Re: Distributing site-wide RFC 3484 policy

[Brian E Carpenter <brian.e.carpenter@gmail.com>]

On 2007-07-27 21:28, YOSHIFUJI Hideaki / 吉藤英明 wrote:
> Hello.
>
>
> First of all, I would agree the PS itself.
> And, I would agree the distributing address selection "hints",
> but I am not in favor having the "policy" itself get distributed.
>
> The end-node clients may have their own "policy" and/or implementation
> details (e.g., an implementation may have special tunnel or
> special (and useful) policy for the implementation), and they must be
> taken into account.

This is a standard issue in any policy distribution mechanism -
if there are two sources for policy (e.g. local and central),
which one wins? That needs to be defined in the mechanism.
Sometimes, the site-wide policy will win, because the IT Management
has authority.

> And, only the "end-node" can know the full view of reachability.
> Routers or other entity may suggest end-node to use another source address(es)
> (or prefix(es)), but it can not be ultimate (or god's) order.

Correct. Reachability will always win.

> In that sense, we might need to solve this issue in conjunction with
> rrg work.

Well, LISP reachability is interesting, but still not as certain
as a successful SYN/ACK.

    Brian
> Anyway, the draft contains a horrible error, at least.
> We CAN NEVER specify zone-index from outside the box.  It MUST be removed.
> And, I would say, we must make it clear that the information is
> "relative" or "virtual" and the end-node retain having final decision.
>
>
> Regards,
>
> In article <46A609C5.1050109@gmail.com> (at Tue, 24 Jul 2007 16:16:37 +0200), Brian E Carpenter <brian.e.carpenter@gmail.com> says:
>
> > Thanks. So does v6ops have an opinion about
> > draft-fujisaki-dhc-addr-select-04.txt? It seems
> > nothing will happen unless it's discussed here or
> > in ipv6.
> >
> >     Brian
> >
> > On 2007-07-23 21:18, Ruri Hiromi wrote:
> > > Hi,
> > >
> > > The latest version of this draft is today Arifumi mentioned in his 
> > > solution document,
> > > "draft-fujisaki-dhc-addr-select-04.txt" and 
> > > "draft-v6ops-addr-select-ps-01.txt".
> > > We divided previous draft into 2 part, one for distribution protocol and 
> > > the other for problem statement.
> > >
> > > At first, we wrote that draft and presented in DHC-wg.  DHC-wg chairs 
> > > suggested us that we need support from other wg such as v6ops. Then we 
> > > are here.
> > >
> > >
> > > On 2007/07/24, at 3:56, Brian E Carpenter wrote:
> > >
> > > > What happened to
> > > > http://tools.ietf.org/id/draft-hirotaka-dhc-source-address-selection-opt-01.txt 
> > > >
> > > > and is there any other proposal for site-wide distribution of
> > > > address selection policy?
> > > >
> > > > As I said at the mike today, I really think we can't avoid
> > > > such a mechanism. There *will* be sites running multiple prefixes
> > > > (those too small to insist on PI space, but big enough to
> > > > need multiple ISPs).
> > > >
> > > >     Brian
> > > -------------------------------
> > > Ruri Hiromi
> > > hiromi@inetcore.com