Re: [rrg] IRON-RANGER scalability and support for packets from non-upgradednetworks
"Templin, Fred L" <Fred.L.Templin@boeing.com> Thu, 11 March 2010 21:53 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: rrg@core3.amsl.com
Delivered-To: rrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2E7643A684E for <rrg@core3.amsl.com>; Thu, 11 Mar 2010 13:53:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.549
X-Spam-Level:
X-Spam-Status: No, score=-6.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W9mapKuSaGqK for <rrg@core3.amsl.com>; Thu, 11 Mar 2010 13:53:16 -0800 (PST)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id E18AE3A63C9 for <rrg@irtf.org>; Thu, 11 Mar 2010 13:53:16 -0800 (PST)
Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id o2BLrB78020119 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 11 Mar 2010 13:53:14 -0800 (PST)
Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id o2BLrBbg016623; Thu, 11 Mar 2010 13:53:11 -0800 (PST)
Received: from XCH-NWHT-10.nw.nos.boeing.com (xch-nwht-10.nw.nos.boeing.com [130.247.25.113]) by slb-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id o2BLrBMJ016603 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Thu, 11 Mar 2010 13:53:11 -0800 (PST)
Received: from XCH-NW-01V.nw.nos.boeing.com ([130.247.64.120]) by XCH-NWHT-10.nw.nos.boeing.com ([130.247.25.113]) with mapi; Thu, 11 Mar 2010 13:53:10 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Robin Whittle <rw@firstpr.com.au>, RRG <rrg@irtf.org>
Date: Thu, 11 Mar 2010 13:53:09 -0800
Thread-Topic: [rrg] IRON-RANGER scalability and support for packets from non-upgradednetworks
Thread-Index: Acq/+Atbj8z0uXzAS/KA65E2YsfFpABbPLAw
Message-ID: <E1829B60731D1740BB7A0626B4FAF0A6495119413D@XCH-NW-01V.nw.nos.boeing.com>
References: <C7B93DF3.4F45%tony.li@tony.li> <4B94617E.1010104@firstpr.com.au> <E1829B60731D1740BB7A0626B4FAF0A649511933 94@XCH-NW-01V.nw.nos.boeing.com> <4B953EA5.4090707@firstpr.com.au> <E1829B60731D1740BB7A0626B4FAF0A649511934CF@XCH-NW-01V.nw.nos.boeing.com> <4B97016B.5050506@firstpr.com.au>
In-Reply-To: <4B97016B.5050506@firstpr.com.au>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [rrg] IRON-RANGER scalability and support for packets from non-upgradednetworks
X-BeenThere: rrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IRTF Routing Research Group <rrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/rrg>, <mailto:rrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/rrg>
List-Post: <mailto:rrg@irtf.org>
List-Help: <mailto:rrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/rrg>, <mailto:rrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Mar 2010 21:53:18 -0000
Robin, In catch-up mode, your suggestion of a need for more discussion of scaling properties is a good one, and something I think that can be accommodated in the next IRON update. Thanks - Fred fred.l.templin@boeing.com > -----Original Message----- > From: Robin Whittle [mailto:rw@firstpr.com.au] > Sent: Tuesday, March 09, 2010 6:18 PM > To: RRG > Cc: Templin, Fred L > Subject: Re: [rrg] IRON-RANGER scalability and support for packets from non-upgradednetworks > > Hi Fred, > > You wrote: > > >> I don't understand the mechanisms by which potentially very large > >> numbers of IRON routers repeatedly and continually register with > >> potentially multiple VP routers. These IRON routers could be > >> anywhere and so could the VP routers. In that message, the most I > >> can discern about this mechanism is: > >> > >> IRON routers lease portions of their VPs as Provider > >> Independent (PI) prefixes for customer equipment (CEs), > >> thereby creating a sustaining business model. CEs that lease > >> PI prefixes propagate address mapping(s) throughout their > >> attached RANGER networks and up to VP-owning IRON router(s) > >> through periodic transmission of "bubbles" with authenticating > >> and PI prefix information. Routers in RANGER networks and IRON > >> routers that receive and forward the bubbles securely install > >> PI prefixes in their FIBs, but do not inject them into the RIB. > >> > >> I have a rough idea of what you are trying to achieve with this > >> mechanism, but I have no idea what the mechanism is - "bubbles" > >> doesn't give me any understanding of exactly how the IRON routers > >> would do this securely. Only when I understand exactly how they > >> would do this could I estimate the scaling and security problems > >> which are no-doubt involved. > > > > I have been using the term "bubbles" to keep this at a > > high level and to avoid getting bound up into talking > > about specific mechanisms. But, it sounds like you want > > to know more about the specifics, so I can tell you that > > a "bubble" is actually an IPv6 Router Advertisement (or > > moral equivalent) using the RFC3971, Section 6.1 > > authorization model. In this model, routers are given > > certificates from a trust anchor which authorizes them > > to act as routers and to advertise a certain set of > > subnet prefixes. Other routers in RANGER use the > > certificates to verify authorization. > > > > The scalability part is addressed in the new text I > > have added to the rebuttal. What we really need to > > avoid is having off-path attackers injecting lots of > > bogus RAs that cause IRON routers to have to perform > > lots of unnecessary crypto. By shutting down off-path > > spoofing, IRON-RANGER ensures that end sites that act > > with integrity will not overload correspondents with > > crypto-busting DoS attacks. End sites that do NOT act > > with integrity on the other hand will be easy to detect > > and can safely be blacklisted. > > I wasn't even thinking about attackers. I don't know anything in > detail about RFC 3971 and I don't think you should require readers to > interpret a document such as this, which has nothing to do with I-R, > in the context of what little they know about I-R - and then to > figure out enough detail about how it would work to convince > themselves that this is scalable. > > To improve on this section of the I-R description, I suggest you > nominate some target numbers for the maximum number of IRON routers > there will ever be, how many individual prefixes of end-user network > "edge" space there could be in total, the maximum number of these > that any one IRON router might need to handle, how many VPs there > would be, how many individual "edge" prefixes there might be in a VP, > how many VP routers there might be per VP prefix, how often each IRON > router will register each of its "edge" prefixes with the one or move > VP routers . . . and then describe in detail how the system works, > with one or more examples. This would enable people to understand in > good physical detail how your system works, without having to read > RFC 3971 and imagine how you would use it in I-R. The reader needs > to be able to estimate the number of packets flowing in the various > roles, the length of the packets, the computational resources > required at each router, the security measures as you mentioned - but > in greater detail - and then to figure out who is paying for all this > and why they would do so. They would also want to see the whole > thing works OK when individual routers fail, become unreachable, are > rebooted etc. > > The only way I could develop my partial understanding if I-R was to > do a lot of imagining, then ask detailed questions, and then have you > provide answers - in a recursive process until I thought I had a good > enough understanding of the proposal. I don't have time to do this > for I-R or other proposals now. However, if you have a clear idea of > how it would work, and what your targets are, you should be able to > write a description which anyone can read and understand, without > having to imagine anything or ask too many further questions. > > There may well be a way of doing it - and I think for anyone involved > in CES architectures, I think I-R certainly is worth understanding. > All I am saying now is that the current state of the proposal leaves > important scaling problems unanswered. Its actually more than that - > it doesn't explain this registration process in anything like > sufficient detail for people to understand how it would work. > > > >>>> there's no apparent method of supporting packets sent from > >>>> non-upgraded networks. > >>> > >>> Non-upgraded IPv4 networks will continue to work as they > >>> always have. Do you mean non-upgraded IPv6 networks? > >> > >> I mean when you start installing IRON routers, these will collect > >> packets addressed to "edge" addresses (or whatever the new subset of > >> "EID" space is called in I-R) > > > > Virtual Prefixes (VPs) - but, VPs cover what IRON-RANGER > > calls Endpoint Interface iDentifier (EID) prefixes. > > So do the VP routers act like Ivip's DITRs and LISP's PTRs? To make > this work without unreasonably extending the path between the sending > host and the IRON router which connects to the destination network, > you would need multiple VP routers - say 10 or 20 or so, depending on > how keen you were to minimise path lengths. This number needs to be > part of the explanation regarding operation and scaling properties I > suggested above. > > > >> from the ISP networks they are > >> installed in. Packets sent by hosts in those networks will be > >> handled according to I-R principles and the recipient networks of > >> those packets will get the benefits (portability, multihoming and > >> inbound TE) for those packets. > >> > >> But what of packets sent from hosts without IRON routers? AFAIK, > >> there's no equivalent in I-R to Ivip's DITRs or LISP's PTRs. > > > > Considering for now only IPv6 as EID space, an IPv6 > > host will be connected to a network that is ultimately > > served either by an IRON VP or a "native" IPv6 prefix. > > If an IRON VP, then routing is naturally via the IRON. > > If a "native" IPv6 prefix (e.g., a 2001::/ derivative), > > packets will follow default or more-specific routes as > > usual but will encounter an IRON VP router if the > > destination is covered by a VP. > > OK - this confirms what I assumed above, about the VP router(s) > acting as DITR(s) or PTR(s). > > I recall that the VP router advertises its VP in the IRON overlay > network. Does it advertise the VP in the DFZ too? It would need to > if it were to receive packets sent from hosts in non-upgraded networks. > > > >>> Assuming the latter, let's consider that today we have > >>> two separate BGP instances - the IPv4 BGP instance and > >>> the IPv6 BGP instance. The IPv6 BGP instance carries a > >>> set of IPv6 prefixes (e.g., 2001:: derivatives) that are > >>> routed in the IPv6 Internet in the "traditional" sense. > >>> What IRON-RANGER is doing is essentially creating a > >>> *third* BGP instance - one that carries a new set of > >>> IPv6 Virtual Prefixes (VPs) that are distinct from the > >>> prefixes carried in the traditional IPv6 BGP instance. > >>> > >>> Due to routing scaling issues, IRON-RANGER expects that > >>> growth of this new third BGP instance will flourish while > >>> growth of the traditional IPv6 BGP instance will level > >>> off. In order to support what I think you mean by > >>> non-upgraded networks then, it only requires that IPv6 > >>> routers connected to the IRON also participate in the > >>> traditional IPv6 BGP instance. For that matter, not all > >>> IRON routers need to participate, but at least some must. > > Sorry, I still can't follow this and I don't have time to ask more > about it. > > - Robin >
- [rrg] FW: I-D Action:draft-irtf-rrg-recommendatio… Tony Li
- [rrg] Recommendation and what happens next Robin Whittle
- Re: [rrg] FW: I-D Action:draft-irtf-rrg-recommend… Robin Whittle
- Re: [rrg] Recommendation and what happens next Tony Li
- Re: [rrg] FW: I-D Action:draft-irtf-rrg-recommend… Tony Li
- Re: [rrg] FW: I-D Action:draft-irtf-rrg-recommend… Robin Whittle
- Re: [rrg] Recommendation and what happens next Robin Whittle
- Re: [rrg] FW: I-D Action:draft-irtf-rrg-recommend… Tony Li
- Re: [rrg] Recommendation and what happens next Tony Li
- Re: [rrg] Recommendation and what happens next Brian E Carpenter
- Re: [rrg] Recommendation and what happens next Tony Li
- [rrg] Why won't supporters of Loc/ID Separation (… Robin Whittle
- Re: [rrg] Recommendation and what happens next Robin Whittle
- Re: [rrg] Why won't supporters of Loc/ID Separati… Tony Li
- Re: [rrg] Recommendation and what happens next Tony Li
- Re: [rrg] Recommendation and what happens next Robin Whittle
- Re: [rrg] Why won't supporters of Loc/ID Separati… Robin Whittle
- Re: [rrg] Recommendation and what happens next Russ White
- Re: [rrg] Recommendation and what happens next Templin, Fred L
- Re: [rrg] Recommendation and what happens next Templin, Fred L
- [rrg] IRON-RANGER scalability and support for pac… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- Re: [rrg] Recommendation and what happens next Tony Li
- Re: [rrg] Why won't supporters of Loc/ID Separati… Tony Li
- Re: [rrg] Recommendation and what happens next Brian E Carpenter
- Re: [rrg] Recommendation and what happens next Scott Brim
- Re: [rrg] Recommendation and what happens next Templin, Fred L
- Re: [rrg] IRON-RANGER scalability and support for… Robin Whittle
- Re: [rrg] Recommendation and what happens next Robin Whittle
- Re: [rrg] Recommendation and what happens next Tony Li
- Re: [rrg] Recommendation and what happens next Robin Whittle
- Re: [rrg] Recommendation and what happens next Robin Whittle
- Re: [rrg] Recommendation and what happens next Scott Brim
- Re: [rrg] Why won't supporters of Loc/ID Separati… Scott Brim
- Re: [rrg] Why won't supporters of Loc/ID Separati… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- Re: [rrg] Recommendation and what happens next Templin, Fred L
- Re: [rrg] Why won't supporters of Loc/ID Separati… Templin, Fred L
- Re: [rrg] Recommendation and what happens next Scott Brim
- Re: [rrg] IRON-RANGER scalability and support for… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- Re: [rrg] IRON-RANGER scalability and support for… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- Re: [rrg] IRON-RANGER scalability and support for… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- Re: [rrg] IRON-RANGER scalability and support for… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- Re: [rrg] IRON-RANGER scalability and support for… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- Re: [rrg] IRON-RANGER scalability and support for… Robin Whittle
- Re: [rrg] IRON-RANGER scalability and support for… Templin, Fred L
- [rrg] Comments on 'draft-whittle-ivip-arch' Templin, Fred L
- Re: [rrg] Comments on 'draft-whittle-ivip-arch' Robin Whittle
- Re: [rrg] Comments on 'draft-whittle-ivip-arch' Robin Whittle