[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Revised e2e multihoming ID



Ran;

> >> If router vendors had a knob that enabled separation of
> >> location/identity
> >
> > Separation of locatioin/identity itself does not require any
> > modification on routers.
> 
> Please point us towards your online I-D that describes the
> above approach.

As I revised my ID just before the deadline, it is attached.

The revision is on source address selection as follows:

   Note that policy based selection of a source address is incompatible
   to the end to end principle, because it must be selected as the
   destination address by the policy of the other end of the
   communication using information local to the other end of the
   communication.  With so much asymmetric routing of the Internet
   today, proper destination address to reply can not be guessed by the
   querier.

   Thus, DNS query should be modified to carry all the addresses of
   clients and servers should try from the most favorable to the least
   ones, based on locally available information such as metric in intra
   domain full routing table.

   Any source address may be selected.

   However, to enable source address filtering to discard packets with
   source addresses not belonging to an ISP, it is useful to enable a
   host, not some intelligent intermediate router, select a source
   address compatible with an outgoing ISP.  For that purpose, intra
   domain routing protocols should maintain routing table entries with
   not only preference values of an external routes, but also proper
   prefixes to be selected for source addresses, if the entries are
   chosen by a host.

						Masataka Ohta
--






INTERNET DRAFT                                                   M. Ohta
draft-ohta-e2e-multihoming-03.txt          Tokyo Institute of Technology
                                                           November 2002

               The Architecture of End to End Multihoming

Status of this Memo

   This document is an Internet-Draft and is subject to all provisions
   of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet- Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

Abstract

   This memo describes the architecture of end to end multihoming.  End
   to end multihoming does not burden routing system for multihoming.
   That is, even extensive use of end to end multihoming does not
   increase the number of entries in a global routing table.

   Traditionally with IPv4, multihoming capability is offered by an
   intelligent routing system, which, as is always the case with
   violating the end to end principle, lacks scalability on a global
   routing table size and robustness against link failures.

   On the other hand, with end to end multihoming, multihoming is
   supported by transport (TCP) or application layer (UDP etc.) of end
   systems and does not introduce any problem in the network and works
   as long as there is some connectivity between the end systems.

   Because end to end multihoming is performed in end systems, the
   architecture needs no routing protocol changes Instead, APIs and
   applications must be modified to some extent.




M. Ohta                  Expires on May 1, 2003                 [Page 1]

INTERNET DRAFT           End to End Multihoming            November 2002


1. Introduction

   Multihoming is a way for hosts have robust connectivity to the
   Internet.  Traditionally with IPv4, multihoming has been offered
   through intelligence of routing system, that is, the end to end
   principle has been ignored.

   However, as discussed in section 2, with the explosive deployment of
   the Internet, as is always the case with intelligent networking, IPv4
   style multihoming was revealed its lack of scalability and
   robustness.

   Instead, multihoming can be supported based on the end to end
   principle by assigning multiple addresses to an interface of a host
   and let end systems choose an appropriate address at the transport or
   the application layer.

   To support the end to end multihoming, no change is necessary on
   routing protocols. Instead, APIs and applications must be modified to
   detect and react against the loss of connection.  In case of TCP
   where there is a network wide agreement on the semantics of the loss
   of connectivity, most of the work can be done by the kernel code at
   the transport layer, though some timing may be adjusted for some
   application. However, in general, the condition of "loss of
   connectivity" varies application by application that the multihoming
   must directly be controlled by application programs.

   With IPV6, there is a partial effort of end to end multihoming that
   it is of course that an interface has multiple addresses.

   However, because the principle of the end to end multihoming is
   recognized merely subconsciously and because the current routing
   architecture violates the end to end principle in various ways as a
   result of partial attempt to avoid the lack of scalability of routing
   table size, there are a lot of attempts:

      to keep the APIs and application programs as is

      to modify routing system intelligent to let it automatically offer
      end to end multihoming

   which makes IPv6 multihoming as bad as that of IPv4.

   This memo describes why multihoming by intelligent routing system is
   harmful, how the current routing architecture is damaged and how the
   APIs and the applications should be modified to implement the end to
   end multihoming.




M. Ohta                  Expires on May 1, 2003                 [Page 2]

INTERNET DRAFT           End to End Multihoming            November 2002


2. Multihoming by Intelligent Routing System is Harmful

2.1 Routing Table Size

   See IAB Network Layer Workshop.

2.2 Lack of Robustness

   With route aggregation, routing information can be carried only for
   an aggregated area that a loss of connectivity for a part of the area
   can not be detected.

   For example, if a multihomed site with multiple subnets has a single
   global routing table entry, and if a site is partitioned, only a part
   of the partitioned can be reached with the global routing table
   entry.

   A solution is to let all the subnets of the site (or, ultimately,
   hosts) individually have global routing table entry, scalability of
   which is so absurd that no one bothers to try.

3. The Problems of Current Routing Architecture

   End systems (hosts) are end systems. To make the end to end principle
   effectively work, the end systems must have all the available
   knowledge to make decisions by the end systems themselves.

   With regard to multihoming, when an end system want to communicate
   with a multihomed end system, the end system must be able to select
   most appropriate (based on the local information) destination address
   of the multihomed end system.

   However, some think it of course to separate routers and nodes and
   let hosts not have routing information (which means the current IPv6
   architecture is broken) and, worse, let most routers use default
   routes.

   With detailed route information, end systems can use the information
   as a hint to select the best destination address.  However, with
   default route, end systems have no idea on what is the best address
   and must blindly try all the possibilities at random.

   It was partly because full routing table was large and was not be
   able to be held in a chip on end systems and partly because hosts
   should not be affected by routing protocol changes.

   In the past, IPv4 address was not assigned with hierarchy and scale
   of integration was small.



M. Ohta                  Expires on May 1, 2003                 [Page 3]

INTERNET DRAFT           End to End Multihoming            November 2002


   But, with smaller full routing table and larger scale of integration,
   there is no reason not to have full routing table on every end
   system.

   As there are a lot of routers used in LAN or even in home, it is not
   so meaningful that we don't have to upgrade software on hosts, if we
   have to upgrade software on routers.

   The situation is worse with multicasting.  For example, IGMP, which
   separates routers and nodes, is a total nonsense as IGMP has been
   revised several times upon multicast routing protocol changes.
   Moreover, all the legacy multicast routing protocols use intelligent
   routing system to deliver group specific information and does not
   scale. Multicast architecture must be redone with the end to end
   principle in mind. SM (Static Multicast) proposed by the Authors is
   such a proposal but latter proposals (such as "simple multicast" or
   "AS based static allocation") modified it without understanding the
   underlying end to end principle and are useless.

   Once a full routing table is available on all the end systems, it is
   easy for the end systems try all the destination addresses, from the
   most and to the least favorable ones, based on the routing metric.

   Note that end to end multihoming works with the separation between
   inter domain BGP and intra domain routing protocols, if BGP routers,
   based on domain policy, assign external routes preference values
   (metric) of intra domain routing protocols.

   One may still be allowed, though discouraged, to have local
   configuration with dumb end systems and an intelligent proxy. But,
   such configuration should be implemented with a protocol for purely
   local use without damaging the global protocol.

4. Modifications on APIs and Applications

   With TCP, applications must be able to pass multiple addresses to
   transport layer (e.g. BSD socket). All the other processing can be
   performed by transport layer (typically in kernel) using default or
   application specific timing of TCP.

   TCP itself must be modified that all the possible addresses of a host
   is transmitted to its peer through a TCP option. TCP connections are
   identified with all the addresses constitute an identical connection.

   Without TCP, applications must be able to detect loss of connectivity
   in application dependent way and try other addresses by themselves or
   tell transport layer to do so.  Applications must still be able to
   pass multiple addresses of the destination to transport layer (e.g.



M. Ohta                  Expires on May 1, 2003                 [Page 4]

INTERNET DRAFT           End to End Multihoming            November 2002


   BSD socket) to receive a packet to alternative addresses sent from
   the other end of the communication.

   The easiest way for applications know all the addresses of the
   destination is to use DNS. With DNS reverse, followed by forward,
   lookup, applications can get a list of all the addresses of the
   destination from an address of the destination.

   Note that policy based selection of a source address is incompatible
   to the end to end principle, because it must be selected as the
   destination address by the policy of the other end of the
   communication using information local to the other end of the
   communication.  With so much asymmetric routing of the Internet
   today, proper destination address to reply can not be guessed by the
   querier.

   Thus, DNS query should be modified to carry all the addresses of
   clients and servers should try from the most favorable to the least
   ones, based on locally available information such as metric in intra
   domain full routing table.

   Any source address may be selected.

   However, to enable source address filtering to discard packets with
   source addresses not belonging to an ISP, it is useful to enable a
   host, not some intelligent intermediate router, select a source
   address compatible with an outgoing ISP.  For that purpose, intra
   domain routing protocols should maintain routing table entries with
   not only preference values of an external routes, but also proper
   prefixes to be selected for source addresses, if the entries are
   chosen by a host.

   With DNS, it is also required that DNS reverse lookup works properly.
   But, as the reverse lookup is the mechanism to delegate IP addresses,
   the requirement is no more demanding than assigning valid IP
   addresses.

   A problem is that locally scoped address (IPv6 link and site local
   addresses) can not be used for reverse look up. Use of 8+8 addressing
   proposed by one of an Author with globally unique IID (Internet ID)
   and ILOC (Internet Locator) is strongly encouraged. With 8+8
   addressing, DNS reverse lookup can be performed with IID part only.

   Note that 8+8 proposal must not be confused by latter proposal of
   routing goof by Mike O'dell, which is a proposal to use intelligent
   routers to rewrite source addresses to prevent source address
   spoofing and to tunnel between intelligent routers for pseudo
   multihoming, both of which are against the end to end principle and,



M. Ohta                  Expires on May 1, 2003                 [Page 5]

INTERNET DRAFT           End to End Multihoming            November 2002


   thus, lacks robustness and/or scalability.

5. Conclusions

   For robust and scalable multihoming, IPv6 separation of nodes and
   routers must be removed and the transition to the end to end
   multihoming should occur with the transition to IPv6.

   The modification is not so difficult, because most of the
   applications, which must be modified for IPV6 anyway, use TCP only
   and most of the UDP applications are DNS, which already tries all the
   addresses, or multicast capable ones, which are hopeless.

   One may argue that we can't further delay the transition to IPv6
   merely because of a random proposal on multihoming.

   Then, it is a good idea to start another transition, separated from
   ones with legacy IPv6, by allocating a new address prefix of IPv6
   address space for the end to end multihoming with 8+8 addressing.

   It is important to make the end to end principle work by keeping the
   number of top level routing prefix under the new address prefix small

   Politics of address space allocation may be avoided if those who are
   allocated IPv6 address space with the current prefix are
   automatically allocated corresponding address space with the new
   prefix.

   It should be noted that, because of the end to end nature, the
   architecture can be implemented purely on end systems without
   modifying routing functionality of existing IPv4 or IPv6 routers.

6. Security Considerations

   The author believes there is no special security concern.

7. Author's Address

   Masataka Ohta
   Graduate School of Information Science and Engineering
   Tokyo Institute of Technology
   2-12-1, O-okayama, Meguro-ku, Tokyo 152-8552, JAPAN

   Phone: +81-3-5734-3299
   Fax: +81-3-5734-3299
   EMail: mohta@necom830.hpcl.titech.ac.jp





M. Ohta                  Expires on May 1, 2003                 [Page 6]