Re: [RRG] Small comment on draft-jen-apt-00.txt
Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 15 October 2007 01:23 UTC
Envelope-to: rrg-data@psg.com
Delivery-date: Mon, 15 Oct 2007 02:26:16 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=S2da7ELyyN4fh+K1S5dE7qPW77WMJ8R7pktNcAkGrWs=; b=AFBvUG/aDyLXA6JIqqAdj4rAlv7Y504EeEoYm80QpN4gVjba933k+QLBkGtzFbDA3XTebgiAROSeG51woiioT0wBh726+bEKCjPHkVo3viGrHF8oj/vuWFF6tviO41flpWW6VuY66aK3YYQuRFeWBV6xpsPak+VPhFrMchw0KM8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=tFU4whYthwzJa37cQGpAg29eG9K5/Egal39eyJFYW709cCzzIWgbyeMYPeXljbXqXG+F5k6toEixRiYavOvxixpDzXSotQW4cRuE9gHIZsbxb2eCd7AtLb3065wpqYf4m0/F2plMngKkg7qhrkEg/Pict75VNMuROTXAmiF3b6I=
Message-ID: <4712C126.8000609@gmail.com>
Date: Mon, 15 Oct 2007 14:23:50 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Michael R Meisel <meisel@cs.ucla.edu>
CC: rrg@psg.com
Subject: Re: [RRG] Small comment on draft-jen-apt-00.txt
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
On 2007-10-12 22:24, Michael R Meisel wrote: > Hi Brian, thanks for your comments. Sorry to take so long to get back to > you, Dan Jen and I were both away from UCLA this summer. Please see my > (overdue) responses to your comments below. > > Brian E Carpenter wrote: >> I'm concerned that the proposed mechanism (as described >> in section 5) completely deprives senders of the ability >> to choose which of a destinations locators to use, in >> accordance with their local policy (whatever it may be). >> I don't think this is acceptable as it alllows receivers >> or the operators of default APT mappers to constrain senders' >> choice of ISP. That settles a business "tussle" in advance, >> and I don't think technology should do that. > > Actually, the customer of an ISP is ultimately the authority for their > own mapping information. Of course, since it's the ISP that announces > the mapping, the customer has to trust them not to modify it. One detail > that didn't make it into the 00 version of our draft is that we plan to > allow mappings to be cryptographically signed with a customer's private > key. We haven't yet determined how public keys will be distributed in a > secure manner, but we're working on it. This would prevent their ISPs > from modifying their mappings without invalidating them. OK, that wasn't completely clear to me on first reading, but seems fine. > >> I'm also a bit concerned (section 5.1) that failover will be >> delayed. In today's model, a sender can try a second address >> after a sender-decided timeout on the first one. In APT, it >> looks as if the sender will have to depend on a timeout in >> the default mapper. But the only real test of reachability >> is end to end. > > I think you may be confusing user-space addresses (used for end-to-end > communications) with multihoming of user networks. In fact, we are > currently working on some terminology changes to help clarify this > distinction. I didn't think I was confusing those. In any case, host software doesn't know about that distinction - it only knows about addresses, and it's standard procedure to try addresses in sequence if you get more than one from A/AAAA records. > > If you have more than one user-space destination address, such as from > DNS A records, which you could address a (end-to-end) packet to, that > will work the same way with APT as it would today. Logically, yes, but... > > APT failover handles the case where the tunnel exit point (that is, the > ETR) for a given user-space *prefix* fails. Note that this is in the > middle of the network, not at an endpoint. In the existing network, the > failure would have caused a BGP route change. With APT, there is no > announcement or timeout involved, the first packet is simply re-routed > to a working ETR if possible, and the ITR is notified so that subsequent > packets are tunneled directly to the working ETR. Yes, if there *is* a working path. But if there isn't, it will be a long time before the upper layer tries the next address that it knows about, I think. Or do you think the upper layer will just time out anyway? In any case, the upper layer code will be trying to get around apt instead of working with it. > >> And the standard question: how will this work with SCTP? > > APT will be invisible to end users. This means that it should not have > any effect on any transport-layer protocol. But SCTP doesn't *want* that invisibility, because it explicitly chooses to change to an alternative address in order to use an alternative path. How do you allow SCTP to do its job? Brian -- to unsubscribe send a message to rrg-request@psg.com with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
- [RRG] Small comment on draft-jen-apt-00.txt Brian E Carpenter
- Re: [RRG] Small comment on draft-jen-apt-00.txt Michael R Meisel
- Re: [RRG] Small comment on draft-jen-apt-00.txt Brian E Carpenter
- Re: [RRG] Small comment on draft-jen-apt-00.txt Michael R Meisel
- Re: [RRG] Small comment on draft-jen-apt-00.txt Lixia Zhang