Thus spake "Joe Abley" <jabley@isc.org>
On 1-Mar-2006, at 11:55, David Barak wrote:
It isn't fearing change to ask the question "it's not broken today, why should I fix it?"
What's broken today is that there's no mechanism available for people who don't qualify for v6 PI space to multi-home. That's what shim6 is trying to fix.
Shim6 is an answer to "what kind of multihoming can we offer to sites without PI space?"; it is yet to be seen if anyone cares about the answer to that question. The question that folks with money are asking is "how do I ensure that any random user can get reliable access to my website", and that's a question that the IETF is, in general, uninterested in.
However, it's not hard to find examples in today's v4 Internet where reconvergence following a re-homing event can take 30 to 60 seconds to occur. In the case where such an event includes some interface flapping, it's not that uncommon to see paths suppressed due to dampening for 20-30 minutes.
That may be acceptable compared to the general limitations of PA space. Folks have learned to deal with the limitations of BGP-based redundancy; asking them to give those benefits up without substantially greater benefits is foolhardy.
I would expect (in some future, hypothetical implementation of shim6) that the default failure detection timers to start rotating through the locator set far sooner than 30-60 seconds.
If we ever see shim6 (or its equivalent) widely deployed... So far, we don't even have simple IPv6 on even a noticeable fraction of end nodes. Any solution which requires upgrading all the end nodes is a non-starter, and the IETF needs to wake up to that fact. It's taken over a _decade_ for simple IPv6 to make it into host stacks, and it's still not viable yet. No host-dependent upgrade will matter to the Internet over the long run.
No; maintain one address per PA netblock on each host.
And so, if I have 6 upstream providers, every one of my hosts has to keep track of the outbound policy I want for each? How exactly am I supposed to keep track of that? Even the outbound policy for a single host (aka firewall) is beyond most organizations' capabilities today... Why is it even remotely rational that a corporate admin trust 100k+ hosts infested with worms, virii, spam, malware, etc. to handle multihoming decisions? Especially when we don't even have a sample of working code today? I don't even trust the <5 PCs I have at home to make those kind of decisions, much less every PC in my corporate network...
There's a vast difference in impact on the state held in the core between deaggregating towards direct peers, and deaggregating towards transit providers and having the deaggregated swamp propagated globally.
Obviously, folks differ in their definition of "swamp". I'd love a world where $large orgs could connect to N providers and not have to figure out the vagaries of BGP, but the reality is that if a large customer depends on the Internet for their financial health connectivity, the only answer today (with either v4 or v6) is PI space. Now, some may take that as a sign the IETF needs to figure out how to handle 10^6 BGP prefixes... I'm not sure we'll be there for a few years with IPv6, but sooner or later we will, and someone needs to figure out what the Internet is going to look like at that point. If the IETF isn't interested, some group of vendors will, if for no other reason than that's what will be needed for the vendors to sell routers in a few years. Is it any surprise that $vendor is pushing how many millions of routes they can handle in the FIB today? IPv6 is just a convenient placeholder for all the problems that today's ISPs are ignoring about today's Internet. S Stephen Sprunk "Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin