Re: [mdnsext] mDNSext features/requirements rollup
RJ Atkinson <rja.lists@gmail.com> Thu, 07 February 2013 13:58 UTC
Return-Path: <rja.lists@gmail.com>
X-Original-To: mdnsext@ietfa.amsl.com
Delivered-To: mdnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 882C521F8654 for <mdnsext@ietfa.amsl.com>; Thu, 7 Feb 2013 05:58:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level:
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, GB_AFFORDABLE=1, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TbgL-J5sXZpB for <mdnsext@ietfa.amsl.com>; Thu, 7 Feb 2013 05:58:55 -0800 (PST)
Received: from mail-vc0-f172.google.com (mail-vc0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 662C321F8645 for <mdnsext@ietf.org>; Thu, 7 Feb 2013 05:58:55 -0800 (PST)
Received: by mail-vc0-f172.google.com with SMTP id l6so1630825vcl.17 for <mdnsext@ietf.org>; Thu, 07 Feb 2013 05:58:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:content-type:content-transfer-encoding:subject:date :message-id:to:mime-version:x-mailer; bh=idTCUAL2eG+K4WxVcwd1Re/NMBCz//JdxQJx+g/mO0k=; b=V1Msq+F4axzAdO9Rx/FUTXiSdMOJtFHq5Cq5ICtn/MIE4wHUPUZgRX/rGbtYuobb/P gxUpBIg+603617kssJR9b8qb2Tjy7oEXwHLrtHsd3cbK60Xpl8jXeNxcQ4AtdIIlvvjJ r8WC9GfRQs3rN3+/YtmrcksxfJWny569/7sSZIJh9FELocbeIVDD83eaxdzWRvIi/Wlt IHNPd4umYu/+xSRkT3L9LdVJo7Lv3CS+x82aGl0z+DvsOwIFz2eufQdd+OWPHVwJ/7xT rprLMS4MZzUYwpLbQBsLIBWuYEZrI2Fn7t8/2DTmaqbyyD3wQO7YTGrxzwmJIM8N6BJp 5XhQ==
X-Received: by 10.52.97.7 with SMTP id dw7mr1487824vdb.38.1360245534820; Thu, 07 Feb 2013 05:58:54 -0800 (PST)
Received: from [10.30.20.13] (pool-96-255-149-117.washdc.fios.verizon.net. [96.255.149.117]) by mx.google.com with ESMTPS id p7sm27362399vdt.2.2013.02.07.05.58.53 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 07 Feb 2013 05:58:54 -0800 (PST)
From: RJ Atkinson <rja.lists@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 07 Feb 2013 08:58:53 -0500
Message-Id: <4D4B5680-EF92-4646-957F-5FF4E588DFEF@gmail.com>
To: mdnsext@ietf.org
Mime-Version: 1.0 (Apple Message framework v1283)
X-Mailer: Apple Mail (2.1283)
Subject: Re: [mdnsext] mDNSext features/requirements rollup
X-BeenThere: mdnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <mdnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mdnsext>, <mailto:mdnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mdnsext>
List-Post: <mailto:mdnsext@ietf.org>
List-Help: <mailto:mdnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mdnsext>, <mailto:mdnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Feb 2013 13:58:56 -0000
This note replies to several different notes in this thread. I've tried to do this by working from oldest note at the top of this note to most recent note at the bottom of this note. If one replies, trimming my original while editing the reply is definitely encouraged, as this is longish. Thanks ! Earlier, on Jan 29th 2013, Stephen Orr wrote, in part: > I agree with Dan on this - making sure that the network > infrastructure has the ability to operate as good "mdns clients" > while providing filtering/proxying of DNS-SD advertisements > between L3 segments would be a fundamental use case. Agreed. For interconnection of different IP subnets, past experience has shown that putting this kind of function inside routers makes sense. Routers are well positioned to handle the proxy function, and already are commonly used to provide various kinds of packet filtering. Of course, we ought not REQUIRE that it be implemented in routers -- both in the sense of not requiring router implementers to include it and also in the sense of not requiring network operators to put the function in routers. Later on 29th Jan 2013, David Farmer wrote, in part: > 1. What happens if you get a proxy loop? > This seems really bad! > Right now I have nothing to prevent this. > > 2. Maybe loop detection can be defined as part of a proxies behaviour. I agree that loop detection/prevention is an operational concern that ought to be addressed. > 3. Creates the same problem AppleTalk had, routers involved > in the name binding protocol. This is especially a problem > for most enterprise network gear with powerful fast-path ASIC > switching and relatively low powered slow-path processors. I really disagree with (3) above, on multiple grounds. A. My own operational experience with AppleTalk (EtherTalk) on a very large campus network was that even low-cost routers with small CPUs could handle NBP/AppleTalk traffic -- and this was ~15 years ago when a "low cost CPU" was MUCH less capable than today. B. Again, my own operational experience with AppleTalk on a very large campus network was that having this function inside the router meant that (1) the network operator could apply policy, (2) prevented loops, and (3) helped scalability by managing the inter-subnet AppleTalk traffic. C. Back then, "powerful fast-path ASIC switching" was NOT yet widely available and the same "low-powered slow-path processors" (from ~15 years ago) were able to handle BOTH bridging/forwarding and also AppleTalk/NBP traffic. Also, back then the world was much more multi-protocol (e.g. IPX, Banyan, IPv4, and AppleTalk were commonly deployed concurrently on a single campus network using the same interconnection devices; my site also had some experimental IPv6 traffic). D. The widespread availability of commodity ASIC packet processors and the huge increase in the power of what we call a "low-powered" CPU means that a well-designed "mDNS agent/relay/proxy" really ought not be an issue inside an affordable enterprise-grade switch from any major vendor. > 4. Doesn't really solve any multicast traffic issues or scaling > of the name space. Yes, it's not the network's problem to display > 100s of services, but it will be a problem with most of the GUI's > I've seen. We ought to keep potential UI concerns separate from the potential protocol concerns. Getting the protocol design reasonably correct is a central issue for the IETF, whereas UI design generally is beyond the IETF's scope. IETF might well offer document UI concerns and/or offer advice about UI considerations, but UIs are normally outside the IETF scope. > 5. What about IPv6, mDNS is using link-local IPv6, how do you > route between multiple IPv6 link-local, by definition you can't. > So multi network mDNS is really IPv4 only right now. I'm not too sure about the claim in that last sentence. I have heard of at least one multi-subnet "proxy-oriented" implementation of mDNS that exists today, and that approach should work equally well for IPv4 and IPv6. Of course, that existing prototype/implementation is necessarily proprietary, simply because this WG doesn't have a specification one could comply with. > So a proxy that safely interconnects multiple link-local nets > is only one small part of the solution space we need. That is > only a start, but an important start. I mostly agree with this. Much later, on 6th February 2013, Andrew Sullivan wrote, in part: > > It seems to me that, in Internet terms, we really have three > scopes: > > 1. my network; > 2. my network_s_; > 3. the Internet. I'm not entirely clear on Andrew's terminology, but my guess is that by (1) he means this subnet/link and (2) the set of inter-connected subnets/links at my site/building/home/campus. If I'm understanding his meaning, existing mDNS + DNS-SD is a sufficient solution for (1) -- evidence very broad deployment and use today (and for the past 5 years or so). > In naming, historically we've treated case (2) as a special case > of (3), and sometimes added split-horizon or something to it. > What people are really asking for now is to treat case (2) > as a special case of (1), and figure out how to make that work. From a DNS perspective, I mostly agree with this. In recent history, the DNS deployments mostly seem to be: (1) is something.LOCAL (2) is something.FOO.BAR.TLD (3) also is something.BAZ.TLD We are now looking to extend a single instance of .LOCAL beyond a single link/subnet, but contain it within a single site/campus/home. > The problem I see is that, because of historical practice, > attempting to treat (2) as a special case of (1) will mean > that names designed to be local to (1) will leak into (3). The claim above is not obviously true for several reasons: A) Split-horizon DNS deployments have been around since the 1990s at least. THese are widely deployed. Few problems have arisen in practice, as a percentage of split-horizon deployments. Yes, problems could arise, for example if a human misconfigures something, but it isn't inherent in a split-horizon DNS deployment. B) The current work here on (2) is extending mDNS rather than putting a bunch of *.LOCAL data into the unicast DNS system (which in many ways is a different system entirely, although they have compatible namespaces). I think we all agree that a functional requirement is (edit to taste): Any multi-link/multi-subnet mDNS solution needs to provide mechanisms to ensure that locally-scoped DNS information conveyed via mDNS (including whatever multi-hop mDNS solution emerges) does not leak across an administrative boundary (e.g. home, building, campus, site). > I think that leaking locally-scoped names onto the public > Internet is going to be a bad thing, and that's why I'm > arguing that what is really needed is a way to bring an > actual global namespace to this. I'm not entirely sure what the above quote is trying to say. I agree with supporting the conveyance of global-scope DNS information via mDNS (and via whatever extensions this WG devises). I have clients where this (using mDNS as extended by this WG to convey DNS records using global-scope naming) is an important use-case. I don't agree with the idea of eliminating .LOCAL or similar scoped domains or information advertised in those domains. Its unrealistic to believe that a typical home deployment will use global-scope DNS naming for devices not intended to be accessible from outside the home. Yours, Ran Atkinson
- [mdnsext] mDNSext features/requirements rollup Alf Watt
- [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup Andrew Sullivan
- Re: [mdnsext] mDNSext features/requirements rollup nudge
- Re: [mdnsext] mDNSext features/requirements rollup Andrew Sullivan
- Re: [mdnsext] mDNSext features/requirements rollup Brian Dickson
- Re: [mdnsext] mDNSext features/requirements rollup Andrew Sullivan
- Re: [mdnsext] mDNSext features/requirements rollup Tim Chown
- Re: [mdnsext] mDNSext features/requirements rollup David Farmer
- Re: [mdnsext] mDNSext features/requirements rollup David Farmer
- Re: [mdnsext] mDNSext features/requirements rollup peter van der Stok
- Re: [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup Dan Harkins
- Re: [mdnsext] mDNSext features/requirements rollup Alf Watt
- Re: [mdnsext] mDNSext features/requirements rollup Stephen Orr (sorr)
- Re: [mdnsext] mDNSext features/requirements rollup nudge
- Re: [mdnsext] mDNSext features/requirements rollup David Farmer
- Re: [mdnsext] mDNSext features/requirements rollup vortex
- Re: [mdnsext] mDNSext features/requirements rollup Andrew Sullivan
- Re: [mdnsext] mDNSext features/requirements rollup vortex
- [mdnsext] mDNSext features/requirements rollup Olivier Levon
- Re: [mdnsext] mDNSext features/requirements rollup James Andrewartha
- Re: [mdnsext] mDNSext features/requirements rollup Andrew Sullivan
- Re: [mdnsext] mDNSext features/requirements rollup James Andrewartha
- Re: [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup Michael Richardson
- Re: [mdnsext] mDNSext features/requirements rollup Michael Richardson
- Re: [mdnsext] mDNSext features/requirements rollup Andrew Sullivan
- Re: [mdnsext] mDNSext features/requirements rollup David Farmer
- Re: [mdnsext] mDNSext features/requirements rollup David Farmer
- Re: [mdnsext] mDNSext features/requirements rollup David Farmer
- Re: [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup Joe Touch
- Re: [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup Joe Touch
- Re: [mdnsext] mDNSext features/requirements rollup RJ Atkinson
- Re: [mdnsext] mDNSext features/requirements rollup Johnson, Neil M
- Re: [mdnsext] mDNSext features/requirements rollup Joe Touch