IETF Logo Mail Archive

Re: [RAM] LISP NERD/CONS, eFIT-APT & Ivip compared

Dino Farinacci <dino@cisco.com> Fri, 20 July 2007 06:46 UTC

Return-path: <ram-bounces@iab.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IBmFh-0001Ts-GZ; Fri, 20 Jul 2007 02:46:13 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IBmFg-0001Tg-Ia for ram@iab.org; Fri, 20 Jul 2007 02:46:12 -0400
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IBmFf-0006UI-49 for ram@iab.org; Fri, 20 Jul 2007 02:46:12 -0400
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-2.cisco.com with ESMTP; 19 Jul 2007 23:46:10 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ao8CAAb3n0arR7PD/2dsb2JhbAA
X-IronPort-AV: i="4.16,560,1175497200"; d="scan'208"; a="387021629:sNHT33366010"
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id l6K6kA3H020672; Thu, 19 Jul 2007 23:46:10 -0700
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l6K6k76C017376; Fri, 20 Jul 2007 06:46:07 GMT
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 19 Jul 2007 23:46:07 -0700
Received: from [192.168.0.3] ([10.21.116.50]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 19 Jul 2007 23:46:06 -0700
In-Reply-To: <469C962B.1090600@firstpr.com.au>
References: <469C962B.1090600@firstpr.com.au>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <12D6E107-9D58-487A-BC5C-6BAC9495EC96@cisco.com>
Content-Transfer-Encoding: 7bit
From: Dino Farinacci <dino@cisco.com>
Subject: Re: [RAM] LISP NERD/CONS, eFIT-APT & Ivip compared
Date: Thu, 19 Jul 2007 23:46:00 -0700
To: Robin Whittle <rw@firstpr.com.au>
X-Mailer: Apple Mail (2.752.3)
X-OriginalArrivalTime: 20 Jul 2007 06:46:06.0872 (UTC) FILETIME=[A6179980:01C7CA99]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=6481; t=1184913970; x=1185777970; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dino@cisco.com; z=From:=20Dino=20Farinacci=20<dino@cisco.com> |Subject:=20Re=3A=20[RAM]=20LISP=20NERD/CONS, =20eFIT-APT=20&=20Ivip=20com pared |Sender:=20; bh=sywqXLXkmb0hEsw6FfGASXG2qa/0ymjjuTXTUp+kObU=; b=s6rXp6ir/4VWWLeFf4+iRTW8by2OOqXN3wxxs0ibCaq262mq7d9mwAgudAgwxvadrVQoeX1E 76gN0hDyoVBkLW9UpThWx2Iit7lOEVtoxZbmnPg0pzMHIF8ltrKS5Thi;
Authentication-Results: sj-dkim-3; header.From=dino@cisco.com; dkim=pass (si g from cisco.com/sjdkim3002 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: f49c97ce49302a02285a2d36a99eef8c
Cc: ram@iab.org
X-BeenThere: ram@iab.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing and Addressing Mailing List <ram.iab.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ram>, <mailto:ram-request@iab.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ram>
List-Post: <mailto:ram@iab.org>
List-Help: <mailto:ram-request@iab.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ram>, <mailto:ram-request@iab.org?subject=subscribe>
Errors-To: ram-bounces@iab.org

>   http://tools.ietf.org/html/draft-farinacci-lisp

I would suggest http://www.dinof.net/~dino/ietf/draft-farinacci- 
lisp-02.txt.

>   http://tools.ietf.org/html/draft-meyer-lisp-cons-00 (July 3)

I would suggest http://www.dinof.net/~dino/ietf/draft-meyer-cons-01.txt.

> While NERD is "push", in comparison to CONS - which is purely a
> query and cache system - the mapping updates are not actually sent
> to the ITRs.  Each ITR has to poll a server and retrieve the

What you state above is not clear if you are talking about NERD or  
CONS. But in both cases the ITR can get mappings. That is if the ITR  
has enough storage capacity it can take the entire NERD database. In  
CONS, the ITRs make requests over TCP connections to their peering  
CARs that return mapping replies back to them.

> LISP-CONS is a "pull" system.  ITRs query and cache the mapping
> data, via local CARs which also cache.  Requests and replies
> traverse a mesh of CARs and (non-caching) CDR servers, all linked
> via authenticated TCP sessions.

So maybe you were talking about about NERD. Just wanted to clarify  
though.

>     This will lead to much faster and more reliable query
>     responses than LISP-CONS - but as with Ivip, raises the
>     challenging problem of distributing the database updates in
>     real-time to all these Default Mappers.  However, eFIT-APT
>     has very slow goals regarding the speed of distributing
>     these updates.

I was told by a credible source that most DNS servers cannot handle a  
DNS query packet with multiple query types in it. So you will need  
numerous changes to DNS servers to get QSDs to work. In my book, that  
is a non-starter.

> Here are some questions about each scheme, with "LISP" implying
> LISP 3.x.  There is no concrete information about LISP 3.x other
> than that implied by NERD and CONS that I won't consider how LISP
> might work with APT.

LISP 3.X is not a protocol. It refers to doing encapsulation with an  
external mapping database service such as NERD, CONS, or APT.

The variants are models where LISP 1 and LISP 1.5 use a data- 
triggered mapping model. LISP 2 uses the directory already deployed  
on the network which is DNS, and LISP 3 are new models which you see  
there is a lot of activity on.

> Encapsulation of data
> ---------------------
>
> LISP-NERD/CONS: Not documented yet, but presumably using UDP, with
> the outer source address being that of the ITR which encapsulated
> the packet. (Outer SA = ITR's address.)  See the recent messages
> "ETRs checking src & dest addresses" about how I think this makes
> it harder for the ETR's filtering system to protect against
> spoofing of local source addresses.

Encapsulation is defined in draft LISP-02. NERD and CONS are control- 
plane mapping database services only.

> LISP-NERD/CONS:  As noted above, ITRs have complex functions,
> including making decisions on a packet-by-packet basis for MH
> service restoration, TE and I think load balancing functions.  The
> ITR may or may not communicate with the ETR, but I think the ITR
> is always ready to accept ICMP messages as sign it is tunneling
> the data packets to the wrong address.

I beg to differ. The ITR simply does a cache lookup on the DA when  
the DA has a routing table miss or a default route match. When the  
cache lookup returns an RLOC it slaps a header on. It's as simple as  
that.

> Since LISP-mapped addresses are not in any prefix which is
> advertised in BGP, ITRs must be inside or at the border of
> provider or end-user networks.

This is not true. If you wanted to put an ITR at a PE edge and the  
EID-prefixes for each site connected to the PE advertised them via  
BGP, the ITR could act as an ETR for packets it receives from the  
provider network. For encapsulating, you still need a mapping database.

> LISP-NERD/CONS: ETRs are located in the provider network or at its
> border router, or in the end-user's network or at its border (CE)
> with the provider network - as long as the address is BGP
> reachable.  I think ETRs have complex communication functions.

NERD and CONS say nothing about where ETRs are placed in the network.  
And they don't need to either.

> Incremental deployability
> -------------------------
>
> LISP-NERD/CONS: According to current definitions and all my
> off-list attempts to understand LISP, LISP-mapped addresses are
> not part of BGP advertised prefixes.  So in order for a host to
> send packets to a host on any LISP-mapped address, the sending
> host must be in a network with an ITR.  I think this makes LISP

Or the EIDs are from PA space or the EIDs are from PI space that  
continues to get advertised into the network. There will be these PIs  
that will never be withdrawn. And this is a good thing. We just don't  
want all sites to do this.

> not at all incrementally deployable.  Why would an early adopter
> want to use LISP-mapped addresses when it will make their hosts
> unreachable for any communication initiated by a host on a
> non-LISP-upgraded network?

This is not true. Remember what else you need for an incrementally  
deployed design. That is no changes to hosts, no changes to DNS, no  
changes to core routers. LISP requires *only changes* to CE routers.  
Or P-routers in the core if you need LISP for ISP-based TE.

There are many respects to incrementally deployable not just an non- 
LISP site talking to a LISP-site.

> As with all proposals, there are major challenges in setting up
> the infrastructure.  Ivip's Replicator and ITR system is
> adventurous, but the ITRs are doing a simpler job and the overall
> design is simpler than the designs of other proposals.  The ETRs
> are free-wheeling, low-cost devices and require no coordination.
> With sufficient provider networks with ETRs, one or more
> independent Ivip or Ivip-like systems could be set up, and work
> fine alongside each other (each with their own set of core ITRs,
> or perhaps all driving data to a common set).  These could
> probably run at a profit, because they provide portability,
> multihoming (with basic TE) and mobility with full reachability
> (and generally pretty good path lengths, if the core-ITRs are well
> distributed) from all hosts.

I haven't heard how any of the non-LISP proposals deal with ISP-based  
traffic engineering and multicast.

Dino


_______________________________________________
RAM mailing list
RAM@iab.org
https://www1.ietf.org/mailman/listinfo/ram

v2.23.0 | Report a Bug | By Email