On Thu, 27 May 2010 08:38:17 -0700, Fred Baker <f...@cisco.com> wrote:
> On May 26, 2010, at 5:53 PM, Dae Young KIM wrote: > >> Hi, Fred, >> >> On Thu, May 27, 2010 at 3:30 AM, Fred Baker <f...@cisco.com> wrote: >>> The way I see it, the fundamental benefit of GSE or any of its >>> successors, of which ILNP is one, is that the edge network is able to >>> operate as if its address was provider-independent, and the transit >>> domain is able to operate as if the address is provider-allocated. >>> Neither adds additional complexity, as compared to (say) shim6, which >>> forces the edge network to accept the additional complexity of routing >>> multiple prefixes for the same subnet, or a truly PI network, which >>> forces the transit domain to enumerate edge networks. >> >> - quote end - >> >> This let's me raise two more questions. >> >> 1. Would it mean that, as long as routing scalability is concerned, >> adopting GSE would provide the same effect and so we wouldn't need the >> extra (small?) pain of adopting ILNP? > > ILNP addresses a failure mode of GSE. No, we don't *need* ILNP, but then > we don't get a solution to the on-path attack it corrects. I think you mean "off-path attack" (i.e., the source address spoofing issue with GSE that ILNP addresses using ICMP locator updates + nonce, and the separate I & L DNS records + DNSSEC). >> 2. As I understand, in a multi(double)-homing situation, a site >> would be given two sets of PA locators. And so, subnet locators inside >> would be aggregated to two shorter aggregated locators; two, not one. >> You say above that, even with ILNP, there would be only single PA >> locater visible in DFZ. Perhaps, you're mistaken? > > Perhaps I didn't say what I said clearly. If I have service from multiple > ISPs and therefore multiple PA addresses, each of the PA addresses will be > visible in the DFZ, and each of my ISPs will only service its own PA > address. > > What I said above is that within the edge network, ILNP configures one > "inside" prefix per subnet where SHim6 configures multiple > provider-allocated "outside" prefixes on the same subnet. ILNP carries with > it a translation - at the DMZ between the edge network and the transit > network, the locator is changed between the "inside" prefix and the ISP's > prefix. Locator translation at the site edge is optional with ILNP. So if one wishes to expose PA prefixes into the edge network, they can. Strictly speaking, locator translation is also optional in GSE, but I don't think that anyone ever considered deploying it that way. Regards, // Steve _______________________________________________ rrg mailing list rrg@irtf.org http://www.irtf.org/mailman/listinfo/rrg
