[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Dependency on mapping [Re: [RRG] Tunnel fragmentation/reassembly for RRG map-and-encaps architectures]
- To: Christian Vogt <christian.vogt@nomadiclab.com>
- Subject: Dependency on mapping [Re: [RRG] Tunnel fragmentation/reassembly for RRG map-and-encaps architectures]
- From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Date: Fri, 18 Jan 2008 08:25:26 +1300
- Cc: RRG Mailing List <rrg@psg.com>
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=WCCATrR9RI/ZydS5fWXp3Cw2l2kyofnXIcMm6n37uTIvohbOMqP415AD2RSmwDra3VPldi+Eq9hKgyPkRgEb9Sp6fzEZIvGrf1QTeT2Z9ufmqXXsan7QhNyy+037vnXETzqb50QP6cnP3NBtud7GvZXdm/LP2KIQ21TH69QbosU=
- In-reply-to: <478F3CC9.5030403@nomadiclab.com>
- Organization: University of Auckland
- References: <20080116190605.CC1AF872CC@mercury.lcs.mit.edu> <478F3CC9.5030403@nomadiclab.com>
- User-agent: Thunderbird 2.0.0.6 (Windows/20070728)
On 2008-01-18 00:32, Christian Vogt wrote:
>> So, let me know what you think about the 'multiple independent
>> signing authorities' concept as a way to deal with the sole (per
>> zone) global trust anchor issue you raised; if that doesn't work,
>> I'll see if I can come up with something better.
>
> Noel,
>
> the importance of DNS for most of today's Internet traffic is IMO an
> indication that a similar dependency on a mapping system -- which your
> proposal would bring about -- may well be acceptable.
I don't think it's related to any specific proposal. As far as I can
see, any proposal that separates locally-significant addressing from
globally-significant addressing, but retains e2e identifiers,
requires complete dependency on a map.
Avoiding a single trust anchor seems like a good thing, to
improve robustness. But I don't think the single root arguments
will be anything like as emotional or political as for the DNS.
We're not likely to see EIDs and RLOCs on the back of buses,
unlike URLs.
>
> It is certainly true that a dependency on DNS is less critical than a
> dependency on an address mapping system because the former does not
> directly affect IP connectivity. (I brought up this argument myself.)
> But this difference in criticality may be negligible given that most of
> today's use of the Internet would still fail if DNS misbehaved.
I think the real difference is in response time expectations. We accept
that the time to resolve a human-readable name may be quite long and
occasionally fail, and the usage model takes account of that. We don't
expect that for IP addresses, so we don't know how robust the Internet
will be to significant waits for locator mapping. (Maybe somebody could
experiment with a stack that discards a random number of packets
at the beginning of each new flow?)
The other thing that I still worry about as a matter of principle
is one of Jon Postel's contributions to RFC 1958:
" 3.11 Circular dependencies must be avoided.
For example, routing must not depend on look-ups in the Domain
Name System (DNS), since the updating of DNS servers depends on
successful routing."
That's a little simplistic as written but it seems to need some
thought - can the mapping system recover from a major routing
failure without manual intervention? If the answer is "no" or
"dont't know" we have a problem.
Apart from that, though, why should dependency on a map be
any more worrying than dependency on a globally distributed
routing table?
Brian
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg