headers
Rob Austein | 2 Jan 06:00
Favicon
Gravatar

Weekly posting summary for multi6 <at> ops.ietf.org

    Messages   |      Bytes        | Who
--------+------+--------+----------+------------------------
 66.67% |    2 | 84.15% |    10317 | internet-drafts <at> ietf.org
 33.33% |    1 | 15.85% |     1943 | sra <at> hactrn.net
--------+------+--------+----------+------------------------
100.00% |    3 |100.00% |    12260 | Total

Grunchweather Associates provides this automatic summary on an at-whim
basis at the request of the MULTI6 WG chairs.  Your mileage may vary.
We decline responsibilities, all shapes, all sizes, all colors.
If this script produces broken output, you get to keep both pieces.
Permalink | Reply | 0 comments |
headers
Internet-Drafts | 4 Jan 21:31
Picon
Favicon

I-D ACTION:draft-ietf-multi6-v4-multihoming-03.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Site Multihoming in IPv6 Working Group of the IETF.

	Title		: IPv4 Multihoming Motivation, Practices and Limitations
	Author(s)	: J. Abley, et al.
	Filename	: draft-ietf-multi6-v4-multihoming-03.txt
	Pages		: 13
	Date		: 2005-1-4
	
Multihoming is an essential component of service for many sites which
   are part of the Internet.  This document describes some
   implementation strategies for multihoming with IPv4 and enumerates
   features for comparison with other multihoming proposals
   (particularly those related to IPv6).

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-multi6-v4-multihoming-03.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-multi6-v4-multihoming-03.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
(Continue reading)

Permalink | Reply | 1 comment |
headers
Changming Liu | 4 Jan 00:13
Favicon

Re: I-D ACTION:draft-arifumi-multi6-sas-policy-dist-00.txt

Another case that SAS may be useful is for the firewall tranversal. In case that the ISP deploys some kind of stateful firewall (like in managed firewall services), the forwarding traffic and returning traffic should go through the same firewall or the return traffic may be blocked. If ISP1's assigned address is used as the source address and the traffic is forwarded via ISP2 and the traffic will routed back through ISP1 (the destination is now the source address assigned by ISP1), the firewall in ISP1 will belcok the traffic. SAS will ensure that traffic go through each ISP will have the correct source address so that return traffic can come back from the same ISP.

Changming Liu
 
Juniper Networks
1194 N. Mathilda Ave.
Sunnyvale, CA 94089-1213
 
 
Arifumi Matsumoto wrote:
Hi Brian, thank you for comments.
On 2004/11/05, at 21:29, Brian E Carpenter wrote:
3.1 Multihome Site with Global-Closed Mixed Connectivity ============== | Internet | ============== | 2001:db8::/32 | 3ffe:1800::/32 +----+-+ +-+----+ | ISP1 | | ISP2 | (Closed Network) +----+-+ +-+----+ | | 2001:db8:a::/48 | | 3ffe:1800:a::/48 (DHCP-PD') ++-------++ (DHCP-PD') | Gateway | +----+----+ | 2001:db8:a:1::/64 | 3ffe:1800:a:1::/64 | (RA'/DHCP') ------+---+---------- | +-+----+ 2001:db8:a:1:[EUI64] | Host | 3ffe:1800:a:1:[EUI64] +------+



I'm afraid I don't see why this case is of interest to multi6. It is a case where the user site is connected to one ISP and to one WGP (walled garden provider). This is not site multihoming in the sense of multi6. As far as I can see, a longest match is sufficient to tell the host which source prefix to use.


Actually longest match isn't sufficient. If a packet is destined for a closed network, an appropriate source address is chosen automatically by longest match. On the other hand, a packet is destined for somewhere in the Internet, it is not always true. For example, when a packet is destined for 3ffe:1801::1 in the Internet, the source address will be the one delegated by ISP2(WGP). In the end, the reply packet for it never returns because of the wall.

Yes, correct. It needs to be a bit more complex than longest match - it's exact match on the /32 for ISP2 and you *will* need a priority policy to achieve that.

Walled Gardens are bad things anyway, so I wonder if we should solve this?

Anyway, I agree that this case may not be the scope of multi6.

3.2 Host with Multiple Home Addresses and Connectivity to Two Global Networks


This is the case of interest to multi6.
...
Note that the end nodes are notified of an address-selection policy that includes prefix ::/0 by both ISPs, hence a specific source address for ::/0 can't be determined in the Label-Rule judgment phase described in RFC3484. So, these entries for prefix ::/0 won't actually be stored in the policy table, and this policy table won't have any effect on source-address selection for packets that match ::/0. The source address in these cases will be determined by following rules listed in RFC3484, such as longest match with the destination address.


Exactly. And it is this case - when two ISPs both offer connectivity to ::/0 - that multi6 has to solve. That seems to be the case you don't help with.


Though I didn't include them in this version of my I-D, we are thinking of some other solutions. For those hosts that can support ECMP(equal cost multi-path) or some other special mechanisms for multihoming, it would be helpful to notify all the default routes and all the SAS Policies for default routes as I mentioned in I-D.

Well, I think the multi6 conclusion is that we need active reachability checking anyway. The most that SAS policy can do is decide the order in which reachability is checked.

Therefore, I still think that SAS policy is a secondary component for multi6.

Brian

For normal hosts, however, it would be better not to notify multiple routes for the same destination network. So, it should be configurable on routers not to announce multiple routes but to choose one. The configuration will be like prioritizing ISPs.
It may be useful to define a new DHCP option for Solicit message that explicitly requests for multiple routes for the same destination network.
-- Arifumi Matsumoto Ubiquitous Computing Project NTT Information Sharing Platform Laboratories E-mail: arifumi <at> nttv6.net


    Changming Liu
     
    Juniper Networks
    1194 N. Mathilda Ave.
    Sunnyvale, CA 94089-1213
    Tel:  (408) 936-8010
     
    Permalink | Reply | 0 comments |
    headers
    Brian E Carpenter | 5 Jan 09:33
    Picon
    Favicon

    Re: I-D ACTION:draft-ietf-multi6-v4-multihoming-03.txt

    This version is intended to resolve all the WG Last Call comments
and includes a lot of editorial improvements too. In a day or two
it will be forwarded to the IESG for Informational publication,
unless anyone objects very quickly.

    Brian
    co-chair hat on

Internet-Drafts <at> ietf.org wrote:
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Site Multihoming in IPv6 Working Group of the IETF.
> 
> 	Title		: IPv4 Multihoming Motivation, Practices and Limitations
> 	Author(s)	: J. Abley, et al.
> 	Filename	: draft-ietf-multi6-v4-multihoming-03.txt
> 	Pages		: 13
> 	Date		: 2005-1-4
> 	
> Multihoming is an essential component of service for many sites which
>    are part of the Internet.  This document describes some
>    implementation strategies for multihoming with IPv4 and enumerates
>    features for comparison with other multihoming proposals
>    (particularly those related to IPv6).
> 
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-multi6-v4-multihoming-03.txt
> 
> To remove yourself from the I-D Announcement list, send a message to 
> i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
> You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
> to change your subscription settings.
> 
> 
> Internet-Drafts are also available by anonymous FTP. Login with the username
> "anonymous" and a password of your e-mail address. After logging in,
> type "cd internet-drafts" and then
> 	"get draft-ietf-multi6-v4-multihoming-03.txt".
> 
> A list of Internet-Drafts directories can be found in
> http://www.ietf.org/shadow.html 
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 
> 
> Internet-Drafts can also be obtained by e-mail.
> 
> Send a message to:
> 	mailserv <at> ietf.org.
> In the body type:
> 	"FILE /internet-drafts/draft-ietf-multi6-v4-multihoming-03.txt".
> 	
> NOTE:	The mail server at ietf.org can return the document in
> 	MIME-encoded form by using the "mpack" utility.  To use this
> 	feature, insert the command "ENCODING mime" before the "FILE"
> 	command.  To decode the response(s), you will need "munpack" or
> 	a MIME-compliant mail reader.  Different MIME-compliant mail readers
> 	exhibit different behavior, especially when dealing with
> 	"multipart" MIME messages (i.e. documents which have been split
> 	up into multiple messages), so check your local documentation on
> 	how to manipulate these messages.
> 		
> 		
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce <at> ietf.org
> https://www1.ietf.org/mailman/listinfo/i-d-announce
    Permalink | Reply | 0 comments |
    headers
    Brian E Carpenter | 5 Jan 13:38
    Picon
    Favicon

    Re: I-D ACTION:draft-ietf-multi6-functional-dec-00.txt

    Personal comments:

Substantive:
------------

I think this is OK to hand over to the proposed successor WG as it
is, but I have a few small comments anyway...

> 4.  Locator set management
...
>    There are two possible approaches to the addition and removal of
>    locators: atomic and differential approaches.  Atomic approaches
>    essentially send the complete locators set each time that a variation
>    in the locator set occurs.  In this case, there is only one message
>    exchange defined i.e.  a message that informs about the new locator
>    set and an acknowledgment message.  Differential messages send the
>    differences between the existing locator set and the new one.  In
>    this case, a message for adding a new locator and another message for
>    deleting locators have to be defined.  Both messages can be
>    acknowledged.  The atomic approach imposes additional overhead, since
>    all the locator set has to be exchanged each time...

On the other hand, the atomic approach doesn't need acknowledgement
messages, since it can work like soft state - you simply repeat the
atomic message at suitable intervals. That makes it quite a bit
simpler.

> 6.  Removal of M6 session state
...
>    In the unilateral approach, each node discards the information about
>    the other node without coordination with the other node based on some
>    local timers and heuristics.  No packet exchange is required for
>    this.  In this case, it would be possible that one of the nodes has
>    discarded the state while the other node still hasn't.  In this case,
>    an error message may be required to inform about the situation.

Again, this is like soft state. I don't think you need an error message
when state is lost - you just need to systematically restart the whole
M6 procedure, just like when a session is initiated.

Editorial:
----------

> 2.1  Initial contact
...
>    ...then the M6 protocol has to be used even to perform the
>    initial contact between the two nodes, starting by the capabilities
>    detection procedure described in section 2.1.2.

Do you mean section 3.1?

> 3.1.3  Host-Based Dynamic Discovery
...
>    For instance, lets assume hosts A and B communicate over two separate
>    links without going through the Internet.  Lets further assume the

s/let us/lets/

> 3.1.4  Timing
> 
>    Capability detection needs to occurr prior to or at the same time as

s/occur/occurr/

> 5.  Re-homing procedure
...
>    the Reachability Test is also a mechanism to prevent thrid-party
>    flooding attacks.

s/third/thrid/

> 
>    The Reachability Test exchange includes the following packets:
> 
>       Reachability Test (RT) packet: including the random nonce and
>       maybe information related to the initial key/cookie/hash chain

s/a random nonce/the random nonce/
[since this is the first time you mention the nonce]

> 7.  Security considerations
> 
>    The security requirements of each message exchange considered in this
>    note are detailed in the same section where the message exchange is
>    analyzed.

Add something like:

The security threats to be considered are described in [XXX].

      Brian
    Permalink | Reply | 1 comment |
    headers
    Brian E Carpenter | 5 Jan 13:44
    Picon
    Favicon

    Re: I-D ACTION:draft-ietf-multi6-hba-00.txt

    Personal comments:

I believe this is also ready to hand over to the future WG.

Just a couple of remarks.

1. You don't discuss the DNS at all - it clearly isn't a requirement
for the HBA mechanism itself to have any DNS entries, but surely
in reality at least one of the addresses will have to go into DNS?

2. A related point - in the discussion in 7.1 of MITM attacks, the
attack you describe only makes sense if the other end has no independent
check of *any* of the addresses in the address set. If even one of
them is (for example) in a trusted AAAA record, a MITM is excluded,
I think.

     Brian
    Permalink | Reply | 2 comments |
    headers
    Eliot Lear | 6 Jan 13:59
    Picon
    Favicon

    Re: Multi6 WG Last Call (2 of 3) draft-ietf-multi6-things-to-think-about-00.txt

    Catching up a bit...

Brian E Carpenter wrote:

> Will the solution add or change actions during a site renumbering 
> procedure?

As it turns out there is text along these lines in 6.5.

New draft out shortly.

Eliot
    Permalink | Reply | 3 comments |
    headers
    Internet-Drafts | 6 Jan 21:46
    Picon
    Favicon

    I-D ACTION:draft-ietf-multi6-architecture-03.txt

    A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Site Multihoming in IPv6 Working Group of the IETF.

	Title		: Architectural Approaches to Multi-Homing for IPv6
	Author(s)	: G. Huston
	Filename	: draft-ietf-multi6-architecture-03.txt
	Pages		: 38
	Date		: 2005-1-6
	
This memo provides an analysis of the architectural aspects of
   multi-homing support for the IPv6 protocol suite.  The purpose of
   this analysis is to provide a taxonomy for classification of various
   proposed approaches to multi-homing.  It is also an objective of this
   exercise to identify common aspects of this domain of study, and also
   to provide a framework that can allow exploration of some of the
   further implications of various architectural extensions that are
   intended to support multi-homing.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-multi6-architecture-03.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-multi6-architecture-03.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv <at> ietf.org.
In the body type:
	"FILE /internet-drafts/draft-ietf-multi6-architecture-03.txt".
	
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
		
		
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
    Attachment: message/external-body, 142 bytes
    Attachment (draft-ietf-multi6-architecture-03.txt): message/external-body, 67 bytes
    Permalink | Reply | 1 comment |
    headers
    Internet-Drafts | 6 Jan 21:46
    Picon
    Favicon

    I-D ACTION:draft-ietf-multi6-things-to-think-about-01.txt

    A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Site Multihoming in IPv6 Working Group of the IETF.

	Title		: Things MULTI6 Developers should think about
	Author(s)	: E. Lear
	Filename	: draft-ietf-multi6-things-to-think-about-01.txt
	Pages		: 19
	Date		: 2005-1-6
	
This document specifies a set of questions that authors should be
    prepared to answer as part of a solution to multihoming with IPv6.
    The questions do not assume that multihoming is the only problem of
    interest, nor do they demand a more general solution either.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-multi6-things-to-think-about-01.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-multi6-things-to-think-about-01.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv <at> ietf.org.
In the body type:
	"FILE /internet-drafts/draft-ietf-multi6-things-to-think-about-01.txt".
	
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
		
		
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
    Attachment: message/external-body, 151 bytes
    Attachment (draft-ietf-multi6-things-to-think-about-01.txt): message/external-body, 67 bytes
    Permalink | Reply | 1 comment |
    headers
    Brian E Carpenter | 7 Jan 09:04
    Picon
    Favicon

    Re: I-D ACTION:draft-ietf-multi6-things-to-think-about-01.txt

    This version is intended to resolve all the WG Last Call comments.
In a day or two it will be forwarded to the IESG for Informational
publication, unless anyone objects very quickly.

    Brian
    co-chair hat on

Internet-Drafts <at> ietf.org wrote:
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Site Multihoming in IPv6 Working Group of the IETF.
> 
> 	Title		: Things MULTI6 Developers should think about
> 	Author(s)	: E. Lear
> 	Filename	: draft-ietf-multi6-things-to-think-about-01.txt
> 	Pages		: 19
> 	Date		: 2005-1-6
> 	
> This document specifies a set of questions that authors should be
>     prepared to answer as part of a solution to multihoming with IPv6.
>     The questions do not assume that multihoming is the only problem of
>     interest, nor do they demand a more general solution either.
> 
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-multi6-things-to-think-about-01.txt
> 
> To remove yourself from the I-D Announcement list, send a message to 
> i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
> You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
> to change your subscription settings.
> 
> 
> Internet-Drafts are also available by anonymous FTP. Login with the username
> "anonymous" and a password of your e-mail address. After logging in,
> type "cd internet-drafts" and then
> 	"get draft-ietf-multi6-things-to-think-about-01.txt".
> 
> A list of Internet-Drafts directories can be found in
> http://www.ietf.org/shadow.html 
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 
> 
> Internet-Drafts can also be obtained by e-mail.
> 
> Send a message to:
> 	mailserv <at> ietf.org.
> In the body type:
> 	"FILE /internet-drafts/draft-ietf-multi6-things-to-think-about-01.txt".
> 	
> NOTE:	The mail server at ietf.org can return the document in
> 	MIME-encoded form by using the "mpack" utility.  To use this
> 	feature, insert the command "ENCODING mime" before the "FILE"
> 	command.  To decode the response(s), you will need "munpack" or
> 	a MIME-compliant mail reader.  Different MIME-compliant mail readers
> 	exhibit different behavior, especially when dealing with
> 	"multipart" MIME messages (i.e. documents which have been split
> 	up into multiple messages), so check your local documentation on
> 	how to manipulate these messages.
> 		
> 		
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
    Permalink | Reply | 0 comments |

    Gmane