Re: site local addresses (was Re: Fw: Welcome to the InterNAT...)
Keith Moore <moore@cs.utk.edu> Thu, 27 March 2003 23:47 UTC
Received: from ran.ietf.org (ran.ietf.org [10.27.6.60]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA26385; Thu, 27 Mar 2003 18:47:00 -0500 (EST)
Received: from majordomo by ran.ietf.org with local (Exim 4.10) id 18yhHU-00085g-00 for ietf-list@ran.ietf.org; Thu, 27 Mar 2003 18:59:36 -0500
Received: from odin.ietf.org ([10.27.2.28] helo=ietf.org) by ran.ietf.org with esmtp (Exim 4.10) id 18yhHE-00083I-00 for ietf@ran.ietf.org; Thu, 27 Mar 2003 18:59:20 -0500
Received: from astro.cs.utk.edu (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA26317 for <ietf@ietf.org>; Thu, 27 Mar 2003 18:43:53 -0500 (EST)
Received: from astro.cs.utk.edu (localhost [127.0.0.1]) by astro.cs.utk.edu (cf 8.9.3) with SMTP id h2RNkAA19350; Thu, 27 Mar 2003 18:46:10 -0500 (EST)
Date: Thu, 27 Mar 2003 18:46:10 -0500
From: Keith Moore <moore@cs.utk.edu>
To: alh-ietf@tndh.net
Cc: moore@cs.utk.edu, mrw@windriver.com, ietf@ietf.org
Subject: Re: site local addresses (was Re: Fw: Welcome to the InterNAT...)
Message-Id: <20030327184610.1a0fbc3b.moore@cs.utk.edu>
In-Reply-To: <056d01c2f4a4$5a825520$ee1a4104@eagleswings>
References: <5.1.0.14.2.20030327115557.03596490@mail.windriver.com> <056d01c2f4a4$5a825520$ee1a4104@eagleswings>
X-Mailer: Sylpheed version 0.8.9 (GTK+ 1.2.10; i386--netbsdelf)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: owner-ietf@ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit
> You are mixing cause and effect. In IPv4 the vast majority of nodes > are limited to a single address at a time. Well, I don't know about windows boxes, but real operating systems have supported virtual hosting in IPv4 for many years. Having multiple addresses on a node, even a node with a single network interface, is nothing new. > Network managers that want some of their nodes in private space find > it simpler to also put the nodes with public access in the same space > rather than deploy multiple subnets to each office and route between > them. There are easier ways to solve the problem than having multiple subnets, that doesn't require use of SL. Any bit in the address can be used for filtering, it doesn't have to be in the subnet mask. > > During the IPV6 meeting in SF, we did discuss several options > > for limiting the use of site-local addressing, but all of > > those options had some sorts of problems associated with them. > > So rather than address any problems, the needs of the (mostly absent) > network managers were simply dismissed as irrelevant. Nope. The problems couldn't be solved. The group responsibly decided to fix the architecture by deprecating site locals and to solve the network managers' problems in other ways, because the solutions to the network managers' problems without SLs are simpler than the solutions to everyone's problems with SLs. (especially because the latter do not exist) > Site-local is nothing more than a well-known prefix for filtering. No, it's more than that. SLs impose burdens on hosts and apps. SLs break the separation of function between apps and the network that is inherent in the end-to-end principle. > > (2) RFC 1918 addresses are most commonly used behind NATs. In > > this case, there is a middle box that performs translation of > > those addresses into global addresses at the site boundary, > > both in IP headers and at the application layer (through > > ALGs). In IPv6, we hope to avoid NAT. Site-local addresses > > were expected to be used on globally connected networks > > without any translation. > > Why do you continue to equate SL with NAT? Why do you continue to accuse people of equating SL with NAT even when they carefully explain just how they are similar and how they are different? > It doesn't require address selection rules or ALG's. The only way an > application should receive a AAAA record with a SL is if it is in the > same address zone as the target. Standardizing split DNS is both insufficient and unacceptable. > What we should not do is stick our heads in the sand and believe that > simply because we don't want to have limited scope addresses they will > magically disappear. What we should not do is stick our heads in the sand and believe that simply because some sites will have limited scope addresses that it's okay to burden hosts, DNS, routing, and large numbers of applications with having to deal with them. > Rather than force people to create a bunch of > ad-hoc solutions to the problem, we should in fact provide an > architected approach that creates a level of consistency (actually we > have, but some want to see it deprecated). Actually we are working toward an architecture that provides a level of consistency. But this requires that we deprecate SL. > > Exactly. There are many of these applications defined within > > the IETF, by other standards bodies, and/or developed by > > private enterprises. In fact, the applications area folks > > assure me that there are more of these types of applications > > deployed than there are simple client- server applications > > (that was news to me). IETF applications that fall into this > > category include FTP, SIP and (in some uses) HTTP. > > And they will continue to fail when the network administrator puts in > routing filters, only nobody will be able to figure it out because we > removed the hint of a well-known prefix. No, it will be easy to figure out, because it will be clear that the network administrator is to blame, unlike the current situation with where the app vendor is blamed for the problems caused by the NAT. This moves the problem to a place where it's more easily fixed. This is a huge improvement. > > Maybe... There has been a great deal of reticence from > > application developers to rely on DNS look-ups for this type > > of referral, and it is not all based on DNS reliability. > > There are many, many nodes that either do not have a DNS > > entry or do not know their own DNS name, and many > > applications need to work on those nodes. > > Rather than fix the problem, shoot the feature that exposes it ... Rather than fix the problem, force another broken layer on every app. It won't solve anything but it will provide another layer of delay, complexity, and unreliability. The network will be even less functional than it is today, but at least we'll have something to blame it on. > The borders exist. Either we create a tool that allows people to > easily manage which nodes are on which side, or we invite chaos. The tools will be created. But the borders don't have to be, and shouldn't be, wired into the address. We need more flexible mechanisms than that. And there needs to be a clear limit to apps' responsibilities to deal with those borders when they are imposed. Keith
- Fw: Welcome to the InterNAT... Jim Fleming
- Re: Fw: Welcome to the InterNAT... Peter O'Neil
- Re: Fw: Welcome to the InterNAT... Jim Fleming
- Re: Fw: Welcome to the InterNAT... Lloyd Wood
- RE: Fw: Welcome to the InterNAT... Tony Hain
- Re: Fw: Welcome to the InterNAT... Keith Moore
- RE: Fw: Welcome to the InterNAT... Tony Hain
- Re: Fw: Welcome to the InterNAT... Eliot Lear
- RE: Fw: Welcome to the InterNAT... Jeroen Massar
- site local addresses (was Re: Fw: Welcome to the … Ted Hardie
- RE: Fw: Welcome to the InterNAT... Jeroen Massar
- RE: site local addresses (was Re: Fw: Welcome to … Tony Hain
- RE: site local addresses (was Re: Fw: Welcome to … Michael Mealling
- RE: Fw: Welcome to the InterNAT... Fred Baker
- RE: Fw: Welcome to the InterNAT... Michel Py
- RE: site local addresses (was Re: Fw: Welcome to … Paul Hoffman / VPNC
- RE: Fw: Welcome to the InterNAT... Jeroen Massar
- RE: Fw: Welcome to the InterNAT... Margaret Wasserman
- RE: Fw: Welcome to the InterNAT... Michel Py
- RE: site local addresses (was Re: Fw: Welcome to … Tony Hain
- Re: site local addresses (was Re: Fw: Welcome to … Ted Hardie
- RE: Fw: Welcome to the InterNAT... Tony Hain
- Re: Fw: Welcome to the InterNAT... Eliot Lear
- RE: site local addresses (was Re: Fw: Welcome to … John C Klensin
- RE: Fw: Welcome to the InterNAT... Tony Hain
- RE: Fw: Welcome to the InterNAT... Fred Baker
- Re: Fw: Welcome to the InterNAT... Tim Chown
- Re: Fw: Welcome to the InterNAT... Eliot Lear
- RE: site local addresses (was Re: Fw: Welcome to … Tony Hain
- Re: Fw: Welcome to the InterNAT... Stephen Sprunk
- Re: site local addresses (was Re: Fw: Welcome to … Andrew Newton
- Re: Fw: Welcome to the InterNAT... Måns Nilsson
- RE: Fw: Welcome to the InterNAT... Michel Py
- Re: Fw: Welcome to the InterNAT... Keith Moore
- Re: site local addresses (was Re: Fw: Welcome to … Keith Moore
- Re: site local addresses (was Re: Fw: Welcome to … Keith Moore
- Re: site local addresses (was Re: Fw: Welcome to … Keith Moore
- Re: site local addresses (was Re: Fw: Welcome to … Keith Moore
- Re: Fw: Welcome to the InterNAT... Pekka Savola
- Re: Fw: Welcome to the InterNAT... Måns Nilsson
- RE: Fw: Welcome to the InterNAT... Tony Hain
- Re: site local addresses (was Re: Fw: Welcome to … Louis A. Mamakos
- RE: Fw: Welcome to the InterNAT... Tony Hain
- RE: Fw: Welcome to the InterNAT... Pekka Savola
- RE: Fw: Welcome to the InterNAT... Tony Hain
- RE: Fw: Welcome to the InterNAT... Richard Carlson
- Re: Fw: Welcome to the InterNAT... Valdis.Kletnieks
- RE: Fw: Welcome to the InterNAT... shogunx
- Re: site local addresses (was Re: Fw: Welcome to … Lloyd Wood
- RE: Fw: Welcome to the InterNAT... Pekka Savola
- RE: site local addresses (was Re: Fw: Welcome to … Margaret Wasserman
- RE: site local addresses (was Re: Fw: Welcome to … Tony Hain
- Re: site local addresses (was Re: Fw: Welcome to … Keith Moore
- Re: Fw: Welcome to the InterNAT... Keith Moore
- Re: site local addresses (was Re: Fw: Welcome to … Keith Moore
- Re: site local addresses (was Re: Fw: Welcome to … John Stracke
- Re: Fw: Welcome to the InterNAT... Keith Moore
- Re: site local addresses (was Re: Fw: Welcome to … John Kristoff
- Re: Fw: Welcome to the InterNAT... Richard Carlson
- Re: site local addresses (was Re: Fw: Welcome to … Keith Moore
- Re: site local addresses (was Re: Fw: Welcome to … Keith Moore
- Re: site local addresses (was Re: Fw: Welcome to … Spencer Dawkins
- Re: site local addresses (was Re: Fw: Welcome to … Kurt Erik Lindqvist
- Re: site local addresses Simon Leinen
- Re: site local addresses (was Re: Fw: Welcome to … John Stracke
- Re: Fw: Welcome to the InterNAT... Lloyd Wood
- Re: Fw: Welcome to the InterNAT... Paul Vixie