On 2008-08-16 08:09, Christian Vogt wrote: > > On Aug 14, 2008, Tony Li wrote: > >> To clarify the issue at hand: we're interested in renumbering of end-user >> sites and changes in the locator namespace. > > To answer the question Tony has raised, it may be useful to get some > common ground on: > > (1) What are the renumbering tasks, and which cause most problems? > > (2) Which renumbering tasks could be eliminated? > > (3) How much more acceptable would renumbering become if some of the > renumbering tasks were eliminated? > > Let me take a first step in answering questions (1) and (2). I am > sure that many on this list will know something to add. > > > Regarding question (1): I would assume that, from the following list > of renumbering tasks, ... > > (a) hardcoded IP addresses in applications > (b) IP addresses of hosts > (c) IP addresses of routers > (d) IP addresses in filter devices, such as firewalls, intrusion > detection systems > (e) certificates issued for IP addresses > > [This list is certainly incomplete. Don't hesitate to add.]
I would suggest a slightly different taxonomy, to bring out what I think are the (almost) intractable problems. (A) Cases where addresses are configured or stored in places outside the control of the local network management staff. (A1) Addresses are embedded in applications or files maintained by local network users. (A2) Addresses are embedded in applications or files maintained by third parties. (B) Cases where addresses are configured or stored under the control of the local network management staff. (B1) Addresses are kept in a network management database maintained by network management staff, and used for automatic configuration. (B2) Addresses are embedded in configuration files and scripts maintained by network management staff. (B3) Addresses are manually configured into devices. It seems to me that only cases B1 and B2 are reasonably tractable, and A2 and B3 are particularly obnoxious. (My locators used in filters at your site fall into A2.) BTW this set of cases is close to isomorphous with the cases that have to be considered for IPv6 deployment. Brian > > ... item (a) potentially causes most problems due to the lack of a > single method that could either identify or fix affected applications. > > Also problematic is (d): Filtering devices may have to be modified > even if a *remote* edge network renumbers since they may be configured > with remote IP addresses (as Iljitsch pointed out earlier). > > > Regarding question (2): An example of a class of solutions that would > eliminate renumbering tasks (a) and (e) is host-based ID/locator split > solutions, such as HIP. > > Item (d) from the above list may be hardest to eliminate, because > filtering devices have to identify hosts or flows using locators. > Changing this doesn't seem to be feasible. > > - Christian > > > > -- > to unsubscribe send a message to [EMAIL PROTECTED] with the > word 'unsubscribe' in a single line as the message text body. > archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg > -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
