[lisp] 答复: Re: Fwd: Comments about draft-cheng-lisp-shdht-01
cheng.li2@zte.com.cn Mon, 30 July 2012 04:16 UTC
Return-Path: <cheng.li2@zte.com.cn>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0228A21F8505; Sun, 29 Jul 2012 21:16:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -94.005
X-Spam-Level:
X-Spam-Status: No, score=-94.005 tagged_above=-999 required=5 tests=[AWL=-1.215, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_DOUBLE_IP_LOOSE=0.76, SARE_SUB_ENC_GB2312=1.345, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oibMm6iTWrEE; Sun, 29 Jul 2012 21:16:07 -0700 (PDT)
Received: from mx5.zte.com.cn (mx6.zte.com.cn [95.130.199.165]) by ietfa.amsl.com (Postfix) with ESMTP id 50B0321F855F; Sun, 29 Jul 2012 21:16:06 -0700 (PDT)
Received: from [10.30.17.99] by mx5.zte.com.cn with surfront esmtp id 107231768471946; Mon, 30 Jul 2012 12:05:16 +0800 (CST)
Received: from [10.30.3.20] by [192.168.168.15] with StormMail ESMTP id 54804.2396311068; Mon, 30 Jul 2012 12:16:03 +0800 (CST)
Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse01.zte.com.cn with ESMTP id q6U4Fgmu045561; Mon, 30 Jul 2012 12:15:43 +0800 (GMT-8) (envelope-from cheng.li2@zte.com.cn)
In-Reply-To: <20120727132354.8689C18C0DB@mercury.lcs.mit.edu>
To: jnc@mercury.lcs.mit.edu
MIME-Version: 1.0
X-KeepSent: E572EDF3:1F17059C-48257A4B:001485EE; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007
Message-ID: <OFE572EDF3.1F17059C-ON48257A4B.001485EE-88257A4B.001768BE@zte.com.cn>
From: cheng.li2@zte.com.cn
Date: Sun, 29 Jul 2012 21:15:40 -0700
X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.3FP1 HF212|May 23, 2012) at 2012-07-30 12:15:41, Serialize complete at 2012-07-30 12:15:41
Content-Type: multipart/alternative; boundary="=_alternative 001768BB88257A4B_="
X-MAIL: mse01.zte.com.cn q6U4Fgmu045561
Cc: lisp-bounces@ietf.org, jnc@mercury.lcs.mit.edu, lisp@ietf.org
Subject: [lisp] 答复: Re: Fwd: Comments about draft-cheng-lisp-shdht-01
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jul 2012 04:16:08 -0000
lisp-bounces@ietf.org 写于 2012-07-27 06:23:54: > > From: Michael Hoefling <hoefling@informatik.uni-tuebingen.de> > > > I assume that the proxy reply mode should not be the default operation > > mode. > > ... no P-bit not proxy. > > That's my understanding - but sometimes I get a little confused on these fine > details! So if I have made a mistake, I trust someone will let us know! :-) > > The whole question of having to get the mappings from the ETRs is one I have > thought about a fair amount, because it (currently) makes it impossible to > cache mappings in, e.g., the MR. > > (Let me quickly clarify that "currently" - although I have thought about how > to cache mappings, I don't believe there are any plans to do so at the moment > - at least, not that I am aware of. It would require changing the Map-Reply > format, to indicate which ranges of 'source' EIDs a particular mapping is > valid for. So unless we have to change the Map-Reply format for some other > reason - e.g. to include signatures on mappings - my guess is that this is > unlikely to happen. And it's not clear if we need to cache mappings at > intermediate points between the authoritative source [the ETR] and the user > [the ITR] - although the DNS does have this capability, IIRC. Well, that's > the kind of thing we will discover through trying it...) Dissagree. According to section 5.3 of "draft-ietf-lisp-sec":"The second bit after the Type field in a Map-Register message is allocated as the S bit. The S bit indicates to the Map-Server that the registering ETR is LISP-SEC enable." And in section 5.7 of the same draft:"If the Map-Server is in proxy mode, it generates a Map-Reply, as specified in [I-D.ietf-lisp], with the S-bit set to 1. The Map-Reply includes the Authentication Data that contains the EID-AD, as well as the PKT-AD." As a result, Map-Reply message need not to be changed. There's already mechanism for a Map-Server in proxy model to reply authenticate mapping information. > > It is a slightly odd design choice in a way - it's a bit of an odd form for > the subsystem boundary (compared to other systems which provide mappings). It > wasn't until I started thinking of the ALT/etc as 'indexing systems' (which > is not how they were orginally described, I think) that it started to be > easier for me to think about. > > > >> This is necessary for things like 'source-specific mappings' (where an > >> ETR returns different mappings to different ITRs). > > > Isn't this possible in proxy mode as well or is the selection logic > > specific for ETRs? > > Well, there is no way in the ETR/MS interface to specify that there are > multiple mappings, and which mappings should be given to which sources. So, > it is necessarily onl the ETRs which can provide source-specific mappings. According to discussion with Vincer: "Why do ETRs have to send Map-Replies directly to ITRs?" ETRs may have different policies for different ITRs, such like priority and weights of RLOCs. ETRs could send Map-Replies based on local policies. IMO, ETRs could also register policies with mapping information, and require Map-Server to implement Policy decision. In this scenario, complexity issue of mapping database need to be considered further. > > > How is this currently achieved in DNS? > > Do you mean 'how does DNS return different mappings to differerent lookup > requests' (as I gather a few people do, for load-balancing reasons, etc etc). > I don't know the details - I assume it's implementation-specific. > > Noel > _______________________________________________ > lisp mailing list > lisp@ietf.org > https://www.ietf.org/mailman/listinfo/lisp > -------------------------------------------------------- ZTE Information Security Notice: The information contained in this mail (and any attachment transmitted herewith) is privileged and confidential and is intended for the exclusive use of the addressee(s). If you are not an intended recipient, any disclosure, reproduction, distribution or other dissemination or use of the information contained is strictly prohibited. If you have received this mail in error, please delete it and notify us immediately.
- [lisp] Fwd: Comments about draft-cheng-lisp-shdht… cheng.li2
- Re: [lisp] Fwd: Comments about draft-cheng-lisp-s… Noel Chiappa
- Re: [lisp] Fwd: Comments about draft-cheng-lisp-s… Michael Hoefling
- Re: [lisp] Fwd: Comments about draft-cheng-lisp-s… Michael Hoefling
- Re: [lisp] Fwd: Comments about draft-cheng-lisp-s… Noel Chiappa
- [lisp] 答复: Re: Fwd: Comments about draft-cheng-li… cheng.li2