[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Distributing site-wide RFC 3484 policy

To: v6ops@ops.ietf.org
Subject: Re: Distributing site-wide RFC 3484 policy
From: itojun@itojun.org (Jun-ichiro itojun Hagino)
Date: Fri, 27 Jul 2007 05:02:08 +0900 (JST)
In-reply-to: Your message of "Thu, 26 Jul 2007 14:26:50 -0500" <B3E52E9A-BF58-48C8-B1E3-E461CF9BB704@muada.com>
References: <B3E52E9A-BF58-48C8-B1E3-E461CF9BB704@muada.com>

> > 	i would like to name the devices/networks like:
> 
> > 		ISP-A	ISP-B
> > 		  |	  |
> > 		RT-A	RT-B
> > 		  |	  |
> > 		==+=======+== PREFIX-A:0::/64, PREFIX-B:0::/64
> > 		  | ADDR-A/128, ADDR-B/128
> > 		your machine
> 
> > 	now, first of all, you really cannot define/determine what is the
> > 	best combination among the following to reach the destination, X.
> > 	X could be within ISP-A, ISP-B, or totally far end of the planet with
> > 	rather long AS path.
> 
> That's why it's useful to have a mechanism that can tell you "try to  
> reach X over B" in the case that X is much easier/faster/cheaper to  
> reach over B than over A.

	see below.

> > 	next, depending on operating system on your machine, the treatment of
> > 	default router differs.  this is outside of the "source address
> > 	selection".
> > 	- some implementation picks the default route out of RT-A/B at will
> > 	- some implementation do install both RT-A/B as the default gateway
> > 	  but it uses only one of them
> > 	- some implementation tries to perform load-balancing
> 
> Right. As I've said before, I'd like my system to make sure that when  
> I use source address A/128 I go out over ISP A and when I use source  
> address B/128 I go out over B. Then you said you tried that and you  
> didn't like it so you reverted back to ignoring the address/route  
> relationship. Then I asked why but so far, no answer.

	what i've said is, it MAY NOT best to use ADDR-A to go out from
	ISP-A!  you cannot see the EGP routing table of ISP-A (unless you are
	insider) so you have no (or very little) idea!

	as long as you use RT-A consistenly, there's no issue with multipath
	TCP packet reordering.

> > 		ISP-A	ISP-B
> > 		  |	  |
> > 		RT-A	RT-B
> > 		  |	  |
> > 		==+=======+== PREFIX-A:0::/64, PREFIX-B:0::/64
> > 		  |
> > 		router
> > 		  |
> > 		==+======= PREFIX-A:1::/64, PREFIX-B:1::/64
> > 		  | ADDR-A/128, ADDR-B/128
> > 		your machine
> 
> Right, in this situation my machine wouldn't be able to select the  
> exit path. (Note that Marcelo Bagnulo and Christian Huitema had a  
> draft about this in multi6 for some time.) That doesn't mean it's not  
> useful to have the capability when the host CAN make the decision. As  
> an operator, I can always remove the router in the middle. I can't  
> realistically rewrite my IP stack.

	so you cannot rewrite your IP stack but you are saying you can rewrite
	all of your application to use something next to getaddrinfo(3).
	i see some contradiction.

> > 	if one of/both of ISP practices filtering such as uRPF, you would
> > 	have to narrow down the choices so that you would pick PREFIX-A for
> > 	RT-A (ISP-A), and PREFIX-B for RT-B (ISP-B).  but it is routing
> > 	protocol to decide, normally.
> 
> So?

> Of course there is. If I have public space, I receive packets. I need  
> an ISP. When I change ISPs, I have to renumber. All reasonable things  
> if I actually want to go out and connect to the world, but NOT for a  
> private interconnect.
> 
> >   in fact, if you pick a
> > 	global address it would be easier for A to handle traffic from B.
> 
> Nonsense.

	well, if you say "so?" or "nonsense", that is total denial from making
	a constructive argument.  it isn't an argument clinic ala monty python.

	or maybe not a constructive argument - i should say goodbye and try
	to deploy IPv6 to other people, and then you will be left with IPv4.

> > 	no please don't.  for god's sake.  we would need another 10 years to
> > 	adapt software, include sendmail, ruby, python, postfix, procmail,
> > 	you name it, to the new API.
> 
> Fortunately, stuff that doesn't do this too well works most of the  
> time. But yes, it's necessary to make software smarter. The idea that  
> you get a single address and that it works 100% of the time is plain  
> broken.

	i do not think we can.  Geoff's prediction is around 2010, remember?
	you may disagree, but i do not think IPv4 will last until 2020 honestly.
	wanna bet some USD?

> > 	i do not get what you mean.  more concrete example please?
> 
> I can connect to the internet over the cell phone network or through  
> wifi. Both are wireless so they drop out from time to time when you  
> move around. Each has their own address, so my address keeps changing  
> all the time and when both are active I have two addresses.
> 
> A dumb TCP/IP stack that sends packets with a wifi source address  
> over the cell network is a problem here. So is a dumb application  
> that will try to connect over wifi when I'm out of range of the base  
> station and doesn't retry over the cell network.

	- session-layer protocol
	- mip6 (eeks)
	- some other secret plans i got :-)

> > 	so i have been trying to...
> 
> You warn against doing something, you are not providing a better  
> alternative.  :-)

	you need a hearing aid or new pair of glasses, i guess.

itojun

Follow-Ups:
- Re: Distributing site-wide RFC 3484 policy
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- Re: Distributing site-wide RFC 3484 policy
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: Distributing site-wide RFC 3484 policy
Next by Date: Re: Handling rogue RA feedback
Previous by thread: Re: Distributing site-wide RFC 3484 policy
Next by thread: Re: Distributing site-wide RFC 3484 policy
Index(es):
- Date
- Thread