CA*net report
Dennis Ferguson <dennis@gw.ccie.utoronto.ca> Wed, 14 March 1990 19:58 UTC
Received: by devvax.TN.CORNELL.EDU (5.59-1.12/1.3-Cornell-Theory-Center) id AA04365; Wed, 14 Mar 90 14:58:33 EST
Received: from [128.100.63.2] by devvax.TN.CORNELL.EDU (5.59-1.12/1.3-Cornell-Theory-Center) id AA04361; Wed, 14 Mar 90 14:58:17 EST
Received: by gw.ccie.utoronto.ca id 41307; Wed, 14 Mar 90 14:56:21 EST
From: Dennis Ferguson <dennis@gw.ccie.utoronto.ca>
To: tewg@devvax.TN.CORNELL.EDU
Subject: CA*net report
Message-Id: <90Mar14.145621est.41307@gw.ccie.utoronto.ca>
Date: Wed, 14 Mar 1990 14:56:17 -0500
I was asked by Scott to send an overview of CA*net topology (or
lack thereof). This is pieced together from a set of notes I have
been keeping, and I have been a little lazy about editting down the
size, so please don't believe I wrote all this especially to
fill TEWG people's mail boxes.
The first phase topology, when completed, is planned to look as follows:
Edm Wpg
/---- 0 /-0-------------\
Van / Sask / /------\--------\
0-/ 0-/ Tor Mtl Fred Chrl
|\ 0 ------- 0 0 ------- 0
| \----------------------------/| |\
| | | \ Hal StJ
V V V \----------- 0 ----- 0
Seattle Ithaca Princeton
For those not up on Canadian geography, the place names are spelled out
following (spelling mistakes and all), west to east:
1 Vancouver, British Columbia
2 Edmonton, Alberta
3 Saskatoon, Saskatchewan
4 Winnipeg, Manitoba
5 Toronto, Ontario
6 Montreal, Quebec
7 Fredricton, New Brunswick
8 Halifax, Nova Scotia
9 Charlottown, Prince Edward Island
10 St. John's, Newfoundland
A couple of design features are worth noting. There are 10 nodes, since
Canada has 10 provinces. There are 9 internal links, since this is the
minimum you can connect 10 nodes with. All internal links are (extremely
expensive) 56 kbps circuits. The three southbound circuits may be
somewhat larger than 56 kbps. The network will operate with a substantial
fraction of the bills being payed by the users of the network (provincial
networks, or "regionals") from day one, so much of the planning was done
in scarcity-of-resources mode. The two links which are needed for full
redundancy are awaiting a reduction in the tariffs.
The routers are being provided by IBM, and for the first round are RT-based
with the NSS software squeezed to fit in a single box. This equipment
may not be permanent. The southern end of the three NSFnet links will
be connected directly to the respective NSFnet NSSes.
The architecture internally is somewhat constrained by (or at least,
defined by) the NSS software. CA*net will comprise a complete autonomous
system by itself, and will exchange routing with the provincial network
via EGP (and/or BGP if desired). Routing is planned to be exchanged with
the NSFnet via BGP exclusively, if only to minimize traffic on the
southbound links through the incremental updates (such things become
a concern if you are planning a network you know will be congested from
the outset).
With respect to the treatment of the multiple NSFnet connections, we
had three or four goals in mind. These were:
(1) make routing between CA*net and NSFnet as efficient as possible,
this by minimizing the distance traversed within CA*net (e.g.
traffic from Montreal should leave CA*net via Princeton and
should return that way).
(2) when one of the NSFnet-CA*net links breaks, traffic should be
routed via one of the other two links.
(3) make sure breakage of the Vancouver-Toronto or Toronto-Montreal
links does not prevent, say, Halifax from reliably communicating
with NSFnet (this is somewhat the same as (1)).
(4) perhaps, heal breakage of the Vancouver-Toronto and Toronto-Montreal
links via the NSFnet, so that breakage of one of these doesn't
affect connectivity between CA*net sites.
Of these, only (2) turned out to be perfectly straight forward. To
understand the difficulties with (1) and (3), however, requires some
background. The northern end of the NSFnet links is not directly
connected to the CA*net NSS, but rather to a separate box, to avoid
load difficulties should the southbound link become higher bandwidth.
The node is thus laid out as follows:
Point-to-point links
Subnets of 138.59 To NSFnet NSS
| | | |
+-+-+-+-+ +---+---+
| | | |
| NSS | | ? |
| | | |
+---+---+ +---+---+
| |
----+-------------------+---- ...
Ethernet |
Class C network # +---+---+
|Prov- |
| incial| ...
|Router |
+-------+
The (?) is the issue. Originally it was planned to make this an NSFnet
split E-PSP (i.e. a topological piece of the NSFnet). The CA*net NSS
would peer with this via BGP. The mid-level router(s), however, would
only peer with the CA*net NSS, this to allow CA*net to apply its own
policy to the NSFnet routing information beforce giving it to its
mid-level networks, and (less important) to avoid having routes cross
the serial link to the US more than once. There are a couple of gotchas
here relating to BGP and the way NSSes handle routing. If you read the
fine print in the BGP spec, it is illegal for the CA*net NSS to advertise
routes to the mid-level router which use the interface address of the
NSFnet box as a next hop. If the provincial router isn't a BGP peer
of (?) it can't forward directly to it, but rather is only allowed to
forward through the NSS (and back out on the same network, complete
with ICMP redirect).
Second, if you multiply the above by three links you end up with the
following AS topology (CA*net == 577, NSFnet == 145):
Other ADs
|
+----------------+----------------+
| |
| AS #577 |
| |
+---+------------+------------+---+
| | |
| | |
+---+------------+------------+---+
| |
| AS #145 |
| |
+----------------+----------------+
|
Other ADs
Unfortunately, NSSes route by mapping a network number to an AS number
and then using the AS number as an entry into the routing table. What
this means is that an NSFnet NSS will route all networks advertised by
AS #577 towards a single link (worse, it will do this even when 577
partitions and the single link it is routing to has declared some of
the networks unreachable). This means that you can't meet the requirements
(1) and (3) if you do this. NSSes really want one link per AS.
Now, the NSFnet usually handles multiple links by mapping one (some) of the
links to a different AS number (e.g. see the RFC on how MILNET is handled).
This works fine for EGP, but for BGP you now have trouble figuring out what
the AS paths look like after mapping. And you are now telling lies about
your topology to the whole world, rather than just yourself.
Anyway, it is noted that lots of problems go away if CA*net doesn't talk
to the NSFnet directly. To this end it is planned instead to make (?)
into its own autonomous domain, running back-to-back BGP. You hence
end up with an AS topology which looks like:
Other ADs
|
+----------------+----------------+
| |
| AS #577 |
| |
+---+------------+------------+---+
| | |
| | |
+---+---+ +---+---+ +---+---+
| | | | | |
|AS #579| |AS #6xx| |AS #578|
| | | | | |
+---+---+ +---+---+ +---+---+
| | |
| | |
+---+------------+------------+---+
| |
| AS #145 |
| |
+----------------+----------------+
|
Other ADs
which makes the NSSes on both sides happy since there is now only one
link per AS. It also means we get around the unfortunate BGP restriction,
since CA*net now controls the policy on the (?) router as well.
In any event, it is then possible to construct gateway preferences
based on network number (or origin AS, if the software supported it).
CA*net will route south based on internal topology. NSFnet will route
north based on first, second and third choice preferences which are
administratively set to match CA*net's internal topology. (1), (2)
and (3) all work.
(4) doesn't really work in a BGP-based world since there is an explicit
assumption in the BGP document that ASes don't partition, and routing
loop control is sort of based on this. In general this is probably a
good thing since trying to repair partitioned ASes is scary. If one
has a fairly limited topology, however, there is a dishonest hack one
can do to get routing between the AS partitions via a third party. This
might be tried in the interests of knowing if it works.
That's about it, I guess. If I get to Pittsburgh I hope to have prettier
graphics.
Dennis
- CA*net report Dennis Ferguson
- Re: CA*net report Scott Brim
- Re: CA*net report Guy Almes
- Re: CA*net report Ross Veach