IETF Logo Mail Archive

Re: [v6ops] Primary/failover use-case for draft-fbnvv-v6ops-site-multihoming ?

Erik Nygren <erik+ietf@nygren.org> Thu, 03 August 2023 00:22 UTC

Return-Path: <nygren@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4053AC13632C for <v6ops@ietfa.amsl.com>; Wed, 2 Aug 2023 17:22:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.406
X-Spam-Level:
X-Spam-Status: No, score=-1.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dfFocaYVhi0Y for <v6ops@ietfa.amsl.com>; Wed, 2 Aug 2023 17:22:23 -0700 (PDT)
Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 790C6C15155B for <v6ops@ietf.org>; Wed, 2 Aug 2023 17:22:18 -0700 (PDT)
Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-3fbc1218262so4377215e9.3 for <v6ops@ietf.org>; Wed, 02 Aug 2023 17:22:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691022137; x=1691626937; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UTU3YCdrFknzyIJKazmiGnPm/aW29UH2VZfmVIJGrfs=; b=A6aP4waZxqXlmbL54yH7W5kb/MvmnsI1Jlid0vACVRgbSIXqBG3y70o+W5++6otO5F Le8k/qeR/aNjlAgg01gM8/SeZN+vPs6/GgVwxvFptl5SIa+n+qvyJHvUlODJzgK2AWRv kuV2aWu/8fOmIe4MOe5Kz66DzBRp0jVuKep2oN7c6SwOOB0Uj01Z/DYpv1iwJGbnYQmx AOtS/gXuoRUyAi90tbZocWr//6us42BAVkqDLS8F7w/tO0EhnA7hoNPITwQn5fztPfZM t26pqeNhYLTdowUvjzxkSCy2lnfZbwr7iYljbLjQ+bGYkXaV26mDXtO5RZn74FGqqV/O Mf3w==
X-Gm-Message-State: ABy/qLZyQLnQ+4qVde84LamLNS1PebDMVMa9b/ZDkKfXhWtPF17V1SXo FzP+BzffABcOQ4t0rhxXeA/oso8JOIFCjtHyF0Lv3GyvsSk=
X-Google-Smtp-Source: APBJJlFy5ziLKjsfb7axis4qR9C8jiDxq9XVjNeWqk3eAUbDN9kcaJQ6zY0XsPDTE+OfmUDpPfIrU+/CAUsPlb2+voE=
X-Received: by 2002:adf:e3c9:0:b0:317:6175:95fd with SMTP id k9-20020adfe3c9000000b00317617595fdmr5677149wrm.43.1691022136446; Wed, 02 Aug 2023 17:22:16 -0700 (PDT)
MIME-Version: 1.0
References: <168872027038.54873.9391913547328336551@ietfa.amsl.com> <eee131c5b7214a0eb2d9fa9aa7adbd17@huawei.com> <CAKC-DJhL8wr6pQhZT2kCqTwKvb2SghX_NX+0XzLR87sGjB+EhA@mail.gmail.com> <8cf8ae013b5d47ce8431310355439df7@huawei.com> <CAKD1Yr1dTHa5kuJzvR4qd1CZnK=Bd9bz5wCHt4zjW0BCoSCbGg@mail.gmail.com> <a8b104a3-8075-1923-89f2-43918e4e0cb8@gmail.com>
In-Reply-To: <a8b104a3-8075-1923-89f2-43918e4e0cb8@gmail.com>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Wed, 02 Aug 2023 17:22:04 -0700
Message-ID: <CAKC-DJgs1i2S4uPorBmsu1YTmEybN0LpzkM=Z2KYMeR4J1G+pA@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: v6ops@ietf.org
Content-Type: multipart/alternative; boundary="000000000000c0130d0601f9c5dc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/oNgwfrlyGqL_7zzfk7XlQ_gVfX4>
Subject: Re: [v6ops] Primary/failover use-case for draft-fbnvv-v6ops-site-multihoming ?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Aug 2023 00:22:24 -0000

On Fri, Jul 28, 2023 at 4:40 PM Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> On 29-Jul-23 04:45, Lorenzo Colitti wrote:
> > If you have only one router with two uplinks, then you don't need to do
> any NAT. Just withdraw the PIO for the primary link (i.e., send the PIO
> with valid and preferred lifetime of 0) and announce the PIO for the backup
> link. This should just work.
>
> It *should* just work, if you have negotiated exemptions from ingress
> filtering with the carriers involved. But is it realistic? You have a
> single CE connected directly to two different PEs. Isn't it more common to
> have a CE per carrier (and that means a CE that each carrier is willing to
> trust, even if they don't provide it)?
>
> Also, you have a single point of failure (the single CE). That doesn't
> seem like a feature you want in a backup solution.
>
Perhaps it is too narrow of a use-case, but it does seem like there's the
scenario of a single router that is connected to two CE devices.  That
seems pretty normal/common for the SOHO case.  My personal experience (and
I'd love to see better data on this) is that the most likely failure points
are the uplinks.  At home I've found I've had to manually switch which
uplink I use a few times per year due to Comcast outages/maintenance/etc,
but internal on-premise network devices need replacement once every few
years.

Jen's RFC 8475 (Conditional RAs) Section 3.2.1 with Primary/Backup
<https://datatracker.ietf.org/doc/html/rfc8475#section-3.2.1> seems very
promising for this use-case, even if it is more focused on Enterprises.
It's possible that this could be augmented by doing NAT66 in cases where
traffic with the source address from the no-longer-active link continues to
arrive (such as due to buggy client implementations).

This might be too narrowly scoped, but this seems like a case trying out in
the field and seeing what does and doesn't work (I plan to do so), and
could be the sort of feature that could be valuable to have in SOHO
routers.  I suspect many of the users of this sort of thing really just
want to buy something like a Ubiquiti DreamMachine and plug it into their
cable CPE and a backup 5G CPE and select "give me primary/backup failover"
and have things just work.  (Or to do something equivalent for kit they
ship to their branch offices with a wiring diagram).  For a SOHO
primary/backup casewhen  this isn't looking for 5 9's but a way to make
sure that the Zoom meetings keep working when one provider has an
inconveniently timed multi-hour outage a few times per year.

   Erik

v2.23.0 | Report a Bug | By Email