[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: transparent addrsel policy adjustment for outbound TE

To: marcelo bagnulo braun <marcelo@it.uc3m.es>
Subject: Re: transparent addrsel policy adjustment for outbound TE
From: Pekka Savola <pekkas@netcore.fi>
Date: Wed, 5 Apr 2006 14:54:45 +0300 (EEST)
Cc: shim6@psg.com
In-reply-to: <0ce816bdb27c300852031283a6ec6858@it.uc3m.es>
References: <Pine.LNX.4.64.0603311211490.24007@netcore.fi> <0ce816bdb27c300852031283a6ec6858@it.uc3m.es>

On Wed, 5 Apr 2006, marcelo bagnulo braun wrote:

I mean, since the SRV record has this special name associated, it may nottrivial for the resolver to figure out which SRV record to query if theapplication wants to initiate a communication with machine1.foo.com
so perhaps it makes sense to go all the way and use new RR

Could be though, it could probably be trivial to define a somethingspecial like _shim6._ip.FQDN

This would not have any negative impact on the application as all theaddresses would still be there but the ordering would just be modifiedbased on preferences, though running transparent SRV lookups could incurdelays etc. if it's not done in parallel.
This could be very effective means for outbound TE decisions without a needto touch applications at all.
well, actually i see it exactly the opposite :-)
this is really useful for inbound TE
I mean, outbound TE is the easy part, since the multihomed site isin control of the packets and it can route them however it wants to.So, outbound TE can be done by affecting routing or by configuringthe source address selection policy table and so on.

Simple routing changes don't help if ingress filtering is in place,because the sources select the addresses and have to be routed in avery restricted manner. A part of this is an alternative means for"policy distribution" for hosts, I guess.

This doesn't really help with inbound TE though. (One could add similarfunction the site's authoritative DNS server, and unmodified resolversmight comply with that policy, but caching DNS servers would mess this up.)
why?
i agree that the expressed policy has to be quite stable, i mean, the cachewill introduce certain inertia, and changing the preferences may take sometime, but at least you can express some preferences about which addresses thesite preffers for incoming communications...

The problem is that DNS caches in the middle will cache both IP_1 andIP_2, but lose the "preference" which is conveyed by the weightedaddress ordering, because from the DNS cache perspective IP_1 and IP_2are equivalent.


So this only works if there are no DNS caches in the middle, AFAICS.

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- Re: transparent addrsel policy adjustment for outbound TE
  - From: Thomas Narten <narten@us.ibm.com>
- Re: transparent addrsel policy adjustment for outbound TE
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

References:
- transparent addrsel policy adjustment for outbound TE
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: transparent addrsel policy adjustment for outbound TE
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

Prev by Date: Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.txt]
Next by Date: Re: transparent addrsel policy adjustment for outbound TE
Previous by thread: Re: transparent addrsel policy adjustment for outbound TE
Next by thread: Re: transparent addrsel policy adjustment for outbound TE
Index(es):
- Date
- Thread