On Feb 21, 2018 10:38 PM, "Lorenzo Colitti" <lore...@google.com> wrote:
On Thu, Feb 22, 2018 at 10:51 AM, Tom Herbert <t...@quantonium.net> wrote:
> The hidden aggregation method is intended to make scaling possible.
> Each assigned block results in on entry in mapping system so total
> amount of state is num_hosts*num_blocks per host. e.g. in a network of
> 10M nodes with 100 blocks per host that's 1B entries in the mapping
> system-- should be able to scale that.
I have a fundamental problem with the assertion "should be able to scale to
1B mapping entries" given that a) current routing hardware capabilities are
three orders of magnitude away from that, and b) anyone on the Internet can
mount a state exhaustion attack on the mapping system simply by originating
a packet to any IPv6 address in the domain.
Personally I don't think this work should progress until we have line of
sight to a system that can actually do that.
The intent of this draft is to articulate a problem that may be worth
working on. It's not to specify the solution, although I think it makes
sense to at least suggest some possible paths for a solution to establish
that the problem is solvable. Also, there is not necessarily just one
possible solution. The draft mentions possibly of hybrid assignment of
addresses for different privacy requirements, and how NAT is an existing
technique that can provide strong privacy in addressing (I hope there is a
better solution that does not rely on NAT).
Int-area mailing list