[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Consensus? End-user networks need their own portable address space




On May 25, 2008, at 5:35 AM, Robin Whittle wrote:

Can we form rough consensus on this?

Short version:

 End-user networks need their own portable address space.

s/End/Some end/

To be pedantic about it, there will be for our lifetimes and beyond enduser networks happy to accept whatever solution their ISP provides, as long as it works. But, of the ones that want it, some will want it badly enough they will get it
one way or the other.

Other than that, +1 from me.

The elephant in the room here, of course, is NAT, which is the "solution 0" here.

Regards
Marshall





Long version:

 A primary requirement of any solution to the routing scaling
 problem is to provide a new mechanism by which end-user networks
 (however defined, potentially those of corporations and
 universities, but also down to home-office networks or perhaps
 a single mobile host's network) can change their ISP without
 significant impediment, including especially the current barrier
 formed by the need to renumber their entire network, if their
 current address space is PA (Provider Assigned).

 There are two solutions to this:

 1 - They use non-portable PA address space, including perhaps
     two or more prefixes of PA space for the purposes of
     multihoming.  In order to achieve this in a way which
     sufficiently minimises costs and disruption, the following
     would need to be true:

     The end-user networks would need to be constructed of
     hardware, software and to use protocols such that the entire
     network and all its hosts, routers etc. can be made to operate
     from a different prefix with minimal disruption.  (Perhaps not
     devices which are only accessed internally, such as printers.)

     In order for this to be the case, a very large number of
     settings inside routers and hosts would need to be changed
     automatically, with great reliability, in response to a single
     securely authenticated, system-wide re-addressing command.

     Despite the provisions within IPv6 for automatic address
     assignment, with continued connectivity while changing from
     one prefix to another, current networks are far from being
     structured along these lines - and there is no prospect of
     this changing in the timeframe within which we need to solve
     the routing scaling problem.

     The first reason is that almost all current networks are
     IPv4 networks - and as I argue in another message, we need to
     directly solve the IPv4 routing scaling problem.

     The second reason is that IPv6 addressing automation does not
     reliably and securely cover all locations where an IP address
     is specified.  For instance, as far as I know, it doesn't
     apply to DNS zone files, or to router ACLs, or to the config
     files of things like IMAP servers about which addresses they
     respond to.  At the very least, any such automation would
     require secure rewriting of parts of text files, and secure
     restarting of the server, application etc. - all under
     centralised control of the system administrator.

     There are no realistic prospects for developing such a
     wide-ranging architecture for finding all such config files
     and securely changing them.

     In summary, this is impossible for both IPv4 and IPv6
     networks at present.  It will remain impossible for the
     foreseeable future - any 5, 10, 15 year timeframe in which the
     RRG  solution needs to work. (I guess we want a fix which
     actually works by 2013 or so.)


 2 - Portability of address space.

     There are changes to the routing and addressing system which
     enable end-users to keep their address space no matter which
     ISP or multiple ISPs they use - in a way which does not
     add to the routing scaling problem.

     Assuming the new arrangements perform well, this is providing
     end-users with exactly what they want and need.

     LISP, APT, Ivip and TRRP all provide this, although there
     remain some dependencies in terms of who the address space
     is obtained from.



  - Robin       http://www.firstpr.com.au/ip/ivip/


--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg


--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg