RE: multihoming issues via SCTP

["Christian Huitema" <huitema@windows.microsoft.com>]

> > There are issues with this if the ISP enforces verification of the
> > source address. The issues are discussed in
> > 	draft-draves-ipngwg-ingress-filtering-00.txt
> > These issues should be addressed by any multihoming solution.
> 
> My suggestion with respect to multihoming in the transport protocol
> (i.e.
> via SCTP) is to use source address routing for egress at the edges.
> 
> It solves the filtering issue nicely, and lets the multihoming host
> have full path control.

Are you suggesting that we modify all IPv6 routers to implement source
based routing? And that we modify all the hosts? The cost appears
important: we would need to maintain in each router of the site a
separate routing table for of the valid prefixes; we would need to
define routing protocols that are prefix aware; we would need to modify
the "neighbor cache" management in hosts to include a qualifier per
source address. Estimated development time should probably be counted in
years.

I would rather look for a solution to ingress filtering that only
involves the site exit routers and the hosts. An example may be a mesh
of tunnels established between the exit routers, so that packets can be
redirected to the right exit. Another example would be an ICMP error
message warning that the packet cannot be delivered because the source
address is incompatible with the path; we would indeed need a hint of
what a valid source address prefix would be; the host could then retry
the transmission with an appropriate source address, as well as possibly
a binding update. Yet another example may be tunneling from the host to
an appropriate exit point; but then, we would need a way to find the
exit point or the anycast address associated with a specific prefix.

-- Christian Huitema