Re: [Ila] LISP for ILA

"Alberto Rodriguez Natal (natal)" <natal@cisco.com> Tue, 13 March 2018 22:50 UTC

Return-Path: <natal@cisco.com>
X-Original-To: ila@ietfa.amsl.com
Delivered-To: ila@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F91B12EA9E; Tue, 13 Mar 2018 15:50:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.53
X-Spam-Level:
X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r6PdWQ0PpZuF; Tue, 13 Mar 2018 15:50:55 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D54D12D881; Tue, 13 Mar 2018 15:50:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6072; q=dns/txt; s=iport; t=1520981439; x=1522191039; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=d6X76GNXARIsFzufKA/1TRk4KkmtYLBfprFCVPA7iEA=; b=Cj6YpwQnU0BgTx6D+ucmIgd0/4dR/bBotWMsDJ3BdBJ6Iktxo++1/T5d QwyWahf2M4Cf85DUJh9EeBwKO7bDVwc2L1/1L9BwRZ2WtmSxZxBQEZ3r2 0X/QYeF+GEtiSaxLz+G+zw6sf7AbQjlk67WyGgDiEIvfQYjTNbfScqslb Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0A4AgA4Vaha/4MNJK1dGQEBAQEBAQEBAQEBAQcBAQEBAYNQgVUoCoNGmBKCBIEWlDGCFQqFJQIagwYhNRcBAgEBAQEBAQJrJ4UjAQEBAwEjEUUQAgEIGAICJgICAjAVEAIEDgWFEAisB4ImiGOCDIENhCQEgi6DOwEpgwWFC4MeMIIyBJpWCQKHQYkhgWOMfod1iS4CERMBgSsBIAI0gVJwFWQBghiER3eMeAeBKoEYAQEB
X-IronPort-AV: E=Sophos;i="5.47,466,1515456000"; d="scan'208";a="83029089"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Mar 2018 22:50:38 +0000
Received: from XCH-RCD-019.cisco.com (xch-rcd-019.cisco.com [173.37.102.29]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id w2DMocBw018691 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 13 Mar 2018 22:50:38 GMT
Received: from xch-aln-005.cisco.com (173.36.7.15) by XCH-RCD-019.cisco.com (173.37.102.29) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Tue, 13 Mar 2018 17:50:38 -0500
Received: from xch-aln-005.cisco.com ([173.36.7.15]) by XCH-ALN-005.cisco.com ([173.36.7.15]) with mapi id 15.00.1320.000; Tue, 13 Mar 2018 17:50:38 -0500
From: "Alberto Rodriguez Natal (natal)" <natal@cisco.com>
To: Tom Herbert <tom@quantonium.net>
CC: "ila@ietf.org" <ila@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>, "Fabio Maino (fmaino)" <fmaino@cisco.com>, Albert Cabellos <acabello@ac.upc.edu>, "Vina Ermagan (vermagan)" <vermagan@cisco.com>
Thread-Topic: [Ila] LISP for ILA
Thread-Index: AQHTs4N8SaQwoGnN/EueWlx2YLMdsaPCxXuAgAu1BQCAAH+kgP//uJMA
Date: Tue, 13 Mar 2018 22:50:38 +0000
Message-ID: <CF1C238D-FBE9-48BC-A7A6-49E45249E5E2@cisco.com>
References: <F1093230-C087-4168-9C5F-8DA7AB677677@cisco.com> <CAPDqMer58nxEixtH=JuZh9WgM0xKkEQYEjwZ6zg3wTjD76gOHQ@mail.gmail.com> <F920CAE2-9042-41DF-B013-E8FE6F891596@cisco.com> <CAPDqMeriMzM82-R-JOgx4zuqJTk2YOoBaWV_58no2V8yPas9QA@mail.gmail.com>
In-Reply-To: <CAPDqMeriMzM82-R-JOgx4zuqJTk2YOoBaWV_58no2V8yPas9QA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.156.163.12]
Content-Type: text/plain; charset="utf-8"
Content-ID: <8D8FFC8EAC4B8440AF4F4A6556F0FA49@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ila/gx4LJRB530sEXU-QABDE0vpvsyM>
Subject: Re: [Ila] LISP for ILA
X-BeenThere: ila@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Identifier Locator Addressing <ila.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ila>, <mailto:ila-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ila/>
List-Post: <mailto:ila@ietf.org>
List-Help: <mailto:ila-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ila>, <mailto:ila-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2018 22:50:59 -0000


On 3/13/18, 1:05 PM, "Tom Herbert" <tom@quantonium.net> wrote:
    >
    >     This is reflected below in: "While the mapping is being resolved via
    >     the Map-Request/  Map-Reply process, the ILA-N can send the data
    >     packets to the underlay using the SIR address."
    >
    >     I think it should be assumed in ILA that not queuing packets and not
    >     dropping packets because of resolution are requirements (too much
    >     latency hit).
    >
    > IMHO, these should not be hard requirements. Leveraging ILA-Rs for mapping resolution has another set of tradeoffs to be considered. An operator should be able to decide which set of tradeoffs makes sense for his/her particular scenario.
    >
    This is a hard requirement because caches are explicitly not required
    for ILA to operate. They are *only* optimizations. If there is a cache
    hit then packets presumably get optimized path, on a cache miss they
    might take a subopitimal route-- but packets still flow without being
    blocked! This means that the worse case DOS attack on the cache might
    cause suboptimal routing; however, if resolution is required then the
    worse attack case becomes that packets don't flow and it's a much more
    effective attack.
        
Performing the mapping resolution at the ILA-N doesn't mean that you can't send the packets to the ILA-R to avoid the first-packet-drop. Those are two different things. Traditionally in LISP, a possible deployment model is to have a couple of RTRs with all the mappings in the site, so xTRs can use them as default path while they are resolving mappings. In this scenario, all the mapping resolution is done at the xTRs while the RTRs are only forwarding "first-packets". We have seen this model working really well even for large LISP deployments. 

    >     In ILAMP, a redirect method is defined. On a chache miss the packet is
    >     forwarded and no other action is taken. If an ILA-R does
    >     transformation it may send back a mapping redirect informing the ILA-N
    >     of a transformation. The redirects must be completely secure (one
    >     reason I'm partial to TCP) and are only sent to inform an ILA-N about
    >     a positive response. To a large extent this neutralizes the above
    >     random address DOS attack. There are other means of attack on the
    >     cache, but the exposure is narrowed I believe.
    >
    > That model is supported in LISP via the use of Map-Notifies. However, moving the mapping resolution to the ILA-R comes at a cost. It's putting more load (in terms of both data and control plane) into an architectural component that it's not easy to scale out, since it requires (for instance) reconfiguring the underlay topology.
    
    I'm not see how this creates more load (i.e. the need for map request
    packets are eliminated), but I really don't understand what
    "reconfiguring the underlay topology" means!
    
Happy to try to clarify this. I'm talking about the load in the ILA-R. With a "redirect" model, the ILA-R has to (1) serve as the data-plane default path and (2) provide control-plane mapping resolution. This is centralizing the data-plane and control-plane into a single component, the ILA-R. Moreover, this will also require a lot of punts from the fast path to the slow path in the ILA-R which has also implications. With a request/reply model, the control-plane resolution is performed at the edges in a distributed fashion and the ILA-R only serves as data-plane default path to avoid dropping traffic. The latter model alleviates the load in the ILA-Rs, which reduces the need to scale them out.

One of the challenges associated with scaling out the ILA-Rs is that is based on sharding the Identifier space. This requires making the underlay aware of this sharding (so the SIR traffic is properly routed to the appropriate ILA-R). This is basically coupling the underlay and overlay rather than keep them separated. In LISP when you need to add a new Map-Server you just need to update (some) of the overlay components, the underlay is completely unaware of this change (which is probably a good thing).

Hope the above helps to clarify things. As you know, I'm not directly against a "redirect" model (which can also be done with LISP), but we need to be aware of the tradeoffs that we are choosing.

Alberto