RE: Preserving established communications (was RE: about draft-nordmark-multi6-noid-00)

[Erik Nordmark <Erik.Nordmark@sun.com>]

>             +----+
>         ----|ISPA|_             +----+
>        /    +----+ \_+------+  _|ISPC|_
>  +----+              |      |_/ +----+ \__+----+
>  | mh1|             _|      |            _| mh2|
>  +----+     +----+_/ |      |_          / +----+
>        \____|ISPB|   +------+ \_+----+_/
>             +----+              |ISPD|
>                                 +----+
> 
> We are using packet rewriting at site border routers. This means that the
> site exit router connection a multihomed site with ISPX will rewrite source
> address of packets and it will replace the contained prefix with  PX::. Is
> this correct?

Correct.

> Now when the outage occurs, one or both of the communicating nodes can start
> to retransmit.
> Let's consider that mh1 is the one whose TCP timeouts and that starts to do
> some retransmissions. Then TCP at mh1 communicates the shim layer at mh1
> that something wrong is happening.
> Then the shim layer changes the destination address that is being used in
> the communication from PC::mh2 to PD::mh2. In this way the communication is
> rerouted to the alternative ISP. Good!
> 
> Now, suppose that mh2 also obtains a hint that something is wrong (this
> could be because TCP at mh2 timeout or because packets start arriving with a
> different source address (this last case cannot be guaranteed because it
> depends on the internal routing in mh1)). So, mh2 shim layer start using an
> alternative destination address, so it switches from PA:mh1 to PB:mh1.
> However, this does not solve the problem, since packets addressed to PB::
> are also routed through ISPC.
> The problem here is that TCP detects the problem but it has no means to
> communicate the problem to the mh2's routing system, who still believes that
> a route through ISPC is still available.

I thought you expressed concern about potential destructive interference
between the endpoints trying different locators and the routing system
finding a new path. But in the above example I don't find such destructive
interference.
(Sure, the worst case performance might not be better than the worst case
routing convergence time, but that is a different topic.)

So do you see any destructive interference?

If not folks can work separately on the multi6 rehoming and improving the
convergence time as well as information (such as churn rate) in BGP.

> This could be achieved with source address based routing.. the problem here

Source address based routing seems like a fair amount of added
complications; impacts the hardware/firmware in the routers and what else?
It might be easier to work on BGP convergence time.

> (Another hint can be the reception of ICMP error messages.)

I'm concerned about the threats in that case since the host has no way
to assertain whether the ICMP error was generated by a router in the path
or some off-path spoofer.

  Erik