On Thu, 30 Jan 2003 [EMAIL PROTECTED] wrote: > > The socket option doesn't help. If an application doesn't understand > > anycast addresses and tries to use one as a source address, it will fail > > regardless of whether there is a socket option for it or not. > > No it will work intermittently depending apon the number > of anycast instances and the topological relationships of > the end points. If it doesn't work you will get timeouts > / connection failures. It will be difficult to diagnose > the problems unless you realise that you are dealing with > a anycast address and take appropriate steps to deal with > it. > > For example named allows you to specify a query source > address. As a developer I want hard failures to occur if > a anycast address is used here accidently. I don't want > all of the millions of existing copies of named to be able > to anycast addresses to source packets without being upgraded. > It will lead to a support nightmare that will exist for > years. I also want to be able to identify a anycast address > when I scan the list of addresses on the machine (FreeBSD > has IN6_IFF_ANYCAST). > > Without a socket option you are handing people a loaded gun > with the safety off. At least make it a loaded gun with the > safety on. They then have to do something deliberate before > they shoot themselves in the foot. > > Also by allowing by allowing traffic to be sourced from a > anycast address without a socket option you are violating > the principal of least astonishment. The exist stack *do* > block this so current applications may depend on it.
I believe this is a problem only when explicitly binding to a specific address. Based on that, one must ask how the user has come up with that particular (anycast) address. By manual configuration? You can always shoot yourself in the foot. By getifaddrs() or similar mechanism, employed to get all the addresses of a node? Perhaps there should be a knob there, to return only "safe" addresses. But these seem to be outside of the IETF turf.. Note that there has been a proposal for anycast address API: to request an address, you "join" a group with an API like joining a multicast group. Anycast addresses would not typically be assigned on interfaces. This would also eliminate this particular problem. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
