IETF Logo Mail Archive

Re: [renum] New Version Notification for draft-jiang-6renum-enterprise-01.txt

Teco Boot <teco@inf-net.nl> Mon, 14 November 2011 03:33 UTC

Return-Path: <teco@inf-net.nl>
X-Original-To: renum@ietfa.amsl.com
Delivered-To: renum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A038011E81AB for <renum@ietfa.amsl.com>; Sun, 13 Nov 2011 19:33:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.442
X-Spam-Level:
X-Spam-Status: No, score=-3.442 tagged_above=-999 required=5 tests=[AWL=-0.158, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZJy67bCpJlDZ for <renum@ietfa.amsl.com>; Sun, 13 Nov 2011 19:33:47 -0800 (PST)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id DDD9011E8160 for <renum@ietf.org>; Sun, 13 Nov 2011 19:33:46 -0800 (PST)
Received: by ywt34 with SMTP id 34so4250972ywt.31 for <renum@ietf.org>; Sun, 13 Nov 2011 19:33:44 -0800 (PST)
Received: by 10.236.72.132 with SMTP id t4mr11460726yhd.58.1321241624373; Sun, 13 Nov 2011 19:33:44 -0800 (PST)
Received: from dhcp-13af.meeting.ietf.org (dhcp-13af.meeting.ietf.org. [130.129.19.175]) by mx.google.com with ESMTPS id u4sm28884092yha.13.2011.11.13.19.33.39 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 13 Nov 2011 19:33:43 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset="us-ascii"
From: Teco Boot <teco@inf-net.nl>
In-Reply-To: <4EC079E8.70009@gmail.com>
Date: Mon, 14 Nov 2011 04:33:36 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <579287AD-5A72-43A1-80E7-FCDE08EB10E8@inf-net.nl>
References: <8AE0F17B87264D4CAC7DE0AA6C406F450C41B0CA@szxeml509-mbs.china.huawei.com> <2527553C-D797-4CFC-AAA1-7D946C7910FF@inf-net.nl> <4EC061A3.4050301@gmail.com> <C4032B38-8CD1-4D7B-AD65-935B48115788@inf-net.nl> <4EC079E8.70009@gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
X-Mailer: Apple Mail (2.1251.1)
Cc: "renum@ietf.org" <renum@ietf.org>
Subject: Re: [renum] New Version Notification for draft-jiang-6renum-enterprise-01.txt
X-BeenThere: renum@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Renumbering discussion mailing list." <renum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/renum>, <mailto:renum-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/renum>
List-Post: <mailto:renum@ietf.org>
List-Help: <mailto:renum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/renum>, <mailto:renum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2011 03:33:47 -0000

Op 14 nov. 2011, om 03:16 heeft Brian E Carpenter het volgende geschreven:

>> I don't see ISPs relax the PA ingress filters. 
> 
> They will (and do) do it for large customers, just as they will
> (and do) announce backup routes for large customers. You just need to
> give them enough millions of currency units...

So a solution is needed for *poor* enterprises :-)

> I agree with you for smaller enterprise customers; the only question
> is how much of this belongs in the gap analysis for renumbering.
> See draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat.

I read this doc as it is applicable for small networks, not for enterprises. I'm fine referring to another doc that describes the gap. Extend draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat for (small or poor) enterprises having a multi-hop network running a routing protocol?

Teco

> 
> Regards
>   Brian
> 
> On 2011-11-14 14:41, Teco Boot wrote:
>>>> Page 11:
>>>>>>     - Border filtering
>>>>>>     In a multihomed site, an egress router to ISP A could normally
>>>>>>     filter packets with source addresses from other ISPs. The egress
>>>>>>     router connecting to ISP A should be notified if the egress router
>>>>>>     connecting to ISP B initiates a renumbering event in order to
>>>>>>     properly update its filter function.
>>>> I don't get this. Isn't ingress filtering recommended? Do ISP A and B coordinate? IMHO an ISP should block packets with other ISPs PA addresses.
>>>> So the network has to forward packets with ISP_A source addresses to ISP_A, not ISP_B. And forward packets with ISP_B source addresses to ISP_B, not ISP_A.
>>>> 
>>> I think the text you quote is confused; it is not the enterprise's egress
>>> routers that do the filtering, but the ISPs' ingress routers.
>>> 
>>> Then there's another discussion. A large enterprise running multiple PA prefixes
>>> would surely tell *all* its ISPs about those prefixes, and expect them to
>>> relax their ingress filters accordingly. A small enterprise probably couldn't
>>> do that, so needs two things:
>>> 
>>> 1. Address pair selection in the hosts that avoids this problem.
>>> 2. Egress router selection based on source address.
>>> 
>>> In any case the renumbering issue is how to inform all your ISPs of the
>>> new prefix to be allowed in their ingress filters, and the old prefix
>>> that is now to be blocked.
>> 
>> I don't see ISPs relax the PA ingress filters. I say routing shall better support multi-homing, it is needed for small enterprises (point 2 above). Large enterprises may have many PA prefixes, so needed there also.
>> 
>> RFC 3704 section 4.3 describes some options for directing packets to the correct ISP. It says "This is not a complicated procedure", but the approach looks clumsy to me. The problem should be tackled at the root, a fix in routing. Get this into gap-analysis document?
>> 
>> PS1: On solutions, not to mention BRDP-based routing: check draft-baker-fun-routing-class.
>> PS2: I understand it will take some time before this is fixed. But that is no excuse to postpone.
>> 
>> Teco.
>> 
>> 
>> 
>>

v2.23.0 | Report a Bug | By Email