Re: [renum] Working Group Last Call: draft-ietf-6renum-gap-analysis-03.txt
Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 18 September 2012 13:07 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: renum@ietfa.amsl.com
Delivered-To: renum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C78F21F8783 for <renum@ietfa.amsl.com>; Tue, 18 Sep 2012 06:07:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.539
X-Spam-Level:
X-Spam-Status: No, score=-103.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nsECodRcmrGK for <renum@ietfa.amsl.com>; Tue, 18 Sep 2012 06:07:17 -0700 (PDT)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id 08F9C21F876D for <renum@ietf.org>; Tue, 18 Sep 2012 06:07:16 -0700 (PDT)
Received: by iabz21 with SMTP id z21so6805366iab.31 for <renum@ietf.org>; Tue, 18 Sep 2012 06:07:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=RaAIIDqbnGdk92FYpNyKC5/9Nb+4/uXfgfFD5EfZUlY=; b=MqezDC1+4UJvjqq4KjIpaWdjYrOe2jfjf0XD4cI7hJOD8VgNgdsAsyzFRc4W2CH4Rn 0MFz09ZEckgnUbY2POXb2yAfv+Xl4OkR8U7q0wuoJKr9UJviHeFYC2/5j+0aOeuWBbCG T2+EkeaMmyQ3P4LuLDDARLpHDpOgtl9exDubVU0JERB2zWoHBV8W0AMKuspYa7ZqDUaw E7K2GXBH+ynVAuzUa4YAwEOZPlAQiJt1R8V35+0vRiX4puaVNWHhcVbmjUOVCdSAnvbF ABpVKQc2aIpicAe/S5a3zTLhIpG7sbFOmBNPar7J0TkHnrOacxx3YXCoRxI1wjcFFcmu ei+g==
Received: by 10.50.94.201 with SMTP id de9mr37543igb.61.1347973636273; Tue, 18 Sep 2012 06:07:16 -0700 (PDT)
Received: from [10.255.25.102] (50-76-68-140-static.hfc.comcastbusiness.net. [50.76.68.140]) by mx.google.com with ESMTPS id nh1sm10539873igc.11.2012.09.18.06.07.13 (version=SSLv3 cipher=OTHER); Tue, 18 Sep 2012 06:07:15 -0700 (PDT)
Message-ID: <50587202.9080808@gmail.com>
Date: Tue, 18 Sep 2012 14:07:14 +0100
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Marc Lampo <marc.lampo.ietf@gmail.com>
References: <99B887114EDB1449941CFBC8EC279FA12CB43E09@PRVPEXVS17.corp.twcable.com> <CAB0C4xOdmHpTN2hVY6R4MAeGZU4kKruMuL0u1wPFgqCkXAsbzg@mail.gmail.com>
In-Reply-To: <CAB0C4xOdmHpTN2hVY6R4MAeGZU4kKruMuL0u1wPFgqCkXAsbzg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: "renum@ietf.org" <renum@ietf.org>
Subject: Re: [renum] Working Group Last Call: draft-ietf-6renum-gap-analysis-03.txt
X-BeenThere: renum@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Renumbering discussion mailing list." <renum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/renum>, <mailto:renum-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/renum>
List-Post: <mailto:renum@ietf.org>
List-Help: <mailto:renum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/renum>, <mailto:renum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Sep 2012 13:07:18 -0000
Marc,
On 18/09/2012 08:54, Marc Lampo wrote:
> Hello (and sorry to jump in so late, but as I just changed employer ...),
>
> my remark is about impact of renumbering on IPSEC VPN definitions.
> In my opinion this area is not addressed (enough).
>
> I understand that, via a reference to RFC5887 these is a suggestion to
> define addresses on either side of an IPSEC VPN via DNS.
> One element is that in practice, not all devices "out there" (some
> very widely used) are not capable of defining the valid addresses on
> an IPSEC endpoint via DNS.
True, that's an implementation and deployment gap, not a protocol gap.
All we can do in the IETF is document this kind of gap, since we don't
control implementations.
>
> The second element is about the DNS aspect itself.
> Suppose there is a site-to-site VPN between organisations A and B.
> Suppose organisation A is capable of defining "valid addresses behind
> VPN endpoint" via DNS.
> Problem is that device at organisation A needs access to a NS that
> "knows" about internal addresses at organisation B.
> But if organisation B renumbers its internal network !
> How can DNS server accessible/used by VPN endpoint at organisation A
> know about new addresses in an automatic way ?
Only if B publishes the appropriate AAAA records in global DNS. Of course
B must also use appropriate DNS TTLs and follow the RFC 4192 overlap
procedure. Then when the IPsec SA breaks, the VPN software will retry
and find the new AAAA record.
Nothing works if people don't use the global DNS correctly, due to misguided
belief in security by obscurity.
> Because there is so little about this subject, in the present version,
> I think it is not addressed enough.
> Either explicitly, in a paragraph firmly stating recommendations and procedures;
> or in section 9, Gaps considered unresolvable, where it can be added
> why this is a problem and what admins will have to do manually, if
> they renumber.
I think we need to separate out implementation and deployment recommendations,
which are in scope for an Ops Area WG, even if we need to add a goal to
the WG Charter.
Regards
Brian
> Kind regards,
>
> Marc Lampo
>
> On Thu, Sep 6, 2012 at 6:17 PM, Howard, Lee <lee.howard@twcable.com> wrote:
>> We are requesting a Working Group Last Call on this document. Please review and provide comments before September 19, since this may be the final review of this document.
>>
>> Thanks,
>>
>> Lee
>>
>>
>>> -----Original Message-----
>>> From: renum-bounces@ietf.org [mailto:renum-bounces@ietf.org] On Behalf
>>> Of internet- drafts@ietf.org
>>> Sent: Monday, September 03, 2012 11:38 PM
>>> To: i-d-announce@ietf.org
>>> Cc: renum@ietf.org
>>> Subject: [renum] I-D Action: draft-ietf-6renum-gap-analysis-03.txt
>>>
>>>
>>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>> This draft is a work item of the IPv6 Site Renumbering Working Group of the IETF.
>>>
>>> Title : IPv6 Site Renumbering Gap Analysis
>>> Author(s) : Bing Liu
>>> Sheng Jiang
>>> Brian Carpenter
>>> Stig Venaas
>>> Filename : draft-ietf-6renum-gap-analysis-03.txt
>>> Pages : 20
>>> Date : 2012-09-03
>>>
>>> Abstract:
>>> This document briefly introduces the existing mechanisms could be
>>> utilized by IPv6 site renumbering and tries to cover most of the
>>> explicit issues and requirements of IPv6 renumbering. Through the gap
>>> analysis, the document provides a basis for future works that
>>> identify and develop solutions or to stimulate such development as
>>> appropriate. The gap analysis is presented following a renumbering
>>> event procedure clue.
>>>
>>>
>>>
>>>
>>> The IETF datatracker status page for this draft is:
>>> https://datatracker.ietf.org/doc/draft-ietf-6renum-gap-analysis
>>>
>>> There's also a htmlized version available at:
>>> http://tools.ietf.org/html/draft-ietf-6renum-gap-analysis-03
>>>
>>> A diff from the previous version is available at:
>>> http://www.ietf.org/rfcdiff?url2=draft-ietf-6renum-gap-analysis-03
>>>
>>>
>>> Internet-Drafts are also available by anonymous FTP at:
>>> ftp://ftp.ietf.org/internet-drafts/
>>>
>>> _______________________________________________
>>> renum mailing list
>>> renum@ietf.org
>>> https://www.ietf.org/mailman/listinfo/renum
>> Lee Howard
>> Director, Network Technology
>> Time Warner Cable
>> (703) 345-3513
>> 13820 Sunrise Valley Drive, Herndon VA 20171
>>
>>
>>
>> This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.
>> _______________________________________________
>> renum mailing list
>> renum@ietf.org
>> https://www.ietf.org/mailman/listinfo/renum
> _______________________________________________
> renum mailing list
> renum@ietf.org
> https://www.ietf.org/mailman/listinfo/renum
>
- [renum] Working Group Last Call: draft-ietf-6renu… Howard, Lee
- Re: [renum] Working Group Last Call: draft-ietf-6… Fuyu (Eleven)
- Re: [renum] Working Group Last Call: draft-ietf-6… George, Wes
- Re: [renum] Working Group Last Call: draft-ietf-6… Brian E Carpenter
- Re: [renum] Working Group Last Call: draft-ietf-6… Liubing (Leo)
- Re: [renum] Working Group Last Call: draft-ietf-6… George, Wes
- Re: [renum] Working Group Last Call: draft-ietf-6… George, Wes
- Re: [renum] Working Group Last Call: draft-ietf-6… Marc Lampo
- Re: [renum] Working Group Last Call: draft-ietf-6… Brian E Carpenter
- Re: [renum] Working Group Last Call: draft-ietf-6… Liubing (Leo)
- Re: [renum] Working Group Last Call: draft-ietf-6… Liubing (Leo)
- Re: [renum] Working Group Last Call: draft-ietf-6… RJ Atkinson
- Re: [renum] Working Group Last Call: draft-ietf-6… Shane Amante