RE: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...))
John C Klensin <john-ietf@jck.com> Sat, 29 March 2003 01:26 UTC
Received: from ran.ietf.org (ran.ietf.org [10.27.6.60]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA27642; Fri, 28 Mar 2003 20:26:55 -0500 (EST)
Received: from majordomo by ran.ietf.org with local (Exim 4.10) id 18z5Gu-0008PN-00 for ietf-list@ran.ietf.org; Fri, 28 Mar 2003 20:36:36 -0500
Received: from odin.ietf.org ([10.27.2.28] helo=ietf.org) by ran.ietf.org with esmtp (Exim 4.10) id 18z5GN-0008O4-00 for ietf@ran.ietf.org; Fri, 28 Mar 2003 20:36:03 -0500
Received: from bs.jck.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA27540 for <ietf@ietf.org>; Fri, 28 Mar 2003 20:20:20 -0500 (EST)
Received: from [209.187.148.215] (helo=p3.JCK.COM) by bs.jck.com with esmtp (Exim 4.10) id 18z53O-000LNX-00; Fri, 28 Mar 2003 20:22:38 -0500
Date: Fri, 28 Mar 2003 20:22:37 -0500
From: John C Klensin <john-ietf@jck.com>
To: "alh-ietf@tndh.net" <alh-ietf@tndh.net>
cc: "ietf@ietf.org" <ietf@ietf.org>
Subject: RE: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...))
Message-ID: <4949597.1048882957@p3.JCK.COM>
In-Reply-To: <068701c2f584$d1933950$ee1a4104@eagleswings>
References: <068701c2f584$d1933950$ee1a4104@eagleswings>
X-Mailer: Mulberry/3.0.3 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Sender: owner-ietf@ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit
--On Friday, 28 March, 2003 15:50 -0800 Tony Hain <alh-ietf@tndh.net> wrote: > John C Klensin wrote: >> (ii) ISPs impose restrictions on their customers all the time >> and often even enforce them. Many of us consider some of >> these to be desirable (e.g., terms and conditions >> prohibiting spamming) and others less so (e.g., prohibitions >> against running server or peer-peer protocols over a cable >> network or address restrictions that force >> reasonably-architected LANs into NAT arrangements) but the >> conditions clearly exist. > > Note I said: >>> It is absolutely unreasonable for an ISP to tell their >>> customer anything about running their network that is not >>> directely related to the customer/provider interface. As >>> long as the enterprise traffic over that interface is >>> related to the capabilities they are paying for, it is none >>> of the ISPs (or IETFs) business what they are doing >>> elsewhere. > > The ISPs do set terms for the customer/provider interface all > the time, and rightly so. They can not restrict me from > setting up an 802.11 link to my neighbor, only that my > neighbor is not allowed to use that for access to the > provider's network. In a similar vein, the provider is not in > a position to tell customers what address space they can use > for purposes that do not interact with the provider interface. > They can try, and in a monopoly environment will probably > succeed. That does not mean we can tell ISPs to require that > people not use any given address space just because the > provider is supplying another one. I'm interested in your "not in a position" comment. Whether it is reasonable or not, ISPs include such restrictions in terms and conditions of service all of the time. I have seen agreements that prohibit connecting more than one computer to an ISP-provided line, agreements that explicitly ban customer-side NAT boxes and restrict use to no more than one computer per ISP-provided address, and prohibit connecting their interfaces to anything resembling a LAN or to a machine that can gateway into a LAN. I've also seen agreements that prohibit any use of tunnels into external mail servers or corporate LANs, presumably to get the customer to buy a higher-priced "commercial" service if anything other than home-type web browsing and associated email is to be done with the link. Now some (or most) of these restrictions impress me, and probably you, as unreasonable. We might choose to apply the "see if they can find out that I'm doing it" test to the restrictions and ignore them or, at the other extreme, apply the "don't sign anything on the assumption that the other party won't be able or inclined to enforce it" principle. We, or more specifically, the upstream ISP or an RIR, can tell the ISP that things will go badly for them if they permit unroutable addresses to leak into the public Internet. The only difference I can see between what I think is your SL address preference and my "unique, but unroutable" one is that you would bind that advice/threat to a particular prefix while I would bind it to other indicators of "unroutable address". The reserved prefix approach is less likely to get mucked up by a clueless ISP, but I am unconvinced that we should make special architectural provisions to make it easier to be in the ISP business while being clueless. >> I also note that site local addresses open up a whole series >> of questions about "locality" and scope-range. Perhaps we >> also need "ISP-local" addresses (routing into one ISP's >> space, or part of it, but not to that ISP's peers or transit >> customers) and so on. The one thing that can be guaranteed >> about that sort of arrangement is an extension of the "pay >> enough and someone will route it" model will apply: If some >> ISP sees a potential competitive advantage in offering such >> a product (and addresses), the product will follow soon >> thereafter. And, again, I think that this suggests that we >> had better figures out how to deal with these things on a >> policy basis, not a protocol-imbedded special address scope >> one. We are almost certain to have the policy problem >> anyway and it is not clear that special cases for peculiar >> address scopes will buy us that much in addition. > > Address filtering exists in the network today, and will > continue. Since that is done as an expression of local > policies, you are correct the whole discussion is really about > policy. It is not clear to me what the IETF is in a position > to do, other than define the operation of a multifacited DNS. > ;) And, since I have seen split-horizon DNS implementations fail more often than not, I'm not sure I see a cure there either. Regards, john
- RE: site local addresses (was Re: Fw: Welcome to … Michel Py
- Re: site local addresses (was Re: Fw: Welcome to … Ted Hardie
- Re: site local addresses (was Re: Fw: Welcome to … David Conrad
- Re: site local addresses (was Re: Fw: Welcome to … Ted Hardie
- Re: site local addresses (was Re: Fw: Welcome to … David Conrad
- Re: site local addresses (was Re: Fw: Welcome to … Ted Hardie
- Re: site local addresses (was Re: Fw: Welcome to … Andrew Newton
- Re: site local addresses (was Re: Fw: Welcome to … Daniel Senie
- RE: site local addresses (was Re: Fw: Welcome to … Christian Huitema
- Re: site local addresses (was Re: Fw: Welcome to … Stephen Sprunk
- Re: site local addresses (was Re: Fw: Welcome to … Harald Tveit Alvestrand
- RE: site local addresses (was Re: Fw: Welcome to … Jeroen Massar
- Re: site local addresses (was Re: Fw: Welcome to … Keith Moore
- Re: site local addresses (was Re: Fw: Welcome to … Matt Crawford
- "...handwaving arguments that "something bad migh… Jim Fleming
- RE: site local addresses (was Re: Fw: Welcome to … Christian Huitema
- Re: site local addresses (was Re: Fw: Welcome to … J. Noel Chiappa
- Re: site local addresses (was Re: Fw: Welcome to … Margaret Wasserman
- Re: site local addresses (was Re: Fw: Welcome to … Keith Moore
- Re: site local addresses (was Re: Fw: Welcome to … Charles E. Perkins
- RE: site local addresses (was Re: Fw: Welcome to … Tony Hain
- Re: site local addresses (was Re: Fw: Welcome to … Keith Moore
- Re: site local addresses (was Re: Fw: Welcome to … Tim Chown
- RE: site local addresses (was Re: Fw: Welcome to … Margaret Wasserman
- RE: site local addresses (was Re: Fw: Welcome to … Tony Hain
- RE: site local addresses (was Re: Fw: Welcome to … Margaret Wasserman
- RE: site local addresses (was Re: Fw: Welcome to … Christian Huitema
- Re: site local addresses (was Re: Fw: Welcome to … Keith Moore
- Re: site local addresses (was Re: Fw: Welcome to … Keith Moore
- RE: site local addresses (was Re: Fw: Welcome to … Michel Py
- Re: site local addresses (was Re: Fw: Welcome to … Eliot Lear
- RE: site local addresses (was Re: Fw: Welcome to … Michel Py
- Re: site local addresses (was Re: Fw: Welcome to … Tim Chown
- Re: site local addresses (was Re: Fw: Welcome to … Matt Crawford
- Re: site local addresses (was Re: Fw: Welcome to … Matt Crawford
- Doing "real" work Charles E. Perkins
- RE: Thinking differently about the site local pro… Tony Hain
- RE: site local addresses (was Re: Fw: Welcome to … Tony Hain
- RE: Thinking differently about the site local pro… David R. Oran
- Re: Thinking differently about the site local pro… Valdis.Kletnieks
- Re: Thinking differently about the site local pro… Keith Moore
- Re: site local addresses (was Re: Fw: Welcome to … Kurt Erik Lindqvist
- Re: site local addresses Ole Troan
- Re: Thinking differently about the site local pro… John C Klensin
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… Bill Manning
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Bill Manning
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Tony Hain
- RE: Thinking differently about the site local pro… John C Klensin
- RE: Thinking differently about the site local pro… Tony Hain
- Re: site local addresses (was Re: Fw: Welcome to … Tim Chown
- Re: site local addresses (was Re: Fw: Welcome to … Kurt Erik Lindqvist
- Thinking differently about the site local problem… John C Klensin
- Re: Thinking differently about the site local pro… Margaret Wasserman
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Bill Manning
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… John Stracke
- Re: Thinking differently about the site local pro… John C Klensin
- Re: Thinking differently Bill Manning
- Re: Thinking differently Jaap Akkerhuis
- Re: Thinking differently Bill Manning
- Re: Thinking differently Randy Bush
- Re: Thinking differently about the site local pro… Eric A. Hall
- Evolution in action (Re: Thinking differently) Harald Tveit Alvestrand
- Re: Evolution in action (Re: Thinking differently) Pekka Savola
- Re: Evolution in action (Re: Thinking differently) John C Klensin