Re: [Ila] [5gangip] Scaling mapping systems (was Re: BOF Description)

[Tom Herbert <tom@quantonium.net>]

On Wed, Feb 7, 2018 at 6:48 PM, Dino Farinacci <farinacci@gmail.com> wrote:

> > Yes. OOO packets are possible during a transition period. In order
> delivery is not a requirement of IP and the window for OOO packets is
> relatively small anyway.
>
> Right but frequent out-of-order delivery does not make the system as a
> whole work well. And the “transition period” is for *every new destination”
> that is not cached. So this can be a steady state situation.
>
> Hi Dino,

I'm not sure I understand. OOO packets most often happen when packets for
the same flow take two different paths through the network at the same time
so that packets sent later beat earlier ones to the destination. W.r.t. to
the cache, the window for OOO delivery is when cache is entry is
instantiated, but there are already packets inflight that presumably are
taking non-cached scenic route. Once the non-cached packets have been
received, all the packets for the flow go through the cache taking the same
path so there is no more OOO. It's a small window. Also, if multiple
connections are simultaneously suffer OOO from this I doubt this would have
a material impact-- congestion window collapse is unlikely without packet
loss. Of course, a stateful firewall in the path might not be so tolerant
of OOO packets...

> > trianglular routing. Redirects must be secure so that they cannot be
> spoofed, so for that reason (and some others) the protocol is over TCP. The
> mapping cache is only an optimization and packets are never dropped or
> queued for pending cache resolution. If the cache weren't present,
> communications would
> >
> > But the ILA router in the network needs to have the mapping. And if it
> does not, what happens then?
> >
> > The ILA router is considered authoritative for its shard. If it doesn't
> have a mapping then the packet is silently dropped as having an unreachable
> destination.
>
> Does the ILA router for the shard only route to destinations inside of the
> shard?


Yes.


> And if so, it is kept small so you can push the mappings and make it scale
> at that level?
>

Small is relative. The ILA router first needs to being able to forward the
load, so provisioning would need to consider the worse case where no
entries hit the cache. Redirects would likely be rate limited (probably
capped by throughput). In a network, design I would probably target a cache
hit rate of at least 95%.


>
> > > still be viable but sub-optimal; that characteristic establishes a
> bound for the worst case DOS attack.
> > >
> > > Any thoughs on this approach?
> >
> > You’ll really need to put signatures in the Redirect messages if you
> want robust authentication.
> >
> > The redirects are sent over an established TCP connection to an ILA-N so
> that deters message spoofing. For stronger security, TCP authentication
> option or TLS can be used.
>
> Is it worth the state to hold millions of TCP connections only the
> occasion redirect message?
>

It might be millions of TCP connections spread across a large network, but
for ILA-Ns it's at most a couple of hundred connections and for a mapping
resolution ILA-R it's probably no more than 50K. Assuming 2K memory per TCP
connection ctx (and TLS if in use) that's a 100M on the ILA-Rs. In addition
to security, the other reasons to use TCP is it's reliable transport and
provides congestion control and avoidance. There's also the option of using
TFO if the amount of state were to become an issue.

Tom