Re: who gets a /32 [Re: IPV6 renumbering painless?]
i have long wished for and sometimes needed a way to renumber a host w/o killing or restarting its active tcp flows. this isn't a layering violation. tcp should be able to know about endpoint-renumber events.
Unfortunately this sounds like a good target for people to mess up implementations and introduce huge security issues into TCP stacks. (along the theme of the one which started the recent MD5 discussion)
of course. and if endpoint-renumber were possible, it would also be used in load-balancing handoffs (similar to the thing that goes under the trade name "3TCP"), clustering, failover... plus things we havn't even thought of yet. of course there would be security problems, and just knowing the current sequence numbers wouldn't be enough proof, and there's an interesting question of whether both directions would have to renumber at the same time. this is a nec'y enabling technology for so many things that calling it a layering violation is "outrageous."
But obviously, implemeted properly that would be very useful. The problem then becomes, how an ISP can signal a renumber.
as it turns out, there is no silver bullet -- no single thing that if we could just to that then we'd be done, "roll credits." same thing for spam, as it turns out. it's going to take a lot of little things, which amounts to a lot of hard work by a lot of people, some of whom won't even know eachother or about eachother's work, to get "ipng" done. real time tcp session renumberability is on the list, but it's a big list. what i DON'T like is having the future of "ipng" decided in star chambers where things like A6/DNAME can be killed without transparency or accountability.
participants (1)
-
Paul Vixie