Re: [pcp] How to guarantee the same PCP/AFTR be selected in ip-in-ip anycast deployment
Dan Wing <dwing@cisco.com> Thu, 14 March 2013 22:23 UTC
Return-Path: <dwing@cisco.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9F6111E814D for <pcp@ietfa.amsl.com>; Thu, 14 Mar 2013 15:23:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.9
X-Spam-Level:
X-Spam-Status: No, score=-109.9 tagged_above=-999 required=5 tests=[AWL=-0.699, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RIcs1opTwlPl for <pcp@ietfa.amsl.com>; Thu, 14 Mar 2013 15:23:56 -0700 (PDT)
Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id 285B411E812B for <pcp@ietf.org>; Thu, 14 Mar 2013 15:23:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8278; q=dns/txt; s=iport; t=1363299836; x=1364509436; h=mime-version:subject:from:in-reply-to:date:cc:message-id: references:to; bh=366ZZ9WyGbdiwONSPsE4y1wITQTZyjdr4kLyQPJgUCg=; b=FvQ6/cg2EkYORLleewF3DsBpfZD+ETMUBgiMvO7lKPNNbm0G+/sWir97 47SHACFBpahHezIN2T+rMU84y6UntZfL+ummP8LvCCaz0rVPRBsLtEJJj H3+KwUGAkvdwe5Z1XLzciXqkcZdIDryAMkjDsWulGqJObsUy8pCiI7ZO6 I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlkFAHZNQlGrRDoJ/2dsb2JhbABDszGRVIFnFnSCKwEBAQMBAQEBawsFCwtGIQYwBhMbh2cDCQUNuBcNiVuMTIJKB4JfYQOUeIFggR+KSYUagVSBUiA
X-IronPort-AV: E=Sophos; i="4.84,848,1355097600"; d="scan'208,217"; a="72957863"
Received: from mtv-core-4.cisco.com ([171.68.58.9]) by mtv-iport-3.cisco.com with ESMTP; 14 Mar 2013 22:23:49 +0000
Received: from sjc-vpn7-905.cisco.com (sjc-vpn7-905.cisco.com [10.21.147.137]) by mtv-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id r2EMNmJM031182; Thu, 14 Mar 2013 22:23:49 GMT
Content-Type: multipart/alternative; boundary="Apple-Mail=_FA190D83-67E7-4191-8D33-B28371D20FF2"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Dan Wing <dwing@cisco.com>
In-Reply-To: <CAH3bfACdfxYTXZSPFEtLLKEBWFsqjbRXj6+SvJ32hQNXZq8rug@mail.gmail.com>
Date: Thu, 14 Mar 2013 18:23:48 -0400
Message-Id: <E1D60F20-111F-4F00-B641-85A246C5B0E0@cisco.com>
References: <CAH3bfACdfxYTXZSPFEtLLKEBWFsqjbRXj6+SvJ32hQNXZq8rug@mail.gmail.com>
To: Qiong <bingxuere@gmail.com>
X-Mailer: Apple Mail (2.1499)
Cc: "pcp@ietf.org" <pcp@ietf.org>
Subject: Re: [pcp] How to guarantee the same PCP/AFTR be selected in ip-in-ip anycast deployment
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2013 22:23:57 -0000
On Mar 14, 2013, at 6:01 PM, Qiong <bingxuere@gmail.com> wrote: > Hi all, > > I'm aware there was discussion on whether to use native IPv6 or ip-in-ip for PCP. Sorry to re-open the discussion since we have encountered real problems when deploying anycast-based DS-Lite. > > In our DS-Lite deployment, different AFTRs will be configured with the same address to support load-balancing and announced with the same metric into IGP. PCP server is co-located with AFTR, and there are multiple layer-3 hops between B4 and AFTR. > > Currently, most intermediate routers along the path use 5-tuple by default (source address, destination address, source port, destination port and protocol) as the hashing index for native IPv6 PCP requests to determine which PCP server will be selected. However, since the following data traffic is ip-in-ip, the intermediate routers can not see the encapsulated port numbers and they can only use 3-tupe (source address, destination address, protocol) as the hashing index. In this case, there is no guarantee that the same PCP/AFTR will be selected as the hashing index is different, and therefore, the mapping will not consistent with different AFTRs. > > I'm hoping to find solutions to address this problem. Should we use consistent PCP transportation as the following data traffic, e.g. ip-in-ip in DS-Lite ? Putting PCP aside for a moment, if the entire 5-tuple is hashed and decides which AFTR is used, that means traffic from the same host will be sent to different AFTRs, which means the traffic will have different public IP addresses (after being NATted by the AFTR). This will break passive-mode FTP (which is the default in every popular FTP client), and will break many HTTP websites (which include the source IP address in their authentication cookies; often these are baking sites). Seems this is a problem more significant than PCP. I imagine there are other protocols that have implicit assumptions that all connections come from the same IP address, because that has been the standard function of hosts on the Internet for a long while. Also, I don't see a problem to this, no matter if PCP uses an IANA-assigned anycast address, or if there is a DHCP-assigned address, or anything other address. What might work is that every router along the path between the B4 and the AFTR be smart enough to apply their same hash to the PCP messages as to native traffic. Or, don't use anycast with a CGN. I don't see how anycast can work well, especially for FTP and (certain) HTTP cookies or possibly other protocols. -d > Thanks in advance ! > > Best wishes > -- > ============================================== > Qiong Sun > China Telecom Beijing Research Institude > > > Open source code: > lightweight 4over6: http://sourceforge.net/projects/laft6/ > PCP-natcoord: http://sourceforge.net/projects/pcpportsetdemo/ > =============================================== > > _______________________________________________ > pcp mailing list > pcp@ietf.org > https://www.ietf.org/mailman/listinfo/pcp