Re: [lisp] LISP EID Block Size

Dino Farinacci <farinacci@gmail.com> Sat, 02 November 2013 18:09 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBCC811E8172 for <lisp@ietfa.amsl.com>; Sat, 2 Nov 2013 11:09:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dt1tUx+hCkr4 for <lisp@ietfa.amsl.com>; Sat, 2 Nov 2013 11:09:27 -0700 (PDT)
Received: from mail-ie0-x231.google.com (mail-ie0-x231.google.com [IPv6:2607:f8b0:4001:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id 0492E11E8224 for <lisp@ietf.org>; Sat, 2 Nov 2013 11:09:23 -0700 (PDT)
Received: by mail-ie0-f177.google.com with SMTP id e14so9703499iej.36 for <lisp@ietf.org>; Sat, 02 Nov 2013 11:09:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=LZXSrnDNi8/jtR5+LZxhHMrFmb90vYRwLpwNTCiVmLY=; b=z9Rm73/Xsq0C2YzUjMhCj665S85N5iz2YupbaOcasPtvMQetsbxT0KM0GLBI2TG3W3 xUjm9tNJQU4yUxlWlnTb/2MtPdTFCaut1RLOLcMofC+3poTZb2wJ5fyp6xXiB9ybaXag ktub2gcmFM+xNnhZhMabxCzhTLuUvlFFZmlSveVAbbOHTS55DVHIFtWAFz8KvwR1jwKV ajHN55L5L1H1H2f6RNykjhE56t+GtL8nwarDH+knDqI2ktrYzGcy4sAGoEwE6V37G/SC 3JbDybWTkDmH8SjJtTz40ncu+mTZbdsZUJ8GA2XE5D+vTfght7gJo5jJeMXjwnPRgKXc wfXQ==
X-Received: by 10.50.20.99 with SMTP id m3mr6638576ige.54.1383415763489; Sat, 02 Nov 2013 11:09:23 -0700 (PDT)
Received: from [172.19.131.126] ([12.130.122.100]) by mx.google.com with ESMTPSA id l7sm11291250igx.2.2013.11.02.11.09.20 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 02 Nov 2013 11:09:22 -0700 (PDT)
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1816\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <52753A16.5050906@joelhalpern.com>
Date: Sat, 2 Nov 2013 11:09:17 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <98A53C30-74A2-4776-A5C9-8F124D3F74B4@gmail.com>
References: <20131031151830.55F9618C168@mercury.lcs.mit.edu> <EA0CEAB9-BD0F-4278-BE30-6D6DB7E7B624@steffann.nl> <FC33A2A0-45EA-424B-8F37-D479131AEDD4@gmail.com> <52728FCF.2060603@joelhalpern.com> <A3459787-CCEB-4037-9005-81F51C6ABFCC@gmail.com> <52734FA6.4040003@joelhalpern.com> <FC03B84E-350E-4A52-84A9-44518862B5D7@gmail.com> <52753A16.5050906@joelhalpern.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.1816)
Cc: LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] LISP EID Block Size
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Nov 2013 18:09:29 -0000

So it appears that:

(1) People are all for experimenting.
(2) People may be all for allocating a block if it is not too large.

So would it be easier to swallow if we just request a /32 or smaller block. 

Are we just arguing over size?

If the experiment proves we need to do something in production, then we go get larger blocks as Joel indicates. And if the experiment is complete and say we don't need a well-known block, we return the /32.

Dino

On Nov 2, 2013, at 10:44 AM, Joel M. Halpern <jmh@joelhalpern.com> wrote:

> On the source side, the ITR had better know what EIDs it is working on behalf of (otherwise, it is a source for spoofed source address).  So none of those cases seem to be affected by the allocation or non-allocation of a block.
> 
> If we are going to do anything based on a block, we better make sure it can handle more than one block.  Which means that at most we need a block for the duration of the test period.  We do not need a block for the hoped for full success of LISP.  If we really succeed, we can get an additional bigger block.
> 
> Yours,
> Joel
> 
> On 11/1/13 10:33 AM, Dino Farinacci wrote:
>>> I understand the importance of experimenting.  But I am having
>>> trouble getting my head around the possible value we want to
>>> explore.  Color me naive and stubborn, but individually so.
>>> 
>>> Thinking about the ITR code path, if there is no block:
>> 
>> Many are thinking in this context. It is one but there are other
>> things WE COULD DO if we new a prefix was an EID. See below for some
>> rough examples. And please don't ask for detail, because this is
>> initial thinking.
>> 
>>> Receive packet check cache for destination failing cache match,
>>> query for destination.
>> 
>> And there could be a failed match if the destination address was not
>> an EID. Meaning this packet is coming to an ITR destined for a
>> non-LISP site (regardless if the source address is an EID or not). So
>> the ITR would have to query the mapping database.
>> 
>> So let's break this down. If the source was an EID, one could say,
>> "okay since I'm doing the new stuff the delay for a lookup to a
>> non-LISP destination is the price I pay for getting multihoming for
>> packets that come back to me". If the source was not an EID, then the
>> old user that expects to go to a non-LISP site expects the packet
>> loss or optimal routing path to continue. And if it does not, then
>> the new service hurt existing users.
>> 
>> Please note, this is when a site is bifurcated being a site that has
>> some partial EID allocations and partial hosts that have not changed.
>> And that either could send to EID or non-EID destinations.
>> 
>> Yes, you could have a default PETR configured in the ITR so there is
>> 0 packet loss, but then you may get a suboptimal path. And packets
>> from a non-EID source to a non-EID destination could be inadvertently
>> encapsulated to the PETR. Then the PETR would decap and deliver the
>> packet based on a BGP path.
>> 
>> I for one, would like to solve this problem. And I do not know if
>> just a well-known, hard-coded, EID-block will do it.
>> 
>>> And the ITR code path if there is a block: Receive packet check
>>> cache for destiantion failing cache match, check for destination in
>>> EID block If in EID block, query If not in EID block, query
>> 
>> You are correct, but this box could be configured in way where the
>> logic could change:
>> 
>> Receive packet If EID-block strict configured If destination in
>> EID-block, send query Else forward natively Else <do what Joel said
>> above with no EID-block check> Endif
>> 
>>> Now, if everything is in the EID block, I understand that the last
>>> step above becomes "just send".  But that appears to be a
>>> counter-factual assumption.
>>> 
>>> Yours, Joel
>> 
>> Having an EID block could help us in these scenarios as well:
>> 
>> (1) The block or any more specifics should not have a native-forward
>> action in a Map-Reply returned by the mapping system. (2) The block
>> or any more specifics should not be injected into BGP without a
>> special community indicating that only PITRs should be advertising
>> it. (3) If a destination that a NAT box receives has a source in this
>> block, that translation should not be done (because it is not
>> needed). (4) If the source is in this block we know we cannot build
>> RPF trees in the core when the source sends multicast packets. (5)
>> Maybe a special EID-block should indicate that this source host can
>> only talk IPv6 and that stretched layer-2 subnets are prohibited. So
>> if you hit a box that does VXLAN and LISP, that layer 3 LISP is used
>> and we don't move MAC frames across the underly and we certainly do
>> not forward ARP packet, broadcast frames, and link-local multicast.
>> 
>> Now all these things can be put in the mapping database, and give us
>> the same answers but if we could keep load off the mapping database,
>> this would be a good thing, a scalability feature.
>> 
>> Dino
>> 
>>> 
>>> On 10/31/13 7:19 PM, Dino Farinacci wrote:
>>>>> 
>>>>> Actually, that use case is only helped by the EID block if you
>>>>> can be sure that ALL the destination EIDs it will see will come
>>>>> from the block.
>>>> 
>>>> I don't believe so. It could just an efficiency play for one
>>>> versus the other.
>>>> 
>>>>> Which seems to be impossible to ensure in the general case.
>>>>> And easy to achieve without an allocated block in many of the
>>>>> special cases.
>>>> 
>>>> Well the EID could mean it is behind a NAT and that ITRs should
>>>> encapsulate to an RTR. Maybe one that is used by a default
>>>> map-cache entry or a distinguished key on the mapping database.
>>>> 
>>>> See there are sorts of things we could try. Again, "try" here
>>>> means experimentation.
>>>> 
>>>> Look how the pilot network was easier to debug since we had
>>>> 153.16.0.0/16 generically donated by Andrew Partan and how cisco
>>>> has been renting 2610:d0::/32.
>>>> 
>>>> Dino
>>>> 
>>> _______________________________________________ lisp mailing list
>>> lisp@ietf.org https://www.ietf.org/mailman/listinfo/lisp
>> 
>>