might also have a PI prefix, but I would be surprised if it
> used the PI prefix in all of its little offices; if it did, it would
> essentially use it for internal traffic, and have some sort of VPN
> connecting the offices on which it was used. It would, however, use
> the PA prefixes from the offices when they need to talk outside the
> house. If it is using the PI prefix plus a PA prefix in any given
> office, it would depend on RFC 6724’s Rule 8 (longest match) to prefer
> a PI address when talking to another address within the prefix, and a
> temporary address from PA space otherwise.

If there is an overlap of a company-wide numbering plan with local
connectivity, that might actually be use-case for a SADR route whose
destination isn't ::/0.  Though you could always do that with a simple
destination route for the company-wide prefix, what you can now do is
signal the correlations between routes.  (Except we don't have a
protocol to communicate this to the host yet.)

I'm imagining a route table like this:
(:cccc: being the company-wide PI)

::/0 from 2001:db8:1::/48 via PA-provider-1
::/0 from 2001:db8:2::/48 via PA-provider-2
::/0 from 2001:db8:cccc::/48 unreachable
2001:db8:cccc::/48 from 2001:db8:cccc::/48 via IPsec-gateway
2001:db8:cccc::/48 from ::/0 unreachable

Where the last route would prevent accidental leaking of packets onto
the internet in case the IPsec gateway malfunctions.  (The 3rd route is
redundant if there's no "::/0 from ::/0")

But - apart from ease of use for multiple prefixes, this can be done
without SADR just fine, the only advantage is that there's full
information regarding which source addresses work with which
destinations.  If we get that to hosts, and into their source address
selection, then we won something.

(And this is really the same as homenet walled-garden scenarios, where
an ISP uses a separate prefix for some [IPTV, whatever] service and
expects clients to use a distinct source prefix to get to that service.
Then again, "secret gardens are better than walled gardens.")


-David