single attach doc
Richard Fox <rfox@synoptics.com> Tue, 26 February 1991 01:35 UTC
Received: from merit.edu by NRI.NRI.Reston.VA.US id aa06659; 25 Feb 91 20:35 EST
Received: Mon, 25 Feb 91 20:34:04 EST from mvis2.synoptics.com by merit.edu (5.59/1.6)
Received: by mvis2.synoptics.com (5.61/2.1G) id AA08778; Mon, 25 Feb 91 17:33:59 -0800
Message-Id: <9102260133.AA08778@mvis2.synoptics.com>
Date: Mon, 25 Feb 1991 17:33:59 -0800
From: Richard Fox <rfox@synoptics.com>
To: fddi@merit.edu
Subject: single attach doc
Status: OR
A few IETF's ago there was some concern over allowing single attach stations to attach to the secondary ring. Basically it was pointed out that allowing single attached stations on both rings can break IP. At the last meeting James Reeves promised that we would post a document that attempted to solve the problem. Enclosed you will find a draft document that attempts to solve the problem without violating either IP or FDDI and makes use of the Extended ARP protocol developed by this working group. If you have any questions/concerns please forward them to me and we can either discuss this in St. Louis or via mail. If there are no major problems with this document then I will publish it as an informational RFC. thanks rich ----------- cut here ----------------------- Internet Draft Proxy IP Bridge 2/10/91 Definition of a Proxy IP Bridge for an FDDI Network 9/10/90 Richard Fox SynOptics Communications Inc. rfox@synoptics.com The FDDI[1,2] standard is dual counter rotating ring technology that allows stations to attach directly to both rings or to attach to a single ring through a concentrator. The standard does not place any limitations on which ring single attached stations must connect to. Thus, some stations may be connected on the primary ring only, while others are only on the secondary ring. Some configurations of an FDDI network topology are believed to break certain IP[3] network configurations by creating a discontiguous IP network where not all stations on the same IP subnet can communicate. This document will provide a solution that will allow any configuration of single attached stations to an FDDI ring such that IP integrity is maintained. The solution provided can be thought of as an IP extension of a MAC layer bridge connecting the two rings together or as an algorithm that is located on any dual MAC dual attached device. Also, the solution uses a mechanism called Extended ARP[4] which is an extension of the ARP[5] protocol to be used on technologies that allow dual attached stations to a network, such as FDDI. Distribution of this memo is unlimited. 1. Introduction The FDDI[1,2] standard is a dual counter rotating ring technology that allows stations to attach directly to both rings or to attach to a single ring through a concentrator. Richard Fox [Page 1] Internet Draft Proxy IP Bridge 2/10/91 The standard also allows both rings to be used for data traffic simultaneously, placing no limitations on which ring single attached stations must be connected to. Thus, the configuration pictured in figure 1 and figure 2 are both legal FDDI network configurations. Richard Fox [Page 2] Internet Draft Proxy IP Bridge 2/10/91 --------------- --------------- | | | | | | | | | Station A | | Station B | | | | | -------|------- -------|------- | | | | /-------------|-----------------------------|-------------\ | | | | | /---------------------------------------------\ | | | | | | | | | | | | | | | | | | | | | | | | | \|/ /|\ /|\ \/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | \------------------------|--------------------/ | | | | | | | \------------------------|-----|--------------------------/ | | | | | | ----|-----|---- | | | | | Station C | | | --------------- figure 1 Richard Fox [Page 3] Internet Draft Proxy IP Bridge 2/10/91 --------------- --------------- | | | | | | | | | Station A | | Station B | | | | | -------|------- -------|------- | | | | /-------------|-----------------------------|-------------\ | | | | | | | /-------------------------------------|-------\ | | | | | | | | | | | | | | | | | | | | | | | | | \|/ /|\ /|\ \|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | \------------------------|--------------------/ | | | | | | | \------------------------|-----|--------------------------/ | | | | | | ----|-----|---- | | | | | Station C | | | --------------- figure 2 Dual ring technologies that allow both rings to contain data Richard Fox [Page 4] Internet Draft Proxy IP Bridge 2/10/91 traffic simultaneously have many advantages. Three notable advantages of a dual ring technology like FDDI are load balancing, data aggregation, and transparent fault recovery. Load balancing allows traffic to be split among the two rings to meet some required optimization on the LAN. A common example of load balancing is to split traffic between the rings where one ring is used for high bandwidth requirements and the other ring is used for applications requiring good response time. For instance, one might restrict telnets[6] (good response time) to the primary ring and restrict ftps[7] (high bandwidth) to the secondary ring. Another example of load balancing is to put a companies accounting department on one ring and the engineering department on the other ring, with the dual MAC, dual attached stations being used by the executive management staff to oversee all company activities. Data aggregation is where a station takes full use of both rings to achieve a throughput greater than the 100 megabits of a single ring. For instance, two dual MAC, dual attached stations may set up an ftp where both rings are used to move the data in order to fully utilize the 200 megabits for a single file transfer. Transparent fault recovery is the ability of the network to reconfigure in the event of a hardware failure such that upper layer protocols continue to work without any outside intervention. In fact, the recovery should happen without the upper layer protocols even being aware that recovery is taking place. For instance when a station loses a MAC and the goes into wrap state, upper layer protocol connections should not break, but should continue to operate using a working MAC on the station. This feature is possible by the use of the Extended ARP solution. For upper layer protocols like TCP[8]/IP to take full advantage of these benefits, care must be taken to make sure that basic principles of the protocol are not broken by the configuration of the technology on the layer below. In IP, care must be taken to assure that the two FDDI rings do not fragment an IP subnet or cause an IP subnet to become discontiguous. Figure 3 shows an IP configuration mapped onto a legal FDDI network. In this example all stations belong to IP subnet X. However, with no bridge on the network, station A and station B cannot communicate, thus creating a Richard Fox [Page 5] Internet Draft Proxy IP Bridge 2/10/91 discontiguous IP subnet. In fact, it is this configuration of IP over FDDI that has caused many to advocate that all single attached devices, like A and B in figure 3, be connected to the primary ring only, as depicted in figure 1. --------------- --------------- | | | | | Station A | | Station B | | | | | | IP Subnet X | | IP Subnet X | -------|------- -------|------- | | | | /-------------|-----------------------------|-------------\ | | | | | | | /-------------------------------------|-------\ | | | | | | | | | | | | | | | | | | | | | | | | | \|/ /|\ /|\ \|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | \------------------------|--------------------/ | | | | | | | \------------------------|-----|--------------------------/ | | | | | | ----|-----|---- | | | Station C | | | | IP Subnet X | --------------- Richard Fox [Page 6] Internet Draft Proxy IP Bridge 2/10/91 figure 3 Providing a pure IEEE MAC layer bridge[13] between the two rings of an FDDI network solves the connectivity problem of IP. However, it does this by simulating an FDDI wrap condition (ie: combining the two rings into one ring), thus compromising the advantages that FDDI provides. While the advantages listed above may be possible, they can not be guaranteed. Instead, they depend on a number of events occurring in a certain sequence. As an example, assume that the goal is to achieve data aggregation so that two stations can communicate at 200 megabits/second. If the bridge has not learned[13] the MAC addresses of the two dual MAC dual attach stations it will forward all frames destined to these stations until the MACs are learned (read [13] for exact details). During this learning phase it is very likely that an Extended ARP[4] request from one ring will be bridged, or forwarded, to the other ring. This may cause the destination to cache the wrong source MAC address causing all frames sent between the two stations to be bridged, limiting the throughput to the forwarding rate of the bridge, with a maximum throughput rate of 100 megabits/second. This paper proposes an algorithm that allows any configuration of IP on an FDDI ring such that the three advantages of FDDI listed above are realized. The algorithm may be put on a pure IEEE MAC layer bridge as an IP extension or on any dual MAC dual attached device attached directly on the FDDI trunk ring. The algorithm provides a contiguous view of an IP subnet in all of the possible configurations of an FDDI ring, including a configuration where single attached stations are attached to both the primary and secondary rings. Section 2 describes the various configurations that can exist in IP over FDDI with single attached stations. Section 3 provides a solution to the problem depicted in figure 3. Section 4 will take another look at section 3 with the addition of IP routers to the ring, and section 5 will deal with open issues and other implementation considerations, such as twisted rings and performance considerations. Richard Fox [Page 7] Internet Draft Proxy IP Bridge 2/10/91 2. Configurations of Single Attached Stations in an IP/FDDI Environment Figure 2 shows a configuration of an FDDI network where there is a single attached station on the primary ring and one on the secondary ring. There are a number of IP configurations that can be mapped onto this configuration. This section will look at each of the configurations in detail, determining if the IP mapped configuration onto the FDDI ring breaks IP when the FDDI ring is in thru mode or in wrapped mode. A third configuration that an FDDI ring can be in is called twisted. This mode is discussed in section 5. The IP configurations that will be described are all based on figure 2. The configurations are: Case 1. All interfaces (MACs) on the primary ring belong to IP subnet X, while all interfaces on the secondary ring belong to IP subnet Y. This means station C belongs to two IP networks (X & Y). Case 2. Same as case #1 except station C (dual attached stations) use the same IP subnet (X) on both rings. This means that A and C are part of the same IP network but C is no longer part of the same IP network as B. Case 3. All stations have the same IP subnet (X) regardless of which rings the stations are attached to. This is equivalent to figure 3. 2.1. Case 1: Different Networks Networks comprised of different physical cables normally assign each physical cable a different IP subnet network number unless a bridge is used to connect the cables. This case treats the dual counter rotating rings of FDDI as two separate networks containing no bridges between the two rings. In this configuration each ring is assigned a separate IP network. This mapping of IP over FDDI does not benefit from the data aggregation or transparent fault recovery benefits listed in the introduction. However, this configuration may be widely used since it benefits from implicit load balancing. Load balancing is achieved since stations can be attached to the rings based on local traffic requirements. Richard Fox [Page 8] Internet Draft Proxy IP Bridge 2/10/91 2.1.1. Case 1: In Thru Mode While in thru mode, the FDDI ring acts like two separate networks. For station A and station B to communicate, a path using routers must exist from the primary ring to the secondary ring (C could be a router). If no router exists, then A and B will not be able to communicate, even though they are on the same FDDI ring network. There is no IP requirement that mandates that stations from different IP networks must be able to communicate, thus the integrity of IP is maintained in this mapping of IP over FDDI while in thru mode. 2.1.2. Case 1: In Wrapped Mode When an FDDI ring wraps, both the primary and secondary rings combine to form one logical ring[1,2,9]. The affect a wrap has on IP in this configuration is that the two IP networks X and Y, which used to be on different logical rings, are now combined onto the same logical ring. This configuration is a legal IP configuration (one that is in use today), but care must be taken to insure that the network can still function. [10,11] gives some useful suggestions on how to eliminate ARP storms and other problems that can occur when two IP subnets are on the same physical cable. 2.2. Case 2: Dual stations using 1 IP Network In this case, dual MAC, dual attached stations may use the same IP network address for both MACs (station C in figure 1). This means that in figure 2, station A and station C are part of the same IP network, while station B is not. The benefits mentioned in the introduction will be realized by the dual MAC, dual attached stations that use the same IP address for both MACs, while all other stations will only realize the benefit as stated in section 2.1. 2.2.1. Case 2: In Thru Mode While in thru mode, the FDDI ring acts like two networks slightly overlapped. In other words, both rings may have stations from either of the two IP networks (X & Y). As long as all single attached stations belonging to the same IP Richard Fox [Page 9] Internet Draft Proxy IP Bridge 2/10/91 network are on the same ring, IP integrity is not broken. IP integrity is not jeopardized, since all stations on the same IP network are directly reachable by all other stations on the same IP network. If the Extended ARP protocol is used, dual MAC, dual attached stations can take advantage of the benefits listed in the introduction section, since the Extended ARP protocol can determine when stations are on both rings. However, when a dual MAC, dual attached station is speaking to a single attached station, the Extended ARP protocol will fail, and stations will default back to using standard ARP. Using Standard ARP will guarantee that single attached stations and dual MAC, dual attached stations on the same IP network, will be able to communicate using only the ring that the single attached station is connected to. 2.2.2. Case 2: In Wrapped Mode Case 2 in wrapped mode is identical to case 1 when in wrapped mode. The same arguments detailed in section 2.1.2 apply to this case. Thus, this case does not violate IP. However, when the ring transitions from wrapped mode back to thru mode, stations arp tables may now contain invalid IP to MAC address mappings as described in section 3.1.3. To avoid this problem the steps in section 3.1.3.1 should be followed. 2.3. Case 3: Both Rings Use Same IP Network In this case, all FDDI MACs are part of the same IP network regardless of which ring the MACs are attached. This configuration allows every dual MAC, dual attached station to take full advantage of the benefits listed in the introduction. This example assumes the absence of bridges. 2.3.1. Case 3: In Thru Mode While in thru mode, there will be stations on the primary ring that can not talk to stations on the secondary ring without the aid of a MAC bridge. Since we assumed that there were no bridges between the two rings for this example, the IP network is not contiguous, thus the integrity of IP is broken. Richard Fox [Page 10] Internet Draft Proxy IP Bridge 2/10/91 IP is broken internally to the IP network since not all stations within the same IP network can speak to all other stations that are part of the same network. A solution that fixes this internal network problem is given in section 3. This configuration can also result in breaking IP to the external world. This external problem is discussed in section 4. In the absence of a solution, it has been proposed that having only one IP network per FDDI network is allowed with the constraint that all single attached stations being connected to the primary ring only. Section 3 should show that this constraint is no longer valid and section 5.1 should show why this assumption is invalid regardless of this proposal. 2.3.2. Case 3: In Wrapped Mode In this case when the ring is wrapped, all stations can speak to all other stations. In other words the IP network is one contiguous network where all stations within the network can talk to all other station within the same network. An interesting side effect of wrapping, is now stations that could not communicate in thru mode, can now communicate. As soon as the ring transitions back to thru mode, these stations will again, not be able to communicate to one another without the aid of a bridge. 3. Proxy IP Bridging It has been advocated that single attached stations be required to all be attached to the primary ring in an FDDI environment because of the problem discussed in section 2.3.1. This would be a serious limitation that the FDDI community feels has been unjustly mandated, since one of the main features of FDDI is the flexibility of ring configurations and fault recovery. Also, section 5.1 shows why forcing this restriction is an INVALID thing to do. In this section, a proposal is presented that should solve the problem of section 2.3.1, such that, both the IP community and the FDDI community can fully utilize the technology of having dual rings without sacrificing the integrity of IP. Richard Fox [Page 11] Internet Draft Proxy IP Bridge 2/10/91 The solution defined in this document provides an extension to a dual MAC dual attached device attached to the FDDI trunk ring by adding simple bridging support for IP. It does this by manipulating Extended ARP[4] and ARP[5] frames in such a manner that it bridges IP traffic from one ring to the other when necessary to maintain IP integrity. A device that provides this type of bridging functionality is termed a proxy IP bridge. The requirements of a proxy IP bridge can be summarized as the following: - respond to Standard ARPs for those stations that are single attached stations, such that the Standard ARP is received on the ring in which the destination station is not attached to. When responding to these Standard ARPs, the proxy IP bridge must put in its own MAC address (for the MAC attached to the same ring as the source of the ARP), and not the MAC address of the end station. - forward all Standard ARPs from single attached stations to the other ring, replacing the source MAC address of the single attached station with its own MAC. - forwards all IP and ARP frames that are addressed to one of its MACs but with an IP address that is not one of its own. 3.1. Formal Definition of a Proxy IP Bridge This section formally defines what comprises a proxy IP bridge and details the actions and events of a proxy IP bridge. The actions specified are for the proxy IP bridge part of a concentrator only. All required functionality of a concentrator are still in affect. 3.1.1. Definition of ARP Handling This section formally defines what comprises a proxy IP bridge and details the actions and events of a proxy IP bridge. It is assumed that that all dual MAC, dual attached stations implement the Extended ARP mechanism[4]. If some dual MAC, dual attached stations do not implement the Extended ARP Richard Fox [Page 12] Internet Draft Proxy IP Bridge 2/10/91 mechanism, the algorithms defined in this paper will still work. However, these stations may not realize the full benefits of FDDI as described in the introduction. 3.1.1.1. ARP Request This section details what the proxy IP bridge does with received Extended ARP requests and Standard ARP requests. The rules in this section are to be followed as long as the ring is in thru mode. If the ring wraps, then section 3.1.3 applies. 1. On reception of an Extended ARP, the proxy IP bridge caches the source MAC addresses and IP address of the frame in its ARP table. The proxy IP bridge does not do anything more with an Extended ARP, since by definition, a device that sends an Extended ARP is dual attached and can reach the destination directly, without the need of any bridging functionality. The information contained in all received Extended ARPs, will overwrite any previous data stored for the source address[5] in the arp table. 2. On reception of a Standard ARP the proxy IP bridge first looks at the source address. The following actions will be taken: A. If the source MAC address is already in the arp table and is marked as a dual MAC dual attached station, then the source can reach the destination directly and the proxy IP bridge will do nothing further with the ARP. B. If the source MAC address is already in the arp table and is not marked as a dual MAC dual attached station, then the cache entry is updated as in step 2.C. C. If the source MAC address is not in the arp cache, then the source IP address is added to the arp table with its MAC address for the interface that the ARP was received on. For the other interface (or ring) the IP address should be added to the arp table with the MAC address of the proxy IP bridge for that interface. 3. If the destination of a Standard ARP is in the proxy IP Richard Fox [Page 13] Internet Draft Proxy IP Bridge 2/10/91 bridge's arp table with an entry for the interface the ARP was received on, then the bridge should do the following based on the MAC address of the arp entry: A. If the MAC address is not of the proxy IP bridge, then the source and destination of the ARP is on the same ring and the proxy IP bridge will do nothing further with the ARP request. B. If the MAC address is that of the proxy IP bridge, then the source and destination are on different rings, and the proxy IP bridge will respond to the arp request using its MAC address in the ARP response. 4. If the destination of a Standard ARP is not in the arp table for the interface the arp was received on, but is in the arp table for the other interface or ring, then the proxy IP bridge will do the following: - Add the destination IP address to the arp table with the MAC address of the proxy IP bridge for the interface that the Standard ARP was received on. - Respond to the Standard ARP using the newly created arp entry. This means that the the proxy IP bridge will be forwarding packets between the two rings so that the two single attached stations can communicate. 5. If the destination of a Standard ARP is not in the arp table at all, then the proxy IP bridge will do the following: A. The proxy IP bridge will send out an Extended ARP to the destination. B. If an Extended ARP response is received, then the proxy IP bridge will add the response to the arp table and mark the entry as being a dual MAC dual attached station. Since the destination is connected to both rings, the source and destination will be able to directly communicate and the proxy IP bridge will do nothing further with the original Standard ARP. C. If an Extended ARP response is not received, then a standard ARP will be sent out on both rings. If a response to either standard ARP is received, then the Richard Fox [Page 14] Internet Draft Proxy IP Bridge 2/10/91 destination IP address and MAC address is added to the table for the interface that the ARP response was received on. For the other interface the destination IP address is added with the MAC address of the proxy IP bridge for that interface. After the destination is added to the arp table, go to step 3. D. If no response to either of the Standard ARPs from step C is received, then the proxy IP bridge will do nothing further with the original Standard ARP. 3.1.1.2. ARP Response When it is determined from Section 3.1.1.1 that the proxy IP bridge should respond to a Standard ARP on behalf of a single attached station, it should always supply its appropriate MAC address in the ARP response packet. The appropriate MAC address is the address of the MAC that is connected to the same ring as the source address specified in the Standard ARP packet. This way when the source station sends a frame to the destination, it will address it to the proxy IP bridge MAC interface that will forward the frame to the other ring. 3.1.2. Packet Forwarding Once a station has received a response to an ARP that completes the IP address to MAC address mapping necessary to send IP packets, the station will use this MAC address in the FDDI frame when sending IP packets to the destination IP address. If the MAC address used is not the destination's MAC address, but is the address of a proxy IP bridge, then all IP packets sent by the source will first be received by a proxy IP bridge. When a proxy IP bridge receives a packet with an IP address that is not its own, the following steps must be taken: A. If there is no arp entry for the destination IP address, then the proxy IP bridge must arp for the destination address as described in section 3.1.1.1 step 5. If this fails, then the proxy IP bridge must assume that the IP address is not currently reachable and the IP packet will be dropped. Richard Fox [Page 15] Internet Draft Proxy IP Bridge 2/10/91 B. If the arp entry for the destination contains a MAC address that is not one of the proxy IP bridge's for an interface, then the proxy IP bridge will forward the IP packet to this interface (or ring) replacing its MAC address with the destination's cached MAC address. C. If no arp entries exist for the destination address even after step A, or the MAC address of the proxy IP bridge appears in the arp table for the interface the packet is being forwarded to, then the IP datagram must be dropped. 3.1.3. Thru to Wrap to Thru When the ring transitions from Thru to Wrap mode, stations that couldn't directly communicate (without the use of the proxy IP bridge) can now directly arp for one another and no longer need the services of a proxy IP bridge. A proxy IP bridge will know when the ring has wrapped when it sends either an Extended ARP or a Standard ARP out one interface and receives it on it's other interface. When the proxy IP bridge has detected that the ring has wrapped, it should do the following: A. It should stop building its arp table as described in sections 3.1.1.1 & 3.1.1.2. B. The proxy IP bridge should no longer answer arp requests that would cause the proxy IP bridge to forward packets. C. The proxy IP bridge should continue to forward all IP packets as defined in section 3.1.2, even if this requires the proxy IP bridge to send out an ARP to discover the destination. The reason that the proxy IP bridge should no longer try and discover the location of stations as in section 3.1.1.1 is threefold. First, as long as the ring is wrapped there is no need for the proxy IP bridge to forward any packets, because all stations can communicate directly. Secondly, any new arp entries will show that there is no need for the proxy IP bridge and this extra traffic on the network is unnecessary. Thirdly, entries added to the arp table while in wrap mode may prove to be incorrect when the station goes back to thru mode, since it will have entries with MAC addresses that are valid Richard Fox [Page 16] Internet Draft Proxy IP Bridge 2/10/91 only when the ring is in wrap mode but are not valid in thru mode. The third point of the last paragraph has proven to be a problem regardless of whether the algorithms defined in this document exist or not. Consider the network in figure 2. When the ring wraps it is quite possible that stations like C will have two MACs on the wrapped ring (see figure 4). When C arps for A, A will get two ARP requests, one from each of C's MACs[4]. Depending on the order the ARPs are received, A could store the MAC of C which is normally not connected to the same ring as A is connected to. While in wrap mode this is no problem, but as soon as the ring goes back to thru mode, A can no longer communicate with C using this arp entry. When A tries to communicate with C it must determine if C is down, or the MAC address is no longer valid and the destination IP address must be re-ARPed. This is not a trivial problem (see section 3.1.3.1). Richard Fox [Page 17] Internet Draft Proxy IP Bridge 2/10/91 --------------- --------------- | | | | | Station A | | Station B | | | | | | IP Subnet X | | IP Subnet X | -------|------- -------|------- | | | | /-------------|-----------------------------|-------------\ | | | | | | | | | | | | | | | | | | \|/ /|\ | | | | | | | | | | | | | | | | | | | | \------------------------|-----|--------------------------/ | | | | | | ----|-----|---- | | | Station C | | | | IP Subnet X | --------------- figure 4 Richard Fox [Page 18] Internet Draft Proxy IP Bridge 2/10/91 3.1.3.1. Arp Table Flushes When the ring goes from wrap to thru, arp tables of both dual attached and single attached stations may contain invalid data as described in section 3.1.3. This section proposes a set of steps that should be taken when the ring transitions from wrap mode to thru mode for both proxy IP bridges and single attached stations that rely on a proxy IP bridge when in thru mode. Whenever a proxy IP bridge flushes out an IP address from its arp cache, it must remove the entry out of the table for all interfaces. 3.1.3.1.1. Proxy IP Bridge: Wrap to Thru Transition Once the proxy IP bridge determines that the ring is wrapped (see section 3.1.3) the proxy IP bridge needs a method of determining when the ring transitions back to thru mode so that it can fix its arp table and restart building its arp table as described in sections 3.1.1.1 & 3.1.1.2. FDDI currently provides no method that a station can rely on to determine when the ring transitions from wrap to thru. There are many tools that can be used such as the SRF frame[9], PMF protocol[9], or NIF protocol[9], but none of these tools are guaranteed to be implemented or contain the necessary data. Thus, the solution to this problem must come within the IP paradigm. When a proxy IP bridge determines that the ring is wrapped it must do the following: 1. Discontinue adding new ARP entries since its services are not needed for new connections. Also, the proxy IP bridge must continue to forward all frames that are addressed to it as in section 3.1.2. 2. Every A-TIME, send out an Extended ARP out both MAC interfaces. A-TIME is being suggested to be 30 seconds. An Extended ARP is sent out instead of a Standard ARP in case another proxy IP bridge has finished step 5 and cleared this station out of its arp table. In this case, sending an Extended ARP will get the station added to the other proxy IP bridge as a dual MAC, dual attached Richard Fox [Page 19] Internet Draft Proxy IP Bridge 2/10/91 station. Sending out a Standard ARP could result in the proxy IP bridge being added to anothers arp table as a single attached station, which would be invalid. The destination IP address of the Extended ARP should be that of the sending proxy IP bridge (itself). 3. If the proxy IP bridge receives one of the Extended ARPs on the interface it wasn't sent out on, then the proxy IP bridge knows that the ring is still wrapped and it goes back to step 2. 4. If the Extended ARPs are both received but only on the interfaces that they were sent out on, then the proxy IP bridge knows that the ring has transitioned back to thru mode and proceeds to step 5. 5. Once the proxy IP bridge has determined that the ring is in thru mode once again, it must flush out its arp table, since the state of each entry can not be guaranteed to be correct. 6. The proxy IP bridge rebuilds its arp table based on sections 3.1.1.1 & 3.1.1.2 and it operates as normal. 3.1.3.1.2. Single Attached Stations: Wrap to Thru Transition Stations, other than proxy IP bridges, on the ring, have no guaranteed method of determining when the ring goes from wrap to thru mode. Neither the FDDI standard or the IP standard has a standard method guaranteed to determine when a configuration of this sort takes place. In section 3.1.3.1.1 a method was detailed that allows a proxy IP bridge to determine a wrap to thru transition, but this method does not work with single attached stations. For stations to make the transition from wrap to thru with limited loss of connectivity, stations should do the following: 1. Have a very short ARP entry timeout value. This way after a wrap to thru transition, invalid arp entries will quickly be aged out of the table. 2. With a short arp age out value, the station will depend on either being able to rebuild deleted arp entries Richard Fox [Page 20] Internet Draft Proxy IP Bridge 2/10/91 quickly by direct arp responses and by arp responses from proxy IP bridges. Single attached stations will greatly depend on the ability of proxy IP bridges being able to quickly respond to arp requests. If this requirement is not met, then stations pay a big price for quickly aging out arp entries. If the mean time between ring wraps is great, then this requirement will surely be met. If the mean time between ring wraps is small, then the penalty for aging arp entries will be insignificant to the penalty of the ring transition overhead. 4. External View of the IP Network Section 2 described three IP network configurations given the FDDI network in figure 2. The assumption was made that no routers were connected to the FDDI network. Case 3 in section 2.3 describe a scenario of how stations, that are part of the same IP network (subnet), can not communicate to each other, causing the IP network to appear discontiguous internally in the network. The solution in section 3 fixes this problem, once again giving the appearance that the IP network is contiguous. Now the assumption of no routers must be removed, and the cases of section 2 revisited, to see if the external view of the IP network is valid. For an IP network to have a valid external view, all routers that are connected to the IP network must be able to reach all stations of that IP network. If a router were to fail in this requirement, then stations external to the network could not be guaranteed that all stations on the network are reachable, even though a router to the network advertises the network as reachable. 4.1. Dual MAC, Dual Attached Routers Adding dual MAC, dual attached routers to figure 2, will not cause the external view of the network to become invalid for any of the cases listed in section 2. This is true because being dual attached allows the router to directly speak to any other station that is part of the FDDI ring. Cases 1 & 2 requires the router to route to two different IP networks. Using the information gathered from Extended ARP and Standard Richard Fox [Page 21] Internet Draft Proxy IP Bridge 2/10/91 ARP allows the router to determine easily, which MAC, of which ring, it should use to reach the station. Case 3 is similar to cases 1 & 2 except the router routes for one IP network and not two as in the other cases. As in cases 1 & 2, using Extended ARPs and Standard ARPs is sufficient to determine how to reach all stations on the FDDI ring. 4.2. Single Attached Routers Adding a single attached router to the FDDI ring imposes some problems that are not evident with a dual MAC, dual attached router. Cases 1 & 2 are still not a problem using the same arguments as stated in section 2. Case 1 the router will attach to one ring, and all stations that belong to the routed IP network can be reached on this ring. Case 2 is the same as case 1, except the router can not communicate with all MACs that are part of the IP network, since dual MAC, dual attached stations will have MACs on both rings, but all IP addresses or stations that comprise the IP network are reachable by the router. If the IP network is represented as in case 3, a single attached router will not be able to give a correct external view, since it will only be able to communicate with MACs that are on the same ring as its own. If there are single attached stations on the other ring, there is no way that the router will be able to route packets from the external world to this station without some bridge like function on the FDDI ring. Since a single attached router is really just like any other single attached station, using the procedures of section 3 will allow the single attached router to give a valid external view of the IP network that it is routing to, since a proxy IP bridge will forward all packets that are received by the single attached router, which are destined for the ring that the router is not connected to. It has been shown that using the algorithms defined in this paper maintains IP's integrity both internally to the IP network and externally to the rest of the connected internet. Richard Fox [Page 22] Internet Draft Proxy IP Bridge 2/10/91 5. Considerations and Issues 5.1. Twisted Rings A twisted ring is a ring that has A ports connected to A ports as described in [9]. This has the affect of mixing the primary and secondary ring as defined in [9], if A-A or B-B connections did not exist. In other words, single attached stations that would appear on the same ring in a normal trunk ring with only A-B, and no A-A or B-B peer connections, are no longer on the same ring. Thus, mandating that all single attached stations must be put on the primary ring only, isn't enough to solve the IP integrity problem, since a twisted ring may end up with single attached stations on both rings. Any assumption or protocol that assumes all single attached stations will be on the same ring is INVALID. The algorithms defined in this document makes no assumptions on how the ring is composed. Twisted rings are handled the same way as normal rings and present no problems to the algorithms defined in this document. 5.2. Network Management Consideration Since the algorithms defined in this paper may not always be required, the procedures defined in this document should be able to be turned off by management control. Also, permanent ARP entries should be allowed to be added to the proxy IP bridge's arp table using management control. This way, an administrator can add a priori knowledge to the proxy IP bridge to help speed operation when connections to certain machines happen quite often. 5.3. Extended ARP This paper assumes the use of the Extended ARP protocol[4]. The protocol is still under design and may change from its current implementation. It is being assumed that this document can make use of the Extended ARP protocol even as its definition changes. If this assumption is no longer valid, then this document will be updated to state what is needed for this protocol to work. Richard Fox [Page 23] Internet Draft Proxy IP Bridge 2/10/91 5.4. Performance Considerations A performance consideration to consider is the extra buffering that may be required for the proxy IP bridge if it stores Standard ARPs while it tries to discover whether it should respond to the ARP or not. If this is a serious problem, then an implementation suggestion would be to drop the Standard ARP when trying to discover the destination address of the ARP. When the source of the ARP doesn't receive a response, it may retry the ARP and at that time the proxy IP bridge should have enough information to know if it needs to respond or not. This makes the assumption that arps are resent more than once and at a rate no faster than 1 second[12]. Also section 5.2 gave an optional optimization that would help reduce the amount of ARP buffering required by the proxy IP bridge. 5.5. Support of Broadcast (Multicast) Packets The algorithms defined in this paper have solved the connectivity problem of two IP stations that are part of the same IP subnet, but are on different rings. However, there is more to an IP network than ARP packets and IP packets that are addressed to single stations. Many IP protocols are based on IP broadcast (or multicast) packets. The proxy IP bridge must be able to forward these packets when appropriate; otherwise, single attached stations might not be able to fully communicate with other devices using currently defined protocols based on broadcasts. If broadcast packets are forwarded the same way ARP packets are forwarded, then each proxy IP bridge will forward all broadcast packets due to the lack of an individual destination IP and MAC address in the packet. This is clearly an undesirable solution, since stations may receive multiple copies of every broadcast packet. This section defines an algorithm on how broadcast (or multicast) packets should be handled. 5.5.1 Forwarding of IP Broadcast (Multicast) Packets There should only be one proxy IP bridge responsible for forwarding broadcast packets sent by single attached stations per FDDI network. When a proxy IP bridge receives an IP broadcast packet it does the following: A. Determines if it is forwarding broadcast frames. If NO Richard Fox [Page 24] Internet Draft Proxy IP Bridge 2/10/91 then the packet is dropped and no more processing of the packet is required. B. Otherwise, the source address is looked up in the arp table. If the source is in the table and is marked as dual MAC dual attached, then no forwarding is required and the packet is dropped. If the source address is in the table but not marked as dual MAC dual attached, then the frame is forwarded to the other ring if the MAC address in the arp table for the interface the packet was received on is not that of the proxy IP bridge's. If the MAC address is that of the proxy IP bridge, then the broadcast packet has already been forwarded and must not be forwarded a second time. C. If the source address is not in the arp table, then the proxy IP bridge sends out an Extended ARP. If it gets a response, then the proxy IP bridge will add to response to the arp table and mark the entry as a dual MAC dual attached station. Since the station responded to the Extended ARP the broadcast packet does not need to be forwarded and may be dropped. D. If no response to the Extended ARP is received, then the station is single attached, and the proxy IP bridge will forward the broadcast packet. The source address should be cached in the arp table as in section 3.1.1.1 step 2.C. 6. Conclusion This paper has presented a solution that allows many IP network configurations to be mapped onto all legal FDDI network configurations, such that, the integrity of IP is maintained without placing any limitations on FDDI. Without the use of some algorithms similar to those defined in this document, no guarantees on the integrity of IP can be made. There are many tools that could be used to optimize the solution provided, but the solution as detailed depends on no optionally defined protocol and requires no protocol changes to IP or FDDI. Richard Fox [Page 25] Internet Draft Proxy IP Bridge 2/10/91 7. References [1] American National Standard, Fiber Distributed Data Interface (FDDI) -- Token Ring Physical Protocol (PHY), ANSI X3.148-1988. [2] American National Standard, Fiber Distributed Data Interface (FDDI) -- Token Ring Media Access Control, ANSI X3.139-1987. [3] Postel, J.B., Internet Protocol, RFC 791 September 1981. [4] Brown, C. and Bagnall, D., ARP Extensions for Single IP Subnet FDDI LANs, Draft RFC 1990. [5] Plummer, D., An Ethernet Address Resolution Protocol, RFC 826, November 1982. [6] Postel, J.B. and Reynolds, J.K., Telnet Protocol specification, RFC 854, May 1983. [7] Postel, J.B., File Transfer Protocol specification, RFC 765, June 1980. [8] Postel, J.B., DoD standard Transmission Control Protocol, RFC 761, January 1980. [9] Draft Proposed American National Standard, Fiber Distributed Data Interface (FDDI) -- Token Ring Station Management (SMT), ANSI X3.T9.5- 1990 Revision 6.2. [10] McKenney, P.E., Broadcast Storms, Nervous Hosts, and Load Imbalances, Information Sciences and Technology Center, SRI International, October 1988. Richard Fox [Page 26] Internet Draft Proxy IP Bridge 2/10/91 [11] Mitchell, C. and Quarterman, J.S., Using ARP to Implement Transparent Subnet Gateways, RFC 1027, October 1987. [12] Braden, R.T., Requirements for Internet hosts - communication layers, RFC 1122, October 1989. [13] P802.1d MAC Bridges, IEEE Project 802, July 1989 Richard Fox [Page 27] Internet Draft Proxy IP Bridge 2/10/91 Table of Contents 1 Introduction .......................................... 1 2 Configurations of Single Attached Stations in an IP/FDDI Environment ................................ 8 2.1 Case 1: Different Networks .......................... 8 2.1.1 Case 1: In Thru Mode .............................. 9 2.1.2 Case 1: In Wrapped Mode ........................... 9 2.2 Case 2: Dual stations using 1 IP Network ............ 9 2.2.1 Case 2: In Thru Mode .............................. 9 2.2.2 Case 2: In Wrapped Mode ........................... 10 2.3 Case 3: Both Rings Use Same IP Network .............. 10 2.3.1 Case 3: In Thru Mode .............................. 10 2.3.2 Case 3: In Wrapped Mode ........................... 11 3 Proxy IP Bridging ..................................... 11 3.1 Formal Definition of a Proxy IP Bridge .............. 12 3.1.1 Definition of ARP Handling ........................ 12 3.1.1.1 ARP Request ..................................... 13 3.1.1.2 ARP Response .................................... 15 3.1.2 Packet Forwarding ................................. 15 3.1.3 Thru to Wrap to Thru .............................. 16 3.1.3.1 Arp Table Flushes ............................... 19 3.1.3.1.1 Proxy IP Bridge: Wrap to Thru Transition ...... 19 3.1.3.1.2 Single Attached Stations: Wrap to Thru Tran- sition ............................................. 20 4 External View of the IP Network ....................... 21 4.1 Dual MAC, Dual Attached Routers ..................... 21 4.2 Single Attached Routers ............................. 22 5 Considerations and Issues ............................. 23 5.1 Twisted Rings ....................................... 23 5.2 Network Management Consideration .................... 23 5.3 Extended ARP ........................................ 23 5.4 Performance Considerations .......................... 24 5.5 Support of Broadcast (Multicast) Packets ............ 24 6 Conclusion ............................................ 25 7 References ............................................ 26 Richard Fox [Page 28]
- single attach doc Richard Fox
- single attach doc Richard Fox
- re: single attach doc Fazil Osman
- re: single attach doc Fazil Osman