> well, the above scenario looks too aggressive to me.
> the invariants we would like to keep are:
> - advertise address by DNS, only after addresses are ready
Ready to accept traffic I assume. Or do you mean "ready = preferred"?
> - mark addresses deprecated, only after we remove them DNS and
> we wait till DNS TTL has passed
That means that the old adresses will be used as source addresses
when they don't exist in the DNS. So any application on a peer which does a
reverse + forward DNS lookup of the source address, will not find anything
in the DNS. While we'd like to see such DNS host name verification replaced
by stronger measures (such as IPsec) I think it would be unfortunate to
completely throw out the ability the rely on DNS for reverse + forward lookups.
Erik
> so, the scenario will be as follows: time unit = minutes.
>
> T=0 add a new prefix.
> T=5 test new prefix and confirm that it is working okay.
> T=10 advertise address on new prefix (and old prefix) via DNS
> T=70 confirm that we now have clicks to www.erik.net
> T=75 remove addresses on old prefix from DNS
> T=135 mark old address deprecated (pltime = 0).
> T=140 confirm that there's no new connectivity to old address coming,
> terminate contract with old ISP.
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
