Re: The renumbering problem [Re: [BEHAVE] Comments on the NAT66 draft]
Gert Doering <gert@space.net> Wed, 19 November 2008 09:25 UTC
Return-Path: <owner-v6ops@ops.ietf.org>
X-Original-To: ietfarch-v6ops-archive@core3.amsl.com
Delivered-To: ietfarch-v6ops-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AF51E28C0E4 for <ietfarch-v6ops-archive@core3.amsl.com>; Wed, 19 Nov 2008 01:25:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.606
X-Spam-Level:
X-Spam-Status: No, score=-0.606 tagged_above=-999 required=5 tests=[AWL=-0.769, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, J_CHICKENPOX_33=0.6, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pf24KO8vvtKz for <ietfarch-v6ops-archive@core3.amsl.com>; Wed, 19 Nov 2008 01:25:33 -0800 (PST)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id BFA8F3A6B29 for <v6ops-archive@lists.ietf.org>; Wed, 19 Nov 2008 01:25:32 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-v6ops@ops.ietf.org>) id 1L2jGC-0008Dk-CO for v6ops-data@psg.com; Wed, 19 Nov 2008 09:22:08 +0000
Received: from [195.30.1.100] (helo=moebius2.Space.Net) by psg.com with smtp (Exim 4.69 (FreeBSD)) (envelope-from <gert@Space.Net>) id 1L2jG7-0008DO-37 for v6ops@ops.ietf.org; Wed, 19 Nov 2008 09:22:05 +0000
Received: (qmail 47942 invoked by uid 1007); 19 Nov 2008 09:22:01 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=testkey; d=space.net; b=fkrRtWow5bqcEy36rYv1T5pLq8a7UF9ESejzZWWMzB9IxnlnGqxnagd2MfW9SiZt ;
Date: Wed, 19 Nov 2008 10:22:01 +0100
From: Gert Doering <gert@space.net>
To: james woodyatt <jhw@apple.com>
Cc: Gert Doering <gert@space.net>, IPv6 Operations <v6ops@ops.ietf.org>, Behave WG <behave@ietf.org>
Subject: Re: The renumbering problem [Re: [BEHAVE] Comments on the NAT66 draft]
Message-ID: <20081119092201.GI89033@Space.Net>
References: <courier.4914868B.00003F53@softhome.net> <9937716B-A667-4FB6-8337-9596AD356901@muada.com> <courier.4917F518.00002B4D@softhome.net> <20081110143243.GI89033@Space.Net> <courier.491852A1.000070E6@softhome.net> <1568D893-1DC9-48CF-A04A-F2B55F31E416@apple.com> <4920E51C.7070007@gmail.com> <60FD682C-1436-493F-995D-4B2A7241D398@apple.com> <20081118220136.GE89033@Space.Net> <E60CDD5C-0D46-4C50-B300-FFAABA8BB704@apple.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="1wmxjYP1x3BSmbSx"
Content-Disposition: inline
In-Reply-To: <E60CDD5C-0D46-4C50-B300-FFAABA8BB704@apple.com>
User-Agent: Mutt/1.4.2.1i
X-NCC-RegID: de.space
Sender: owner-v6ops@ops.ietf.org
Precedence: bulk
List-ID: <v6ops.ops.ietf.org>
Hi,
On Tue, Nov 18, 2008 at 06:29:54PM -0600, james woodyatt wrote:
> >OK, I bite. What answer do you give to folks that need to renumber
> >things like site-to-site VPN endpoints, which affects lots of
> >configuration
> >to be changed by *other* folks (their VPN peers)?
>
> Please, help me understand why solving this problem requires storing
> IP addresses in persistent storage without a coherent caching
> protocol. I'm not seeing it-- probably because I'm not sure I
> understand the nature and scope of the problem very well.
Uh, well, people usually configure their VPN endpoints (site-to-site,
not roadwarrior-to-home) with IP addresses.
> For the sake of argument, I'll accept that reasonable people currently
> perceive it to be necessary. My hunch is that those folks should
> probably be using DNS-SD instead of the fragile cruftiness they're
> struggling against now. Maybe if I understood the problem better, I
> could suggest a more detailed alternative to their current solution.
Well. Yes. I've spent some time after my e-mail yesterday to think about
this, and actually using DNS (plus some sort of "not completely braindead
IPSEC implementation") might just work, provided one can get old+new
addresses working for long enough to DNS to propagate.
Which is not instantaneous, as soon as it leaves the local domain.
Now *this* aspect reduces itself to "educated people that DNS is good"
and "educate firewall vendors to write useful IPSEC code".
Another thing that is regularily mentioned regarding "why renumbering is
hard" is access-lists (aka "firewall rules"). DNS as well?
Gert Doering
-- NetMaster
--
Total number of prefixes smaller than registry allocations: 128645
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
- RE: Comments on the NAT66 draft Wes Beebee (wbeebee)
- RE: [BEHAVE] Comments on the NAT66 draft Wes Beebee (wbeebee)
- Re: Comments on the NAT66 draft EricLKlein
- Re: [BEHAVE] Comments on the NAT66 draft Iljitsch van Beijnum
- RE: [BEHAVE] Comments on the NAT66 draft Wes Beebee (wbeebee)
- Re: Comments on the NAT66 draft Rémi Després
- Re: [BEHAVE] Comments on the NAT66 draft Brian E Carpenter
- Re: [BEHAVE] Comments on the NAT66 draft Margaret Wasserman
- Re: [BEHAVE] Comments on the NAT66 draft Rémi Després
- Re: [BEHAVE] Comments on the NAT66 draft Rémi Després
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft Gert Doering
- Re: Comments on the NAT66 draft Rémi Denis-Courmont
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft Gert Doering
- Re: [BEHAVE] Comments on the NAT66 draft Rémi Després
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft Iljitsch van Beijnum
- Re: Comments on the NAT66 draft EricLKlein
- RE: Comments on the NAT66 draft Gunter Van de Velde (gvandeve)
- Re: Comments on the NAT66 draft Tim Chown
- Re: Comments on the NAT66 draft Margaret Wasserman
- Re: Comments on the NAT66 draft Gert Doering
- Re: Comments on the NAT66 draft Gert Doering
- Re: Comments on the NAT66 draft Gert Doering
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft EricLKlein
- Re: Comments on the NAT66 draft Gert Doering
- Re: [BEHAVE] Comments on the NAT66 draft Rémi Després
- Re: Comments on the NAT66 draft james woodyatt
- Re: Comments on the NAT66 draft Gert Doering
- Re: Comments on the NAT66 draft ericlklein
- Re: Comments on the NAT66 draft Gert Doering
- The renumbering problem [Re: [BEHAVE] Comments on… Brian E Carpenter
- Re: The renumbering problem [Re: [BEHAVE] Comment… james woodyatt
- Re: The renumbering problem [Re: [BEHAVE] Comment… Gert Doering
- Re: The renumbering problem [Re: [BEHAVE] Comment… james woodyatt
- Re: The renumbering problem [Re: [BEHAVE] Comment… Gert Doering
- Re: The renumbering problem [Re: [BEHAVE] Comment… james woodyatt
- Re: [BEHAVE] The renumbering problem [Re: Comment… Iljitsch van Beijnum