Site Multihoming in IPv6 (multi6)

Iljitsch van Beijnum | 2 Aug 00:08

Identification, layering, transactions and universal connectivity

Identity is a very interesting concept. What exactly makes a person, an 
object or some piece of information exactly that person, object or  
information and not someone or something else?

One school of thought is that the total of all attributes provides 
identity. Then there is the notion that some attributes are fundamental 
while others are inconsequential to the identity of the person, object 
or information. Finally, there is the view that identity is a 
fundamental property that doesn't depend on any attributes that may or 
may not be present.

In the real world the first method of identification works to some 
degree, as it is impossible for two objects to be identical in all 
aspects, including occupying the same place at the same time. However, 
for information this doesn't work so well, since this way the identity 
of a piece of information is identical to the information itself, so 
referring to information by its identifier becomes useless.

The latter two concepts of identification surface in relational 
databases and object oriented databases respectively. In a relational 
database model, links between objects are made using one or more key 
attributes in the destination object, while in object oriented 
databases objects are assigned an identifier that remains stable 
regardless of changes to any or all of an object's attributes.

So what do we use on the internet today?

At first glance it seems that we use a relatively ephemeral attribute 
as the identifier: the host address. The FQDNs we generally use can be 
seen as simple mnemonics for addresses. However, I think over the years

(Continue reading)

Tony Li | 2 Aug 00:56

RE: Identification, layering, transactions and universal connectivity


|    - Work on the address selection problem.

I don't want to discourage all of the metaphysics, but I would
like to mumble a bit about this part of the problem.  What are
the boundaries of the solution space for this particular area?
Ultimately, in a utopian world, we'd like an oracle that gives
us the perfect pair of addresses to use for any given communication.
These addresses would not only provide reachability, but would
provide optimality in routing, latency etc.

Back in realityland, we have no such oracle.  If we want to 
make an intelligent decision, we need to have data to base that
decision upon.  Without the data, possibly via indirect access,
we are guessing, tho that's not necessarily a bad thing.  See
Ethernet.  

The data that we would like to have includes topological connectivity,
including policy constraints, available bandwidth, latency, QoS
availability, etc. ad nauseum.   Where is that data today?
Some of it is in the routing subsystem.  Most of it is not
collected today.  Much of it is real-time information, so 
not maintaining a 'current' copy would make the information
worthless.  And the overhead of storing the information and
distributing it is pretty clearly daunting.  

Instead of trying to swallow this huge mountain of data, we
have a very simple alternative: perform experiments.  By
simply trying the addresses that we get from our addressing
system and actually sending the packets, we are, in effect,

(Continue reading)

Iljitsch van Beijnum | 2 Aug 10:48

Re: Identification, layering, transactions and universal connectivity

On zaterdag, aug 2, 2003, at 00:56 Europe/Amsterdam, Tony Li wrote:

> |    - Work on the address selection problem.

> I don't want to discourage all of the metaphysics, but I would
> like to mumble a bit about this part of the problem.  What are
> the boundaries of the solution space for this particular area?
> Ultimately, in a utopian world, we'd like an oracle that gives
> us the perfect pair of addresses to use for any given communication.
> These addresses would not only provide reachability, but would
> provide optimality in routing, latency etc.

> Back in realityland, we have no such oracle.

Not something that magically knows which address pairs are good and 
which are bad, no. But it should be possible to leverage information 
that exists already or discover information when needed.

> If we want to
> make an intelligent decision, we need to have data to base that
> decision upon.  Without the data, possibly via indirect access,
> we are guessing, tho that's not necessarily a bad thing.  See
> Ethernet.

Ethernet is not a bad thing???

I think blindly guessing is pretty pathetic, especially if you consider 
that in large sites, many other hosts may be doing the same thing a 
little earlier or a little later. And the same host will very likely 
done the same thing before.

(Continue reading)

Tony Li | 2 Aug 11:26

RE: Identification, layering, transactions and universal connectivity


|    It's not so much that we must desperately try to find the 
|    best address 
|    pair. BGP doesn't give us that either. But it's essential 
|    that we're 
|    able to weed out the very bad pairs quickly. It would be 
|    very helpful 
|    if we had some hints in the mapping system for this, such 
|    as "this is a 
|    low bandwidth/expensive address, only use as a backup" or 
|    "this is an 
|    address with partial connectivity (ie globally unique not globally 
|    routable) so only use when you know it's reachable".

Well, you're already into developing a global policy language 
for locators.  Seems expensive.

|    80/20 rule?

Exactly.

|    Yes. But the question is: do we want to go evaluate connectivity 
|    properties for half a dozen round trips before we do 
|    anything, do we 
|    choose something and go with it until we notice it doesn't work so 
|    well, or do we combine these by starting the communication 
|    immediately 
|    using one address pair and then evaluate connectivity in 
|    the background?

(Continue reading)

Iljitsch van Beijnum | 2 Aug 18:35

Re: Identification, layering, transactions and universal connectivity

On zaterdag, aug 2, 2003, at 11:26 Europe/Amsterdam, Tony Li wrote:

> Well, you're already into developing a global policy language
> for locators.  Seems expensive.

I believe that not having it will be more expensive in the long run.

> If we don't proscribe or prescribe, then this is just left as an
> implementation detail.

Ok.

> |    ???

> Restated: if we don't have to distribute more/new/timely information
> to support 'intelligent' locator selection, then we don't have to
> make modifications to the routing subsystem and can defer all of
> the 'magic'.  This makes migration easier as even the simplest of
> algorithms can be used initially to select locators and can then
> become more sophisticated as time progresses.

> Put yet another way: let's remove the complexity of locator selection.
> If simplistic turns out to be insufficient, then let's at least take
> out fancy information distribution and be a bit nearer perfection.

I don't think that's good enough. Today having multiple addresses from 
different ISPs doesn't work if the ISP does ingress filtering. To solve 
this, we need to be able to change addresses for existing sessions, and 
we need to figure out the right source address reasonably fast. But we 
also need to figure out the right destination address pretty quickly or

(Continue reading)

Tony Li | 2 Aug 20:04

RE: Identification, layering, transactions and universal connectivity


|    I don't think that's good enough. Today having multiple 
|    addresses from 
|    different ISPs doesn't work if the ISP does ingress 
|    filtering. To solve 
|    this, we need to be able to change addresses for existing 
|    sessions, and 
|    we need to figure out the right source address reasonably 
|    fast. But we 
|    also need to figure out the right destination address 
|    pretty quickly or 
|    publishing addresses that may not be reachable (for 
|    everyone) becomes 
|    too expensive. This is an integral part of the multihoming 
|    package so 
|    we must deliver on it.

Good point.  I consider that to be a different problem, however:
insuring that the packet departs via the ISP matching the source
locator.  We'd really like routing to choose the right ISP once
the host has chosen its source locator.  Unfortunately, we don't
have a great deal of control.  Most enterprises simply have an
internal default that points 'thataway' and may or may not fail
over when an SBR or its link fails.

[Aside: solving this with the 'little' proposal was actually
a bit easier.  The SBR simply changed the locator to match the
ISP as the packet exited.]

A simple approach here would be to give the host a 'hint' as to

(Continue reading)

Spencer Dawkins | 2 Aug 22:21

Re: Identification, layering, transactions and universal connectivity

Dear Iljitsch/Tony,

You're both chewing on something that seems important -
in today's systems, a lot of the experimenting goes into
applications. Or "doesn't go into applications", to be
more precise.

My understanding of the Late Unpleasantness on site-local
was that at least some of the problem wasn't that applications
couldn't figure out what addresses to use, given time and
failures to motivate more experiments, it was that we had
decades of applications that didn't try to figure out another
address when a failure occured. (Please correct me if I'm
confused here).

(1) At the recent IAB workshop on addressing, I watched
several speakers who COULD have used the phrase
"session layer" not do so, and I'm still trying to figure out
whether this is a religious choice or a technical choice. But
at least some of what we're taking about has been described
as a "session layer" that survives transitions in transport
connections.

(2) At that workshop, I noted that I'm hearing more and
more people talking about applications that were making
interface selections (based on what? from Iljitsch's original
note, but I digress), so that applications want to switch from
GPRS to 802.11 when 802.11 becomes available, etc. My
concern here is that if we do as Tony (correctly, I think)
suggests and find some way to perform these selections

(Continue reading)

Tony Li | 2 Aug 22:59

RE: Identification, layering, transactions and universal connectivity


One note: multiple experiments can be performed in
parallel, if the host is willing to devote the
resources and complexity to it.  This can be used 
to hide the latency of experimenting.

Tony

Iljitsch van Beijnum | 4 Aug 00:20

Re: Identification, layering, transactions and universal connectivity

On zaterdag, aug 2, 2003, at 22:21 Europe/Amsterdam, Spencer Dawkins 
wrote:

> My understanding of the Late Unpleasantness on site-local
> was that at least some of the problem wasn't that applications
> couldn't figure out what addresses to use, given time and
> failures to motivate more experiments, it was that we had
> decades of applications that didn't try to figure out another
> address when a failure occured. (Please correct me if I'm
> confused here).

That is one argument against this. But I think the really bad problem 
here is that once something goes into the general application populace, 
it becomes essentially impossible to get rid of it so when something 
better is developed later, the old way of doing it must be supported 
for *many* years.

> (1) At the recent IAB workshop on addressing, I watched
> several speakers who COULD have used the phrase
> "session layer" not do so, and I'm still trying to figure out
> whether this is a religious choice or a technical choice. But
> at least some of what we're taking about has been described
> as a "session layer" that survives transitions in transport
> connections.

A session layer is an interesting idea. But I don't think there is any 
agreement on what such a new layer should look like.

Myself, I think IPsec already took us halfway there by introducing a 
negotiation mechanism for security associations. We could generalize

(Continue reading)

Pekka Nikander | 6 Aug 17:09

Re: Reasonable to use crypto in all communications? (Re: Fwd: Minutes/Notes)

[Slowly catching up some old e-mail]

Pekka Nikander wrote:
>> What comes to crypto binding, I am only aware of two possibilities:
>> Using asymmetric keys (or something similar) as primary identifiers,
>> or using CGA (or something similar).  All the other solutions that
>> I know about require some kind of infrastructure, some kind of
>> an enrollment procedure, or both.

Erik Nordmark wrote:
 > I guess I don't really understand your categorization.

Maybe I have to set up some context for the statement of mine above.
Firstly, my understanding is that we are still discussing the proposed
identifier/locator separation.  There are certainly several possible
ways of achieving the separation, some of which involve existing
higher level identifiers.  However, I tend to think more in the
line of just "splitting" the IP address roles, and perhaps
introducing a new name space for the identifiers.

Secondly, the question at hand was how to secure a binding between
a given identifier and a set of locators.  (There are documents that
include descriptions of at least some of the threats involved, see
draft-nikander-mobileip-v6-ro-sec-01.txt and
draft-nikander-hip-mm-00.txt)

Now, for making secure the binding between the identifiers (entities
that applications use to denote their peers) and the locators (routing
location identifiers), I am aware of two basic mechanisms:

(Continue reading)

Group

gmane.ietf.multi6.

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9

Articles in period: 88

August 2003

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

WG Action: Conclusion of Site Multihoming in IPv6 WG (multi6) (17 Mar 15:50)
questions about draft-wen-ipv6-rsra-opt-multihoming-00 (7 Jun 05:18)
questions about draft-wen-ipv6-rsra-opt-multihoming-00 (6 Jun 11:32)
questions about draft-wen-ipv6-rsra-opt-multihoming-00 (6 Jun 09:08)
questions about draft-wen-ipv6-rsra-opt-multihoming-00 (6 Jun 06:04)
Closing of the multi6 working group (18 Nov 03:38)
RFC 4218 on Threats Relating to IPv6 Multihoming Solutions (1 Nov 01:50)
RFC 4219 on Things Multihoming in IPv6 (MULTI6) Developers Should Thin (1 Nov 01:52)
RFC 4177 on Architectural Approaches to Multi-homing for IPv6 (1 Oct 01:28)
RFC 4116 on IPv4 Multihoming Practices and Limitations (23 Jul 00:07)
(18 Jul 11:13)
Fw: I-D ACTION:draft-montavont-mobileip-multihoming-pb-statement-04.tx (9 Jun 13:46)
Weekly posting summary for multi6@ops.ietf.org (8 May 06:00)
Weekly posting summary for multi6@ops.ietf.org (1 May 06:00)
Document Action: 'Threats relating to IPv6 multihoming solutions' to (30 Apr 00:09)
Weekly posting summary for multi6@ops.ietf.org (24 Apr 06:00)
Weekly posting summary for multi6@ops.ietf.org (17 Apr 06:00)
Weekly posting summary for multi6@ops.ietf.org (10 Apr 06:00)
Weekly posting summary for multi6@ops.ietf.org (3 Apr 07:00)
Document Action: 'Architectural Approaches to Multi-Homing for IPv6' (28 Mar 19:41)
Weekly posting summary for multi6@ops.ietf.org (27 Mar 07:00)

Archives

1	March 2007
5	June 2006
3	November 2005
1	October 2005
4	July 2005
1	June 2005
2	May 2005
5	April 2005
12	March 2005
11	February 2005
41	January 2005
28	December 2004
170	November 2004
102	October 2004
14	September 2004
67	August 2004
175	July 2004
230	June 2004
79	May 2004
82	April 2004
217	March 2004
146	February 2004
245	January 2004
97	December 2003
242	November 2003
184	October 2003
100	September 2003
88	August 2003
227	July 2003
88	June 2003
369	May 2003
165	April 2003
352	March 2003
200	February 2003
85	January 2003
128	December 2002
421	November 2002
326	October 2002
1	September 2002
1	August 2002
23	July 2002
18	June 2002
6	May 2002
3	April 2002

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template