IETF Logo Mail Archive

Re: [homenet] referrals [ tunnels as way to disambiguate .local]

Curtis Villamizar <curtis@occnc.com> Sun, 12 August 2012 16:18 UTC

Return-Path: <curtis@occnc.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC31C21F85D4 for <homenet@ietfa.amsl.com>; Sun, 12 Aug 2012 09:18:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.441
X-Spam-Level:
X-Spam-Status: No, score=-2.441 tagged_above=-999 required=5 tests=[AWL=0.159, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ILFtHjDOKkCb for <homenet@ietfa.amsl.com>; Sun, 12 Aug 2012 09:18:44 -0700 (PDT)
Received: from gateway.ipv6.occnc.com (gateway.ipv6.occnc.com [IPv6:2001:470:1f07:1545::1:132]) by ietfa.amsl.com (Postfix) with ESMTP id CD5AC21F85AD for <homenet@ietf.org>; Sun, 12 Aug 2012 09:18:43 -0700 (PDT)
Received: from newharbor.ipv6.occnc.com (newharbor.ipv6.occnc.com [IPv6:2001:470:1f07:1545::1:320]) (authenticated bits=0) by gateway.ipv6.occnc.com (8.14.5/8.14.5) with ESMTP id q7CGIcRL065741; Sun, 12 Aug 2012 12:18:38 -0400 (EDT) (envelope-from curtis@occnc.com)
Message-Id: <201208121618.q7CGIcRL065741@gateway.ipv6.occnc.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
From: Curtis Villamizar <curtis@occnc.com>
In-reply-to: Your message of "Thu, 09 Aug 2012 08:33:17 BST." <502367BD.3010005@gmail.com>
Date: Sun, 12 Aug 2012 12:18:38 -0400
Cc: Kerry Lynn <kerlyn@ieee.org>, Michael Richardson <mcr+ietf@sandelman.ca>, Michael Thomas <mike@mtcc.com>, curtis@occnc.com, Evan Hunt <each@isc.org>, "homenet@ietf.org Group" <homenet@ietf.org>
Subject: Re: [homenet] referrals [ tunnels as way to disambiguate .local]
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: curtis@occnc.com
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Aug 2012 16:18:44 -0000

In message <502367BD.3010005@gmail.com>
Brian E Carpenter writes:
 
> > I get the impression that if NAT didn't exist, then
> > draft-carpenter-referral-ps would server no purpose.  Is this draft
> > entirely motivated by problems caused by NAT?
>  
> I don't think so. There are other causes of disjoint address space,
> which existed even before we had NAT or specialised firewalls -
> router ACLs for example. Certainly NAT is the major cause today (and
> NPTv6 will propagate the problem into IPv6). v4-only and v6-only
> islands will probably arise too.
>  
> Regards
>    Brian


Brian,

Without NAT there is no good reason to have an island.  If you create
an island (in IPv6) where none was needed, you get what you deserve.

NAT64 and DNS64 support v6-only islands.  The tide seems to be turning
on v4-only islands.  For example, I can fetch and build FreeBSD and
fetch all of the ports source for ports I use (>500 ports including
libraries, etc) on an IPv6 only host.  I'm confident the same would be
true of most Linux distributions.

Hosts are all dual stack.  They may end up roaming to a v4-only (or
less likely today v6-only) part of the network.  In that case a tunnel
to a DS network is needed and all is fine, performance suffering a
bit.  For example, an enterprise could go v6-only and allow either v4
or v6 tunneling (which is done today for VPN) from roaming employees
who end up in a v4 only place.  The same enterprise could do NAT64 and
DNS64 or could just set up a DS http/https proxy and mail relay at a
DS border.

I still see no purpose for draft-carpenter-referral-ps if NAT is
removed.

Curtis


> On 08/08/2012 19:39, Curtis Villamizar wrote:
> > In message <5022557F.5050105@gmail.com>
> > Brian E Carpenter writes:
> >  
> >> On 07/08/2012 20:11, Michael Thomas wrote:
> >>> On 08/07/2012 11:46 AM, Kerry Lynn wrote:
> >>>> On Mon, Aug 6, 2012 at 9:39 PM, Evan Hunt <each@isc.org> wrote:
> >>>>> Tunnels are okay, but to use them, but has to get the DNS search order
> >>>>> and the DNS server list right, and that's walled garden territory.
> >>>>> *If* we are going to turn each home into a walled garden, then let's be
> >>>>> aware that we are doing that.
> >>>> I'm of the opinion that in a "walled garden" scenario, the tunnel
> >>>> endpoint may
> >>>> be the only resource that needs a global name / address.
> >>> Just checking, but we all think that naming is a separate issue
> >>> from reachability, right?
> >>  
> >> It certainly is. But see http://tools.ietf.org/html/draft-carpenter-referral-ps
> >> especially section 4.2 "FQDNs are not sufficient".
> >>  
> >>    Brian
> > 
> > 
> > Brian,
> > 
> > MIF may be trying to solve the problem the wrong way.  Providing a
> > mapping of DNS to loopback address has long been used (by routers) to
> > provide a stable reachable address.  The routing cost to reach that
> > loopback interface (which can change many times for an active
> > connection) is used to determine which physical interface gets used to
> > reach the loopback.  For example if one interface is connected to an
> > ethernet which gets isolated due to a router failure, the other
> > interface is used because routing tells us that one of them is
> > unreachable.
> > 
> > Multihoming of course pokes holes in the routing tables and causes
> > some routing table bloat.  This has always been a problem and IPv6
> > does nothing to improve the situation that existed in IPv4 two decades
> > ago with a lot of small providers and large enterprises using dual
> > provider multihoming.
> > 
> > If we are concerned with hosts that have multiple interfaces both
> > leading to parts of the homenet, that is easily solved.  Multihomed
> > homenets is a whole different problem, but solvable if redundancy is
> > to the same provider.  A conditional static route can be advertised
> > within the provider, with these routes having limited scope (for
> > example using BGP communities).  If this practice were to become
> > commonplace (I doubt it, no consumer provider has that sort of
> > redundancy in the last mile), then the provider would have to limit
> > the scope of these more specific routes to a small subset of their own
> > topology.
> > 
> > I get the impression that if NAT didn't exist, then
> > draft-carpenter-referral-ps would server no purpose.  Is this draft
> > entirely motivated by problems caused by NAT?
> > 
> > Curtis

v2.23.0 | Report a Bug | By Email