>>>>> "Jari" == Jari Arkko <[email protected]> writes: Jari> Though its not clear to me exactly how that affects the Jari> architecture. Wireless extenders are part of L2 that is not Jari> usually visible, though the other things are perhaps more Jari> visible to l3. Maybe the effects are what we should be talking Jari> about in terms of the requirements.
I wanted to point out that one of the complexities in debugging L2
networks that contain things like wireless extenders is exactly that:
they are not visible, they don't show up traceroute, you can't address
them easily to ask them questions, and the like.
I think that these things will go away over time once we are successful.
(BTW: I think that proxy-arp might me the solution to bridged IPv4 vs
routed IPv6. Proxy-arp has the "feature" that it usually breaks
multicast, but that might be a feature for a wireless extender...)
> So there may also be a requirement for interconnection of
> multiple ultra-short range networks via a house backbone:
> e.g. lights on top floor pool to form a mesh network, and lights
> in the basement form a mesh network, but the reinforced concrete
> floor partitions the two wireless meshes, so you need a routed
> connection between them.
Jari> I think we do include that already. Its part of being able to
Jari> provide a routed, multi-subnet network. Precisely for these
Jari> reasons. (But if you are arguing that we should all use some
I need to CC the roll list on this part, see next email.
>> 3) Virtual machines are exploding. I run 4 VM's on my
>> workstation. With the various upcoming application stores and
>> multiple application developers running on one system, I could
>> easily imagine that each application eventually runs in its own
>> mini-VM, so each IPv6 host becomes the equivalent of an old style
>> mainframe with multiple prefixes and intra-machine routing. That
>> may add another layer of routing to your picture. There may also
>> be virtual firewalls between those VM's, which adds another
>> layer.
Jari> Yep. I have that in my network, too :-) But the question is,
Jari> what does it imply in terms of requirements? It at least
Jari> implies that we need to support many devices, and probably
Jari> even more reason to allow for additional subnets (e.g., to
Jari> allow one set of virtual machines exist in their own subnet
Jari> inside a physical device).
I want amplify something I said today about subnet allocations vs
virtual machines. Products like XEN, VMware and VirtualBox have
some kernel components which needs to be installed by an administrator.
This means that he VM host (the "dom0") can have a (virtual) switch for
the guest machines which can be either *bridged* or *routed*.
(I can't speak to Parallels, but I know it can bridge or NAT)
There are advantages to routing, particularly on a laptop that sometimes
does not actually have any network connection, and also you have the
opportunity to enable the Advanced Security feature in the virtual
router.
The problem is with things that use QEMU/Bochs based emulation.
This includes the Android emulator that comes with the Android SDK.
(Note that this emulates an ARM system on an x86 platform).
This presently can also include the KVM system in some situations.
(KVM is basically native (x86 on x86) emulation with acceleration by
using VT extensions.)
The issue is that the default configuration is to include a reverse
stack in QEMU. It's rather ingenius actually. It basically turns a TCP
SYN packet into a call to the OS connect(2) call. The result is NAPT,
and default "Simple Security" sans PCP. It's possible to configure
QEMU to instead bridge to a virtual interface, but it's not default,
because that setup requires superuser to configure, and it doesn't
work at all (AFAIK) on windows or OSX.
Is this really an issue for the IETF? Not really, things can be made to
work, but my concern is that a typically KVM/QEMU user could, if the
router code is built-in to the QEMU, rather than into the operating
system, wind up allocating a prefix each time they boot up a single VM,
and while they might not run a lot of VMs at the same time, they might
well run many different VMs sequentially.
How and who do we inform when we have run out of prefixes?
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] [email protected] http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
pgpFgX2JNSXof.pgp
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
