shim6 @ NANOG (forwarded note from John Payne)
stephen at sprunk.org
Thu Mar 2 10:09:24 UTC 2006
Thus spake "Joe Abley" <jabley at isc.org>
> On 1-Mar-2006, at 11:55, David Barak wrote:
>> It isn't fearing change to ask the question "it's not
>> broken today, why should I fix it?"
> What's broken today is that there's no mechanism available for people who
> don't qualify for v6 PI space to multi-home. That's what shim6 is trying
> to fix.
Shim6 is an answer to "what kind of multihoming can we offer to sites
without PI space?"; it is yet to be seen if anyone cares about the answer to
The question that folks with money are asking is "how do I ensure that any
random user can get reliable access to my website", and that's a question
that the IETF is, in general, uninterested in.
> However, it's not hard to find examples in today's v4 Internet where
> reconvergence following a re-homing event can take 30 to 60 seconds to
> occur. In the case where such an event includes some interface flapping,
> it's not that uncommon to see paths suppressed due to dampening for 20-30
That may be acceptable compared to the general limitations of PA space.
Folks have learned to deal with the limitations of BGP-based redundancy;
asking them to give those benefits up without substantially greater benefits
> I would expect (in some future, hypothetical implementation of shim6)
> that the default failure detection timers to start rotating through the
> locator set far sooner than 30-60 seconds.
If we ever see shim6 (or its equivalent) widely deployed... So far, we
don't even have simple IPv6 on even a noticeable fraction of end nodes.
Any solution which requires upgrading all the end nodes is a non-starter,
and the IETF needs to wake up to that fact. It's taken over a _decade_ for
simple IPv6 to make it into host stacks, and it's still not viable yet. No
host-dependent upgrade will matter to the Internet over the long run.
> No; maintain one address per PA netblock on each host.
And so, if I have 6 upstream providers, every one of my hosts has to keep
track of the outbound policy I want for each? How exactly am I supposed to
keep track of that? Even the outbound policy for a single host (aka
firewall) is beyond most organizations' capabilities today...
Why is it even remotely rational that a corporate admin trust 100k+ hosts
infested with worms, virii, spam, malware, etc. to handle multihoming
decisions? Especially when we don't even have a sample of working code
today? I don't even trust the <5 PCs I have at home to make those kind of
decisions, much less every PC in my corporate network...
> There's a vast difference in impact on the state held in the core between
> deaggregating towards direct peers, and deaggregating towards transit
> providers and having the deaggregated swamp propagated globally.
Obviously, folks differ in their definition of "swamp".
I'd love a world where $large orgs could connect to N providers and not have
to figure out the vagaries of BGP, but the reality is that if a large
customer depends on the Internet for their financial health connectivity,
the only answer today (with either v4 or v6) is PI space.
Now, some may take that as a sign the IETF needs to figure out how to handle
10^6 BGP prefixes... I'm not sure we'll be there for a few years with IPv6,
but sooner or later we will, and someone needs to figure out what the
Internet is going to look like at that point. If the IETF isn't interested,
some group of vendors will, if for no other reason than that's what will be
needed for the vendors to sell routers in a few years. Is it any surprise
that $vendor is pushing how many millions of routes they can handle in the
IPv6 is just a convenient placeholder for all the problems that today's ISPs
are ignoring about today's Internet.
Stephen Sprunk "Stupid people surround themselves with smart
CCIE #3723 people. Smart people surround themselves with
K5SSS smart people who disagree with them." --Aaron Sorkin
More information about the NANOG