[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Six/One Router: Provider-Independence, IPv4/IPv6 Interworking, Backwards-Compatibility



Short version:   I see many problems which would seem to
                 prevent Six/One Router from being feasible for
                 IPv4.  Some of these are also relevant for IPv6.


Hi Christian,

Here is my initial view of your Six/One Router proposal.

http://users.piuha.net/chvogt/pub/2008/vogt-2008-six-one-router.pdf

I wasn't able to completely follow some of what you wrote, but don't
think that affects this critique.

Slow DFZ handling of packets with option headers = header options

   Maybe you don't need option headers if you do a 1:1 mapping
   of the end-user address range in each ISP's address space,
   but that approach won't be acceptable in IPv4 due to the
   large amount of address space it chews.

   Last year, Bill Herrin proposed a system involving option
   headers, which I critiqued here:

     http://psg.com/lists/rrg/2007/msg00344.html

   I recall that the consensus view was that this would never
   be practical due to most (all? or at least some, and therefore
   too many) DFZ routers do not handle any packet with an
   option header at their normal rate.  They handle the packet
   via a slow CPU process.

   So I think that this is one reason your system can't be
   practical for IPv4.

   Maybe IPv6 option headers are not such a problem for DFZ
   routers.  Can anyone confirm this?


Packets are bigger with option headers

   Adding an option header leads to the PTMUD and Fragmentation
   woes which a map-encap scheme needs to handle.  See:

     http://tools.ietf.org/html/draft-templin-seal-03
     http://www.firstpr.com.au/ip/ivip/pmtud-frag/

   and recent discussions on this list between Fred, Iljitsch,
   me and others.


Modifying the DNS to give different results based on what
kind of network the requester is in  (2.4)

   Even if you knew the IP address of the requester, or the
   IP address of its top level NAT if it was behind one or
   more layers of NAT, you would need a really fancy
   database to decide whether the requester was in an
   upgraded network.  Your suggestion that routers could
   modify outgoing packets from upgraded networks to add
   a flag to DNS queries sounds tricky.

   Every caching nameserver with some requesters being in a
   normal network and some in an upgraded network would
   need to be modified to support two cached answers.
   (I am not sure how often this would occur, and I suppose
   you could have a BCP saying that upgraded networks must
   not use external caching nameservers which were not
   themselves upgraded.)

   Even if you could reliably decide this, and provide
   different answers (via some modified nameserver software)
   I don't see how you could ensure that these different
   answers would not have serious negative consequences for
   some or many applications.


Deep packet inspection and modification

   In section 2.2:

        If no inverse translation is known to take place
        at the remote edge network, Six/One routers
!!      translate addresses throughout an entire packet,
!!      including its payload, to avoid address
        inconsistencies.  This is necessary either when
        the remote edge network is legacy, or when the
        local and remote edge addresses are of different
        IP versions.

   I can't imagine how you could:

      1 - Define an algorithm for achieving these
          modifications for all widely used protocols,
          much less every protocol.

      2 - Devote so much CPU time in the ITR to doing
          this.

      3 - Do it without messing up the applications.

      4 - Do it at all with encrypted or cryptographically
          protected packets.

> Your comments and opinions will be highly welcome.

OK, sorry I see only problems with this.

  - Robin


--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg