[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Renumbering...



On 2008-08-16 08:09, Christian Vogt wrote:
> 
> On Aug 14, 2008, Tony Li wrote:
> 
>> To clarify the issue at hand: we're interested in renumbering of end-user
>> sites and changes in the locator namespace.
> 
> To answer the question Tony has raised, it may be useful to get some
> common ground on:
> 
> (1) What are the renumbering tasks, and which cause most problems?
> 
> (2) Which renumbering tasks could be eliminated?
> 
> (3) How much more acceptable would renumbering become if some of the
>     renumbering tasks were eliminated?
> 
> Let me take a first step in answering questions (1) and (2).  I am
> sure that many on this list will know something to add.
> 
> 
> Regarding question (1):  I would assume that, from the following list
> of renumbering tasks, ...
> 
> (a) hardcoded IP addresses in applications
> (b) IP addresses of hosts
> (c) IP addresses of routers
> (d) IP addresses in filter devices, such as firewalls, intrusion
>     detection systems
> (e) certificates issued for IP addresses
> 
>     [This list is certainly incomplete.  Don't hesitate to add.]

I would suggest a slightly different taxonomy, to bring out what I think
are the (almost) intractable problems.

(A) Cases where addresses are configured or stored in places
outside the control of the local network management staff.
 (A1) Addresses are embedded in applications or files maintained
 by local network users.
 (A2) Addresses are embedded in applications or files
 maintained by third parties.

(B) Cases where addresses are configured or stored under the
control of the local network management staff.
 (B1) Addresses are kept in a network management
 database maintained by network management staff, and used
 for automatic configuration.
 (B2) Addresses are embedded in configuration files and scripts
 maintained by network management staff.
 (B3) Addresses are manually configured into devices.

It seems to me that only cases B1 and B2 are reasonably
tractable, and A2 and B3 are particularly obnoxious. (My
locators used in filters at your site fall into A2.)

BTW this set of cases is close to isomorphous with the cases
that have to be considered for IPv6 deployment.

   Brian
> 
> ... item (a) potentially causes most problems due to the lack of a
> single method that could either identify or fix affected applications.
> 
> Also problematic is (d):  Filtering devices may have to be modified
> even if a *remote* edge network renumbers since they may be configured
> with remote IP addresses (as Iljitsch pointed out earlier).
> 
> 
> Regarding question (2):  An example of a class of solutions that would
> eliminate renumbering tasks (a) and (e) is host-based ID/locator split
> solutions, such as HIP.
> 
> Item (d) from the above list may be hardest to eliminate, because
> filtering devices have to identify hosts or flows using locators.
> Changing this doesn't seem to be feasible.
> 
> - Christian
> 
> 
> 
> -- 
> to unsubscribe send a message to rrg-request@psg.com with the
> word 'unsubscribe' in a single line as the message text body.
> archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
> 

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg