Re: who gets a /32 [Re: IPV6 renumbering painless?]
none of those three things is acceptable, not even as a compromise.
The current solution I see for this is still IPv6. Except that one moves the complete 'Independence' problem a layer higher. Enter:
HIP: Host Identity Protocol: http://www.ietf.org/html.charters/hip-charter.html
this level of complexity seems a little high for anything to be universal. (let me put it this way: A6/DNAME was shot down because of complexity, and it was simpler than this.)
On Mon, 2004-11-22 at 17:52 +0000, Paul Vixie wrote:
none of those three things is acceptable, not even as a compromise.
The current solution I see for this is still IPv6. Except that one moves the complete 'Independence' problem a layer higher. Enter:
HIP: Host Identity Protocol: http://www.ietf.org/html.charters/hip-charter.html
this level of complexity seems a little high for anything to be universal.
It depends all on what one wants, either one gets a lot of routes and thus what we currently have in IPv4 or it is done completely different, like that. As for it not being universal, there are quite a number of working implementation already that seem to be proven to work quite reliable. One of the alternatives of course is something similar as MIPv6 etc.
(let me put it this way: A6/DNAME was shot down because of complexity, and it was simpler than this.)
Wasn't it more because a single A6 lookup could cause one (the resolver that is ;) to have to follow a overly long chain of A6/DNAME chains, which thus could cause maybe somewhat infinite lookups? I rather like DNAME btw: "ip6.int DNAME ip6.arpa", which works quite fine. A6 is fortunately not supported any more by BIND. On Mon, 2004-11-22 at 10:29 -0800, william(at)elan.net wrote:
1. A6/DNAME were great idea, I'm really disappointed they are not going forward...
It is, except maybe for the above noted 'problem'. Most of the time though a site will have only a limited number of DNS servers, thus A6/DNAME would be on the same server and the administrator could IMHO quite easily do the simple replace trick on the configuration.
2. Level of complexity is a very relative thing. To me the important is not to overwhelm any single protocol and allow clear separation between different levels.. In that sense if we actually are able to create new "host identity" layer we can solve the problem with not only dynamicly changing ip addresses but with simplified multihoming for end-user sites.
For most people on this globe the concept of 'IP' or even the phone system is already magic :) Depends on bit who looks at it.
What is bad however is that IETF instead of pursuing it as one effort has several of them including MULTI6, HIP, etc.
The fun of politics ;)
BTW - regarding why these effots while being ip-independet would not work for Ipv6, the reason is addressing. We need new kind of addresses and they all require "id" that TCP can use for establishing connection and that ID can not be limited to 32 bit so we end up considering reusing part of IPv6 space for this new kind of "non-ip" addresses. I think given large amount of available IPv6 space that is acceptable - if we cut the pool to 1/4 we'd still have enough.
No issue there then now is there ;) Greets, Jeroen
jeroen@unfix.org (Jeroen Massar) wrote:
The current solution I see for this is still IPv6. Except that one moves the complete 'Independence' problem a layer higher. Enter:
HIP: Host Identity Protocol: http://www.ietf.org/html.charters/hip-charter.html
this level of complexity seems a little high for anything to be universal.
It depends all on what one wants, either one gets a lot of routes and thus what we currently have in IPv4 or it is done completely different, like that.
That's the point of view of an Internet technician (ok, who's on this list, after all...). It is not the point of a user, a manager or a corporation. HIP is too complicated, it relies on too many parts. It will never be used widely, unless someone find a way to _entirely_ hide it from the end-user. I cannot see a way to do that, starting with the certificates and for a long time not ending with server and client implementations. It is nice in theory, it streamlines protocol interaction, adds security, makes you mobile, but it uses too many parts in complex interconnection. I consider it impractical on the large, although it may fit the bill for small, technically-oriented user groups. Elmar. -- "Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." (PLemken, <bu6o7e$e6v0p$2@ID-31.news.uni-berlin.de>) --------------------------------------------------------------[ ELMI-RIPE ]---
On Tue, 2004-11-23 at 11:32 +0100, Elmar K. Bins wrote:
jeroen@unfix.org (Jeroen Massar) wrote:
The current solution I see for this is still IPv6. Except that one moves the complete 'Independence' problem a layer higher. Enter:
HIP: Host Identity Protocol: http://www.ietf.org/html.charters/hip-charter.html
this level of complexity seems a little high for anything to be universal.
It depends all on what one wants, either one gets a lot of routes and thus what we currently have in IPv4 or it is done completely different, like that.
That's the point of view of an Internet technician (ok, who's on this list, after all...). It is not the point of a user, a manager or a corporation.
I am actually a user, though I tend to try to solve the problems I come across when wanting to do something from a variety of perspectives, all of which you mentioned above and probably a lot more.
HIP is too complicated, it relies on too many parts. It will never be used widely, unless someone find a way to _entirely_ hide it from the end-user. I cannot see a way to do that, starting with the certificates and for a long time not ending with server and client implementations.
Does Jane Doe even know that DNS exists? No, they go to wall-mart or so, get themselves a computer ("expensive toy with a lotttt of buttons"), because that, just like a phone, is used to communicate to other people, or a tv to look at pretty things ("Tell Sell made interactive!"), they plug it into that cable coming out of the wall, or most of the time let some 'engineer' ("that creepy fellow that came only after I called them a lot of times when they finally came around") 'install' it. Then Jane can press that round button and using that thing they call a mouse ("I have to press the eyes and the tail is on the wrong side"). MSN or whatever that came pre-installed pops up and gives them some default links. Most of them don't even know they can *type* url's.... let alone that they are called url's or that they form a hierarchy... they really don't care about DNS and they also do not want to know. As for your 'certificates' part, never used http://www.bank.com ? :) They come pre-installed. 25 years ago you didn't get a computer with a pre-installed browser (they didn't exist), that might take time, but it will come hopefully. That something at this moment doesn't look viable or far in the future doesn't mean one must simply throw it away... Btw... the funniest part about most people who say they 'multihome' is always that they have quite a number of SPOF's in their 'network' ;) Greets, Jeroen
On Mon, 22 Nov 2004, Paul Vixie wrote:
HIP: Host Identity Protocol: http://www.ietf.org/html.charters/hip-charter.html
this level of complexity seems a little high for anything to be universal. (let me put it this way: A6/DNAME was shot down because of complexity, and it was simpler than this.)
1. A6/DNAME were great idea, I'm really disappointed they are not going forward... 2. Level of complexity is a very relative thing. To me the important is not to overwhelm any single protocol and allow clear separation between different levels.. In that sense if we actually are able to create new "host identity" layer we can solve the problem with not only dynamicly changing ip addresses but with simplified multihoming for end-user sites. What is bad however is that IETF instead of pursuing it as one effort has several of them including MULTI6, HIP, etc. BTW - regarding why these effots while being ip-independet would not work for Ipv6, the reason is addressing. We need new kind of addresses and they all require "id" that TCP can use for establishing connection and that ID can not be limited to 32 bit so we end up considering reusing part of IPv6 space for this new kind of "non-ip" addresses. I think given large amount of available IPv6 space that is acceptable - if we cut the pool to 1/4 we'd still have enough. -- William Leibzon Elan Networks william@elan.net
BTW - regarding why these effots while being ip-independet would not work for Ipv6, the reason is addressing. We need new kind of addresses and they all require "id" that TCP can use for establishing connection and that ID can not be limited to 32 bit so we end up considering reusing part of IPv6 space for this new kind of "non-ip" addresses. I think given large amount of available IPv6 space that is acceptable - if we cut the pool to 1/4 we'd still have enough.
Correcting myself... Its not that you can not use multi6 with IPv4 - you can but your ip stack will need to be IPv6 capable in order to do it and programs and service should be prepared to deal with 128bit addresses for TCP/UDP connections. So upgrade to support IPv6 will still be necessary, but its not a requirement to actually run ipv6 network. Of course to support something like HIP or Multi6 you will need yet another upgrade to your ip stack and we really should have been pushing these upgrades together with IPv6 itself. -- William Leibzon Elan Networks william@elan.net
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2004-11-22, at 19.29, william(at)elan.net wrote:
What is bad however is that IETF instead of pursuing it as one effort has several of them including MULTI6, HIP, etc.
I don't see this as really true. MUTLI& is tasked with solving the problem of scalable site-multihoming for IPv6. HIP is tasked with defining the experimental protocol HIP. They are not mutually exclusive. I would actually like to argue that they are more complimentary. - - kurtis - -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQancq6arNKXTPFCVEQKD8wCfV11jFyqW1swUJyP6h0ToB8OR4N8An2NM mxR7AmAf8qKnp/E3967ge1HO =pJet -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (catching up) On 2004-11-22, at 18.52, Paul Vixie wrote:
none of those three things is acceptable, not even as a compromise.
The current solution I see for this is still IPv6. Except that one moves the complete 'Independence' problem a layer higher. Enter:
HIP: Host Identity Protocol: http://www.ietf.org/html.charters/hip-charter.html
this level of complexity seems a little high for anything to be universal. (let me put it this way: A6/DNAME was shot down because of complexity, and it was simpler than this.)
I am not convinced A6/DNAME would have solved all problems, not even all of the ones you pointed out. - - kurtis - -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQancTKarNKXTPFCVEQJ22QCfQ32v6oWBDVe9t2CVRT1vuc0BtggAoMbz xpInNhcRVCGIMdkm5GX40ozj =s5iV -----END PGP SIGNATURE-----
participants (5)
-
Elmar K. Bins
-
Jeroen Massar
-
Kurt Erik Lindqvist
-
Paul Vixie
-
william(at)elan.net