Re: [Pidloc] PIdLoc Webex

Dino Farinacci <farinacci@gmail.com> Fri, 07 December 2018 19:08 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: pidloc@ietfa.amsl.com
Delivered-To: pidloc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD200130FAE for <pidloc@ietfa.amsl.com>; Fri, 7 Dec 2018 11:08:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xPfT7-VyXqJ3 for <pidloc@ietfa.amsl.com>; Fri, 7 Dec 2018 11:08:25 -0800 (PST)
Received: from mail-it1-x130.google.com (mail-it1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C3F6130E96 for <pidloc@ietf.org>; Fri, 7 Dec 2018 11:08:25 -0800 (PST)
Received: by mail-it1-x130.google.com with SMTP id m8so2257946itk.0 for <pidloc@ietf.org>; Fri, 07 Dec 2018 11:08:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=HGru9AuXm9W2aBXpqUBsYqKz4d0jgQivsT3m5BzdQ48=; b=ZSlMTvf7ETEql/7RpDF0u+gt3XzZ78KFvtrecbR4Vbwhhj1JSP/oDr5FlFPcwuZXSl aADnFzu8kF1c2VfIlZFc+DEL+t4BWPUJG/tCkcSPBfRL4pwZAeAvaN6ijn8AMfuqJfVM nOIzNUq30qdSNsEyE2DQIyEfrk+ZvHU6b3F/n8aPCt8N95pFuNWlDb9IXpeTrDoeDjbi mNryBy4ZfzYtVmrhnooNTBPLXemW8JNTze7AdO3t7YWD1XN1bL7rXsS3fIdVVmsi80Fh ipeiVeKd7ghNfH5qT2yulW/JAeSeAbH3mNabv55YKeQF631NGw9LEsa+14c+A/uWNJo9 3NYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=HGru9AuXm9W2aBXpqUBsYqKz4d0jgQivsT3m5BzdQ48=; b=JpUvHyfrVK6ac440BbuFR/1e6ISnDv88ljJGisgNplLITVQECRSOEC8kSpL5h1QiIh SOvkTNd9sx5wtQ+RN6v5/EDI5xAmMWphwNiPVfGoU36Vp79fvNQabxfHNQVzI+KB8e00 cvFwUSUKNoDIifv8lnmA3MapRP5fDRCAloLVca9vnObs3KK+KSRjoDbY9gfvtySyNyr7 LJvlrT4WXcr/9Salc7egE0POcLgtcyn9/Zmexj+SZKZ6kuL8Mi8jkEjBsDFlfTQhpoXu A78VA9LfWary3jUdgV2WFXXOVvW+XiHl1wk9bo/P+Q2UAW4xfpte9lswe9YmVqEh0S1c /75A==
X-Gm-Message-State: AA+aEWYLChd67g/RagR4dqZAdQ42fIH4nBMKUiE8FvCtIs4HYKnnNEmd 132KK0QxV8IoPcL6KK/9fcM=
X-Google-Smtp-Source: AFSGD/Xh96OTEu7ekf80dgkYealKF/SaoMMH7k7UeJ0GBDPwXCqljjY8xJ7TdqfkJoVDdOU+2HkuYg==
X-Received: by 2002:a24:2943:: with SMTP id p64mr3159170itp.94.1544209704710; Fri, 07 Dec 2018 11:08:24 -0800 (PST)
Received: from [172.19.131.149] ([8.46.73.106]) by smtp.gmail.com with ESMTPSA id q197sm2172667itb.22.2018.12.07.11.08.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 Dec 2018 11:08:24 -0800 (PST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <CAPDqMepM0PmuHgXxqGP41kBCRXHfO7iDD_QkvzMiFPD9wyEHLQ@mail.gmail.com>
Date: Fri, 7 Dec 2018 11:08:13 -0800
Cc: Dirk.von-Hugo@telekom.de, RJ Atkinson <rja.lists@gmail.com>, Saleem Bhatti <saleem@st-andrews.ac.uk>, Shunsuke Homma <homma.shunsuke@lab.ntt.co.jp>, Behcet Sarikaya <sarikaya@ieee.org>, Luigi Iannone <ggx@gigix.net>, erik@zededa.com, pidloc@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <9A5612A3-0C9A-4A43-84F3-C5CEC3FF0CCA@gmail.com>
References: <FRAPR01MB0801A22EEC0D55414EFFEC2ED1D00@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB0801CDFD28647B7A02D700D2D1D00@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB0801A452C8111F16940D4D65D1D10@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB080121A9C90A6F78BBD7E4B7D1AF0@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <95C0EB99-9A1F-4650-B764-2CC923B879A2@gmail.com> <CAPDqMeoUPaCiAF_7FeiBko0g=ofH6UcCtMAFn+1yLrPWJQfGWw@mail.gmail.com> <12D7EB58-278A-4ED4-83CE-B72F9206F054@gmail.com> <CAPDqMeqBL2O-g3-u5y2OZvsLJFG-qe_a3dc5qXSR8GaMAFsKXg@mail.gmail.com> <5CDE5968-FF04-4F8D-96F6-5CE51445B3CC@gmail.com> <CAPDqMeoRBD0qFFgnwpZghaNz7aHJA_mXfc16ainwjDhXQMQ+ew@mail.gmail.com> <3BB55FFA-D711-43AB-A788-AD7AA300D7DF@gmail.com> <CAPDqMermOi_avv24f9=mawUJ3HAvLjqv3CbhziOL5pWCLbtDdA@mail.gmail.com> <E3A4FF53-AA56-404A-9E3B-FD88E84674C5@gmail.com> <CAPDqMepM0PmuHgXxqGP41kBCRXHfO7iDD_QkvzMiFPD9wyEHLQ@mail.gmail.com>
To: Tom Herbert <tom@quantonium.net>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pidloc/wepDT6pnHmLz9com8FyQO7QvaZI>
Subject: Re: [Pidloc] PIdLoc Webex
X-BeenThere: pidloc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <pidloc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pidloc>, <mailto:pidloc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pidloc/>
List-Post: <mailto:pidloc@ietf.org>
List-Help: <mailto:pidloc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pidloc>, <mailto:pidloc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2018 19:08:28 -0000

> Yes, the network should assign ephemeral addresses. Scaling this so
> that hosts can use a different address per connection is the problem
> that ensues.

For the outer (or only header), you cannot get assigned ephemeral addresses. They need to be provider-assigned addresses so routing deeper in the network can aggregate such addresses into coarser prefixes.

And note ISPs want to use uRPF so another reason for provider-assigned addresses. The best way to solve the *entire* problem is to tunnel with encryption from a point inside the ISP. Then the outer addresses are coarsified and the inner addresses are obfuscated.

You could solve some of the problem with ILA but you need to keep translating the packet as it goes to the destination. And that will be hard to debug since it breaks traceroute.

Dino