Re: [Ila] [5gangip] ILA forwaring [Was Re: Problem Statement]

["Joel M. Halpern" <jmh@joelhalpern.com>]

I am not sure I follow.
If I am reading you right, you suggest that dropping cache usage during 
a DOS attack is a useful feature.
If the system is engineered to operate well using local caches in the 
ILA, then dropping cache usage would seem to result in a DOS attack on 
the ILA-R infrastructure as it will have to handle a sustained packet 
load much higher than its design target.

Yours,
Joel

On 5/1/18 1:16 PM, Tom Herbert wrote:
> On Tue, May 1, 2018 at 9:58 AM, Joel M. Halpern <jmh@joelhalpern.com> wrote:
>> If you do not use caches in your ILA-Ns (and yes, I understand your
>> reasoning for not doing so), then you are constructing an overlay network.
>> One of the arguments I was given for using ILA was to enable direct
>> forwarding of packets effectively without needing to have routing track the
>> moving entities.  Without caches, you are pushing all the traffic through
>> fewer entities.  And you seem to be either using a lot of ILA-R with
>> concomitant information distribution or few ILA-R restricting the
>> information distribution problem but instead having traffic concentration
>> problems.
>>
>> I understood from your earlier presentation that the ILA-r using the packet
>> as a signal was to avoid dropping the first packet, and as a side-effect not
>> needing a separate query message.
>> Now you seem to be saying that your think it important to support not having
>> caches in the ILA-Ns, which is a VERY different trade-off.
>>
> Joel,
> 
> I think you've misunderstood my position. Caches are _very_ important
> to eliminate the cost triangular routing (latency, average path load).
> This reduces latency and reduces average load on ILA-Rs. But, and this
> is the critical part, caches are only an _optimization_ in ILA. That
> means if the cache is rendered ineffective (like by a well crafted DOS
> attack) then the only effect is that the optimization is loss (i.e.
> greater latency due to triangular router)-- this is quantitively the
> worst effect of the attack on an ILA cache. This can be contrasted
> that to LISP where the worst case effects of a DOS attack on the cache
> is loss of service for users (infinite latency since packets can be
> dropped or indefinitely blocked on a cache miss).
> 
> Tom
> 
>> Yours,
>> Joel
>>
>>
>> On 5/1/18 12:37 PM, Tom Herbert wrote:
>>>
>>> On Tue, May 1, 2018 at 9:10 AM, Joel M. Halpern <jmh@joelhalpern.com>
>>> wrote:
>>>>
>>>> Three reactions, all personal opinion (in case someone thinks my having
>>>> helped chair the BoF is in any way relevant; it isn't):
>>>>
>>>> 1) If ILA-Ns do not have caches, the ILA-Rs will become hot-spots in the
>>>> network.  Yes, you have provision for multiple of them sharing load.
>>>> However, if that sharing gets to be a significant percentage of teh
>>>> routers
>>>> in the network, then there is no point in having bothered with ILA, you
>>>> are
>>>> just routing on the SIR.
>>>>
>>> Joel,
>>>
>>> If you provision a network (or any system really) based on an
>>> assumption that caches will always attain some hit rate this is a
>>> fundamental mistake. One of the goals of a DOS attack would be to
>>> drive the hit rate to zero in which case someone will be in a world of
>>> hurt. Caches and DOS are a hard mix to contend with in nearly any
>>> context, that's why it's much better to view caches as an optimization
>>> rather than a requirement. They can be used to alleviate load, but
>>> that cannot be relied upon.
>>>
>>> I would also point out that caches only make sense as internal devices
>>> for intra domain communications. This does not make sense for edge
>>> routers that would need to create a working set cache for any
>>> aribtrary load of traffic from the Internet.
>>>
>>>> 2) As far as I can tell, when some ILA-N have caches, the ILA-R have no
>>>> way
>>>> of knowing whether the ILA-N have caches or not.  I can understand what
>>>> happens if all ILA-N in a network have the same cache state (either they
>>>> all
>>>> have caches or they all do not have caches).  But I do not know what
>>>> behavior you expect of an ILA-R if the ILA-N are not uniform. Given the
>>>> hot-spot issue above, I think you need to really explain why ILA-N would
>>>> not
>>>> ahve caches.
>>>>
>>> ILA-Rs and ILA-Ns communicate via ILAMP protocol. That can include
>>> capabilities description.
>>>
>>>> 3 - Minor) Your usage of "sharding" seems odd.  You are simply dividing
>>>> the
>>>> domain into address blocks, and distributing responsibility for those
>>>> blocks
>>>> separately.  In other contexts, sharding seems to be used more generally
>>>> for
>>>> having subcollections of the data which can be moved around.
>>>>
>>> Sharding is a database term that describes partitioning of the
>>> database into smaller chunks for manageablibilty. That is what is
>>> happening here (literally in the implementation since we are use a
>>> database backend).
>>>
>>> Tom
>>>
>>