Re: [pcp] How to guarantee the same PCP/AFTR be selected in ip-in-ip anycast deployment
Qiong <bingxuere@gmail.com> Thu, 14 March 2013 23:00 UTC
Return-Path: <bingxuere@gmail.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDE1911E8133 for <pcp@ietfa.amsl.com>; Thu, 14 Mar 2013 16:00:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level:
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=0.499, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id br0NEwuS+7kH for <pcp@ietfa.amsl.com>; Thu, 14 Mar 2013 16:00:22 -0700 (PDT)
Received: from mail-oa0-f54.google.com (mail-oa0-f54.google.com [209.85.219.54]) by ietfa.amsl.com (Postfix) with ESMTP id 75CDC11E80F7 for <pcp@ietf.org>; Thu, 14 Mar 2013 16:00:22 -0700 (PDT)
Received: by mail-oa0-f54.google.com with SMTP id n12so2799167oag.41 for <pcp@ietf.org>; Thu, 14 Mar 2013 16:00:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:mime-version:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=PEX3RWR1SCsHhWVDh3Uaqqb3X6/VeqXz+bveEJnCguY=; b=HAX66hItEl4QFRjJb9HHZ3UmsFbMjb6ieMb32M0LjgS0iDI7rqqgwiO8htD0q+kjZL afYF3L56T7njO5XCWRKtK+DCysYQwqXPsjnFg6Brz/wiKy+lfQAjZrm9RA195J90DiX/ CH5zaUmlmpqDJPc5vyo1lL6l8fnlgRQIu4MImQ9yWeVjor2f2VkgXBn8yXjQnyZMsCc5 Kc1kpOCRDusH5utuW3mlwsfCYOiy2ss7wAuhjFq5H3FaqfWzqTVr0SF8Arl9J4b0lWCI Enn0ZHAtSamrKcj3UEprxRAKNJUxYjJWDIi6d0Pbmu+N5FJl5Pgc20RsciU2GD4P1msn vMUg==
X-Received: by 10.182.245.33 with SMTP id xl1mr1984612obc.91.1363302021774; Thu, 14 Mar 2013 16:00:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.143.162 with HTTP; Thu, 14 Mar 2013 15:59:41 -0700 (PDT)
In-Reply-To: <E1D60F20-111F-4F00-B641-85A246C5B0E0@cisco.com>
References: <CAH3bfACdfxYTXZSPFEtLLKEBWFsqjbRXj6+SvJ32hQNXZq8rug@mail.gmail.com> <E1D60F20-111F-4F00-B641-85A246C5B0E0@cisco.com>
From: Qiong <bingxuere@gmail.com>
Date: Fri, 15 Mar 2013 06:59:41 +0800
Message-ID: <CAH3bfAAAx9nFaJN1Hv=sWHbrKG4rsrHjf81fAtYG+fRYifUnhg@mail.gmail.com>
To: Dan Wing <dwing@cisco.com>
Content-Type: multipart/alternative; boundary="14dae93a19a3bac3cc04d7ea7c21"
Cc: "pcp@ietf.org" <pcp@ietf.org>
Subject: Re: [pcp] How to guarantee the same PCP/AFTR be selected in ip-in-ip anycast deployment
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2013 23:00:24 -0000
Hi Dan, Thanks for the reply. Please see inline. On Fri, Mar 15, 2013 at 6:23 AM, Dan Wing <dwing@cisco.com> wrote: > > On Mar 14, 2013, at 6:01 PM, Qiong <bingxuere@gmail.com> wrote: > > Hi all, > > I'm aware there was discussion on whether to use native IPv6 or ip-in-ip > for PCP. Sorry to re-open the discussion since we have encountered real > problems when deploying anycast-based DS-Lite. > > In our DS-Lite deployment, different AFTRs will be configured with the > same address to support load-balancing and announced with the same metric > into IGP. PCP server is co-located with AFTR, and there are multiple > layer-3 hops between B4 and AFTR. > > Currently, most intermediate routers along the path use 5-tuple by default > (source address, destination address, source port, destination port and > protocol) as the hashing index for native IPv6 PCP requests to determine > which PCP server will be selected. However, since the following data > traffic is ip-in-ip, the intermediate routers can not see the encapsulated > port numbers and they can only use 3-tupe (source address, destination > address, protocol) as the hashing index. In this case, there is no > guarantee that the same PCP/AFTR will be selected as the hashing index is > different, and therefore, the mapping will not consistent with different > AFTRs. > > I'm hoping to find solutions to address this problem. Should we use > consistent PCP transportation as the following data traffic, e.g. ip-in-ip > in DS-Lite ? > > > Putting PCP aside for a moment, if the entire 5-tuple is hashed and > decides which AFTR is used, that means traffic from the same host will be > sent to different AFTRs, which means the traffic will have different public > IP addresses (after being NATted by the AFTR). This will break > passive-mode FTP (which is the default in every popular FTP client), and > will break many HTTP websites (which include the source IP address in their > authentication cookies; often these are baking sites). Seems this is a > problem more significant than PCP. I imagine there are other protocols > that have implicit assumptions that all connections come from the same IP > address, because that has been the standard function of hosts on the > Internet for a long while. > [Qiong] For DS-Lite itself, since the intermediate routers can not see the inner port numbers, they can only use 3-tupe (source address, destination address and protocol) to do the hashing. The destination address is always the tunnel end-point address. So it can be guaranteed that the same AFTR would be selected for the same user. Therefore, all the upstream traffic will have the same public v4 address. So anycast for DS-Lite itself will not encounter this problem. > > Also, I don't see a problem to this, no matter if PCP uses an > IANA-assigned anycast address, or if there is a DHCP-assigned address, or > anything other address. What might work is that every router along the > path between the B4 and the AFTR be smart enough to apply their same hash > to the PCP messages as to native traffic. > [Qiong] To guarantee that every router applies the same hash is really difficult in reality. Different devices (even different versions) will have different default behavior on determine the hashing. Best wishes Qiong > > Or, don't use anycast with a CGN. I don't see how anycast can work well, > especially for FTP and (certain) HTTP cookies or possibly other protocols. > > -d > > > Thanks in advance ! > > Best wishes > -- > ============================================== > Qiong Sun > China Telecom Beijing Research Institude > > > Open source code: > lightweight 4over6: *http://sourceforge.net/projects/laft6/* > PCP-natcoord:* http://sourceforge.net/projects/pcpportsetdemo/ * > =============================================== > > _______________________________________________ > pcp mailing list > pcp@ietf.org > https://www.ietf.org/mailman/listinfo/pcp > > > -- ============================================== Qiong Sun China Telecom Beijing Research Institude Open source code: lightweight 4over6: *http://sourceforge.net/projects/laft6/* PCP-natcoord:* http://sourceforge.net/projects/pcpportsetdemo/ * ===============================================