IETF Logo Mail Archive

Re: [v6tc] Re: Tunneling and Transition Drafts

Jeroen Massar <jeroen@unfix.org> Fri, 08 April 2005 13:02 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA14920; Fri, 8 Apr 2005 09:02:37 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJtGw-00049B-AS; Fri, 08 Apr 2005 09:11:42 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DJszv-0004gT-PQ; Fri, 08 Apr 2005 08:54:07 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DJszu-0004dj-3C for v6tc@megatron.ietf.org; Fri, 08 Apr 2005 08:54:06 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA14174 for <v6tc@ietf.org>; Fri, 8 Apr 2005 08:54:04 -0400 (EDT)
Received: from 213-136-24-43.adsl.bit.nl ([213.136.24.43] helo=purgatory.unfix.org ident=postfix) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJt8e-0003bX-1c for v6tc@ietf.org; Fri, 08 Apr 2005 09:03:09 -0400
Received: from firenze.zurich.ibm.com (pat.zurich.ibm.com [195.176.20.45]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by purgatory.unfix.org (Postfix) with ESMTP id 7C5AD8880; Fri, 8 Apr 2005 14:53:46 +0200 (CEST)
Subject: Re: [v6tc] Re: Tunneling and Transition Drafts
From: Jeroen Massar <jeroen@unfix.org>
To: jordi.palet@consulintel.es, Thomas Narten <narten@us.ibm.com>
In-Reply-To: <200504081104.j38B4hh4023080@cichlid.raleigh.ibm.com>
References: <200504081104.j38B4hh4023080@cichlid.raleigh.ibm.com>
Organization: Unfix
Date: Fri, 08 Apr 2005 14:53:43 +0200
Message-Id: <1112964824.26936.102.camel@firenze.zurich.ibm.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.2.1.1
X-Spam-Score: 1.8 (+)
X-Scan-Signature: 995b2e24d23b953c94bac5288c432399
Cc: "v6tc@ietf.org" <v6tc@ietf.org>
X-BeenThere: v6tc@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: v6tc.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/v6tc>, <mailto:v6tc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/v6tc>
List-Post: <mailto:v6tc@ietf.org>
List-Help: <mailto:v6tc-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/v6tc>, <mailto:v6tc-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1027247014=="
Sender: v6tc-bounces@ietf.org
Errors-To: v6tc-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ec7c6dab5a62df223002ae71b5179d41

On Fri, 2005-04-08 at 14:32 +0200, JORDI PALET MARTINEZ wrote: 
> I got the same answer. But company roadmaps could change, I'm not sure about
> the actual roadmap on this.

Longhorn will be out in 2007? 2008? Even then, it would require people
to install patches, and hearing that many have not even bothered to
install SP2 I don't see many people installing such an upgrade either.
I do hope it changes, but still L2TP will not cross most NAT's.
If it did why do people think MS made Teredo in the first place?
(which crosses most NAT's and is automatically configured, except for a
bit of latency, this btw also would benefit from an anycast prefix to
get the closest one)

On Fri, 2005-04-08 at 07:04 -0400, Thomas Narten wrote:
> > The only thing you need is a well known anycast IP address where your
> > clients can find the TSP server at.
> 
> I keep hearing this like its a slam-dunk obvious solution. It is not
> (at least not if I listen to what some other people say).

I've never seen a valid argument against it. Otherwise if people do have
them, it might very well be that I missed out on a lot of them, please
state them. If anycast is so 'flawed' why do we then use it for the Root
DNS servers and for many other high-availability services? :)

Also, these anycast prefixes will be inside an ISP's network most of the
time, thus there will not be much if any flapping and or changes in the
actual endpoint.

Actually the only thing I ever heared 'against' it was that it was
'difficult to configure'. Well if you are not able to configure routing
then you should not be in the ISP or networking business in the first
place and one should start reading a number of books, but that is my
take on that.

>  The use of
> anycast addresses for service discovery is controversial. Do the words
> "dns discovery" bring to mind anything about the obviousness and
> likeliness of having quick success of choosing this solution?

I am one of the (few?) persons who still does not understand why there
is no well defined anycast address which provides a (caching) recursive
nameserver.

What is more easy than having in your /etc/resolv.conf or similar file:
nameserver 192.0.2.53
nameserver 2001:db8::53

or only one of the two for that matter. The route for the above being
announced into the IGP by your own ISP and thus actually pointing to
their own nameserver or provided globally by $random ISP who wants to
help out the ISP's who apparently don't know how that thing called
routing works.

Draft for the above with a nice addon for .service domain is still
coming up ;)

> Everytime you (or anyone else - not picking on you in particular)
> brings up this approach are you also oblivious to other folk that
> don't think this is a reasonable way to go?
> 
> > Just in case people wonder why I did not go with TSP: it did not fulfill
> > the various requirements we had, like being able to use it to turn
> > tunnels on/off, move tunnels and a lot of other things,
> 
> What does "move tunnels" mean?

That when the IPv4 endpoint of a host changes, eg because of DHCP
changes, moving to a different wireless subnet etc. One has to configure
the endpoint on the Tunnel Server so that that one knows where to send
the packets, also see:
http://unfix.org/~jeroen/archive/drafts/draft-massar-v6ops-heartbeat-00.txt

> Also, it would be useful if you would specify the "lot of other
> things", so we could understand better what the real requirements are.

Private Key Distribution for eg tinc tunnels, Cookie based
authentication, reconfiguration of tunnels, eg changing location of
tunnels and a lot of other items we found useful and are most likely
totally not needed for a generic protocol like TSP and could easily be
covered by other separate protocols like LDAP.

This does thus still not mean that TSP is good for everybody else on
this planet :)

> > in a command oriented way, thus without having to use/depend on xml.
> 
> It's not immediately obvious to me what "without having to use/depend
> on xml" has to do with "command oriented way". How commands are
> implemented underneath doesn't have to be visible to the user
> interface.

When typing on a Cisco IOS console you type commands like:
ip show route 2001:db8::/48

you do not have to type:
<command>
 <section "ip">
   <route>2001:db8::/48</route>
 </section>
</command>

or some other XML syntax. I am not a computer, I am very happily totally
human fortunately (au contraire what some might think ;) but that is
their opinion which they can have). XML is (mostly) meant for
communicating between computers and having a generic way of specifying
things.

> > Could the people who 'require' an alternate solution than TSP, specify
> > what the problems are with it and possibly list what their proposed
> > solution* would be?
> 
> Actually, I prefer just the "what is the problem part". We have enough
> of an issue where the problem is "handwave handwave", but "my pet
> solution" solves the problem perfectly.

The problem for ISP's is, as far as I know:

- You have a network that does IPv4
- This network provides access to clients, who get one, or more, IPv4
  address(es) per DHCP/static/PPP etc
- Due to equipment problems the routers and other access equipment
  can't be upgraded easily to support IPv6. (Cost etc)

proto-41 could solve this already, but there is NAT in this world,
because the ISP's gave only 1 IP in the first place and quite a number
of NAT's can't be reconfigured/upgraded, which would require the user to
it. These NAT's usually also block L2TP and PPTP btw, though the latter
is less common. Next to that some networks don't allow proto-41, or
worse networks that are completely behind a NAT*.

My proposed solution for this problem:
 - Use TSP to get the configuration
 - Use AYIYA/v6UDP to cross the NAT

And this works magically good, at least I have had a lot of happy
comments from users who are using this now, though with a TIC/AYIYA
combination. But I am not going to push TIC in anyway while TSP supports
it too if we just make a template for an AYIYA tunnel, which would be an
easy step to do.

Greets,
 Jeroen

* = One of the many fine examples, oh and they have 10k or was it 100k
users behind it? :)
inetnum:      81.208.74.176 - 81.208.74.191
netname:      FASTWEB-RESIDENTIAL-07
descr:        Infrastructure for Fastweb's main location
descr:        NAT IP addresses for residential customer, public subnet


_______________________________________________
v6tc mailing list
v6tc@ietf.org
https://www1.ietf.org/mailman/listinfo/v6tc

v2.23.0 | Report a Bug | By Email