Re: [Ila] [5gangip] Scaling mapping systems (was Re: BOF Description)
Dino Farinacci <farinacci@gmail.com> Wed, 07 February 2018 14:16 UTC
Return-Path: <farinacci@gmail.com>
X-Original-To: ila@ietfa.amsl.com
Delivered-To: ila@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FD341205F0; Wed, 7 Feb 2018 06:16:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fBwXy_GRzGMR; Wed, 7 Feb 2018 06:16:49 -0800 (PST)
Received: from mail-pl0-x241.google.com (mail-pl0-x241.google.com [IPv6:2607:f8b0:400e:c01::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52CBD1200B9; Wed, 7 Feb 2018 06:16:49 -0800 (PST)
Received: by mail-pl0-x241.google.com with SMTP id p5-v6so81822plo.12; Wed, 07 Feb 2018 06:16:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=aT5N5BTLi8x9kYNP85zcIsedlBy64WG8bukvApc3oSg=; b=IqOZslDCPTK0hGL37yRt2k6Ti/SHTPWHw4I5rYW0UEWjd3E6qA2XwMczUN4gedWiW5 vPH48sAQjh8BoGAjxTDN7zs35n8Dbmjo/OHHYnzbpKwBMoc7HalTUAv10rgIfFPZssZ9 //MbYJRReIZ/RDwKFpYqRlT6DwBJW7TVbiXrsMbQHgz/ab7SPkpkGgXPo94eyUGukvOJ ccc0GUheAdHHicB+OpShV4rDi1OMADCZdHAO6TBdzSbNKn8QGKtvIxvQ31GDQHeJZ+Jj 6ONEwhJ0xinHLLUvdlUPvJwoioOzZye0ZzREqll7IA3AzKW6Muxj5oP4hLpL+IwD9xi0 howw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=aT5N5BTLi8x9kYNP85zcIsedlBy64WG8bukvApc3oSg=; b=FB1nFWhqnbneX+dWXvbmTBq9mdFX82uOknbNZtW65UjPqfQbJnpmWEAd/+lMnF4p7Q 1wnEP9sKMJPL4fJ4+LKj9PRqjoDDMykEQd2bcFqOEjSEMTjpMf+MF/KxZaetFN5KHe7l zy/AKYX7Wp1JeV1mcNGUG49cKAFn1kGTIjiwFodwa589OyUTdTrSPhngBE3g3ytUSIC5 OREORxkQf903ydxfVmdFbsiMNEtsJgHefygnpTYMsp5THXRqKf6dwTHjhsov++hPn5qh EuUr560RsDUVyqeS3J+GO8i93iyZm9P3EXV0SZ9kS5P93MW3WeSZtl7ubtHVce5d7SYZ kd5Q==
X-Gm-Message-State: APf1xPBL72iCLaCPMoeHlTFx28qwUmtiLNelWIViUGhCrihOXobMDt78 DxHecuSjzEc+s8LceLz3OnY=
X-Google-Smtp-Source: AH8x225PPxXX+AzvZjTouiqmAuW3xeSEtNCkrZ86rDMaswJCnWvW84EqZ5FQEzjBSUez0sIA1T1RHQ==
X-Received: by 2002:a17:902:4101:: with SMTP id e1-v6mr6217654pld.332.1518013008894; Wed, 07 Feb 2018 06:16:48 -0800 (PST)
Received: from [10.12.239.99] ([222.113.148.132]) by smtp.gmail.com with ESMTPSA id p14sm3252846pgu.7.2018.02.07.06.16.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Feb 2018 06:16:47 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <CAPDqMeoLPSGbFg_H-_yOPBguXhOmx8fXjzYd_ax1Qds56KibZQ@mail.gmail.com>
Date: Wed, 07 Feb 2018 06:16:43 -0800
Cc: Tom Herbert <tom@herbertland.com>, 5GANGIP <5gangip@ietf.org>, Behcet Sarikaya <sarikaya@ieee.org>, ila@ietf.org, Alexandre Petrescu <alexandre.petrescu@gmail.com>, Lorenzo Colitti <lorenzo@google.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <EF6D1220-510C-4A4A-A15E-CA7029B300F7@gmail.com>
References: <CALx6S37+1PK3ET7g+XsCHt6-CJrABLko0YbWgE12xFX=vL5OPA@mail.gmail.com> <5067FA81-B416-4A19-9F11-A08B35BB8B6D@gmail.com> <CAPDqMeqNkiOWHOVU0AsUzFfPH60pTdS2x9CePhvZDhVLGJoGmw@mail.gmail.com> <9C425F56-738C-4600-9DFF-9D30FC3872DC@gmail.com> <CAPDqMeoLPSGbFg_H-_yOPBguXhOmx8fXjzYd_ax1Qds56KibZQ@mail.gmail.com>
To: Tom Herbert <tom@quantonium.net>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ila/6uCywv69FO405kQN4bInbAoZZJ0>
Subject: Re: [Ila] [5gangip] Scaling mapping systems (was Re: BOF Description)
X-BeenThere: ila@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Identifier Locator Addressing <ila.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ila>, <mailto:ila-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ila/>
List-Post: <mailto:ila@ietf.org>
List-Help: <mailto:ila-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ila>, <mailto:ila-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2018 14:16:51 -0000
> In ILAMP (https://tools.ietf.org/html/draft-herbert-ila-ilamp-00) secure redirects are defined to be the primary means of populating a cache. On a cache miss, a packet is forwarded into the network and routing should forward the packet to an ILA router that contains the complete set of mappings for the In LISP, we have PITRs that do roughly the same thing. But it comes at an expense that EIDs need to be advertised into the core routing system. I guess in your case, it is on the SIR-prefix that is injected and a packet destined for any ID with a SIR-prefix goes to the closest ILA router. Is that right? > associated shard. The router performs the transformation and can send a redirect back to the caching node. The redirect can be cached so that subsequent packets take a direct route and avoid the But you will get some out of order packets. Until the cache is populated, packets are still in the network, either packets that have not reached the ILA router, or packets that have been transformed. So if the ILA router near the source, or the source itself, sends directly, there is a chance it is a shorter path. So new packets arrive to the destination before packets in flight. > trianglular routing. Redirects must be secure so that they cannot be spoofed, so for that reason (and some others) the protocol is over TCP. The mapping cache is only an optimization and packets are never dropped or queued for pending cache resolution. If the cache weren't present, communications would But the ILA router in the network needs to have the mapping. And if it does not, what happens then? > still be viable but sub-optimal; that characteristic establishes a bound for the worst case DOS attack. > > Any thoughs on this approach? You’ll really need to put signatures in the Redirect messages if you want robust authentication. Dino
- [Ila] Scaling mapping systems (was Re: [5gangip] … Tom Herbert
- Re: [Ila] [5gangip] Scaling mapping systems (was … Dino Farinacci
- Re: [Ila] [5gangip] Scaling mapping systems (was … Tom Herbert
- Re: [Ila] [5gangip] Scaling mapping systems (was … Dino Farinacci
- Re: [Ila] [5gangip] Scaling mapping systems (was … Tom Herbert
- Re: [Ila] [5gangip] Scaling mapping systems (was … Lorenzo Colitti
- Re: [Ila] [5gangip] Scaling mapping systems (was … Tom Herbert
- Re: [Ila] [5gangip] Scaling mapping systems (was … Dino Farinacci
- Re: [Ila] [5gangip] Scaling mapping systems (was … Tom Herbert
- Re: [Ila] [5gangip] Scaling mapping systems (was … Dino Farinacci
- Re: [Ila] [5gangip] Scaling mapping systems (was … Tom Herbert
- Re: [Ila] [5gangip] Scaling mapping systems (was … Dino Farinacci
- Re: [Ila] [5gangip] Scaling mapping systems (was … Tom Herbert
- Re: [Ila] [5gangip] Scaling mapping systems (was … Dino Farinacci
- Re: [Ila] [5gangip] Scaling mapping systems (was … FIGURELLE, TERRY F
- Re: [Ila] [5gangip] Scaling mapping systems (was … Tom Herbert