Re: multihoming, was IPv10

"John R Levine" <johnl@taugh.com> Fri, 30 December 2016 05:12 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D9DD129522 for <ietf@ietfa.amsl.com>; Thu, 29 Dec 2016 21:12:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=GfpQLLtz; dkim=pass (1536-bit key) header.d=taugh.com header.b=JE3E/vOU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-HUFYEqO0en for <ietf@ietfa.amsl.com>; Thu, 29 Dec 2016 21:12:04 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB0A51294D5 for <ietf@ietf.org>; Thu, 29 Dec 2016 21:12:03 -0800 (PST)
Received: (qmail 77676 invoked from network); 30 Dec 2016 05:12:08 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=12f6b.5865eca8.k1612; bh=bkyhs9LuUO4APGDb1jom+3DYWja2ntZ6QMZYgSqz3FY=; b=GfpQLLtz7yo49UaS/mwaRiTln+j2T4UlZQwr8labt/lAq0OXF6uItg71eIkAw/yqTrzlbtLTtbRExxOJQ3tw99CUp6oHrlsymlK0X2ycbJsqCJ15WzxbbbVCz0gJfu8V2tsk7SXtAnSwqlTRY9hscaJeX/dnIENLu7lRliQNNpxzrn5pMo2kK0JCXMgs0Tdc7W8FR0ermMpQmOX60iwGCu2OSSe/ArST6F9Xv1m8uEpZ7XU3o8vCUvFWiPPyoMY4
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=12f6b.5865eca8.k1612; bh=bkyhs9LuUO4APGDb1jom+3DYWja2ntZ6QMZYgSqz3FY=; b=JE3E/vOU0rWoiYMW7/Z43WlfkNZq+RhOTQxyQQq54mCKiqK9BVXXQhTMt7TiVnPefGs1qOFkcp6ftEmlRsJV0P2OkQlFVB8s5I9xhlE9SbPKmb3oydsyDD6cwUnaK+hH37GdZ7yfcT0Abdj4hzAhIt1h4ustFMEgzplP1nwvKfmPyndj0gYL1ji/dmxsX+ZdQVop0fn5HQRmWNQT/5wX+EWmh9EtW734P0TX0cH+1M+hCg/7SdpLDPfeRotVVsWs
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 30 Dec 2016 05:12:08 -0000
Date: 30 Dec 2016 00:12:02 -0500
Message-ID: <alpine.OSX.2.11.1612300009470.39850@ary.qy>
From: "John R Levine" <johnl@taugh.com>
To: "John C Klensin" <john-ietf@jck.com>
Subject: Re: multihoming, was IPv10
In-Reply-To: <0AF4F0A30512B3CB651C72F7@PSB>
References: <20161229162721.34651.qmail@ary.lan> <0AF4F0A30512B3CB651C72F7@PSB>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/oVFtXSaADqAqZcuLReqsbCWqTNs>
Cc: IETF general list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Dec 2016 05:12:05 -0000

> I said and meant "traditional type of
> multihoming" and, more important in the previous sentence, "many
> hosts and sites that are multihomed in the traditional sense of
> advertising one set of endpoint addresses to the network and
> letting the routing system sort things out".   That is, very
> specifically, one address per host, advertised to multiple ISPs/
> networks/ paths and not "a chunk of PA IPv4 addresses from each
> upstream".

But it's the same thing -- the customer numbers some of their network with 
PA addresses from one provider and part of it with PA addresses from the 
other.  Then the customer sends out traffic from both address blocks to 
both interfaces, and the upstreams can't tell whether an unknown address 
is a legit one from another provider or a malicious spoof.

I'm pretty sure this is right, having talked to ISPs about it in the 
context of why BCP38 is harder than you'd think.

R's,
John