(6bone) Ingress filtering (was: asymmetric routing)
Paul Jakma
paul@clubi.ie
Tue, 5 Feb 2002 03:37:18 +0000 (GMT)
On Fri, 1 Feb 2002, Michel Py wrote:
> Unfortunately, it turn outs that IPv6 multihoming is likely to be
> a complicated, multi-facetted solution.
hmm...
why not use DNS in some way?
The infrastructure is there, the address space delegations (and glue)
will be there.
Create a new DNS RR to specify border routers (BR RR?), similar to
SRV RR allow it to specify priorities and weighting of equal priority
border routers.
end-site client has the registrar (or have his ISP) enter this
records as glue at the point of delegation.
eg:
$ORIGIN \[x3FFE123456789abc/64].ip6.arpa.
@ BR 10 40 3ffe:100:100:100:100:1
BR 10 40 3ffe:100:100:100:100:2
BR 10 10 3ffe:200:200:200:200:1
BR 20 50 3ffe:300:100:100:100:1
BR 20 50 3ffe:300:100:100:100:2
@ NS foo.ipv6.acme.org.
NS bar.ipv6.acme.org.
If you specify that BR records /must/ reference routers whose address
is covered by a valid and well-aggregrated BGP prefix advertisement
(one that will not be filtered out), then the above will work fine.
now you dont need to invent another protocol (just slightly extend an
existing and well-proven protocol), you just need to teach routers to
lookup 'BR' records for certain prefixes. (and most routers already
have a DNS client implementation.)
it'd help even more if the IPv6 address registrars handed out
'multihome IPv6' allocations from well-defined prefix ranges, then
you could limit 'BR' lookups to only happen when prefix is from such
a range.
On possible (rough) process could be something like:
is prefix 'foo' from 'multihome-ipv6' allocation?
yes -> prefix=get-br(prefix)
normal_bgp_lookup(prefix)
get-br() {
- lookup multihome-BGP view
yes -> return BR
else -> {
- lookup 'foo'.ip6.arpa BR
- for each BR in next_priority where address != 'multihome-ipv6'
connect to BR using 'light-bgp'
get advertisements, inject into multihome-BGP view
}
- lookup multihome-BGP view -> return BR
}
the entries in 'multihome-BGP' view would be purged after some time
out.
'light-BGP would some kind of lightweight multihop on-the-fly peering
BGP, purely to ask a BGP peer "give me your advertisements for xyz".
(or alternatively, instead of 'lightweight BGP' you just need some
other "can you route for this address?" "yes/no" protocol.)
So customer advertises his networks to his ISPs via BGP. 3rd party
routers that are 'close enough' to pick up those advertisements (via
private peering agreements and route-map overrides, whatever) will
pick up the BGP advertisements. Else 3rd party router looks up the
'BR' DNS RR to find the border routers (which are the ISPs routers).
biggest problem is that the load is mainly on the ip6.{arpa,int} root
servers. (but delegation of prefixes to many servers would mitigate
this).
mad idea?
> Michel.
regards,
--
Paul Jakma paul@clubi.ie paul@jakma.org Key ID: 64A2FF6A
Fortune:
Don't be irreplaceable, if you can't be replaced, you can't be promoted.