IETF Logo Mail Archive

Re: [v6ops] ULA draft revision #2 Regarding isolated networks

Tore Anderson <tore@fud.no> Wed, 28 May 2014 21:52 UTC

Return-Path: <tore@fud.no>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A964A1A06BB for <v6ops@ietfa.amsl.com>; Wed, 28 May 2014 14:52:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cHRaCWnG3DY5 for <v6ops@ietfa.amsl.com>; Wed, 28 May 2014 14:52:45 -0700 (PDT)
Received: from greed.fud.no (greed.fud.no [IPv6:2a02:c0:1001:100::145]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88CF61A0282 for <v6ops@ietf.org>; Wed, 28 May 2014 14:52:45 -0700 (PDT)
Received: from [2a02:fe0:c410:3310::3] (port=35752 helo=wrath.fud.no) by greed.fud.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <tore@fud.no>) id 1Wplm2-0004r6-Pe; Wed, 28 May 2014 23:52:38 +0200
Message-ID: <53865AA6.2080905@fud.no>
Date: Wed, 28 May 2014 23:52:38 +0200
From: Tore Anderson <tore@fud.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Owen DeLong <owen@delong.com>
References: <8AE0F17B87264D4CAC7DE0AA6C406F453D8B6B9A@nkgeml506-mbx.china.huawei.com> <m261ks7xww.wl%randy@psg.com> <53840070.90801@gmail.com> <m2y4xn7wep.wl%randy@psg.com> <53840723.8010606@gmail.com> <CAKD1Yr1O_poMR200sjU=ttRvGaeQRkC1ZfXC0Ok4uQxdq3K=NQ@mail.gmail.com> <m2mwe37tbn.wl%randy@psg.com> <CAKD1Yr2t3-vxuG=iDi4biBNFpJwuzuHgfpB74i_uydWWRV7qZg@mail.gmail.com> <8AE0F17B87264D4CAC7DE0AA6C406F453D8B6E02@nkgeml506-mbx.china.huawei.com> <m2fvjv7q4h.wl%randy@psg.com> <m1WpDcc-0000BMC@stereo.hq.phicoh.net> <43BB867C-7BCA-45F6-8ADC-A49B34D6C0DC@nominum.com> <5384937A.90409@foobar.org> <m2iooq4oqi.wl%randy@psg.com> <5385762E.5020901@dougbarton.us> <5385AA97.1050207@fud.no> <6740CB67-2CE3-4F41-A513-971C3307975D@delong.com>
In-Reply-To: <6740CB67-2CE3-4F41-A513-971C3307975D@delong.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/b68onkauZiyeq6wFjJb0hq97qiY
Cc: V6 Ops List <v6ops@ietf.org>
Subject: Re: [v6ops] ULA draft revision #2 Regarding isolated networks
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 May 2014 21:52:47 -0000

* Owen DeLong

> On May 28, 2014, at 2:21 AM, Tore Anderson <tore@fud.no> wrote:
> 
>> We have a few customers in the same situation. So we obtained a PI
>> prefix for them, which costs next to nothing in the RIPE region at
>> least, and advertise the prefix on their behalf (and in the cases 
>> where there's a second upstream, the second upstream does the 
>> same). Works perfectly well, and is much less complex than
>> anything solution involving ULA, NAT, multiple prefixes on the
>> hosts, or whatever. The customer just gets a bunch of addresses he
>> can use in perpetuity.
> 
> Exactly, but it does have the drawback of black holing traffic in 
> certain failure modes.

If the upstream starts blackholing in his core network somewhere and the
customer is singlehoming, he's toast no matter how he's connected to the
upstream. If he's multihoming, however, he can just physically pull the
plug or shut the interface and traffic converges on the remaining good
upstream, in pretty much in the same way it would if he used BGP.

Of course, if the problematic upstream provider doesn't withdraw the BGP
announcement when the customer shuts his interface then there's still
going to be a problem, but that's equally true both for connections with
or without BGP between the provider and the customer.

Blackholing of traffic during failure modes is something you can get
with any form of deployment. The way I see it, the use of BGP or non-use
of BGP doesn't really change the risks of this happening either for the
worse or the better. So I don't quite see why you call this a «drawback».

> If you really want to avoid an ASN (not sure why), it is possible to
> do this using a private ASN that is stripped off by the upstream
> provider(s), but using a real ASN is much simpler.

It's not I who want to avoid it, it's the end user. He doesn't
necessarily know how internet routing works, how to set up or operate
BGP, have equipment that can do so [without extra licences], and so
forth. Even if he does, he might not want the extra bother. So the point
isn't to avoid an ASN - if the customer is going to use BGP it's simpler
with an ASN than without - but to avoid requiring BGP.

Where the end user simply wants plain no bells-and-whistles internet
service, but require addresses that work with >1 upstream provider
simultaneously or which may be kept should he decide to switch providers
in the future, using a PI prefix that his upstream(s) originate into the
DFZ on his behalf is a really simple solution that actually works today
both for IPv6 *and* IPv4 (if you have them, that is). It's much less
complex than any solution I've seen that involves ULAs, NPT/NAT, BGP,
multi-prefixes, or anything else, which makes it my preferred way of
catering to the customers in question - for now.

Tore

v2.23.0 | Report a Bug | By Email