Re: Comments on draft-bagnulo-multi6dt-hba-00.txt

[Erik Nordmark <erik.nordmark@sun.com>]

Iljitsch van Beijnum wrote:

> There are two reasons it is good to have the same IID for different 
> prefixes:
>
> 1. At some point in the future, we may want to have routers rewrite the 
> prefix part in the source addresses of outgoing packets. This is a very 
> good way to deal with ingress filtering. However, it is unlikely that 
> routers could hold all the state necessary to match individual addresses 
> rather than prefixes. (Note that we are NOT proposing router rewriting 
> at this point.)

It's far from clear to me that, should we pursue router rewriting in the 
future, that it can operate without being aware of individual hosts 
addresses.

The issue is coordination with what the hosts thinks are their locator, 
and what host addresses the hosts can "prove" the the peers is their own.

For instance, if you have a site with 7 prefixes but some small devices 
only choose to use 3 of them, and form HBA addresses using those 3, then 
if the routers rewrite the source locator to any of the other 4 prefixes 
then it might result in a complete failure to communicate since the peer 
might ignore the "spoofed" packet coming from an invalid source locator 
of the host.

Likewise during graceful renumbering; when a site with multiple prefixes 
adds or changes a prefix, when can the router start rewriting to the new 
prefix (and must stop rewriting to the old prefix, which might happen at 
a different time).

If a router doing rewriting maintains per-host state, for instance using 
the same multi6 protocol as is used e2e, then it can stay in synch with 
the prefixes/locators that the host is actually using.

   Erik