Re: [rrg] RANGI questions

[Xu Xiaohu <xuxh@huawei.com>]

Hi Robin,

Thanks a lot for your comments. Please see my response inline.

> -----邮件原件-----
> 发件人: Robin Whittle [mailto:rw@firstpr.com.au]
> 发送时间: 2010年2月19日 22:12
> 收件人: RRG
> 抄送: Xu Xiaohu
> 主题: RANGI questions
> 
> Hi Xiaohu,
> 
> Here are some questions about RANGI.  If you and perhaps others can
> discuss these I will create a revised version in the form of a critique.
> 
> Some of the arguments concern other CEE proposals - GLI-Split, ILNP and
> Name Based Sockets.
> 
>   - Robin
> 
> 
> 
> Reference documents
> -------------------
> 
> IDs:
> 
>    http://tools.ietf.org/html/draft-xu-rangi-03
>    http://tools.ietf.org/html/draft-xu-rangi-proxy-01
> 
> Summary, critique (by Paul Francis):
> 
> http://tools.ietf.org/html/draft-irtf-rrg-recommendation-04#section-3.1
> http://tools.ietf.org/html/draft-irtf-rrg-recommendation-04#section-3.2
> 
> Rebuttal:
> 
>   http://www.ietf.org/mail-archive/web/rrg/current/msg06008.html
> 
> 
> 
> 
> Discussion and questions
> ------------------------
> 
> RANGI is a Core-Edge Elimination (CEE) architecture which requires
> as-yet undocumented changes to host stacks and applications, starting
> from the base of IPv6.  Since many applications today are written solely
> for IPv4, the requirement for IPv6 compatibility and then changing
> applications substantially to presents an enormous hurdle to the
> widespread adoption of a solution such as RANGI.  Since benefits only
> arise when two RANGI applications (on hosts with RANGI stacks) are
> communicating, substantial benefits to adopters only occur when most or
> all of the hosts in the world have been upgraded and given IPv6 access.

With the site proxy or transit proxy mechanisms
(http://tools.ietf.org/html/draft-xu-rangi-proxy-01), legacy IPv6 hosts can
initiate communications to RANGI hosts, and vice versa. In this way, the
early adopters of RANGI could gain substantial benefits before most or all
of the hosts in the world have been upgraded.

> RANGI is intended to interwork with IPv4 - but there are insufficient
> details to conclude that this would be practical.  One problem is Path
> MTU Discovery (PMTUD) difficulties due to the changing packet size - due
> to the IPv4 and RANGI header formats being different lengths.  The proxy
> servers for this interworking would need to translate PTB packets in
> both directions with suitable caching of the initially sent packets in
> order to be able to construct valid PTBs, and with suitable adjustment
> of MTU values to account for differing header overheads in the two

I believe the PMTU issue is not specific to RANGI. Once this issue is solved
during the IPv4/IPv6 transition period, it will disappear involuntarily when
adopting RANGI.

> systems.  The necessary IPv4 - RANGI proxies cannot support multihoming

RANGI proxy CAN support multi-homing since the multi-homed proxy can use
either locator when translating from IPv4 to RANGI. 

> and are required to alter the information contained in DNS replies,
> which is likely to disrupt some applications.
> 
> Proxies can also be used for interworking between IPv6 hosts and RANGI
> hosts, but these do not support multihoming.

RANGI proxy CAN support multi-homing since the multi-homed proxy can use
either locator when translating from IPv6 to RANGI.

> RANGI packets are like IPv6 packets, but have a Destination Option
> Header to carry the source and destination Identifiers, both of which
> are 16 bytes.  So RANGI packets would have headers of at least:
> 
>    40 bytes IPv6
>    36 bytes Destination Option Header
> 
>  = 76 bytes
> 
> This is significant extra overhead.  In addition these packets may be
> encapsulated in IPv4 in some settings, making 96 bytes of headers, not
> counting TCP or UDP headers.
> 
> The VoIP packet size for RANGI would be:
> 
>     40 bytes IPv6
>     36 bytes Destination Option Header
>      8 bytes UDP
>     12 bytes RTP
>     20 bytes payload
> 
>  = 116 bytes total, compared to 60 bytes for IPv4 or 80 bytes for IPv6.

Yes, your observation is correct. However, do you think this extra bit
overhead will bring any serious burden on the high-speed Internet? 

> Without more detail of the mapping systems - both the global DNS system
> and the Identifier -> Locator mapping systems, it is impossible to
> estimate the actual performance of a RANGI system.  The ID->Loc mapping
> system will frequently be used, since it is the only way of ensuring
> that a given Locator is valid for any particular Identifier.  The
> caching time is set to zero (page 7) so all queries must go to the
> authoritative servers, which may involve traversing multiple
> intermediate servers - all of which could be anywhere in the world.

It is said as "...To prevent DNS recursive servers caching antique
ID->Locator mapping information, the TTL of a RANGI RR for a _mobile host_
should be set to 0 or a very small value." In normal cases, there wouldn't
be too many correspondence nodes for a mobile node simultaneously, IMHO. For
those hot-spot servers which are usually fixed hosts, the TTL for their
RANGI RRs can be set to a large value.

> Likewise, it is impossible to estimate how RANGI would handle
> multihoming service restoration without details of how each host HA can
> reliably probe the reachability of another host HB via:
> 
>         HA's two or more ISPs, assuming it is multihomed,
> and/or  HB's two or more ISPs, assuming it is multihomed.
> 
> There are serious scaling problems with large numbers of hosts probing a
> single host - and there are currently no details of what algorithms
> would be used to decide when to switch to an alternative near or far
> ISP, and when to switch back after some (unspecified) probing has
> revealed that the preferred path is working again.  The current proposal
> provides no details of how hosts would find out about from the ID->Loc
> mapping system how to probe and make these decisions.  Nor are there any
> details about how the ID->Loc map reply could specify load sharing or
> any other inbound TE preferences for when two or more ISP paths are
working.

These details will be considered in the further version.

> On page 5, the local host IDs are required to be unique within an AD.
> This would require an AD-wide registration system whereby each new local
> host was required to choose another key-pair if its current key pair
> resulted in a clash - its local host ID being identical to that of
> another host.

Not necessary for a host to choose another key-pair in case of ID collision.
We borrow the ideas from CGA for handling the ID collision issue.

> I think the use of the term "IPv4" addresses in section 2.2 (Host
> Locators) is confusing, because readers will typically assume this means
> existing IPv4 addresses.  Yet, if RANGI is to use the full addressing
> range of IPv6, it clearly can't be using IPv4 addresses in the global
> unicast sense, with each one being only used by a single host in the
world.

The intention that IPv4-embeded IPv6 addresses are used as locators in RANGI
is to reduce the deployment cost of such a new architecture and avoid
renumbering the site internal routers when changing ISPs. For those site
networks where private or public IPv4 addresses are used, it is only
required to upgrade the hosts and the site border routers in order to
support RANGI. In other words, there is no need to touch the site internal
routers.

> Perhaps it would be better to specify that the right-most 32 bits of the
>  Host Locator may involve globally unique global unicast IPv4 addresses,
> but that these 32 bits need not be associated with the IPv4 Internet at
> all.  My understanding is that if the networks being converted to RANGI
> already have their hosts on IPv4 addresses, and have an IPv4 routing
> system, then this can be used to tunnel packets to these hosts without
> them having IPv6 stacks or using IPv6 routers.  I don't understand the
> various scenarios here in a way which makes any practical sense.
> 
> I understand that when these hosts in a RANGI LD don't have IPv4
> addresses, then they are basically IPv6 hosts or IPv6-RANGI hosts.
> Then, the 32 bit values need have nothing to do with IPv4 at all.
> Although they are still called "IPv4" bits, the text (page 5):
> 
>    LD IDs are used to globally identify each site network which
>    is allowed to adopt independent IPv4 address space (either
>    public or private IPv4 addresses).
> 
> indicates the values of these 32 bits need only be unique within a given
LD.

If a site network is already IPv6 only, locators of the hosts within that
network are just ordinary IPv6 PA addresses.

> RANGI has an advantage over GLI-Split (msg06056) in that a host
> Identifier can be used on any host in the world - in any LD.  Each LD -
> each physical routing system of a "site" - is a completely independent
> concept from the AD-based structure of the Identifier system.

Correct.

> CEE architectures such as RANGI implement Locator/Identifier Separation,
> which involves hosts in extra routing and addressing management work
> compared to today's IPv4 and IPv6 naming models, in which the IP address
> plays both the Identifier and Locator roles.  In today's naming model, a
> respondent host can reply to a packet it receives without any any
> further work, because the routing system ensures that the packet will
> not be delivered to any host other than the one whose Identity is that
> of the destination address.

Each model has its pros and cons.

> Compared to the simplicity and speed of today's arrangements, CEE
> architectures in general require two additional global mapping lookups
> before a basic two-packet initial exchange can take place.  In addition
> to any initial DNS lookup which may be involved, the first lookup is by
> the initiating host, looking up the respondent host's Identifier.  This
> returns the one or more Locators by which the respondent host can
> currently be reached.

This host-initiated lookup eliminate the mapping work done by ITR in CES. As
for host mobility, this lookup also eliminates the route optimization work
in Mobile IP since the route is already optimal.

> When the resulting packet arrives at the respondent host, a second
> lookup is typically required - though this is not documented in the
> current RANGI IDs.  In some cases, the respondent host does not need to
> be sure of the Identity of the host to which it sends the response
> packet.  For instance a DNS server may not need to know this - so the
> second mapping lookup is not required.
> 
> Assuming the respondent needs to be sure the packet it sends goes to the
> host whose Identity was in the source field of the initial packet, it
> cannot trust the Locator which was in the source field of the initial
> packet - since this packet could have been generated by an attacker.
> Therefore, a second lookup is required, by the respondent host, querying
> the presumed initiator's Identifier (at least, the Identifier found in
> the source field of the initial packet).  Only if the initial packet's
> source Locator matches the one or more Locators returned by the mapping
> system can the respondent proceed to send a reply packet.

I believe the CES model will also face this issue. For example, the ITR of
the responder's site will also need an ID->Locator lookup when it can't
trust the RLOC of the incoming packets.

> These are lookups of a global mapping system, with the answers coming
> from authoritative query servers, due to the zero caching time
> preventing the results being cached in any resolvers which might be
> involved in the query.
> 
> These mapping lookups, and the original DNS lookup, are likely to
> involve further mapping lookups due to the need to gain Locators for
> each Identifier of a server which needs to be queried, as part of
> finding the Identifier and then the Locator of the authoritative server
> which can actually provide the reply.
> 
> If the DNS can be enhanced to return not just one or more Identifiers
> for a given FQDN, but one or more Locators specific to each Identifier,
> then this would remove the need for the initiating server to perform the
> first ID->Loc lookup mentioned above.  Sometimes the second can be

Assuming that not all hosts possess their own FQDNs, the ID->Locator mapping
system is a must. Hence, the hosts should update its locator in the
ID->Locator mapping system in the event of mobility or re-homing. If you
want the DNS to store the locator information, the host would have to update
its locator information in DNS besides updating the ID->Locator mapping
system. Do you believe it is still worthwhile?

> omitted too.  However, these proposed DNS mechanisms are for queries by
> RANGI hosts only - and must not disrupt the ability of IPv6 hosts to
> obtain an IP address which they can use to initiate communications with
> RANGI hosts by one of the IPv6-RANGI proxy arrangements.
> 
> Circularity needs to be avoided in the global ID-Loc mapping system.  A
> given AD needs to run its own authoritative servers, or have some other
> organisation run them on its behalf - and then handle secure updates to
> it as hosts change their Locators.  If an AD's authoritative mapping
> servers are implemented on its own servers, these servers need to be
> accessible via Identifiers which are not part of this AD.  This appears
> to be impossible in GLI-Split, where an Identifier can only be used in a
> given GLI-domain (roughly equivalent to a site).  However, assuming that
> in RANGI, each physical host can have multiple Identifiers (which
> appears to be neither mentioned nor disallowed in the current IDs), then
> circularity problems can be avoided by having the authoritative query
> servers accessible to queriers via Identifiers from some other AD-y than
> the AD-x for whom they are answering ID->Loc queries.  These hosts may
> be owned and run by this AD-x, and may also be accessible globally via
> Identifiers of AD-x.
> 
> Many more details of Mobility are required before the effectiveness of
> RANGI for Mobility could be estimated.  A host could retain its
> Identifier as it moves to any access network - which it cannot in
> GLI-Split.  However, its accessibility in that new network depends upon
> it rapidly updating its ID-Loc mapping entry to include the new Locator.
>  While a mobile RANGI host may be able to securely inform its
> correspondent RANGI correspondent hosts, including those which are
> mobile too, of its new Locator, if this precedes the availability of the
> new Locator in the ID-Loc mapping system, then nonces or keys must have
> been securely exchanged previously.  This secure exchange would
> presumably only be possible if it took place while the mobile node was
> using a Locator which was returned by the ID-Loc mapping system.  So
> short update times for that system would be vital so that the nonce or
> key exchange could take place before the host had to use a different
> Locator again due to leaving one access network and connecting to another.
> 
> RANGI, like all CEE architectures, is only practical for IPv6 and cannot
> support hosts which are behind NAT, including any mobile hosts.  Mobile
> hosts and all other hosts require global unicast addresses.
> 
> As with GLI-Split at least (ILNP too), there is no mention of how RANGI
> would work with private address ranges.  For instance, two hosts which
> share access to a private address range should communicate via the LAN
> or WAN which supports that range, rather than use RANGI's globally
> scoped Locators.

The site network could use private IPv4 addresses. As said in the RANGI
draft,    "If the communication parties share a same LD ID, they can
exchange packets directly over an IPv4 tunnel (between them). Otherwise, the
traffic will be relayed by LDBRs through IPv4 tunnels."

> While RANGI is described as involving a mixed IPv6 and IPv4 deployment,
> this can be hard to understand - it would be good to have a description
> of the system being deployed on IPv6 without any reference to IPv4 at all.

OK, I will add some statement about such case.

> RANGI, like (apparently) all other CEE architectures only provides the
> benefits of (Identifier) portability, multihoming and inbound TE for
> communication sessions between two upgraded hosts.

This statement is not true once we take the RANGI proxy mechanisms into
account. 

> While some CEE architectures can use existing IPv6 applications (GSE and
> GLI-Split) RANGI is like ILNP and Name Based Sockets in requiring IPv6
> applications to be rewritten to use Identifiers and Locators.  This may
> be relatively easy for some applications.  It may be very difficult for
> others, since the current protocols may rely strongly on the currently
> valid assumptions that sending a packet to a given IP address will not
> result in it being delivered to a host other than the one whose identity
> is specified by that IP address.  (Most applications are written for
> IPv4 only - though some of the most popular applications such as major
> Web browsers are able to use IPv6.)
> 
> RANGI requires the installation of a new router, or an upgrade to an
> existing one, to perform the "source-based policy routing" described in

Note that the source-based policy routing is not a new feature. Only the
source address rewriting requires an upgrade.

Again, thank you for these detailed comments.

Best wishes,
Xiaohu

> section 2.6.  However, a much greater barrier to adoption is likely to
> result from the combination of:
> 
>    1 - Need for stack upgrades and substantially rewritten applications.
> 
>    2 - Benefits only arising for adopters in the case of communications
>        between two hosts with these upgrades.
> 
>    3 - No obvious reason why applications should be rewritten, just to
>        serve an initially small number of RANGI adoptors.  The task
>        of writing and debugging an application to use both IPv6 and
>        RANGI protocols, including at the same time to multiple
>        correspondent hosts at the same time, may be very challenging
>        - particularly when the existing protocols cannot be directly
>        adapted to RANGI.
> 
>    4 - Substantial benefits to adoptors (complete portability and
>        multihoming for all their communications) are not available until
>        all their hosts and applications are updated - and essentially
>        all other hosts on the IPv6 Internet, and their applications are
>        upgraded too.
> 
>    5 - Routing scaling benefits only occurring when the above conditions
>        are met - because until this occurs, PI space will be the only
>        method of ensuring portability, multihoming and inbound TE on
>        all communications and no PI-less end-user network would have
>        portability, multihoming and inbound TE for all their
>        communications.
> 
> The central technique of CEE architectures, including RANGI, is to
> implement Locator/Identifier Separation as a means to achieving routing
> scalability - since universal adoption of this would mean that
> portability, multihoming and inbound TE could be achieved just as easily
> on PA space as on PI space.   However, this brings with it a continual
> burden of extra packets and frequently extra delays due to non-cacheable
> global mapping system queries.  This will slow down all communications
> compared to today's arrangements - including some DNS lookups.  In the
> case of RANGI, there is an additional burden of longer packets.
> 
> The extra burden of these new host responsibilities falls particularly
> heavily on those devices which are battery powered hand-held devices
> relying on slow and potentially unreliable 3G and similar wireless
> links.  These are likely to be the majority of all hosts - and the most
> frequently used ones - within ten years.
> 
> Compared to some other CEE proposals - such as ILNP GLI-Split and Name
> Based Sockets - RANGI has a further burden in the form of the 36 or so
> byte Destination Options headers which are part of every RANGI packet.
> Name Based Sockets involves long FQDNs being sent in initial packets,
> but RANGI involves this 36 byte overhead on all packets.

> RANGI cannot contribute to the solution of the IPv4 routing scaling
> problem.  Perhaps with further work it could be developed into a viable
> solution for IPv6 - but in order to be chosen as the best solution, it
> would not only have to be shown to be superior to ILNP, which has no 36
> byte header burdens, but it would also need to be established that
> changing all host communications to the more burdensome and delay prone
> Locator/Identifier Separation naming model was desirable.
> 
> CES (Core-Edge Separation) schemes retain the current naming model and
> some of them use local full database query servers - so avoiding initial
> packet delays due to the slow and unreliable nature of any global
> mapping system.  Even if the need to rewrite stacks and applications was
> not a barrier to adoption, a choice to replace the current IPv4 / IPv6
> naming model with Locator/Identity Separation would need to be made in
> order for any CEE architecture to be seriously contemplated as the best
> solution.  While there are arguments for this in terms of "architectural
> elegance" and in terms of not having to add anything to the routing
> system, the counter-arguments are formidable:
> 
>   1 - The current naming model involves less computational load and
>       traffic to and from all hosts compared to Locator/Identifier
>       Separation.
> 
>   2 - The current naming model involves none of the additional mapping
>       lookups and therefore delays which Locator/Identifier Separation
>       typically requires.
> 
>   3 - The CES upgrades to the network are justifiable because they are
>       easier than upgrading all host stacks and especially applications,
>       and because of the argument that the routing system should serve
>       the reasonable needs of hosts.
> 
>   4 - CES mapping lookups are performed from ITRs which are typically
>       not located behind slow, potentially unreliable wireless links so
>       the delays and costs of these lookups will be less than with
>       CEE.  CES ITRs' mapping lookups will generally be less numerous
>       in total because each ITR's cache covers the activities of
>       multiple sending hosts - which in a CEE architecture would each
>       need to make the mapping query themselves.