IETF Logo Mail Archive

Re: [Int-area] Some thoughts on draft-yong-intarea-inter-sites-over-tunnels

"Templin, Fred L" <Fred.L.Templin@boeing.com> Tue, 06 December 2016 20:46 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 571FC1299C8 for <int-area@ietfa.amsl.com>; Tue, 6 Dec 2016 12:46:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pLLVFgpaosmb for <int-area@ietfa.amsl.com>; Tue, 6 Dec 2016 12:45:58 -0800 (PST)
Received: from phx-mbsout-02.mbs.boeing.net (phx-mbsout-02.mbs.boeing.net [130.76.184.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79206129C3C for <int-area@ietf.org>; Tue, 6 Dec 2016 12:45:58 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id uB6KjvqO041842; Tue, 6 Dec 2016 13:45:57 -0700
Received: from XCH15-06-09.nw.nos.boeing.com (xch15-06-09.nw.nos.boeing.com [137.136.239.172]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id uB6Kjpst041710 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Tue, 6 Dec 2016 13:45:52 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (2002:8988:eede::8988:eede) by XCH15-06-09.nw.nos.boeing.com (2002:8988:efac::8988:efac) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Tue, 6 Dec 2016 12:45:51 -0800
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1178.000; Tue, 6 Dec 2016 12:45:50 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Joe Touch <touch@isi.edu>, Lucy yong <lucy.yong@huawei.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>, "int-area@ietf.org" <int-area@ietf.org>
Thread-Topic: [Int-area] Some thoughts on draft-yong-intarea-inter-sites-over-tunnels
Thread-Index: AQHSSfUTLZDjgwj4v06xdSRLJ7spf6DwdPtAgAFWbFCAAJuxAP//gxPAgACJCwD//3tEwIAAjWUA//+BhHAAFPoOgAAP0p/A//+omgD//4m84IABfSIAgACA9qD//51zgIAAhBJQ//+I0oAAEIbo0AAPI8IAAC4ZozAAgC5ygAAP6STgAA0LaIAAA1bQkAAMNEeAABCsZzAAD499gAAvpk1QAE3mNQAAqxMmAA==
Date: Tue, 06 Dec 2016 20:45:50 +0000
Message-ID: <19fdababf617416ba19755fce7e2fcb7@XCH15-06-08.nw.nos.boeing.com>
References: <2a8ef418-91dc-b0c5-1384-203b4fde3830@gmail.com> <b82247d0-5221-ad60-3c4f-6e3287ef1fa9@isi.edu> <f54cd95a4f974ca189e2b3fb24864b97@XCH15-06-08.nw.nos.boeing.com> <a3f0ade1-2145-ee28-31cf-d5a4878b507c@isi.edu> <1707aa63f4e4424e85a8933a79b43dfe@XCH15-06-08.nw.nos.boeing.com> <982c4212-34cb-21f1-c8a8-a23df18d5c30@isi.edu> <1ced07df7e8c453f8c0821363bc5604e@XCH15-06-08.nw.nos.boeing.com> <137debc3-eb11-5c13-884e-d8f6598e8ec9@isi.edu> <30ad1018463746b3b7ef5d864abc9ff3@XCH15-06-08.nw.nos.boeing.com> <e23fc6bd-c95d-9d38-74e1-c040bffe653f@isi.edu> <25503919e279426eb5fd827acf14d9c4@XCH15-06-08.nw.nos.boeing.com> <ceaf3563-ec86-8fe0-f67d-f50e9b9586ae@isi.edu> <05616d07ab3f420a8c0bd5556837d788@XCH15-06-08.nw.nos.boeing.com> <de82e183-f6dd-b872-eb21-981d57218a81@isi.edu> <a5713afee0f84c008e080f730350ed93@XCH15-06-08.nw.nos.boeing.com> <f69d6b1f-19fa-cb8d-f319-a18f7130bee6@isi.edu> <d9da3c70fcba42ddb6c7a60d8e80b6b4@XCH15-06-08.nw.nos.boeing.com> <622a5176-2b39-f08d-d31c-67aa076d52d6@isi.edu>
In-Reply-To: <622a5176-2b39-f08d-d31c-67aa076d52d6@isi.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/0A6PY83Bu-FXxrPmAGRyjqLqovE>
Subject: Re: [Int-area] Some thoughts on draft-yong-intarea-inter-sites-over-tunnels
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Dec 2016 20:46:00 -0000

Hi Joe,

> -----Original Message-----
> From: Joe Touch [mailto:touch@isi.edu]
> Sent: Tuesday, December 06, 2016 11:36 AM
> To: Templin, Fred L <Fred.L.Templin@boeing.com>; Lucy yong <lucy.yong@huawei.com>; Brian E Carpenter
> <brian.e.carpenter@gmail.com>; int-area@ietf.org
> Subject: Re: [Int-area] Some thoughts on draft-yong-intarea-inter-sites-over-tunnels
> 
> 
> 
> On 12/6/2016 11:31 AM, Templin, Fred L wrote:
> > Hi Joe,
> >
> >> -----Original Message-----
> >> From: Joe Touch [mailto:touch@isi.edu]
> >> Sent: Tuesday, December 06, 2016 11:11 AM
> >> To: Templin, Fred L <Fred.L.Templin@boeing.com>; Lucy yong <lucy.yong@huawei.com>; Brian E Carpenter
> >> <brian.e.carpenter@gmail.com>; int-area@ietf.org
> >> Subject: Re: [Int-area] Some thoughts on draft-yong-intarea-inter-sites-over-tunnels
> >>
> >> Fred,
> >>
> >> First, we are violently agreeing that subnet redirect works only where
> >> source addresses cannot be spoofed. The problem is that this is not the
> >> typical case, so it's not a generic solution IMO.
> > The same can be said about ordinary host-based Redirect (only works where
> > the source address cannot be spoofed). The only difference is the attack
> > surface is larger for subnet redirection which is why RFC6706 does the
> > due diligence of supporting data origin authentication.
> Because the attack surface is larger is the reason it's an issue.

It's not an "issue" because a mitigation is provided. The mitigation is needed
only on links that may be subject to insider attacks - the same can be said
about standard host Redirects.

> > AERO uses the NBMA tunnel virtual link model meaning that IPv6 ND works
> > the same as for an NBMA physical link. The model supports traffic engineering,
> > multi-homing, route optimization, fault tolerance, mobility management and
> > security. Do you have a solution for these that does not require new code?
> 
> I already mentioned it - existing IP forwarding with virtual L2
> interfaces. The existing IP forwarding supports TE, multihoming, route
> optimization, etc - all without any new code.

I am talking about traffic engineering in terms of selecting one or more underlying
interfaces in the both the outbond and inbound directions. Take for example a
hypothetical cellphone that keeps both the 4G and WiFi links active at the same
time. TE should be able to steer some messages out the 4G interface and others
out the WiFi interface - say, texts over 4G and http over WiFi. In the inbound
direction,  I am talking about allowing the node to tell the network how to deliver
its inbound traffic. It is also possible to have asymmetry where outbound packets
going out over interface A and inbound packets coming in over interface B. And
then, I am also talking about the possibility of packet replication with duplicate
copies sent out one over the WiFi and the other over the 4G.

I am talking about multihoming in terms of having the singular tunnel virtual
interface configured over multiple underlying physical or virtual interfaces.
You can employ traffic engineering over the underlying interfaces as I
mentioned above, and you can change over from interface A to interface
B if interface A goes down.

I am talking about route optimization in terms of eliminating extraneous
doglegs from the path so that packets going from A->B->C can travel
directly from A->C instead.

And, I am talking about mobility and mobile networks in a way that is better than
Mobile IP. You didn't mention that in your list perhaps because you know that
mobility requires extra code. In AERO, a mobility event is what happens when
the IP address of an underlying interface changes. And, the AERO node simply
informs its neighbors of the L2 address change by sending IPv6 ND unsolicited
Neighbor Advertisements the same as for any link.

I am not talking about anything different than IPv6 ND and DHCPv6 messaging
over an ordinary IP link because those are the only mechanisms that are used.

Thanks - Fred
fred.l.templin@boeing.com

> Joe

v2.23.0 | Report a Bug | By Email