IETF Logo Mail Archive

Re: [rrg] IRON-RANGER scalability and support for packets from non-upgradednetworks

"Templin, Fred L" <Fred.L.Templin@boeing.com> Mon, 08 March 2010 19:14 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: rrg@core3.amsl.com
Delivered-To: rrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 09B313A6A3E for <rrg@core3.amsl.com>; Mon, 8 Mar 2010 11:14:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.532
X-Spam-Level:
X-Spam-Status: No, score=-6.532 tagged_above=-999 required=5 tests=[AWL=0.067, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WJU2rW43PDWx for <rrg@core3.amsl.com>; Mon, 8 Mar 2010 11:14:09 -0800 (PST)
Received: from blv-smtpout-01.boeing.com (blv-smtpout-01.boeing.com [130.76.32.69]) by core3.amsl.com (Postfix) with ESMTP id 145DD3A6A71 for <rrg@irtf.org>; Mon, 8 Mar 2010 11:14:09 -0800 (PST)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by blv-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id o28JE6a5008612 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 8 Mar 2010 11:14:08 -0800 (PST)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id o28JE6hW021810; Mon, 8 Mar 2010 13:14:06 -0600 (CST)
Received: from XCH-NWHT-02.nw.nos.boeing.com (xch-nwht-02.nw.nos.boeing.com [130.247.70.248]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id o28JE547021795 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Mon, 8 Mar 2010 13:14:06 -0600 (CST)
Received: from XCH-NW-01V.nw.nos.boeing.com ([130.247.64.120]) by XCH-NWHT-02.nw.nos.boeing.com ([130.247.70.248]) with mapi; Mon, 8 Mar 2010 11:14:05 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Robin Whittle <rw@firstpr.com.au>, RRG <rrg@irtf.org>
Date: Mon, 08 Mar 2010 11:14:03 -0800
Thread-Topic: IRON-RANGER scalability and support for packets from non-upgradednetworks
Thread-Index: Acq+64CYNsdkw6/FSPe1H9ZmOAu4pQABR1ag
Message-ID: <E1829B60731D1740BB7A0626B4FAF0A649511934CF@XCH-NW-01V.nw.nos.boeing.com>
References: <C7B93DF3.4F45%tony.li@tony.li> <4B94617E.1010104@firstpr.com.au> <E1829B60731D1740BB7A0626B4FAF0A64951193394@XCH-NW-01V.nw.nos.boeing.com> <4B953EA5.4090707@firstpr.com.au>
In-Reply-To: <4B953EA5.4090707@firstpr.com.au>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [rrg] IRON-RANGER scalability and support for packets from non-upgradednetworks
X-BeenThere: rrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IRTF Routing Research Group <rrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/rrg>, <mailto:rrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/rrg>
List-Post: <mailto:rrg@irtf.org>
List-Help: <mailto:rrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/rrg>, <mailto:rrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2010 19:14:11 -0000

Robin,

> -----Original Message-----
> From: Robin Whittle [mailto:rw@firstpr.com.au]
> Sent: Monday, March 08, 2010 10:15 AM
> To: RRG
> Cc: Templin, Fred L
> Subject: IRON-RANGER scalability and support for packets from non-upgradednetworks
> 
> Hi Fred,
> 
> In "Re: [rrg] Recommendation and what happens next", you wrote:
> 
> > Hi Robin,
> >
> > About IRON-RANGER below:
> 
> ...
> 
> >> That leaves four CES architectures:
> >>
> >>    IRON-RANGER
> >>    Ivip
> >>    LISP
> >>    TIDR
> >>
> >> TIDR can't solve the routing scaling problem because its "mapping" is
> >> almost identical to advertising individual end-user network prefixes
> >> in the DFZ.  I have argued that IRON-RANGER is not yet sufficiently
> >> developed to understand its security and scaling challenges - and
> >
> > The points on security and scaling have been addressed
> > in my latest rebuttal; see:
> >
> > http://www.ietf.org/mail-archive/web/rrg/current/msg06158.html
> 
> I don't understand the mechanisms by which potentially very large
> numbers of IRON routers repeatedly and continually register with
> potentially multiple VP routers.  These IRON routers could be
> anywhere and so could the VP routers.  In that message, the most I
> can discern about this mechanism is:
> 
>    IRON routers lease portions of their VPs as Provider
>    Independent (PI) prefixes for customer equipment (CEs),
>    thereby creating a sustaining business model. CEs that lease
>    PI prefixes propagate address mapping(s) throughout their
>    attached RANGER networks and up to VP-owning IRON router(s)
>    through periodic transmission of "bubbles" with authenticating
>    and PI prefix information. Routers in RANGER networks and IRON
>    routers that receive and forward the bubbles securely install
>    PI prefixes in their FIBs, but do not inject them into the RIB.
> 
> I have a rough idea of what you are trying to achieve with this
> mechanism, but I have no idea what the mechanism is - "bubbles"
> doesn't give me any understanding of exactly how the IRON routers
> would do this securely.  Only when I understand exactly how they
> would do this could I estimate the scaling and security problems
> which are no-doubt involved.

I have been using the term "bubbles" to keep this at a
high level and to avoid getting bound up into talking
about specific mechanisms. But, it sounds like you want
to know more about the specifics, so I can tell you that
a "bubble" is actually an IPv6 Router Advertisement (or
moral equivalent) using the RFC3971, Section 6.1
authorization model. In this model, routers are given
certificates from a trust anchor which authorizes them
to act as routers and to advertise a certain set of
subnet prefixes. Other routers in RANGER use the
certificates to verify authorization.

The scalability part is addressed in the new text I
have added to the rebuttal. What we really need to
avoid is having off-path attackers injecting lots of
bogus RAs that cause IRON routers to have to perform
lots of unnecessary crypto. By shutting down off-path
spoofing, IRON-RANGER ensures that end sites that act
with integrity will not overload correspondents with
crypto-busting DoS attacks. End sites that do NOT act
with integrity on the other hand will be easy to detect
and can safely be blacklisted.

> >> there's no apparent method of supporting packets sent from
> >> non-upgraded networks.
> >
> > Non-upgraded IPv4 networks will continue to work as they
> > always have. Do you mean non-upgraded IPv6 networks?
> 
> I mean when you start installing IRON routers, these will collect
> packets addressed to "edge" addresses (or whatever the new subset of
> "EID" space is called in I-R)

Virtual Prefixes (VPs) - but, VPs cover what IRON-RANGER
calls Endpoint Interface iDentifier (EID) prefixes.

> from the ISP networks they are
> installed in.  Packets sent by hosts in those networks will be
> handled according to I-R principles and the recipient networks of
> those packets will get the benefits (portability, multihoming and
> inbound TE) for those packets.
> 
> But what of packets sent from hosts without IRON routers?  AFAIK,
> there's no equivalent in I-R to Ivip's DITRs or LISP's PTRs.

Considering for now only IPv6 as EID space, an IPv6
host will be connected to a network that is ultimately
served either by an IRON VP or a "native" IPv6 prefix.
If an IRON VP, then routing is naturally via the IRON.
If a "native" IPv6 prefix (e.g., a 2001::/ derivative),
packets will follow default or more-specific routes as
usual but will encounter an IRON VP router if the
destination is covered by a VP.  

> > Assuming the latter, let's consider that today we have
> > two separate BGP instances - the IPv4 BGP instance and
> > the IPv6 BGP instance. The IPv6 BGP instance carries a
> > set of IPv6 prefixes (e.g., 2001:: derivatives) that are
> > routed in the IPv6 Internet in the "traditional" sense.
> > What IRON-RANGER is doing is essentially creating a
> > *third* BGP instance - one that carries a new set of
> > IPv6 Virtual Prefixes (VPs) that are distinct from the
> > prefixes carried in the traditional IPv6 BGP instance.
> >
> > Due to routing scaling issues, IRON-RANGER expects that
> > growth of this new third BGP instance will flourish while
> > growth of the traditional IPv6 BGP instance will level
> > off. In order to support what I think you mean by
> > non-upgraded networks then, it only requires that IPv6
> > routers connected to the IRON also participate in the
> > traditional IPv6 BGP instance. For that matter, not all
> > IRON routers need to participate, but at least some must.
> >
> >> As far as I know, there have been no
> >> substantial counter-arguments to these critiques.
> >
> > Do the above points address your concerns?
> 
> It is 5AM here, and I can't clearly translate what you wrote into an
> answer to the concern I mentioned above.  But that doesn't mean it
> doesn't address it.
> 
> > Hmm, maybe these two IPv6 BGP instances I alluded to don't
> > even need to be kept separate - as long as Virtual Prefixes
> > can be kept distinct from non-virtual ones. This I think is
> > the key point, and would greatly reduce the complexity.
> 
> I am definitely not going to think about this until I get some sleep!

OK; rest well.

Fred
fred.l.templin@boeing.com

>   - Robin
>

v2.23.0 | Report a Bug | By Email