[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Distributing site-wide RFC 3484 policy
On 26-jul-2007, at 9:33, Jun-ichiro itojun Hagino wrote:
i would like to name the devices/networks like:
ISP-A ISP-B
| |
RT-A RT-B
| |
==+=======+== PREFIX-A:0::/64, PREFIX-B:0::/64
| ADDR-A/128, ADDR-B/128
your machine
now, first of all, you really cannot define/determine what is the
best combination among the following to reach the destination, X.
X could be within ISP-A, ISP-B, or totally far end of the planet with
rather long AS path.
That's why it's useful to have a mechanism that can tell you "try to
reach X over B" in the case that X is much easier/faster/cheaper to
reach over B than over A.
next, depending on operating system on your machine, the treatment of
default router differs. this is outside of the "source address
selection".
- some implementation picks the default route out of RT-A/B at will
- some implementation do install both RT-A/B as the default gateway
but it uses only one of them
- some implementation tries to perform load-balancing
Right. As I've said before, I'd like my system to make sure that when
I use source address A/128 I go out over ISP A and when I use source
address B/128 I go out over B. Then you said you tried that and you
didn't like it so you reverted back to ignoring the address/route
relationship. Then I asked why but so far, no answer.
ISP-A ISP-B
| |
RT-A RT-B
| |
==+=======+== PREFIX-A:0::/64, PREFIX-B:0::/64
|
router
|
==+======= PREFIX-A:1::/64, PREFIX-B:1::/64
| ADDR-A/128, ADDR-B/128
your machine
Right, in this situation my machine wouldn't be able to select the
exit path. (Note that Marcelo Bagnulo and Christian Huitema had a
draft about this in multi6 for some time.) That doesn't mean it's not
useful to have the capability when the host CAN make the decision. As
an operator, I can always remove the router in the middle. I can't
realistically rewrite my IP stack.
if one of/both of ISP practices filtering such as uRPF, you would
have to narrow down the choices so that you would pick PREFIX-A for
RT-A (ISP-A), and PREFIX-B for RT-B (ISP-B). but it is routing
protocol to decide, normally.
So?
I don't see how using public address space for the private
interconnection between the two sets of servers makes sense.
if you have firewall device to begin with, there is no difference
at all even if you pick a global address for B, or address with
limited scope (site-local, ULA, whatever).
Of course there is. If I have public space, I receive packets. I need
an ISP. When I change ISPs, I have to renumber. All reasonable things
if I actually want to go out and connect to the world, but NOT for a
private interconnect.
in fact, if you pick a
global address it would be easier for A to handle traffic from B.
Nonsense.
And smart implementers will create a layer that takes care of these
details. Annoying, yes. Necessary, absolutely.
no please don't. for god's sake. we would need another 10 years to
adapt software, include sendmail, ruby, python, postfix, procmail,
you name it, to the new API.
Fortunately, stuff that doesn't do this too well works most of the
time. But yes, it's necessary to make software smarter. The idea that
you get a single address and that it works 100% of the time is plain
broken.
so it would be better for us to provide connectivity to all of the
cases in the network setup,
And how exactly do you do that in a world where mobile devices roam
from network to network, often with overlap between two forms of
connectivity and connectivity going away without prior warning?
i do not get what you mean. more concrete example please?
I can connect to the internet over the cell phone network or through
wifi. Both are wireless so they drop out from time to time when you
move around. Each has their own address, so my address keeps changing
all the time and when both are active I have two addresses.
A dumb TCP/IP stack that sends packets with a wifi source address
over the cell network is a problem here. So is a dumb application
that will try to connect over wifi when I'm out of range of the base
station and doesn't retry over the cell network.
or do i
keep silence and see people go into the pitfall and injured?
If you know a better way, by all means...
so i have been trying to...
You warn against doing something, you are not providing a better
alternative. :-)