On Mar 26, 2009, at 17:35, Christian Huitema wrote:
It can get even worse is Carol is served by Dan and Danny. In the
worse case, we get something like:
[...]
5) Alice sends a SYN-ACK to Carol-via-Danny. It gets routed through
Bob, due to local preferences at Alice's network.
6) Tough luck, uh..
My preferred approach to the 6AI problem, i.e. combining source
routing with route recording, does not seem to have this problem. Let
me describe how Christian's scenario works in a 6AI network as I would
envision it (where Bob, Bobby, Dan and Danny are not translators, but
instead routers that process shims accordingly):
1) Carol sends an unshimmed SYN to Bob's mapped address for Alice. It
gets routed through Dan, because of local preferences at Carol's
network. On the way out of Carol's network, it arrives at Bob with
Dan's mapped source address for Carol. Bob pushes its interior
address into a route-recording shim and forwards to Alice.
2) Alice receives the shimmed SYN, copies the recorded interior
address for Bob into the TCP control structure, sends a SYN-ACK to
Dan's mapped address for Carol with a source routing shim specifying
Bob's interior address. It gets routed back through Bob, despite local
preferences for non-source-routed flows at Alice's network for Dan's
address being to go out through Bobby.
3) Bob processes the source-routing shim from the SYN-ACK and forwards
to Dan's mapped address for Carol, where the packet is forwarded after
verifying that it matches the previously sent outbound SYN packet.
4) Dan does the same thing with the SYN-ACK that Bob did for the SYN
and forwards to Carol. Carol learns that a source route is
appropriate for fixing the bidirectional path to Alice, copies the
interior address for Dan into its TCP control structure, and uses the
source-routing shim going forward with the session.
5) Epic connectivity fail avoided.
Naturally, we would need to design the shims so that multiple 6AI
domains can be nested within one another. That means source-route and
route-recording shims must each comprise multiple addresses in their
paths.
Note: if outbound source-routing shim processing is defined to allow
its *removal* when the source route is complete, then it's possible
that sites using a mechanism like this need not even be aware that
correspondent sites are using it.
--
james woodyatt <[email protected]>
member of technical staff, communications engineering
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
