Re: [Int-area] e2e Address transparency - PI site routing - Multi-CPE multihoming
Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 13 January 2011 19:16 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: int-area@core3.amsl.com
Delivered-To: int-area@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 511B53A684B for <int-area@core3.amsl.com>; Thu, 13 Jan 2011 11:16:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.297
X-Spam-Level:
X-Spam-Status: No, score=-103.297 tagged_above=-999 required=5 tests=[AWL=0.002, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PmnKChT8APBt for <int-area@core3.amsl.com>; Thu, 13 Jan 2011 11:16:09 -0800 (PST)
Received: from mail-ey0-f172.google.com (mail-ey0-f172.google.com [209.85.215.172]) by core3.amsl.com (Postfix) with ESMTP id 6EAC43A6BC9 for <int-area@ietf.org>; Thu, 13 Jan 2011 11:16:09 -0800 (PST)
Received: by eyd10 with SMTP id 10so1112130eyd.31 for <int-area@ietf.org>; Thu, 13 Jan 2011 11:18:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:organization:user-agent :mime-version:to:cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=8U8hICp0+XIH5+LtYsxuZpltzqPB1Elvpa22aCczKP8=; b=a3wQzE8kS20B8/du6I7jSxypva8r5wveK9/r5G2gj8L5SLUCM3mI0nLangFPrI0eWY 5lmOKjMhijjJd372XyfgYyFPdLoRDmgeGBWdELnLLTyB3q4uGywo4vEIcbV/v0Ejx3aX U3+eeNDA6oNk3crVR4TMrtYSg2rI/8tYneZbw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=P71zK9Lc5fNLDC/70rvV5Oj6ezNtx+4U2nNMRB4diWZnleh14+we9va0w/k90D7NPB UQG+C88WYHHaoNiJ+FFr5QTA+2ok1Krraogva0e0FVFBc0TK0Phs6cooDLt7NkYmlpmK NFHNVN5G44V8isnYTFIWGuQn5DRbXpLswMUkM=
Received: by 10.223.71.197 with SMTP id i5mr2681587faj.127.1294946312018; Thu, 13 Jan 2011 11:18:32 -0800 (PST)
Received: from [10.1.1.3] ([121.98.190.33]) by mx.google.com with ESMTPS id z1sm190083fau.21.2011.01.13.11.18.27 (version=SSLv3 cipher=RC4-MD5); Thu, 13 Jan 2011 11:18:30 -0800 (PST)
Message-ID: <4D2F4FF9.9070100@gmail.com>
Date: Fri, 14 Jan 2011 08:18:17 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Rémi Després <remi.despres@free.fr>
References: <4D2B3928.8050508@gont.com.ar> <20110111071329.109df03f@opy.nosense.org> <4D2B711F.9000705@gont.com.ar> <20110110.224735.41641090.sthaug@nethelp.no> <A01D82C4-9800-4C9B-94D5-24E5D6C1D6FB@free.fr> <4D2CBDFE.30902@gmail.com> <2342BA4A-F973-46AF-82C8-4E1C20CA8692@free.fr> <00b301cbb246$cda664c0$68f32e40$@it.uc3m.es> <48F6E98D-0626-4498-8C62-9E51FA1FA637@free.fr> <4D2E1BE9.6010000@gmail.com> <31727DDE-AC4A-41E9-89D2-2941B3AE9C21@free.fr>
In-Reply-To: <31727DDE-AC4A-41E9-89D2-2941B3AE9C21@free.fr>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: 'Internet Area' <int-area@ietf.org>
Subject: Re: [Int-area] e2e Address transparency - PI site routing - Multi-CPE multihoming
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jan 2011 19:16:11 -0000
On 2011-01-13 21:41, Rémi Després wrote:
> Thank you, Brian, for this other interesting reference I hadn't noticed.
>
>
> Le 12 janv. 2011 à 22:23, Brian E Carpenter a écrit :
>
>> I hate to have to say this, but the reason that NAT44 became popular for
>> quite a number of large (typically multinational) enterprise networks
>> was as the easiest solution to the multi-exit problem.
>
> I agree, but, in my understanding:
> - only for outgoing connectivity
Yes, i.e. connections initiated from the inside. Such companies
normally have their public-facing servers outside the main border,
in a "demilitarized zone".
> - without TCP continuity in case of failure an ISP access being used.
Correct. This was IMHO the big requirement introduced by RFC 3582.
I thought it was a mistake at the time, but I was only the WG Chair
and the consensus was to make it a requirement.
> => incompatible with SHIM6 or SCTP, whose functions include incoming connectivity and TCP continuity.
The incompatibility is exactly as discussed in the Huitema draft I
mentioned, and possibly solved by proxy shim6.
>> These companies
>> didn't regard NAT as a security feature; they had firewalls for that.
>> And they didn't *want* to lose address transparency; that was considered
>> an acceptable side-effect of gaining a solution to the multi-exit
>> multi-homing problem.
>
> That's why, IMHO, an IPv6 solution that avoids this side-effect is worth working on.
Yes.
Brian
>
> Regards,
> RD
>
>
>> Also look in your time machine for
>> "Ingress filtering compatibility for IPv6 multihomed sites"
>> draft-huitema-multi6-ingress-filtering-00
>>
>> Regards
>> Brian Carpenter
>>
>> On 2011-01-13 05:20, Rémi Després wrote:
>>> Alberto,
>>>
>>> Thank you for this interesting reference I hadn't noticed.
>>>
>>> It did share the objective of combining of "PI site routing" with "Multi-CPE multihoming", but was NOT concerned with "e2e address transparency".
>>>
>>> Besides:
>>> - It needed a middle-box between all hosts and CPE's
>>> - It needed a new DNS RR type.
>>> Both have to be avoided in the solution I look for.
>>>
>>> Kind regards,
>>> RD
>>>
>>>
>>>
>>> Le 12 janv. 2011 à 11:52, Alberto García a écrit :
>>>
>>>> Hi,
>>>> The requirements you state remind me the Proxy Shim6 proposal
>>>> (http://tools.ietf.org/id/draft-bagnulo-pshim6-02.txt). There is also a
>>>> paper on the subject at
>>>> http://e-archivo.uc3m.es/bitstream/10016/2846/1/P-SHIM6.pdf
>>>> The abstract of the paper says:
>>>> "The P-SHIM6 architecture provides ISP independence to IPv6 sites without
>>>> compromising scalability.
>>>> This architecture is based on a middle-box, the
>>>> P-SHIM6, which manages the SHIM6 protocol exchange on behalf of the nodes of
>>>> a site, which are configured with provider independent addresses. Incoming
>>>> and outgoing packets are processed by the P-SHIM6 box, which can assign
>>>> different locators to a given communication, either when it is started, or
>>>> dynamically after the communication has been established. As a consequence,
>>>> changes required for provider portability are minimized, and fine-grained
>>>> Traffic Engineering can be enforced at the P-SHIM6 box, in addition to the
>>>> fault tolerance support provided by SHIM6."
>>>>
>>>> Regards,
>>>> Alberto
>>>>
>>>> | -----Mensaje original-----
>>>> | De: int-area-bounces@ietf.org [mailto:int-area-bounces@ietf.org] En
>>>> | nombre de Rémi Després
>>>> | Enviado el: miércoles, 12 de enero de 2011 11:19
>>>> | Para: Brian E Carpenter
>>>> | CC: Internet Area
>>>> | Asunto: [Int-area] e2e Address transparency - PI site routing - Multi-CPE
>>>> | multihoming
>>>> |
>>>> | Brian,
>>>> |
>>>> | Here is a good opportunity to clarify an important point, on which I hope
>>>> we
>>>> | can converge.
>>>> |
>>>> | The problem I worked on is how to combine:
>>>> | - "e2e address transparency" (hosts know their own global addresses, and
>>>> | use them)
>>>> | - "PI site routing" (e.g., in IPv6, ULA-only intra-site routing to avoid
>>>> | renumbering problems)
>>>> | - "Multi-CPE Multihoming" (the most complete multihoming model).
>>>> | - "Per-site incremental deployment" (a site can use the solution
>>>> | independently from what is done anywhere else).
>>>> |
>>>> | - LISP is off-scope because it doesn't permit per-site incremental
>>>> | deployment.
>>>> |
>>>> | This problem has two complementary sub-problems:
>>>> | . "Source-address selection" (how does a host select a particular e2e
>>>> source
>>>> | address for an outgoing packet)?
>>>> | . "Outgoing-CPE control" (the source address being selected, how to
>>>> ensure
>>>> | that the packet goes via the right CPE)?
>>>> | - Solutions for "source-address selection" do exist (SHIM6, SCTP,
>>>> draft-ietf-
>>>> | v6ops-multihoming-without-nat66).
>>>> | - AFAIK, a solution for "outgoing-CPE control" in the above context still
>>>> has
>>>> | to be specified
>>>> |
>>>> | The key I briefly described for this "outgoing-CPE selection", in sec 3.3
>>>> of
>>>> | draft-despres-softwire-sam-01), is that:
>>>> | - For customer-site traversal, hosts encapsulate e2e packets in local
>>>> packets
>>>> | (IPv6/IPv6).
>>>> | - Hosts address these local packets to the right CPE's by using a
>>>> | correspondence list between local CPE addresses and global IPv6 prefixes.
>>>> |
>>>> | Unless this is proved to be useless, I plan to pursue in this direction,
>>>> with
>>>> | whoever is interested in making positive contributions.
>>>> |
>>>> | Best regards,
>>>> | RD
>>>> |
>>>> |
>>>> |
>>>> | Le 11 janv. 2011 à 21:30, Brian E Carpenter a écrit :
>>>> | >> ... it should be more useful to look for solutions that combine
>>>> provider
>>>> | independence with address transparency, than accepting without effort to
>>>> | sacrifice address transparency for provider independence.
>>>> | >
>>>> | > Indeed; we already have one of those standardised, which also has the
>>>> | > property of protecting BGP4 scalability: RFC 5533, RFC 5534 and RFC
>>>> 5535.
>>>> |
>>>> | (RFC 5533 and RFC 5534 are about SHIM6, and RFC 5535 is about securing
>>>> | multihoming address sets. None of these addresses the "outgoing-CPE
>>>> | control" issue).
>>>> |
>>>> |
>>>> | _______________________________________________
>>>> | Int-area mailing list
>>>> | Int-area@ietf.org
>>>> | https://www.ietf.org/mailman/listinfo/int-area
>>>>
>>>
>>>
>
>
>
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Rémi Després
- Re: [Int-area] IP-capable nodes must support IPv6… George, Wes E [NTK]
- [Int-area] IP-capable nodes must support IPv6 - n… George, Wes E [NTK]
- Re: [Int-area] IP-capable nodes must support IPv6… Ed Jankiewicz
- Re: [Int-area] IP-capable nodes must support IPv6… Joe Touch
- Re: [Int-area] IP-capable nodes must support IPv6… Fred Baker
- Re: [Int-area] IP-capable nodes must support IPv6… Fred Baker
- Re: [Int-area] [v6ops] End-to-end "address transp… Rémi Després
- Re: [Int-area] IP-capable nodes must support IPv6… Joe Touch
- Re: [Int-area] IP-capable nodes must support IPv6… Joe Touch
- Re: [Int-area] IP-capable nodes must support IPv6… Matthew Kaufman
- Re: [Int-area] IP-capable nodes must support IPv6… Joe Touch
- Re: [Int-area] IP-capable nodes must support IPv6… Matthew Kaufman
- Re: [Int-area] IP-capable nodes must support IPv6… Joe Touch
- Re: [Int-area] IP-capable nodes must support IPv6… Brian E Carpenter
- Re: [Int-area] IP-capable nodes must support IPv6… Josh Rambo
- Re: [Int-area] IP-capable nodes must support IPv6… Joe Touch
- Re: [Int-area] IP-capable nodes must support IPv6… Joe Touch
- Re: [Int-area] IP-capable nodes must support IPv6… Joe Touch
- Re: [Int-area] IP-capable nodes must support IPv6… Josh Rambo
- Re: [Int-area] IP-capable nodes must support IPv6… Rajiv Asati (rajiva)
- Re: [Int-area] IP-capable nodes must support IPv6… Joe Touch
- Re: [Int-area] IP-capable nodes must support IPv6… Joe Touch
- Re: [Int-area] IP-capable nodes must support IPv6… Rajiv Asati (rajiva)
- Re: [Int-area] IP-capable nodes must support IPv6… Brian E Carpenter
- Re: [Int-area] IP-capable nodes must support IPv6… Fernando Gont
- Re: [Int-area] IP-capable nodes must support IPv6… Ed Jankiewicz
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Randy Bush
- Re: [Int-area] IP-capable nodes must support IPv6… Lee Howard
- Re: [Int-area] IP-capable nodes must support IPv6… Fernando Gont
- Re: [Int-area] IP-capable nodes must support IPv6… Joel Jaeggli
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Mark Smith
- [Int-area] End-to-end "address transparency" Rémi Després
- Re: [Int-area] [v6ops] End-to-end "address transp… Mark Smith
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Gunter Van de Velde (gvandeve)
- Re: [Int-area] [v6ops] End-to-end "address transp… Rémi Després
- Re: [Int-area] [v6ops] IP-capable nodes must supp… George, Wes E [NTK]
- Re: [Int-area] IP-capable nodes must support IPv6… George, Wes E [NTK]
- [Int-area] draft-george-ipv6-required George, Wes E [NTK]
- Re: [Int-area] End-to-end "address transparency" Fernando Gont
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Joe Touch
- Re: [Int-area] End-to-end "address transparency" Behcet Sarikaya
- Re: [Int-area] draft-george-ipv6-required Ed Jankiewicz
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Rajiv Asati (rajiva)
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Lee Howard
- Re: [Int-area] [v6ops] IP-capable nodes must supp… George, Wes E [NTK]
- Re: [Int-area] IP-capable nodes must support IPv6… Rajiv Asati (rajiva)
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Joe Touch
- Re: [Int-area] [v6ops] End-to-end "address transp… Mark Smith
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Lee Howard
- Re: [Int-area] [v6ops] End-to-end "address transp… Fernando Gont
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Mark Smith
- Re: [Int-area] End-to-end "address transparency" Brian E Carpenter
- Re: [Int-area] [v6ops] End-to-end "address transp… sthaug
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Noel Chiappa
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Mark Smith
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Joe Touch
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Lee Howard
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Joe Touch
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Brian E Carpenter
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Fred Baker
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Mark Smith
- Re: [Int-area] End-to-end "address transparency" Rémi Després
- Re: [Int-area] [v6ops] End-to-end "address transp… Brian E Carpenter
- [Int-area] e2e Address transparency - PI site rou… Rémi Després
- Re: [Int-area] e2e Address transparency - PI site… Alberto García
- Re: [Int-area] e2e Address transparency - PI site… Rémi Després
- Re: [Int-area] e2e Address transparency - PI site… Brian E Carpenter
- Re: [Int-area] e2e Address transparency - PI site… Rémi Després
- Re: [Int-area] e2e Address transparency - PI site… Eliot Lear
- Re: [Int-area] e2e Address transparency - PI site… Rémi Després
- Re: [Int-area] e2e Address transparency - PI site… Templin, Fred L
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Howard, Lee
- Re: [Int-area] [v6ops] IP-capable nodes must supp… Cameron Byrne
- Re: [Int-area] e2e Address transparency - PI site… Brian E Carpenter
- Re: [Int-area] draft-george-ipv6-required Joel Jaeggli
- Re: [Int-area] [v6ops] End-to-end "address transp… Joel Jaeggli
- Re: [Int-area] [v6ops] End-to-end "address transp… Mark Smith
- Re: [Int-area] [v6ops] End-to-end "address transp… Rémi Després
- Re: [Int-area] [v6ops] End-to-end "address transp… Jack Bates
- Re: [Int-area] [v6ops] End-to-end "address transp… Jack Bates
- Re: [Int-area] [v6ops] End-to-end "address transp… Rémi Després
- Re: [Int-area] [v6ops] End-to-end "address transp… Fred Baker
- Re: [Int-area] [v6ops] End-to-end "address transp… Mark Smith
- Re: [Int-area] [v6ops] End-to-end "address transp… Rémi Després
- Re: [Int-area] [v6ops] End-to-end "address transp… Mark Smith
- Re: [Int-area] [v6ops] End-to-end "address transp… Jack Bates
- Re: [Int-area] [v6ops] End-to-end "address transp… Fred Baker
- Re: [Int-area] [v6ops] End-to-end "address transp… Mark Smith
- Re: [Int-area] [v6ops] End-to-end "address transp… Jack Bates
- Re: [Int-area] [v6ops] End-to-end "address transp… Erik Kline
- Re: [Int-area] [v6ops] End-to-end "address transp… Fred Baker
- Re: [Int-area] [v6ops] End-to-end "address transp… Erik Kline
- Re: [Int-area] [v6ops] End-to-end "address transp… Fred Baker
- Re: [Int-area] [v6ops] End-to-end "address transp… Joel Jaeggli
- Re: [Int-area] [v6ops] End-to-end "address transp… Rémi Després
- Re: [Int-area] [v6ops] End-to-end "address transp… Jack Bates
- Re: [Int-area] [v6ops] End-to-end "address transp… Mark Smith