Re: A simple question
2003-04-20 11:57:41
At 02:16 PM 4/20/03 -0400, Daniel Senie wrote:
At 01:00 PM 4/20/2003, Richard Carlson wrote:
At 07:20 PM 4/19/03 -0400, Keith Moore wrote:
> | To assign more than one address to every host means the host must
have
> | an intelligent means of deciding which address to use.
>
> Yes, but the amount of intelligence actually needed is pretty minimal.
> (It is actually harder to decide between multiple available global
> prefixes, than to decide between global and site local - the former is
> a difficult problem, the latter is almost trivial).
disagree. the app can choose any global prefix and reasonably expect it to
work,
I completely disagree with this assumption. Firewalls and address
filters mean that no app can make any reasonable assumption. Some
addresses will work and others will fail. The app is left with no clues
as to why the connection failed. Assuming it's just a link failure and
retrying sometime in the future things will work is a receipt for user
frustration.
modulo link failures. but when choosing between a global and a site
local the app needs to know whether the site local address will be valid for
the hosts that need to use it, and it has no way to know this. the app may
also have to choose which interface to use with the site-local prefix,
and it has no good way to know this either.
The decision process is not forced on the app/host by the existence of
the site-local prefix. It is due to the emergence of firewalls and
address filters. The reality is that non-global routing scopes exist
today. The question is - how do we provide some feedback to apps that
they are trying to cross a scope boundary that it's a permanent error
condition (5xx in SMTP verbiage)? One proposed notification method is
the site-local prefix. Other methods can be created, but something needs
to be done and simply killing site-locals and ignoring the underlying
scoping issue is a non-starter.
You mean aside from applications understaning that an ICMP Destination
Unreachable / Administratively Prohibited response from the site firewall?
An ICMP message is one way of providing this information. There may be
others, I don't know by folks are free to develop them.
For that matter, IPv6 machines arguably could try their Site Local address
and be given that same feedback from the border router or firewall, and
use the response as an indication to go use their assigned global address.
It's not clear to me that the host or application need contain the
intelligence (nor is there any way to determine scoping unassisted, IMO),
however through use of ICMP responses it certainly should be possible to
determine reachability or lack thereof. It may be useful to expand the
responses routers and firewalls give to hosts within sites to help
accomplish this.
We have the problem of scoped addresses whether the "site local" mechanism
is retained or not. Providing guidance on the responses an application is
to receive in response to scoping controls (firewalls) would be useful
regardless. If this problem is worth solving for the already-common case
of firewalls, solving it for site-local addressing does not seem to be too
much of a stretch.
Exactly, the only thing an address with a site-local prefix tell me is that
a filtering router or firewall is guaranteed to be in some arbitrary
path. I'm mystified as to why an app would treat it any differently that
an IPv6 address generated with any other prefix.
Rich
------------------------------------
Richard A. Carlson e-mail:
RACarlson(_at_)anl(_dot_)gov
Network Research Section phone: (630) 252-7289
Argonne National Laboratory fax: (630) 252-4021
9700 Cass Ave. S.
Argonne, IL 60439
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: A simple question, (continued)
- Re: A simple question, Mark . Andrews
- Re: A simple question, Robert Elz
- Re: A simple question, Keith Moore
- Re: A simple question, Stephen Sprunk
- Re: A simple question, Keith Moore
- Re: A simple question, Randall Stewart
- Re: A simple question, Richard Carlson
- Re: A simple question, Daniel Senie
- Re: A simple question,
Richard Carlson <=
- Re: A simple question, Keith Moore
- Re: A simple question, Keith Moore
- Re: A simple question, Stephen Sprunk
- Re: A simple question, Keith Moore
- Re: A simple question, Daniel Senie
- Re: A simple question, Keith Moore
- Re: A simple question, John C Klensin
- Re: A simple question, Keith Moore
- Re: A simple question, Spencer Dawkins
- Re: A simple question, Valdis . Kletnieks
|
|
|