IETF Logo Mail Archive

Re: [v6ops] [GROW] Deaggregation by large organizations

Matthew Petach <mpetach@netflight.com> Fri, 17 October 2014 01:18 UTC

Return-Path: <mpetach@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EDCB1A89C6; Thu, 16 Oct 2014 18:18:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.677
X-Spam-Level:
X-Spam-Status: No, score=-0.677 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_14=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S9gkH_pC5QyE; Thu, 16 Oct 2014 18:18:36 -0700 (PDT)
Received: from mail-yh0-x22e.google.com (mail-yh0-x22e.google.com [IPv6:2607:f8b0:4002:c01::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7BBD1A8820; Thu, 16 Oct 2014 18:18:35 -0700 (PDT)
Received: by mail-yh0-f46.google.com with SMTP id f73so2530061yha.33 for <multiple recipients>; Thu, 16 Oct 2014 18:18:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=i0yXQE4ctnxh8MB9s4fuDuRYed12/gDqKTKkvg2Ax/U=; b=FDAEI3Wv+iKmMCzadvoJ/4uhOTkP0ucH6vzam2ZxNDqxnFIGiBueWzYmni/nty8vaz c5Glpvi9E6QO75NBDDp+QEfKWk7lpUsQyHW6ClZkCwC3yQnpRjYmVp92BRKngbbsbM6u A2cXJXBD8/pFSaC3i/NuFmiY+LZ3hThOd4vnCBc79V6MMOMNobi+ad7pb8tUBpw/xozq 5BpxXkfzPlgSplPRgBa0Edq1UHCWi4dpKWkcLYrnbX1i8AWX2ewc1ZfFIJaFUzgvk7iP CNuf2zRstJOCyIhg8f1E+rciG6Cvw34YyXrtAD1fRsCkRchRnCD3vGXgQv/fn3Xt6RFF TGjg==
MIME-Version: 1.0
X-Received: by 10.236.19.138 with SMTP id n10mr6575236yhn.55.1413508714898; Thu, 16 Oct 2014 18:18:34 -0700 (PDT)
Sender: mpetach@gmail.com
Received: by 10.170.168.87 with HTTP; Thu, 16 Oct 2014 18:18:34 -0700 (PDT)
In-Reply-To: <20141017010552.9682921A4D54@rock.dv.isc.org>
References: <F5C06CAF-0AD2-4225-8EE7-FC72CE9913F0@muada.com> <755DE4C3-CDDF-41AF-BA9C-E8EC5B4DFC4C@muada.com> <A7F6BEA0-BCDD-4197-B6CB-7EB8797ACA9C@delong.com> <20141016233533.1B73521A106C@rock.dv.isc.org> <CAEmG1=r7UdeStcqFjiQRO_Vt1hfR_T4oyTW5FD-eD1ATEXpc6A@mail.gmail.com> <20141017010552.9682921A4D54@rock.dv.isc.org>
Date: Thu, 16 Oct 2014 18:18:34 -0700
X-Google-Sender-Auth: LtXMQMV-vfzJoV3zNoCaLy7Kv2g
Message-ID: <CAEmG1=qi2YcBrMC8__32PFPzD6OfycTbJqeV9g_WbOs7+T14gA@mail.gmail.com>
From: Matthew Petach <mpetach@netflight.com>
To: Mark Andrews <marka@isc.org>
Content-Type: multipart/alternative; boundary="089e0160befad6aa910505942458"
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/3AYnomooCkwqNZk1uXv0LOu0X3M
Cc: v6ops@ietf.org, grow@ietf.org
Subject: Re: [v6ops] [GROW] Deaggregation by large organizations
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Oct 2014 01:18:38 -0000

On Thu, Oct 16, 2014 at 6:05 PM, Mark Andrews <marka@isc.org> wrote:

>
> In message <CAEmG1=
> r7UdeStcqFjiQRO_Vt1hfR_T4oyTW5FD-eD1ATEXpc6A@mail.gmail.com>, Matthew
> Petach writes:
> > --089e013a14fa48fd43050593df5a
> > Content-Type: text/plain; charset=UTF-8
> >
> > On Thu, Oct 16, 2014 at 4:35 PM, Mark Andrews <marka@isc.org> wrote:
> >
> > >
> > > In message <A7F6BEA0-BCDD-4197-B6CB-7EB8797ACA9C@delong.com>, Owen
> DeLong
> > > writes:
> > > >
> > > > On Oct 16, 2014, at 02:43 , Iljitsch van Beijnum <iljitsch@muada.com
> >
> > > wrote:
> > > >
> > > > > Let me address a few points that were brought up by different
> people.
> > > > >
> > > > > Renumbering:
> > > > >
> > > > > We had great plans for making renumbering easy in the early days of
> > > IPv6. Remember A6 records and bit
> > > > labels in the DNS? But none of that went anywhere. The problem isn't
> so
> > > much that we can't push a prefi
> > > > x down the network or update the DNS (although both of these still
> have
> > > challenges associated with them
> > > > ), but that addresses tend to get hardcoded all over the place,
> starting
> > > with firewalls all the way up
> > > > to homegrown applications. I don't think renumbering addresses this
> > > issue, although it could help steer
> > > >  some smaller organizations away from PI.
> > > >
> > > > They never went anywhere because they focused on solving the easy
> part
> > > of the renumbering problem while
> > > >  utterly and completely ignoring the hard part.
> > > >
> > > > Easy part: Changing your stuff.
> > > > Hard part: Updating all of the prefix lists, filters, firewall rules,
> > > VPN configurations, and other con
> > > > figuration elements in systems not under your control that contain
> your
> > > prefixes (partner VPNs, peer ro
> > > > uters, etc.).
> > >
> > > Owen this a collective response to the list.
> > >
> > > Not all that hard at all.  Just send signed update requests.  I did
> > > that with email over a decade ago.  You just have to have something
> > > listening for them that verifies the signature and updates the
> > > system.
> > >
> > > Write a draft "Remote Firewall Update Request Protocol" and submit
> > > it.
> > >
> > > The alternative is stop worrying about the remote address and use
> > > security at the application layer.
> > >
> > > Or complain to your vendor that you can't use a hostname in the
> > > configuration file element.  In many cases it doesn't require
> > > anything more than looking up a address in the DNS before the
> > > operation.  Yes, I need to fix the masters clause in named to support
> > > this.  We already do something similar for NOTIFY messages so it
> > > is possible to do this.
> > >
> > > For masters clauses there is a bootstrap problem to deal with but
> > > it is not impossible.  Just sending periodic NOTIFY messages will
> > > work.  Named has had support to do this for 1 1/2 decades now to
> > > allow for a a stealth master behind a dial on demand link.  It would
> > > send a notify periodically.  That would bring up the line.  The
> > > slave would refresh and transfer if required.  When that was complete
> > > the idle timer on link would drop it.
> > >
> > > This just used standard signalling designed by the IETF in a different
> > > way.
> > >
> > > Stop expecting someone else to *find* and fix these issues for you.
> > > You know what the issues are.  Ask your vendors to fix them.  If
> > > they need to co-ordinate they should know where to go to do it.
> > >
> >
> > Or, y'know, we could just get PI space,
> > multihome via BGP, and save ourselves
> > all that headache...
> >
> > ...just sayin'...
> >
> > Matt
>
> And when we can support 40 billion routes, PI becomes a viable
> solution.  Yes, this is the level that PI needs to be able to scale
> to for it to be a actual solution.  Yes, mutiple routes for every
> single person on the planet.
>
> Until then we need to work towards making renumbering work so PI
> isn't needed.
>


The probability of us figuring out how to scale
the routing table to handle 40 billion prefixes
is orders of magnitude more likely than solving
the headaches associated with dynamic host
renumbering.  That ship has done gone and
sailed, hit the proverbial iceberg, and is gathering
barnacles at the bottom of the ocean.
It is an ex-solution.
It is pushing up the daisies.
It has gone to meet its working group.
It is no more.

(with apologies to Monty Python)

Matt



>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
>
>

v2.23.0 | Report a Bug | By Email