RE: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...))
"Michel Py" <michel@arneill-py.sacramento.ca.us> Sat, 29 March 2003 02:10 UTC
Received: from ran.ietf.org (ran.ietf.org [10.27.6.60]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA28782; Fri, 28 Mar 2003 21:10:17 -0500 (EST)
Received: from majordomo by ran.ietf.org with local (Exim 4.10) id 18z60i-0001pU-00 for ietf-list@ran.ietf.org; Fri, 28 Mar 2003 21:23:56 -0500
Received: from odin.ietf.org ([10.27.2.28] helo=ietf.org) by ran.ietf.org with esmtp (Exim 4.10) id 18z5zP-0001na-00 for ietf@ran.ietf.org; Fri, 28 Mar 2003 21:22:35 -0500
Received: from SERVER2000.arneill-py.sacramento.ca.us (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA28754 for <ietf@ietf.org>; Fri, 28 Mar 2003 21:06:51 -0500 (EST)
Content-class: urn:content-classes:message
Subject: RE: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...))
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 28 Mar 2003 18:09:13 -0800
Message-ID: <963621801C6D3E4A9CF454A1972AE8F54D3B@server2000.arneill-py.sacramento.ca.us>
X-MimeOLE: Produced By Microsoft Exchange V6.5.6803.0
Thread-Topic: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...))
Thread-Index: AcL1krTFlg4pgAoLQeSL4T5Bzmsq2AAAIpeQ
From: Michel Py <michel@arneill-py.sacramento.ca.us>
To: John C Klensin <john-ietf@jck.com>, Tony Hain <alh-ietf@tndh.net>
Cc: ietf@ietf.org
Sender: owner-ietf@ietf.org
Precedence: bulk
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id VAA28782
John, > John C Klensin wrote: > We, or more specifically, the upstream ISP or an RIR, can > tell the ISP that things will go badly for them if they > permit un-routable addresses to leak into the public > Internet. The only difference I can see between what I > think is your SL address preference and my "unique, but > un-routable" one is that you would bind that advice/threat > to a particular prefix while I would bind it to other > indicators of "un-routable address". The reserved prefix > approach is less likely to get mucked up by a clueless > ISP, but I am unconvinced that we should make special > architectural provisions to make it easier to be in the > ISP business while being clueless. I also think that policy alone can not enforce un-routability of addresses. The only way to make sure that addresses are not routable on the public Internet is to suppress the demand for routing them. Example that works: RFC1918. Although we occasionally see these on the public Internet, it's due to misconfiguration. No customer is going to see their upstream and offer them money to leak or route RFC1918 addresses, because it achieves nothing (because RFC1918 addresses are ambiguous). No demand, no routing. Example that would not work: Allocate a block of regular addresses (let's say, 2003::/16) to the purpose of globally unique non-routable addresses. Whether you bind the advice/threat to that prefix to other indicators of "un-routable address" you will create the demand from end-sites to go to their providers and indeed ask them to route them to be used as PI, with the result of routing table bloat. What is required in order to get globally unique non-routable are three things: - Policy (the advice/threat). - Some normative language mandating implementations (vs. policy) to disallow the practice (default blackholing). - Some kind of architectural limitation such as site-local. The combination of all three is required. The policy alone is not enough because some ISPs will take the customer's money at the risk of being labeled as bad boys. The normative language alone is not enough as we have no way to force implementers to code it. The architectural limitation alone is not enough as one will likely come up with a dirty hack to route SLs globally if need be. Any combination of two would not be a powerful enough deterrent either. In other words: the only way to guarantee the non-routability of globally unique private addresses is to put so many hurdles on the way that it won't happen. To this effect, the proposed deprecation of site-locals is a serious blow as it suppresses the architectural limitation and therefore creates demand for sites to pay their ISPs to "forget" to filter their prefixes and transform a non-routable globally unique prefix into a de-facto routable globally unique prefix also called PI. Michel.
- RE: Thinking differently about the site local pro… Michel Py
- RE: Thinking differently about the site local pro… Christian Huitema
- Re: Thinking differently about the site local pro… Keith Moore
- RE: Thinking differently about the site local pro… Margaret Wasserman
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Vernon Schryver
- RE: Thinking differently about the site local pro… Tony Hain
- Re: Thinking differently about the site local pro… Eliot Lear
- Re: Thinking differently about the site local pro… Valdis.Kletnieks
- Thinking differently about names and addresses Dave Crocker
- Re: Thinking differently about the site local pro… Måns Nilsson
- Re: Thinking differently about the site local pro… Stephen Sprunk
- RE: Thinking differently about the site local pro… Margaret Wasserman
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Keith Moore
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… Matt Crawford
- Re: Thinking differently about the site local pro… Matt Crawford
- RE: Thinking differently about the site local pro… Michel Py
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Valdis.Kletnieks
- Re: Thinking differently about the site local pro… Matt Crawford
- RE: Thinking differently about the site local pro… John C Klensin
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Keith Moore
- RE: Thinking differently about the site local pro… Tony Hain
- Re: Thinking differently about the site local pro… Valdis.Kletnieks
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… S Woodside
- RE: Thinking differently about the site local pro… Michel Py
- RE: Thinking differently about names and addresses Tony Hain
- Re: Thinking differently about names and addresses Dave Crocker
- site locals are bankrupt Keith Moore
- Re: Thinking differently about names and addresses John C Klensin
- Re: Thinking differently about names and addresses Harald Tveit Alvestrand
- Re: Thinking differently about the site local pro… John Stracke
- RE: Thinking differently about names and addresses Tony Hain
- Re: Thinking differently about the site local pro… John Stracke
- Re: Thinking differently about the site local pro… J. Noel Chiappa
- Re: Thinking differently about the site local pro… J. Noel Chiappa
- Re: Thinking differently about names and addresses Keith Moore
- Re: Thinking differently about names and addresses Dave Crocker
- Re: Thinking differently about names and addresses Dave Crocker
- Re: Thinking differently about the site local pro… Keith Moore
- RE: Thinking differently about names and addresses Tony Hain
- Re: Thinking differently about names and addresses Keith Moore
- Re: Thinking differently about the site local pro… Bill Manning
- Re: Thinking differently about the site local pro… Michael Richardson
- Re: Thinking differently about the site local pro… Pekka Savola
- Re: Thinking differently about the site local pro… Harald Tveit Alvestrand
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Spencer Dawkins
- Re: Thinking differently about the site local pro… Keith Moore
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… Bill Manning
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Keith Moore
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… John C Klensin
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Randy Bush
- RE: Thinking differently about the site local pro… Tony Hain
- RE: Thinking differently about the site local pro… Daniel Senie
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Tony Hain
- Re: Thinking differently about the site local pro… John Stracke
- Re: Thinking differently about the site local pro… Keith Moore
- RE: Thinking differently about the site local pro… Brian Zill
- Re: Thinking differently about the site local pro… Fredrik Nyman
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Margaret Wasserman
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… John Stracke
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… John Stracke
- v6 support (was Re: Thinking differently about th… Keith Moore
- Re: v6 support (was Re: Thinking differently abou… Steven M. Bellovin
- Re: v6 support (was Re: Thinking differently abou… Eric Rosen