Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Draft ipv6 peering #901

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Draft ipv6 peering #901

wants to merge 2 commits into from

Conversation

furkansahin
Copy link
Contributor

just to try

@fdr
Copy link
Collaborator

fdr commented Nov 17, 2023
edited

Intriguing prototype, yes. Nice to know an important part of it comes with some terseness.

My next questions would be:

  • Ugh IPv4. we'll need it, but it'd be nice to let simple things remain simple for people are okay unistacking their peering in IPv6.

  • A premature idea: it would even be nice to allow use of translation methods (e.g. NAT64) so that one side can remain unistacked on IPv6 and the other can be dual-stacked. There is userspace software to do this, but I'm sort of loathe to introduce it and the overhead for something avant-garde.

  • How ... or if... it's possible to make the relationship somewhat more symmetric. As in, can provider-peering be a special case of peering in general, where both sides want some firewall policies that protect them from the other bundled in, yet, perhaps are not too inflexible? In this way, customer relationships between networks could be symmetric with customer relationships with providers.

  • There's also DNS/hostname/zone delegation (you could call it "service discovery") issues that may be a correlated in use but is a orthogonal mechanism code-wise (e.g. how dnsmasq records are written)

@fdr
Copy link
Collaborator

fdr commented Nov 21, 2023
edited

Addendum on problems: there is a possibility of a difficult split between problems like Postgres (one machine, a handful of peers that need to talk to it) and a web service of some kind (a provider might have many, many, many peered subnets). What are our scalability limits on the latter? Do we need to handle them a different way? If the networks get merged per normal, a few customers with hundred-node subnets reflect back extremely hard on the provider side.

Without really affecting the dense-mesh approach (suitable for small subnet interactions, e.g. Postgres), we may need to introduce points of indirection for large subnet peering, that sit on large side(s) of the mesh, to reduce the number of peering computers. For example, if we selected three customer nodes in different data centers at random in the customer subnet, and used them as the peering contact points, where they would receive ipsec traffic destined for other lateral nodes in the subnet, and forwarded the packets there.

This is not a prescription, more a mental exploration of what our wiggle room is.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@furkansahin @fdr