ietf
[Top] [All Lists]

RE: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...))

2003-03-28 19:10:17
John,

John C Klensin wrote:
We, or more specifically, the upstream ISP or an RIR, can
tell the ISP that things will go badly for them if they
permit un-routable addresses to leak into the public
Internet. The only difference I can see between what I
think is your SL address preference and my "unique, but
un-routable" one is that you would bind that advice/threat
to a particular prefix while I would bind it to other
indicators of "un-routable address". The reserved prefix
approach is less likely to get mucked up by a clueless
ISP, but I am unconvinced that we should make special
architectural provisions to make it easier to be in the
ISP business while being clueless.

I also think that policy alone can not enforce un-routability of
addresses. The only way to make sure that addresses are not routable on
the public Internet is to suppress the demand for routing them.

Example that works: RFC1918. Although we occasionally see these on the
public Internet, it's due to misconfiguration. No customer is going to
see their upstream and offer them money to leak or route RFC1918
addresses, because it achieves nothing (because RFC1918 addresses are
ambiguous). No demand, no routing.

Example that would not work: Allocate a block of regular addresses
(let's say, 2003::/16) to the purpose of globally unique non-routable
addresses. Whether you bind the advice/threat to that prefix to other
indicators of "un-routable address" you will create the demand from
end-sites to go to their providers and indeed ask them to route them to
be used as PI, with the result of routing table bloat.

What is required in order to get globally unique non-routable are three
things:
- Policy (the advice/threat).
- Some normative language mandating implementations (vs. policy)
  to disallow the practice (default blackholing).
- Some kind of architectural limitation such as site-local.

The combination of all three is required. The policy alone is not enough
because some ISPs will take the customer's money at the risk of being
labeled as bad boys. The normative language alone is not enough as we
have no way to force implementers to code it. The architectural
limitation alone is not enough as one will likely come up with a dirty
hack to route SLs globally if need be. Any combination of two would not
be a powerful enough deterrent either.

In other words: the only way to guarantee the non-routability of
globally unique private addresses is to put so many hurdles on the way
that it won't happen. To this effect, the proposed deprecation of
site-locals is a serious blow as it suppresses the architectural
limitation and therefore creates demand for sites to pay their ISPs to
"forget" to filter their prefixes and transform a non-routable globally
unique prefix into a de-facto routable globally unique prefix also
called PI.

Michel.




<Prev in Thread] Current Thread [Next in Thread>