[rrg] Comments on 'draft-whittle-ivip-arch'
"Templin, Fred L" <Fred.L.Templin@boeing.com> Fri, 19 March 2010 23:17 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: rrg@core3.amsl.com
Delivered-To: rrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5D10B3A69CB for <rrg@core3.amsl.com>; Fri, 19 Mar 2010 16:17:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.792
X-Spam-Level:
X-Spam-Status: No, score=-5.792 tagged_above=-999 required=5 tests=[AWL=-0.323, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v1BEgY1v01dw for <rrg@core3.amsl.com>; Fri, 19 Mar 2010 16:17:03 -0700 (PDT)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id 03D793A6804 for <rrg@irtf.org>; Fri, 19 Mar 2010 16:17:01 -0700 (PDT)
Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id o2JNH9ho021061 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 19 Mar 2010 16:17:12 -0700 (PDT)
Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id o2JNH9hY006987; Fri, 19 Mar 2010 16:17:09 -0700 (PDT)
Received: from XCH-NWHT-10.nw.nos.boeing.com (xch-nwht-10.nw.nos.boeing.com [130.247.25.113]) by blv-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id o2JNH9dx006983 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Fri, 19 Mar 2010 16:17:09 -0700 (PDT)
Received: from XCH-NW-01V.nw.nos.boeing.com ([130.247.64.120]) by XCH-NWHT-10.nw.nos.boeing.com ([130.247.25.113]) with mapi; Fri, 19 Mar 2010 16:17:08 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Robin Whittle <rw@firstpr.com.au>, RRG <rrg@irtf.org>
Date: Fri, 19 Mar 2010 16:17:17 -0700
Thread-Topic: Comments on 'draft-whittle-ivip-arch'
Thread-Index: AcrHBOBAICfnUaKmRRO/tSDlnJf5rwAhurQgAAWFf5A=
Message-ID: <E1829B60731D1740BB7A0626B4FAF0A64951224D5C@XCH-NW-01V.nw.nos.boeing.com>
References: <C7B93DF3.4F45%tony.li@tony.li> <4B94617E.1010104@firstpr.com.au > <E1829B60731D1740BB7A0626B4FAF0A649511933 94@XCH-NW-01V.nw.nos.boeing.com > <4B953EA5.4090707@firstpr.com.au> <E1829B60731D1740BB7A0626B4FAF0A64951 19 34CF@XCH-NW-01V.nw.nos.boeing.com> <4B97016B.5050506@firstpr.com.au>< E1 829B60731D1740BB7A0626B4FAF0A6495119413D@XCH-NW-01V.nw.nos.boeing.com>< 4B 9 98826.9070104@firstpr.com.au> <E1829B60731D1740BB7A0626B4FAF0A649511DCE A 0@XCH-NW-01V.nw.nos.boeing.com> <4B9B0244.7010304@firstpr.com.au> <E18 29B6 0731D1740BB7A0626B4FAF0A649511DD102@XCH-NW-01V.nw.nos.boeing.com> <4B 9F 6E 22.60509@firstpr.com.au> <E1829B60731D1740BB7A0626B4FAF0A649511DD643@X CH-N W-01V.nw.nos.boeing.com> <4BA022A3.6060607@firstpr.com.au> <E1829B60731D174 0BB7A0626B4FAF0A649511DD9B1@XCH-NW-01V.nw.nos.boeing.com> <4BA19503.1040008 @firstpr.com.au><E1829B60731D1740BB7A0626B4FAF0A649512248D1@XCH-NW-01V.nw.nos.boeing.com><4BA2D58C.4050706@firstpr.com.au> <E1829B60731D1740BB7A0626B4FAF0A64951224C5A@XCH-NW-01V.nw.nos.boeing.com>
In-Reply-To: <E1829B60731D1740BB7A0626B4FAF0A64951224C5A@XCH-NW-01V.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [rrg] Comments on 'draft-whittle-ivip-arch'
X-BeenThere: rrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IRTF Routing Research Group <rrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/rrg>, <mailto:rrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/rrg>
List-Post: <mailto:rrg@irtf.org>
List-Help: <mailto:rrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/rrg>, <mailto:rrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2010 23:17:04 -0000
Robin, I haven't seen anyone commenting on your Ivip proposal ('draft-whittle-ivip-arch'). I myself am just now getting around to taking a cursory look, but here are some initial observations. I'm sorry to say that I was only able to get through to the end of Section 5 on this pass. I will try to review more later. Fred fred.l.templin@boeing.com --- begin comments --- 1) In your abstract, you say: "Both involve modifying the IP header and require most DFZ routers to be upgraded." Somehow, it seems like a very big assumption to think that most or even some existing DFZ routers could be upgraded to recognize new IP header formats. Indeed, it goes against one of the RFC1955 principles of "no changes to *most* routers". I will check in the rest of the document for what you mean by this, but I am concerned when I see what looks like a non-starter in the abstract. 2) In the Introduction, it seems that a significant amount of the architecture actually appears in other documents. I will check further to see if the base document conveys enough without having to dig up all of the others. 3) 2nd paragraph in Section 2 says: "...each with a common mapping to a single ETR". Why can't the SPI's map to *multiple* ETRs? 4) 4th paragraph of Section 2, it appears that MAB in Ivip means the same thing as VP in IRON-RANGER? 5) 5th paragraph Section 2, it appears that a MABOC is the same as an IRON-RANGER VP provider? 6) 6th paragraph Section 2, "Multihoming end-user networks would typically contract a separate company...". Why would they not instead directly negotiate the mappings with the MABOC themselves? 7) 7th paragraph, Section 2, "...which is typically a subset of all MABs in the Ivip system." IRON-RANGER gateways each advertise the full set of VPs, but I suppose could also be configured to advertise only a partial set as well. Is it not possible for the DITR to advertise the full set, or do you for some reason think it would be best only to advertise a partial set? 8) 8th paragraph, Section 2, with the query service, it looks like Ivip is standing up its own SPI to RLOC mapping service apart from any routing systems or the DNS? Would deploying this service be on the same level of complexity as for the global DNS? 9) 10th paragraph, Section 2, "Each QSR uses a DNS-based mechanism and an additional protocol to discover...". Does this mean that the QSR uses the MAB as an FQDN in a DNS query? That could mean quite a few MABs in the DNS. I think the main difference between this and the IRON-RANGER use of BGP to disseminate VP to RLOC mappings is that BGP can more readily cope with dynamic updates if some RLOCs fail and/or if the VP moves to a different RLOC. Also, each IR has full knowledge of all VPs in its RIB, so there are no per-packet lookups needed. There are probably more differences as well. That said, there may well be a use for keeping the MABs/VPs in *both* the BGP RIB *and* the DNS. The BGP RIB could be used as the full information data base that can be accessed in real time, and DNS could be used as a check to ensure that the MAB/VP is actually "registered" to the ETR thatclaims to own it. 10) 11th paragraph, Section 2, "MABOCs will typically charge their customers for each mapping change." This arrangement seems like it might be very costly to highly mobile SPI prefix holders - why not just a flat-rate? 11) 12th paragraph, Section 2, I am not (yet) seeing an exact mechanism whereby the real-time updated full mapping database is managed. 12) 16th paragraph, Section 2, I think in your description here you are assuming that EIDs are routable within the same scope as RLOCs. That would mean a pure-IPv4 or pure-IPv6 deployment and not an IPv6/IPv4 one? 13) 18th paragraph, Section 2, I will wait until it comes up in later sections, but the notion of modifying the IP heard and changing *most* DFZ routers seems onerous. 14) Section 4, paragraph 1, I have doubts about the ability to deploy what is being called "Modified Header Forwarding". 15) Section 4, paragraph 1, I have strong doubts about the use of the sending host's address as the outer headers source address. First, ICMP messages coming from within the tunnel would not be recognized by the sending host. Second, it only works when both the inner and outer IP protocols are the same version, i.e., it doesn't work for mixed IPv6/IPv4. Also, the BR source address filtering can still be done if the inner source is different than the outer source, because the outer source indicates the previous hop. This is very useful for IPv6-within-IPv4 encapsulation, since the previous hop can be constructed as an IPv6 link-local address that embeds the IPv4 source address. 16) Section 4, paragraph 2, a large part of the motivation for MHF seems to be to avoid PMTUD issues. But, PMTUD issues can IMHO be handled through the use of SEAL with segmentation/reassembly turned off, but with the ability to discover and weed out degenerate links. 17) Section 5.3, paragraph 2, it surprises me to see that aspects of the mapping system are outside the scope of Ivip. Does it mean that there needs to be some adjunct protocols or mechanisms at work in a manner that can plug into Ivip? I guess I don't really understand this business of separation. 18) Section 5.4, paragraph 1, the path MTU determination mechanism seems to require actively looking for a reply to an explicit probe before the MTU can be adjusted. SEAL uses all packets as implicit probes, so there is no need to wait for an explicit probe reply and MTU limitations can be discovered asynchronously. 19) Section 5.4, paragraph 3, "...and ETRs do not communicate at all." - This seems to preclude the ability for the ETR to inform the ITR of any error conditions, e.g., if the ITR thinks that the ETR has the correct mapping when in fact it really doesn't. So, there seems to be a need for the ETR to at least convey error information to the ITR. 20) Section 5.4, final paragraph, the use of vanilla IP-in-IP encapsulation may not interact well with load balancing and/or ECMP in the network. 21) Section 5.5, this section seems to assume no "recursive re-encapsulation", i.e., where there could be a path "ITR(1)->ETR(1)->ITR(2)->ETR(2)-> ... etc." 22) Section 5.7, I am highly skeptical of the MHF approach and/or the use of a non-IP protocol type. I just don't see it reasonable to expect the majority of DFZ routers to update. 23) Section 5.8, I think the goal of unmodified hosts is correct, but should be tempered by "hosts are unaffected by the use of an Ivip-like routing service in the network. I say this, because it is possible that hosts will want to upgrade to support adjunct mechanisms (e.g., HIP, MIP) that are unrelated to the network routing service. 24) Section 5.11, paragraph 3, IRON-RANGER also does do source address filtering at the ETR. That is why each potential ITR needs to securely prove to the ETR that it is authorized to source packets from a particular EID prefix. 25) Section 5.11, paragraph 4, I do not believe the "inner same as outer" source arrangement makes any difference if the source address can be spoofed. This can be fixed by a new mechanism in SEAL whereby the ITR and ETR synchronize sequence numbers so that there is no chance of an off-path spoofing. Note also that the "inner same as outer" approach only works for same inner and outer IP protocol, and only works when both addresses are globally routable. 26) Section 5.12, about full or parital knowledge of MABs, if the number of MABs can be kept manageable (e.g., order of 100k or less) there should be no reason for each DITR to not keep full knowledge. The number of expected MABs may be different for IPv4 (where a significant portion of the address space has already been delegated) than for IPv6 (where a significant portion of the address space has not already been delegated). -- end comments ---
- [rrg] FW: I-D Action:draft-irtf-rrg-recommendatio… Tony Li
- [rrg] Recommendation and what happens next Robin Whittle
- Re: [rrg] FW: I-D Action:draft-irtf-rrg-recommend… Robin Whittle
- Re: [rrg] Recommendation and what happens next Tony Li
- Re: [rrg] FW: I-D Action:draft-irtf-rrg-recommend… Tony Li
- Re: [rrg] FW: I-D Action:draft-irtf-rrg-recommend… Robin Whittle
- Re: [rrg] Recommendation and what happens next Robin Whittle
- Re: [rrg] FW: I-D Action:draft-irtf-rrg-recommend… Tony Li
- Re: [rrg] Recommendation and what happens next Tony Li
- Re: [rrg] Recommendation and what happens next Brian E Carpenter
- Re: [rrg] Recommendation and what happens next Tony Li
- [rrg] Why won't supporters of Loc/ID Separation (… Robin Whittle
- Re: [rrg] Recommendation and what happens next Robin Whittle
- Re: [rrg] Why won't supporters of Loc/ID Separati… Tony Li
- Re: [rrg] Recommendation and what happens next Tony Li
- Re: [rrg] Recommendation and what happens next Robin Whittle
- Re: [rrg] Why won't supporters of Loc/ID Separati… Robin Whittle
- Re: [rrg] Recommendation and what happens next Russ White
- Re: [rrg] Recommendation and what happens next Templin, Fred L
- Re: [rrg] Recommendation and what happens next Templin, Fred L
- [rrg] IRON-RANGER scalability and support for pac… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- Re: [rrg] Recommendation and what happens next Tony Li
- Re: [rrg] Why won't supporters of Loc/ID Separati… Tony Li
- Re: [rrg] Recommendation and what happens next Brian E Carpenter
- Re: [rrg] Recommendation and what happens next Scott Brim
- Re: [rrg] Recommendation and what happens next Templin, Fred L
- Re: [rrg] IRON-RANGER scalability and support for… Robin Whittle
- Re: [rrg] Recommendation and what happens next Robin Whittle
- Re: [rrg] Recommendation and what happens next Tony Li
- Re: [rrg] Recommendation and what happens next Robin Whittle
- Re: [rrg] Recommendation and what happens next Robin Whittle
- Re: [rrg] Recommendation and what happens next Scott Brim
- Re: [rrg] Why won't supporters of Loc/ID Separati… Scott Brim
- Re: [rrg] Why won't supporters of Loc/ID Separati… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- Re: [rrg] Recommendation and what happens next Templin, Fred L
- Re: [rrg] Why won't supporters of Loc/ID Separati… Templin, Fred L
- Re: [rrg] Recommendation and what happens next Scott Brim
- Re: [rrg] IRON-RANGER scalability and support for… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- Re: [rrg] IRON-RANGER scalability and support for… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- Re: [rrg] IRON-RANGER scalability and support for… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- Re: [rrg] IRON-RANGER scalability and support for… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- Re: [rrg] IRON-RANGER scalability and support for… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- Re: [rrg] IRON-RANGER scalability and support for… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- [rrg] Comments on 'draft-whittle-ivip-arch' Templin, Fred L
- Re: [rrg] Comments on 'draft-whittle-ivip-arch' Robin Whittle
- Re: [rrg] Comments on 'draft-whittle-ivip-arch' Robin Whittle