IETF Logo Mail Archive

[Ila] Scaling mapping systems (was Re: [5gangip] BOF Description)

Tom Herbert <tom@herbertland.com> Sat, 03 February 2018 16:50 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ila@ietfa.amsl.com
Delivered-To: ila@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1375B120713 for <ila@ietfa.amsl.com>; Sat, 3 Feb 2018 08:50:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MT13SSlwQW6j for <ila@ietfa.amsl.com>; Sat, 3 Feb 2018 08:50:24 -0800 (PST)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B109512D7FB for <ila@ietf.org>; Sat, 3 Feb 2018 08:50:24 -0800 (PST)
Received: by mail-qk0-x22c.google.com with SMTP id d125so7297738qkg.13 for <ila@ietf.org>; Sat, 03 Feb 2018 08:50:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=ABVwOt62g9+2thumRXlpUdPbvGb/sn5bDc6tUTeR8ps=; b=kzMApkGVcDTRdeauhayESsyDI7JOXTU/7O2tiqqX71Um07NARUusMYNfglABZr3vNl RXaGc0XfzdGNphzpDjkmFcxbZm8ma0it0twyxOaxIxLRGJfj6OrtRQWu3lz1kZ4k8wsC aBgNQlZJHSyNU4fbtnrmlIYkbSIvMInhxDkafPbTttGFGZj0/1HE2pkFkATLZ+M3Rx+J lEPCK8MHPsvWfyGgNSL0dpc6RE2jQL9opovKxDve7lYDYz+nGJE8J6Y7wvrJFHDiCxvi PaPM5ZG+K0FdFRQwMSwkFWSMq2OJ+iH3NJjDKGQYSnnTko5UnLCm5iawZw4QjYwN/qT+ lBmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=ABVwOt62g9+2thumRXlpUdPbvGb/sn5bDc6tUTeR8ps=; b=fhWRf2hIUQkkI0fpbcIVmmGrzLOiKQMhhGsquIvyileRX5+Vfeggic2R6MVK+bdsOD osaFpQ4xMLLnab09v1+Fi3qcb7dxiAFNaq8scxk63ALTSvWUNcBJ2y0TmhzNOHy6N5xL VkyuE2fbiccpVENmvZV/C24JJChS4Kb6i16FyNlneQL8unRyVn4e6oatwZiUqLL6TTA1 TPO5Kg0SW+Gi9WweBIafYrWUQqeMYe0aLQRyf6RbOqYO2eSAuBguPh+Q86EVISZXhrhV 0h//YVFnsVHHD2bJMdQWmnd5Hl51nBq/JxEEJgJUdM8oD51YK2gozEj06q9exooWOYBD F31g==
X-Gm-Message-State: APf1xPD8jb0/SJXekftFdwK/MYnapm1kVd3Tl6LPlISTQv31U7beF2bx JN8/Q0V7tp0Dl9j08rgj5jlXqYJkniZnRuBMWGJOig==
X-Google-Smtp-Source: AH8x227rOsp7STrFqWLYNAC9SG6HeIZhDdD+OxNdxzHkOHqJYvBDwxJ3zGrybokgPMh7KcwqS/eilF0XmwnhXUFGoMM=
X-Received: by 10.55.103.88 with SMTP id b85mr10014524qkc.182.1517676623577; Sat, 03 Feb 2018 08:50:23 -0800 (PST)
MIME-Version: 1.0
Received: by 10.200.49.108 with HTTP; Sat, 3 Feb 2018 08:50:22 -0800 (PST)
From: Tom Herbert <tom@herbertland.com>
Date: Sat, 03 Feb 2018 08:50:22 -0800
Message-ID: <CALx6S37+1PK3ET7g+XsCHt6-CJrABLko0YbWgE12xFX=vL5OPA@mail.gmail.com>
To: Dino Farinacci <farinacci@gmail.com>
Cc: Behcet Sarikaya <sarikaya@ieee.org>, 5GANGIP <5gangip@ietf.org>, Alexandre Petrescu <alexandre.petrescu@gmail.com>, Lorenzo Colitti <lorenzo@google.com>, ila@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ila/T6sKMdRcqvZatuoTHG9ZtVuG5jw>
Subject: [Ila] Scaling mapping systems (was Re: [5gangip] BOF Description)
X-BeenThere: ila@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Identifier Locator Addressing <ila.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ila>, <mailto:ila-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ila/>
List-Post: <mailto:ila@ietf.org>
List-Help: <mailto:ila-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ila>, <mailto:ila-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Feb 2018 16:50:27 -0000

On Fri, Feb 2, 2018 at 10:37 AM, Dino Farinacci <farinacci@gmail.com> wrote:
>
> The question to be answered is if all 10 million need to be stored in one place at the same time.
>
> Lorenzo, do you think the DNS is scaling? And if the mapping system is designed roughly the same way, could it scale?
>
Right, there now are many examples of sharded databases to draw
lessons from. At 10M entries per router, to get to 1B aggregate
mappings in a network that's 100 routers. Assuming a 5x replication
factor then network needs 500 identifier/locator routers. I would
target scaling this by two orders of magnitude within ten years to
accommodate influx of IoT devices and fined grained object addressing
in virtualization. I know this is simplistic math and scaling this is
a hard problem, but I believe it's a solvable problem.

>
> Also, the other point you made about third-party dependency, is a another question about push versus pull style of operation.
>

There is a related question that needs to be addressed and that's
DOSability of a mapping cache.

For instance, from RFC6380:

"6.  The ITR receives the Map-Reply message, parses the message (to
check for format validity), and stores the mapping information from
the packet.  This information is stored in the ITR's EID-to-RLOC
mapping cache.  Note that the map-cache is an on-demand cache.  An ITR
will manage its map-cache in such a way that optimizes for its
resource constraints. "

This on-demand mapping cache is the reason that LISP is not in Linux.
The argument is that it is easily DOSed. A attacker could flood an ITR
with packets to random destinations that would trigger map requests.
If the map requests are rate limited then that could prevent requests
being made for legitimate traffic. If map replies are generated for
the bogus traffic they they could fill up the cache and block out
legitimate users.

I think the the request rate limiting problem can be mitigated by
using a redirect model instead, but I don't have complete answer yet
for the cache exhaustion attack (my patches that would facilitate an
ILA mapping cache we also rejected).

Dino, has this DOS issue been looked at for LISP?

Thanks,
Tom

v2.23.0 | Report a Bug | By Email