[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Draft: PI addressing derived from AS numbers
Hi Iljitsch, Erik,
On Mon, 2003-02-24 at 19:01, Iljitsch van Beijnum wrote:
> On Mon, 24 Feb 2003, Erik Nordmark wrote:
>
> > One choice would be to have 16+16 addresses/headers end-to-end.
> > Another choice would be to have boxes in the middle (such as border routers)
> > add and remove the outer addresses/headers.
> > My question is whether this can be done.
>
> Why would we want to have two sets of addresses in any part of the
> communication path?
I do not want to overload the requirements but i think that there are
some other relevant problems that could be addressed using the
separation of identifiers and locators.
In a scheme that identifiers and locators are separated, i would guess
that identifiers belong to the identified part (i.e. end users) and
locators belong to the ISP. So, PA is used to preserve routing system
scalability.
In order to preserve aggregation, renumbering is required when changing
ISP, this is why end-sites like PI.
Now, the separation of identifier and locator can help with this,
simplifying re-homing events and renumbering. I guess that this
separation can help in such events. Currently internal systems such as
access lists, firewall use IP address for filtering, so that if the site
renumbers all these list have to be updated. If id-locator separation is
implemented, these systems can use identifiers, that belong to the end
site, symplifying re-homing events. In order to do this, identifiers
need to be carried in packets. Clearly, locators are also needed in
packets for routing.
Does any of this makes any sense? (If no is answered please explain)
Regards, marcelo
> The identifiers can simply be replaced by locators
> (and vice versa) between the TCP and IP layers. This could also be done
> by external boxes if those aren't bothered by the state that must be
> kept.
>
> A solution where the identifier is present in each packet may be simpler
> to implement, but only if there is no additional complexity for
> authenticating the identifier, which seems unlikely.
--
marcelo bagnulo <marcelo@it.uc3m.es>
uc3m