[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-bagnulo-multi6dt-hba-00.txt

To: Erik Nordmark <erik.nordmark@sun.com>
Subject: Re: Comments on draft-bagnulo-multi6dt-hba-00.txt
From: Brian E Carpenter <brc@zurich.ibm.com>
Date: Fri, 19 Nov 2004 10:25:03 +0100
Cc: Iljitsch van Beijnum <iljitsch@muada.com>, Mohan Parthasarathy <mohanp@sbcglobal.net>, "'multi6@ops.ietf.org' List" <multi6@ops.ietf.org>
In-reply-to: <419D429A.3060703@sun.com>
Organization: IBM
References: <20041117204224.37676.qmail@web80605.mail.yahoo.com> <500477EC-3985-11D9-BFE4-000A95CD987A@muada.com> <419D429A.3060703@sun.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113

Erik Nordmark wrote:

Iljitsch van Beijnum wrote:
There are two reasons it is good to have the same IID for different prefixes:

1. At some point in the future, we may want to have routers rewrite the prefix part in the source addresses of outgoing packets. This is a very good way to deal with ingress filtering. However, it is unlikely that routers could hold all the state necessary to match individual addresses rather than prefixes. (Note that we are NOT proposing router rewriting at this point.)
It's far from clear to me that, should we pursue router rewriting in the future, that it can operate without being aware of individual hosts addresses.


I agree. It also seems to me that requiring the same IID for all
interfaces is architecturally wrong, and will cause significant
difficulty anyway, for example in virtualized server networks where
there is no fixed linkage between a host's identity and the machine
or physical interface it happens to be assigned to at the moment.

Brian

The issue is coordination with what the hosts thinks are their locator, and what host addresses the hosts can "prove" the the peers is their own.

For instance, if you have a site with 7 prefixes but some small devices only choose to use 3 of them, and form HBA addresses using those 3, then if the routers rewrite the source locator to any of the other 4 prefixes then it might result in a complete failure to communicate since the peer might ignore the "spoofed" packet coming from an invalid source locator of the host.

Likewise during graceful renumbering; when a site with multiple prefixes adds or changes a prefix, when can the router start rewriting to the new prefix (and must stop rewriting to the old prefix, which might happen at a different time).

If a router doing rewriting maintains per-host state, for instance using the same multi6 protocol as is used e2e, then it can stay in synch with the prefixes/locators that the host is actually using.
   Erik

References:
- Re: Comments on draft-bagnulo-multi6dt-hba-00.txt
  - From: Mohan Parthasarathy <mohanp@sbcglobal.net>
- Re: Comments on draft-bagnulo-multi6dt-hba-00.txt
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Comments on draft-bagnulo-multi6dt-hba-00.txt
  - From: Erik Nordmark <erik.nordmark@sun.com>

Prev by Date: Re: Comments on draft-bagnulo-multi6dt-hba-00.txt
Next by Date: Re: Comments on draft-ietf-multi6-v4-multihoming-02
Previous by thread: Re: Comments on draft-bagnulo-multi6dt-hba-00.txt
Next by thread: Re: Comments on draft-bagnulo-multi6dt-hba-00.txt
Index(es):
- Date
- Thread