[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Alternatives to source address rewriting (was RE: Preserving established communications (was RE: about draft-nordmark-multi6-noid-00)

To: <mbagnulo@ing.uc3m.es>
Subject: Re: Alternatives to source address rewriting (was RE: Preserving established communications (was RE: about draft-nordmark-multi6-noid-00)
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Mon, 3 Nov 2003 15:30:38 +0100
Cc: Multi6 Mailing List <multi6@ops.ietf.org>
In-reply-to: <LIEEJBCNFDJHFFKJJDPAGEHDDEAA.mbagnulo@ing.uc3m.es>
References: <LIEEJBCNFDJHFFKJJDPAGEHDDEAA.mbagnulo@ing.uc3m.es>

On 3 nov 2003, at 15:05, marcelo bagnulo wrote:

You don't want source address rewriting and you need an ingress filtering compatibility mechanism, which could be source address based routing. There are other options for this as decribed in Christian's draft, such as - a routing header (or tunnel) initiated from the host - an icmp source address error from the exit routers back to the host - tunnels between exit router (sort of source address based routing limited to the exit router)

Another way to handle this would be to bascially build two networks all the way down to the host:


ISP A     ISP B
   |        |
Router    Router
   |        |
Router    Router
     \   /
     Host

So the ISP selection happens inside the host, once a network is selected it is no longer possible to deviate from the path intended by the host.

The question here is whether every multi-homed ISP will be able to get an allocation or it will have to obtain addresses form its upstream providers, right?

Current rules say you must have 200 customers that take IPv6 addresses from you in two years. Now obviously there are going to be ISPs for which this is a problem, but I don't see how we can arrive at very large numbers of multihomed sites that use ISPs with less than 200 customers.

An alternative here would be for the ISP to set up routing with such a multihomed customer over only one of its own ISPs.

- icmp back to the host. You have already mentioned some security concerns about letting externally generated ICMPs influence the path selected by hosts

This isn't a solution as packets that belong to existing sessions can't be retransmitted with different source adddresses.

- tunnel between exit router. well, i guess that this would be really complex, since you would require tunnels between all exit router of the isp

This is really the same thing as my "two separate networks" thing above, except that no actual hardware is used.

Follow-Ups:
- Re: Alternatives to source address rewriting (was RE: Preserving established communications (was RE: about draft-nordmark-multi6-noid-00)
  - From: Kurt Erik Lindqvist <kurtis@kurtis.pp.se>
- Re: Alternatives to source address rewriting (was RE: Preserving established communications (was RE: about draft-nordmark-multi6-noid-00)
  - From: Erik Nordmark <Erik.Nordmark@sun.com>

References:
- Alternatives to source address rewriting (was RE: Preserving established communications (was RE: about draft-nordmark-multi6-noid-00)
  - From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>

Prev by Date: RE: survivability, rewriting
Next by Date: Re: Alternatives to source address rewriting (was RE: Preserving established communications (was RE: about draft-nordmark-multi6-noid-00)
Previous by thread: Alternatives to source address rewriting (was RE: Preserving established communications (was RE: about draft-nordmark-multi6-noid-00)
Next by thread: Re: Alternatives to source address rewriting (was RE: Preserving established communications (was RE: about draft-nordmark-multi6-noid-00)
Index(es):
- Date
- Thread