[rbridge] Separating endnode info from link state info
gibanez at it.uc3m.es ( Guillermo Ibáñez ) Tue, 17 May 2005 09:16 UTC
From: "gibanez at it.uc3m.es"
Date: Tue, 17 May 2005 11:16:52 +0200
Subject: [rbridge] Separating endnode info from link state info
Message-ID: <4289B684.5050208@it.uc3m.es>
Guillermo Ib??ez wrote:
Thanks Radia and Joe for the clarification.
Radia,
In your posting of past 9 March (see below) on VLANs you mention
an optimization: to separate the endnode information from link state
information. This point looks important for scalability and flexibility
of implementation. Decoupling of host information from the routing
protocol seems important because MAC addresses are not hierarchical, do
not consolidate.
One form of separation of endnode information from link state
information (among other possible) is to use the ARP servers approach,
extending it to "ARP&DR" servers. Endnode-Rbridge association
information might reside in the ARP servers and be obtained at the same
time that endnode ARP request is replied. The ARP server replies to DR
with destination endnode MAC and destination endnode DR's MAC so the
routing can work with the destination DR MAC instead of endnode. The DR
MAC is used to route till destination rbridge, the destination endnode
MAC is used to route in the last hop.
Regarding registration, at the same time the DR registers the
requesting ennode at the ARP server, the DR gets also registered,
associated to endnode.
There are other alternatives, like the DRs issuing encapsulated ARPs
that the DR would respond with its MAC and the endnode MACs. Although
both alternatives can be seen as optimizations, the decision to separate
or not endnode-DR association information from link state information is
important. This separation provides also flexibility for implementation
and evolution. This might be beneficial in wireless environments, where
broadcasting a long list of hosts may be an important overhead.
Regards
Guillermo
*Radia Perlman* Radia.Perlman at Sun.COM
<mailto:rbridge%40postel.org?Subject=%5Brbridge%5D%20VLANs&In-Reply-To=1509658726.20050304210311%40psg.com>
/Wed Mar 9 07:59:43 PST 2005/
* Previous message: [rbridge] End station discovery/liveness
detection
<http://www.postel.org/pipermail/rbridge/2005-March/000237.html>
* Next message: [rbridge] VLANs
<http://www.postel.org/pipermail/rbridge/2005-March/000245.html>
* *Messages sorted by:* [ date ]
<http://www.postel.org/pipermail/rbridge/2005-March/date.html#238>
[ thread ]
<http://www.postel.org/pipermail/rbridge/2005-March/thread.html#238>
[ subject ]
<http://www.postel.org/pipermail/rbridge/2005-March/subject.html#238>
[ author ]
<http://www.postel.org/pipermail/rbridge/2005-March/author.html#238>
------------------------------------------------------------------------
There are various ways that we can optimize for VLANs, and as usual, the
choices are
a continuum of tradeoffs between optimality of memory, bandwidth,
complexity, etc.
One thing we should do is have RBridges announce which VLANs they are
supporting
for endnodes. This would have to be configured, which I believe it is
done for bridges.
So each RBridge knows, for each of its links, which VLANs are allowed on
that link.
It announces this information in its link state information.
Now all RBridges know which RBridges are attached to which VLANs.
This now allows confining the broadcast domains. Unknown destinations or
ARP/ND
queries only need to be sent to Designated RBridges attached to the VLAN
in which
the packet originated. Depending on the amount of traffic which is
unicast vs
needing to be flooded (within the VLAN), there is a range of choices of
how to get
a packet to all the nodes within the VLAN. These are the same choices as
for multicast,
which I summarized in an earlier message, but basically it's
a) send through a spanning tree to all RBridges, and DRs only flood onto
their LAN
to endnodes if the packet is for the right VLAN (if we did this we
wouldn't even
need to announce in link state packets which VLANs RBridge supported)
b) send through the same single spanning tree to all RBridges, but an
RBridge looks
downstream, and stops forwarding if there are no RBridges supporting
that VLAN further down
c) compute per-source-RBridge trees, and when RBridge R floods a packet
for VLAN A,
the flooding will be done based on the tree rooted at R, and pruning
will also be done,
as per point b.
Now for known endnodes:
Especially since someone told me that people want the capability to have
overlapping
MAC address spaces among VLANs (the node with MAC address "m" in VLAN A
might be totally different from the node "m" in VLAN B), RBridges, in
their link
state information, should tag what VLAN "m" belongs to.
Given that R knows what VLANs MAC addresses belong to, if R does not support
VLAN B, then there is no reason for R to put MAC addresses for B in its
forwarding table. But if the endnode information is in the regular link
state information
(assume that for now), then R will need to store it so R can participate
in link state
flooding.
Now another optimization: Suppose you want to avoid making R know about any
endnodes except in VLANs that R supports.
Then we could do the distribution of endnode information separately from the
rest of the link state information (the "regular stuff" is the connectivity
of the network consisting of RBridges, and tagging which RBridges are in
which
VLANs).
If R is in VLAN A, then R must inform all the other RBridges attached to
VLAN A
of all of R's VLAN A attached endnodes. If there were enough VLAN A peers in
the campus, it would probably be simplest to just use the regular link state
flooding to distribute the information. However, if that isn't the case,
then
the VLAN A RBridge peers could talk to each other across the cloud to
separately
distribute their endnode information. For instance, it could be sent as
a VLAN A flood, which the core would know how to do (as per the beginning of
this note).
Now, if non-VLAN-A RBridges do not know about the MAC addresses in A,
that can't be what they base their forwarding decision on.
If RBridge is working over MPLS, this isn't a problem, since the MPLS
path leads to the egress RBridge.
If there were only pt-to-pt links (no shared media) we could have the
encapsulation header point to the egress RBridge.
But on shared media, what we can do, at a cost of only 6 additional
bytes, is to also put "egress RBridge ID" into the encapsulation header.
So before on Ethernets a packet being forwarded by RBridges looked like:
outer header: source=transmitting RBridge, dest=nexthop RBridge, protocol
type=to be defined
encapsulation header: TTL
original frame
But by making the encapsulation header include "destination RBridge",
and having the RBridges along the path forward based on that, then
they wouldn't need to be forwarding based on endnode MACs, only
RBridge MACs.
Radia
Received: from smtp03.uc3m.es (smtp03.uc3m.es [163.117.136.123]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j4H9Gw329733 for <rbridge@postel.org>; Tue, 17 May 2005 02:16:58 -0700 (PDT)
Received: from smtp03.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id D1FD4495AC for <rbridge@postel.org>; Tue, 17 May 2005 11:16:51 +0200 (CEST)
Received: from [163.117.55.166] (unknown [163.117.55.166]) by smtp03.uc3m.es (Postfix) with ESMTP id 1D8704958C for <rbridge@postel.org>; Tue, 17 May 2005 11:16:51 +0200 (CEST)
Message-ID: <4289B684.5050208@it.uc3m.es>
Date: Tue, 17 May 2005 11:16:52 +0200
From: =?ISO-8859-1?Q?Guillermo_Ib=E1=F1ez?= <gibanez@it.uc3m.es>
User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: gibanez@it.uc3m.es
Subject: [rbridge] Separating endnode info from link state info
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Tue, 17 May 2005 09:18:22 -0000
Status: RO
Content-Length: 6776
Guillermo Ib??ez wrote:
Thanks Radia and Joe for the clarification.
Radia,
In your posting of past 9 March (see below) on VLANs you mention
an optimization: to separate the endnode information from link state
information. This point looks important for scalability and flexibility
of implementation. Decoupling of host information from the routing
protocol seems important because MAC addresses are not hierarchical, do
not consolidate.
One form of separation of endnode information from link state
information (among other possible) is to use the ARP servers approach,
extending it to "ARP&DR" servers. Endnode-Rbridge association
information might reside in the ARP servers and be obtained at the same
time that endnode ARP request is replied. The ARP server replies to DR
with destination endnode MAC and destination endnode DR's MAC so the
routing can work with the destination DR MAC instead of endnode. The DR
MAC is used to route till destination rbridge, the destination endnode
MAC is used to route in the last hop.
Regarding registration, at the same time the DR registers the
requesting ennode at the ARP server, the DR gets also registered,
associated to endnode.
There are other alternatives, like the DRs issuing encapsulated ARPs
that the DR would respond with its MAC and the endnode MACs. Although
both alternatives can be seen as optimizations, the decision to separate
or not endnode-DR association information from link state information is
important. This separation provides also flexibility for implementation
and evolution. This might be beneficial in wireless environments, where
broadcasting a long list of hosts may be an important overhead.
Regards
Guillermo
*Radia Perlman* Radia.Perlman at Sun.COM
<mailto:rbridge%40postel.org?Subject=%5Brbridge%5D%20VLANs&In-Reply-To=1509658726.20050304210311%40psg.com>
/Wed Mar 9 07:59:43 PST 2005/
* Previous message: [rbridge] End station discovery/liveness
detection
<http://www.postel.org/pipermail/rbridge/2005-March/000237.html>
* Next message: [rbridge] VLANs
<http://www.postel.org/pipermail/rbridge/2005-March/000245.html>
* *Messages sorted by:* [ date ]
<http://www.postel.org/pipermail/rbridge/2005-March/date.html#238>
[ thread ]
<http://www.postel.org/pipermail/rbridge/2005-March/thread.html#238>
[ subject ]
<http://www.postel.org/pipermail/rbridge/2005-March/subject.html#238>
[ author ]
<http://www.postel.org/pipermail/rbridge/2005-March/author.html#238>
------------------------------------------------------------------------
There are various ways that we can optimize for VLANs, and as usual, the
choices are
a continuum of tradeoffs between optimality of memory, bandwidth,
complexity, etc.
One thing we should do is have RBridges announce which VLANs they are
supporting
for endnodes. This would have to be configured, which I believe it is
done for bridges.
So each RBridge knows, for each of its links, which VLANs are allowed on
that link.
It announces this information in its link state information.
Now all RBridges know which RBridges are attached to which VLANs.
This now allows confining the broadcast domains. Unknown destinations or
ARP/ND
queries only need to be sent to Designated RBridges attached to the VLAN
in which
the packet originated. Depending on the amount of traffic which is
unicast vs
needing to be flooded (within the VLAN), there is a range of choices of
how to get
a packet to all the nodes within the VLAN. These are the same choices as
for multicast,
which I summarized in an earlier message, but basically it's
a) send through a spanning tree to all RBridges, and DRs only flood onto
their LAN
to endnodes if the packet is for the right VLAN (if we did this we
wouldn't even
need to announce in link state packets which VLANs RBridge supported)
b) send through the same single spanning tree to all RBridges, but an
RBridge looks
downstream, and stops forwarding if there are no RBridges supporting
that VLAN further down
c) compute per-source-RBridge trees, and when RBridge R floods a packet
for VLAN A,
the flooding will be done based on the tree rooted at R, and pruning
will also be done,
as per point b.
Now for known endnodes:
Especially since someone told me that people want the capability to have
overlapping
MAC address spaces among VLANs (the node with MAC address "m" in VLAN A
might be totally different from the node "m" in VLAN B), RBridges, in
their link
state information, should tag what VLAN "m" belongs to.
Given that R knows what VLANs MAC addresses belong to, if R does not support
VLAN B, then there is no reason for R to put MAC addresses for B in its
forwarding table. But if the endnode information is in the regular link
state information
(assume that for now), then R will need to store it so R can participate
in link state
flooding.
Now another optimization: Suppose you want to avoid making R know about any
endnodes except in VLANs that R supports.
Then we could do the distribution of endnode information separately from the
rest of the link state information (the "regular stuff" is the connectivity
of the network consisting of RBridges, and tagging which RBridges are in
which
VLANs).
If R is in VLAN A, then R must inform all the other RBridges attached to
VLAN A
of all of R's VLAN A attached endnodes. If there were enough VLAN A peers in
the campus, it would probably be simplest to just use the regular link state
flooding to distribute the information. However, if that isn't the case,
then
the VLAN A RBridge peers could talk to each other across the cloud to
separately
distribute their endnode information. For instance, it could be sent as
a VLAN A flood, which the core would know how to do (as per the beginning of
this note).
Now, if non-VLAN-A RBridges do not know about the MAC addresses in A,
that can't be what they base their forwarding decision on.
If RBridge is working over MPLS, this isn't a problem, since the MPLS
path leads to the egress RBridge.
If there were only pt-to-pt links (no shared media) we could have the
encapsulation header point to the egress RBridge.
But on shared media, what we can do, at a cost of only 6 additional
bytes, is to also put "egress RBridge ID" into the encapsulation header.
So before on Ethernets a packet being forwarded by RBridges looked like:
outer header: source=transmitting RBridge, dest=nexthop RBridge, protocol
type=to be defined
encapsulation header: TTL
original frame
But by making the encapsulation header include "destination RBridge",
and having the RBridges along the path forward based on that, then
they wouldn't need to be forwarding based on endnode MACs, only
RBridge MACs.
Radia
Received: from mail-mta.sunlabs.com (dyn50.sunlabs.com [204.153.12.50]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j4CKTF619338 for <rbridge@postel.org>; Thu, 12 May 2005 13:29:15 -0700 (PDT)
Received: from sml-sfvt3a.sfvic.sunlabs.com ([152.70.2.254]) by mail-mta.sfvic.sunlabs.com (Sun Java System Messaging Server 6.1 HotFix 0.02 (built Aug 25 2004)) with ESMTP id <0IGE0046C8WKBC00@mail-mta.sfvic.sunlabs.com> for rbridge@postel.org; Thu, 12 May 2005 13:29:08 -0700 (PDT)
Received: from sunlabs.com ([152.70.2.254]) by mail-srv.sfvic.sunlabs.com (Sun Java System Messaging Server 6.1 HotFix 0.02 (built Aug 25 2004)) with ESMTP id <0IGE004NF8WJXA30@mail-srv.sfvic.sunlabs.com> for rbridge@postel.org; Thu, 12 May 2005 13:29:08 -0700 (PDT)
Received: from [152.70.2.164] (Forwarded-For: [198.181.231.11]) by mail-srv.sfvic.sunlabs.com (mshttpd); Thu, 12 May 2005 16:29:07 -0400
Date: Thu, 12 May 2005 16:29:07 -0400
From: Radia.Perlman@sun.com
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
Message-id: <1021abe52bfc.42838453@sunlabs.com>
MIME-version: 1.0
X-Mailer: Sun Java(tm) System Messenger Express 6.1 HotFix 0.02 (built Aug 25 2004)
Content-type: text/plain; charset=iso-8859-1
Content-language: en
Content-disposition: inline
X-Accept-Language: en
Priority: normal
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: radia.perlman@sun.com
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by boreas.isi.edu id j4CKTF619338
Subject: Re: [rbridge] Max Network size / ARP servers
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2005 20:30:03 -0000
Status: RO
Content-Length: 2453
And to underline what Joe said, yes, a good case can be made for the usefulness
of having multiple spanning trees (to minimize number of packet-hops for
the core to distribute packets within a single VLAN, or for optimized IP multicast, or
to avoid out of order delivery when switching between destination unknown and destination
known). It's easy to compute multiple spanning trees by
running a single link state instance (which gives enough information to calculate per-VLAN
spanning trees, or per-ingress Rbridge spanning trees. I'm not sure I would explain multiple
spanning trees as making this more scalable, but rather as optimizing multicast delivery.
The scaling improvement comes in when endnode location advertisement is confined to
the RBridges that support that VLAN.
Radia
----- Original Message -----
From: Joe Touch <touch@ISI.EDU>
Date: Thursday, May 12, 2005 4:00 pm
Subject: Re: [rbridge] Max Network size / ARP servers
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Guillermo Ib??ez wrote:
> ...
> >>>>>Some measurements on ARP load are available at:
> >>>>>http://100x100network.org/papers/myers-hotnets2004.pdf
> >>>>>
> >>
> >>> Myers extrapolations in the paper are higher ( I do not know
> his
> >>> rationale) than mine.
> >>
> >> There are also other economies of scale possible in an RBridge -
> >> broadcasts can be more efficient than in a spanning tree
> because there
> >> can be multiple broadcast trees inside the RBridge campus.
> >>
> > Sorry, I do not catch this argument. Multiple spanning trees are
> not
> > exclusive of Rbridges, any bridge can use them (with MSTP or
> future
> > simplifications or evolutions of it).
>
> We already note the need to use multiple spanning trees in RBridge to
> match the way routing supports multiple paths, as well as for
> differentVLANs.
>
> I.e., the need for multiple spanning trees is already assumed in
> RBridges for other reasons. Agreed, it's not unique to RBridges, but
> it's already there at least.
>
> Joe
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFCg7XsE5f5cImnZrsRAnr/AJ982BN5t6UEnmiwNn8SfECIO0jhmACgiuao
> 01WJDByU8Funcu2FYoJBP+g=
> =eE69
> -----END PGP SIGNATURE-----
> _______________________________________________
> rbridge mailing list
> rbridge@postel.org
> http://www.postel.org/mailman/listinfo/rbridge
>
Received: from [128.9.168.55] (upn.isi.edu [128.9.168.55]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j4CK2i610849; Thu, 12 May 2005 13:02:50 -0700 (PDT)
Message-ID: <4283B5EC.9080705@isi.edu>
Date: Thu, 12 May 2005 13:00:44 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es> <4278F046.7090305@isi.edu> <427B2BBD.2070303@it.uc3m.es> <427B819F.2060900@isi.edu> <427B8CCA.70200@it.uc3m.es> <427B90A1.3070609@isi.edu> <427B9767.5080200@it.uc3m.es> <427B9EC9.8050609@isi.edu> <427C8848.9030709@it.uc3m.es> <427FE47E.3090303@isi.edu> <42807597.9070408@it.uc3m.es> <42810254.3040309@isi.edu> <42820A84.7090209@it.uc3m.es> <42828AC1.2050704@isi.edu> <42830D9E.4090305@it.uc3m.es>
In-Reply-To: <42830D9E.4090305@it.uc3m.es>
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: Re: [rbridge] Max Network size / ARP servers
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2005 20:04:31 -0000
Status: RO
Content-Length: 1274
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Guillermo Ib??ez wrote:
...
>>>>>Some measurements on ARP load are available at:
>>>>>http://100x100network.org/papers/myers-hotnets2004.pdf
>>>>>
>>
>>> Myers extrapolations in the paper are higher ( I do not know his
>>> rationale) than mine.
>>
>> There are also other economies of scale possible in an RBridge -
>> broadcasts can be more efficient than in a spanning tree because there
>> can be multiple broadcast trees inside the RBridge campus.
>>
> Sorry, I do not catch this argument. Multiple spanning trees are not
> exclusive of Rbridges, any bridge can use them (with MSTP or future
> simplifications or evolutions of it).
We already note the need to use multiple spanning trees in RBridge to
match the way routing supports multiple paths, as well as for different
VLANs.
I.e., the need for multiple spanning trees is already assumed in
RBridges for other reasons. Agreed, it's not unique to RBridges, but
it's already there at least.
Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCg7XsE5f5cImnZrsRAnr/AJ982BN5t6UEnmiwNn8SfECIO0jhmACgiuao
01WJDByU8Funcu2FYoJBP+g=
=eE69
-----END PGP SIGNATURE-----
Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.136.121]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j4CIBq604758 for <rbridge@postel.org>; Thu, 12 May 2005 11:11:53 -0700 (PDT)
Received: from smtp01.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id 7BFC65D89C for <rbridge@postel.org>; Thu, 12 May 2005 20:11:46 +0200 (CEST)
Received: from [163.117.252.226] (vpn-252-226.uc3m.es [163.117.252.226]) by smtp01.uc3m.es (Postfix) with ESMTP id 3910A5D8AA for <rbridge@postel.org>; Thu, 12 May 2005 20:11:45 +0200 (CEST)
Message-ID: <42839C5D.1060703@it.uc3m.es>
Date: Thu, 12 May 2005 20:11:41 +0200
From: =?ISO-8859-1?Q?Guillermo_Ib=E1=F1ez?= <gibanez@it.uc3m.es>
User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: gibanez@it.uc3m.es
Subject: [rbridge] Control plane scalability
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2005 18:13:22 -0000
Status: RO
Content-Length: 3757
[rbridge] Control plane scalability
*
*Guillermo Ib??ez wrote:
Alex,
I join this discussion a bit late..., but it looks still quite
open and your main points look unanswered.
I support the idea of a "cloud of rbridges" supporting a
50.000-100.000 hosts networks and 1000 VLANs. I see this kind of
"target" network for rbridges somewhere in the middle between current
enterprise networks and MANs. It makes little sense to design new
devices for current network sizes. One key difference of thowever is
that there would be only one administrator/owner of the complete network
and hosts.
The topology that I think might scale is to consider two levels:
a core of rbridges strongly interconnected with multiple spanning trees,
rooted (preferably, for optimum path) each tree at each edge rbridge.
Every edge rbridge acts also as the root of its own spanning tree
network (second level) below. The path from host to host in this type of
network may be optimum for traffic crossing the core (the dominant part
of traffic in the current client-server model) if one of the edge
bridges in the core path is the root.
To progress on scalability discussion I would suggest first to
agree on maximum network size to set a basis for scalability
discussions. Once the size limit is set, it is easier to choose between
multi-topology and multi-instance solutions.
* *The contradiction and difficulty I see with handling VLANs is
that VLANs may collide a bit with the selfconfiguration objective,
unless VLAN assignment is fully automatic and VLAN to tree association
is also automatic, as it is the case of VLAN tag (in the core)
associated to MAC address of edge bridge, like in Global Open Ethernet
[NEC, Iwata].
Guillermo
*
Alex Zinin* zinin at psg.com
<mailto:rbridge%40postel.org?Subject=%5Brbridge%5D%20Control%20plane%20scalability&In-Reply-To=p06200714be4e9a4e4b59%40%5B10%5C.0%5C.0%5C.171%5D>
/Fri Mar 4 15:39:17 PST 2005/
------------------------------------------------------------------------
Margaret,
Sounds like an interesting topic :)
--
Alex
http://www.psg.com/~zinin <http://www.psg.com/%7Ezinin>
Friday, March 4, 2005, 3:13:33 PM, Margaret Wasserman wrote:
>/ Hi Alex,
/
>>>/ Are you planning to build one massive device that would run all of the
/>>>/ bridging and routing for this 50,000 node network?
/>>/
/>>/Margaret, when building switched Ethernet networks today, folks don't build
/>>/different broadcast domains using separate sets of single-VLAN
/>>/devices. Neither
/>>/they use a single massive device to connect all stations 50,000 as you suggest
/>>/above. They build VLANs using multi-VLAN switches connected by VLAN trunks.
/>>/Those VLANs are distributed location-wise, and switches in the core of the
/>>/network have visibility to most (if not all) VLANs through those trunks.
/
>/ Yes, I am somewhat aware of these deployments, but I don't understand why
/>/ this implies that the core switches would be rbridges and/or why they would be
/>/ part of most of the rbridge clouds.
/
>/ Maybe we can talk about this when we have a whiteboard handy? I'm not
/>/ trying to score debating points here . I think we're just thinking
/>/ about this differently,
/>/ and I'd like to understand how you believe the topology will work as opposed
/>/ to how I think it will work.
/
>/ Margaret
/
------------------------------------------------------------------------
* Previous message: [rbridge] Control plane scalability
<http://www.postel.org/pipermail/rbridge/2005-March/000234.html>
* Next message: [rbridge] Need scribe and jabber scribe for
tomorrows TRILL
<http://www.postel.org/pipermail/rbridge/2005-March/000239.html>
Received: from ind-iport-1.cisco.com (ind-iport-1.cisco.com [64.104.129.195]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j4CEc2620212 for <rbridge@postel.org>; Thu, 12 May 2005 07:38:02 -0700 (PDT)
Received: from india-core-1.cisco.com (64.104.129.221) by ind-iport-1.cisco.com with ESMTP; 12 May 2005 20:16:42 +0530
X-BrightmailFiltered: true
X-Brightmail-Tracker: AAAAAA==
X-IronPort-AV: i="3.93,100,1114972200"; d="scan'208"; a="34362209:sNHT25473800"
Received: from codc-mira-1.cisco.com (IDENT:mirapoint@codc-mira-1.cisco.com [192.122.173.20]) by india-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id j4CK6dKh002889; Thu, 12 May 2005 20:06:39 GMT
Received: from [10.77.202.135] ([10.77.202.135]) by codc-mira-1.cisco.com (MOS 3.4.6-GR) with ESMTP id AJW84787; Thu, 12 May 2005 20:07:49 +0530 (IST)
Message-ID: <42836A3D.80705@cisco.com>
Date: Thu, 12 May 2005 20:07:49 +0530
From: Ganesh CS <gsankara@cisco.com>
User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: greg.daley@eng.monash.edu.au, "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <4276E2D8.6080609@eng.monash.edu.au> <4277AE1C.5020104@sun.com> <42781756.40704@eng.monash.edu.au> <42782273.5060608@sun.com> <42783E5D.9000107@eng.monash.edu.au> <427BDDFD.7060209@sun.com> <428036EE.8000102@eng.monash.edu.au>
In-Reply-To: <428036EE.8000102@eng.monash.edu.au>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: gsankara@cisco.com
Subject: Re: [rbridge] Existing issues in root bridge selection for LANs.
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2005 14:39:19 -0000
Status: RO
Content-Length: 2114
Hi Greg,
Greg Daley wrote:
[cut]
>>>I'm not sure if the RB as Root Bridge idea is always beneficial, but
>>>would it be worth looking into?
>>>
>>>
>>I think so.
>>I think we also need to figure out how to get smooth failover when RB1
>>fails and we want the designed bridge for the sub-topology to become
>>RB2, and have the bridges quickly discard their learned information
>>which points at the dead RB1.
>>Having the designated RB look like the root bridge to the rest of the
>>bridges (or look like the shortest cost to the root bridge) is one way
>>to make the failover smooth for the bridges.
>>But there might be other ways to accomplish this.
>>
>>
>
>It's fairly simple, with the way that root bridge selection works
>in 802.1D, to just make the bridge ID preference higher
>(making it slightly less desirable) for the backup.
>
>
Here are we talking about Rbridges running 802.1D as well on the edges
connecting to 802.1D based bridges or Rbridges will not run 802.1D ?
In the former case, default bridge priority of Rbridges can be set to
make them more preferred so that RB1 to RB2 bridge fail over is smooth.
In the latter case, a mechanism such as the one you have described is
required. I have a question here. Assuming such a mechanism is in place
then consider the following diag.
R1 R2
| |
RB3 RB4
| |
| |
<cloud of bridges>
| |
RB1 RB2
| |
| |
R4 R3
Here RB1 and RB2 will be trying to make their neighbors as root. From
the other end, RB3 and RB4 will also be involved in a similar effort.
How do we detect/accomodate this case ?
Ganesh
>The minor trick is to allow explicit configuration of other bridges
>as root, where the automated root isn't going to be suitable (for
>example, the 'top' network). This reduces the administrative load to
>a single LAN though.
>
>Greg
>_______________________________________________
>rbridge mailing list
>rbridge@postel.org
>http://www.postel.org/mailman/listinfo/rbridge
>
>
>
Received: from smtp02.uc3m.es (smtp02.uc3m.es [163.117.136.122]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j4C83H611125 for <rbridge@postel.org>; Thu, 12 May 2005 01:03:18 -0700 (PDT)
Received: from smtp02.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id DD2C649F1C for <rbridge@postel.org>; Thu, 12 May 2005 10:02:38 +0200 (CEST)
Received: from [163.117.252.226] (vpn-252-226.uc3m.es [163.117.252.226]) by smtp02.uc3m.es (Postfix) with ESMTP id 579F349CDF for <rbridge@postel.org>; Thu, 12 May 2005 10:02:38 +0200 (CEST)
Message-ID: <42830D9E.4090305@it.uc3m.es>
Date: Thu, 12 May 2005 10:02:38 +0200
From: =?ISO-8859-1?Q?Guillermo_Ib=E1=F1ez?= <gibanez@it.uc3m.es>
User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es> <4278F046.7090305@isi.edu> <427B2BBD.2070303@it.uc3m.es> <427B819F.2060900@isi.edu> <427B8CCA.70200@it.uc3m.es> <427B90A1.3070609@isi.edu> <427B9767.5080200@it.uc3m.es> <427B9EC9.8050609@isi.edu> <427C8848.9030709@it.uc3m.es> <427FE47E.3090303@isi.edu> <42807597.9070408@it.uc3m.es> <42810254.3040309@isi.edu> <42820A84.7090209@it.uc3m.es> <42828AC1.2050704@isi.edu>
In-Reply-To: <42828AC1.2050704@isi.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: gibanez@it.uc3m.es
Subject: Re: [rbridge] Max Network size / ARP servers
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2005 08:03:46 -0000
Status: RO
Content-Length: 2792
Guillermo Ib??ez wrote:
Joe Touch wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>
>Guillermo Ib??ez wrote:
>...
>
>
>> would consider big a network (single broadcast domain) with 25.000
>>-100.000 hosts. But this could fall short.
>>As stated in the paper, the ARP cache policy in hosts (Windows) is as
>>follows: unused entries in last two minutes expire, the refreshed ones
>>are allowed a maximum of 10 minutes, then a new ARP request will be
>>sent. Measurements, (see below at the end of mail) are based on the
>>current caching at endhosts, so the caching effect is already included.
>>Regarding snooping, I agree that snooping of broadcast responses at
>>proxy-ARPs will reduce the load.
>>
>>
>
>We agree that this is a problem for a sufficiently large network. As
>I've already noted, there are two things RBridges are not uniquely
>trying to solve:
> a) increased size of L2 subnets
> b) insecurity of ARP
>
>Solutions to either should work fine in an RBridge scenario, but are not
>part of the prerequisites of the RBridge architecture.
>
>Although an RBridge may encourage large subnets - larger than are
>currently typical - so do large L2 switches. There are solutions in that
>space to reduce broadcasts (IGMP snooping, proxy ARP, etc.) that might
>apply just fine here, but aren't worth (IMO) mentioning explicitly.
>
>
>
Agreed, no explicit recommendation of any procedure to reduce broadcasts.
>As you noted, there are plenty of challenges with proxy ARP - hashing,
>load balancing, fault tolerance, etc. But all those solutions will
>benefit all L2 subnet systems, and are not specific to RBridges.
>
>...
>
>
>>>>Some measurements on ARP load are available at:
>>>>http://100x100network.org/papers/myers-hotnets2004.pdf
>>>>
>>>>
Myers extrapolations in the paper are higher ( I do not know his
rationale) than mine.
>There are also other economies of scale possible in an RBridge -
>broadcasts can be more efficient than in a spanning tree because there
>can be multiple broadcast trees inside the RBridge campus.
>
>
>
Sorry, I do not catch this argument. Multiple spanning trees are not
exclusive of Rbridges, any bridge can use them (with MSTP or future
simplifications or evolutions of it).
>Overall, as said before, I don't think this is an issue specific to
>RBridges. Does anyone else??
>
>
>Joe
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.4 (MingW32)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFCgorBE5f5cImnZrsRAkaUAKDZQjpYaUGIpK/MvUJ3JSTTKkRwZACffAy3
>+PD5qUt+CspyFRTAjks1XVg=
>=ciB6
>-----END PGP SIGNATURE-----
>_______________________________________________
>rbridge mailing list
>rbridge@postel.org
>http://www.postel.org/mailman/listinfo/rbridge
>
>
>
Received: from [128.9.168.55] (upn.isi.edu [128.9.168.55]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j4BMkI603442; Wed, 11 May 2005 15:46:18 -0700 (PDT)
Message-ID: <42828AC1.2050704@isi.edu>
Date: Wed, 11 May 2005 15:44:17 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es> <4278F046.7090305@isi.edu> <427B2BBD.2070303@it.uc3m.es> <427B819F.2060900@isi.edu> <427B8CCA.70200@it.uc3m.es> <427B90A1.3070609@isi.edu> <427B9767.5080200@it.uc3m.es> <427B9EC9.8050609@isi.edu> <427C8848.9030709@it.uc3m.es> <427FE47E.3090303@isi.edu> <42807597.9070408@it.uc3m.es> <42810254.3040309@isi.edu> <42820A84.7090209@it.uc3m.es>
In-Reply-To: <42820A84.7090209@it.uc3m.es>
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: Re: [rbridge] Max Network size / ARP servers
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2005 22:47:18 -0000
Status: RO
Content-Length: 2733
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Guillermo Ib??ez wrote:
...
> would consider big a network (single broadcast domain) with 25.000
> -100.000 hosts. But this could fall short.
> As stated in the paper, the ARP cache policy in hosts (Windows) is as
> follows: unused entries in last two minutes expire, the refreshed ones
> are allowed a maximum of 10 minutes, then a new ARP request will be
> sent. Measurements, (see below at the end of mail) are based on the
> current caching at endhosts, so the caching effect is already included.
> Regarding snooping, I agree that snooping of broadcast responses at
> proxy-ARPs will reduce the load.
We agree that this is a problem for a sufficiently large network. As
I've already noted, there are two things RBridges are not uniquely
trying to solve:
a) increased size of L2 subnets
b) insecurity of ARP
Solutions to either should work fine in an RBridge scenario, but are not
part of the prerequisites of the RBridge architecture.
Although an RBridge may encourage large subnets - larger than are
currently typical - so do large L2 switches. There are solutions in that
space to reduce broadcasts (IGMP snooping, proxy ARP, etc.) that might
apply just fine here, but aren't worth (IMO) mentioning explicitly.
As you noted, there are plenty of challenges with proxy ARP - hashing,
load balancing, fault tolerance, etc. But all those solutions will
benefit all L2 subnet systems, and are not specific to RBridges.
...
>>>Some measurements on ARP load are available at:
>>>http://100x100network.org/papers/myers-hotnets2004.pdf
...
> I did not refer to this paper to support the solution proposed, but only
> as reference for the ARP measurements provided. Results were: 89 ARPs
> per second on average in a 2.456 hosts network, with peak load of 1150
> ARPs/second. For a network with 25.000 hosts (ten times size), this
> means 900 ARPs /second on average and 11.500 ARPs packets (peak) to
> process on every host.
Just because there are 10x as many hosts doesn't mean there will be 10x
as many ARPs, notably because there won't typically be 10x as many
routers to the rest of the Internet.
There are also other economies of scale possible in an RBridge -
broadcasts can be more efficient than in a spanning tree because there
can be multiple broadcast trees inside the RBridge campus.
Overall, as said before, I don't think this is an issue specific to
RBridges. Does anyone else??
Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCgorBE5f5cImnZrsRAkaUAKDZQjpYaUGIpK/MvUJ3JSTTKkRwZACffAy3
+PD5qUt+CspyFRTAjks1XVg=
=ciB6
-----END PGP SIGNATURE-----
Received: from smtp02.uc3m.es (smtp02.uc3m.es [163.117.136.122]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j4BDbE609259 for <rbridge@postel.org>; Wed, 11 May 2005 06:37:15 -0700 (PDT)
Received: from smtp02.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id 329E14A4FA for <rbridge@postel.org>; Wed, 11 May 2005 15:37:08 +0200 (CEST)
Received: from [163.117.139.216] (gibanez.it.uc3m.es [163.117.139.216]) by smtp02.uc3m.es (Postfix) with ESMTP id 1E74D4A575 for <rbridge@postel.org>; Wed, 11 May 2005 15:37:08 +0200 (CEST)
Message-ID: <42820A84.7090209@it.uc3m.es>
Date: Wed, 11 May 2005 15:37:08 +0200
From: =?ISO-8859-1?Q?Guillermo_Ib=E1=F1ez?= <gibanez@it.uc3m.es>
User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es> <4278F046.7090305@isi.edu> <427B2BBD.2070303@it.uc3m.es> <427B819F.2060900@isi.edu> <427B8CCA.70200@it.uc3m.es> <427B90A1.3070609@isi.edu> <427B9767.5080200@it.uc3m.es> <427B9EC9.8050609@isi.edu> <427C8848.9030709@it.uc3m.es> <427FE47E.3090303@isi.edu> <42807597.9070408@it.uc3m.es> <42810254.3040309@isi.edu>
In-Reply-To: <42810254.3040309@isi.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: gibanez@it.uc3m.es
Subject: Re: [rbridge] Max Network size / ARP servers
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2005 13:37:33 -0000
Status: RO
Content-Length: 4924
Guillermo Iba?ez wrote:
Joe Touch wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>
>Guillermo Ib??ez wrote:
>...
>
>
>>We must be aware of the high cost of ARP processing cost in hosts of a
>>big network under the basic broadcast ARP approach.
>>
>>
>
>It's a question of what BIG means. First, broadcast is the backup
>anyway. Second, caching at endhosts and snooping of broadcast responses
>reduces request load.
>
>
I would consider big a network (single broadcast domain) with 25.000
-100.000 hosts. But this could fall short.
As stated in the paper, the ARP cache policy in hosts (Windows) is as
follows: unused entries in last two minutes expire, the refreshed ones
are allowed a maximum of 10 minutes, then a new ARP request will be
sent. Measurements, (see below at the end of mail) are based on the
current caching at endhosts, so the caching effect is already included.
Regarding snooping, I agree that snooping of broadcast responses at
proxy-ARPs will reduce the load.
>Finally, I may be in the minority here, but this has nothing to do with
>RBridge. I don't see the primary benefit of RBridge to support scaling
>to millions of nodes on an L2 net, nor do I see it as an opportunity to
>rewrite how ARP is implemented.
>
>Knwon optimizations can always be applied, but the core of its operation
>in this regard is to support conventional broadcast services. ARP is no
>different than any other broadcast service in that regard.
>
>
Conventional broadcast services must be supported. The difference of ARP
vs other broadcast services I see is the load imposed to hosts in big
networks.
>...
>
>
>>ARP servers can support replication. The point is whether it is an
>>objective to improve ARP security or the current situation is acceptable
>>in the foreseable big networks.
>>
>>
>
>RBridges are designed to replace bridges to improve routing, not to
>improve ARP security - the latter of which needs its own solution. Given
>that solution, it can certainly be supported in an RBridge, but I don't
>see why we would consider RBridges to uniqely enable or require it.
>
>
>
I agree ARP is a side issue for Rbridges, but as Rbridges usage may
increase sharply the broadcast domain size, they are indirectly the
cause of the load to hosts, so it can not be ignored.
>...
>
>
>>>>What does the ARP server do with a request of the destination if it
>>>>hasn't seen any communication from that host before?
>>>>
>>>>
>>Flooding, of course. Flooding is unavoidable at the end, but must be
>>kept to a minimum for big networks to not use up hosts processing power.
>>
>>
>...
>
>
>>>>What I would like to see is a comparison between the cach?s
>>>>(distributed server/register) approach with the current ARP proxy
>>>>approach considering all aspects: engineering, security, broadcast
>>>>volume, etc
>>>>
>>>>
>>>See LANE and other NBMA literature. There are benefits, but there are
>>>also substantial robustness issues. Note that we can do NOTHING to avoid
>>>flooding when speaking to systems that haven't spoken yet - we won't
>>>find them at all unless the ARP emerges at the right egress link (L2
>>>network), and there's no way to know a-priori which one that will be.
>>>
>>>
>>>
>>I will look at it, but I do not think it is the same thing.
>>
>>
>
>Both use the same solution to avoiding broadcast - a centralized ARP server.
>
>
>
Not exactly one centralized server. There would be multiple servers
with distributed load (by IP hashing), each of partial servers may have
replication. An specific protocol would be required for it. We can
think also on Distributed Hash Tables but performance does not seem
adequate.
>>>Some measurements on ARP load are available at:
>>>http://100x100network.org/papers/myers-hotnets2004.pdf
>>>
>>>
>
>That paper has some interesting positions, but that would be open
>research. When a solution has been developed and tested, it might be
>considered for standardization. Since this is not an IRTF effort,
>though, that would be future work, IMO.
>
>Joe
>
>
I did not refer to this paper to support the solution proposed, but only
as reference for the ARP measurements provided. Results were: 89 ARPs
per second on average in a 2.456 hosts network, with peak load of 1150
ARPs/second. For a network with 25.000 hosts (ten times size), this
means 900 ARPs /second on average and 11.500 ARPs packets (peak) to
process on every host.
Guillermo
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.4 (MingW32)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFCgQJUE5f5cImnZrsRAnCTAKD5v0cnZuarZZrNnn673nsNYQzZzACcCMz1
>nDUUaT/jinVhlwJxYltXwq4=
>=G783
>-----END PGP SIGNATURE-----
>_______________________________________________
>rbridge mailing list
>rbridge@postel.org
>http://www.postel.org/mailman/listinfo/rbridge
>
>
>
Received: from mailout1.samsung.com (mailout1.samsung.com [203.254.224.24]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j4B0I0608424 for <rbridge@postel.org>; Tue, 10 May 2005 17:18:01 -0700 (PDT)
Received: from ep_mmp2 (mailout1.samsung.com [203.254.224.24]) by mailout1.samsung.com (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IGA000MNU5THF@mailout1.samsung.com> for rbridge@postel.org; Wed, 11 May 2005 09:17:54 +0900 (KST)
Received: from Alperyegin ([105.144.29.41]) by mmp2.samsung.com (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23 2003)) with ESMTPA id <0IGA004NNU5Q9M@mmp2.samsung.com> for rbridge@postel.org; Wed, 11 May 2005 09:17:53 +0900 (KST)
Date: Tue, 10 May 2005 17:17:11 -0700
From: Alper Yegin <alper.yegin@samsung.com>
In-reply-to: <42810254.3040309@isi.edu>
To: "'Developing a hybrid router/bridge.'" <rbridge@postel.org>
Message-id: <00e201c555be$c8c15db0$291d9069@sisa.samsung.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Mailer: Microsoft Outlook, Build 10.0.2627
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: alper.yegin@samsung.com
Subject: Re: [rbridge] Max Network size / ARP servers
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2005 00:18:27 -0000
Status: RO
Content-Length: 601
> RBridges are designed to replace bridges to improve routing, not to
> improve ARP security - the latter of which needs its own solution.
Given
> that solution, it can certainly be supported in an RBridge, but I
don't
> see why we would consider RBridges to uniqely enable or require it.
I agree. Use of an ARP server may be an additional optimization which
can be built on top of Rbridged network, much like other types of
networks. But I think we can and shall keep this separate unless there
is some specific Rbridge feature that requires presence of ARP servers
(which I can't see....)
Alper
Received: from [128.9.168.55] (upn.isi.edu [128.9.168.55]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j4AIpw626905; Tue, 10 May 2005 11:51:58 -0700 (PDT)
Message-ID: <42810254.3040309@isi.edu>
Date: Tue, 10 May 2005 11:49:56 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es> <4278F046.7090305@isi.edu> <427B2BBD.2070303@it.uc3m.es> <427B819F.2060900@isi.edu> <427B8CCA.70200@it.uc3m.es> <427B90A1.3070609@isi.edu> <427B9767.5080200@it.uc3m.es> <427B9EC9.8050609@isi.edu> <427C8848.9030709@it.uc3m.es> <427FE47E.3090303@isi.edu> <42807597.9070408@it.uc3m.es>
In-Reply-To: <42807597.9070408@it.uc3m.es>
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: Re: [rbridge] Max Network size / ARP servers
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2005 18:53:30 -0000
Status: RO
Content-Length: 2919
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Guillermo Ib??ez wrote:
...
> We must be aware of the high cost of ARP processing cost in hosts of a
> big network under the basic broadcast ARP approach.
It's a question of what BIG means. First, broadcast is the backup
anyway. Second, caching at endhosts and snooping of broadcast responses
reduces request load.
Finally, I may be in the minority here, but this has nothing to do with
RBridge. I don't see the primary benefit of RBridge to support scaling
to millions of nodes on an L2 net, nor do I see it as an opportunity to
rewrite how ARP is implemented.
Knwon optimizations can always be applied, but the core of its operation
in this regard is to support conventional broadcast services. ARP is no
different than any other broadcast service in that regard.
...
> ARP servers can support replication. The point is whether it is an
> objective to improve ARP security or the current situation is acceptable
> in the foreseable big networks.
RBridges are designed to replace bridges to improve routing, not to
improve ARP security - the latter of which needs its own solution. Given
that solution, it can certainly be supported in an RBridge, but I don't
see why we would consider RBridges to uniqely enable or require it.
...
>>>What does the ARP server do with a request of the destination if it
>>>hasn't seen any communication from that host before?
>
> Flooding, of course. Flooding is unavoidable at the end, but must be
> kept to a minimum for big networks to not use up hosts processing power.
...
>>>What I would like to see is a comparison between the cach?s
>>>(distributed server/register) approach with the current ARP proxy
>>>approach considering all aspects: engineering, security, broadcast
>>>volume, etc
>>
>> See LANE and other NBMA literature. There are benefits, but there are
>> also substantial robustness issues. Note that we can do NOTHING to avoid
>> flooding when speaking to systems that haven't spoken yet - we won't
>> find them at all unless the ARP emerges at the right egress link (L2
>> network), and there's no way to know a-priori which one that will be.
>>
> I will look at it, but I do not think it is the same thing.
Both use the same solution to avoiding broadcast - a centralized ARP server.
>> Some measurements on ARP load are available at:
>> http://100x100network.org/papers/myers-hotnets2004.pdf
That paper has some interesting positions, but that would be open
research. When a solution has been developed and tested, it might be
considered for standardization. Since this is not an IRTF effort,
though, that would be future work, IMO.
Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCgQJUE5f5cImnZrsRAnCTAKD5v0cnZuarZZrNnn673nsNYQzZzACcCMz1
nDUUaT/jinVhlwJxYltXwq4=
=G783
-----END PGP SIGNATURE-----
Received: from smtp03.uc3m.es (smtp03.uc3m.es [163.117.136.123]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j4A8ne615254 for <rbridge@postel.org>; Tue, 10 May 2005 01:49:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with SMTP id B75B04937F for <rbridge@postel.org>; Tue, 10 May 2005 10:49:34 +0200 (CEST)
Received: from [163.117.55.166] (unknown [163.117.55.166]) by smtp03.uc3m.es (Postfix) with ESMTP id 645EC49338; Tue, 10 May 2005 10:49:26 +0200 (CEST)
Message-ID: <42807597.9070408@it.uc3m.es>
Date: Tue, 10 May 2005 10:49:27 +0200
From: =?ISO-8859-1?Q?Guillermo_Ib=E1=F1ez?= <gibanez@it.uc3m.es>
User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es> <4278F046.7090305@isi.edu> <427B2BBD.2070303@it.uc3m.es> <427B819F.2060900@isi.edu> <427B8CCA.70200@it.uc3m.es> <427B90A1.3070609@isi.edu> <427B9767.5080200@it.uc3m.es> <427B9EC9.8050609@isi.edu> <427C8848.9030709@it.uc3m.es> <427FE47E.3090303@isi.edu>
In-Reply-To: <427FE47E.3090303@isi.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: gibanez@it.uc3m.es
Subject: Re: [rbridge] Max Network size / ARP servers
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2005 08:50:51 -0000
Status: RO
Content-Length: 6287
Guillermo Ib??ez wrote:
Joe Touch wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>
>Guillermo Ib??ez wrote:
>
>
>>>>>>I wonder if an ARP server/registrar approach can be foreseen as an
>>>>>>alternative or complementary strategy. The Designated Rbridge registers
>>>>>>each host, when an ARP is received, at a (distributed) ARP server.
>>>>>>
>>>>>>
>>>>>When an ARP reply is received, that can be done. But the first ARP to an
>>>>>otherwise unknown host, which has silently attached to a stub at an
>>>>>RBridge ingress, is unknown. The only way to find it is to flood.
>>>>>
>>>>>
>>>>True. But this is the only case.
>>>>
>>>>
>>>The problem is that it's the defining case. All others can, as you
>>>observe, be optimized with a variety of engineering solutions. IMO, none
>>>are all that interesting - ARP already caches at the endhost anyway.
>>>
>>>
>>Yes. But till then you avoid in many cases to do flood.
>>
>>
>
>I'm not convinced about the "many" part; as I mentioned, the endsystems
>cache. There are also snooping issues - ARP replies, if broadcast, can
>preload these caches. By looking for ways to avoid flooding, we avoid
>some of the optimizations already designed into ARP.
>
>
>
>That said, this is where a good study would help; it's premature to do
>anything except provide basic functionality (broadcast ARP) and mention
>that optimizations MAY be useful, IMO.
>
>
>
We must be aware of the high cost of ARP processing cost in hosts of a
big network under the basic broadcast ARP approach.
>>>>>>This
>>>>>>can help to enforce security (like preventing MAC spoofing) and also
>>>>>>ensure ARP resolution in one step without broadcast.
>>>>>>
>>>>>>
>>>>>Correct the above if not correct, but assuming that there is no way to
>>>>>secure ARP that doesn't modify ARP too.
>>>>>
>>>>>
>>>>ARP query would be performed by the Designated Router (encapsulated
>>>>query directed to the ARP server).
>>>>
>>>>
>>>The ARPs are originated outside the campus; the two options are to
>>>encapsulate the ARP and broadcast it or to encapsulate it and send it to
>>>an internal cache (the ARP server). Neither is secure, since they are
>>>triggered by external, unauthenticated ARPs.
>>>
>>>
>>>
>>I do not understand this "outside" origination of ARPs. My
>>understanding is that ARPs are sent by local hosts or routers.
>>
>>
>
>I've been speaking of ARPs as originating outside the RBridge, from
>hosts connected to egress RBridges. Those ARPs are not performed by the
>Designated Router; they just arrive at the egress.
>
>The discussion of Designated Routers in the I-D is an optimization; I've
>been speaking of the base case. Base case ARPs cannot be authenticated.
>
>>>>I am not expert, but I guess the
>>>>server can autenticate the DRs.
>>>>
>>>>
>>>Sure - but that only authenticates the internal cache; there's no way to
>>>authenticate the initial broadcast whose reply is used to populate the
>>>cache.
>>>
>>>
>>>
>>But the cach?, as a centralized point, can detect duplicated addresses
>>and other abnormal behaviour....
>>
>>
>
>Sure - but at what cost? Central point of failure? That's not an
>acceptable trade-off, especially to enforce ARP properties that are
>generally not enforced on conventional Ethernet LANs.
>
>...
>
>
ARP servers can support replication. The point is whether it is an
objective to improve ARP security or the current situation is acceptable
in the foreseable big networks.
>>>>An ARP cache query from host would produce from DR two
>>>>packets : a registration of originating host at ARP registrar and an ARP
>>>>query of destination host at ARP server.
>>>>
>>>>
>>>What does the ARP server do with a request of the destination if it
>>>hasn't seen any communication from that host before?
>>>
>>>
>>>
>>Flooding, of course. Flooding is unavoidable at the end, but must be
>>kept to a minimum for big networks to not use up hosts processing power.
>>
>>
>
>Agreed. But L2 semantics include flooding; ARP isn't the only use of
>broadcast.
>
>
Rigth. But I do not think much flooding will be received by hosts due to
unknown host destination. The host response triggers the MAC learning.
>
>
>>We can think of new mechanisms for cach?s (ARP servers), as they
>>implement a centralized function for a set of IP addresses, to track
>>hosts mobility.
>>
>>
>
>What you're proposing is to turn an RBridge into an NBMA (non-broadcast,
>multiaccess network), and to push ARP into a server, ala ATM LAN
>Emulation (LANE). I see that as a step backwards, esp. because, as noted
>above, ARP isn't the only use of broadcast.
>
>
>
May be I am misunderstood. I do not exclude broadcast, only broadcast
for ARP.
>>What I would like to see is a comparison between the cach?s
>>(distributed server/register) approach with the current ARP proxy
>>approach considering all aspects: engineering, security, broadcast
>>volume, etc
>>
>>
>
>See LANE and other NBMA literature. There are benefits, but there are
>also substantial robustness issues. Note that we can do NOTHING to avoid
>flooding when speaking to systems that haven't spoken yet - we won't
>find them at all unless the ARP emerges at the right egress link (L2
>network), and there's no way to know a-priori which one that will be.
>
>
>
I will look at it, but I do not think it is the same thing.
>If we include a cache, we run the risk of having the cache semantics of
>the endsystem collide with that of the network cache. Overall, I'd say
>let's build an RBridge with broadcast and let's show that the load is a
>big enough problem to deal with it first.
>
>
Some measurements on ARP load are available at:
http://100x100network.org/papers/myers-hotnets2004.pdf
Guillermo
>Joe
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.4 (MingW32)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFCf+R+E5f5cImnZrsRAspuAKDsoKdE7mjnWVafIlgtfda2JXdLfwCgoHcn
>oYZ1MjPaGdRLSmKtUQnlm/U=
>=d26+
>-----END PGP SIGNATURE-----
>_______________________________________________
>rbridge mailing list
>rbridge@postel.org
>http://www.postel.org/mailman/listinfo/rbridge
>
>
>
Received: from ALPHA1.ITS.MONASH.EDU.AU (alpha1.its.monash.edu.au [130.194.1.1]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j4A4Ov606362 for <rbridge@postel.org>; Mon, 9 May 2005 21:24:58 -0700 (PDT)
Received: from localhost ([130.194.13.87]) by vaxc.its.monash.edu.au (PMDF V6.1 #31112) with ESMTP id <01LO3H0IY5HO97182F@vaxc.its.monash.edu.au> for rbridge@postel.org; Tue, 10 May 2005 14:22:09 +1000
Received: from curly.its.monash.edu.au (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id EFB61AB547; Tue, 10 May 2005 14:22:08 +1000 (EST)
Received: from [130.194.252.110] (knuth.eng.monash.edu.au [130.194.252.110]) by curly.its.monash.edu.au (Postfix) with ESMTP id C23004FB0B; Tue, 10 May 2005 14:22:08 +1000 (EST)
Date: Tue, 10 May 2005 14:22:06 +1000
From: Greg Daley <greg.daley@eng.monash.edu.au>
In-reply-to: <427BDDFD.7060209@sun.com>
To: Erik Nordmark <erik.nordmark@sun.com>
Message-id: <428036EE.8000102@eng.monash.edu.au>
Organization: Monash University
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
X-Accept-Language: en, en-us
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922
References: <4276E2D8.6080609@eng.monash.edu.au> <4277AE1C.5020104@sun.com> <42781756.40704@eng.monash.edu.au> <42782273.5060608@sun.com> <42783E5D.9000107@eng.monash.edu.au> <427BDDFD.7060209@sun.com>
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: greg.daley@eng.monash.edu.au
Cc: "Developing a hybrid router/bridge." <rbridge@postel.org>
Subject: Re: [rbridge] Existing issues in root bridge selection for LANs.
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: greg.daley@eng.monash.edu.au, "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2005 04:25:50 -0000
Status: RO
Content-Length: 3295
Hi Erik,
Erik Nordmark wrote:
[cut]
>> Your diagram is a useful one, since it illustrates non-Trill capable
>> routers in the network.
>
>
> Yes, but my figure, repeated below, might not be that representative for
> a real network:
> >> <rest of LAN up here>
> >> | |
> >> RB1 RB2
> >> | |
> >> -------------------
> >> | | |
> >> H1 H2 R1
>
> I real enterprise LAN of reasonable size is probably going to have some
> edge switches connecting to hosts, and a layer of distribution switches,
> which connect to the routers. So a more natural picture would be with
> the routers on "top", perhaps connected to the RBs without any
> intervening bridges:
>
> R1 R2
> | |
> RB3 RB4
> | \ / |
> | \ / |
> <rest of LAN up here, with additional "leafs" like the one below
> attached to it>
> | |
> RB1 RB2
> | |
> -------------------
> | |
> H1 H2
>
>> In those situations the Internet Router is likely to be the best
>> root bridge of all, and its adjacent bridge is likely to not be a Trill
>> device, and is not likely to be able to automatically configure.
>
>
> But if the toplogy is more like the picture above, then there is no
> issue with a 802.1D spanning tree between R1 and RB3 etc.
> You'd still have a bridge spanning tree for the ("----") bridged
> sub-topology at the bottom, but for that one getting the root close/at
> the RB is good enough.
Even if the lower topology is more complex (distribution switches,
redundant paths), the spanning tree rooted at the active Rbridge
is optimal for a stub LAN.
In fact, the more (simple) cycles in the bridges, the better the
performance is compared to other roots.
[cut]
>
>
> I'm still failing to draw the topology from your description. Sorry.
> (Perhaps you can glue me in off-line.)
I guess there's no rush yet.
I was just saying that negotiation can be explicit on the legacy LAN
(like OSPF Designated Router negotiation) or through voodoo which
doesn't exchange signaling on the legacy LAN (but uses rbridge
link-state knowledge).
>> I'm not sure if the RB as Root Bridge idea is always beneficial, but
>> would it be worth looking into?
>
>
> I think so.
> I think we also need to figure out how to get smooth failover when RB1
> fails and we want the designed bridge for the sub-topology to become
> RB2, and have the bridges quickly discard their learned information
> which points at the dead RB1.
> Having the designated RB look like the root bridge to the rest of the
> bridges (or look like the shortest cost to the root bridge) is one way
> to make the failover smooth for the bridges.
> But there might be other ways to accomplish this.
It's fairly simple, with the way that root bridge selection works
in 802.1D, to just make the bridge ID preference higher
(making it slightly less desirable) for the backup.
The minor trick is to allow explicit configuration of other bridges
as root, where the automated root isn't going to be suitable (for
example, the 'top' network). This reduces the administrative load to
a single LAN though.
Greg
Received: from [128.9.168.55] (upn.isi.edu [128.9.168.55]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j49MVO601919; Mon, 9 May 2005 15:31:24 -0700 (PDT)
Message-ID: <427FE47E.3090303@isi.edu>
Date: Mon, 09 May 2005 15:30:22 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es> <4278F046.7090305@isi.edu> <427B2BBD.2070303@it.uc3m.es> <427B819F.2060900@isi.edu> <427B8CCA.70200@it.uc3m.es> <427B90A1.3070609@isi.edu> <427B9767.5080200@it.uc3m.es> <427B9EC9.8050609@isi.edu> <427C8848.9030709@it.uc3m.es>
In-Reply-To: <427C8848.9030709@it.uc3m.es>
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2005 22:32:27 -0000
Status: RO
Content-Length: 5010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Guillermo Ib??ez wrote:
>>>>>I wonder if an ARP server/registrar approach can be foreseen as an
>>>>>alternative or complementary strategy. The Designated Rbridge registers
>>>>>each host, when an ARP is received, at a (distributed) ARP server.
>>
>>>>When an ARP reply is received, that can be done. But the first ARP to an
>>>>otherwise unknown host, which has silently attached to a stub at an
>>>>RBridge ingress, is unknown. The only way to find it is to flood.
>>
>>>True. But this is the only case.
>>
>> The problem is that it's the defining case. All others can, as you
>> observe, be optimized with a variety of engineering solutions. IMO, none
>> are all that interesting - ARP already caches at the endhost anyway.
>
> Yes. But till then you avoid in many cases to do flood.
I'm not convinced about the "many" part; as I mentioned, the endsystems
cache. There are also snooping issues - ARP replies, if broadcast, can
preload these caches. By looking for ways to avoid flooding, we avoid
some of the optimizations already designed into ARP.
That said, this is where a good study would help; it's premature to do
anything except provide basic functionality (broadcast ARP) and mention
that optimizations MAY be useful, IMO.
>>>>>This
>>>>>can help to enforce security (like preventing MAC spoofing) and also
>>>>>ensure ARP resolution in one step without broadcast.
>>
>>>>Correct the above if not correct, but assuming that there is no way to
>>>>secure ARP that doesn't modify ARP too.
>>
>>>ARP query would be performed by the Designated Router (encapsulated
>>>query directed to the ARP server).
>>
>> The ARPs are originated outside the campus; the two options are to
>> encapsulate the ARP and broadcast it or to encapsulate it and send it to
>> an internal cache (the ARP server). Neither is secure, since they are
>> triggered by external, unauthenticated ARPs.
>>
> I do not understand this "outside" origination of ARPs. My
> understanding is that ARPs are sent by local hosts or routers.
I've been speaking of ARPs as originating outside the RBridge, from
hosts connected to egress RBridges. Those ARPs are not performed by the
Designated Router; they just arrive at the egress.
The discussion of Designated Routers in the I-D is an optimization; I've
been speaking of the base case. Base case ARPs cannot be authenticated.
>>>I am not expert, but I guess the
>>>server can autenticate the DRs.
>>
>> Sure - but that only authenticates the internal cache; there's no way to
>> authenticate the initial broadcast whose reply is used to populate the
>> cache.
>>
> But the cach?, as a centralized point, can detect duplicated addresses
> and other abnormal behaviour....
Sure - but at what cost? Central point of failure? That's not an
acceptable trade-off, especially to enforce ARP properties that are
generally not enforced on conventional Ethernet LANs.
...
>>>An ARP cache query from host would produce from DR two
>>>packets : a registration of originating host at ARP registrar and an ARP
>>>query of destination host at ARP server.
>>
>> What does the ARP server do with a request of the destination if it
>> hasn't seen any communication from that host before?
>>
> Flooding, of course. Flooding is unavoidable at the end, but must be
> kept to a minimum for big networks to not use up hosts processing power.
Agreed. But L2 semantics include flooding; ARP isn't the only use of
broadcast.
> We can think of new mechanisms for cach?s (ARP servers), as they
> implement a centralized function for a set of IP addresses, to track
> hosts mobility.
What you're proposing is to turn an RBridge into an NBMA (non-broadcast,
multiaccess network), and to push ARP into a server, ala ATM LAN
Emulation (LANE). I see that as a step backwards, esp. because, as noted
above, ARP isn't the only use of broadcast.
> What I would like to see is a comparison between the cach?s
> (distributed server/register) approach with the current ARP proxy
> approach considering all aspects: engineering, security, broadcast
> volume, etc
See LANE and other NBMA literature. There are benefits, but there are
also substantial robustness issues. Note that we can do NOTHING to avoid
flooding when speaking to systems that haven't spoken yet - we won't
find them at all unless the ARP emerges at the right egress link (L2
network), and there's no way to know a-priori which one that will be.
If we include a cache, we run the risk of having the cache semantics of
the endsystem collide with that of the network cache. Overall, I'd say
let's build an RBridge with broadcast and let's show that the load is a
big enough problem to deal with it first.
Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCf+R+E5f5cImnZrsRAspuAKDsoKdE7mjnWVafIlgtfda2JXdLfwCgoHcn
oYZ1MjPaGdRLSmKtUQnlm/U=
=d26+
-----END PGP SIGNATURE-----
Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.136.121]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j479KF618592 for <rbridge@postel.org>; Sat, 7 May 2005 02:20:16 -0700 (PDT)
Received: from smtp01.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id 6F9D75DA7D for <rbridge@postel.org>; Sat, 7 May 2005 11:20:09 +0200 (CEST)
Received: from [163.117.252.248] (vpn-252-248.uc3m.es [163.117.252.248]) by smtp01.uc3m.es (Postfix) with ESMTP id 1E5615DAFA for <rbridge@postel.org>; Sat, 7 May 2005 11:20:08 +0200 (CEST)
Message-ID: <427C8848.9030709@it.uc3m.es>
Date: Sat, 07 May 2005 11:20:08 +0200
From: =?ISO-8859-1?Q?Guillermo_Ib=E1=F1ez?= <gibanez@it.uc3m.es>
User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es> <4278F046.7090305@isi.edu> <427B2BBD.2070303@it.uc3m.es> <427B819F.2060900@isi.edu> <427B8CCA.70200@it.uc3m.es> <427B90A1.3070609@isi.edu> <427B9767.5080200@it.uc3m.es> <427B9EC9.8050609@isi.edu>
In-Reply-To: <427B9EC9.8050609@isi.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: gibanez@it.uc3m.es
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Sat, 07 May 2005 09:21:17 -0000
Status: RO
Content-Length: 4796
Guiillermo Iba?ez wrote:
Joe Touch wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>
>Guillermo Ib??ez wrote:
>
>
>>...
>>
>>
>>>>I wonder if an ARP server/registrar approach can be foreseen as an
>>>>alternative or complementary strategy. The Designated Rbridge registers
>>>>each host, when an ARP is received, at a (distributed) ARP server.
>>>>
>>>>
>>>When an ARP reply is received, that can be done. But the first ARP to an
>>>otherwise unknown host, which has silently attached to a stub at an
>>>RBridge ingress, is unknown. The only way to find it is to flood.
>>>
>>>
>>>
>>True. But this is the only case.
>>
>>
>
>The problem is that it's the defining case. All others can, as you
>observe, be optimized with a variety of engineering solutions. IMO, none
>are all that interesting - ARP already caches at the endhost anyway.
>
>
>
Yes. But till then you avoid in many cases to do flood.
>>>>This
>>>>can help to enforce security (like preventing MAC spoofing) and also
>>>>ensure ARP resolution in one step without broadcast.
>>>>
>>>>
>>>Correct the above if not correct, but assuming that there is no way to
>>>secure ARP that doesn't modify ARP too.
>>>
>>>
>>>
>>ARP query would be performed by the Designated Router (encapsulated
>>query directed to the ARP server).
>>
>>
>
>The ARPs are originated outside the campus; the two options are to
>encapsulate the ARP and broadcast it or to encapsulate it and send it to
>an internal cache (the ARP server). Neither is secure, since they are
>triggered by external, unauthenticated ARPs.
>
>
>
I do not understand this "outside" origination of ARPs. My
understanding is that ARPs are sent by local hosts or routers.
>>I am not expert, but I guess the
>>server can autenticate the DRs.
>>
>>
>
>Sure - but that only authenticates the internal cache; there's no way to
>authenticate the initial broadcast whose reply is used to populate the
>cache.
>
>
But the cach?, as a centralized point, can detect duplicated addresses
and other abnormal behaviour....
>
>
>>I agree that a host may spoof its MAC
>>but security measures are possible both at the ARP server (the spoofed
>>host is registered in same server) and at the DR (attacks and behaviour
>>will likely concentrate on a certain port of DR)
>>
>>
>
>Why bother? As above, we already need to support broadcast ARP to
>bootstrap. Besides, securing the internal protocol complicates the
>deployment. There's little utility to securing the ARP cache
>communication this way, IMO, unless you've already secured internal
>control communication (e.g., routing) for other reasons.
>
>
>
>>>>The point is to
>>>>distribute the load of ARP registry and queries between multiple ARP
>>>>servers. This may be based on IP hashing.
>>>>
>>>>
>>>Sure, hashing will direct you to the right cache. But how does that
>>>cache know what to reply? It can't unless IT floods; that's the catch-22.
>>>
>>>
>>>
>>The cach? knows the content because it is the unique both server and
>>registrar for the IP addresses set. Prior to that query, upon first ARP
>>issued the host was registered by the DR at that cach?, based on its
>>hash(IP).
>>
>>
>
>ARP may announce the location of the ARP sender, but doesn't announce
>the location of the ARP reply. Both need to be snooped to load the
>cache. The trouble is the first ARP _to_ any new IP address must always
>be broadcast; by definition, it won't be in the cache.
>
>
>
>>An ARP cache query from host would produce from DR two
>>packets : a registration of originating host at ARP registrar and an ARP
>>query of destination host at ARP server.
>>
>>
>
>What does the ARP server do with a request of the destination if it
>hasn't seen any communication from that host before?
>
>
Flooding, of course. Flooding is unavoidable at the end, but must be
kept to a minimum for big networks to not use up hosts processing power.
We can think of new mechanisms for cach?s (ARP servers), as they
implement a centralized function for a set of IP addresses, to track
hosts mobility.
What I would like to see is a comparison between the cach?s
(distributed server/register) approach with the current ARP proxy
approach considering all aspects: engineering, security, broadcast
volume, etc
Guillermo
>Joe.
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.4 (MingW32)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFCe57JE5f5cImnZrsRApfnAKCiYVfTjaHuLK4wnf+ckpsU8E0b5QCg+jLm
>BFwBjuirgR1GlaSbFy0044Q=
>=dWU9
>-----END PGP SIGNATURE-----
>_______________________________________________
>rbridge mailing list
>rbridge@postel.org
>http://www.postel.org/mailman/listinfo/rbridge
>
>
>
Received: from mailout2.samsung.com (mailout2.samsung.com [203.254.224.25]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j46LQD612198 for <rbridge@postel.org>; Fri, 6 May 2005 14:26:13 -0700 (PDT)
Received: from ep_mmp2 (mailout2.samsung.com [203.254.224.25]) by mailout2.samsung.com (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IG300GZK7ITU0@mailout2.samsung.com> for rbridge@postel.org; Sat, 07 May 2005 06:25:41 +0900 (KST)
Received: from Alperyegin ([105.144.29.41]) by mmp2.samsung.com (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23 2003)) with ESMTPA id <0IG300L9G7IRBF@mmp2.samsung.com> for rbridge@postel.org; Sat, 07 May 2005 06:25:41 +0900 (KST)
Date: Fri, 06 May 2005 14:25:04 -0700
From: Alper Yegin <alper.yegin@samsung.com>
In-reply-to: <427BD2F3.9050105@isi.edu>
To: "'Developing a hybrid router/bridge.'" <rbridge@postel.org>
Message-id: <067c01c55282$12dd5b50$291d9069@sisa.samsung.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Mailer: Microsoft Outlook, Build 10.0.2627
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: alper.yegin@samsung.com
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2005 21:27:04 -0000
Status: RO
Content-Length: 1607
> > Even than the host needs to perform some tests to know it is still
> > connected to the same IP subnet. Like the reachability test outlined
in
> > http://ietf.org/internet-drafts/draft-ietf-dhc-dna-ipv4-11.txt . The
> > test is using ARP....
>
> It CAN use that test, but doesn't have to. There are devices that
don't
> bother to say anything until they have something to say, rather than
> just when an interface regains signal...
>
> (which is why the DHC draft above isn't a requirement, but an
> optimization).
I don't expect all hosts to be implementing this draft overnite. So, I'm
not proposing to take this as the baseline "host behavior." In that
sense I agree with you. I just wanted to note that, for any reasonable
host that moves around and cares to establish reachability as fast as
possible, it is reasonable to expect them to do something. The
reachability test mentioned in that I-D is an example.
> >>Sure. But this is, in a lot of ways, just another version of an
> >>optimization. We definitely need to cover the case where the
> >>optimization isn't in place anyway...
> >
> >
> > I agree.....
> >
> > Let's not rely on presence of optimizations. Nevertheless let's
> > enumerate them, so that people don't think they are always stuck
with
> > the worst case scenario.
>
> I'm not arguing against discussing optimizations at all; just that we
> need to implement the base case regardless. And to make sure the
> optimizations don't come with any downside (i.e., when they fail, they
> shouldn't interfere with what would have happened were they not
there).
I agree.
Alper
Received: from nwkea-mail-2.sun.com (nwkea-mail-2.sun.com [192.18.42.14]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j46LDT609011 for <rbridge@postel.org>; Fri, 6 May 2005 14:13:29 -0700 (PDT)
Received: from jurassic.eng.sun.com ([129.146.228.50]) by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id j46LDSQ1010713; Fri, 6 May 2005 14:13:28 -0700 (PDT)
Received: from [192.9.61.11] (punchin-nordmark.SFBay.Sun.COM [192.9.61.11]) by jurassic.eng.sun.com (8.13.4+Sun/8.13.4) with ESMTP id j46LDQoM588143 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 6 May 2005 14:13:27 -0700 (PDT)
Message-ID: <427BDDFD.7060209@sun.com>
Date: Fri, 06 May 2005 14:13:33 -0700
From: Erik Nordmark <erik.nordmark@sun.com>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050323)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: greg.daley@eng.monash.edu.au
References: <4276E2D8.6080609@eng.monash.edu.au> <4277AE1C.5020104@sun.com> <42781756.40704@eng.monash.edu.au> <42782273.5060608@sun.com> <42783E5D.9000107@eng.monash.edu.au>
In-Reply-To: <42783E5D.9000107@eng.monash.edu.au>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: erik.nordmark@sun.com
Cc: "Developing a hybrid router/bridge." <rbridge@postel.org>
Subject: Re: [rbridge] Existing issues in root bridge selection for LANs.
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2005 21:14:19 -0000
Status: RO
Content-Length: 4327
Greg Daley wrote:
>> If you are assuming that the RSTP protocol terminates at the rbridges,
>> then you end up with a sub-topology of the LAN with e.g.
>>
>> <rest of LAN up here>
>> | |
>> RB1 RB2
>> | |
>> -------------------
>> | | |
>> H1 H2 R1
>>
>> Where the line is the middle is made up of bridges.
>> Thus the issue is where RSTP places the root bridge in this
>> sub-topology of the whole LAN.
> My guess (still not checked generally) is that if more traffic is
> flowing into and out of one RBridge, then it will be the best place
> to have a root (for scalability and traffic dimensioning purposes).
That's probably the case.
> Your diagram is a useful one, since it illustrates non-Trill capable
> routers in the network.
Yes, but my figure, repeated below, might not be that representative for
a real network:
>> <rest of LAN up here>
>> | |
>> RB1 RB2
>> | |
>> -------------------
>> | | |
>> H1 H2 R1
I real enterprise LAN of reasonable size is probably going to have some
edge switches connecting to hosts, and a layer of distribution switches,
which connect to the routers. So a more natural picture would be with
the routers on "top", perhaps connected to the RBs without any
intervening bridges:
R1 R2
| |
RB3 RB4
| \ / |
| \ / |
<rest of LAN up here, with additional "leafs" like the one below
attached to it>
| |
RB1 RB2
| |
-------------------
| |
H1 H2
> In those situations the Internet Router is likely to be the best
> root bridge of all, and its adjacent bridge is likely to not be a Trill
> device, and is not likely to be able to automatically configure.
But if the toplogy is more like the picture above, then there is no
issue with a 802.1D spanning tree between R1 and RB3 etc.
You'd still have a bridge spanning tree for the ("----") bridged
sub-topology at the bottom, but for that one getting the root close/at
the RB is good enough.
> Here it's likely that the root bridge will have to be selected manually,
> although there may be a case for automatic root bridge selection on
> one of the Trill devices, over default preference devices if it is
> likely to be a big traffic generator.
There is still the option to do manual things, but it is worth while to
think of what LAN topologies look like today, and whether TRILL can
automatically come up with a reasonable thing for such topologies.
The topology between the RBridges is already handled by using the
link-state routing protocol, and your suggestion to handle the "leaf"
bridged sub-topologies by placing their root bridge at/close to the RB
is a good one.
>>> Alternatively, if no routing protocol is explicitly used on the legacy
>>> LAN, routers within the trill cloud which know they are attached to the
>>> same legacy LAN can determine from their trill routing knowledge which
>>> is the best root.
>
> I was thinking that if the trill devices are connected to the same trill
> cloud ("above" the RBs in the diagram), they could do the root
> preference election on the "above" side, based on link-state
> knowledge from the "below" LAN.
>
> This was basically an off-the-cuff idea though. It's probably better to
> run the lot on the "below" side to handle disjoint Trill domains
> connecting to the same legacy LAN.
I'm still failing to draw the topology from your description. Sorry.
(Perhaps you can glue me in off-line.)
> I'm not sure if the RB as Root Bridge idea is always beneficial, but
> would it be worth looking into?
I think so.
I think we also need to figure out how to get smooth failover when RB1
fails and we want the designed bridge for the sub-topology to become
RB2, and have the bridges quickly discard their learned information
which points at the dead RB1.
Having the designated RB look like the root bridge to the rest of the
bridges (or look like the shortest cost to the root bridge) is one way
to make the failover smooth for the bridges.
But there might be other ways to accomplish this.
Erik
Received: from brmea-mail-4.sun.com (brmea-mail-4.Sun.COM [192.18.98.36]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j46L9i607668 for <rbridge@postel.org>; Fri, 6 May 2005 14:09:44 -0700 (PDT)
Received: from jurassic.eng.sun.com ([129.146.226.31]) by brmea-mail-4.sun.com (8.12.10/8.12.9) with ESMTP id j46L9hi7013735 for <rbridge@postel.org>; Fri, 6 May 2005 15:09:44 -0600 (MDT)
Received: from [192.9.61.11] (punchin-nordmark.SFBay.Sun.COM [192.9.61.11]) by jurassic.eng.sun.com (8.13.4+Sun/8.13.4) with ESMTP id j46L9g4m587158 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 6 May 2005 14:09:43 -0700 (PDT)
Message-ID: <427BDD1D.40603@sun.com>
Date: Fri, 06 May 2005 14:09:49 -0700
From: Erik Nordmark <erik.nordmark@sun.com>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050323)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <061c01c55277$253eb6a0$291d9069@sisa.samsung.com>
In-Reply-To: <061c01c55277$253eb6a0$291d9069@sisa.samsung.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: erik.nordmark@sun.com
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2005 21:10:27 -0000
Status: RO
Content-Length: 867
Alper Yegin wrote:
>>only when you don't have config info. If you move ethernets within an
>>enterprise (i.e., within a campus deployment), you don't necessarily
>>contact DHCP when you move.
>
>
> Even than the host needs to perform some tests to know it is still
> connected to the same IP subnet. Like the reachability test outlined in
> http://ietf.org/internet-drafts/draft-ietf-dhc-dna-ipv4-11.txt . The
> test is using ARP....
Yes, but many/most existing implementations do not perform such checks.
When I move my host from one Ethernet switch port to another, or
associated with a different 802.11 AP, the stack silently assumes that
this is the same IP subnet as before.
While we have a DNA WG and the above draft which tries to make this work
better, I don't think TRILL should assume that such mechanisms are
implemented in all the hosts.
Erik
Received: from [128.9.168.55] (upn.isi.edu [128.9.168.55]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j46KOL613789; Fri, 6 May 2005 13:24:21 -0700 (PDT)
Message-ID: <427BD2F3.9050105@isi.edu>
Date: Fri, 06 May 2005 13:26:27 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <061c01c55277$253eb6a0$291d9069@sisa.samsung.com>
In-Reply-To: <061c01c55277$253eb6a0$291d9069@sisa.samsung.com>
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2005 20:25:05 -0000
Status: RO
Content-Length: 1643
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alper Yegin wrote:
>>only when you don't have config info. If you move ethernets within an
>>enterprise (i.e., within a campus deployment), you don't necessarily
>>contact DHCP when you move.
>
>
> Even than the host needs to perform some tests to know it is still
> connected to the same IP subnet. Like the reachability test outlined in
> http://ietf.org/internet-drafts/draft-ietf-dhc-dna-ipv4-11.txt . The
> test is using ARP....
It CAN use that test, but doesn't have to. There are devices that don't
bother to say anything until they have something to say, rather than
just when an interface regains signal...
(which is why the DHC draft above isn't a requirement, but an optimization).
>>Sure. But this is, in a lot of ways, just another version of an
>>optimization. We definitely need to cover the case where the
>>optimization isn't in place anyway...
>
>
> I agree.....
>
> Let's not rely on presence of optimizations. Nevertheless let's
> enumerate them, so that people don't think they are always stuck with
> the worst case scenario.
I'm not arguing against discussing optimizations at all; just that we
need to implement the base case regardless. And to make sure the
optimizations don't come with any downside (i.e., when they fail, they
shouldn't interfere with what would have happened were they not there).
Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCe9LzE5f5cImnZrsRAtMXAJ98S8NGHMu4lEdExldbH2kSG/5MOACfVCh1
qamtga+t5CzS0GLbiKF8e04=
=8CrL
-----END PGP SIGNATURE-----
Received: from mailout3.samsung.com (mailout3.samsung.com [203.254.224.33]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j46K7c609199 for <rbridge@postel.org>; Fri, 6 May 2005 13:07:38 -0700 (PDT)
Received: from ep_mmp1 (mailout3.samsung.com [203.254.224.33]) by mailout3.samsung.com (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IG3007VR3WFE0@mailout3.samsung.com> for rbridge@postel.org; Sat, 07 May 2005 05:07:27 +0900 (KST)
Received: from Alperyegin ([105.144.29.41]) by mmp1.samsung.com (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTPA id <0IG3004SZ3WDFU@mmp1.samsung.com> for rbridge@postel.org; Sat, 07 May 2005 05:07:27 +0900 (KST)
Date: Fri, 06 May 2005 13:06:51 -0700
From: Alper Yegin <alper.yegin@samsung.com>
In-reply-to: <427BB10D.6090300@isi.edu>
To: "'Developing a hybrid router/bridge.'" <rbridge@postel.org>
Message-id: <061c01c55277$253eb6a0$291d9069@sisa.samsung.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Mailer: Microsoft Outlook, Build 10.0.2627
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: alper.yegin@samsung.com
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2005 20:08:02 -0000
Status: RO
Content-Length: 760
> only when you don't have config info. If you move ethernets within an
> enterprise (i.e., within a campus deployment), you don't necessarily
> contact DHCP when you move.
Even than the host needs to perform some tests to know it is still
connected to the same IP subnet. Like the reachability test outlined in
http://ietf.org/internet-drafts/draft-ietf-dhc-dna-ipv4-11.txt . The
test is using ARP....
> Sure. But this is, in a lot of ways, just another version of an
> optimization. We definitely need to cover the case where the
> optimization isn't in place anyway...
I agree.....
Let's not rely on presence of optimizations. Nevertheless let's
enumerate them, so that people don't think they are always stuck with
the worst case scenario.
Alper
Received: from [128.9.168.55] (upn.isi.edu [128.9.168.55]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j46Hxh628154; Fri, 6 May 2005 10:59:43 -0700 (PDT)
Message-ID: <427BB10D.6090300@isi.edu>
Date: Fri, 06 May 2005 11:01:49 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <313680C9A886D511A06000204840E1CF0B454298@whq-msgusr-02.pit.comms.marconi.com>
In-Reply-To: <313680C9A886D511A06000204840E1CF0B454298@whq-msgusr-02.pit.comms.marconi.com>
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2005 18:01:15 -0000
Status: RO
Content-Length: 6634
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gray, Eric wrote:
>
>>-----Original Message-----
>>From: rbridge-bounces@postel.org [mailto:rbridge-bounces@postel.org]On
>>Behalf Of Joe Touch
>>Sent: Friday, May 06, 2005 12:44 PM
>>To: Developing a hybrid router/bridge.
>>Subject: Re: [rbridge] Max Network size
>
>
> [.. SNIP ..]
>
>
>
>>Guillermo Ib??ez wrote:
>>
>>>...
>>>
>>>>> I wonder if an ARP server/registrar approach can be foreseen
>>>>> as an alternative or complementary strategy. The Designated
>>>>> Rbridge registers each host, when an ARP is received, at a
>>>>> (distributed) ARP server.
>>>>
>>>> When an ARP reply is received, that can be done. But the first
>>>> ARP to an otherwise unknown host, which has silently attached
>>>> to a stub at an RBridge ingress, is unknown. The only way to
>>>> find it is to flood.
>>>
>>>True. But this is the only case.
>>
>>The problem is that it's the defining case. All others can, as you
>>observe, be optimized with a variety of engineering solutions. IMO, none
>>are all that interesting - ARP already caches at the endhost anyway.
>
> I had a similar discussion with a colleague a few years back.
> Apparently, there are a growing number of networks where it's
> not necessary to flood packets.
Not IP over Ethernet. ;-)
> This is the case whenever an attaching host is required to do
> something active before it can go into a passive mode - such
> as obtain IP address, default router, DNS server, etc. from a
> DHCP server.
You can assert that sort of requirement for a deployment, but it's not
part of ethernet, IP, DHCP, or DNS. E.g., DHCP helps configure you, but
only when you don't have config info. If you move ethernets within an
enterprise (i.e., within a campus deployment), you don't necessarily
contact DHCP when you move.
> Given the prevalence of dynamic address configuration at this
> time, there are plenty of examples of networks where it is not
> possible for a host to "silently attach".
But they can silently move. And dynamic configuration is never a
requirement of any of these protocols; it may be the requirement of a
deployment. We don't want RBridge to be limited to those sorts of
deployments.
> While this creates interesting points of confusion since some
> people may have direct experience with networks like this that
> (ostensibly) work, the fact is that working with a network of
> this type presents special problems and is not ubiquitously
> possible as of yet.
Agreed...
>>>>>This
>>>>>can help to enforce security (like preventing MAC spoofing) and also
>>>>>ensure ARP resolution in one step without broadcast.
>>>>
>>>>Correct the above if not correct, but assuming that there is no way to
>>>>secure ARP that doesn't modify ARP too.
>>>>
>>>
>>>ARP query would be performed by the Designated Router (encapsulated
>>>query directed to the ARP server).
>>
>>The ARPs are originated outside the campus; the two options are to
>>encapsulate the ARP and broadcast it or to encapsulate it and send it to
>>an internal cache (the ARP server). Neither is secure, since they are
>>triggered by external, unauthenticated ARPs.
>>
>>
>>>I am not expert, but I guess the
>>>server can autenticate the DRs.
>>
>>Sure - but that only authenticates the internal cache; there's no way to
>>authenticate the initial broadcast whose reply is used to populate the
>>cache.
>>
>>
>>>I agree that a host may spoof its MAC
>>>but security measures are possible both at the ARP server (the spoofed
>>>host is registered in same server) and at the DR (attacks and behaviour
>>>will likely concentrate on a certain port of DR)
>>
>>Why bother? As above, we already need to support broadcast ARP to
>>bootstrap. Besides, securing the internal protocol complicates the
>>deployment. There's little utility to securing the ARP cache
>>communication this way, IMO, unless you've already secured internal
>>control communication (e.g., routing) for other reasons.
>>
>>
>>>>> The point is to distribute the load of ARP registry and
>>>>> queries between multiple ARP servers. This may be based on IP
>>>>> hashing.
>>>>
>>>> Sure, hashing will direct you to the right cache. But how does
>>>> that cache know what to reply? It can't unless IT floods;
>>>> that's the catch-22.
>>>
>>>The cach? knows the content because it is the unique both server and
>>>registrar for the IP addresses set. Prior to that query, upon first ARP
>>>issued the host was registered by the DR at that cach?, based on its
>>>hash(IP).
>>
>>ARP may announce the location of the ARP sender, but doesn't announce
>>the location of the ARP reply. Both need to be snooped to load the
>>cache. The trouble is the first ARP _to_ any new IP address must always
>>be broadcast; by definition, it won't be in the cache.
>
> For the same reason, this is not always the case. If it is likely
> that every host will know the IP (and MAC) address of a default
> router, all ARP traffic from that point on may be unicast directed
> to the default router.
Only if it only talks to the router or IP addresses elsewhere; IP
addresses within the LAN won't be handled.
> This can be a big if, however, in some networks and should not be
> assumed.
>
>>>An ARP cache query from host would produce from DR two
>>>packets : a registration of originating host at ARP registrar and an ARP
>>>query of destination host at ARP server.
>>
>>What does the ARP server do with a request of the destination if it
>>hasn't seen any communication from that host before?
>
> It could respond exactly as it would if the host was not attached.
> This could be appropriate behavior in networks where silent host
> attachment is a non-starter anyway.
Yes - we could prohibit silent attachment and silent movement. How, in
that case, does the first communication ensue? You need to force
something outside the RBridge system (DHCP server, default router, etc.)
to do something it doesn't do now...
> The poster-child example is the typical small network with a single
> DHCP server that also happens to be the Internet attachment point,
> firewall, NAT and default router. This is the increasingly common
> - but not (yet) universal - case.
Sure. But this is, in a lot of ways, just another version of an
optimization. We definitely need to cover the case where the
optimization isn't in place anyway...
Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCe7ENE5f5cImnZrsRAlEqAJ4jS9SKWVumA04Jww7dEtiliX/piwCgrLF4
pMbithlRy+9xumBJbx2Tmtc=
=qG76
-----END PGP SIGNATURE-----
Received: from mailgate.pit.comms.marconi.com (mailgate.pit.comms.marconi.com [169.144.68.6]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j46HWC620119 for <rbridge@postel.org>; Fri, 6 May 2005 10:32:12 -0700 (PDT)
Received: from mailman.pit.comms.marconi.com (mailman.pit.comms.marconi.com [169.144.2.12]) by mailgate.pit.comms.marconi.com (8.12.10+Sun/8.12.10) with ESMTP id j46HW3WW008548 for <rbridge@postel.org>; Fri, 6 May 2005 13:32:07 -0400 (EDT)
Received: from uspitsmsgrtr01.pit.comms.marconi.com (uspitsmsgrtr01.pit.comms.marconi.com [169.144.2.221]) by mailman.pit.comms.marconi.com (8.9.3/8.9.3) with ESMTP id NAA25257 for <rbridge@postel.org>; Fri, 6 May 2005 13:32:03 -0400 (EDT)
Received: by uspitsmsgrtr01.pit.comms.marconi.com with Internet Mail Service (5.5.2657.72) id <J70JY23A>; Fri, 6 May 2005 13:32:02 -0400
Message-ID: <313680C9A886D511A06000204840E1CF0B454298@whq-msgusr-02.pit.comms.marconi.com>
From: "Gray, Eric" <Eric.Gray@marconi.com>
To: "'Routing Bridges'" <rbridge@postel.org>
Date: Fri, 6 May 2005 13:31:54 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain; charset="iso-8859-1"
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: eric.gray@marconi.com
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by boreas.isi.edu id j46HWC620119
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2005 17:33:03 -0000
Status: RO
Content-Length: 5174
> -----Original Message-----
> From: rbridge-bounces@postel.org [mailto:rbridge-bounces@postel.org]On
> Behalf Of Joe Touch
> Sent: Friday, May 06, 2005 12:44 PM
> To: Developing a hybrid router/bridge.
> Subject: Re: [rbridge] Max Network size
[.. SNIP ..]
> Guillermo Ib??ez wrote:
> > ...
> >>>I wonder if an ARP server/registrar approach can be foreseen as an
> >>>alternative or complementary strategy. The Designated Rbridge
registers
> >>>each host, when an ARP is received, at a (distributed) ARP server.
> >>
> >> When an ARP reply is received, that can be done. But the first ARP to
an
> >> otherwise unknown host, which has silently attached to a stub at an
> >> RBridge ingress, is unknown. The only way to find it is to flood.
> >>
> > True. But this is the only case.
>
> The problem is that it's the defining case. All others can, as you
> observe, be optimized with a variety of engineering solutions. IMO, none
> are all that interesting - ARP already caches at the endhost anyway.
>
I had a similar discussion with a colleague a few years back.
Apparently, there are a growing number of networks where it's
not necessary to flood packets.
This is the case whenever an attaching host is required to do
something active before it can go into a passive mode - such
as obtain IP address, default router, DNS server, etc. from a
DHCP server.
Given the prevalence of dynamic address configuration at this
time, there are plenty of examples of networks where it is not
possible for a host to "silently attach".
While this creates interesting points of confusion since some
people may have direct experience with networks like this that
(ostensibly) work, the fact is that working with a network of
this type presents special problems and is not ubiquitously
possible as of yet.
>
> >>>This
> >>>can help to enforce security (like preventing MAC spoofing) and also
> >>>ensure ARP resolution in one step without broadcast.
> >>
> >> Correct the above if not correct, but assuming that there is no way to
> >> secure ARP that doesn't modify ARP too.
> >>
> > ARP query would be performed by the Designated Router (encapsulated
> > query directed to the ARP server).
>
> The ARPs are originated outside the campus; the two options are to
> encapsulate the ARP and broadcast it or to encapsulate it and send it to
> an internal cache (the ARP server). Neither is secure, since they are
> triggered by external, unauthenticated ARPs.
>
> > I am not expert, but I guess the
> > server can autenticate the DRs.
>
> Sure - but that only authenticates the internal cache; there's no way to
> authenticate the initial broadcast whose reply is used to populate the
> cache.
>
> > I agree that a host may spoof its MAC
> > but security measures are possible both at the ARP server (the spoofed
> > host is registered in same server) and at the DR (attacks and behaviour
> > will likely concentrate on a certain port of DR)
>
> Why bother? As above, we already need to support broadcast ARP to
> bootstrap. Besides, securing the internal protocol complicates the
> deployment. There's little utility to securing the ARP cache
> communication this way, IMO, unless you've already secured internal
> control communication (e.g., routing) for other reasons.
>
> >>>The point is to
> >>>distribute the load of ARP registry and queries between multiple ARP
> >>>servers. This may be based on IP hashing.
> >>
> >> Sure, hashing will direct you to the right cache. But how does that
> >> cache know what to reply? It can't unless IT floods; that's the
catch-22.
> >>
> > The cach? knows the content because it is the unique both server and
> > registrar for the IP addresses set. Prior to that query, upon first ARP
> > issued the host was registered by the DR at that cach?, based on its
> > hash(IP).
>
> ARP may announce the location of the ARP sender, but doesn't announce
> the location of the ARP reply. Both need to be snooped to load the
> cache. The trouble is the first ARP _to_ any new IP address must always
> be broadcast; by definition, it won't be in the cache.
>
For the same reason, this is not always the case. If it is likely
that every host will know the IP (and MAC) address of a default
router, all ARP traffic from that point on may be unicast directed
to the default router.
This can be a big if, however, in some networks and should not be
assumed.
>
> > An ARP cache query from host would produce from DR two
> > packets : a registration of originating host at ARP registrar and an ARP
> > query of destination host at ARP server.
>
> What does the ARP server do with a request of the destination if it
> hasn't seen any communication from that host before?
It could respond exactly as it would if the host was not attached.
This could be appropriate behavior in networks where silent host
attachment is a non-starter anyway.
The poster-child example is the typical small network with a single
DHCP server that also happens to be the Internet attachment point,
firewall, NAT and default router. This is the increasingly common
- but not (yet) universal - case.
>
> Joe
>
> [.. SNIP ..]
Received: from [128.9.168.55] (upn.isi.edu [128.9.168.55]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j46Gfl604570; Fri, 6 May 2005 09:41:47 -0700 (PDT)
Message-ID: <427B9EC9.8050609@isi.edu>
Date: Fri, 06 May 2005 09:43:53 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es> <4278F046.7090305@isi.edu> <427B2BBD.2070303@it.uc3m.es> <427B819F.2060900@isi.edu> <427B8CCA.70200@it.uc3m.es> <427B90A1.3070609@isi.edu> <427B9767.5080200@it.uc3m.es>
In-Reply-To: <427B9767.5080200@it.uc3m.es>
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2005 16:42:02 -0000
Status: RO
Content-Length: 3540
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Guillermo Ib??ez wrote:
> ...
>>>I wonder if an ARP server/registrar approach can be foreseen as an
>>>alternative or complementary strategy. The Designated Rbridge registers
>>>each host, when an ARP is received, at a (distributed) ARP server.
>>
>> When an ARP reply is received, that can be done. But the first ARP to an
>> otherwise unknown host, which has silently attached to a stub at an
>> RBridge ingress, is unknown. The only way to find it is to flood.
>>
> True. But this is the only case.
The problem is that it's the defining case. All others can, as you
observe, be optimized with a variety of engineering solutions. IMO, none
are all that interesting - ARP already caches at the endhost anyway.
>>>This
>>>can help to enforce security (like preventing MAC spoofing) and also
>>>ensure ARP resolution in one step without broadcast.
>>
>> Correct the above if not correct, but assuming that there is no way to
>> secure ARP that doesn't modify ARP too.
>>
> ARP query would be performed by the Designated Router (encapsulated
> query directed to the ARP server).
The ARPs are originated outside the campus; the two options are to
encapsulate the ARP and broadcast it or to encapsulate it and send it to
an internal cache (the ARP server). Neither is secure, since they are
triggered by external, unauthenticated ARPs.
> I am not expert, but I guess the
> server can autenticate the DRs.
Sure - but that only authenticates the internal cache; there's no way to
authenticate the initial broadcast whose reply is used to populate the
cache.
> I agree that a host may spoof its MAC
> but security measures are possible both at the ARP server (the spoofed
> host is registered in same server) and at the DR (attacks and behaviour
> will likely concentrate on a certain port of DR)
Why bother? As above, we already need to support broadcast ARP to
bootstrap. Besides, securing the internal protocol complicates the
deployment. There's little utility to securing the ARP cache
communication this way, IMO, unless you've already secured internal
control communication (e.g., routing) for other reasons.
>>>The point is to
>>>distribute the load of ARP registry and queries between multiple ARP
>>>servers. This may be based on IP hashing.
>>
>> Sure, hashing will direct you to the right cache. But how does that
>> cache know what to reply? It can't unless IT floods; that's the catch-22.
>>
> The cach? knows the content because it is the unique both server and
> registrar for the IP addresses set. Prior to that query, upon first ARP
> issued the host was registered by the DR at that cach?, based on its
> hash(IP).
ARP may announce the location of the ARP sender, but doesn't announce
the location of the ARP reply. Both need to be snooped to load the
cache. The trouble is the first ARP _to_ any new IP address must always
be broadcast; by definition, it won't be in the cache.
> An ARP cache query from host would produce from DR two
> packets : a registration of originating host at ARP registrar and an ARP
> query of destination host at ARP server.
What does the ARP server do with a request of the destination if it
hasn't seen any communication from that host before?
Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCe57JE5f5cImnZrsRApfnAKCiYVfTjaHuLK4wnf+ckpsU8E0b5QCg+jLm
BFwBjuirgR1GlaSbFy0044Q=
=dWU9
-----END PGP SIGNATURE-----
Received: from smtp02.uc3m.es (smtp02.uc3m.es [163.117.136.122]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j46GCU626289 for <rbridge@postel.org>; Fri, 6 May 2005 09:12:30 -0700 (PDT)
Received: from smtp02.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id 0E35C49D72 for <rbridge@postel.org>; Fri, 6 May 2005 18:12:24 +0200 (CEST)
Received: from [163.117.55.166] (unknown [163.117.55.166]) by smtp02.uc3m.es (Postfix) with ESMTP id 9E25849D82 for <rbridge@postel.org>; Fri, 6 May 2005 18:12:23 +0200 (CEST)
Message-ID: <427B9767.5080200@it.uc3m.es>
Date: Fri, 06 May 2005 18:12:23 +0200
From: =?ISO-8859-1?Q?Guillermo_Ib=E1=F1ez?= <gibanez@it.uc3m.es>
User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es> <4278F046.7090305@isi.edu> <427B2BBD.2070303@it.uc3m.es> <427B819F.2060900@isi.edu> <427B8CCA.70200@it.uc3m.es> <427B90A1.3070609@isi.edu>
In-Reply-To: <427B90A1.3070609@isi.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: gibanez@it.uc3m.es
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2005 16:13:01 -0000
Status: RO
Content-Length: 4571
Guillermo Ib??ez wrote:
Joe Touch wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>
>Guillermo Ib??ez wrote:
>
>
>>Guillermo Ib??ez wrote:
>>
>>Joe Touch wrote:
>>
>>
>>
>>
>>>Guillermo Ib??ez wrote:
>>>...
>>>
>>>
>>>
>>>
>>>
>>>>I agree with your view, except about ARP.
>>>>Is there any estimation on the ARP load expected on Rbridges as ARP
>>>>proxies and hosts in general (ARPs unsolved by proxies)?
>>>>I wonder whether the Rbridges are the most suited devices to handle many
>>>>ARP requests. For big networks like this it might be worth to consider
>>>>the use of separate ARP servers distributed over the subnetwork instead
>>>>of ARP proxies at Rbridges.
>>>>
>>>>
>>>>
>>>>
>>>I am anticipating that RBridges should handle ARPs via broadcast as a
>>>default; we're looking into proxy-ARP based on knowledge of ingress
>>>locations, to reduce ARP load. That solution would need to be fault
>>>tolerant to loss of the proxy mechanism, whether distributed or at a server.
>>>
>>>Joe
>>>
>>>
>>>
>>>
>>>
>>Right. Default must always be ARP broadcast. I understand that in this
>>case the frame is not encapsulated, just forwarded by Rbridge.
>>
>>
>
>All packets arriving at an egress are always encapsulated, including
>ARPs. The only non-encapsulated packets inside an RBridge campus would
>be RBridge control traffic, e.g., routing protocols and encapsulation
>table setup.
>
>
>> ARP load is somewhat reduced in the core by diffusing ARP to Rbridges
>>via a specific multicast address iso broadcast address . But still the
>>cost of local ARPs issued by each Rbridge at the ends may be significative.
>>
>>
>
>Sure - ARPs not only flood the RBridge campus, but also the stubs that
>attach. But that's a property of all L2 networks; broadcasts broadcast.
>
>
>
>>I wonder if an ARP server/registrar approach can be foreseen as an
>>alternative or complementary strategy. The Designated Rbridge registers
>>each host, when an ARP is received, at a (distributed) ARP server.
>>
>>
>
>When an ARP reply is received, that can be done. But the first ARP to an
>otherwise unknown host, which has silently attached to a stub at an
>RBridge ingress, is unknown. The only way to find it is to flood.
>
>
>
True. But this is the only case.
>>This
>>can help to enforce security (like preventing MAC spoofing) and also
>>ensure ARP resolution in one step without broadcast.
>>
>>
>
>Correct the above if not correct, but assuming that there is no way to
>secure ARP that doesn't modify ARP too.
>
>
ARP query would be performed by the Designated Router (encapsulated
query directed to the ARP server). I am not expert, but I guess the
server can autenticate the DRs. I agree that a host may spoof its MAC
but security measures are possible both at the ARP server (the spoofed
host is registered in same server) and at the DR (attacks and behaviour
will likely concentrate on a certain port of DR)
>
>
>>The point is to
>>distribute the load of ARP registry and queries between multiple ARP
>>servers. This may be based on IP hashing.
>>
>>
>
>Sure, hashing will direct you to the right cache. But how does that
>cache know what to reply? It can't unless IT floods; that's the catch-22.
>
>Joe
>
>
>
The cach? knows the content because it is the unique both server and
registrar for the IP addresses set. Prior to that query, upon first ARP
issued the host was registered by the DR at that cach?, based on its
hash(IP) . An ARP cache query from host would produce from DR two
packets : a registration of originating host at ARP registrar and an ARP
query of destination host at ARP server.
Regards
Guillermo
>>Regards
>>Guillermo
>>
>>
>>
>>
>>>------------------------------------------------------------------------
>>>
>>>_______________________________________________
>>>rbridge mailing list
>>>rbridge@postel.org
>>>http://www.postel.org/mailman/listinfo/rbridge
>>>
>>>
>>>
>>>
>>_______________________________________________
>>rbridge mailing list
>>rbridge@postel.org
>>http://www.postel.org/mailman/listinfo/rbridge
>>
>>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.4 (MingW32)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFCe5ChE5f5cImnZrsRAhYCAKCTK+bm/VtZ/7yGtU4Qi12pEC8B0QCfSJv0
>Iv1gD4eJ7OyDsvTkRCB/ZXg=
>=DzCO
>-----END PGP SIGNATURE-----
>_______________________________________________
>rbridge mailing list
>rbridge@postel.org
>http://www.postel.org/mailman/listinfo/rbridge
>
>
>
Received: from [128.9.168.55] (upn.isi.edu [128.9.168.55]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j46FfN616654; Fri, 6 May 2005 08:41:23 -0700 (PDT)
Message-ID: <427B90A1.3070609@isi.edu>
Date: Fri, 06 May 2005 08:43:29 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es> <4278F046.7090305@isi.edu> <427B2BBD.2070303@it.uc3m.es> <427B819F.2060900@isi.edu> <427B8CCA.70200@it.uc3m.es>
In-Reply-To: <427B8CCA.70200@it.uc3m.es>
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2005 15:42:03 -0000
Status: RO
Content-Length: 3288
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Guillermo Ib??ez wrote:
> Guillermo Ib??ez wrote:
>
> Joe Touch wrote:
>
>
>>Guillermo Ib??ez wrote:
>>...
>>
>>
>>
>>>I agree with your view, except about ARP.
>>>Is there any estimation on the ARP load expected on Rbridges as ARP
>>>proxies and hosts in general (ARPs unsolved by proxies)?
>>>I wonder whether the Rbridges are the most suited devices to handle many
>>>ARP requests. For big networks like this it might be worth to consider
>>>the use of separate ARP servers distributed over the subnetwork instead
>>>of ARP proxies at Rbridges.
>>>
>>>
>>
>>I am anticipating that RBridges should handle ARPs via broadcast as a
>>default; we're looking into proxy-ARP based on knowledge of ingress
>>locations, to reduce ARP load. That solution would need to be fault
>>tolerant to loss of the proxy mechanism, whether distributed or at a server.
>>
>>Joe
>>
>>
>>
>
> Right. Default must always be ARP broadcast. I understand that in this
> case the frame is not encapsulated, just forwarded by Rbridge.
All packets arriving at an egress are always encapsulated, including
ARPs. The only non-encapsulated packets inside an RBridge campus would
be RBridge control traffic, e.g., routing protocols and encapsulation
table setup.
> ARP load is somewhat reduced in the core by diffusing ARP to Rbridges
> via a specific multicast address iso broadcast address . But still the
> cost of local ARPs issued by each Rbridge at the ends may be significative.
Sure - ARPs not only flood the RBridge campus, but also the stubs that
attach. But that's a property of all L2 networks; broadcasts broadcast.
> I wonder if an ARP server/registrar approach can be foreseen as an
> alternative or complementary strategy. The Designated Rbridge registers
> each host, when an ARP is received, at a (distributed) ARP server.
When an ARP reply is received, that can be done. But the first ARP to an
otherwise unknown host, which has silently attached to a stub at an
RBridge ingress, is unknown. The only way to find it is to flood.
> This
> can help to enforce security (like preventing MAC spoofing) and also
> ensure ARP resolution in one step without broadcast.
Correct the above if not correct, but assuming that there is no way to
secure ARP that doesn't modify ARP too.
> The point is to
> distribute the load of ARP registry and queries between multiple ARP
> servers. This may be based on IP hashing.
Sure, hashing will direct you to the right cache. But how does that
cache know what to reply? It can't unless IT floods; that's the catch-22.
Joe
> Regards
> Guillermo
>
>
>>------------------------------------------------------------------------
>>
>>_______________________________________________
>>rbridge mailing list
>>rbridge@postel.org
>>http://www.postel.org/mailman/listinfo/rbridge
>>
>>
>
>
> _______________________________________________
> rbridge mailing list
> rbridge@postel.org
> http://www.postel.org/mailman/listinfo/rbridge
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCe5ChE5f5cImnZrsRAhYCAKCTK+bm/VtZ/7yGtU4Qi12pEC8B0QCfSJv0
Iv1gD4eJ7OyDsvTkRCB/ZXg=
=DzCO
-----END PGP SIGNATURE-----
Received: from smtp02.uc3m.es (smtp02.uc3m.es [163.117.136.122]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j46FRD612441 for <rbridge@postel.org>; Fri, 6 May 2005 08:27:13 -0700 (PDT)
Received: from smtp02.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id 7A62349F50 for <rbridge@postel.org>; Fri, 6 May 2005 17:27:06 +0200 (CEST)
Received: from [163.117.55.166] (unknown [163.117.55.166]) by smtp02.uc3m.es (Postfix) with ESMTP id 3642C49F49 for <rbridge@postel.org>; Fri, 6 May 2005 17:27:06 +0200 (CEST)
Message-ID: <427B8CCA.70200@it.uc3m.es>
Date: Fri, 06 May 2005 17:27:06 +0200
From: =?ISO-8859-1?Q?Guillermo_Ib=E1=F1ez?= <gibanez@it.uc3m.es>
User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es> <4278F046.7090305@isi.edu> <427B2BBD.2070303@it.uc3m.es> <427B819F.2060900@isi.edu>
In-Reply-To: <427B819F.2060900@isi.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: gibanez@it.uc3m.es
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2005 15:28:29 -0000
Status: RO
Content-Length: 1890
Guillermo Ib??ez wrote:
Joe Touch wrote:
>Guillermo Ib??ez wrote:
>...
>
>
>>I agree with your view, except about ARP.
>>Is there any estimation on the ARP load expected on Rbridges as ARP
>>proxies and hosts in general (ARPs unsolved by proxies)?
>>I wonder whether the Rbridges are the most suited devices to handle many
>>ARP requests. For big networks like this it might be worth to consider
>>the use of separate ARP servers distributed over the subnetwork instead
>>of ARP proxies at Rbridges.
>>
>>
>
>I am anticipating that RBridges should handle ARPs via broadcast as a
>default; we're looking into proxy-ARP based on knowledge of ingress
>locations, to reduce ARP load. That solution would need to be fault
>tolerant to loss of the proxy mechanism, whether distributed or at a server.
>
>Joe
>
>
>
Right. Default must always be ARP broadcast. I understand that in this
case the frame is not encapsulated, just forwarded by Rbridge.
ARP load is somewhat reduced in the core by diffusing ARP to Rbridges
via a specific multicast address iso broadcast address . But still the
cost of local ARPs issued by each Rbridge at the ends may be significative.
I wonder if an ARP server/registrar approach can be foreseen as an
alternative or complementary strategy. The Designated Rbridge registers
each host, when an ARP is received, at a (distributed) ARP server. This
can help to enforce security (like preventing MAC spoofing) and also
ensure ARP resolution in one step without broadcast. The point is to
distribute the load of ARP registry and queries between multiple ARP
servers. This may be based on IP hashing.
Regards
Guillermo
>------------------------------------------------------------------------
>
>_______________________________________________
>rbridge mailing list
>rbridge@postel.org
>http://www.postel.org/mailman/listinfo/rbridge
>
>
Received: from [192.168.1.47] (pool-71-106-98-38.lsanca.dsl-w.verizon.net [71.106.98.38]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j46EdW626692; Fri, 6 May 2005 07:39:32 -0700 (PDT)
Message-ID: <427B819F.2060900@isi.edu>
Date: Fri, 06 May 2005 07:39:27 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es> <4278F046.7090305@isi.edu> <427B2BBD.2070303@it.uc3m.es>
In-Reply-To: <427B2BBD.2070303@it.uc3m.es>
X-Enigmail-Version: 0.91.0.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigFE40DB14BF6A56F7552BCEA1"
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2005 14:40:12 -0000
Status: RO
Content-Length: 1476
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigFE40DB14BF6A56F7552BCEA1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Guillermo Ib=E1=F1ez wrote:
=2E..
> I agree with your view, except about ARP.=20
> Is there any estimation on the ARP load expected on Rbridges as ARP=20
> proxies and hosts in general (ARPs unsolved by proxies)?
> I wonder whether the Rbridges are the most suited devices to handle man=
y=20
> ARP requests. For big networks like this it might be worth to consider =
> the use of separate ARP servers distributed over the subnetwork instead=
=20
> of ARP proxies at Rbridges.
I am anticipating that RBridges should handle ARPs via broadcast as a
default; we're looking into proxy-ARP based on knowledge of ingress
locations, to reduce ARP load. That solution would need to be fault
tolerant to loss of the proxy mechanism, whether distributed or at a serv=
er.
Joe
--------------enigFE40DB14BF6A56F7552BCEA1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCe4GfE5f5cImnZrsRAp1qAKDdGz7qyHac2O72wiANWkfmjs3sVwCcDSO5
eZt1rFtrjNxtWrJCR4cSJes=
=aDVa
-----END PGP SIGNATURE-----
--------------enigFE40DB14BF6A56F7552BCEA1--
Received: from smtp03.uc3m.es (smtp03.uc3m.es [163.117.136.123]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j468X8623710 for <rbridge@postel.org>; Fri, 6 May 2005 01:33:08 -0700 (PDT)
Received: from smtp03.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id 6F03E4922B for <rbridge@postel.org>; Fri, 6 May 2005 10:33:01 +0200 (CEST)
Received: from [163.117.55.166] (unknown [163.117.55.166]) by smtp03.uc3m.es (Postfix) with ESMTP id 17B36491E3 for <rbridge@postel.org>; Fri, 6 May 2005 10:33:01 +0200 (CEST)
Message-ID: <427B2BBD.2070303@it.uc3m.es>
Date: Fri, 06 May 2005 10:33:01 +0200
From: =?ISO-8859-1?Q?Guillermo_Ib=E1=F1ez?= <gibanez@it.uc3m.es>
User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es> <4278F046.7090305@isi.edu>
In-Reply-To: <4278F046.7090305@isi.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: gibanez@it.uc3m.es
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2005 08:34:03 -0000
Status: RO
Content-Length: 4898
Joe Touch wrote:
>Guillermo Ib??ez wrote:
>
>
>>Hello Joe,
>>
>>More on maximum network size.
>>
>>
>
>As a prelude, YES - lots of engineering issues...
>
>
>
>>-So we can expect, for a network with one hundred thousand hosts, rbridges
>>with tables of that size. OK?
>>(No problem so far).
>>
>>
>
>Ingresses need to have enough information to encapsulate based on
>destination host MAC address; that can be accomplished two ways:
> - full tables carried at each ingress
> which would be hard to compress, but might
> be hashable
> - internal bootstrap
> 1) internal 'ARP' when a previously unknown
> MAC arrives at the ingress, resolving to a cached
> entry
>
> 2) implied 'ARP' by broadcasting the packet
> with the successful egress back-propagating
> the entry later
>
>I suspect a combination may be required, since there will be packets
>whose MAC may not be knowable at the egress (silently attached), so we
>may have to flood the network to even find the right egress to use. This
>is no different from what bridges do, though...
>
>
>
>>-Scalable routing between Rbridges: my understanding is that MAC addresses
>>are used for routing between them. Although the number of bridges will no be
>>too high (i.e thousands), I do not understand well the meaning of
>>"scalability of routing" as the flat addresses used do not permit route
>>aggregation. I did not follow the routing discussiong so may be I missed
>>something.
>>
>>
>
>Yes, we need a routing protocol that can scale. Note, however, that
>we're forwarding internally ONLY on the destination rbridge address, NOT
>the original packet's MAC address. So the number of entries is the
>number of egresses, NOT the number of end hosts.
>
>The tradeoff is in the encapsulation table size (first item above);
>_that_ table is O(# attached hosts), whereas the routing is O(# egresses).
>
>
>
>>Rbridge types
>>- You mention "interior" Rbridges and "edge" Rbridges. Do you see any
>>functional differentiation between these two types ?
>>
>>
>
>Egress nodes need encapsulation tables and forwarding tables; interior
>nodes just need forwarding tables and could be cheaper.
>
>
>
>>In this case handled it
>>could be handled by self configuration (upon detection of hosts an interior
>>bridge becomes edge bridge). My understanding is that there are no
>>functional differentiation of Rbridges, but engineering differences to
>>optimize between "core" Rbridges and "access" Rbridges. Right?
>>
>>
>
>A edge bridge can easily function as interior; an interior might not
>function as an edge. This may favor a single integrated design. The
>behavior is configured on a per-MAC basis (traffic coming from another
>rbridge in your campus is internal; all other traffic is external). This
>should be very easy to automate, IMO (do an echo algorithm to find all
>connected rbridges, declare that one campus unless manually configured
>not to, and use those MACs as internal traffic).
>
>The distinction based on device is better for describing the system, but
>in practice I would expect it would be per-MAC, not per-box.
>
>I hope this all helps - I can add it to the doc.
>
>Joe
>
>
>
>>Regards
>>Guillermo Iba?ez
>>
>>-----Mensaje original-----
>>De: rbridge-bounces@postel.org [mailto:rbridge-bounces@postel.org] En nombre
>>de Joe Touch
>>Enviado el: domingo, 01 de mayo de 2005 5:27
>>Para: Developing a hybrid router/bridge.
>>Asunto: Re: [rbridge] Max Network size
>>
>>
>>
>>
>>Guillermo Ib??ez wrote:
>>
>>
>>
>>>I have a question:
>>> What is the maximum network size (number of hosts)
>>>required/expected
>>>in TRILL? May be it was already stated somewhere, I am not aware of it.
>>>Regards
>>>Guillermo Ib??ez
>>>
>>>
>>There is no limit of design; it is based on the capability of edge RBridges
>>to handle encapsulation tables, as well as of interior RBridges to have
>>scalable routing.
>>
>>We expect to scale to numbers of hosts much higher than current bridges,
>>but it's hard to predict what the knee of the design curve will be (IMO).
>>
>>Joe
>>
>>
>>_______________________________________________
>>rbridge mailing list
>>rbridge@postel.org
>>http://www.postel.org/mailman/listinfo/rbridge
>>
>>
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>rbridge mailing list
>rbridge@postel.org
>http://www.postel.org/mailman/listinfo/rbridge
>
>
I agree with your view, except about ARP.
Is there any estimation on the ARP load expected on Rbridges as ARP
proxies and hosts in general (ARPs unsolved by proxies)?
I wonder whether the Rbridges are the most suited devices to handle many
ARP requests. For big networks like this it might be worth to consider
the use of separate ARP servers distributed over the subnetwork instead
of ARP proxies at Rbridges.
Regards
Guillermo
Received: from mailout2.samsung.com (mailout2.samsung.com [203.254.224.25]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j44IMp624324 for <rbridge@postel.org>; Wed, 4 May 2005 11:22:51 -0700 (PDT)
Received: from ep_mmp2 (mailout2.samsung.com [203.254.224.25]) by mailout2.samsung.com (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IFZ008FI9PWMM@mailout2.samsung.com> for rbridge@postel.org; Thu, 05 May 2005 03:22:44 +0900 (KST)
Received: from Alperyegin ([105.253.155.11]) by mmp2.samsung.com (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23 2003)) with ESMTPA id <0IFZ008U29PSIW@mmp2.samsung.com> for rbridge@postel.org; Thu, 05 May 2005 03:22:44 +0900 (KST)
Date: Wed, 04 May 2005 11:22:03 -0700
From: Alper Yegin <alper.yegin@samsung.com>
In-reply-to: <42783E5D.9000107@eng.monash.edu.au>
To: greg.daley@eng.monash.edu.au, "'Developing a hybrid router/bridge.'" <rbridge@postel.org>, "'Erik Nordmark'" <erik.nordmark@sun.com>
Message-id: <03f501c550d6$2dd0cfd0$291d9069@sisa.samsung.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Mailer: Microsoft Outlook, Build 10.0.2627
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: alper.yegin@samsung.com
Subject: Re: [rbridge] Existing issues in root bridge selection for LANs.
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2005 18:23:49 -0000
Status: RO
Content-Length: 544
> I'm not sure if the RB as Root Bridge idea is always beneficial, but
> would it be worth looking into?
I think it is more likely to be beneficial, given that it is (they are)
used as the ingress and egress to the rest of the LAN (ie, connecting
bridged segment to the rest of the LAN). But of course, if there is
heavy traffic local to the bridged segment (below RB(s)), then all the
bets are off.
I think it can be a good default choice, that can be overridden by
manual config or any other dynamic mechanism (if there is any).
Alper
Received: from [70.213.121.51] (51.sub-70-213-121.myvzw.com [70.213.121.51]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j44Fsr619954; Wed, 4 May 2005 08:54:53 -0700 (PDT)
Message-ID: <4278F046.7090305@isi.edu>
Date: Wed, 04 May 2005 08:54:46 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es>
In-Reply-To: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es>
X-Enigmail-Version: 0.91.0.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigA329E1CC08CEBA2E56C090EC"
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2005 15:55:52 -0000
Status: RO
Content-Length: 4824
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA329E1CC08CEBA2E56C090EC
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Guillermo Ib=E1=F1ez wrote:
> Hello Joe,
>=20
> More on maximum network size.
As a prelude, YES - lots of engineering issues...
> -So we can expect, for a network with one hundred thousand hosts, rbrid=
ges
> with tables of that size. OK?
> (No problem so far).
Ingresses need to have enough information to encapsulate based on
destination host MAC address; that can be accomplished two ways:
- full tables carried at each ingress
which would be hard to compress, but might
be hashable
- internal bootstrap
1) internal 'ARP' when a previously unknown
MAC arrives at the ingress, resolving to a cached
entry
2) implied 'ARP' by broadcasting the packet
with the successful egress back-propagating
the entry later
I suspect a combination may be required, since there will be packets
whose MAC may not be knowable at the egress (silently attached), so we
may have to flood the network to even find the right egress to use. This
is no different from what bridges do, though...
> -Scalable routing between Rbridges: my understanding is that MAC addres=
ses
> are used for routing between them. Although the number of bridges will =
no be
> too high (i.e thousands), I do not understand well the meaning of
> "scalability of routing" as the flat addresses used do not permit route=
> aggregation. I did not follow the routing discussiong so may be I misse=
d
> something.
Yes, we need a routing protocol that can scale. Note, however, that
we're forwarding internally ONLY on the destination rbridge address, NOT
the original packet's MAC address. So the number of entries is the
number of egresses, NOT the number of end hosts.
The tradeoff is in the encapsulation table size (first item above);
_that_ table is O(# attached hosts), whereas the routing is O(# egresses)=
=2E
> Rbridge types
> - You mention "interior" Rbridges and "edge" Rbridges. Do you see any
> functional differentiation between these two types ?
Egress nodes need encapsulation tables and forwarding tables; interior
nodes just need forwarding tables and could be cheaper.
> In this case handled it
> could be handled by self configuration (upon detection of hosts an inte=
rior
> bridge becomes edge bridge). My understanding is that there are no
> functional differentiation of Rbridges, but engineering differences to
> optimize between "core" Rbridges and "access" Rbridges. Right? =20
A edge bridge can easily function as interior; an interior might not
function as an edge. This may favor a single integrated design. The
behavior is configured on a per-MAC basis (traffic coming from another
rbridge in your campus is internal; all other traffic is external). This
should be very easy to automate, IMO (do an echo algorithm to find all
connected rbridges, declare that one campus unless manually configured
not to, and use those MACs as internal traffic).
The distinction based on device is better for describing the system, but
in practice I would expect it would be per-MAC, not per-box.
I hope this all helps - I can add it to the doc.
Joe
> Regards
> Guillermo Iba=F1ez
>=20
> -----Mensaje original-----
> De: rbridge-bounces@postel.org [mailto:rbridge-bounces@postel.org] En n=
ombre
> de Joe Touch
> Enviado el: domingo, 01 de mayo de 2005 5:27
> Para: Developing a hybrid router/bridge.
> Asunto: Re: [rbridge] Max Network size
>=20
>=20
>=20
>=20
> Guillermo Ib=E1=F1ez wrote:
>=20
>>I have a question:
>> What is the maximum network size (number of hosts)=20
>>required/expected
>>in TRILL? May be it was already stated somewhere, I am not aware of it.=
>>Regards
>>Guillermo Ib=E1=F1ez
>=20
>=20
> There is no limit of design; it is based on the capability of edge RBri=
dges
> to handle encapsulation tables, as well as of interior RBridges to have=
> scalable routing.
>=20
> We expect to scale to numbers of hosts much higher than current bridges=
,
> but it's hard to predict what the knee of the design curve will be (IMO=
).
>=20
> Joe
>=20
>=20
> _______________________________________________
> rbridge mailing list
> rbridge@postel.org
> http://www.postel.org/mailman/listinfo/rbridge
--------------enigA329E1CC08CEBA2E56C090EC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCePBGE5f5cImnZrsRAqwXAKDuc3KEMB695R0EAsb3CTcQ2Fpo9gCePjs8
gWqVSVhelHlsJWYqF9/Vjxo=
=5XGF
-----END PGP SIGNATURE-----
--------------enigA329E1CC08CEBA2E56C090EC--
Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.136.121]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j44Bje627949 for <rbridge@postel.org>; Wed, 4 May 2005 04:45:41 -0700 (PDT)
Received: from smtp01.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id E3E455D9B1 for <rbridge@postel.org>; Wed, 4 May 2005 13:45:33 +0200 (CEST)
Received: from 11B111 (unknown [163.117.54.184]) by smtp01.uc3m.es (Postfix) with ESMTP id 522AB5D9CA for <rbridge@postel.org>; Wed, 4 May 2005 13:45:33 +0200 (CEST)
From: =?iso-8859-1?Q?Guillermo_Ib=E1=F1ez?= <gibanez@it.uc3m.es>
To: "'Developing a hybrid router/bridge.'" <rbridge@postel.org>
Date: Wed, 4 May 2005 13:45:33 +0200
Message-ID: <000001c5509e$c809d6b0$b83675a3@ad.uc3m.es>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
Importance: Normal
In-Reply-To: <42744C80.4010309@isi.edu>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: gibanez@it.uc3m.es
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by boreas.isi.edu id j44Bje627949
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2005 11:45:47 -0000
Status: RO
Content-Length: 1806
Hello Joe,
More on maximum network size.
-So we can expect, for a network with one hundred thousand hosts, rbridges
with tables of that size. OK?
(No problem so far).
-Scalable routing between Rbridges: my understanding is that MAC addresses
are used for routing between them. Although the number of bridges will no be
too high (i.e thousands), I do not understand well the meaning of
"scalability of routing" as the flat addresses used do not permit route
aggregation. I did not follow the routing discussiong so may be I missed
something.
Rbridge types
- You mention "interior" Rbridges and "edge" Rbridges. Do you see any
functional differentiation between these two types ? In this case handled it
could be handled by self configuration (upon detection of hosts an interior
bridge becomes edge bridge). My understanding is that there are no
functional differentiation of Rbridges, but engineering differences to
optimize between "core" Rbridges and "access" Rbridges. Right?
Regards
Guillermo Iba?ez
-----Mensaje original-----
De: rbridge-bounces@postel.org [mailto:rbridge-bounces@postel.org] En nombre
de Joe Touch
Enviado el: domingo, 01 de mayo de 2005 5:27
Para: Developing a hybrid router/bridge.
Asunto: Re: [rbridge] Max Network size
Guillermo Ib??ez wrote:
> I have a question:
> What is the maximum network size (number of hosts)
> required/expected
> in TRILL? May be it was already stated somewhere, I am not aware of it.
> Regards
> Guillermo Ib??ez
There is no limit of design; it is based on the capability of edge RBridges
to handle encapsulation tables, as well as of interior RBridges to have
scalable routing.
We expect to scale to numbers of hosts much higher than current bridges,
but it's hard to predict what the knee of the design curve will be (IMO).
Joe
Received: from [64.134.119.190] (dhcp64-134-119-190.casa.mia.wayport.net [64.134.119.190]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j44BIJ620685; Wed, 4 May 2005 04:18:19 -0700 (PDT)
Message-ID: <4278AF77.3080407@isi.edu>
Date: Wed, 04 May 2005 04:18:15 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <4276E2D8.6080609@eng.monash.edu.au> <4277AE1C.5020104@sun.com> <42781756.40704@eng.monash.edu.au> <42782273.5060608@sun.com>
In-Reply-To: <42782273.5060608@sun.com>
X-Enigmail-Version: 0.91.0.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig84E1084EFF505EA145FF1281"
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: Re: [rbridge] Existing issues in root bridge selection for LANs.
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2005 11:18:47 -0000
Status: RO
Content-Length: 1349
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig84E1084EFF505EA145FF1281
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Erik Nordmark wrote:
...
> Hmm - a term like "TRILL routers" might be a bit confusing.
> We need to be able to discuss networks which have
> - L2 endpoints
> IP hosts
> IP routers
> - Existing bridges
> - TRILL devices (aka rbridges)
>
> When I want to draw diagrams showing routers R1, R2, bridges (B1, B2,
> ..), hosts (H1, H2, ..) I've found it useful to pick another letter for
> the hybrid TRILL devices, so I've used "T".
> But a term like "trillers" for these devices is a bit odd. I guess we
> could use Rbridges and name them RB1, RB2, etc.
We use the term rbridges in the current ID, and label them RB1, RB2,
etc. as you note.
Joe
--------------enig84E1084EFF505EA145FF1281
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCeK93E5f5cImnZrsRAsq2AKCBVNnn3K2Z9DV3xgjokorJZ9DRIwCfXX1Z
IpOy3R2acv3Iz9h7P4HiVDc=
=wDe8
-----END PGP SIGNATURE-----
--------------enig84E1084EFF505EA145FF1281--
Received: from ALPHA8.ITS.MONASH.EDU.AU (alpha8.its.monash.edu.au [130.194.1.8]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j443G5610041 for <rbridge@postel.org>; Tue, 3 May 2005 20:16:05 -0700 (PDT)
Received: from localhost ([130.194.13.87]) by vaxh.its.monash.edu.au (PMDF V6.2-1 #31112) with ESMTP id <01LNV0Y5PDSA9AN8TJ@vaxh.its.monash.edu.au> for rbridge@postel.org; Wed, 04 May 2005 13:15:46 +1000
Received: from curly.its.monash.edu.au (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id 7E364AB542; Wed, 04 May 2005 13:15:46 +1000 (EST)
Received: from [130.194.252.110] (knuth.eng.monash.edu.au [130.194.252.110]) by curly.its.monash.edu.au (Postfix) with ESMTP id 604584FB03; Wed, 04 May 2005 13:15:46 +1000 (EST)
Date: Wed, 04 May 2005 13:15:41 +1000
From: Greg Daley <greg.daley@eng.monash.edu.au>
In-reply-to: <42782273.5060608@sun.com>
To: Erik Nordmark <erik.nordmark@sun.com>
Message-id: <42783E5D.9000107@eng.monash.edu.au>
Organization: Monash University
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
X-Accept-Language: en, en-us
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922
References: <4276E2D8.6080609@eng.monash.edu.au> <4277AE1C.5020104@sun.com> <42781756.40704@eng.monash.edu.au> <42782273.5060608@sun.com>
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: greg.daley@eng.monash.edu.au
Cc: "Developing a hybrid router/bridge." <rbridge@postel.org>
Subject: Re: [rbridge] Existing issues in root bridge selection for LANs.
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: greg.daley@eng.monash.edu.au, "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2005 03:16:44 -0000
Status: RO
Content-Length: 4961
Hi Erik,
Sorry about not knowing the right terms to use.
I'll try to adopt the ones you used.
Erik Nordmark wrote:
> Greg Daley wrote:
>
>> Given that each trill network interfaces with a legacy 802.1 LAN,
>> some work to choose a good root for the 802.1D spanning-tree in each
>> LAN would be useful to reduce the aggregate traffic load on the network.
>
>
> Ah - sorry for the misunderstanding.
> Exactly what makes sense in this case has to do with both the details of
> how rbridges interact with bridges, and what network topology gets
> deployed.
Yes, definitely.
I'd be interested to see if the model is applicable though,
so that I can determine if I need to go off and do more analysis
of the potential benefits.
>> This doesn't require modification to the 802.1D mechanism, except
>> that devices which know they are closer to the ingress/egress of
>> the network can make their chances better.
>>
>> The original idea I had was before my rbridge awareness (notice that
>> the router R in the network wasn't considered). Where trill routers
>> are present, they have direct knowledge that they are at the edge
>> of a LAN, and are potential ingress/egress points.
>
>
> Hmm - a term like "TRILL routers" might be a bit confusing.
> We need to be able to discuss networks which have
> - L2 endpoints
> IP hosts
> IP routers
> - Existing bridges
> - TRILL devices (aka rbridges)
>
> When I want to draw diagrams showing routers R1, R2, bridges (B1, B2,
> ..), hosts (H1, H2, ..) I've found it useful to pick another letter for
> the hybrid TRILL devices, so I've used "T".
> But a term like "trillers" for these devices is a bit odd. I guess we
> could use Rbridges and name them RB1, RB2, etc.
OK, I'll put T, for Trill or Terminus Bridges... or something.
>> It's possible to use trill's routing protocol on the legacy LAN
>> to elect which of the trill routers will be the most preferred root
>> (rather than for exchange of link state).
>
>
> If you are assuming that the RSTP protocol terminates at the rbridges,
> then you end up with a sub-topology of the LAN with e.g.
>
> <rest of LAN up here>
> | |
> RB1 RB2
> | |
> -------------------
> | | |
> H1 H2 R1
>
> Where the line is the middle is made up of bridges.
> Thus the issue is where RSTP places the root bridge in this sub-topology
> of the whole LAN.
>
> Do I understand your case correctly?
Yes.
> Note that RB1 and RB2 needs to elect one of them to be the forwarder
> between the sub-topology and the rest of the LAN, to make sure that the
> learning tables in the bridges don't flap from seeing packets from the
> same source MAC address sometimes come from RB1 and other times from
> RB2. The bridges will then forward packets based on the port they
> learned the MAC address on, i.e. back towards the RB that forwarded
> packets "in".
>
> Depending on the bridge topology "below" RB1 and RB2, it might very well
> make sense to have the RSTP root bridge be close to RB1/RB2.
> It might even make sense to have RB1/RB2 to act as a bridge on the lower
> interface so that itself can become the root bridge.
This is what I was thinking was particularly applicable to Trill.
> But a lot of this depends on the topology and traffic patterns "below"
> the RBs in the figure.
Indeed. That's the case.
My guess (still not checked generally) is that if more traffic is
flowing into and out of one RBridge, then it will be the best place
to have a root (for scalability and traffic dimensioning purposes).
Your diagram is a useful one, since it illustrates non-Trill capable
routers in the network.
In those situations the Internet Router is likely to be the best
root bridge of all, and its adjacent bridge is likely to not be a Trill
device, and is not likely to be able to automatically configure.
Here it's likely that the root bridge will have to be selected manually,
although there may be a case for automatic root bridge selection on
one of the Trill devices, over default preference devices if it is
likely to be a big traffic generator.
>> Alternatively, if no routing protocol is explicitly used on the legacy
>> LAN, routers within the trill cloud which know they are attached to the
>> same legacy LAN can determine from their trill routing knowledge which
>> is the best root.
>
>
> I didn't understand this part.
I was thinking that if the trill devices are connected to the same trill
cloud ("above" the RBs in the diagram), they could do the root
preference election on the "above" side, based on link-state
knowledge from the "below" LAN.
This was basically an off-the-cuff idea though. It's probably better to
run the lot on the "below" side to handle disjoint Trill domains
connecting to the same legacy LAN.
I'm not sure if the RB as Root Bridge idea is always beneficial, but
would it be worth looking into?
Greg
Received: from brmea-mail-4.sun.com (brmea-mail-4.Sun.COM [192.18.98.36]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j441Ga610835 for <rbridge@postel.org>; Tue, 3 May 2005 18:16:36 -0700 (PDT)
Received: from jurassic.eng.sun.com ([129.146.108.31]) by brmea-mail-4.sun.com (8.12.10/8.12.9) with ESMTP id j441GXi7016819; Tue, 3 May 2005 19:16:34 -0600 (MDT)
Received: from [192.9.61.11] (punchin-nordmark.SFBay.Sun.COM [192.9.61.11]) by jurassic.eng.sun.com (8.13.4+Sun/8.13.4) with ESMTP id j441GVAG339938 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 3 May 2005 18:16:33 -0700 (PDT)
Message-ID: <42782273.5060608@sun.com>
Date: Tue, 03 May 2005 18:16:35 -0700
From: Erik Nordmark <erik.nordmark@sun.com>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050323)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: greg.daley@eng.monash.edu.au
References: <4276E2D8.6080609@eng.monash.edu.au> <4277AE1C.5020104@sun.com> <42781756.40704@eng.monash.edu.au>
In-Reply-To: <42781756.40704@eng.monash.edu.au>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: erik.nordmark@sun.com
Cc: "Developing a hybrid router/bridge." <rbridge@postel.org>
Subject: Re: [rbridge] Existing issues in root bridge selection for LANs.
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2005 01:16:42 -0000
Status: RO
Content-Length: 3097
Greg Daley wrote:
> Given that each trill network interfaces with a legacy 802.1 LAN,
> some work to choose a good root for the 802.1D spanning-tree in each
> LAN would be useful to reduce the aggregate traffic load on the network.
Ah - sorry for the misunderstanding.
Exactly what makes sense in this case has to do with both the details of
how rbridges interact with bridges, and what network topology gets deployed.
> This doesn't require modification to the 802.1D mechanism, except
> that devices which know they are closer to the ingress/egress of
> the network can make their chances better.
>
> The original idea I had was before my rbridge awareness (notice that
> the router R in the network wasn't considered). Where trill routers
> are present, they have direct knowledge that they are at the edge
> of a LAN, and are potential ingress/egress points.
Hmm - a term like "TRILL routers" might be a bit confusing.
We need to be able to discuss networks which have
- L2 endpoints
IP hosts
IP routers
- Existing bridges
- TRILL devices (aka rbridges)
When I want to draw diagrams showing routers R1, R2, bridges (B1, B2,
..), hosts (H1, H2, ..) I've found it useful to pick another letter for
the hybrid TRILL devices, so I've used "T".
But a term like "trillers" for these devices is a bit odd. I guess we
could use Rbridges and name them RB1, RB2, etc.
> It's possible to use trill's routing protocol on the legacy LAN
> to elect which of the trill routers will be the most preferred root
> (rather than for exchange of link state).
If you are assuming that the RSTP protocol terminates at the rbridges,
then you end up with a sub-topology of the LAN with e.g.
<rest of LAN up here>
| |
RB1 RB2
| |
-------------------
| | |
H1 H2 R1
Where the line is the middle is made up of bridges.
Thus the issue is where RSTP places the root bridge in this sub-topology
of the whole LAN.
Do I understand your case correctly?
Note that RB1 and RB2 needs to elect one of them to be the forwarder
between the sub-topology and the rest of the LAN, to make sure that the
learning tables in the bridges don't flap from seeing packets from the
same source MAC address sometimes come from RB1 and other times from
RB2. The bridges will then forward packets based on the port they
learned the MAC address on, i.e. back towards the RB that forwarded
packets "in".
Depending on the bridge topology "below" RB1 and RB2, it might very well
make sense to have the RSTP root bridge be close to RB1/RB2.
It might even make sense to have RB1/RB2 to act as a bridge on the lower
interface so that itself can become the root bridge.
But a lot of this depends on the topology and traffic patterns "below"
the RBs in the figure.
> Alternatively, if no routing protocol is explicitly used on the legacy
> LAN, routers within the trill cloud which know they are attached to the
> same legacy LAN can determine from their trill routing knowledge which
> is the best root.
I didn't understand this part.
Erik
Received: from ALPHA6.ITS.MONASH.EDU.AU (alpha6.its.monash.edu.au [130.194.1.25]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j440Tn627980 for <rbridge@postel.org>; Tue, 3 May 2005 17:29:49 -0700 (PDT)
Received: from localhost ([130.194.13.87]) by vaxc.its.monash.edu.au (PMDF V6.1 #31112) with ESMTP id <01LNUV4QLIXM94HXQU@vaxc.its.monash.edu.au> for rbridge@postel.org; Wed, 04 May 2005 10:29:17 +1000
Received: from curly.its.monash.edu.au (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id D5A1FAB544; Wed, 04 May 2005 10:29:16 +1000 (EST)
Received: from [130.194.252.110] (knuth.eng.monash.edu.au [130.194.252.110]) by curly.its.monash.edu.au (Postfix) with ESMTP id 67DFC4FB04; Wed, 04 May 2005 10:29:16 +1000 (EST)
Date: Wed, 04 May 2005 10:29:10 +1000
From: Greg Daley <greg.daley@eng.monash.edu.au>
In-reply-to: <4277AE1C.5020104@sun.com>
To: Erik Nordmark <erik.nordmark@sun.com>
Message-id: <42781756.40704@eng.monash.edu.au>
Organization: Monash University
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
X-Accept-Language: en, en-us
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922
References: <4276E2D8.6080609@eng.monash.edu.au> <4277AE1C.5020104@sun.com>
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: greg.daley@eng.monash.edu.au
Cc: "Developing a hybrid router/bridge." <rbridge@postel.org>
Subject: Re: [rbridge] Existing issues in root bridge selection for LANs.
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: greg.daley@eng.monash.edu.au, "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2005 00:30:45 -0000
Status: RO
Content-Length: 2826
Hi Erik,
Erik Nordmark wrote:
> Greg Daley wrote:
>
>> Hi,
>>
>> Here's the idea I was thinking about a while ago, which
>> looks applicable to rbridge. More work needs to be done,
>> to ensure that the mean path cost is always lower, but
>> I'd guess it's a fairly good bet to never be worse if
>> most of the traffic exists the LAN.
>
>
> Given that TRILL will use a use a link-state routing protocol to find
> the pair-wise shortest paths (without any configuration of any device),
> I don't see how this applies to TRILL.
>
> Are your proposing some improvements to the IEEE 802.1 protocols?
Given that each trill network interfaces with a legacy 802.1 LAN,
some work to choose a good root for the 802.1D spanning-tree in each
LAN would be useful to reduce the aggregate traffic load on the network.
This doesn't require modification to the 802.1D mechanism, except
that devices which know they are closer to the ingress/egress of
the network can make their chances better.
The original idea I had was before my rbridge awareness (notice that
the router R in the network wasn't considered). Where trill routers
are present, they have direct knowledge that they are at the edge
of a LAN, and are potential ingress/egress points.
It's possible to use trill's routing protocol on the legacy LAN
to elect which of the trill routers will be the most preferred root
(rather than for exchange of link state).
Alternatively, if no routing protocol is explicitly used on the legacy
LAN, routers within the trill cloud which know they are attached to the
same legacy LAN can determine from their trill routing knowledge which
is the best root.
>> This means that all switches have the same default
>> priority, and MAC addresses (as provided in the
>> lower order bits of the switch's BridgeID),
>> will be used to break ties between switches.
>>
>> Therefore unless a manual priority configuration is
>> provided, MAC switch vendors with the lowest IEEE OUI
>> will win.
>
>
> My understanding is that manual configuration is used in enterprise
> Ethernets, which among other things ensure that the root bridge is close
> to the routers.
Yes. Terrible isn't it!?
:)
The point I was making was that manual configuration is needed,
which means that the traffic flows need to be known
(in that case by an administrator). The same technique could be
applied automatically or heuristically.
I guess that if there's a requirement for trill/rbridge systems
to interconnect bunches of old gear, you don't want to pick a root
in each "area" manually.
The trill routers should be able to select/elect themselves as the
most likely root bridge (barring explicit manual configuration
perhaps??). I think Radia's point was that this adds stability.
My point was that the aggregate traffic load may be smaller.
Greg
Received: from [166.153.50.193] (193.sub-166-153-50.myvzw.com [166.153.50.193]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j43I9w617873; Tue, 3 May 2005 11:09:59 -0700 (PDT)
Message-ID: <4277BE71.5070500@isi.edu>
Date: Tue, 03 May 2005 11:09:53 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <4217BB3F.5060005@isi.edu>
In-Reply-To: <4217BB3F.5060005@isi.edu>
X-Enigmail-Version: 0.91.0.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigC3141F76BA060BAE616629D7"
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: [rbridge] updated internet draft - draft-perlman-rbridge-03.txt
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2005 18:10:45 -0000
Status: RO
Content-Length: 2253
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigC3141F76BA060BAE616629D7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Hi, all,
A revised RBridge I-D has been submitted and will be available in the
usual places shortly; in the meantime, a copy is available at
http://www.isi.edu/touch/pubs/draft-perlman-rbridge-03.txt
FYI...
Joe
----------
Network Working Group R. Perlman
Internet Draft Sun
Expires: November 2005 J. Touch
USC/ISI
A. Yegin
Samsung
May 2, 2005
RBridges: Transparent Routing
draft-perlman-rbridge-03.txt
...
Abstract
RBridges provide the ability to have an entire campus, with multiple
physical links, look to IP like a single subnet. The design allows
for zero configuration of switches within a campus, optimal pair-wise
routing, safe forwarding even during periods of temporary loops, and
the ability to cut down on ARP/ND traffic. The design also supports
VLANs, and allows forwarding tables to be based on RBridge
destinations (rather than endnode destinations), which allows
internal routing tables to be substantially smaller than in
conventional bridge systems.
This document is a work in progress; we invite you to participate on
the mailing list at http://www.postel.org/RBridge
--------------enigC3141F76BA060BAE616629D7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCd75xE5f5cImnZrsRAnAxAKDVHtRPR3SsshyZqzzonyLmv1YlZwCfUAm9
/AeRwjOnn88WFXGdsz2GjzY=
=xpN+
-----END PGP SIGNATURE-----
--------------enigC3141F76BA060BAE616629D7--
Received: from nwkea-mail-1.sun.com (nwkea-mail-1.sun.com [192.18.42.13]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j43H0D622000 for <rbridge@postel.org>; Tue, 3 May 2005 10:00:13 -0700 (PDT)
Received: from jurassic.eng.sun.com ([129.146.56.144]) by nwkea-mail-1.sun.com (8.12.10/8.12.9) with ESMTP id j43H0BjG013444; Tue, 3 May 2005 10:00:11 -0700 (PDT)
Received: from [192.9.61.11] (punchin-nordmark.SFBay.Sun.COM [192.9.61.11]) by jurassic.eng.sun.com (8.13.4+Sun/8.13.4) with ESMTP id j43H08o4120497 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 3 May 2005 10:00:09 -0700 (PDT)
Message-ID: <4277AE1C.5020104@sun.com>
Date: Tue, 03 May 2005 10:00:12 -0700
From: Erik Nordmark <erik.nordmark@sun.com>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050323)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: greg.daley@eng.monash.edu.au, "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <4276E2D8.6080609@eng.monash.edu.au>
In-Reply-To: <4276E2D8.6080609@eng.monash.edu.au>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: erik.nordmark@sun.com
Subject: Re: [rbridge] Existing issues in root bridge selection for LANs.
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2005 17:01:05 -0000
Status: RO
Content-Length: 1040
Greg Daley wrote:
> Hi,
>
> Here's the idea I was thinking about a while ago, which
> looks applicable to rbridge. More work needs to be done,
> to ensure that the mean path cost is always lower, but
> I'd guess it's a fairly good bet to never be worse if
> most of the traffic exists the LAN.
Given that TRILL will use a use a link-state routing protocol to find
the pair-wise shortest paths (without any configuration of any device),
I don't see how this applies to TRILL.
Are your proposing some improvements to the IEEE 802.1 protocols?
> This means that all switches have the same default
> priority, and MAC addresses (as provided in the
> lower order bits of the switch's BridgeID),
> will be used to break ties between switches.
>
> Therefore unless a manual priority configuration is
> provided, MAC switch vendors with the lowest IEEE OUI
> will win.
My understanding is that manual configuration is used in enterprise
Ethernets, which among other things ensure that the root bridge is close
to the routers.
Erik
Received: from [70.213.116.138] (138.sub-70-213-116.myvzw.com [70.213.116.138]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j43EaQ602316; Tue, 3 May 2005 07:36:27 -0700 (PDT)
Message-ID: <42778C62.5020700@isi.edu>
Date: Tue, 03 May 2005 07:36:18 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: greg.daley@eng.monash.edu.au, "Developing a hybrid router/bridge." <rbridge@postel.org>
References: <42726D57.1000301@it.uc3m.es> <42744C80.4010309@isi.edu> <4276E377.3040304@eng.monash.edu.au>
In-Reply-To: <4276E377.3040304@eng.monash.edu.au>
X-Enigmail-Version: 0.91.0.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig19DCFF86923ACDA4DCA9D6BC"
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2005 14:36:39 -0000
Status: RO
Content-Length: 1914
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig19DCFF86923ACDA4DCA9D6BC
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Greg Daley wrote:
> Hi Joe,
>=20
> Joe Touch wrote:
>=20
>>Guillermo Ib=E1=F1ez wrote:
>>
>>
>>>I have a question:
>>> What is the maximum network size (number of hosts) required/expected=
=20
>>>in TRILL? May be it was already stated somewhere, I am not aware of it=
=2E
>>>Regards
>>>Guillermo Ib=E1=F1ez
>>
>>
>>There is no limit of design; it is based on the capability of edge
>>RBridges to handle encapsulation tables, as well as of interior RBridge=
s
>>to have scalable routing.
>>
>>We expect to scale to numbers of hosts much higher than current bridges=
,
>> but it's hard to predict what the knee of the design curve will be (IM=
O).
>=20
>=20
> If I recall, the only explicit mentions about size (apart from Alex's
> routing cost overview) are that we don't want to scale to metropolis
> (Sydney?) size.
>=20
> Greg
I believe there may be limits to the geographic scale, since some
protocols (e.g., MAC, ARP) have timing expectations. There are systems
that have tried to overcome this (L2VPN), but I'm not as familiar with
how well their results work in that regard.
But the question focused on number of hosts, and I believe that
limitation is based on engineering, not architecture.
Joe
--------------enig19DCFF86923ACDA4DCA9D6BC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCd4xiE5f5cImnZrsRArdiAJ0WWXYHb9POSXg1fA1sW2wkXZ5LdQCggh22
q0/RFEpxNoQ3IXVg2KAHh9Q=
=QNKh
-----END PGP SIGNATURE-----
--------------enig19DCFF86923ACDA4DCA9D6BC--
Received: from ALPHA9.ITS.MONASH.EDU.AU (alpha9.its.monash.edu.au [130.194.1.9]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j432aC628257 for <rbridge@postel.org>; Mon, 2 May 2005 19:36:12 -0700 (PDT)
Received: from localhost ([130.194.13.87]) by vaxh.its.monash.edu.au (PMDF V6.2-1 #31112) with ESMTP id <01LNTL93RZCE99GM8C@vaxh.its.monash.edu.au> for rbridge@postel.org; Tue, 03 May 2005 12:35:40 +1000
Received: from curly.its.monash.edu.au (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id C18D3AB544 for <rbridge@postel.org>; Tue, 03 May 2005 12:35:40 +1000 (EST)
Received: from [130.194.252.110] (knuth.eng.monash.edu.au [130.194.252.110]) by curly.its.monash.edu.au (Postfix) with ESMTP id A0C344FB06 for <rbridge@postel.org>; Tue, 03 May 2005 12:35:40 +1000 (EST)
Date: Tue, 03 May 2005 12:35:35 +1000
From: Greg Daley <greg.daley@eng.monash.edu.au>
In-reply-to: <42744C80.4010309@isi.edu>
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
Message-id: <4276E377.3040304@eng.monash.edu.au>
Organization: Monash University
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-transfer-encoding: 8BIT
X-Accept-Language: en, en-us
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922
References: <42726D57.1000301@it.uc3m.es> <42744C80.4010309@isi.edu>
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: greg.daley@eng.monash.edu.au
Subject: Re: [rbridge] Max Network size
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: greg.daley@eng.monash.edu.au, "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2005 02:36:29 -0000
Status: RO
Content-Length: 752
Hi Joe,
Joe Touch wrote:
>
> Guillermo Ib??ez wrote:
>
>>I have a question:
>> What is the maximum network size (number of hosts) required/expected
>>in TRILL? May be it was already stated somewhere, I am not aware of it.
>>Regards
>>Guillermo Ib??ez
>
>
> There is no limit of design; it is based on the capability of edge
> RBridges to handle encapsulation tables, as well as of interior RBridges
> to have scalable routing.
>
> We expect to scale to numbers of hosts much higher than current bridges,
> but it's hard to predict what the knee of the design curve will be (IMO).
If I recall, the only explicit mentions about size (apart from Alex's
routing cost overview) are that we don't want to scale to metropolis
(Sydney?) size.
Greg
Received: from ALPHA1.ITS.MONASH.EDU.AU (alpha1.its.monash.edu.au [130.194.1.1]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j432X8627537 for <rbridge@postel.org>; Mon, 2 May 2005 19:33:08 -0700 (PDT)
Received: from localhost ([130.194.13.87]) by vaxc.its.monash.edu.au (PMDF V6.1 #31112) with ESMTP id <01LNTL5PLA6Y94I09F@vaxc.its.monash.edu.au> for rbridge@postel.org; Tue, 03 May 2005 12:32:56 +1000
Received: from curly.its.monash.edu.au (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id 80C28AB542 for <rbridge@postel.org>; Tue, 03 May 2005 12:32:56 +1000 (EST)
Received: from [130.194.252.110] (knuth.eng.monash.edu.au [130.194.252.110]) by curly.its.monash.edu.au (Postfix) with ESMTP id 6521B4FB04 for <rbridge@postel.org>; Tue, 03 May 2005 12:32:56 +1000 (EST)
Date: Tue, 03 May 2005 12:32:56 +1000
From: Greg Daley <greg.daley@eng.monash.edu.au>
To: rbridge@postel.org
Message-id: <4276E2D8.6080609@eng.monash.edu.au>
Organization: Monash University
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
X-Accept-Language: en, en-us
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: greg.daley@eng.monash.edu.au
Subject: [rbridge] Existing issues in root bridge selection for LANs.
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: greg.daley@eng.monash.edu.au, "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2005 02:33:30 -0000
Status: RO
Content-Length: 5258
Hi,
Here's the idea I was thinking about a while ago, which
looks applicable to rbridge. More work needs to be done,
to ensure that the mean path cost is always lower, but
I'd guess it's a fairly good bet to never be worse if
most of the traffic exists the LAN.
Most edge LANs today have the bulk of the hosts' traffic
leaving the LAN through at most one or two ports.
The traffic in many cases is sourced or sunk from devices
in the LAN (it is essentially a stub LAN), and the data
travells to the Internet, or to off-link servers, through
IP routers.
Unmodified Spanning Tree algorithm as implemented in
ethernet switches today will produce a spanning tree,
which is not guaranteed to be one which is anchored
near to the IP routers.
This is because the bridge priority of switches is
typically provided with a default higher order (2) octets of
the Bridge Identifier with a value of 32768.
This means that all switches have the same default
priority, and MAC addresses (as provided in the
lower order bits of the switch's BridgeID),
will be used to break ties between switches.
Therefore unless a manual priority configuration is
provided, MAC switch vendors with the lowest IEEE OUI
will win. When the same IEEE OUI is part of the
bridge Identifier of all participating switches,
the oldest switch (with the lowest sequence within
the OUI) will always be elected as root bridge.
The default settings for the path cost in spanning tree
protocol are symmetric for all systems. This is regardless
of the importance or topological placement of a particular switch.
Other dynamic systems which automatically configure STP bridge
priorities may be useful (such as distance from routers). By
preferring to choose switches closer to egress IP routers,
lower mean path costs would be achieved for devices communicating
through the router, which is a common technique in Internet
connected systems.
As an example, there's a tight mesh of switches on a LAN:
All links are 100mbps, with switches indexed A-L, and
a router R connected through two links to H and L
and queueing delay is negligible.
A---B---C---D
\ \ \ \
E---F---G---H--R
\ \ \ \/
I---J---K---L
Since A has the lowset MAC address, and all link costs
are equal, that means that all costs are calculated
with reference to the distance from those nodes connected
to A.
If we choose the links AB, AE, nodes B and E are connected
to the tree node set [A] with cost c.
EI, EF, BC are then connected to the tree nodes [A,B,E],
with cost c.
The tree-node set is now [A,B,E,I,F,C]. The nearest adjacent
links are: IJ, FJ, FG, CG, CD. Spanning tree protocol
will deterministically choose one of each (tie break being the
mac address). The links FJ, CG and CD are added to the
link set, and the tree-node set is [AB, AE, EI, EF, BC, FJ, CG, CD].
Adding H and K to the set follows the same pattern.
In this case, there are equal cost links, with the links
GK, DH having the lowest origin MAC address.
Subsequently the link HL is added to the spanning tree set.
the Links HR and LR are kept open since the switches H and L
are designated bridges for that LAN segment.
The MST based on A is therefore:
AB, AE, EI, EF, BC, FJ, CG, CD, GK, DH, HL.
A---B---C---D
\ \ \ \
E-X-F-X-G-X-H--R
\ \ \ \/
I-X-J-X-K-X-L
In this case, if traffic for the router is evenly
distributed amongst the switches (My guess is that
it won't, but this will do for now), the mean
distance travelled by packets is proportional to:
Sum k=A to L ( mst_A_cost_distance(k,R) )/ 12
Since we have a uniform set of links.
==> Sum k=A to L (c * mst_A_hops(k,R)) /12
==> c * Sum ..( mst_A_hops(k,R)).
==> c * ( 5 + 4 + 3 + 2 + 6 + 5 + 4 + 1 + 7 + 6 + 5 + 1) /12
Router mean cost MST c * 49/12 == 4.083
Router worst cost (A) = 7
If instead we built the root spanning tree from either of the
switches on connected links from R, we would gain the following
MSTs, and costs:
A---B---C---D
\ \ \ \
E---F---G---H--R
\ \ \ \/
I---J---K---L
Based on H:
HD, HG, HL, GK, DC, GF, CB, FE, FJ, EI, BA.
A---B---C---D
X X X \
E---F---G---H--R
\ \ \ \/
I-X-J-X-K-X-L
Router Mean cost (H) =
c*(5 + 4 + 3 + 2 + 4 + 3 + 2 + 1 + 5 + 4 + 3 + 2)/12
Router Mean cost (H) = c * 3.16
Router Worst cost (H) = 5
A---B---C---D
\ \ \ \
E---F---G---H--R
\ \ \ \/
I---J---K---L
Based on L:
A---B---C---D
X X X \
E---F---G---H--R
X X X \/
I---J---K---L
LH, LK, KJ, HG, HD, DC, GF, JI, CB, FE, BA
== c*(6 + 5 + 4 + 3 + 5 + 4 + 3 + 2 + 4 + 3 + 2 + 1)/12
Router Mean cost (L)= c* 3.5
Router Worst cost (L) = c * 6
As you can see, lower mean path costs are achieved in
this example, when choosing a root anchored close
to the router.
Actual costs are dependent, in this case, on MAC
address placement. Investigation would have to be undertaken
to determine how significant the tie-breaking measures
are..
As an idea though, if a heuristic solution exists which allows
routers to modify their root-bridge preference if they are
adjacent to an IP Router, this would allow selection
of MST-Roots which provide better mean and worst router
trip costs.
Greg
Received: from ALPHA8.ITS.MONASH.EDU.AU (alpha8.its.monash.edu.au [130.194.1.8]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j432GH622900 for <rbridge@postel.org>; Mon, 2 May 2005 19:16:18 -0700 (PDT)
Received: from localhost ([130.194.13.88]) by vaxh.its.monash.edu.au (PMDF V6.2-1 #31112) with ESMTP id <01LNTKJOFAKA9AN6QC@vaxh.its.monash.edu.au> for rbridge@postel.org; Tue, 03 May 2005 12:15:11 +1000
Received: from curly.its.monash.edu.au (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id B7FBBAB545 for <rbridge@postel.org>; Tue, 03 May 2005 12:15:10 +1000 (EST)
Received: from [130.194.252.110] (knuth.eng.monash.edu.au [130.194.252.110]) by curly.its.monash.edu.au (Postfix) with ESMTP id 87F264FB11 for <rbridge@postel.org>; Tue, 03 May 2005 12:15:09 +1000 (EST)
Date: Tue, 03 May 2005 12:14:56 +1000
From: Greg Daley <greg.daley@eng.monash.edu.au>
In-reply-to: <4276CDF2.7060504@sun.com>
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
Message-id: <4276DEA0.8000402@eng.monash.edu.au>
Organization: Monash University
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
X-Accept-Language: en, en-us
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922
References: <p06200716be969e0fac11@[192.168.116.133]> <4276CDF2.7060504@sun.com>
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: greg.daley@eng.monash.edu.au
Subject: Re: [rbridge] Margaret's question about VLANs
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: greg.daley@eng.monash.edu.au, "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2005 02:16:32 -0000
Status: RO
Content-Length: 2596
Hi Radia,
Radia Perlman wrote:
[cut]
> I think there is one optimization I'd propose to make
> dynamic VLANs work better, and which probably we should do anyway, even
> without
> dynamic VLANs, which is to allow configuration of "priority" for an
> RBridge to
> be chosen Root for a spanning tree to be computed from the link state
> database.
> We should have an RBridge R not only inject "I am attached to VLAN A" into
> the link state protocol, but it should also have a configurable
> priority, so that
> it says "I am attached to VLAN A, and I have priority x for being the
> tree root for
> the VLAN A spanning tree". That way, if R keeps "changing its mind"
> about whether
> it's attached to VLAN A (based on whether there are any endnodes
> attached at this
> moment), it will be less disruptive to the VLAN A spanning tree (since the
> root won't be changing). Even without VLANs, where the entire campus is one
> broadcast domain, I could imagine someone wanting to tweak which Rbridge is
> the root of the computed spanning tree (the one for unknown
> destinations, and for
> multicasts).
This actually helps to reduce the total cost of bridging in the spanning
tree where there is assymmetric traffic in the bridged network.
The existing STP doesn't include measurements of traffic flows in its
root bridge calculations.
If there's an RBridge which is likely to be the STP source or sink of a
lot of traffic, I think it's easy to show that even with symmetric
segment cost metrics, the sum of the traffic costs to the exit point is
lower when the entry/exit point is root bridge.
I'd have to revisit the calculation of this, but the idea has been
kicking around for a while. I'll post some of my thinking on this in the
next mail.
> Even if it's not a parameter, I could imagine having an RBridge inject a
> default priority
> if it's hard-configured to be attached to VLAN A, and a different
> default priority if
> its attachment to VLAN A might be transitory (because it's based on what
> endnodes happen
> to be attached).
This is a fair assumption. I'm not sure how IS-IS would do this, but
if it was OSPF, you could have the Designated Router with the lowest
metric (likely to be selected as the best), and the Backup Designated
Router as the next most likely (with a slightly bigger preference
value), for simplicity's sake.
When links went up or down, and an STP recalculation was required, the
routers could advertise their preferences based on their Routing
protocol status within the LAN (and maybe use their 802 MAC addresses
as a tiebreaker).
Greg
Received: from brmea-mail-4.sun.com (brmea-mail-4.Sun.COM [192.18.98.36]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j4316M608113 for <rbridge@postel.org>; Mon, 2 May 2005 18:06:22 -0700 (PDT)
Received: from phys-bur1-1 ([129.148.13.15]) by brmea-mail-4.sun.com (8.12.10/8.12.9) with ESMTP id j4316Li7019048 for <rbridge@postel.org>; Mon, 2 May 2005 19:06:22 -0600 (MDT)
Received: from conversion-daemon.bur-mail2.east.sun.com by bur-mail2.east.sun.com (iPlanet Messaging Server 5.2 HotFix 1.24 (built Dec 19 2003)) id <0IFW00B012NKE0@bur-mail2.east.sun.com> (original mail from Radia.Perlman@Sun.COM) for rbridge@postel.org; Mon, 02 May 2005 21:06:21 -0400 (EDT)
Received: from sun.com (vpn-129-150-26-57.SFBay.Sun.COM [129.150.26.57]) by bur-mail2.east.sun.com (iPlanet Messaging Server 5.2 HotFix 1.24 (built Dec 19 2003)) with ESMTPA id <0IFW0004B32K9D@bur-mail2.east.sun.com> for rbridge@postel.org; Mon, 02 May 2005 21:06:21 -0400 (EDT)
Date: Mon, 02 May 2005 18:06:21 -0700
From: Radia Perlman <Radia.Perlman@Sun.COM>
In-reply-to: <p06200716be969e0fac11@[192.168.116.133]>
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
Message-id: <4276CE8D.9080707@sun.com>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
X-Accept-Language: en-us, en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4.1) Gecko/20031008
References: <p06200716be969e0fac11@[192.168.116.133]>
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: radia.perlman@sun.com
Subject: Re: [rbridge] Margaret's question about VLANs
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2005 01:07:35 -0000
Status: RO
Content-Length: 2015
Margaret Wasserman wrote:
>(2) How will TRILL be compatible with existing (dynamic and
>non-dynamic) VLANs?
>
I was thinking about why it might be relevant how an RBridge learned
that its link
was in VLAN A, whether it was configured, or found out because an endnode
attached (and the endnode knows what VLAN it's in or the RBridge figures it
out based on the endnode's IP address or something?) The current
proposed design
seems compatible with both dynamic and non-dynamic VLANs.
However, now that you mention it, assuming by "dynamic VLAN", you mean
a link that becomes a VLAN A link because a VLAN A node attaches
to it, and stops being a VLAN A link when the endnode goes away),
I think there is one optimization I'd propose to make
dynamic VLANs work better, and which probably we should do anyway, even
without
dynamic VLANs, which is to allow configuration of "priority" for an
RBridge to
be chosen Root for a spanning tree to be computed from the link state
database.
We should have an RBridge R not only inject "I am attached to VLAN A" into
the link state protocol, but it should also have a configurable
priority, so that
it says "I am attached to VLAN A, and I have priority x for being the
tree root for
the VLAN A spanning tree". That way, if R keeps "changing its mind"
about whether
it's attached to VLAN A (based on whether there are any endnodes
attached at this
moment), it will be less disruptive to the VLAN A spanning tree (since the
root won't be changing). Even without VLANs, where the entire campus is one
broadcast domain, I could imagine someone wanting to tweak which Rbridge is
the root of the computed spanning tree (the one for unknown
destinations, and for
multicasts).
Even if it's not a parameter, I could imagine having an RBridge inject a
default priority
if it's hard-configured to be attached to VLAN A, and a different
default priority if
its attachment to VLAN A might be transitory (because it's based on what
endnodes happen
to be attached).
Radia
Received: from brmea-mail-4.sun.com (brmea-mail-4.Sun.COM [192.18.98.36]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j4313m607502 for <rbridge@postel.org>; Mon, 2 May 2005 18:03:48 -0700 (PDT)
Received: from phys-bur1-1 ([129.148.13.15]) by brmea-mail-4.sun.com (8.12.10/8.12.9) with ESMTP id j4313li7017679 for <rbridge@postel.org>; Mon, 2 May 2005 19:03:48 -0600 (MDT)
Received: from conversion-daemon.bur-mail2.east.sun.com by bur-mail2.east.sun.com (iPlanet Messaging Server 5.2 HotFix 1.24 (built Dec 19 2003)) id <0IFW00B012NKE0@bur-mail2.east.sun.com> (original mail from Radia.Perlman@Sun.COM) for rbridge@postel.org; Mon, 02 May 2005 21:03:47 -0400 (EDT)
Received: from sun.com (vpn-129-150-26-57.SFBay.Sun.COM [129.150.26.57]) by bur-mail2.east.sun.com (iPlanet Messaging Server 5.2 HotFix 1.24 (built Dec 19 2003)) with ESMTPA id <0IFW000Y12YA9D@bur-mail2.east.sun.com> for rbridge@postel.org; Mon, 02 May 2005 21:03:47 -0400 (EDT)
Date: Mon, 02 May 2005 18:03:46 -0700
From: Radia Perlman <Radia.Perlman@Sun.COM>
In-reply-to: <p06200716be969e0fac11@[192.168.116.133]>
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
Message-id: <4276CDF2.7060504@sun.com>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
X-Accept-Language: en-us, en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4.1) Gecko/20031008
References: <p06200716be969e0fac11@[192.168.116.133]>
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: radia.perlman@sun.com
Subject: Re: [rbridge] Margaret's question about VLANs
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2005 01:04:29 -0000
Status: RO
Content-Length: 2015
Margaret Wasserman wrote:
>(2) How will TRILL be compatible with existing (dynamic and
>non-dynamic) VLANs?
>
I was thinking about why it might be relevant how an RBridge learned
that its link
was in VLAN A, whether it was configured, or found out because an endnode
attached (and the endnode knows what VLAN it's in or the RBridge figures it
out based on the endnode's IP address or something?) The current
proposed design
seems compatible with both dynamic and non-dynamic VLANs.
However, now that you mention it, assuming by "dynamic VLAN", you mean
a link that becomes a VLAN A link because a VLAN A node attaches
to it, and stops being a VLAN A link when the endnode goes away),
I think there is one optimization I'd propose to make
dynamic VLANs work better, and which probably we should do anyway, even
without
dynamic VLANs, which is to allow configuration of "priority" for an
RBridge to
be chosen Root for a spanning tree to be computed from the link state
database.
We should have an RBridge R not only inject "I am attached to VLAN A" into
the link state protocol, but it should also have a configurable
priority, so that
it says "I am attached to VLAN A, and I have priority x for being the
tree root for
the VLAN A spanning tree". That way, if R keeps "changing its mind"
about whether
it's attached to VLAN A (based on whether there are any endnodes
attached at this
moment), it will be less disruptive to the VLAN A spanning tree (since the
root won't be changing). Even without VLANs, where the entire campus is one
broadcast domain, I could imagine someone wanting to tweak which Rbridge is
the root of the computed spanning tree (the one for unknown
destinations, and for
multicasts).
Even if it's not a parameter, I could imagine having an RBridge inject a
default priority
if it's hard-configured to be attached to VLAN A, and a different
default priority if
its attachment to VLAN A might be transitory (because it's based on what
endnodes happen
to be attached).
Radia
Received: from palrel11.hp.com (palrel11.hp.com [156.153.255.246]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j42IgY614634 for <rbridge@postel.org>; Mon, 2 May 2005 11:42:34 -0700 (PDT)
Received: from cacexg11.americas.cpqcorp.net (cacexg11.americas.cpqcorp.net [16.92.1.67]) by palrel11.hp.com (Postfix) with ESMTP id 4C6E57770 for <rbridge@postel.org>; Mon, 2 May 2005 11:42:22 -0700 (PDT)
Received: from cacexc06.americas.cpqcorp.net ([16.92.1.28]) by cacexg11.americas.cpqcorp.net with Microsoft SMTPSVC(6.0.3790.211); Mon, 2 May 2005 11:41:29 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 2 May 2005 11:41:28 -0700
Message-ID: <83AB0942FD087D499DF2DD5CEE1B6133013CC500@cacexc06.americas.cpqcorp.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [rbridge] Get IEEE 802, RE: (no subject)
Thread-Index: AcVOAGZCFPMLdnfKSmm6uKvYbgQBXQBRB8Gg
From: "Ghanwani, Anoop" <anoop.ghanwani@hp.com>
To: "Developing a hybrid router/bridge." <rbridge@postel.org>
X-OriginalArrivalTime: 02 May 2005 18:41:29.0201 (UTC) FILETIME=[8D9B7E10:01C54F46]
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: anoop.ghanwani@hp.com
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by boreas.isi.edu id j42IgY614634
Subject: Re: [rbridge] Get IEEE 802, RE: (no subject)
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Mon, 02 May 2005 18:44:58 -0000
Status: RO
Content-Length: 1278
> -----Original Message-----
> From: rbridge-bounces@postel.org
> [mailto:rbridge-bounces@postel.org] On Behalf Of Erik Nordmark
> Sent: Saturday, April 30, 2005 8:37 PM
> To: Developing a hybrid router/bridge.
> Subject: Re: [rbridge] Get IEEE 802, RE: (no subject)
>
> Eastlake III Donald-LDE008 wrote:
> > For IEEE 802 standards that are at least six months old and
> for some drafts, free download is available under the "Get
> IEEE 802" program. See http://standards.ieee.org/getieee802/.
>
> Thanks.
>
> 802.1D-2004 talks about the aspects of MAC service (reordering,
> duplication, etc) in section 6.3 which is probably sufficient to
> understand the MAC service. However, the normative reference
> for the MAC
> service is ISO/IEC 15802-1, and it seems like ISO charges
> money for that
> one.
The IEEE specs are republished as ISO specs so that they have
international applicability. The ISO spec will usually have the
corresponding ANSI/IEEE specification number listed. For example,
15802-5-1998 is simply a replublished version of IEEE 802.1G.
I don't what the corresponding IEEE spec is for ISO/IEC 15802-1,
but if you do, and if that has been updated recently by the IEEE,
it would be safe to use the IEEE one as a normative reference.
Anoop
Received: from mailserv.hatterasnetworks.com (mailserv.hatterasnetworks.com [63.89.58.4]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j41DZl609941 for <rbridge@postel.org>; Sun, 1 May 2005 06:35:48 -0700 (PDT)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Date: Sun, 1 May 2005 09:35:41 -0400
Message-ID: <8052E2EA753D144EB906B7A7AA39971402A3B9BD@mailserv.hatteras.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: rbridge Digest, Vol 11, Issue 5
Thread-Index: AcVNty1ZIKY+fv41Shumo9CPq7536gAmyeO6
From: "Matt Squire" <MSquire@HatterasNetworks.com>
To: <rbridge@postel.org>, <rbridge@postel.org>
X-ISI-4-39-6-MailScanner: Found to be clean
X-MailScanner-From: msquire@hatterasnetworks.com
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by boreas.isi.edu id j41DZl609941
Subject: Re: [rbridge] rbridge Digest, Vol 11, Issue 5
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6b3
Precedence: list
Reply-To: "Developing a hybrid router/bridge." <rbridge@postel.org>
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://www.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://www.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
X-List-Received-Date: Sun, 01 May 2005 13:36:22 -0000
Status: RO
Content-Length: 325
All IEEE specifications are available free in electronic PDF form after being published for 6 months. See http://standards.ieee.org/getieee802/.
- Matt
AFAIK one has to pay to access the IEEE 802.1 standards documents, and
googling for the relevant terms seem to find mostly things about some
TRILL BoF :-)
- [rbridge] Separating endnode info from link state… Guillermo Ibáñez