[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Multihoming by IP Layer Address Rewriting (MILAR)



On Wed, 5 Sep 2001, Iljitsch van Beijnum wrote:

> On Wed, 5 Sep 2001, Peter Tattam wrote:
> 
> > For the case where you only have a single starting address but there exists
> > several alternative addresses and there is no way to find the alternatives (no
> > DNS entries), you can only rely on routing infrastructure to tell you the rest
> > of the addresses if the peer can't tell you.  This case would force routers to
> > get involved which I hoped one could avoid.
> 
> We can't use the routers for this, since this information can't be
> aggregated so we'd lose the "small DFZ" we're trying to work towards.
> 
> > It doesn't have to be a router that tells you this, just some third party
> > service like DNS or a reachability cache or somehing.
> 
> > I agree with the comments mad by Christian about DNS not being the best vehicle
> > for this kind of information.
> 
> > Is it worth pursuing the reachability cache idea?
> 
> I love the idea of a reachability cache where a group of hosts and routers
> shares reachability information. However, I don't see how this could be
> used to find out alternative addresses for a site for which there is not
> yet any information in the cache. Also, it is much more important to
> protect the cache against falsified alternative addresses than to
> falsified (un)reachability information, since the former can lead to data
> interception and DDoS attacks, and the latter only to a slight performance
> degradation while the host discovers the cached information is incorrect.
> 
> The alternative would be some sort of address registration server, but
> this would have to be both redundant and safe.
> 
> 

Something else to consider.  We are generally trying to work out alternative
prefixes for entire sites, not micro managing every single address on the
planet.  This is assuming of course that the lower 64 bits is the same across
all prefixes.

Peter

--
Peter R. Tattam                            peter@trumpet.com
Managing Director,    Trumpet Software International Pty Ltd
Hobart, Australia,  Ph. +61-3-6245-0220,  Fax +61-3-62450210