[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RRG] dns discover in map-and-encaps schemes
At the RRG meeting on Saturday, there may have been some confusion in
what was meant by DNS discovery in map-and-encaps schemes. For DNS
discovery, only locators are ever kept in the global DNS; identifiers
are *not* kept in the global DNS but rather in a site-specific name
resolution service for the site. From (IPvLX, Section 4):
"4. DNS Assumptions
The global DNS [RFC1035] today maintains resource records for Fully
Qualified Domain Names (FQDNs) with global IPv4 addresses for
traditional Internet services, and by design anticipates that their
FQDN-to-address mappings will change relatively infrequently. IPvLX
asks only that the global DNS also maintain resource records for
IPvLX gateways to provide tunnel endpoint addresses - again, under
the assumption that those FQDN-to-address mappings will change
infrequently.
IPvLX further assumes a DNS-like "site-local" name resolution service
(e.g., [LLMNR]) that is separate from the global DNS and records the
FQDN-to-IPv6-address mappings for IPv6 application endpoints within a
site. Unlike the global DNS, IPvLX assumes that the FQDN-to-IPv6-
address mappings within the site local name service may change
dynamically as IPv6 application endpoints come into existence, move
to new locations and terminate."
This means that a source's address resolution request would trigger
a lookup in the global DNS for the locator(s) associated with the
destination's site, and a lookup for the destination's identifier
in the destination site's name service. The following algorithm is
used:
1) source does DNS lookup for the FQDN "dest.example.com".
2) source's DNS server is co-resident on the ingress tunnel router
and performs a lookup in the global DNS for a well-known prefix
appended to the FQDN suffix, e.g.: "egress.example.com".
3) source's DNS server gets back locators for the egress tunnel
router from the global DNS, then sends an IP-in-IP encapsulated
RFC4620 Node Information Query asking the egress tunnel router
to resolve the FQDN "dest.example.com".
4) egress tunnel router returns identifers associated with
"dest.example.com"; ingress tunnel router caches the resolution
and returns the resolution to the source as response to the
"real" DNS query.
(The above algorithm omits the details of the tunnel setup btw the
ingress and egress tunnel routers, but it should be clear that the
tunnel is set up in parallel with the FQDN resolution.)
Note that (IPvLX, Section 7) currently uses a different mechanism
than RFC4620 because 4630 was not available at the time of the
writing; I'll fix that. Note also that IPvLX fails to reference
RFC1955; I'll fix that too.
Fred
fred.l.templin@boeing.com
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg