[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Is multihoming hard? [was: DNS amplification]

On 2013-03-20, at 10:55, Seth Mattinen <sethm at rollernet.us> wrote:

> On 3/20/13 6:25 AM, Owen DeLong wrote:
>>> I don't know a single ISP that wants to throttle growth by not accepting additional customers, BGP speaking or not. (I do know several that want to throttle growth through not upgrading their links because they have a captive audience they are trying to ransom. But that is neither relevant to this discussion, not controversial - unless you are paid by one of those ISPs?.)
>> Comcast
>> Verizon
>> AT&T
>> Time Warner Cable
>> Cox
>> CenturyLink
>> to name a few.
>> Not one of them will run BGP with a residential subscriber.
> Based on the average clue of your average residential subscriber (anyone
> here need not apply) I'd say that's a good thing.

In practice, it seems to me that the way people multi-home these days for client-filled networks is:

1. Number everything internally using private-use addresses
2. Use one NAT per upstream
3. Send your outbound flows through whichever NAT seems appropriate

There seem to be no shortage of SMB appliances that will take care of this for you without you having to understand anything. The phrase that seems to be used when describing these routers is "dual WAN".


It's trivial to configure this kind of thing on more general-purpose gear too, obviously, but that requires Actual Knowledge of How Things Work whereas these products aim to get things running without any of that.

This style of multi-homing is invisible from the perspective of the routing system. Obviously this doesn't work nicely for inbound connections, but the fact that people do it anyway suggests that isn't a deal-killer (presumably every server that needs to accept an inbound connection these days lives elsewhere, in someone's cloud).

I'm not suggesting this is good architecture, but it happens. Even if BGP on res-grade internet access products was trivially available, I can see this kind of NAT hack being more popular.

I think it's incorrect to insist that the Network doesn't support pervasive end-site multi-homing when it's clear that people are doing it anyway.