[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RRG] Small comment on draft-jen-apt-00.txt
- To: Michael R Meisel <meisel@cs.ucla.edu>
- Subject: Re: [RRG] Small comment on draft-jen-apt-00.txt
- From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Date: Mon, 15 Oct 2007 14:23:50 +1300
- Cc: rrg@psg.com
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=tFU4whYthwzJa37cQGpAg29eG9K5/Egal39eyJFYW709cCzzIWgbyeMYPeXljbXqXG+F5k6toEixRiYavOvxixpDzXSotQW4cRuE9gHIZsbxb2eCd7AtLb3065wpqYf4m0/F2plMngKkg7qhrkEg/Pict75VNMuROTXAmiF3b6I=
- In-reply-to: <470F3D4F.9010907@cs.ucla.edu>
- Organization: University of Auckland
- References: <470F3D4F.9010907@cs.ucla.edu>
- User-agent: Thunderbird 2.0.0.6 (Windows/20070728)
On 2007-10-12 22:24, Michael R Meisel wrote:
Hi Brian, thanks for your comments. Sorry to take so long to get back to
you, Dan Jen and I were both away from UCLA this summer. Please see my
(overdue) responses to your comments below.
Brian E Carpenter wrote:
I'm concerned that the proposed mechanism (as described
in section 5) completely deprives senders of the ability
to choose which of a destinations locators to use, in
accordance with their local policy (whatever it may be).
I don't think this is acceptable as it alllows receivers
or the operators of default APT mappers to constrain senders'
choice of ISP. That settles a business "tussle" in advance,
and I don't think technology should do that.
Actually, the customer of an ISP is ultimately the authority for their
own mapping information. Of course, since it's the ISP that announces
the mapping, the customer has to trust them not to modify it. One detail
that didn't make it into the 00 version of our draft is that we plan to
allow mappings to be cryptographically signed with a customer's private
key. We haven't yet determined how public keys will be distributed in a
secure manner, but we're working on it. This would prevent their ISPs
from modifying their mappings without invalidating them.
OK, that wasn't completely clear to me on first reading, but
seems fine.
I'm also a bit concerned (section 5.1) that failover will be
delayed. In today's model, a sender can try a second address
after a sender-decided timeout on the first one. In APT, it
looks as if the sender will have to depend on a timeout in
the default mapper. But the only real test of reachability
is end to end.
I think you may be confusing user-space addresses (used for end-to-end
communications) with multihoming of user networks. In fact, we are
currently working on some terminology changes to help clarify this
distinction.
I didn't think I was confusing those. In any case, host software
doesn't know about that distinction - it only knows about addresses,
and it's standard procedure to try addresses in sequence if you get
more than one from A/AAAA records.
If you have more than one user-space destination address, such as from
DNS A records, which you could address a (end-to-end) packet to, that
will work the same way with APT as it would today.
Logically, yes, but...
APT failover handles the case where the tunnel exit point (that is, the
ETR) for a given user-space *prefix* fails. Note that this is in the
middle of the network, not at an endpoint. In the existing network, the
failure would have caused a BGP route change. With APT, there is no
announcement or timeout involved, the first packet is simply re-routed
to a working ETR if possible, and the ITR is notified so that subsequent
packets are tunneled directly to the working ETR.
Yes, if there *is* a working path. But if there isn't, it will be a long time
before the upper layer tries the next address that it knows about, I think.
Or do you think the upper layer will just time out anyway? In any case,
the upper layer code will be trying to get around apt instead of working
with it.
And the standard question: how will this work with SCTP?
APT will be invisible to end users. This means that it should not have
any effect on any transport-layer protocol.
But SCTP doesn't *want* that invisibility, because it explicitly chooses
to change to an alternative address in order to use an alternative path.
How do you allow SCTP to do its job?
Brian
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg