To:
mohta@necom830.hpcl.titech.ac.jp (Masataka Ohta)
Cc:
bmanning@karoshi.com (bill), Alain.Durand@Sun.COM (Alain Durand), itojun@iijlab.net, dnsop@cafax.se
From:
bill <bmanning@karoshi.com>
Date:
Wed, 12 Nov 2003 11:47:26 -0800 (PST)
In-Reply-To:
<3FB26842.5080909@necom830.hpcl.titech.ac.jp> from "Masataka Ohta" at Nov 13, 2003 02:05:06 AM
Sender:
owner-dnsop@cafax.se
Subject:
Re: well-known addresses / was DNS discovery
> > bill; > > > to reiterate my concerns expressed at the mic yesterday, > > Thank you very much. > > > Ohta-san, would you be comfortable with 200,000,000 devices > > being shipped with the IP address 131.112.32.188 (the address > > of one of your organizations nameservers) being burned into > > eeprom? > > I will be comfortable with 200,000,000 devices being shipped > with the IP address 127.0.0.1 (an anycast address) being burned > into eeprom, which was the point of my comment to you, yesterday. so would i, but for perhaps distinctly divergent reasons. :) > I'll be fine if 127.0.0.1 is replaced by some anycast address, > as long as certain address range (say /24 in the C swamp or > /16 in class B) of the address is not used by anyone. and that can -NOT- be assured, hence the danger of promoting the use of well known addresses. > > > disclaimers about restricting, by IETF fiat, well known addresses > > to special IP ranges will -NOT- work in the real world. > > I'm not sure what you mean. > > Each well know addresses may have its own range to protect against > route filtering and there is no requirement of mine that > the addresses are restricted to special IP range. one can not ensure all parties that do routing will respect the IETF concerns regarding routing restrictions. A quick look at the prohibitions of using RFC 1918 space in the Internet adn the empirical evidence of thier leakage (AS112 project) are a powerful incentive to protocol designers that operators take prohibitions as suggestions at best. that said, all addresses are potentially "well-known". > > If you are willing to commit your enterprise to absorb 0.1% > > of the total packets generated by 200,000,000 devices, then > > perhaps I will be persuaded that use of well-known addresses > > is an operationally acceptable technique. > > 200,000 devices are not for usual enterprises (or universities) > but for ISPs of medium scale. missed an order of magnitude there. presuming a vendor picks the "well-known" address that your enterprise uses and burns it into eproms (e.g. the recent netgear episode) and ships them -worldwide- then all those devices will try and use your service - since it has your well known address hard coded. UoW NTP IP service was burned into a vendors hardware, saturating the incoming network links to the university and the university network itself. > But, I know an ISP, internal of which I know well, with >3,000,000 > subscribers is operating DNS servers for all the subscribers. > > So, what is the problem? excessive traffic from non-customers. > > Yes, I know we do it now and it reduces the level of effort > > in getting new features deployed, but in -EVERY- case, the > > use of well known addresses has caused problems. > > I think I have shown a solution on the problem on root server > addresses with anycast addresses and AS numbers. and there are significant long-term problems with that approach, such as content coherence and route hijacking. > If there are other cases, let me know so that I can try to use > anycast approach for the problems. > > Masataka Ohta --bill #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.