On Aug 16, 2010, at 11:44 AM, Hemant Singh (shemant) wrote: > -----Original Message----- > From: Jared Mauch [mailto:[email protected]] > Sent: Sunday, August 15, 2010 9:07 PM > To: Hemant Singh (shemant) > Cc: Randy Bush; ipv6 deployment prevention; Wes Beebee (wbeebee) > Subject: Re: Router redirects in Node Requirements document > >> Oh my. > >> So, hosts shouldn't have to know anything about their environment > anymore and this is just proxy-arp & redirects all over again? > > Not quite. The cable deployment I gave a use case for Redirect with, > has hosts that know their traffic has to be sent to the default router. > I also said, the cable deployment has hosts as always off-link to each > other - if you are my neighbor, then your PC phone call talks to my PC > phone call by sending traffic to the CMTS. Thus, the hosts completely > know what their environment is.
So it's a non-issue and they don't need the redirects in this case it seems. >> Do you know what impact that has on IOS based devices? I suspect > you've not seen the operational impact as a result of such items, > otherwise you would understand how poorly vendors actually implement >> these features for the operators. (Hence me raising the DoS issue). > > At least the high-end Cisco CMTS routers (ubr10000) I develop code for > has rate-limiting for any DoS issue. Other Cisco routers will also have > a generic rate limiting that will limit the Redirect DoS too. Yeah, I'm speaking generically, but knowing how each product team at Cisco works, it's very hit-or-miss if the folks who implement the code understand what they are doing (sadly). >> Even with your aforementioned rate-limit items, this would possibly > cause HA issues with switchover should a prefix/next-hop change, or a > router fail. > > In my cable use case for Redirect, a RP card switchover still has the > CMTS pointing the hosts in the downstream to the same prefix and > next-hop. Anyway, I am not sure how HA and switchover has any impact on > ND Redirect. We need a more specific case by case evaluation and see > what problems do we have with Redirect. I'm speaking about an environment where RP switchover is not as "hitless" as marketing material may represent itself. Being practical about these things, we have often found that 1+1 RP redundancy causes as many problems as it solves. Typically HSRP/VRRP can provide solutions in a L2 environment. It may be different in your CMTS case due to the nuances of the media(RF). > >> Is there a legitimate operational reason a host should not know the > subnet length it sits on? > > Another reason is if both the ND RA and DHCPv6 send prefix length's what > if the information from two sources is different? One can fat-finger a > DHCPv6 server configuration or the router IPv6 ND RA configuration. Who > wins? One can also fat-finger a default route or "reload in 1 ; wr erase" too. Just because someone can poorly manage their network doesn't mean you should be advocating it. I'm not sure I see any operational "win" here. If you step outside the CMTS world, you typically have better defined subnets/masks on devices running IOS/XR/XE/JunOS/JunOS-E/NxOS even when the device is acting as a DHCP server doing ND RA (vs lots of diverse subnets coming in; biz vs consumer vs voip). It seems there is only nominal value to your CMTS example, and the problems of additional code complexity on devices where it's not necessary elsewhere in a providers network (eg: a core router with well defined subnets which are not moving targets w/ radius et al). - Jared -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
