RE: Multihoming Issues

[Caitlin Bestler <caitlinb@rp.asomi.net>]

On 9/3/02, Christian Huitema wrote:

>> The relationship is that DNS is acting as an index
>> service for IPv6 addresses. In doing so it treats them
>> as simple hierarchical  addresses, i.e. like fat IPv4
>> addresses.
>> 
>> The question as to whether that is the correct handling
>> of IPv6 addresses is a valid one. This thread started
>> with exactly such a question being raised, but the
>> rationale on how DNS *could* be optimized for IPV6 was
>> not spelled out.
>
>There is no IPv6 service that guarantees that the
>identifiers are actually world-wide unique. In fact, there
>is ample evidence that they often will not be. Poorly
>configured interface cards are known to have phony
>IEEE-802 addresses; privacy addresses are random numbers
>that are only statistically unique; configured addresses
>may use user assigned values. In all these cases, local
>collisions can be detected, global collisions cannot be. 
>

By "no IPv6 service" do you mean there is no active protocol
and/or entity that will detect a spoofed EUI-64 address? If
so, I agree with you. The fact that the interface ID must be
EUI-64 compliant is abundantly clear in the RFC, however.

Link-local interface IDs MUST be unique for the local
network, although the mechanism for ensuring this is not
specified.

RFC2464 is specific on the handling of emulation MAC
addresses: "A different MAC address set manually or by
software should not be used to derive the Interface
Identifier.  If such a MAC address mustbe used, its global
uniqueness property should be reflected in the value of the
U/L bit."

As for local Interface IDs. RFC2373 specifies in Appendix A:
"If there is no global interface identifier available for
use on the link the implementation needs to create a local
scope interface identifier.  The only requirement is that it
be unique on the link."

>There is also no requirement that a given multi-homed
>hosts combines the same identifier with different
>prefixes. Privacy advocates will no doubt argue that a
>multi-homed host should associate different identifiers
>with different provider prefixes, so it cannot be tracked
>by big-brother.

It can also be argued that a given link should have exactly
one Interface ID. It is specified as an attribute of the
Interface. Although obviously there would be little to
prevent someone from spoofing that. The question would be
whether it was permissiable to declare the same port on the
same NIC to be two different "NICs".

In full privacy paranoia mode, "how many ports I really have
is none of your business" is a predictable and perhaps
defendable response. However, in such a mode, the hostmaster
would not have declared these two 'totally seperate'
intrfaces to have the same name.



Lastly, I am NOT advocating any change. I merely responded
to an implication that there was no justification for
handling DNS for IPV6 differently than for IPv4. There are
differences. It was not a nonsensical question, as it was
being treated. However, there is far from enough
justification for handling IPv6 differently.