From: George Walker <georgewalkeriv@gmail.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: "Toke Høiland-Jørgensen" <toke@toke.dk>,
"Juliusz Chroboczek" <jch@irif.fr>,
"WireGuard mailing list" <wireguard@lists.zx2c4.com>,
"Dave Täht" <dave@taht.net>
Subject: Re: [RFC] Multicast and IPv6 Link Local Addresses
Date: Sat, 8 Apr 2017 11:44:21 -0400 [thread overview]
Message-ID: <907F3B78-F081-4CE9-A689-6B87285FBF80@gmail.com> (raw)
In-Reply-To: <CAHmME9oxt=x3tJ5wHitGGjD1yLGweQ4ed3aNv+0Cv9bvPUXDDg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3046 bytes --]
> If I understand correctly
You do.
> I find that a very nice UI
> solution. Wonderful.
Thanks! Thinking about it definitely got me excited about what I could do with a secure multicast-capable network overlay...
Sent from my iPhone
> On Apr 7, 2017, at 4:42 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> Hey George,
>
> More excellent feedback, thanks. Be sure to CC the list next time though.
>
> If I understand correctly, your suggestion is to not clutter
> everything with a horrible "multi:" prefix, but instead allow
> multicast addressees, which are well defined, to be added to multiple
> peers, and only allow unicast addresses to be added to one peer at a
> time keeping the current behavior. I find that a very nice UI
> solution. Wonderful.
>
> Jason
>
>> On Fri, Apr 7, 2017 at 6:02 PM, George Walker <georgewalkeriv@gmail.com> wrote:
>> Cons:
>> - A bit too magical.
>> - Seems to break paradigm.
>>
>>
>> Another is scalability --the computational and network overhead associated
>> with making every peer irrevocably a member of every multicast group.
>> Sending all multicast messages to all peers eliminates much of the benefit
>> of having more than one multicast address. That could mean a lot of
>> unnecessary handshakes! I can imagine applications for which this behavior
>> would make (accidental or malicious) DoS very easy.
>>
>> If you only have a lab-scale deployment and generous bandwidth, of course
>> receive-side filtering is fine. But Wireguard's performance and general
>> utility would suggest that some will want big far-flung networks that may
>> well have need for lots of multicast groups (e.g. industrial IoT), while not
>> being able to afford to broadcast everything to everyone.
>>
>> Thus, there'd have to be
>> some explicit way of telling it, "yes I really do want this to be
>> duplicated, not moved". Perhaps a "multi:" prefix?
>>
>>
>> I respectfully disagree concerning the necessity to add special, ugly,
>> inconsistent UI for the multicast-as-multicast (instead of
>> multicast-as-broadcast) approach. Multicast address ranges are well-known,
>> specified in RFCs. That they behave a little bit differently from unicast
>> addresses is expected behavior. Most of us ignore them and don't use those
>> ranges most or all of the time, which works fine. Thus Multicast support
>> (e.g. in routers) doesn't generally interfere with the actual vs. expected
>> behavior of the unicast traffic most people use most of the time.
>>
>> Anyone who is diddling with networking at this level already knows how to
>> avoid multicast IPs when they intend unicast (whether they know they do or
>> not).
>>
>> It doesn't seem problematic for a layer 3 VPN to treat adding a unicast
>> address when such an address is already an allowedIP as different from
>> adding a multicast address (moving in the first case, adding in the second).
>> It sounds to me like doing the right (intuitive) thing in each case.
[-- Attachment #2: Type: text/html, Size: 5938 bytes --]
next prev parent reply other threads:[~2017-04-08 15:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-07 14:02 Jason A. Donenfeld
2017-04-07 14:31 ` Jason A. Donenfeld
[not found] ` <03B23E99-75C4-4598-AC0A-3C65F346675F@gmail.com>
2017-04-07 20:42 ` Jason A. Donenfeld
2017-04-08 12:43 ` Toke Høiland-Jørgensen
2017-04-08 15:44 ` George Walker [this message]
2017-04-08 9:39 ` Dan Lüdtke
2017-04-08 17:15 ` Juliusz Chroboczek
2017-04-08 19:05 ` Juliusz Chroboczek
2017-04-17 14:11 ` Baptiste Jonglez
2017-04-17 16:55 ` Toke Høiland-Jørgensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=907F3B78-F081-4CE9-A689-6B87285FBF80@gmail.com \
--to=georgewalkeriv@gmail.com \
--cc=Jason@zx2c4.com \
--cc=dave@taht.net \
--cc=jch@irif.fr \
--cc=toke@toke.dk \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).