IETF Logo Mail Archive

Re: [lisp] comments on 'draft-ietf-lisp-deployment-06'

"Templin, Fred L" <Fred.L.Templin@boeing.com> Wed, 27 February 2013 21:57 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DBD221F87B9 for <lisp@ietfa.amsl.com>; Wed, 27 Feb 2013 13:57:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.499
X-Spam-Level:
X-Spam-Status: No, score=-2.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8yICdyU1WoJq for <lisp@ietfa.amsl.com>; Wed, 27 Feb 2013 13:57:01 -0800 (PST)
Received: from blv-mbsout-02.boeing.com (blv-mbsout-02.boeing.com [130.76.32.232]) by ietfa.amsl.com (Postfix) with ESMTP id 240AF21F8751 for <lisp@ietf.org>; Wed, 27 Feb 2013 13:57:01 -0800 (PST)
Received: from blv-mbsout-02.boeing.com (localhost.localdomain [127.0.0.1]) by blv-mbsout-02.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with ESMTP id r1RLv0PM009235 for <lisp@ietf.org>; Wed, 27 Feb 2013 13:57:00 -0800
Received: from XCH-NWHT-11.nw.nos.boeing.com (xch-nwht-11.nw.nos.boeing.com [130.247.25.114]) by blv-mbsout-02.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id r1RLuxdq009210 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Wed, 27 Feb 2013 13:56:59 -0800
Received: from XCH-BLV-106.nw.nos.boeing.com (130.247.25.122) by XCH-NWHT-11.nw.nos.boeing.com (130.247.25.114) with Microsoft SMTP Server (TLS) id 8.3.297.1; Wed, 27 Feb 2013 13:56:59 -0800
Received: from XCH-BLV-504.nw.nos.boeing.com ([169.254.4.245]) by XCH-BLV-106.nw.nos.boeing.com ([fe80::1481:d5b8:bff:313f%15]) with mapi id 14.02.0328.011; Wed, 27 Feb 2013 13:56:57 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Lori Jakab <ljakab@ac.upc.edu>
Thread-Topic: [lisp] comments on 'draft-ietf-lisp-deployment-06'
Thread-Index: AQHOFQfLuwShS716HkOC8irOe1RlS5iOMw8A
Date: Wed, 27 Feb 2013 21:56:56 +0000
Message-ID: <2134F8430051B64F815C691A62D98318013D19@XCH-BLV-504.nw.nos.boeing.com>
References: <20130225180218.31450.57812.idtracker@ietfa.amsl.com> <512BC5C4.6090406@joelhalpern.com> <2134F8430051B64F815C691A62D9831801146A@XCH-BLV-504.nw.nos.boeing.com> <512E3492.9010405@ac.upc.edu>
In-Reply-To: <512E3492.9010405@ac.upc.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.247.104.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: No
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] comments on 'draft-ietf-lisp-deployment-06'
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2013 21:57:02 -0000

Hi Lori,

> -----Original Message-----
> From: Lori Jakab [mailto:ljakab@ac.upc.edu]
> Sent: Wednesday, February 27, 2013 8:30 AM
> To: Templin, Fred L
> Cc: lisp@ietf.org
> Subject: Re: [lisp] comments on 'draft-ietf-lisp-deployment-06'
> 
> Hi Fred,
> 
> Thank you very much for the feedback.  See responses in-line below:
> 
> On 02/26/13 00:55, Templin, Fred L wrote:
> > Hi,
> >
> > I am reading this document for the first time and had a few
> > comments to share below.
> >
> > Thanks - Fred
> > fred.l.templin@boeing.com
> >
> > 1) Section 2.5 ("Tunnel Routers Behind NAT"), this seems to
> >    show a limitation in that there can be only one xTR behind
> >    a NAT. I would like to address the case when there may be
> >    many xTRs behind the NAT - can LISP do that?
> 
> There is specification being worked on that will enable many xTRs behind
> NAT.  It will, however require a Re-encapsulating Tunnel Router (RTR) to
> proxy all data packets for it to work. See
> https://tools.ietf.org/html/draft-ermagan-lisp-nat-traversal

Thanks - I too noticed this draft after having sent the message.

> > 2) Section 2.6, I don't understand why it says "MTU/PMTUD
> >    issues minimized" for the recursive scenario?
> 
> It's a typo, thanks for catching this!

OK.

> > 3) Section 6.1, number 4, should say "request increase in MTU
> >    to 1556 *or greater* on service provider connections".
> 
> Indeed, will fix.

OK. I leave the exact language up to you, but I think we agree
on the point.

> >    However, controlling just the first-hop interface MTU
> >    does not assure MTU mitigations across the entire path.
> >    Similarly, "care must be taken that ICMP is not being
> >    filtered" cannot be assured along the entire path. And,
> >    studies have shown that ICMP filtering does impact MTU
> >    handling in current operational practices:
> >
> >    http://www.nlnetlabs.nl/downloads/publications/pmtu-black-holes-msc-
> thesis.pdf
> 
> True, we are citing RFC 4459 at the end of section 2.1 with regard to
> this issue.  Would it help if we referenced it in this section as well?

The "Verify MTU Handling" recommendations only apply to the
first-hop service provider connection. There is no way to
control any further hops beyond that. Maybe just add a
trailing sentence such as: "However, even with these
mitigations path MTU issues are still possible [RFC4459]."

> > Additionally, I have a use case that I'm not sure is well addressed by
> > the document. I would like to address the use case of mobile networks
> > configured as stub sites that connect to ISPs via a mobile router. Each
> > mobile router may have multiple ISP connections, and can change its ISP
> > addresses dynamically as it moves around. Some of the ISP addresses may
> > be global and others may be private, such as behind a carrier-grade NAT.
> > Many such mobile routers may be located behind the same NAT.
> >
> > I want to give each mobile router an EID prefix that it can use to
> number
> > interfaces within the mobile network. The mobile network may contain
> just
> > one interface, a few interfaces, or it may contain many interfaces.
> >
> > I now want that the mobile network can remain reachable from the outside
> > world by the same EID prefix addresses even as the mobile router travels
> > around dynamically. The mobile router will need an xTR so that its ISPs
> > will not filter its packets that use EID source addresses. I also want
> > the mobile router to be able to traffic engineer in both the outgoing
> > *and* incoming directions. For this, there needs to be some sort of
> > server sitting outside of any NATs that the mobile router can "register"
> > itself with. The mobile router should be able to change between
> different
> > servers as it moves around, e.g., to reduce path stretch or in the
> > event of a server failure. The servers in turn associate with proxy
> > xTRs so that outgoing packets destined to EIDs located in distant
> > networks can be routed appropriately.
> >
> > This is the way IRON sets things up. Can it also be done with LISP?
> 
> Yes, using the NAT traversal specification I mentioned above.

OK.

> The mobile router should be an xTR itself,

OK. That matches with the "IRON Client" [RFC6179].

> and will receive a list of RTRs
> (what you call servers above) it can use for traversing the NAT

Right. that matches with the "IRON Server".

> (for the connections where a NAT is detected).

It is also OK to just use the same function even for RLOCs
that are not behind a NAT.

> Path stretch optimizations are certainly possible,

Right - that matches with AERO [RFC6706].

> they depend on the implementation of the Map-Server.

OK.

> Incoming traffic engineering is possible with LISP,

How does the LISP mobile node tell the network how it wants
its inbound traffic to be delivered? IRON Clients provide
their Servers with a set of "handles" that represent their
ISP connections. The Client then informs the server as to how
it would like its inbound traffic to be delivered across
those handles - for example, some flows could be delivered
via the Client's WiFi interface and others delivered via the
Client's 4G interface, etc. Here, a handle is used instead of
an ISP address because the ISP address can change even while
the handle remains the same. 

> however, outgoing traffic engineering is not LISP specific, it should be
> done with existing mechanisms.

Right - the same for IRON.

> Would you like this scenario added to the document?

You might want to take a look at "RANGER Scenarios" [RFC6139] for
this and other scenarios which might also be applicable to LISP.
>From what you are saying, it sounds like addressing this scenario
is somewhat of a work-in-progress for LISP, where IRON already
has it pretty much worked out. It might be worth a comparative
study between the two approaches to see which pieces look the
most promising - and, the study could possibly indicate that a
combination of some features from both approaches would make the
most sense. The IRON-related documents are here:

http://www.rfc-editor.org/rfc/rfc5320.txt
http://www.rfc-editor.org/rfc/rfc5558.txt
http://www.rfc-editor.org/rfc/rfc5720.txt
http://www.rfc-editor.org/rfc/rfc6139.txt
http://www.rfc-editor.org/rfc/rfc6179.txt
http://www.rfc-editor.org/rfc/rfc6706.txt
https://datatracker.ietf.org/doc/draft-templin-intarea-seal/
https://datatracker.ietf.org/doc/draft-templin-intarea-vet/
https://datatracker.ietf.org/doc/draft-templin-ironbis/

Thanks - Fred
fred.l.templin@boeing.com

> Best regards,
> -Lori

v2.23.0 | Report a Bug | By Email