Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...))
2003-03-31 08:11:09
Tony,
I've been trying to get my mind around the various issues here,
and I keep getting back to the same place, so I think I need to
embarrass myself by making a proposal that I find frightening.
Let's assume, as I think you have suggested, that SL is all
about local addresses and filtering, and not about some special
prefix that applications need to recognize. I'm still not sure
I believe that, but let's assume it is true and see where that
takes us.
Let's also remember the long path that got us to CIDR and 1918.
Our original position was that anyone using TCP/IP (v4) should
have unique address space. I remember many discussions in which
people were told "don't just grab an address on the theory that
you would never connect. Our experience has been that, sooner or
later, you might connect to the public network, or connect to
someone else who has used 'private' (or 'squatter') space...
unique addresses will save you, and everyone else, a lot of
trouble". In that context, 1918 and its predecessors came out
of two threads of developments:
* we were running short of addresses and wanted to
discourage unconnected (or hidden) networks from using
up public space and
* we hoped that, by encouraging such isolated networks
to use some specific address ranges, those ranges could
be easily and effectively filtered at the boundaries.
We can debate how well either really worked, or what nasty
side-effects they caused, but probably it makes little
difference in the last analysis except to note that, no matter
what we do, leaks happen.
Now one of the problems IPv6 was supposed to solve was "too
little address space" or, more specifically, our having to make
architecturally bad decisions on the basis of address space
exhaustion. I hope we have solved it. If we haven't, i.e., if
the address space is still too small, then the time to deal with
that issue is right now (or sooner), before IPv6 is more broadly
deployed (and it better be variable-length the next time,
because, if we are conceptually running short of space already,
it would be, IMO, conclusive proof that we have no idea how to
specify X in "X addresses will be enough").
But suppose we really do have enough address space (independent
of routing issues). In that context, is site local just a
shortcut to avoid dealing with a more general problem? Should
we have a address allocation policy that updates the policies of
the 70s but ignores the intermediate "we are running out" steps?
Should I be able to go to an RIR and ask for unique space for an
isolated network, justify how much of it I need, and get it --
with no promises that the addresses can be routed (and,
presumably, without pushing a wheelbarrow full of dollars/
euros/ yen/ won/ yuan/...)?
Of course, this takes us fairly far onto the path of having to
think about multihomed hosts, not just multihomed LANs, but, as
others have pointed out, the notion of multiple addresses (or
multiple prefixes) for a given host (or interface) takes us
rather far down that path anyway. Figuring out which address to
use is a problem we need to solve, with or without SL, or the
whole idea of multiple addresses on hosts, especially dumb
hosts, is going to turn out to be a non-starter. And, as Louis,
Noel, and others have pointed out, it is hard. But, if we can
find a solution, even one that is just mostly locally-optimal
and that fails occasionally, then it seems to me that your
position ultimately gives no advantages to a reserved site-local
form over unique, but non-routable, addresses. The advantages
of the latter appear obvious, starting with being able to
identify the sources of address leaks and the notion that
routability is a separate negotiation with providers (and their
peers and other customers) and not an RIR responsibility.
That would leave another topic which I consider separate:
whether we ought to create some number of 1918-like addresses
that organizations that are really isolated (not connected even
with other prefixes) can use without needing to have a
negotiation with an RIR. The answer, I think, is probably
"yes", but it really is a policy question, not a technical one.
And, on the above model, an ISP offering service (and prefixes)
to an enterprise could be expected to insist that the enterprise
not be using any of those isolated addresses in their local
environment.
I obviously don't understand all of the issues here well enough.
But the traffic of the last few days has left me with the strong
impression that SL may be an answer to the wrong question. If
so, is the suggestion above closer to the right question?
And, unfortunately, since this approach involves a change in the
advice the IETF gives the RIRs, it probably does belong on the
IETF list and not that of a WG.
regards,
john
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- RE: site local addresses (was Re: Fw: Welcome to the InterNAT...), (continued)
- RE: site local addresses (was Re: Fw: Welcome to the InterNAT...), Christian Huitema
- Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...)),
John C Klensin <=
- RE: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...)), Tony Hain
- RE: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...)), David R. Oran
- Re: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...)), Valdis . Kletnieks
- Re: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...)), Keith Moore
- Re: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...)), John C Klensin
- Re: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...)), Bill Manning
- Re: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...)), Keith Moore
- RE: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...)), Tony Hain
- RE: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...)), John C Klensin
- RE: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...)), Tony Hain
|
|
|