ietf
[Top] [All Lists]

RE: Multihoming Issues

2002-09-03 18:31:12
On 9/3/02, Christian Huitema wrote:

The relationship is that DNS is acting as an index
service for IPv6 addresses. In doing so it treats them
as simple hierarchical  addresses, i.e. like fat IPv4
addresses.

The question as to whether that is the correct handling
of IPv6 addresses is a valid one. This thread started
with exactly such a question being raised, but the
rationale on how DNS *could* be optimized for IPV6 was
not spelled out.

There is no IPv6 service that guarantees that the
identifiers are actually world-wide unique. In fact, there
is ample evidence that they often will not be. Poorly
configured interface cards are known to have phony
IEEE-802 addresses; privacy addresses are random numbers
that are only statistically unique; configured addresses
may use user assigned values. In all these cases, local
collisions can be detected, global collisions cannot be. 


By "no IPv6 service" do you mean there is no active protocol
and/or entity that will detect a spoofed EUI-64 address? If
so, I agree with you. The fact that the interface ID must be
EUI-64 compliant is abundantly clear in the RFC, however.

Link-local interface IDs MUST be unique for the local
network, although the mechanism for ensuring this is not
specified.

RFC2464 is specific on the handling of emulation MAC
addresses: "A different MAC address set manually or by
software should not be used to derive the Interface
Identifier.  If such a MAC address mustbe used, its global
uniqueness property should be reflected in the value of the
U/L bit."

As for local Interface IDs. RFC2373 specifies in Appendix A:
"If there is no global interface identifier available for
use on the link the implementation needs to create a local
scope interface identifier.  The only requirement is that it
be unique on the link."

There is also no requirement that a given multi-homed
hosts combines the same identifier with different
prefixes. Privacy advocates will no doubt argue that a
multi-homed host should associate different identifiers
with different provider prefixes, so it cannot be tracked
by big-brother.

It can also be argued that a given link should have exactly
one Interface ID. It is specified as an attribute of the
Interface. Although obviously there would be little to
prevent someone from spoofing that. The question would be
whether it was permissiable to declare the same port on the
same NIC to be two different "NICs".

In full privacy paranoia mode, "how many ports I really have
is none of your business" is a predictable and perhaps
defendable response. However, in such a mode, the hostmaster
would not have declared these two 'totally seperate'
intrfaces to have the same name.



Lastly, I am NOT advocating any change. I merely responded
to an implication that there was no justification for
handling DNS for IPV6 differently than for IPv4. There are
differences. It was not a nonsensical question, as it was
being treated. However, there is far from enough
justification for handling IPv6 differently.




<Prev in Thread] Current Thread [Next in Thread>