Re: ingress filtering for (n,n,n) (was Re: [nemo] Charter proposal
marcelo bagnulo braun <marcelo@it.uc3m.es> Wed, 05 April 2006 11:08 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FR5sJ-0004Pe-EV; Wed, 05 Apr 2006 07:08:35 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FR5sI-0004PZ-88 for nemo@ietf.org; Wed, 05 Apr 2006 07:08:34 -0400
Received: from n2.nomadiclab.com ([193.234.219.2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FR5sF-0000pC-Hy for nemo@ietf.org; Wed, 05 Apr 2006 07:08:34 -0400
Received: from n2.nomadiclab.com (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id BC9FE212C4E; Wed, 5 Apr 2006 14:08:29 +0300 (EEST)
Received: from outside.nomadiclab.com (d146.nomadiclab.com [193.234.218.146]) by n2.nomadiclab.com (Postfix) with ESMTP id 8A1E9212C46; Wed, 5 Apr 2006 14:08:29 +0300 (EEST)
Received: from outside.nomadiclab.com (localhost [127.0.0.1]) by outside.nomadiclab.com (Postfix) with ESMTP id 217B7BDC40; Wed, 5 Apr 2006 14:08:29 +0300 (EEST)
Received: from [193.234.219.179] (w179.nomadiclab.com [193.234.219.179]) by outside.nomadiclab.com (Postfix) with ESMTP id DFC24BDC3D; Wed, 5 Apr 2006 14:08:28 +0300 (EEST)
In-Reply-To: <1144234794.21148.87.camel@localhost>
References: <C8E1D942CB394746BE5CFEB7D97610E7016B389C@bart.corp.azairenet.com> <1144208971.21148.60.camel@localhost> <8060790bcb760dced0a56f05ced0002c@it.uc3m.es> <1144234794.21148.87.camel@localhost>
Mime-Version: 1.0 (Apple Message framework v623)
Content-Type: text/plain; charset="ISO-8859-1"; delsp="yes"; format="flowed"
Message-Id: <c73adf710b802666c52db242d079af6c@it.uc3m.es>
Content-Transfer-Encoding: quoted-printable
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
Subject: Re: ingress filtering for (n,n,n) (was Re: [nemo] Charter proposal
Date: Wed, 05 Apr 2006 14:08:27 +0300
To: Chan-Wah Ng <chanwah.ng@sg.panasonic.com>
X-Mailer: Apple Mail (2.623)
X-Virus-Scanned: ClamAV using ClamSMTP
X-Virus-Scanned: ClamAV using ClamSMTP
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 848ed35f2a4fc0638fa89629cb640f48
Cc: ml-nemo WG <nemo@ietf.org>, "T.J. Kniveton" <tj@kniveton.com>, Vijay Devarapalli <Vijay.Devarapalli@AzaireNet.com>
X-BeenThere: nemo@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NEMO Working Group <nemo.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nemo>, <mailto:nemo-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:nemo@ietf.org>
List-Help: <mailto:nemo-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nemo>, <mailto:nemo-request@ietf.org?subject=subscribe>
Errors-To: nemo-bounces@ietf.org
El 05/04/2006, a las 13:59, Chan-Wah Ng escribió: > > I have no disagreement with what you pointed out, but for the sake of > discussion, I like to point out a few things: > > (1) By definition of ingress filtering, the problem will only occur > from > the direction of MNN towards CN, not the other way round. > agree that is why i described the difficulties in the provision of fault tolernce in this direction, to show that there are relevant issues that have no relation with ingress filtering :-) > (2) In this direction, ingress filtering pose a significant, if not the > most, problem for fault tolerance to work. well, i guess that the most important issues are posed by failures, rather that filters :-) I mean, in the case of filters, you already know what is wrong and what needs to be done in order to make it work. I mean, you can think of much more general solutions to the ingress filtering problem, like the ones described in http://www.watersprings.org/pub/id/draft-huitema-shim6-ingress- filtering-00.txt This approach allows to send the packets through the correct exit router, so no problems will occur with ingress filters. however, such approach is not good enough to deal with failures. This is because we don't know when failures occur and we need to reroute packets through alternative ISPs which do not match with the prefix included in the source address. I mean, if we want to provide ingress filtering capability, we can do two things: i) allow that packets with an alternative prefix in the source address get routed through an HA/ISP that has not delegated the prefix in the source prefix or ii) make sure that packets are always routed through the correct HA/ISP. However, if you want to deal with failures, the ii) option is no longer avialble, and only i) is possible since the original HA/ISP is no longer there. That is why i think that ingress filtering is just one piece of the faul tolerance provision, and the real problem is fault tolerance as a whole > > (3) A solution which provides fault tolerance capability to a (n, n, n) > network can be easily used to overcome ingress filtering problem even > if > there is no fault. > agree, but the other way around is not true. I mean a solution that provides ingress fitlering capability may not provide fault tolerance, see http://www.watersprings.org/pub/id/draft-huitema-shim6-ingress- filtering-00.txt regards, marcelo > /rgds > /cwng > >> Regards, marcelo >> >>> Having said that, I do agree with marcelo on the rewording of the >>> charter though. It would make it specific to NEMO, and raise less >>> concern for work scope overlaps in WGs. >>> >>> /rgds >>> /cwng >>> >>> On Tue, 2006-04-04 at 16:01 -0700, Vijay Devarapalli wrote: >>>> Chan Wah presented a bunch of slides at the last >>>> IETF, explaining what needs to be done in the >>>> NEMO WG and Monami6 WG when it comes to multihoming. >>>> >>>> see the following URL. >>>> http://www3.ietf.org/proceedings/05nov/slides/nemo-2/sld6.htm >>>> >>>> I think thats what the following means. >>>> >>>>> Aug 2006 Submit -00 draft on (n,n,n) ingress filtering >>>> >>>> Vijay >>>> >>>>> -----Original Message----- >>>>> From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es] >>>>> Sent: Tuesday, April 04, 2006 3:53 AM >>>>> To: T.J. Kniveton >>>>> Cc: ml-nemo WG >>>>> Subject: ingress filtering for (n,n,n) (was Re: [nemo] >>>>> Charter proposal >>>>> >>>>> Hi all, >>>>> >>>>> In the proposed nemo charter, there is a bullet stating: >>>>> >>>>> Aug 2006 Submit -00 draft on (n,n,n) ingress filtering >>>>> >>>>> I am not sure i understand this point. >>>>> I don't think that there is much nemo specific in the ingress >>>>> filtering problem itself >>>>> OTOH, i think that the interesting problem to deal with in nemo >>>>> multihoming is how to provide an optimization for the provision of >>>>> fault tolerance in the link between the MR and the AR (or the HA) >>>>> >>>>> I mean, an important different between the nemo multihoming and the >>>>> general site multihoming scenario, is that failures are much more >>>>> likely to occur in the link between the MR and the AR (or the HA). >>>>> So >>>>> haivng special tools to deal with this case would be a useful >>>>> optimization imho >>>>> The nemo multihoming analysis draft presents one of such solutions >>>>> in >>>>> the Appendix B and as i have mentioned already, imho the presented >>>>> soilution has enough merits to be desribed in a separate draft. >>>>> However, i don't see this as an ingress filtering solution, >>>>> but rather >>>>> an optimization for the fault tolerance support for the most common >>>>> case of failure. It should be noted that the solution >>>>> presented in the >>>>> appendix does not requires new protocol extensions, but it would be >>>>> more a informational work afaict >>>>> >>>>> so, not sure what you have in mind with this bullet but i >>>>> would suggest >>>>> to reword it into something like >>>>> Nemo multihoming support Optimizations for MR-AR link fault >>>>> tolerance >>>>> or something more readable but with this ideas. >>>>> >>>>> Regards, marcelo >>>>> >>>>> >>>>> El 24/03/2006, a las 22:27, T.J. Kniveton escribió: >>>>> >>>>>> Here is a starting point for charter update. Please send >>>>> your comments. >>>>>> >>>>>> TJ >>>>>> <charter2.txt> >>>>> >>>>> >>>> >>> >> >> >
- RE: ingress filtering for (n,n,n) (was Re: [nemo]… Vijay Devarapalli
- RE: ingress filtering for (n,n,n) (was Re: [nemo]… Chan-Wah Ng
- Re: ingress filtering for (n,n,n) (was Re: [nemo]… marcelo bagnulo braun
- Re: ingress filtering for (n,n,n) (was Re: [nemo]… Chan-Wah Ng
- Re: ingress filtering for (n,n,n) (was Re: [nemo]… marcelo bagnulo braun