IETF Logo Mail Archive

Re: [Int-area] e2e Address transparency - PI site routing - Multi-CPE multihoming

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 12 January 2011 21:22 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: int-area@core3.amsl.com
Delivered-To: int-area@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 35EE23A67AA for <int-area@core3.amsl.com>; Wed, 12 Jan 2011 13:22:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.283
X-Spam-Level:
X-Spam-Status: No, score=-103.283 tagged_above=-999 required=5 tests=[AWL=0.016, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ErJT7PFO6i7y for <int-area@core3.amsl.com>; Wed, 12 Jan 2011 13:22:03 -0800 (PST)
Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com [209.85.161.44]) by core3.amsl.com (Postfix) with ESMTP id 612063A6774 for <int-area@ietf.org>; Wed, 12 Jan 2011 13:22:03 -0800 (PST)
Received: by fxm9 with SMTP id 9so1078682fxm.31 for <int-area@ietf.org>; Wed, 12 Jan 2011 13:24:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:organization:user-agent :mime-version:to:cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=GWz46clnIm7x9ZYnH8emG7ngrclEbBGOOHLXOfC7W2w=; b=UJTaW/jlzt5SR5y8WX+RtLmqKISl52vT9FR9xMpktEHXRjMJ+RIL8HX0x7qz0dGVmH 5ZEEWfUUalQA9ULmKgRFLkcrw5cWVr9qg+XRompLPrMV8MgUhh/SQSUwa2FnnLri5Szn B5X9KbeCK3oMkt6LjMsghtBjufO39FvpkHDp8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=lfFZ1Xlx8ZcMhoVDQ+ysTTvsVc7fbjXVnlGOfPFb7UgVSYFQJv+lHSb3dSBJFtbQom W+AG4hxWMpO8ziJ0QY3eLC6EVrCB+dLwad4SJdB3rDsTrAVIJ9T2Y79hNjJZgxHlev3S hHsnqwDJJRRm6UQM6+pADtTEYWiHpNYsttjW8=
Received: by 10.223.110.77 with SMTP id m13mr1509714fap.86.1294867463378; Wed, 12 Jan 2011 13:24:23 -0800 (PST)
Received: from [130.216.38.124] (stf-brian.sfac.auckland.ac.nz [130.216.38.124]) by mx.google.com with ESMTPS id 21sm406992fav.17.2011.01.12.13.24.18 (version=SSLv3 cipher=RC4-MD5); Wed, 12 Jan 2011 13:24:21 -0800 (PST)
Message-ID: <4D2E1BE9.6010000@gmail.com>
Date: Thu, 13 Jan 2011 10:23:53 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Rémi Després <remi.despres@free.fr>
References: <4D2B3928.8050508@gont.com.ar> <20110111071329.109df03f@opy.nosense.org> <4D2B711F.9000705@gont.com.ar> <20110110.224735.41641090.sthaug@nethelp.no> <A01D82C4-9800-4C9B-94D5-24E5D6C1D6FB@free.fr> <4D2CBDFE.30902@gmail.com> <2342BA4A-F973-46AF-82C8-4E1C20CA8692@free.fr> <00b301cbb246$cda664c0$68f32e40$@it.uc3m.es> <48F6E98D-0626-4498-8C62-9E51FA1FA637@free.fr>
In-Reply-To: <48F6E98D-0626-4498-8C62-9E51FA1FA637@free.fr>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: 'Internet Area' <int-area@ietf.org>
Subject: Re: [Int-area] e2e Address transparency - PI site routing - Multi-CPE multihoming
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jan 2011 21:22:05 -0000

I hate to have to say this, but the reason that NAT44 became popular for
quite a number of large (typically multinational) enterprise networks
was as the easiest solution to the multi-exit problem. These companies
didn't regard NAT as a security feature; they had firewalls for that.
And they didn't *want* to lose address transparency; that was considered
an acceptable side-effect of gaining a solution to the multi-exit
multi-homing problem.

Also look in your time machine for
"Ingress filtering compatibility for IPv6 multihomed sites"
draft-huitema-multi6-ingress-filtering-00

Regards
   Brian Carpenter

On 2011-01-13 05:20, Rémi Després wrote:
> Alberto,
> 
> Thank you for this interesting reference I hadn't noticed.
> 
> It did share the objective of combining of "PI site routing" with "Multi-CPE multihoming", but was NOT concerned with "e2e address transparency".
> 
> Besides:  
> - It needed a middle-box between all hosts and CPE's
> - It needed a new DNS RR type.
> Both have to be avoided in the solution I look for.
> 
> Kind regards,
> RD
> 
> 
> 
> Le 12 janv. 2011 à 11:52, Alberto García a écrit :
> 
>> Hi,
>> The requirements you state remind me the Proxy Shim6 proposal
>> (http://tools.ietf.org/id/draft-bagnulo-pshim6-02.txt). There is also a
>> paper on the subject at
>> http://e-archivo.uc3m.es/bitstream/10016/2846/1/P-SHIM6.pdf
>> The abstract of the paper says:
>> "The P-SHIM6 architecture provides ISP independence to IPv6 sites without
>> compromising scalability.
> 
>> This architecture is based on a middle-box, the
>> P-SHIM6, which manages the SHIM6 protocol exchange on behalf of the nodes of
>> a site, which are configured  with provider independent addresses. Incoming
>> and outgoing packets are processed by the P-SHIM6 box, which can assign
>> different locators to a given communication, either when it is started, or
>> dynamically after the communication has been established. As a consequence,
>> changes required for provider portability are minimized, and fine-grained
>> Traffic Engineering can be enforced at the P-SHIM6 box, in addition to the
>> fault tolerance support provided by SHIM6."
>>
>> Regards,
>> Alberto
>>
>> |  -----Mensaje original-----
>> |  De: int-area-bounces@ietf.org [mailto:int-area-bounces@ietf.org] En
>> |  nombre de Rémi Després
>> |  Enviado el: miércoles, 12 de enero de 2011 11:19
>> |  Para: Brian E Carpenter
>> |  CC: Internet Area
>> |  Asunto: [Int-area] e2e Address transparency - PI site routing - Multi-CPE
>> |  multihoming
>> |  
>> |  Brian,
>> |  
>> |  Here is a good opportunity to clarify an important point, on which I hope
>> we
>> |  can converge.
>> |  
>> |  The problem I worked on is how to combine:
>> |  - "e2e address transparency" (hosts know their own global addresses, and
>> |  use them)
>> |  - "PI site routing"  (e.g., in IPv6, ULA-only intra-site routing to avoid
>> |  renumbering problems)
>> |  - "Multi-CPE Multihoming" (the most complete multihoming model).
>> |  - "Per-site incremental deployment" (a site can use the solution
>> |  independently from what is done anywhere else).
>> |  
>> |  - LISP is off-scope because it doesn't permit per-site incremental
>> |  deployment.
>> |  
>> |  This problem has two complementary sub-problems:
>> |  . "Source-address selection" (how does a host select a particular e2e
>> source
>> |  address for an outgoing packet)?
>> |  . "Outgoing-CPE control" (the source address being selected, how to
>> ensure
>> |  that the packet goes via the right CPE)?
>> |  - Solutions for "source-address selection" do exist (SHIM6, SCTP,
>> draft-ietf-
>> |  v6ops-multihoming-without-nat66).
>> |  - AFAIK, a solution for "outgoing-CPE control" in the above context still
>> has
>> |  to be specified
>> |  
>> |  The key I briefly described for this "outgoing-CPE selection", in sec 3.3
>> of
>> |  draft-despres-softwire-sam-01), is that:
>> |  - For customer-site traversal, hosts encapsulate e2e packets in local
>> packets
>> |  (IPv6/IPv6).
>> |  - Hosts address these local packets to the right CPE's by using a
>> |  correspondence list between local CPE addresses and global IPv6 prefixes.
>> |  
>> |  Unless this is proved to be useless, I plan to pursue in this direction,
>> with
>> |  whoever is interested in making positive contributions.
>> |  
>> |  Best regards,
>> |  RD
>> |  
>> |  
>> |  
>> |  Le 11 janv. 2011 à 21:30, Brian E Carpenter a écrit :
>> |  >> ... it should be more useful to look for solutions that combine
>> provider
>> |  independence with address transparency, than accepting without effort to
>> |  sacrifice address transparency for provider independence.
>> |  >
>> |  > Indeed; we already have one of those standardised, which also has the
>> |  > property of protecting BGP4 scalability: RFC 5533, RFC 5534 and RFC
>> 5535.
>> |  
>> |  (RFC 5533 and RFC 5534 are about SHIM6, and RFC 5535 is about securing
>> |  multihoming address sets. None of these addresses the "outgoing-CPE
>> |  control" issue).
>> |  
>> |  
>> |  _______________________________________________
>> |  Int-area mailing list
>> |  Int-area@ietf.org
>> |  https://www.ietf.org/mailman/listinfo/int-area
>>
> 
> 
>

v2.23.0 | Report a Bug | By Email