Re: [Iotops] Automatically connecting to stub networks... Fri, 04 December 2020 09:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1EB6C3A1224; Fri, 4 Dec 2020 01:19:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Jv2ctSNBUXvU; Fri, 4 Dec 2020 01:19:39 -0800 (PST)
Received: from ( [IPv6:2607:7c80:54:3::74]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1B8DD3A0B0B; Fri, 4 Dec 2020 01:19:38 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id EF5784E11B75; Fri, 4 Dec 2020 09:19:37 +0000 (UTC)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by (Postfix) with ESMTP id D29A446E316F; Fri, 4 Dec 2020 10:19:35 +0100 (CET)
Message-Id: <>
Content-Type: multipart/signed; boundary="Apple-Mail=_2629654B-2178-464A-8A6D-4417C8ADF2E2"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.\))
Date: Fri, 04 Dec 2020 10:19:35 +0100
In-Reply-To: <>
Cc: Ted Lemon <>, 6MAN <>,
To: Toerless Eckert <>
References: <695953.1606952552@dooku> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3654.
Archived-At: <>
Subject: Re: [Iotops] Automatically connecting to stub networks...
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IOT Operations <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 04 Dec 2020 09:19:41 -0000

>> Question, what are the requirements here?
> Indeed. Lets first focus on that.
>> A) Stub network. Is it possible to restrict the topology to a single root/single level of leafes?
> I would fear the current business cases might be fine with such a limitation,
> but i for once would find it dissatisfactory if the protocol solution
> would be limited to just one level.

Right, I already gave an example where that topology fails.

>> It prohibits multi-homing. What about the case where a node is attached to the stub with a hypervisor and VMs requiring addressing?
>> Is sending all traffic via the root acceptable? Instead of short-cutting between stub routers?
>> B) Is it possible to restrict the solution to the site having been delegated enough address space?
>> Or do you need to handle the cases where the site has:
>> a) not received enough /64s to number all links
>> b) have only been delegated a single /64
>> c) have only a shared /64
>> d) have only a single address
> Not trying to answer all these points, but:
> To me the most simple model is around the following constraints/requirements:
>      stub-router ----link --- infra-router
> a) stub-router and infra-router are potentially different admin, aka:
>   we do not want to use signaling between them such as a typical
>   link-state-routing protocol where you can not create good trust-domain
>   boundries within the topology. Dijkstra protos are a bit better, but
>   i think no one has tried to come up with good definitions for "internal"
>   trust boundaries.

Yes, I believe this was also discussed in homenet.
In Ted's case as well as many others devices are controlled with umbilical cords to other administrative domains.
They should in theory not be more trusted inside the network than a host from the outside.
This is a hard one.

> b) infra-router hands out prefix(es) to stub-router. It shouldn't have
>   anything to say about how stub-router uses them. So stub-router could
>   subtend sub-prefixes as it sees fit. Infra router does NOT accept
>   prefixes back from stub-router.

Routing is of course tightly coupled with prefix assignment.
I also believe Ted's use case involves a stub network coming with it's own ULA that it wants to advertise routing for within the rest of the site(?).

> Not sure yet about similar rules for the naming / services for DNS-SD,
> but there may need to be some similar rules.
> And from service provider use cases, i remember various other DHCP options
> that infra-router may need to see proxied across stubb-router to clients
> if/when clients rely on DHCP opions instead of DNS-SD to discover specific
> services. Which for example in the home a lot of the service-provider
> equipment such as IPTV STBs expects to be able to do.

There has to be a way of distributing configuration information (from multiple sources).