[rrg] Objections to burdening hosts with more RA responsibilities
Robin Whittle <rw@firstpr.com.au> Sun, 06 December 2009 10:09 UTC
Return-Path: <rw@firstpr.com.au>
X-Original-To: rrg@core3.amsl.com
Delivered-To: rrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 791B828C0D6 for <rrg@core3.amsl.com>; Sun, 6 Dec 2009 02:09:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.513
X-Spam-Level:
X-Spam-Status: No, score=-1.513 tagged_above=-999 required=5 tests=[AWL=0.382, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id riAlK5Bi2to2 for <rrg@core3.amsl.com>; Sun, 6 Dec 2009 02:09:25 -0800 (PST)
Received: from gair.firstpr.com.au (gair.firstpr.com.au [150.101.162.123]) by core3.amsl.com (Postfix) with ESMTP id D83F73A677E for <rrg@irtf.org>; Sun, 6 Dec 2009 02:09:24 -0800 (PST)
Received: from [10.0.0.6] (wira.firstpr.com.au [10.0.0.6]) by gair.firstpr.com.au (Postfix) with ESMTP id EED0F175B01; Sun, 6 Dec 2009 21:09:13 +1100 (EST)
Message-ID: <4B1B82D0.1040607@firstpr.com.au>
Date: Sun, 06 Dec 2009 21:09:20 +1100
From: Robin Whittle <rw@firstpr.com.au>
Organization: First Principles
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: RRG <rrg@irtf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [rrg] Objections to burdening hosts with more RA responsibilities
X-BeenThere: rrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IRTF Routing Research Group <rrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/rrg>, <mailto:rrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/rrg>
List-Post: <mailto:rrg@irtf.org>
List-Help: <mailto:rrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/rrg>, <mailto:rrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Dec 2009 10:09:27 -0000
Short version: Even if it were easy to change host stack and application software (and I think it is very difficult to change every host, except over decades) here is an argument directly against what I think some RRG people prefer. There is an ideal of "dumb network - smart hosts" which has served the Internet well, at least in comparison to the telephone network. However, extending this principle to *require* that sophisticated scalable, routing and addressing functions be performed in hosts is a bad idea. Its fine to make such functions optionally implemented in hosts, but burdening *all* end-user hosts with Routing and Addressing responsibilities, beyond the current DNS lookup and IP address stuff, is undesirable since it causes major problems for hosts which either must be simple and minimal and/or which connect via slow, unreliable and/or expensive links. Even where the hosts are well-connected and have plenty of CPU resources, these new schemes typically involve complex interchanges of packets so two hosts can identify and authenticate each other's application level identity or address or whatever. At present, a packet can be sent directly and incur only the delay inherent in the physical network path. With the proposed protocols in which the end-user host must perform new routing and addressing functions, there typically needs to be multiple packets, including to and from each host, before user-level communications can occur. So the inherent physical delays are multiplied by 2 or more. Such proposals, while conceptually elegant, would slow down the establishment of user communications in general, and be unworkably expensive, slow and less reliable if one or both hosts relies on a slow, unreliable and/or expensive WiFi, 3G or GEO/LEO satellite link. Further to Christian Vogt's message: Host changes vs. network changes http://www.ietf.org/mail-archive/web/rrg/current/msg05467.html it is possible to imagine a global network in which every physical address for end-user networks and their publicly accessible hosts is PA space. Then only ISPs get PI space and the BGP system keeps working, with a scaling problem limited to the number of PI prefixes the ISPs advertise. In order to do this, either the host networks or the hosts themselves need to do extra work to create logical addresses to which applications are bound, where these addresses are not at all tied to the particular one or more PA addresses the host uses for physical connection to the Net. The core-edge separation schemes (LISP, APT, Ivip and TRRP) provide scalable routing without changing host responsibilities at all. LISP-CONS/ALT and TRRP frequently involve significant delays to initial packets, sometimes equivalent to dropping the packets for a some time like a second or two, while the ITR waits for a map reply from their global query server networks. APT and Ivip use full-database local query servers so mapping replies come quickly and reliably - in a few tens of milliseconds which is typically an insignificant delay to the commencement of a new communication session. Other than these delays, the core-edge separation schemes involve no new delays - and no new responsibilities or management packets - for hosts. The idea of moving all new RA functionality to hosts is to do away with the need for ITRs, ETRs etc. - though there still may need to be a mapping database with either local query servers or a global system to handle map requests. No-one seems to be advocating such a "change hosts so they do all the new work" approach for IPv4, but there are various proposals to adapt IPv6 to this approach, or to develop new addressing regimes. I think most of these involve new stack <-> application interfaces - and therefore completely rewritten application software. Conceptually, this is simple and elegant. I can't imagine how such as system could be widely adopted on a voluntary basis, but this message is about the in-principle objections to the outcome, not about how difficult it would be to have such a scheme widely adopted. As long as the extra work must be done by the hosts themselves, then there are some fundamental problems: 1 - This significantly raises the minimum complexity of any host, in terms of CPU capacity, software requirements and storage. This is bad for mobile devices and embedded devices such as electricity meters and the famed IPv6 light switch. 2 - AFAIK, in every potentially practical scheme, a lot of the burden is in complex cryptographic exchanges which are needed in order for hosts to be able to reliably identify and authenticate each other. 3 - There is extra management traffic between the hosts and probably between each host and some network-centric support system, such as PKI or a mapping system. 4 - Since no user communications can take place before these extra tasks are performed, and since these tasks involve exchange of packets, these proposals mean that it will generally take longer to begin a communication session than it does now. 5 - All delays in these packets required for session establishment - and worse-still, loss of these packets - will further delay the establishment of user-level communication. I propose that in any scalable routing system or clean-slate network redesign, that it better not to require host functionality beyond the what is currently expected of all hosts: 1 - Except where configuration, software or a previous packet provides an IP address, use a DNS lookup to get an IP address of the other host. 2 - Send and receive packets using that IP address and one of the potentially multiple IP addresses of the current host. The core-edge separation schemes (LISP, APT, Ivip and TRRP - except draft-meyer-lisp-mn-00) preserve existing host responsibilities. Some, such as Ivip, make it possible for sending hosts to perform their own ITR function, but this is not required of any host. This is a low-cost and generally efficient approach, except for when the host is on a slow, expensive or unreliable last-mile link. It would work ten in principle, but it would tend to slow the establishment of new sessions due to the delays and packet losses in the local link. LISP mobile draft-meyer-lisp-mn-00 involves the MN being its own ETR. The MN does not need to be an ITR, and the ETR function is purely for decapsulating packets - AFAIK it is not an authoritative query server for mapping querys sent over the ALT network. Although draft-meyer-lisp-mn-00 involves this extra ETR responsibility, AFAIK, this doesn't involve much extra management traffic or delay - so in terms of this critique, it is fine. The problem is that the MN's CoA (care of - physical - address) can't be behind NAT. Maybe that's not such a limitation in IPv6 if IPv6 turns out to be NAT-free. A critique is at: http://www.ietf.org/mail-archive/web/lisp/current/msg00749.html http://www.ietf.org/mail-archive/web/lisp/current/msg00772.html The TTR approach to mobility: http://www.firstpr.com.au/ip/ivip/TTR-Mobility.pdf retains conventional DNS and IP address host responsibilities, but has an extra piece of software to provide tunnels to one or more Translating Tunnel Routers which perform ITR and ETR functions. The TTRs and potentially some other servers also communicate with this extra piece of software to find out where the MN is and to coordinate how it establishes two-way encrypted tunnels to (typically) nearby TTRs. These are extra host responsibilities, but they do not alter the main stack or the application software at all. Furthermore, while there is some overhead of management traffic, such as that required to ensure full delivery of packets in both directions between the TTR and the MN, these extra packets do not delay the establishment of new communication sessions. (Note: this proposal could be adapted to allow non-retry of some classes of packets, such as streaming media and VoIP packets.) What I am arguing against is proposals of the "dumb network, smart host" variety which require *all* hosts to do some additional complex things in order to make the whole network more elegant, immune to scaling problems or whatever. With hosts today, or with the hosts using a core-edge separation scheme, each host can send or receive a packet with no extra delay or traffic on its link (other than the initial packet delays of LISP-CONS/ALT and TRRP). We could design a conceptually elegant Internet, with perfectly good scaling properties, simple routers and PA space for all end-user hosts, by making every host behave like a MN with its own portable application layer address (or multiple such addresses) which it maintains no matter what one or more physical address or addresses it is physically using. The physical address and logical (application layer) address could be separate namespaces, or separate sections of the one addressing range in a single namespace. HIP is an adaptation of IPv6 which does this. However, it requires packets flow back and forth between two hosts, and I think packets to and from other network-based systems, before the two hosts can establish a communication session upon which actual application-level packets can travel. Even if if every host had plenty of CPU power etc. and had fast, reliable, low-cost links, it would still be unacceptable since it slows the establishment of every communication, including the equivalent of a send-and-forget UDP packet, due to the need for complex cryptographic exchanges. Whatever the delay time due to the physical separation of the hosts, the speed of light in fibre, or of radio waves in air, the delay in establishing communications will be some multiple of the physical delay time, whereas today, there is no such multiplication of delays beyond the DNS lookup and the TCP handshake. Even if we weren't forced to rely on voluntary adoption to solve the routing scaling problem, I would still probably favour, for the "Ideal Internet" design, a system like that of the core-edge separation schemes, with distinct ITR and ETR functions. The system would not require any host to perform the ITR function. However, the ITR function should be optionally possible to implement in the sending host, since this will often be possible and desirable, and can be done for no hardware cost whatsoever. (Ivip has this, though not if the sending host is behind NAT. It would be possible to extend this to sending hosts behind one or more layers of NAT.) Maybe a host could be its own ETR, but I the system should never require this (LISP-MN does require this). To require every host on the Net to perform all its functions on the shifting sands of one or more essentially transient PA addresses, like the CoA addresses of mobile hosts, with no special transformation of packets in the network itself, is at odds with the need for mobile devices to be inexpensive, simple and robust when packets are lost or the link is slow or expensive. Let the network support the hosts by centrally (such as within each ISP or end-user network) transforming packets, including tunnelling them between ITRs and ETRs, so all end-user hosts can just get on with being hosts - so they do not need to be involved in the complex business of portability, multihoming and inbound traffic engineering. - Robin
- [rrg] Objections to burdening hosts with more RA … Robin Whittle