[rrg] AIS (Evolution) - discussion/critique
Robin Whittle <rw@firstpr.com.au> Mon, 22 February 2010 16:57 UTC
Return-Path: <rw@firstpr.com.au>
X-Original-To: rrg@core3.amsl.com
Delivered-To: rrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1D64528C129 for <rrg@core3.amsl.com>; Mon, 22 Feb 2010 08:57:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.964
X-Spam-Level:
X-Spam-Status: No, score=-0.964 tagged_above=-999 required=5 tests=[AWL=-0.624, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, SARE_LWSHORTT=1.24, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xN524LFJhbpF for <rrg@core3.amsl.com>; Mon, 22 Feb 2010 08:57:27 -0800 (PST)
Received: from gair.firstpr.com.au (gair.firstpr.com.au [150.101.162.123]) by core3.amsl.com (Postfix) with ESMTP id 6108428C10F for <rrg@irtf.org>; Mon, 22 Feb 2010 08:57:25 -0800 (PST)
Received: from [10.0.0.6] (wira.firstpr.com.au [10.0.0.6]) by gair.firstpr.com.au (Postfix) with ESMTP id CBBC7175DCC; Tue, 23 Feb 2010 03:59:22 +1100 (EST)
Message-ID: <4B82B7EB.6090802@firstpr.com.au>
Date: Tue, 23 Feb 2010 03:59:23 +1100
From: Robin Whittle <rw@firstpr.com.au>
Organization: First Principles
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: RRG <rrg@irtf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [rrg] AIS (Evolution) - discussion/critique
X-BeenThere: rrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IRTF Routing Research Group <rrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/rrg>, <mailto:rrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/rrg>
List-Post: <mailto:rrg@irtf.org>
List-Help: <mailto:rrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/rrg>, <mailto:rrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2010 16:57:31 -0000
Short version: I think some of the AIS techniques may be useful in principle to some DFZ-using ASNs (ISPs and large PI using end-user networks). Whether they would be on-balance useful, considering their costs and complexity, to many ASNs, I am not sure. I think the AIS techniques only provide marginal improvements in the ability to run a network with routers which can't handle the full DFZ, either in their RIBs or FIBs. We need multiple orders of magnitude in the number of end-user networks - and AIS is supposed to cope with them all using PI prefixes. I believe the only way AIS could be considered a potential solution to the routing scaling problem is if it was a better documented standalone system, with convincing arguments for why this would be superior to the best of the CEE and CES architectures. I am completely opposed to the suggestion within this proposal that CEE be adopted in the long-term. Hi Lixia, Lan and colleagues, Thanks for your replies to my questions (msg05862, msg05991 & msg06055). I have now fully read your proposal and partially read some of the supporting documents. In addition to commenting on the several techniques you propose, I disagree with what I think is an inaccurate and overly bleak assessment you make about the attractions and benefits of Core-Edge Separation architectures in general. I think what you wrote about LISP is entirely incorrect. - Robin Main documents -------------- Summary: http://tools.ietf.org/html/draft-irtf-rrg-recommendation-04#section-14.1 ID: http://tools.ietf.org/html/draft-zhang-evolution-02 Critique - compiled by two of the proponents, Beichuan Zhang and Lan Wang (msg05693 2010-01-18) - "a summary of comments our team has collected, mainly from past RRG meetings and emails". http://tools.ietf.org/html/draft-irtf-rrg-recommendation-04#section-14.2 Supporting documents -------------------- FIB Aggregation http://tools.ietf.org/html/draft-zhang-fibaggregation-02 FIB Aggregation with Virtual Aggregation http://tools.ietf.org/html/draft-ietf-grow-va-01 (This seems to be a replacement for the ID cited in evolution-02: draft-francis-intra-va-01 .) Performance of Virtual Aggregation http://tools.ietf.org/html/draft-ietf-grow-va-perf-00 Virtual Aggregation (VA) http://tools.ietf.org/agenda/76/slides/grow-5.pdf (Mentioned in the Summary but not in evolution-02.) Answers to questions: http://www.ietf.org/mail-archive/web/rrg/current/msg05991.html http://www.ietf.org/mail-archive/web/rrg/current/msg06055.html For a discussion of the distinction between Core-Edge Separation (CES) and Core-Edge Elimination (CEE) architectures, please see: CES & CEE are completely different (graphs) http://www.ietf.org/mail-archive/web/rrg/current/msg05865.html CES & CEE: GLI-Split; GSE, Six/One Router; 2008 sep./elim. paper (v2) http://www.ietf.org/mail-archive/web/rrg/current/msg06089.html "EUN" means End-User Network. Discussion/critique =================== Overly negative assessment of CES architectures ----------------------------------------------- >From the Summary: Most proposals take a revolutionary approach that expects the entire Internet to eventually move to some new design whose main benefits would not materialize until the vast majority of the system has been upgraded; their incremental deployment plan simply ensures interoperation between upgraded and legacy parts of the system. I think this is true of CEE proposals. Please see (msg05865) as noted above. This statement is not an accurate portrayal of CES architectures. Again, please see (msg05865) for a full explanation. Although not directly related to this AIS-Evolution proposal, Lixia recently wrote, in a critique of LISP (msg06032): One would not be able to see global routing table size reduction unless/until LISP has been adopted by significant number of networks. This is not as harsh a criticism of LISP as the paragraph above, but it still implies some kind of lack of proportionality between adoption of this CES architecture and routing scaling benefits. See (msg06035) for Dino's objections to this and (msg06037) for my objections. >From draft-zhang-evolution-02 (Section 4): We believe that one fundamental difference is that all new designs have an implicit assumption that the entire system would eventually move to the new design. This is not the case for Ivip, or I think for LISP. The more they are adopted, the better for routing scalability. There's no threshold level of adoption before which there are no routing scaling benefits. The scaling benefits are closely proportion to levels of adoption. Also, the benefit to the EUN adopting the Ivip- or LISP-managed SPI (Ivip) or EID (LISP) space is not dependent on the number of other networks which adopt it - provided there are a good set of DITRs (Ivip) or PTRs (LISP) supporting the adopted "edge" address space. (This is not the case with CEE - substantial benefits to adoptors and to scalable routing only occur after ~100% adoption by all networks, not just those networks which want portability, multihoming and/or inbound TE.) But this doesn't mean the CES architectures have to be "full adopted" to solve the routing scalability problem. The DFZ today tolerates a certain level of unscalable routing. Solving the routing scalability problem doesn't necessarily mean eliminating all PI prefixes. As long as we can limit the growth to some tolerable level, or better still, reduce the number of PI prefixes AND at the same time provide much larger numbers of EUNs with the portability, multihoming and inbound TE they need (ideally, mobility too) then for all practical purposes, the routing scaling problem will be solved. No matter how much effort the designer puts into the incremental deployment step of a new design, the design itself does not start with the assumption that significant portions of the system would never adopt it. Therefore, it is likely the case that the assumed benefit of the new design would be achieved only after a majority, if not the whole, of the system has deployed the design, and that the cost of incremental deployment would be minimized only then as well. This is not true of LISP or Ivip - or probably of TIDR or IRON-RANGER. I think it was not true of APT either. The incremental deployment machinery is simply to glue together the part that has made the change and the rest that has not, to make the system function together at the intermediate, and hopefully transient, stage. However the system as whole would be in a sub-optimal state until the new design gets fully deployed. LISP can serve as an example here. These statements are completely false in respect of LISP and Ivip at least. (I don't speak for the LISP team, but as a prominent critic of LISP, if I defend LISP in some way, this should not be brushed off lightly.) Like many others, we too hoped that our new design, APT, could be eventually deployed everywhere to put the routing scalability under control. Perhaps when you imagined that APT would not make a contribution to the routing scaling problem until it was very widely adopted. I disagree - it would help with routing scaling to the extent it was adopted, provided the adopting ISPs were connected as a single cloud (or at least as a very few clouds). It is incorrect to imply that I, as the designer of Ivip, think it needs to be "deployed everywhere" to control the routing scaling problem. I agree it would be best if the great majority of EUNs which want portability, multihoming and inbound TE adopted Ivip - because those which don't will either not get these benefits, or will get them using unscalable PI space. This is not "deployed everywhere". I think the LISP designers also recognise the need to have LISP adopted by most EUNs, but that is not the same as "everywhere" or 100% of EUNs. We gradually realized that it is infeasible to attempt to roll out a new routing framework (i.e. a clean separation of edge prefixes from the core routing system) in a vast deployed system. I think by "clean separation" you may mean, at least in some respects, what I now refer to as "Core-Edge Network Isolation". Please see (msg06089) - but such isolation is not required by APT to achieve all its routing scalability goals. Preventing hosts (all of which must be on "edge" addresses, not just those in networks which need portability, multihoming and inbound TE) from sending packets to "core" addresses (DFZ and ISP routers, ITRs and ETRs) is an explicit non-goal of Ivip. LISP has no such goal either. In Ivip, sending hosts on "edge" SPI addresses or on ordinary ("core") addresses can optionally have inbuilt ITR functions, so they need to be able to send packets to ETRs - which are on "core" addresses. This statement is from the "critique": Compared to others, this proposal has the lowest hurdle to deployment, because it does not require all networks move to use a global mapping system or to upgrade all hosts, and it is designed for each individual network to get immediate benefits after its own deployment. This implies that for LISP and Ivip to be deployed to a level which improves routing scaling (which is any level at all - its just that they need to be pretty widely deployed to reduce the routing scaling problem to an acceptable level) that "all networks" need to use a global mapping system. This is not true - only those networks adopting the system need to use the mapping system, because Ivip's DITRs and LISP's PTRs will handle packets sent by hosts in non-upgraded networks. (The reference to upgrading hosts does not apply to CES architectures such as LISP or Ivip - it applies to CEE architectures.) This also implies that other proposals including Ivip and LISP do not enable each network to gain immediate benefits after its own deployment. This is a misleading portrayal of Ivip and LISP. An EUN which wants portability, multihoming etc. gets benefits by adopting Ivip or LISP, because it can get these without needing PI space, or much space at all. An ISP adopting Ivip or LISP to the extent that its customers can adopt it will get benefits simply because it is helping its customers get what they want and need - even if there are no other benefits to the ISP. >From one of the answers to questions (msg05991): A major consideration for our work is incremental deployability and immediate scalability benefit to anyone who adopts our scheme. You may recall that we started with a map-and-encap scheme APT, which falls into the core-edge separation category. However, during the past couple of years working on APT, we realized that it is difficult for a single entity to deploy APT and receive immediate benefit. A single ISP deploying APT enables the EUNs which adopt APT's "edge" space to use it via any ETR in the ISP. This is no different from what they could do already, with PI or PA space. However, if multiple ISPs adopted APT and formed an APT island, then the EUN could use that space, in small sections (smaller than /24 - right down to /32) at any ETR of any of the ISPs. This would also enable the EUN to multihome with any two or more of these ISPs. If there are multiple APT islands, then due to the /24 restriction in the DFZ, it is impossible to use "edge" space from a single /24 partly in one island and partly in the other. The solution seems to be to have all such "islands" become one by sharing their mapping via tunnels. I think this may be a valid criticism of APT, Ivip and LISP when applied to the question of what does a single ISP gain from being the first adopter. But if multiple ISPs see the benefits of the CES architecture and then go ahead and adopt it for those reasons - then the question of benefits for the very first adopter do not apply. I guess the first person to own a telephone didn't find it very useful until a second person got one. But this does not mean that all CES proposals suffer from the same problem with adoption in a general sense. I think the most likely impetus for Ivip adoption is not from a single ISP, such as in a given city or country, but for an organisation which wants to provide global mobility, for IPv4 and/or IPv6, using the TTR Mobility architecture: http://www.firstpr.com.au/ip/ivip/TTR-Mobility.pdf Such an organisation may well be an ISP, but it need not be. For TTR mobility, there need be no ITRs or ETRs in any ISP network. What is needed is a bunch of TTRs around the world, with a common mapping system driving the ITRs. Then, with appropriate software in the mobile devices (now mass-market iPhones, Google phones etc.) the mobile devices tunnel to nearby TTRs and get their own globally portable IPv4 address (or IPv6 /64) which they can use from any access network, including behind one or more layers of NAT. Mapping changes are not required for every change in access network. I think it is OK to drop development of APT if you can't think of why anyone would be an early adoptor. However I do not believe you are entitled to extrapolate this argument against APT to all other CES architectures, without detailed analysis of them - which you have not done. I will soon be writing up an even more decentralised approach to Ivip mapping than the one I mentioned in (msg05975). This will involve the companies which lease out SPI space from their Mapped Address Blocks (MABs) doing more of the work, and the adopting EUNs running their own ETRs, without any need for support from their ISPs. This new approach will also be fine for TTR mobility. Eventually, as this became widespread, ISPs would want to have their own ITRs, to stop packets leaving their networks, going to the nearest DITR only to be returned again in tunnels to the ETRs in the ISP's network which connect to the destination networks. The AIS-Evolution approach is inherently incremental and intended for any ISP or any PI-using EUNs with one or more DFZ routers. It doesn't depend much or perhaps at all on how many other networks adopt it. These are advantages, but I don't think you should portray all other approaches as being as completely flawed regarding benefits to early adoptors - unless you examine them all and provide detailed arguments why this is the case. It is the case with all CEE architectures - but you haven't provided detailed critiques of LISP or Ivip. Perhaps a trap in these discussions is to think that the only benefit an ISP would get by adopting a CES architecture would be the reduction in the number of prefixes in the RIBs and FIBs of its DFZ routers. These will only be reduced, or their growth held in check, to the extent that the CES architecture is widely enough adopted to tempt PI-using EUNs, or any other EUNs which would have adopted PI space, to use CES-managed "edge" space instead. If this was the only measure of benefit for an ISP, then I agree, it would take a long time (if ever) for any of the CES architectures to "pay off" - since it would rely on many other ISPs adopting it as well. However, assuming other ISPs are also "adopting the CES architecture" - at least whatever is required for the ISP's paying EUN customers to use the CES-architecture's SPI addresses via this ISP's network - then there is a second set of benefits for each such ISP independent of the number of prefixes in the DFZ. This benefit is that the ISP's customers are benefiting from their new SPI address space. This is fundamentally good for the ISP, because if their customers couldn't adopt the CES "edge" space through this ISP, they would be inclined to find another ISP. However, I agree - if all that happened one day was a single ISP adopted APT, LISP or Ivip, there does not appear to be any direct benefit to the ISP or their customers. This is not the only way CES architectures can be adopted. Adoption may not depend on ISPs being first movers at all - at least for Ivip. The concept of an ISP "adopting a CES architecture" is rather simplistic. Perhaps with APT this was an all-or nothing affair - since I think ETRs could only be in ISP networks which had fully adopted APT with its mapping system connections, Default Mappers, ITRs etc. Perhaps this is the case with LISP too, but I doubt it. It is certainly not the case with Ivip. Any EUN can run their own ETR on the PA space they get from any ISP. So when an EUN adopts Ivip - meaning it uses SPI space for its hosts - it doesn't need an "Ivip-upgraded" ISP. The ISP doesn't have to do anything to allow an EUN from implementing an ETR on the one or more PA addresses the ISP provides. Generally, these should be fixed IP addresses, or at least stable from one week to the next. There doesn't have to be ITRs in the EUN, or in the ISP network, for the EUN to use SPI space via an ETR function it runs itself. I will write more on this soon. For Ivip, at least, I am foreseeing the adoption to be started by one or more companies setting up MABs and widely dispersed DITRs to support these MABs - and then letting EUNs run their own ETRs on any PA space they get from any ISP. Also there is the use of same system for TTR Mobility - which is probably a more financially attractive service to provide than portability, multihoming and inbound TE for non-mobile networks. Goals of AIS-Evolution ---------------------- Thanks to prompting from Iljitsch van Beijnum two or so years ago, the Ivip-arch ID now has a full set of goals and non-goals. I think all scalable routing proposals would benefit from this. I understand that AIS-Evolution does not aim to directly support mobility in any way. (msg06055): mobility support is considered best supported separately from the DFZ routing system. But if current approaches to mobility are adequate, then why aren't they widely used in IPv4 or IPv6? As far as I know, the only way of doing mobility properly is for the host to have its own global unicast address it keeps no matter where it is. The only way I know of doing this is the TTR Mobility approach. If you think that existing approaches to mobility are better than this, then I would appreciate you doing a proper critique of TTR Mobility. So AIS-Evolution is only aimed at routing scalability for non-mobile networks. I asked about whether the aim was for a short-term preliminary to a longer-term CEE architecture: RW>> suggests it is near-term preliminary to a longer-term RW>> host-based solution - implicitly a Core-Edge Elimination RW>> scheme. LW> Your interpretation is not exactly what we meant to say. LW> LW> We aim to solve the routing scalability problem both in the LW> near term and in the long term through increasing scope of LW> aggregation. OK, with no mention yet of CEE, AIS-Evolution is supposed to solve the routing scaling problem in the short-term and long-term - implicitly indefinitely. LW> The following paragraph from our proposal says that our LW> solution is orthogonal to a host-based solution. OK - "host-based solution" means CEE architecture. If AIS-Evolution can solve the routing scaling problem in the long term, then why would a CEE architecture be needed? LW> Since a host-based solution will not solve the routing LW> scalability problem until a large portion of the Internet LW> hosts adopt it, ... Until essentially all hosts adopt it, meaning not just the hosts in networks which need portability, multihoming and inbound-TE, but *all* hosts everywhere, in ISP networks and in the many customer networks which are working fine from PA space. CEE only works for IPv6 and only provides significant scaling benefits or significant benefits for adoptors after almost *all* hosts have adopted it fully. For this to occur, essentially *all* applications need to be rewritten to run on IPv6 and then on IPv6-CEE. Yet they need to run on IPv4 too - so this is essentially triple-stack, with applications supposedly working fine using some mixture of the different kinds of addressing and protocols. This is an extraordinarily steep set of barriers to overcome before anyone gets any benefits. (GLI-Split can use existing IPv6 applications - but I am yet to understand how it would work well.) CEE also means burdening all hosts with extra work to manage their new routing and addressing responsibilities. I think this would be a bad thing for all hosts - delaying the establishment of communications in general. I think it would be even more of a burden for mobile hosts. If you think CEE is a better approach to routing scalability than a CES architecture such as Ivip or LISP, I would appreciate you explaining exactly why you believe this, including addressing the problems of this extra work and delays in establishing communications: Today's "IP addr. = ID = Loc" naming model should be retained http://www.ietf.org/mail-archive/web/rrg/current/msg05864.html LW> ... we still need a short-term solution (in our proposal, LW> the first two steps FIB aggregation and Virtual Aggregation LW> will serve this purpose). If a host-based solution never LW> gets widely deployed, the later steps in our proposal (e.g. LW> inter-AS VA) will address the long-term scalability needs. OK, so I understand the goals are something like this: FIB Aggregation } Do this in the short term - they Virtual Aggregation } won't get in the way of CEE. Then either: 1 - Wait for a CEE to be developed and deployed - which means all applications will be willingly updated by their developers - to the point where it looks like it will be ~100% adopted and therefore solve the routing scaling problem: No need for Inter-AS Virtual Aggregation or 2 - Decide that no CEE will ever be adopted and therefore deploy Inter-AS Virtual Aggregation. So I understand you regard Inter-AS Virtual Aggregation as a second-best approach compared to a successful CEE architecture. But you have not provided a proper critique of CES architectures. Your only critique so far has been how difficult they are to get widely adopted, due to the apparent absence of benefits for the first adopting ISP. As noted above, I don't consider this to be a full critique of all the ways a CES architecture could become widely adopted. You have not suggested that CES couldn't solve the routing scalability problem. Yet after rejecting CES based on a very narrow and incomplete argument, you intend to ignore CES architectures, and look only to CEE architectures for the real solution to the routing scaling problem - with your own Inter-AS Virtual Aggregation as a second-best alternative if there is no such CEE. But CEE architectures are vastly more difficult to get adopted than any CES architecture. Furthermore, the CEE architectures involve generally degraded session establishment times, due to the need to perform at least one and typically two extra global mapping lookups. Yet you haven't pointed out a particular CEE architecture as being worthy of consideration as a proper scalable routing solution, although you do mention ILNP (Summary): Note that our proposal neither interferes nor prevents any revolutionary host-based solutions such as ILNP from being rolled out. However, host-based solutions do not bring useful impact until a large portion of hosts have been upgraded. Thus even if a host-based solution is rolled out in the long run, an evolutionary solution is still needed for the near term. Another goal is implicitly support for CEE (msg06055): Another missing item from the proposal is end identifier: We believe it is important to have solutions for end identifiers, even though AIS does not depend or make use of it. But you don't present any arguments for why Locator / Identifier Separation (CEE) is desirable. >From the above, I perceive: FIB Aggregation } Short term Virtual Aggregation } Inter-AS Virtual Aggregation Long term if no CEE solution looks feasible These seem to correspond with points 1, 3 and 4 in the 6 point list in the Summary. Point 2 is "Topology-based mode Virtual Aggregation". This seems to involve tweaking the arrangements for RRs (Route Reflectors). Point 5 involves reducing the load on DFZ routers by implementing the RIB and eBGP functions on a commodity server. But how do these "controllers" do their BGP work if they can't use the data ports of the actual router? I can't see where this is discussed in the ID. The ID itself has five steps - apparently not including Point 5. Overall I see the goals of AIS-Evolution (not counting your support for CEE) as local attempts to get routers with limited FIB and RIB capacities to cope with a greater total number of DFZ routes. What I think is strikingly missing from the goals is the actual reduction of the number of routes in the DFZ. This is an explicit goal of both CES and CEE architectures. So I think AIS-Evolution is a defensive, local, complex set of approaches which will enable some older routers to be used for longer as the number of prefixes in the DFZ grows - at the cost of: 1 - Greater complexity of management and interconnection. 2 - More tunneling - and so more PMTUD difficulties, unless every tunnel is fully RFC 1191 / RFC 1981 compliant, by generating valid PTBs to the sending host for every PTB generated by a router in the tunnel. 3 - Longer paths inside adopting networks as packets go through more complex arrangements of VA routers. 4 - Reduced robustness compared to the same number of routers each being able to handle the full set of routes. 5 - If VA tunnels are to the routers of other ASNs, greater problems with coordinating these than with today's simpler techniques. Step One: Local FIB Size Reduction ---------------------------------- I wonder to what extent the techniques proposed would actually improve on the behaviour of commercial routers. Some of them would, I am sure, but at the cost of potentially creating routing loops or - as you acknowledge in the critique, upsetting Reverse Path Forwarding checks. To what extent can these techniques be adapted to commercial routers? Why haven't they been used already? To what extent does the extra complexity increase the time taken to alter the FIB? This would depend a great deal on the techniques used to implement the FIB. TCAM can have very long worst-case update times, even for a small update, since in order to make the change, it is possible that large numbers of entries must be written into new locations - since the order of the comparisons in terms of the priority encoder is important. While this is happening, the TCAM can't be used to classify packets. There are millions of end-user networks wanting portability, multihoming and/or inbound TE. Do you expect AIS to enable all ISPs to cope with DFZ prefix numbers in the millions? At best, I see all your approaches, including FIB aggregation, as being of only marginal benefit when we need multiple orders of magnitude improvement in our ability to support end-user network prefixes being globally portable and multihomable. At least FIB aggregation is a process localised inside each router - unless it causes undesirable paths for packets. 3.2. Step Two: Network-Coordinated FIB Size Reduction ----------------------------------------------------- Although this and some other sections refer to external IDs, I think these sections really need to be improved with diagrams and examples. Only with examples, and extrapolation to handling millions of prefixes, could the reader begin to imagine the problems of scaling, management complexity, debugging, automation of router configuration this and other suggested arrangements would involve. I think that the case for these suggestions would be greatly improved with more detailed discussion of how this would scale to DFZ prefix numbers of 1 million, 5 million or whatever it is you expect these methods to be worth using with. 3.3. Step Three: Reducing Adjacent AS Virtual Aggregation Overhead ------------------------------------------------------------------ I haven't followed this in detail. I understand the idea of tunneling from a router in ISP direct to a BR of another ISP where packets addressed to a particular prefix are being sent out to some other network. I wonder how many such tunnels will be needed, and what capacity existing routers have to support such tunnels, with full PMTUD support. I understand the idea is to do this only for the prefixes with most traffic, and let most prefixes use tunnels only within the one AS. But how is this sort of thing to be automatically and dynamically managed, as prefixes change, their traffic patterns change, and their egress routers change? It seems that writing the appropriate software for this and then debugging it would be quite daunting. Then, even if the software was functionally perfect, it would be quite difficult to correctly configure and operate in a busy network. I am not clear how far this principle should be extended. Should a router in ISP-A tunnel directly only to a BR of a directly connected ISP-B, or should it also tunnel to a BR of another ISP-C which connects to ISP-B but not ISP-A? 3.4. Step Four: Reducing RIB Size --------------------------------- I didn't clearly follow the previous step, but does it involve more work for the route processor - more prefixes in the RIB? These sentences seems to indicate it does: When more networks have adopted Virtual Aggregation, the mapping table is likely to grow large, which may make it no longer feasible to piggyback all the mapping information on the existing BGP sessions. The main problem, as we can perceive today, would be the RIB size growth: A BGP router will receive the same mapping information from multiple neighbouring BGP routers, and store all of it in its Adj-RIBs-IN. Thus BGP routers may end up with storing multiple copies of the same mapping information. I don't clearly follow the proposed solution - of moving some of the work to a separate BGP instance. But if this is on the same router, does this help, since there is only so much CPU power and RAM available for all such instances? I couldn't understand "caching" in: Since APRs (or ingress routers, if they are upgraded to handle caching) ... This paragraph (page 12) is clearly saying something crucial about the impact of AIS-Evolution, as indicated by: The prefixes that got aggregated out of the core routing system would be those that belong to the edge ASes. but I have no understanding of how the individual actions of ISPs in adopting some or all of these AIS-Evolution measures would have the effect of reducing the number of prefixes handled by DFZ routers of ISPs which do not adopt these measures, which is what I understand by the term "core routing system". 3.5. Step Five: Insulating the Core from Edge Churns ---------------------------------------------------- Here I think there is some attempt to reduce the load on the DFZ in general - all DFZ routers including those of ISPs and larger DFZ-involved PI-using end-user networks, irrespective of whether these networks adopt some or all of the AIS-Evolution techniques. Anything which reduces the number of updates will help reduce the routing scaling problem - assuming that traffic flows are not adversely affected. But the following text makes me think you want to do something, but haven't figured out what yet: Short failures, which are frequent, should not be propagated through the mapping system. Instead, they should be handled by other means. For example, in the APT design, the failure handling actions are data-driven, i.e., a link failure to an edge network is not reported unless and until there are data packets that are heading towards the failed link. We are actively working on an evolutionary solution that can provide equivalent data-driven handling of edge failures as APT does. But if, by "data-driven" you mean that sometimes you won't need to do anything because no data was flowing anyway, then this does not seem to be a realistic solution. I run a mailserver and nameserver here in my home-office, with a very low volume web-server. Hardly second goes by without traffic. Your "not reported unless and until there are data packets that are heading towards the failed link" wouldn't save much work for any network which was big enough to want portability or multihoming. It is not at all clear to me how the changes you propose can provide multihoming service restoration in a more scalable way than with PI space today. To contribute to the solution of the routing scaling problem, this needs to be done with much less burden on the DFZ control plane than at present. I asked about multihoming service restoration - but the answers (msg06055) don't give me any idea of how this can be achieved with the new techniques in a way which reduces the burden on the DFZ as a whole. RW: 2 - How does AIS support multihoming? The word does not appear in the proposal documents or the summary. How does the multihoming support detect failure of the link between one ISP and the end-user network while detecting that the link from a second ISP is working, and that the second ISP itself is reachable? How is this information relayed to or discovered by, the routers (APRs?) which tunnel traffic packets to "egress routers"? LZ: the above are good questions that are not explicitly addressed in the 500 word solution summary. Essentially, AIS assumes that BGP works as today, thus edge sites following their existing multihoming practices. Transit ASes perform internal FIB/RIB aggregation to maintain FIB/RIB size at desired level, without impacting multihoming/ TE practices. Since the network would operate as usual, failure detections between edge sites and their ISPs are handled by routing protocols as today. the mapping information between aggregated prefixes (virtual prefix) and the specific ones comes directly from BGP routing updates. Tunneling and its impact on Path MTU Discovery ---------------------------------------------- These answers from (msg06055) doesn't answer my question: LZ: AIS does not specifically address the PMTU problem. The above mentioned solutions can work if they get deployed. But these "solutions" are specific to other frameworks. Perhaps Fred Templin's SEAL could be used - but no current router supports it as far as I know. My IPTM technique is specifically for Ivip and is not intended for the sort of tunneling you envisage with AIS-Evolution. If you use tunnels, I think they must return valid PTBs to the sending host if they get a PTB from the tunnel. For IPv4, this means the ingress tunnel router needs to cache a few dozen bytes at least of the initial packet, since it can't rely on getting enough of the offending packet from the router in the tunnel which generates the PTB to be able to create the valid PTB to the sending host. LZ: I'd also like to make a personal observation here: I heard that MPLS ran into PMTU problem in its early days, it eventually went away by reducing default MUT size; the same approach has also been used to avoid PMTU problem in Apple's MobileMe implementation (which applied end-end encapsulation between hosts) If this approach is taken with any widely adopted scalable routing solution then we will be locked into ~1500 byte packets until the system is entirely replaced. Until then, we would never be able to send ~9k byte jumboframes across the DFZ. PI prefixes are aggregated, not removed as such ----------------------------------------------- RW: 5 - I understand that some or ultimately all ISPs would run APRs. I assume that when all ISPs run APRs that this will enable the removal of end-user network prefixes from the DFZ. LZ: All ISPs can run run APRs to reduce their routing table size. None is required to run APRs to reduce other ASes' routing table size. One AS runs APRs if and only if it wants to reduce its own table size. OK - this confirms what I thought, that there is no reduction in number of prefixes for DFZ routers in ASes not using these techniques. RW: When only some ISPs run them, is there any prospect for reducing the number of prefixes advertised in the DFZ? If so then how would end-user networks whose prefixes were removed receive packets sent by hosts using ISPs without APRs? LZ: the #prefixes can be reduced *between* neighbour ASes doing AIS. No end user prefixes get removed per se; they get aggregated. I think I can understand VA within an AS as reducing the need for at least some routers to have the full set of DFZ prefixes in their FIBs. I think I can imagine this extending in some way by routers in one AS tunneling packets to routers in a neighbouring AS. But, without diagrams and much more extensive explanations I can't yet see how either or both of these could occur: 1 - Two neighbouring ASes are somehow able to handle multiple PI prefixes of end-user networks somewhere else in the world without any routers in their systems needing to have separate RIB and/or FIB routes for each prefix. 2 - How this could be extended not just to immediate neighbours, but to neighbours' neighbours - and so potentially to all ASNs, in a robust, scalable fashion. Fully-deployed AIS-Evolution? ----------------------------- RW: 6 - What advantage would ILNP or any other CEE architecture provide compared to a fully deployed version of AIS? LZ: "a fully deployed version of AIS" does not seem a well formed statement, given AIS is a solution for parties who need it. Well, everyone with a DFZ router will need it if ten million end-user networks all advertise their own PI prefixes! I meant that if all your suggested techniques were fully adopted by pretty much every AS which is affected by the routing scaling problem - pretty much every organisation with a DFZ router. LZ: Although a uniform universe would make a simpler picture, it seems that the actual deployment of Internet has already led to different practices. Personal view: such heterogeneity in IP operations is likely going up over time. Back to your question of what advantages a full ILNP or any other CEE deployment would bring: I am not sure about advantages or not advantages, what I can see as differences are 1 - major changes in operations in edge networks, to handle multiple provider-assigned prefixes 2 - increased dependencies of the core on all edge networks doing the right thing. OK - I understand these two points (which I numbered) as being difficulties with a CEE architecture: 1 - All edge networks (not just those wanting portability and multihoming - all networks with hosts, including ISP's hosts) need to change the stacks of all their hosts and except perhaps for GLI-Split, have all their applications rewritten. Also, drop IPv4 and get IPv6 services for all networks. 2 - I don't understand this. With CEE, the edge networks only get PA prefixes from their ISPs, so there's nothing they can do to destabilise the DFZ routing system. Assuming the ISPs only change their advertisements for reconfiguring their networks and for rare outages, then the DFZ will be fine - with only ISP prefixes. My question was why would you suggest a CEE architecture be used at all if AIS can really solve the routing scaling problem, however defined? RW: 7 - Do you consider a full AIS deployment to be a Core-Edge Separation architecture, in that it creates a subset of the global unicast address space? LZ: see my comment to the prev question. in the first evolution draft we envisioned that, if all networks deployed virtual aggregation, then the world would converge towards (do not know whether it would ever reach) the direction of a core-edge separation. I do not know what you meant by "a subset of global unicast space"... I meant to write "creates an 'edge' subset of the global unicast address range which is managed differently, with ITRs, mapping system and ETRs etc. so these addresses can be used by end-user networks for portability, multihoming and inbound TE with little or no impact on the DFZ control plane." You were one of the authors of the 2008 paper which established the terms "Core-Edge Separation" and "Core-Edge Elimination". The defining characteristic of CES architectures such as APT, LISP, Ivip and others is that they create a new subset of the global unicast address space as just described. I would appreciate you responding to my attempt to sort out these conceptual and terminological difficulties with "separation" ("isolation of edge hosts from sending packets to core addresses"?), CEE and CES: CES & CEE: GLI-Split; GSE, Six/One Router; 2008 sep./elim. paper (v2) http://www.ietf.org/mail-archive/web/rrg/current/msg06089.html RW: 8 - Why would AIS, or AIS supplemented by a CEE architecture, be better than LISP or Ivip? (I do not consider TIDR to be a solution because it uses DFZ routers for mapping distribution. I don't yet understand RANGER, but perhaps it too does this.) (Note 2010-02-23: RANGER uses separate routers, it does not use the DFZ for mapping distribution.) LZ: regarding LISP: (1)please see the critique I sent out couple days back, where I mentioned a basic question of whether one could draw a universal division line between "the core" and all edges; LISP doesn't attempt to do this. LZ: one of the reasons we gave up APT is because APT also had this model of divided world view. As best I understand it, you had a vision of "isolation" as an end-point of full APT adoption - but this is not required for achieving all its routing scaling benefits, as far as I know. LISP and Ivip have no such goal of "isolation", so this is not a critique of these CES architectures. LISP and Ivip do distinguish clearly between two classes of network: 1 - ISPs - who sell connectivity to other networks, including other ISPs. 2 - End-User Networks - who buy and use connectivity and do not sell it to anyone. LISP and Ivip provide a special subset of the global unicast address space (EID for LISP, SPI for Ivip) which has special destination Locator semantics for ITRs only, but which is otherwise handled normally by all other routers, and by all hosts. (msg06070) and (msg06082). This "edge" subset of space can be used by End-User Networks which want portability, multihoming and inbound TE, with no direct burden on the DFZ control plane. Only the MABs (Ivip) or "coarse" prefixes (LISP) which enclose the "edge" space of tens of thousands of end-user-networks are advertised in the DFZ - and these advertisements do not change frequently. (Ivip's DITRs and LISP's PTRs advertise them.) With LISP and Ivip, end-user networks no longer need to use PI space if they want portability, multihoming and inbound TE. Ideally many, most or all current PI users will convert their space to "edge" space, or hand it back and adopt other "edge" addresses. But even if they don't hand it back, the routing scaling problem will be largely solved because millions of end-user networks currently lacking portability etc. will be able to get it scalably with the new "edge" space. I can't see how distinguishing conceptually between two types of network is a problem for LISP or Ivip - if this is what you mean by "draw a universal division line between 'the core' and all edges;". If, by this, you mean "isolation" (see msg06089), then this is definitely not part of LISP or Ivip - and nor was it needed for APT to be a good scalable routing solution. LZ: (2) the issue of alignment (or lack of it) between cost and gains: if one ISP rolls out LISP, how much could it reduce its routing table? I discussed this above - a single adopting ISP doesn't derive any benefit. But this is not the only way a CES will be widely adopted. LZ: The above two considerations apply to Ivip as well, plus a 3rd one for Ivip: as I wrote in my Ivip critique, I question the validity of the model of globally synchronized mapping database. OK - I really appreciate you writing a critique for Ivip. However, neither you nor anyone else has written about what their concerns were about Ivip's specific proposal for mapping distribution: http://tools.ietf.org/html/draft-whittle-ivip-fpr-00 Likewise I am keen to get some detailed critiques of TTR Mobility: http://www.firstpr.com.au/ip/ivip/TTR-Mobility.pdf Conclusion ---------- I have worked hard to understand AIS in general, though I haven't tried to read all the other IDs which are referenced. My impression is that you think most of the steps are suitable for marginal improvements, considering the great demands of scalable routing - and that you think a CEE approach is the proper long-term solution. However, you seem to have rejected CES architectures purely on the basis of your rejection of APT - and I think that rejection was largely or entirely based on concerns over initial stages of adoption, without considering they may be other ways APT or a CES architecture might become widely adopted. Then, you seem to prefer a CEE architecture - all of which are *vastly* harder for anyone to adopt than APT, LISP or Ivip - and where the benefits to adoptors or scalable routing are far more distant and unlikely ever to be realised. I think some of the techniques you propose may be useful in principle to some DFZ-using ASNs (ISPs and large PI using end-user networks). Whether they would be genuinely useful, considering their costs and complexity, to many ASNs, I am not sure. I think your techniques only provide marginal improvements in the ability to run a network with routers which can't handle the full DFZ, either in their RIBs or FIBs. We need to handle millions of end-user networks with portability, multihoming etc. If done with PI addresses, this would mean the number of prefixes in the DFZ grows by a factor of 10 or more. I believe AIS-Evolution could only be considered a potential solution to the routing scaling problem if you made it a standalone system, with much better documentation - and presented convincing arguments for why this would be superior to the best of the CEE and CES architectures. I am completely opposed to your suggestion of long-term adoption of CEE - see (msg05865) and (msg05864) - so for me, you would only have to show it is superior to Ivip, since I think Ivip is better than the other CES architectures.
- [rrg] AIS (Evolution) - discussion/critique Robin Whittle