Re: 6man-sadr-overview - next-hop option and VPN use-case clarifications
Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 23 March 2015 19:37 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56F911A0242 for <ipv6@ietfa.amsl.com>; Mon, 23 Mar 2015 12:37:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6hLC6J55Cl8r for <ipv6@ietfa.amsl.com>; Mon, 23 Mar 2015 12:37:33 -0700 (PDT)
Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76EA01A026C for <ipv6@ietf.org>; Mon, 23 Mar 2015 12:37:33 -0700 (PDT)
Received: by wgdm6 with SMTP id m6so154396061wgd.2 for <ipv6@ietf.org>; Mon, 23 Mar 2015 12:37:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=Dh0HLpoaT71QIede4A7zRnyCw9zab/1y3ASFsNygwGc=; b=giQraVKNLuPC+RUIzXYcT48N3gPrXd09SPQuRXwxDFWg+rX+hM5fhCh3B0Y60Hr1Kd R5mmBnBOuc5/9EW8YSITrnYTbjRovth6vcddYN2XFXo5eO0wK42hdHJF0LjwazJaGfci mJbIJ/z8y/UTVExr3U127wdORq6hGjzrpfQH6Wk7BFVTtjv9embmTkJkfSjphcXPJis5 WG28FVTzn9F+ixsVRqIunRU/paaXISEeGW9UJYkTU/jodwYiSYcuhGjPrOyuJa0iMV/L rU6hSaBFG2yLk/5J0SX41YmFMoUcrwPGkoFSm7aBWiZCRdo9+9OtgvYe3Th4jF98en8z wZhQ==
X-Received: by 10.180.211.170 with SMTP id nd10mr1222646wic.67.1427139452225; Mon, 23 Mar 2015 12:37:32 -0700 (PDT)
Received: from ?IPv6:2001:67c:370:176:28cc:dc4c:9703:6781? ([2001:67c:370:176:28cc:dc4c:9703:6781]) by mx.google.com with ESMTPSA id l6sm2762010wjx.33.2015.03.23.12.37.30 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Mar 2015 12:37:31 -0700 (PDT)
Message-ID: <55106B7F.2040208@gmail.com>
Date: Tue, 24 Mar 2015 08:37:35 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Ole Troan <otroan@employees.org>
Subject: Re: 6man-sadr-overview - next-hop option and VPN use-case clarifications
References: <882C9301-A72A-464A-9DE0-D845316EF217@darou.fr> <551057E4.9020008@gmail.com> <109399D7-3355-4E6F-83E0-E41FC6F8DAB3@employees.org>
In-Reply-To: <109399D7-3355-4E6F-83E0-E41FC6F8DAB3@employees.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/_e33-kNti7U8AA9YHanv3x_xVc4>
Cc: 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2015 19:37:36 -0000
On 24/03/2015 08:05, Ole Troan wrote: > Brian, > >> What I have seen in enterprise VPN solutions is that when the VPN client >> code starts up, it installs a long list of host routes, one for each >> disjoint prefix in the corporate network. >> >> All of these could be replaced by a single SADR next-hop route to the >> VPN router. > > why wouldn’t the VPN router advertise that route? You're assuming that the host would understand such an advertisement. It seems to me that we're in a space where hosts don't understand routing protocols. And where draft-troan-homenet-sadr-01 hasn't been implemented either. Brian >> The reason this *matters* is that whenever a prefix is added or removed >> inside the corporate network, the list of host routes built into >> the VPN client becomes obsolete and needs to be updated on every >> host where that client is installed. That is painful for everyone >> involved. > > the confusion here is why router A needs to advertise to a host that prefix X is reachable via router B, interface Y. > why can’t router B do that. > > cheers, > Ole >
- 6man-sadr-overview - next-hop option and VPN use-… Pierre Pfister
- Re: 6man-sadr-overview - next-hop option and VPN … Brian E Carpenter
- Re: 6man-sadr-overview - next-hop option and VPN … Ole Troan
- Re: 6man-sadr-overview - next-hop option and VPN … Michael Richardson
- Re: 6man-sadr-overview - next-hop option and VPN … Michael Richardson
- Re: 6man-sadr-overview - next-hop option and VPN … Brian E Carpenter
- Re: 6man-sadr-overview - next-hop option and VPN … Ole Troan
- Re: 6man-sadr-overview - next-hop option and VPN … Brian E Carpenter
- Re: 6man-sadr-overview - next-hop option and VPN … Alexandru Petrescu
- Re: 6man-sadr-overview - next-hop option and VPN … Pierre Pfister
- Re: 6man-sadr-overview - next-hop option and VPN … Brian E Carpenter
- Re: 6man-sadr-overview - next-hop option and VPN … Pierre Pfister
- Re: 6man-sadr-overview - next-hop option and VPN … Michael Richardson
- Re: 6man-sadr-overview - next-hop option and VPN … Pierre Pfister
- Re: 6man-sadr-overview - next-hop option and VPN … Michael Richardson
- Re: 6man-sadr-overview - next-hop option and VPN … Behcet Sarikaya
- Re: 6man-sadr-overview - next-hop option and VPN … Alexandru Petrescu