[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Alternatives to source address rewriting (was RE: Preserving established communications (was RE: about draft-nordmark-multi6-noid-00)
On 3 nov 2003, at 15:05, marcelo bagnulo wrote:
You don't want source address rewriting and you need an ingress
filtering
compatibility mechanism, which could be source address based routing.
There
are other options for this as decribed in Christian's draft, such as
- a routing header (or tunnel) initiated from the host
- an icmp source address error from the exit routers back to the host
- tunnels between exit router (sort of source address based routing
limited
to the exit router)
Another way to handle this would be to bascially build two networks all
the way down to the host:
ISP A ISP B
| |
Router Router
| |
Router Router
\ /
Host
So the ISP selection happens inside the host, once a network is
selected it is no longer possible to deviate from the path intended by
the host.
The question here is whether every multi-homed ISP will be able to get
an
allocation or it will have to obtain addresses form its upstream
providers,
right?
Current rules say you must have 200 customers that take IPv6 addresses
from you in two years. Now obviously there are going to be ISPs for
which this is a problem, but I don't see how we can arrive at very
large numbers of multihomed sites that use ISPs with less than 200
customers.
An alternative here would be for the ISP to set up routing with such a
multihomed customer over only one of its own ISPs.
- icmp back to the host. You have already mentioned some security
concerns
about letting externally generated ICMPs influence the path selected by
hosts
This isn't a solution as packets that belong to existing sessions can't
be retransmitted with different source adddresses.
- tunnel between exit router. well, i guess that this would be really
complex, since you would require tunnels between all exit router of
the isp
This is really the same thing as my "two separate networks" thing
above, except that no actual hardware is used.