[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt

To: Mikael Abrahamsson <swmike@swm.pp.se>
Subject: Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
Date: Sun, 10 Jan 2010 10:08:58 +1030
Cc: IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <alpine.DEB.1.10.1001091427520.15329@uplift.swm.pp.se>
References: <20091218104501.538103A6782@core3.amsl.com> <8BB9490E-B674-4D45-971A-3D25AC455B10@cisco.com> <20091219163604.0bc27ad9@opy.nosense.org> <0ACAAC20-3F15-47FA-8E44-9E58BA67CB29@cisco.com> <E1829B60731D1740BB7A0626B4FAF0A6467F04AC66@XCH-NW-01V.nw.nos.boeing.com> <20100109231828.21da6fd8@opy.nosense.org> <alpine.DEB.1.10.1001091427520.15329@uplift.swm.pp.se>

Hi Mikael,

On Sat, 9 Jan 2010 16:16:10 +0100 (CET)
Mikael Abrahamsson <swmike@swm.pp.se> wrote:

> On Sat, 9 Jan 2010, Mark Smith wrote:
> 
> >> Why can't a CPE router send unicast RAs to other CPE
> >> routers as long as they are not malicious and do not
> >> in any way conflict with the RAs sent by SP routers?
> >
> > I think on some networks that could have multicast traffic volume
> > related scaling issues. It's quite possible to build single Ethernet
> > link layers using DSL that have 100s or 1000s of CPE attached. It also
> > seems a bit redundant to have the CPEs fully aware of all their
> > neighbours' downstream prefixes, yet be unlikely to use those routes
> > very often.
> 
> I think no ISP will ever build a network that allows for local routing 
> like that (at least not intentionally).

Up until the end of November I worked at one, and I would have like to
have built something like this.

In this ADSL scenario, geographic layer 2 customer aggregation points
weren't always layer 3 traffic aggregation points. It's a trade off
between a larger number of smaller layer 3 devices, one or two at each
layer 2 geographic site, or a more centralised and offsite layer 3
infrastructure, handling traffic for multiple layer 2 geographic sites.
How many layer 2 sites you aggregate together for layer 3 services is
determined by the geography of your customer base, how many and the
size of the layer 3 devices you want to operate and the costs of
backhaul bandwidth between the layer 2 sites and the chosen layer 3
aggregation site. In this scenario, backhauling all inter-customer
traffic to a more central locations where the layer 3 infrastructure
was located, even though customers were local layer 2 peers seems
redundant to me. 

The fundamental difference here verses what's been built in the past
with IPv4 is that with the IPv6 addressing model of allocating
relatively large prefixes to SP customers, and IPv6's multicast
neighbour discovery (i.e. more scalable than IPv4's broadcast address
based resolution), there are scenarios where 100s if not 1000s of
routers may be link layer peers. The cost difference between layer 2
forwarding and layer 3 forwarding also encourages minimising the layer
3 resources.

In the IPv4+NAT world, while the CPE were routers, the prefixes behind
them weren't unique so it fundamentally wasn't possible to have the CPE
or the SP routers make local and more intelligent forwarding decisions.
Now that IPv6 will provide customer unique prefixes, the locations
behind the customer CPE are now externally visible and therefore could
be used for more optimal and less resource consuming traffic
forwarding. Optimal traffic paths provide better quality of service to
customers, and less resource consuming traffic forwarding provides
lower costs to service providers.

> So far ISPs do not want customers 
> to talk L2 directly with each other, but instead want to do the routing 
> between customers (mostly for security reasons).

"security reasons" is a nice generic term, but it doesn't really
explain anything. What specific "security reasons"? What if an ISP
doesn't want to provide "security", and would rather just be a dumb bit
pipe for their customers?

I also think it may not be that ISPs haven't wanted their customers to
talk L2 directly with each other, it think it's probably because they
haven't been able to. They've had legacy PPPoE infrastructures which
force hair pinning of traffic between layer 2 adjacent customer, or the
nature of the link layer technology, e.g. cable or ATM, hair pins the
traffic anyway and may not support simple link layer peer-to-peer
traffic exchange, without something like NHRP or setting up switched
virtual circuits.

> I therefore think it's a 
> moot point to try to drive any standard that by a lot of security measures 
> tries to solve this in the CPE. It just won't be deployed because of its 
> complexity.

If a generic "complexity" argument is going to be used, then I'd argue
that a prefix-redirect mechanism is much much simpler than PPPoE, PPP or
DHCP. Single packet format, simple processing. It's not really any more
complex that host-redirects and they're not complicated.

Regards,
Mark.

Follow-Ups:
- Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
  - From: Mikael Abrahamsson <swmike@swm.pp.se>

References:
- Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
  - From: Ole Troan <ot@cisco.com>
- RE: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
- Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
  - From: Mikael Abrahamsson <swmike@swm.pp.se>

Prev by Date: Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
Next by Date: Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
Previous by thread: Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
Next by thread: Re: I-D Action:draft-ietf-v6ops-ipv6-cpe-router-03.txt
Index(es):
- Date
- Thread