IETF Logo Mail Archive

Re: [IPv6] Suggestion for multi homed clients without NAT/NPT

Vasilenko Eduard <vasilenko.eduard@huawei.com> Sat, 07 January 2023 10:32 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61257C1522D0 for <ipv6@ietfa.amsl.com>; Sat, 7 Jan 2023 02:32:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.897
X-Spam-Level:
X-Spam-Status: No, score=-6.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 024kAvjDM3SK for <ipv6@ietfa.amsl.com>; Sat, 7 Jan 2023 02:32:39 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B021C1522AD for <ipv6@ietf.org>; Sat, 7 Jan 2023 02:32:39 -0800 (PST)
Received: from mscpeml100002.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4NpxJT1R6Pz67bjw; Sat, 7 Jan 2023 18:28:57 +0800 (CST)
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by mscpeml100002.china.huawei.com (7.188.26.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Sat, 7 Jan 2023 13:32:36 +0300
Received: from mscpeml500001.china.huawei.com ([7.188.26.142]) by mscpeml500001.china.huawei.com ([7.188.26.142]) with mapi id 15.01.2375.034; Sat, 7 Jan 2023 13:32:36 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: "Philipp S. Tiesel" <philipp@tiesel.net>
CC: Brian E Carpenter <brian.e.carpenter@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>, 6man <ipv6@ietf.org>
Thread-Topic: [IPv6] Suggestion for multi homed clients without NAT/NPT
Thread-Index: AQHZHOy7l9f89tMDvE2g8IQ1Jw9DE66IOhkAgAAdrgCABXpxAIACAQwAgADMNgCAAKUtgIAAPw6w///pp4CAAVovgA==
Date: Sat, 07 Jan 2023 10:32:36 +0000
Message-ID: <0c3019b1ba43426aab4f052b834d349c@huawei.com>
References: <b3742e2b-6472-9eb4-bee2-507fa8cdf4c6@posteo.de> <05ed3426-7731-baef-44a1-6fc50ce69a5b@gmail.com> <9586.1672523456@localhost> <14437462-8E95-4554-A4A4-A83E08382439@tiesel.net> <9192.1672934804@localhost> <6fa6cd37-d64f-b05f-89b9-668b048d06d6@gmail.com> <04E5CCF4-1817-472D-BC5A-28BABFA2AF56@tiesel.net> <42ed640795e4493ca7a3e0cbb272ba39@huawei.com> <D18C7956-16C4-4BF8-91CA-7AC4C07889DA@tiesel.net>
In-Reply-To: <D18C7956-16C4-4BF8-91CA-7AC4C07889DA@tiesel.net>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.81.194.22]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Hcx4YTGRHUHWBi1-H7BukF2-O0k>
Subject: Re: [IPv6] Suggestion for multi homed clients without NAT/NPT
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jan 2023 10:32:44 -0000

Hi Philipp,

1. I still believe that simplified MHMP topology (1 link, 2 routers to different carriers) does not need source routing in principle.
2. DHCP-PD may be used potentially to distribute PA over the complex site. Just 1) it is not standardized, and 2) DHCP is not supported at all on the most popular OS. Hence, the solution for PA distribution over the site does not exist yet. Neither on products nor in standardization.
3. The world already opens the double number of sessions then drop half, thanks to HY. It is a considerable scalability issue for everything stateful (like FW, LB, IPS, etc).
In the MHMP environment, typically would be just 2 PIOs from different Carriers. We could ignore the cases for 3 PIOs and more (small probability).
It is possible to multiply sessions on the internet 2x more (to 4x?).
I do not have a clue about how effective the caching of this information is on the real OSes TCP/IP stack.
Maybe you are right: cashing could be very effective, and session tax could be as low as 1.05. I do not know.

Whatever you propose (including HY next generation) is in reality the function that should be substituted inside getaddrinfo() and RFC 6724 that is behind it. Even in the case if you would propose to replace getaddrinfo() with something else.
I have searched over all your URLs presented in this thread - I have not found a place where a discussion similar to RFC 6724 is going on.
Hence, I have not understood how you propose to replace RFC 6724/getaddrinfo().
"Use HYv3" may be a good idea, but it is difficult to evaluate without details.
Looking at RFC 6724, I am sure: it would be needed to specify many details. MHMP is complex.

Eduard
-----Original Message-----
From: Philipp S. Tiesel [mailto:philipp@tiesel.net] 
Sent: Friday, January 6, 2023 7:35 PM
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>; Michael Richardson <mcr+ietf@sandelman.ca>; 6man <ipv6@ietf.org>
Subject: Re: [IPv6] Suggestion for multi homed clients without NAT/NPT



> On 6. Jan 2023, at 16:03, Vasilenko Eduard <vasilenko.eduard@huawei.com> wrote:
> 
> Hi Philipp,
> I need to read the materials that you have supplied but some comments are already possible.
> 
> - Source-Dest-Routing incl. auto-configuration is a pre-requisite for 
> any  endpoint based multi-path or multi-homing solution…
> EV> Double "Nope".
> 1. Source routing is needed only if we have many routing hops on site.
> The simplified topology "Common LAN with 2 separate routers leading to different Carriers" does not need a source routing in principle.

Yes and no… there would be other means to keep multiple uplinks separate at the endpoints, but src-dst-routing is the only way that I am aware of that is
 a) implemented and
 b) works the same on end-hosts and intermediate routers.
Take a look at https://datatracker.ietf.org/doc/draft-ietf-rtgwg-dst-src-routing/ 
  
> 2. Multiple hops on site is not possible in principle yet.
> Because Carriers address space (PA) should be somehow distributed first.
> We do not have any mechanism to do it yet.

Combine src-dst-routing with DHCPv6 Prefix delegation and you have a solution that (with a few hops) works with different PA spaces per Uplink.


> - The Happy Eyeballs (on steroids) approach is one good way to make
>  use of multi-homing on connection establishment.
> EV> I need to read more because I do not understand how HY could help to MHMP.
> Do you propose to open a separate session for every possible <path*source_address> permutation?

I assume each path is represented by a unique prefix that
- provides src addresses for the hosts
- has src-dst-default-route on the routers on-site.

So a client can choose a path/uplink by choosing a src address.

> Search for fastest then drop all other sessions.
> I do not like brute force approach.

That is a good question… in the end, just do HE with a small set of <src*dst> and 
cache the informations (latency, success rate) gathered from connection attempts.


> 
> Ed/
> -----Original Message-----
> From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Philipp S. Tiesel
> Sent: Friday, January 6, 2023 5:09 PM
> To: Brian E Carpenter <brian.e.carpenter@gmail.com>
> Cc: Michael Richardson <mcr+ietf@sandelman.ca>; 6man <ipv6@ietf.org>
> Subject: Re: [IPv6] Suggestion for multi homed clients without NAT/NPT
> 
> 
> 
>> On 6. Jan 2023, at 05:17, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>> 
>> On 06-Jan-23 05:06, Michael Richardson wrote:
>>> Philipp S. Tiesel <philipp@tiesel.net> wrote:
>>>> I did my Ph.D. on that topic and called it Happy Eyeballs on Steroids.
>>>> Most results went into the TAPS WG… maybe have a look at
>>>> - https://datatracker.ietf.org/doc/draft-ietf-taps-arch/
>>>> - https://datatracker.ietf.org/doc/draft-ietf-taps-interface/
>>>> - https://datatracker.ietf.org/doc/draft-ietf-taps-impl/
>>> Very cool.  I will read them. I didn't know TAPS was doing this, and 
>>> I suspect that few in 6man know either.  Maybe a 5 minute presentation is in order.
>> 
>> From a very superficial dive into those drafts, it seems that there is 
>> no explicit discussion of *why* a transport entity might have several 
>> addresses and how their usage interacts with routing (starting with 
>> choice of default router). I guess TAPS would say that's out of scope, 
>> but I also guess that 6MAN and V6OPS would need convincing that the 
>> TAPS approach will solve our problems.
> 
> Okay… I guess we need to carefully sort things here:
> 
> - Source-Dest-Routing incl. auto-configuration is a pre-requisite for any
>  endpoint based multi-path or multi-homing solution…
> - The Happy Eyeballs (on steroids) approach is one good way to make
>  use of multi-homing on connection establishment.
> - TAPS is an abstract API/architecture that is (among other things) targeted
>  at making Happy Eyeballs (on steroids) seamless for the application and
>  the default for connection establishment
> 
> So all of the above can sum-up to one possible solution.
> 
>> Just saying we'll aggressively use happy eyeballs reminds me of the 
>> practical issues of using SHIM6, which amounts to a different kind of 
>> happy eyeballs. Neither will work unless the site supports source 
>> routing, to put it simply.
> 
> That is true, but sadly not really implemented and active on all major platforms.
> - I just verified that MacOS does it by default,
> - Linux can do it, but last time I checked fails to auto-configure it.
> - I haven’t tried Windows on that recently 
> 
>> 
>> See https://datatracker.ietf.org/doc/html/draft-naderi-ipv6-probing-01
>> 
>>> Philipp S. Tiesel <philipp@tiesel.net> wrote:
>>>> I am convinced RFC 8028 would also be a great start for clients with
>>>> multiple default routes, e.g., enabling stuff like multi-path TCP to
>>>> work correctly, but it will not be sufficient for meaningful
>>>> multi-homing / source address selection.
>>> Do your IDs explain why?
>>>> In addition, to avoiding problems with CDNs, it is also  required to
>>>> separately keep track of DNS on a per-router/PvD basis and only use the
>>>> matching source addresses for new connections, so RDNSS should also be
>>>> treated analog to the source address in RFC 8028.
>>> I'm surprised to hear this.  I'm not convinced that PvD are a good 
>>> idea, I think that they represent IPv4 thinking, and I think that 
>>> there are better ways to do this in IPv6.  So I'm curious to understand how they are connected.
> 
> PvDs allow you to decide whether two networks a host is hooked up to are “the same network”, e.g., Wifi and wired access to the same corporate network, and to get some properties about like “It’s a corporate VPN for the following domains”
> or “It’s an expensive cellular fallback”.
> 
> While RA preferences allow our to select one/multiple same-weight defaults, PvDs can give you semantic information that is useful in a network policy.
> In the end, PvDs are useless without an TAPS-like API/architecture that smartly couples name resolution and source+destination address selection.
> 
> So, why do we need to separate DNS replies on a per-PvD basis?
> - Some host names might not be resolvable in public DNS
> - Some dst-addresses are not reachable from every part of the Internet.
>  Especially for CDNs, thats’ fine – I really should not try to use a
>  CDN cache within ISP A from a source served by ISP B.
> 
>>>> Having tried to manage traffic from within getaddrinfo() I can only
>>>> recommend to abandon that idea.
>>>> A lengthly write-up why can be found here in Section 6 of this expired
>>>> draft:
>>>> 
>>> https://datatracker.ietf.org/doc/html/draft-tiesel-taps-socketintents
>>> -bsdsockets-02 Thank you. I agree that it can't be done properly in 
>>> getaddrinfo().
>> 
>> We all agree on that, I think (and also see the discussion on ULA 
>> usability). But the Internet runs on getaddrinfo() and we can't expect 
>> that to change for many years, even if TAPS is a brilliant success.
>> 
>> So Eduard's question remains for the time being: how do we achieve 
>> appropriate source and destination address selection with only the 
>> socket API to help us?
> 
> The answer is depressing: Not at all for the majority off applications.
> Stuck with the BSD socket API and it’s resolver library, there is no way of linking DNS-replies to default-routes/PvDs. 
> 
> There may be one exception: Given the amount of DNS and networking code in modern Web browsers (incl. their own DNS stack), these might be able to make some use of source and destination address selection based on the insight gained from their own internal DNS resolver.
> Once the application has somehow managed to do source and destination address selection and given we have source-dest-routing working, s=socket(); bind(s, src); connect(s, dst); is sufficient.  
> 
> This is a really hard cross-silo problem ;-)
> 
>> 
>>  Brian
>> 
>>>> The only way forward I see is something like TAPS and Appel’s
>>>> implementation is already pretty close what it would needs to make use
>>>> of multi-homing here. They just need a litte more
>>>> aggressive/opportunistic happy eyeball candidate selection.
>>> Is there a FAQ on how to play with this code?
>>> --
>>> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>>>           Sandelman Software Works Inc, Ottawa and Worldwide

--  
Philipp S. Tiesel
https://philipp.tiesel.net/

v2.23.0 | Report a Bug | By Email