Re: Distributing, period, was: Re: Distributing site-wide RFC 3484 policy

[Arifumi Matsumoto <arifumi@nttv6.net>]

Iljitsch van Beijnum wrote:
> On 25-jul-2007, at 13:13, Marc Blanchet wrote:
>
> > > As I said at the mike today, I really think we can't avoid
> > > such a mechanism.
>
> > I agree with Brian. There must be a way for enterprises to push a 
> > RFC3484 policy to its nodes.
>
> It occurs to me that we're trying to solve a subset of the full problem 
> here. There is lots of site-wide stuff that may potentially be 
> distributed. Stuffing those in DHCP and/or RAs is problematic because we 
> essentially need to redo this every time a new piece of information is 
> found that needs to be distributed, and because it would get too big. I 
> don't think a nice, complex RFC 3848 table will necessarily fit into 
> less than a kilobyte, which is the most you can possibly borrow from 
> DHCP/RA.
>
> Once you have connectivity, downloading data of arbitrary size, 
> providing information of an arbitrary nature, is trivial through 
> well-known mechanisms such as HTTP. The only missing piece is the 
> name/address of a small set of servers that are initially queried for 
> this information. And this is something that will fit in a DHCP or RA 
> message.

It's just a matter of how to use the mechanism.
For example, RFC4191 delivers routing info to hosts, which limits
its usage for local routing information in that it discourages
the dynamic interaction with the routing systems.

I suppose the same should be true for this source address
selection mechanism too. We have a lot of problems in our hands,
but that doesn't necesarily mean we have to solve them at once
and that is not always the best way.