[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Source address selection insufficient?

To: "Erik Nordmark" <Erik.Nordmark@sun.com>, <multi6@ops.ietf.org>
Subject: RE: Source address selection insufficient?
From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>
Date: Thu, 4 Mar 2004 14:52:31 +0900
In-reply-to: <Roam.SIMC.2.0.6.1078291743.23324.nordmark@bebop.france>
Reply-to: <mbagnulo@ing.uc3m.es>

Hi Erik,

thanks for reading the draft

> The set of locator pairs that work when sending out from site X
> might be A:X-C:Y and B:X-D:Y
> but the set of locator pairs that work when sending from site Y might
> be the other two: A:X-D:Y and B:X-C:Y.
>
> Thus the intersection of the two ingress filtering constraints is
> the empty
> set.
>
> This can happen due to normal routing as far as I can tell.
> The constraints for X appear if X routes packet to C out through A
> and packets to D out through B.
> The constraints for Y appear if Y routes packets to A out through D
> and packets to B out through C.
>
> Am I missing something?

I guess you are not, IMHO your analysis is correct.

The problem concerns what it is called in the draft "source address
discovery"
In this option, it is proposed that when a packet that does not comply with
ingress filtering arrives to the site exit router, the router informs the
host about the correct source address to use with a given destination.

A big assumption made in this scenario is that the host *can* change the
source address.
This may be more or less simple when the host is initiating a communication,
since when the hosts received the icmp error informing about the proper
source address, the host may be able to retransmit the packet with a
different source address.

However, when the host within the multihomed site is replying to a received
packet, the host cannot change the source address because the reply packet
would have a different address than the initial packet, so it wouldn't be
recognized as a reply of the initial packet by the initiator host.

Note that this situation is not restricted to the case when two multihomed
sites interact, but it is also possible when a non multihomed hosts
initiates a communication with a multihomed host.
For instance suppose a non multihomed host with address H1 and a host H2 in
a multihomed site with addresses A:H2 and B:H2.
Host H1 initiates a communication using as destination address A:H2 and
source address H1
Host H2 will reply using the same addresses so, source address A:H2 and
destination address H1

Now if the multihomed site is using source address discovery and internal
routing within the multihomed site has determined that the route to get to
H1 is through IPSB, then the reply packet will not make it and a icmp packet
will be sent back to H2 informing that it has to use prefix B in the source
address. Clearly H2 cannot do that and the communication will fail

Possible solutions for this were considered as using HoA dest option, but
this is no good because HoA dest option are only processed if a BCE exists.
In any case, this wouldn't really be source address discovery anymore.

So, i guess that at this point, it seems to me that the more reasonable
thing to do would be to honor the host source address choice, and adapt
routing to it

Regards, marcelo

>
> If the above is true it seems like we need something other than
> source address selection (relaxed filtering, source-based routing,
> or locator rewriting).
>
>   Erik
>
>
>

Follow-Ups:
- Re: Source address selection insufficient?
  - From: Antonio Tapiador del Dujo <atapiador@dit.upm.es>
- RE: Source address selection insufficient?
  - From: Erik Nordmark <Erik.Nordmark@sun.com>

References:
- Source address selection insufficient?
  - From: Erik Nordmark <Erik.Nordmark@sun.com>

Prev by Date: RE: on the point of mobility & multihoming
Next by Date: RE: Source address selection insufficient?
Previous by thread: Re: Source address selection insufficient?
Next by thread: RE: Source address selection insufficient?
Index(es):
- Date
- Thread