Re: [v6ops] [GROW] Deaggregation by large organizations
Matthew Petach <mpetach@netflight.com> Fri, 17 October 2014 00:59 UTC
Return-Path: <mpetach@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D31B1A907B; Thu, 16 Oct 2014 17:59:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.677
X-Spam-Level:
X-Spam-Status: No, score=-0.677 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_14=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ZPc8-i3EsDv; Thu, 16 Oct 2014 17:59:08 -0700 (PDT)
Received: from mail-yh0-x230.google.com (mail-yh0-x230.google.com [IPv6:2607:f8b0:4002:c01::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A78271A907A; Thu, 16 Oct 2014 17:59:08 -0700 (PDT)
Received: by mail-yh0-f48.google.com with SMTP id v1so2498145yhn.7 for <multiple recipients>; Thu, 16 Oct 2014 17:59:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=6m1IiPjY0EAbxmlkV6Y+wJnYo3ZQbWYNlm/TxEoKzXI=; b=tRQqqauG0XRuKVHSpRttzPq3VFH91sKrHxMkqJHSYqqbNknJfAkWAA0eT4hlYPIuNF 0Im7z9dqjhYdOXgJdAkq2gYJiBHr5kCjS+7bfjMC18gFXuiotUH9z+MceQVSKxVMYXgs BMVGcwYj+aQ7vUTtFTzC0r/vH4igdF96QVsJxZtSHWhJ1VNYT/TUxk1/3ADs3Y8XvwUW Qes/TQdvjBGf7er+CKVQJsNmM7shWa7iN2CvM5tFSpkXK8Z84fbq9D6mNngNhaQ4P+oA koP0TqyXVG60haOUzvadvgwcNGIHhEfd++QdteqXaiAdpndeUoCSKc+C7xwx9pfHzg8q lPTw==
MIME-Version: 1.0
X-Received: by 10.236.66.103 with SMTP id g67mr6394596yhd.61.1413507547980; Thu, 16 Oct 2014 17:59:07 -0700 (PDT)
Sender: mpetach@gmail.com
Received: by 10.170.168.87 with HTTP; Thu, 16 Oct 2014 17:59:07 -0700 (PDT)
In-Reply-To: <20141016233533.1B73521A106C@rock.dv.isc.org>
References: <F5C06CAF-0AD2-4225-8EE7-FC72CE9913F0@muada.com> <755DE4C3-CDDF-41AF-BA9C-E8EC5B4DFC4C@muada.com> <A7F6BEA0-BCDD-4197-B6CB-7EB8797ACA9C@delong.com> <20141016233533.1B73521A106C@rock.dv.isc.org>
Date: Thu, 16 Oct 2014 17:59:07 -0700
X-Google-Sender-Auth: Fjn6Ha-7ywoAp9waPiFjLrf7w0I
Message-ID: <CAEmG1=r7UdeStcqFjiQRO_Vt1hfR_T4oyTW5FD-eD1ATEXpc6A@mail.gmail.com>
From: Matthew Petach <mpetach@netflight.com>
To: Mark Andrews <marka@isc.org>
Content-Type: multipart/alternative; boundary="089e013a14fa48fd43050593df5a"
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/kDZ0JiDEnp4vPG83z4fGHUrnyU0
Cc: v6ops@ietf.org, grow@ietf.org
Subject: Re: [v6ops] [GROW] Deaggregation by large organizations
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Oct 2014 00:59:10 -0000
On Thu, Oct 16, 2014 at 4:35 PM, Mark Andrews <marka@isc.org> wrote: > > In message <A7F6BEA0-BCDD-4197-B6CB-7EB8797ACA9C@delong.com>, Owen DeLong > writes: > > > > On Oct 16, 2014, at 02:43 , Iljitsch van Beijnum <iljitsch@muada.com> > wrote: > > > > > Let me address a few points that were brought up by different people. > > > > > > Renumbering: > > > > > > We had great plans for making renumbering easy in the early days of > IPv6. Remember A6 records and bit > > labels in the DNS? But none of that went anywhere. The problem isn't so > much that we can't push a prefi > > x down the network or update the DNS (although both of these still have > challenges associated with them > > ), but that addresses tend to get hardcoded all over the place, starting > with firewalls all the way up > > to homegrown applications. I don't think renumbering addresses this > issue, although it could help steer > > some smaller organizations away from PI. > > > > They never went anywhere because they focused on solving the easy part > of the renumbering problem while > > utterly and completely ignoring the hard part. > > > > Easy part: Changing your stuff. > > Hard part: Updating all of the prefix lists, filters, firewall rules, > VPN configurations, and other con > > figuration elements in systems not under your control that contain your > prefixes (partner VPNs, peer ro > > uters, etc.). > > Owen this a collective response to the list. > > Not all that hard at all. Just send signed update requests. I did > that with email over a decade ago. You just have to have something > listening for them that verifies the signature and updates the > system. > > Write a draft "Remote Firewall Update Request Protocol" and submit > it. > > The alternative is stop worrying about the remote address and use > security at the application layer. > > Or complain to your vendor that you can't use a hostname in the > configuration file element. In many cases it doesn't require > anything more than looking up a address in the DNS before the > operation. Yes, I need to fix the masters clause in named to support > this. We already do something similar for NOTIFY messages so it > is possible to do this. > > For masters clauses there is a bootstrap problem to deal with but > it is not impossible. Just sending periodic NOTIFY messages will > work. Named has had support to do this for 1 1/2 decades now to > allow for a a stealth master behind a dial on demand link. It would > send a notify periodically. That would bring up the line. The > slave would refresh and transfer if required. When that was complete > the idle timer on link would drop it. > > This just used standard signalling designed by the IETF in a different > way. > > Stop expecting someone else to *find* and fix these issues for you. > You know what the issues are. Ask your vendors to fix them. If > they need to co-ordinate they should know where to go to do it. > Or, y'know, we could just get PI space, multihome via BGP, and save ourselves all that headache... ...just sayin'... Matt
- [v6ops] Deaggregation by large organizations Iljitsch van Beijnum
- Re: [v6ops] [GROW] Deaggregation by large organiz… Iljitsch van Beijnum
- Re: [v6ops] [GROW] Deaggregation by large organiz… Nick Hilliard
- Re: [v6ops] [GROW] Deaggregation by large organiz… Nick Hilliard
- Re: [v6ops] Deaggregation by large organizations Ted Lemon
- Re: [v6ops] [GROW] Deaggregation by large organiz… Brian E Carpenter
- Re: [v6ops] [GROW] Deaggregation by large organiz… Christopher Morrow
- Re: [v6ops] Deaggregation by large organizations Owen DeLong
- Re: [v6ops] [GROW] Deaggregation by large organiz… Mikael Abrahamsson
- Re: [v6ops] [GROW] Deaggregation by large organiz… Iljitsch van Beijnum
- Re: [v6ops] [GROW] Deaggregation by large organiz… Iljitsch van Beijnum
- Re: [v6ops] [GROW] Deaggregation by large organiz… Nick Hilliard
- Re: [v6ops] [GROW] Deaggregation by large organiz… Alvaro Retana (aretana)
- Re: [v6ops] [GROW] Deaggregation by large organiz… Christopher Morrow
- Re: [v6ops] [GROW] Deaggregation by large organiz… Gert Doering
- Re: [v6ops] [GROW] Deaggregation by large organiz… Christopher Morrow
- Re: [v6ops] [GROW] Deaggregation by large organiz… Gert Doering
- Re: [v6ops] [GROW] Deaggregation by large organiz… Christopher Morrow
- Re: [v6ops] [GROW] Deaggregation by large organiz… joel jaeggli
- Re: [v6ops] [GROW] Deaggregation by large organiz… Iljitsch van Beijnum
- Re: [v6ops] [GROW] Deaggregation by large organiz… Nick Hilliard
- Re: [v6ops] [GROW] Deaggregation by large organiz… Jeroen Massar
- Re: [v6ops] [GROW] Deaggregation by large organiz… Iljitsch van Beijnum
- Re: [v6ops] [GROW] Deaggregation by large organiz… Enno Rey
- Re: [v6ops] [GROW] Deaggregation by large organiz… Nick Hilliard
- Re: [v6ops] [GROW] Deaggregation by large organiz… Jeroen Massar
- Re: [v6ops] [GROW] Deaggregation by large organiz… Enno Rey
- Re: [v6ops] [GROW] Deaggregation by large organiz… Owen DeLong
- Re: [v6ops] [GROW] Deaggregation by large organiz… Owen DeLong
- Re: [v6ops] [GROW] Deaggregation by large organiz… Gert Doering
- Re: [v6ops] [GROW] Deaggregation by large organiz… Jeroen Massar
- Re: [v6ops] [GROW] Deaggregation by large organiz… Christopher Morrow
- Re: [v6ops] [GROW] Deaggregation by large organiz… Russ White
- Re: [v6ops] [GROW] Deaggregation by large organiz… Alvaro Retana (aretana)
- Re: [v6ops] [GROW] Deaggregation by large organiz… Nick Hilliard
- Re: [v6ops] [GROW] Deaggregation by large organiz… Enno Rey
- Re: [v6ops] [GROW] Deaggregation by large organiz… Jeroen Massar
- Re: [v6ops] [GROW] Deaggregation data (was: Deagg… Nick Hilliard
- Re: [v6ops] [GROW] Deaggregation by large organiz… Mark Andrews
- Re: [v6ops] [GROW] Deaggregation by large organiz… Matthew Petach
- Re: [v6ops] [GROW] Deaggregation by large organiz… Owen DeLong
- Re: [v6ops] [GROW] Deaggregation by large organiz… Mark Andrews
- Re: [v6ops] [GROW] Deaggregation by large organiz… Matthew Petach
- Re: [v6ops] [GROW] Deaggregation data (was: Deagg… Marc Binderberger
- Re: [v6ops] [GROW] Deaggregation data (was: Deagg… Iljitsch van Beijnum
- Re: [v6ops] [GROW] Deaggregation data (was: Deagg… Randy Bush
- Re: [v6ops] [GROW] Deaggregation by large organiz… Gert Doering
- Re: [v6ops] [GROW] Deaggregation data Brian E Carpenter
- Re: [v6ops] [GROW] Deaggregation data Randy Bush
- Re: [v6ops] [GROW] Deaggregation data Nick Hilliard
- Re: [v6ops] [GROW] Deaggregation data (was: Deagg… Robert Raszuk
- Re: [v6ops] [GROW] Deaggregation data Nick Hilliard
- Re: [v6ops] [GROW] Deaggregation data Christopher Morrow
- Re: [v6ops] [GROW] Deaggregation data Nick Hilliard
- Re: [v6ops] [GROW] Deaggregation data Randy Bush
- Re: [v6ops] [GROW] Deaggregation data Nick Hilliard
- Re: [v6ops] [GROW] Deaggregation data (was: Deagg… Marc Binderberger
- Re: [v6ops] [GROW] Deaggregation data (was: Deagg… Pedro Andres Aranda Gutierrez
- Re: [v6ops] [GROW] Deaggregation by large organiz… Gert Doering
- [v6ops] renumbering [was Deaggregation by large o… Brian E Carpenter
- Re: [v6ops] [GROW] Deaggregation by large organiz… Ray Hunter
- Re: [v6ops] [GROW] Deaggregation by large organiz… Iljitsch van Beijnum
- Re: [v6ops] [GROW] Deaggregation by large organiz… Ray Hunter
- Re: [v6ops] [GROW] Deaggregation by large organiz… Matthew Petach
- Re: [v6ops] [GROW] Deaggregation by large organiz… Iljitsch van Beijnum