Re: GSE IDs [Re: IETF multihoming powder: just add IPv6 and stir]

[Iljitsch van Beijnum <iljitsch@muada.com>]

On donderdag, mei 8, 2003, at 17:44 Europe/Amsterdam, Brian E Carpenter 
wrote:

> > Wouldn't such an additional layer always carry even more state with 
> > it?
> > The only advantage is that this kind of state is kept in the 
> > endpoints.
> > However, then we end up with the requirement that endpoints must
> > implement the solution, which leads to deployment problems and
> > management difficulties in some networks.
> Right, except that we have to solve key management anyway, to make any
> kind of security scale. Which as we know is hardly trivial.
What I was talking about wasn't key management, but the problem that if 
each individual host makes its own decisions it's hard to implement 
traffic engineering and other policies. Rewriting the source address 
helps some here as this makes return traffic take a certain path, but 
the problem remains for destination address selection.

Deployment is problematic because GSE hosts will have to communicate 
with non-GSE hosts, in which case the border routers must leave the 
source address alone. Source rewriting is really only an optimization: 
with some extra effort, the source host can find out which source 
address it should use. It's starting to look like this optimization is 
more expensive than simply doing it the hard way and let the host 
figure out the source address it has to use by trial and error (for 
"GSE"-enabled sessions), possibly aided by ICMP messages.

> > > I think that is what you should say.
> > I'm getting there... It's still more than a month before the draft
> > cutoff for Vienna.  :-)
> Lots of time to solve a problem that was discovered around 1992 :-)
I'm flattered that you assume my draft will be the one to solve this 
problem.  (-:

Iljitsch