El 13/04/2007, a las 6:27, Dino Farinacci escribió:
so are you envisioning an hybrid system that has both the push and pull models? In such scheme there would be these mesh of high level routers that exchange the whole loc id mapping database and then smaller routers that use the pull model to query these high level routers?
Yes, I think something like that.
the new protocol would then run between these high level routers, is that it?
Yes, which will be trusted. As well as having a registration procedure that is pub/priv key protected for the ETRs to register EID-to-RLOC mappings.
So are you using a trust model that is based on a closed set of participants that trust each other rather than a mean to certify that the actual information about binding is correct?
Yes.
I think we have a good demarcation design where the LISP-00 ID can use various means to obtain the mappings. I can see any or all of the following:
o Static
i don't think we should preclude this one, but i don't think it is general enough to solve our problems (i would leave it as a corner case for testing and exceptions)
May be adequate in TE-ITRs.
agree
o ICMP
My take on this one is that much needs to change from its current form to be secured. In particular you will need a few more message exchange to achieve this.
I realize that. That we can fix. Not worried about it too much.
Besides, you need a valid ID to locator mapping (with at least one working locator) to actually send the initial request, so this needs to be complemented with an additional mechanism. In LISP 1, the mechanism is the identity, since the identifier is also a valid locator.
I don't understand your point here.
o DNS
not sure what do you mean here...
the DNS as used in HIP? i.e. using the DNS to obtain both the identifier and the locator set associated to a fqdn
or the DNS system to retrieve identifier to locator mapping, like for instance using ULAs as identifiers and using the DNS reverse tree entry for the ULA for retrieving the locators associated with this identifier?
The way we have been talking about it. Using DNS store mappings.
the DNS as a generic protocol independent of the current DNS system to make a directory service for retrieving Id to locator mapping?
Right.
In any case, in order to answer this question, i guess that an important previous question is how do you think the identifier namespace will be? I mean, it seems that DNS type of approach will not scale to support an 128 bit unstrucutred identifier namespace. OTOH, if you are thinking of using ULAs or PI addresses as identifier, then this may work
What will? 128-bits is a lot of addresses. Shouldn't even try.
o Push-only o Push-n-pull
i like your argument that it is good not to require every ITR to have the full database, even in a push model. I think we should continue exploring this solution space
Okay, sounds good.
o Pull with new database
again, i think this is closely related with the characteristics of the identifier namespace. If we have an existnet protocol like the DNS that can provide this feature, i don't see the need for this.
How you pull and what you pull don't have to be related. I personally like prefixes where the size of the prefix is based on the number of systems you need assign IDs to.
regards, marcelo
_______________________________________________ RAM mailing list RAM at iab.org https://www1.ietf.org/mailman/listinfo/ram