|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: who gets a /32 [Re: IPV6 renumbering painless?]
Paul Vixie wrote: i have long wished for and sometimes needed a way to renumber a host w/o killing or restarting its active tcp flows. this isn't a layering violation. tcp should be able to know about endpoint-renumber events.This is a layering violation and has endless security implications.as i told someone in private e-mail earlier this morning, tcp's notion of a flow-identifying tuple includes network addresses, and so, the ability to change these on the fly will absolutely affect tcp. when you bind a session to an address, as tcp currently does, you cause the community to waste ipv4 /32's or ipv6 /128's as loopback aliases just to have something they can virtualize, manage, move around, play with. So? let me put that another way, in case it's not clear enough as stated: tcp's existing reference to network addresses are a layering violation, and so anything we do to improve the situation will also be a layering violation, but what of it? deciding against making tcp "less pure" is not going to meet the needs and demands of the community -- and those needs and demands WILL be met, and probably in even less pure ways. google for a product or feature called "3TCP" to see what i mean. Instead of hacking the nice and working TCP we have now you should move on to greener grass and use SCTP instead. It does what you want, at least in the specification. I don't know how many implementors have managed to code it properly. You can solve the renumber thingie by having all TCP connecting to/from an official IP on the loopback interface. Then the routing code could do its work and route the packets through some some other or renumbered interface.see above. we do that now. however, it limits the scope of mobility to "same autonomous system" and often "same campus" so it's not useful for any wide area purpose. the internet's target area is very wide indeed. Yea, but what is a surviving TCP good if you put your laptop to sleep and wake it up somewhere else? It can't pre-announce the next IP address it will use. Instead at the new location it will have to convince somehow the remote host that he is he indeed. No way without cryptography. IPSEC will break too. Oops, the remote end switched IP addresses too and you are lost. The question is whether renumbering while moving active TCP sessions to the new IP address is a problem at all other than a nice-to-have dream of 'propellerhead' Paul? ;) And the other, more serious, question is whether IP addresses are something that you only use temporarily or permanently? Try to get your TCP automatic renumbering stuff implemented from spec by five different people in five different codebases in a compatible way within two month time... No way.where i come from that's called "the fallacy of the straw man" and is not a well respected technique for debate or discussion. the process i'm thinking of would take years to reach deployability, and more years to reach wide scale deployment. Nonetheless having a simple and easily implementable spec is key to success and compatibility. I know you can write, hmm, interesting and complex code... KISS KISS KISS KISS !!! Why is the telephone (POTS/Mobile) so popular? Easy answer: Even the most stupid person on earth capable of correctly reading digits is able to punch in a number. As simple as it gets.i guess i was expecting smart people to write kernels and "lusers" to just run working code. this seems to work for apple and suse and redhat and sun and microsoft. or is this another straw man thing? certainly my kids think their mac/os/x machine is as easy to use as a telephone, and if you asked them how the routing table worked they wouldn't care. No, they don't mind just using the computer because you set up the internet connection. Have them call your favorite ADSL provider and order an ADSL line and then have them set up some DSLWLAN thingie plus a printer connected via ethernet. And using the Apple offerings is cheating, take the average cheap windooze stuff. Because all this worked so well they want to run their own webserver on their computer and others from the internet should be able to connect... You see? -- Andre
|