Re: Thoughts on address selection

To: Fred Baker <fred at cisco.com>
Subject: Re: Thoughts on address selection
From: Arifumi Matsumoto <arifumi at nttv6.net>
Date: Wed, 18 Nov 2009 19:22:46 +0900
Cc: draft-ietf-6man-addr-select-sol at tools.ietf.org, draft-ietf-6man-addr-select-considerations at tools.ietf.org, IETF IPv6 Mailing List <ipv6 at ietf.org>, Mohacsi Janos <mohacsi at niif.hu>, draft-arifumi-6man-addr-select-conflict at tools.ietf.org
Delivered-to: ipv6 at core3.amsl.com
In-reply-to: <62B2E1A8-B367-43B6-9C1C-CFCD819950D0 at cisco.com>
List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
References: <F25A2D83-2504-4354-90BB-4CD2B0D3D743 at cisco.com> <BB56240F3A190F469C52A57138047A030387A09C at xmb-rtp-211.amer.cisco.com> <alpine.BSF.2.00.0911101724110.4034 at mignon.ki.iif.hu> <4553CA36-9AF3-427C-BA03-1B9CDF487C32 at cisco.com> <40B8A36C-A018-48DF-9D6A-E940E1A2E92B at nttv6.net> <62B2E1A8-B367-43B6-9C1C-CFCD819950D0 at cisco.com>

On 2009/11/18, at 18:46, Fred Baker wrote:

On Nov 18, 2009, at 6:22 PM, Arifumi Matsumoto wrote:
I guess that is because if you force to try all the pairs, itperfectly
ignores the address selection manner defined in RFC 3484, and thus,
it gives us not little impact.
If they space them closely and run them in parallel, I guess I don'tsee the impact. Imagine you have five addresses and your peer hasfive addresses, so there are 25 pairs. Imagine you are spacing theSYNs 10 ms apart. Imagine that the only pair that works is the lastone you try. worst case, you find out 2.5 seconds plus one RTT whichwill work. If you cache the result, that only happens once, and ifyou don't, how does that compare to the current model in which youpick one address pair by some algorithm and wait for a TCP timeoutbefore trying another?



If the packets go through, the servers are going to be flooded.
If the packets are filtered at ingress filterings, site administrators
are going to be flooded :)

Also, I guess too many error packets and following error messages that
have to be generated should not be desirable.

--
Arifumi Matsumoto
  Secure Communication Project
  NTT Information Sharing Platform Laboratories
  E-mail: arifumi at nttv6.net

References:
- Thoughts on address selection
  - From: Fred Baker
- RE: Thoughts on address selection
  - From: Wes Beebee (wbeebee)
- RE: Thoughts on address selection
  - From: Mohacsi Janos
- Re: Thoughts on address selection
  - From: Fred Baker
- Re: Thoughts on address selection
  - From: Arifumi Matsumoto
- Re: Thoughts on address selection
  - From: Fred Baker

Prev by Date: Re: Thoughts on address selection
Next by Date: Re: Thoughts on address selection
Previous by thread: Re: Thoughts on address selection
Next by thread: Re: Thoughts on address selection
Index(es):
- Date
- Thread

Re: Thoughts on address selection

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.