IETF Logo Mail Archive

Re: [renum] New Version Notification for draft-jiang-6renum-enterprise-01.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 14 November 2011 02:16 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: renum@ietfa.amsl.com
Delivered-To: renum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A078511E8087 for <renum@ietfa.amsl.com>; Sun, 13 Nov 2011 18:16:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.284
X-Spam-Level:
X-Spam-Status: No, score=-103.284 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_MILLIONSOF=0.315, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DToexY5Y2W+n for <renum@ietfa.amsl.com>; Sun, 13 Nov 2011 18:16:14 -0800 (PST)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 99D6621F8505 for <renum@ietf.org>; Sun, 13 Nov 2011 18:16:14 -0800 (PST)
Received: by ywt34 with SMTP id 34so4204491ywt.31 for <renum@ietf.org>; Sun, 13 Nov 2011 18:16:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=0GkH/LOVVHcuzsnuE7Lz7dhhyD91z9v5IprVRLYyylA=; b=NygsJR+5MEewEktcR2m8mt39UKxn9dt38RaKqPI4usGKhQik5L03gRpjBKbUHzOXXj DMdsWXlpltM3iZwQ8g+L8yTXE2gir2voPxxmju/gM5nUy1pTVlIrBsA7wkrCVyVD1GUK aAb4jt9o6+UOp05W9iGhOHB0I+wg0QUsc7J+c=
Received: by 10.147.58.12 with SMTP id l12mr3544398yak.12.1321236974127; Sun, 13 Nov 2011 18:16:14 -0800 (PST)
Received: from [130.129.19.92] (dhcp-135c.meeting.ietf.org. [130.129.19.92]) by mx.google.com with ESMTPS id 32sm56778371anu.10.2011.11.13.18.16.11 (version=SSLv3 cipher=OTHER); Sun, 13 Nov 2011 18:16:13 -0800 (PST)
Message-ID: <4EC079E8.70009@gmail.com>
Date: Mon, 14 Nov 2011 15:16:08 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Teco Boot <teco@inf-net.nl>
References: <8AE0F17B87264D4CAC7DE0AA6C406F450C41B0CA@szxeml509-mbs.china.huawei.com> <2527553C-D797-4CFC-AAA1-7D946C7910FF@inf-net.nl> <4EC061A3.4050301@gmail.com> <C4032B38-8CD1-4D7B-AD65-935B48115788@inf-net.nl>
In-Reply-To: <C4032B38-8CD1-4D7B-AD65-935B48115788@inf-net.nl>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: "renum@ietf.org" <renum@ietf.org>
Subject: Re: [renum] New Version Notification for draft-jiang-6renum-enterprise-01.txt
X-BeenThere: renum@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Renumbering discussion mailing list." <renum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/renum>, <mailto:renum-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/renum>
List-Post: <mailto:renum@ietf.org>
List-Help: <mailto:renum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/renum>, <mailto:renum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2011 02:16:18 -0000

> I don't see ISPs relax the PA ingress filters. 

They will (and do) do it for large customers, just as they will
(and do) announce backup routes for large customers. You just need to
give them enough millions of currency units...

I agree with you for smaller enterprise customers; the only question
is how much of this belongs in the gap analysis for renumbering.
See draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat.

Regards
   Brian

On 2011-11-14 14:41, Teco Boot wrote:
>>> Page 11:
>>>>>      - Border filtering
>>>>>      In a multihomed site, an egress router to ISP A could normally
>>>>>      filter packets with source addresses from other ISPs. The egress
>>>>>      router connecting to ISP A should be notified if the egress router
>>>>>      connecting to ISP B initiates a renumbering event in order to
>>>>>      properly update its filter function.
>>> I don't get this. Isn't ingress filtering recommended? Do ISP A and B coordinate? IMHO an ISP should block packets with other ISPs PA addresses.
>>> So the network has to forward packets with ISP_A source addresses to ISP_A, not ISP_B. And forward packets with ISP_B source addresses to ISP_B, not ISP_A.
>>>
>> I think the text you quote is confused; it is not the enterprise's egress
>> routers that do the filtering, but the ISPs' ingress routers.
>>
>> Then there's another discussion. A large enterprise running multiple PA prefixes
>> would surely tell *all* its ISPs about those prefixes, and expect them to
>> relax their ingress filters accordingly. A small enterprise probably couldn't
>> do that, so needs two things:
>>
>> 1. Address pair selection in the hosts that avoids this problem.
>> 2. Egress router selection based on source address.
>>
>> In any case the renumbering issue is how to inform all your ISPs of the
>> new prefix to be allowed in their ingress filters, and the old prefix
>> that is now to be blocked.
> 
> I don't see ISPs relax the PA ingress filters. I say routing shall better support multi-homing, it is needed for small enterprises (point 2 above). Large enterprises may have many PA prefixes, so needed there also.
> 
> RFC 3704 section 4.3 describes some options for directing packets to the correct ISP. It says "This is not a complicated procedure", but the approach looks clumsy to me. The problem should be tackled at the root, a fix in routing. Get this into gap-analysis document?
> 
> PS1: On solutions, not to mention BRDP-based routing: check draft-baker-fun-routing-class.
> PS2: I understand it will take some time before this is fixed. But that is no excuse to postpone.
> 
> Teco.
>  
> 
> 
>

v2.23.0 | Report a Bug | By Email