[net-next] IPv6: enable TCP to use an anycast address

- Use ipv6_anycast_destination() in tcp_v6_send_reset() and
  tcp_v6_conn_request().

Signed-off-by: Francois-Xavier Le Bail <fx.lebail@yahoo.com>
---
Tested with link-local and global anycast addresses.
Tested with SOCK_STREAM socket, bind and TCP traffic OK.

 net/ipv6/tcp_ipv6.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Hello!

I am just curious: since when is TCP allowed to use anycast addresses?

Alexey Kuznetsov
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On Sat, 1/11/14, Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> wrote:

> Hello!

> I am just curious: since when is TCP allowed to use anycast addresses?

As said in http://tools.ietf.org/html/draft-iab-anycast-arch-implications-12.html#section-2.1
(this informational draft is in RCF queue)

"  No firm conclusion was reached regarding
   use of TCP with anycasted services, but it was observed that
   anycasting was useful for DNS, although it did introduce some new
   complexities."

For this works, there is need for appropriate routing (BGP, ...).

Many DNS root-servers use TCP with anycast (IPv4 and IPV6).

see : http://tools.ietf.org/html/draft-jabley-dnsop-anycast-mapping-04#section-4

"   L-Root service is provided using a single IPv4 address (199.7.83.42)
   and a single IPv6 address (2001:500:3::42).  It should be noted that
   it is preferable to refer to the service using its DNS name (L.ROOT-
   SERVERS.NET) rather than literal addresses, since addresses can
   change from time to time."

François-Xavier Le Bail
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Hello!

On Sat, Jan 11, 2014 at 5:06 PM, François-Xavier Le Bail
<fx.lebail@yahoo.com> wrote:
> Many DNS root-servers use TCP with anycast (IPv4 and IPV6).
>
> see : http://tools.ietf.org/html/draft-jabley-dnsop-anycast-mapping-04#section-4
>
> "   L-Root service is provided using a single IPv4 address (199.7.83.42)
>    and a single IPv6 address (2001:500:3::42).  It should be noted that
>    it is preferable to refer to the service using its DNS name (L.ROOT-
>    SERVERS.NET) rather than literal addresses, since addresses can
>    change from time to time."

Is this all? It looks like this implies routing by deep packet inspection,
fetching some creepy node identification options from inside DNS payload
(not written directly, but  implied). This smells funky.

Actually, I was alerted by reset processing in your patch, it cannot be right.

Do not you think this must not be enabled for common use? At least
some separate sysctl disabled by default.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On 11/01/14 - 05:06:10, François-Xavier Le Bail wrote:
> On Sat, 1/11/14, Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> wrote:
> As said in http://tools.ietf.org/html/draft-iab-anycast-arch-implications-12.html#section-2.1
> (this informational draft is in RCF queue)

This draft does not say that TCP should be used with anycast
addresses. Rather the opposite:

"  This document does not treat in any depth
   the fact that there are deployed services with TCP transport using
   anycast today.  Evidence exists to suggest that such practice is not
   "safe" in the traditional and architectural sense (as described in
   Section 4.2). "

And Section 4.2 gives more information.
http://tools.ietf.org/html/draft-iab-anycast-arch-implications-12.html#section-4.2


Christoph

> 
> "  No firm conclusion was reached regarding
>    use of TCP with anycasted services, but it was observed that
>    anycasting was useful for DNS, although it did introduce some new
>    complexities."
> 
> For this works, there is need for appropriate routing (BGP, ...).
> 
> Many DNS root-servers use TCP with anycast (IPv4 and IPV6).
> 
> see : http://tools.ietf.org/html/draft-jabley-dnsop-anycast-mapping-04#section-4
> 
> "   L-Root service is provided using a single IPv4 address (199.7.83.42)
>    and a single IPv6 address (2001:500:3::42).  It should be noted that
>    it is preferable to refer to the service using its DNS name (L.ROOT-
>    SERVERS.NET) rather than literal addresses, since addresses can
>    change from time to time."
> 
> François-Xavier Le Bail
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On Sat, 1/11/14, Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> wrote:

Hello,

> Actually, I was alerted by reset processing in your patch, it cannot be right.

Did I miss something, please explain why there is an error.

> Do not you think this must not be enabled for common use? At least
> some separate sysctl disabled by default.

Why not ? But if a patch can enable anycast case without break "normal" usage,
I think we can enable this by default. Those who don't need anycast will not use it.


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Hi!

On Sat, Jan 11, 2014 at 05:38:27PM +0400, Alexey Kuznetsov wrote:
> On Sat, Jan 11, 2014 at 5:06 PM, François-Xavier Le Bail
> <fx.lebail@yahoo.com> wrote:
> > Many DNS root-servers use TCP with anycast (IPv4 and IPV6).
> >
> > see : http://tools.ietf.org/html/draft-jabley-dnsop-anycast-mapping-04#section-4
> >
> > "   L-Root service is provided using a single IPv4 address (199.7.83.42)
> >    and a single IPv6 address (2001:500:3::42).  It should be noted that
> >    it is preferable to refer to the service using its DNS name (L.ROOT-
> >    SERVERS.NET) rather than literal addresses, since addresses can
> >    change from time to time."
> 
> Is this all? It looks like this implies routing by deep packet inspection,
> fetching some creepy node identification options from inside DNS payload
> (not written directly, but  implied). This smells funky.
> 
> Actually, I was alerted by reset processing in your patch, it cannot be right.
> 
> Do not you think this must not be enabled for common use? At least
> some separate sysctl disabled by default.

RFC 4291 - IP Version 6 Addressing Architecture started to allow the use of
anycast addresses as source addresses.

This would be great to have DNS servers listening on them but they need to
respond to both, UDP and TCP.

The idea I had, was, that if a socket does knowingly bind to an anycast
address, it is allowed to do so and process queries on it with both TCP and
UDP. I don't think we need a sysctl for that? Anycast addresses are either
pre-defined (e.g. the subnet router anycast address) or specified by a flag
when the administrator adds one. Currently one can only add anycast addresses
either by forwarding and gets the per-subnet anycast address or with a
setsockopt IPV6_JOIN_ANYCAST.

So the problem is what should be allowed when the socket listens on an any
address? Maybe this should be protected by a sysctl?

Greetings,

  Hannes

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html