Re: Source address selection insufficient?

[Erik Nordmark <Erik.Nordmark@sun.com>]

> This means our address agility mechanisms must support packet flow 
> where the src/dst addresses in packets in one direction don't 
> correspond to the src/dst addresses in opposite direction. In the above 
> example X may send out packets with A/C while Y responds with packets 
> containing D/B.

If you need that level of address agility underneath the transport protocols
you need to modify the hosts at both ends.
Once you modify the hosts at both ends why not also provide connection
rehoming? (There seems to be a large class of connection rehoming mechanisms
that can live with source locator rewriting instead of ingress filtering,
but that's the subject of a different email.)

> But maybe the problem isn't as bad as it would seem at first glance: 
> for small sites, source address based routing is fairly trivial and it 
> provides decent overal traffic engineering (although individual streams 
> may suffer) while only larger sites are going to run BGP in order to do 
> traditional traffic engineering anyway, and presumably, those sites are 
> in the position to get ingress filtering relaxed. (We need to document 
> this very well at some point because this is still imcompatible with 
> ingress filtering further downstream.)

I agree that source based routing and relaxed filtering both work.
What is tricky is the middle between the small and the large; too small
a site to be able to convince the ISPs to relax ingress filtering
and too large a site for source based routing to be trivial.

  Erik