IETF Logo Mail Archive

Re: [Ila] [5gangip] Scaling mapping systems (was Re: BOF Description)

Tom Herbert <tom@quantonium.net> Tue, 06 February 2018 20:27 UTC

Return-Path: <tom@quantonium.net>
X-Original-To: ila@ietfa.amsl.com
Delivered-To: ila@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DA7F12D870 for <ila@ietfa.amsl.com>; Tue, 6 Feb 2018 12:27:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=quantonium-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ybRaBy48i32 for <ila@ietfa.amsl.com>; Tue, 6 Feb 2018 12:27:50 -0800 (PST)
Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3845E127876 for <ila@ietf.org>; Tue, 6 Feb 2018 12:27:49 -0800 (PST)
Received: by mail-wm0-x22e.google.com with SMTP id f3so6394129wmc.1 for <ila@ietf.org>; Tue, 06 Feb 2018 12:27:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quantonium-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=u9/GvEMzwE1peAk/RLHerfaIARzAEZggnRGPXYjsb4w=; b=XpKb9rlANdHb38BXLAtiaTlzMX2v9MtjgeI30I1so/KqadmhAtLHRtS4i31PjYpnj0 yRWJNRRmnZsrG6slPOS7uqDoh6/HgIPLdAQ5hfiXkgf0MNi85GPa+1gfATyP6RjtEr1Y xTZ3jfPXSTrD5HI+M0rX7Xlh7/tpope1q1f18DKKckZpjZO7dGS+HtL61v6uBwDLCVNB xg3lwKNDneF+h+eYKD/cXvv/U4tVvaM1ie8Vc/UydusMXL6/NpWj6cHMNlcohaVs8EZx Gbb61u6KtiPPeU/2MsjiZMWPEAagJIWtZb0Q5MglvdKORhQrdHT72gU4t1j7rNJCP4rE 6P9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=u9/GvEMzwE1peAk/RLHerfaIARzAEZggnRGPXYjsb4w=; b=HcSNmQx8Cp65Revogcv2jj+S3ZpO2zrYesIiBL4RZ3+nv2pCTIcJT8wQX2KVrdNZ2A 0ihtI0R9mNlEwp9vuX2v6bXx8mvZ7X/gE7bUjlut1HE0DHDkC+OkUqnEcsyhNGvYS1ZW VcCd3F3403trcyACyKHhljwGz1y0BTwCroj5deF4gPX4lJGG80YqUVDAWEpOk1Mnidva Yn8hdRGWpcnKzmpZfvr6b9aJXaCVjdgcOKOgKWlSeQbmMzkcxU7+bzcF08Fy/f2ktisI yhANPaeEJRLk+nqqIL1MgiGne6szJPqdFe3xhhtXHO8rK75blmZjfKrBdWouDBjqs6UC 1/pg==
X-Gm-Message-State: APf1xPBOj6GvRycdPswiPKy4r6QKL2WjauH0ET1Bnc5SwNNkxWJJV9s2 mBIBO8mKr4E1vxjuLp459but4Y2VbKYhXk4nH2qcmg==
X-Google-Smtp-Source: AH8x2265PNq/uknHyotatSfLEPNsdZS0n5PCXwhkuwRSSqFnh7VajXF8v+lf0Z9MvWXc1lM6XDXovYVuZuJfzRx93A4=
X-Received: by 10.28.91.68 with SMTP id p65mr2953096wmb.119.1517948867471; Tue, 06 Feb 2018 12:27:47 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.173.66 with HTTP; Tue, 6 Feb 2018 12:27:46 -0800 (PST)
In-Reply-To: <CAKD1Yr2HQCt0DZ62_YqC1qOb_GJkqh35U8_mViMNYps8VOcv6A@mail.gmail.com>
References: <CALx6S37+1PK3ET7g+XsCHt6-CJrABLko0YbWgE12xFX=vL5OPA@mail.gmail.com> <5067FA81-B416-4A19-9F11-A08B35BB8B6D@gmail.com> <CAPDqMeqNkiOWHOVU0AsUzFfPH60pTdS2x9CePhvZDhVLGJoGmw@mail.gmail.com> <9C425F56-738C-4600-9DFF-9D30FC3872DC@gmail.com> <CAPDqMeoLPSGbFg_H-_yOPBguXhOmx8fXjzYd_ax1Qds56KibZQ@mail.gmail.com> <CAKD1Yr2HQCt0DZ62_YqC1qOb_GJkqh35U8_mViMNYps8VOcv6A@mail.gmail.com>
From: Tom Herbert <tom@quantonium.net>
Date: Tue, 06 Feb 2018 12:27:46 -0800
Message-ID: <CAPDqMerUgfcROGMjxpaaQD=-sohU4vd_-80n2os_v+_v__bYNQ@mail.gmail.com>
To: Lorenzo Colitti <lorenzo@google.com>
Cc: Dino Farinacci <farinacci@gmail.com>, Tom Herbert <tom@herbertland.com>, 5GANGIP <5gangip@ietf.org>, Behcet Sarikaya <sarikaya@ieee.org>, ila@ietf.org, Alexandre Petrescu <alexandre.petrescu@gmail.com>
Content-Type: multipart/mixed; boundary="001a1144226208ed720564910359"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ila/ixsm6IM0WcYLZD41w8vto2sxTO8>
Subject: Re: [Ila] [5gangip] Scaling mapping systems (was Re: BOF Description)
X-BeenThere: ila@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Identifier Locator Addressing <ila.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ila>, <mailto:ila-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ila/>
List-Post: <mailto:ila@ietf.org>
List-Help: <mailto:ila-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ila>, <mailto:ila-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2018 20:27:52 -0000

On Mon, Feb 5, 2018 at 10:34 PM, Lorenzo Colitti <lorenzo@google.com> wrote:

> On Tue, Feb 6, 2018 at 12:37 AM, Tom Herbert <tom@quantonium.net> wrote:
>
>> As time has gone on with experience in deployment, forwarding to another
>>> node that has a large shared cache, like an RTR, seems to deal with the
>>> issue in a compromised way.
>>>
>>
>> In ILAMP (https://tools.ietf.org/html/draft-herbert-ila-ilamp-00) secure
>> redirects are defined to be the primary means of populating a cache. On a
>> cache miss, a packet is forwarded into the network and routing should
>> forward the packet to an ILA router that contains the complete set of
>> mappings for the associated shard. The router performs the transformation
>> and can send a redirect back to the caching node. The redirect can be
>> cached so that subsequent packets take a direct route and avoid the
>> trianglular routing. Redirects must be secure so that they cannot be
>> spoofed, so for that reason (and some others) the protocol is over TCP. The
>> mapping cache is only an optimization and packets are never dropped or
>> queued for pending cache resolution. If the cache weren't present,
>> communications would still be viable but sub-optimal; that characteristic
>> establishes a bound for the worst case DOS attack.
>>
>> Any thoughs on this approach?
>>
>
> Hi Lorenzo,

Thanks for the feedback!


> The obvious ones would seem:
>
>    - Will the working set of cache mappins fit in whatever memory is
>    available in, say, a large peering router?
>
> The cache needs to be sized to fit the working set. Please look at the
reference topology of section N. The intent is that caches would not be
used at edge or peer routers, ILA router are used there which shard the
mapping database across some number of  nodes. Mapping caches are at ILA-Ns
which are deployed deeper in the network towards the end hosts (like toward
gNB). There are more of these than ILA-Rs, however they are serve a small
set of users and would be implemented on lower end devices. The purpose of
the cache is to optimize latency and throughput of performance critical
intra-network communications (Ue to UE, UE to application server in
network).


>
>    - Remember that memory that is capable of sustaining routing lookups
>    at tens of gigabits per second is extremely expensive.
>    - How do you defend against state exhaustion attacks whereby a large
>    number of spoofed sources send packets to nonexistent destinations?
>
> No cache state is created for nonexistent destinations.


>
>    - How much bandwidth will be used for the redirects? How much CPU time
>    will be used to process them?
>    - How many servers are needed to store
>
> Suggest gaming this out for a large mobile operator with, say, 100M
> clients, 100 Internet connection points and 10T of traffic.
>

I did an analysis of ILA scalability for a couple of scenarios (see
attached), For the 100M UEs, the number of ILA routers came out to 530.

Tom

v2.23.0 | Report a Bug | By Email