RE: ingress filteing problem

["Christian Huitema" <huitema@windows.microsoft.com>]

> > > Of course I agree that the solution should not make things *worse*
> > > than today for non-multihoming-aware sites. But the ingress
filtering
> > > problem that Christian describes surely exists today on such
sites,
> > > which have no mechanism for choosing the appropriate exit router.
> >
> > The current solution, in IPv4, is to allocate a single prefix to the
> > site and to have this prefix announced in BGP by all providers. The
> > solution does meet ingress filtering requirements, and does not
impose
> > any constraint to internal hosts or external peers. We can indeed
> > replicate that for IPv6, but I was under the impression that we
would
> > rather do without routing table explosion.
> 
> Indeed. What I was saying (badly) is that today, an IPv6 site which
> has two prefixes and two ISPs has exactly this problem, even without
> any multihoming mechanism defined.

Agreed. For this reason, I believe that there are two tasks ahead of us.
The first one is to solve ingress-filtering for the "IPv6 site which
has two prefixes and two ISPs", and possibly three or four; the goal
here is to make sure that new connections "just work". The second task
is to define additional support mechanisms for multi-homing; the
emphasis will be on "taking advantage of multi-homing" so things work
"better", e.g., ensure that connections survive a re-homing event.

-- Christian Huitema