[IPP] RFC: Link local addresses in URIs, addition for IPP Everywhere

[IPP] RFC: Link local addresses in URIs, addition for IPP Everywhere

Randy Turner rturner at amalfisystems.com
Fri May 11 16:43:25 UTC 2012


Hi Mike,

Good discussion.

The VPN-name vs. LAN-name situation is normally cleared up by 2-headed DNS, which most companies employ all the time -- that's not a problem we need to solve.  Like all service configurations, administratives have to "do the right thing" when they configure their servers.  "printer.foo.com" when resolved internally would map to the LAN IP, when "printer.foo.com" is resolved externally, it maps to some other IP that is exposed through the firewall.

I think my earlier statement regarding service "visibility" covers any possible client/server scenario, if we wanted to reuse that language in some fashion.

I agree with the recommendation about not using literal IP addresses in URIs,  especially with IPv6, since that's a bit messy.  That's probably a SHOULD NOT USE type of recommendation.

While it may be possible for a device to advertise multiple URIs for both the principal service, and other URIs (identifying different physical servers) for associated resources, I hope this is the exception and not the rule -- in fact, I would say we need a recommendation that says IPP Everywhere deployments SHOULD NOT use disseparate servers -- it makes the overall aggregate "uptime" for the service questionable, and creates potentially complicated policies for defaults if/when these associates resources are (for some reason) not available.

R.

On May 11, 2012, at 8:31 AM, Michael Sweet wrote:

> Randy,
> 
> On May 10, 2012, at 10:22 PM, Randy Turner <rturner at amalfisystems.com> wrote:
>> 
>> Ok, so you're surfacing an issue that is pretty common in a client-server scenario:  a "service" should always advertise a contact point that is resolvable(name) and reachable(address) by any and all potential clients of the service.  Which, to your point, is an important concept.
> 
> However, it is very common for printers to be reachable by multiple names and addresses. For example, "foo.example.com" may resolve to an external address for VPN users while "foo.local" resolves to an internal address for local users.  If you attempt to connect to "foo.example.com" from the internal network you'll typically get a "no route to host" error when you connect.
> 
> Also, domains are often used as different security domains (think Active Directory...) which have similar routing issues as well as any additional access control that might be involved.
> 
> My recommendation is simply there to address the resource lookups *after* discovery - most discovery protocols will give you a current address, port, and resource path for the IPP print service, but not for the supporting resources (localization file, icons, profiles, etc.) that can be queried.  And those resources don't have to be printer resident so a client can't make any assumptions about the values returned by the printer!
> 
>> ...
>> By the way, in your earlier #2 proposal, there was text that said "...SHOULD NOT transfer/provide URI values using numeric addresses obtained via DHCP or other auto-configuration protocols."
>> 
>> I don't think is correct -- we want to be able to use IPv6 literal addresses that are global in scope, or it would seem like we would want to -- and global-scope IPv6 addresses can be autoconfigured via DHCP or SLAAC.
> 
> Yes we want to be able to use them, but both the IPP URI scheme and pending IPPS URI scheme recommend against it (per IETF policy) and DHCP addresses are almost always TEMPORARY.  You don't want to make a long-term binding to a numeric address, particularly in a mobile environment.
> 
> 
> __________________________________________________
> Michael Sweet, Senior Printing System Engineer, PWG Chair
> 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20120511/aff18b38/attachment-0001.html>


More information about the ipp mailing list