> As for multihoming, do you have a proof-of-concept proposal > other than PI/BGP4+, LISP or SHIM6? Because we've been looking > for ten or fifteen years.
Host multi-homing works today, for some definition of work. Many PC have multiple interfaces, multiple addresses, and use them reasonably well. One thing does not work: TCP connections will not automatically migrate from a failing interface to the next. But even then, applications connections can survive if the application just retries. Many applications do that, e.g. email clients, IM clients. I use some of them every day. What does not work so well is site multi-homing, especially if we attempt to combine multi-homing and egress filtering, or even worse if we attempt to combine both with stateful edge firewalls. In a multi-homed site, these combinations can only work if the routing is somewhat symmetric, if the two directions of traffic go through the same edge device. My point is that if we want site multi-homing, we cannot do without engineering this routing symmetry. If we leave it to chance, then future network administrators will observe maddening failure modes, and we will have done them a great disservice. Just sticking NAT devices at various network edges is, for me, equivalent to leaving it to chance. I believe the simplest engineering will be some form of tunneling, where internal hosts can point a packet to a specific exit point. There may well be different solutions, e.g. some forms of source-address dependent routing combined with innovative variants of the neighbor discovery protocol. But tunneling appears simpler to understand and easier to engineer. Of course, if we implement tunneling, we do not actually need address translation. But I believe we will need tunneling for multi-homing even if we did use address translation. -- Christian Huitema _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
