Re: [RRG] incrementally deployable - roundup of proposals

["Stephen Sprunk" <stephen@sprunk.org>]

Thus spake "Robin Whittle" <rw@firstpr.com.au>
> In on-list discussions regarding LISP incremental deployability, two
> solutions have emerged - both of which I think are in principle the
> same as the "anycast ITRs in the core" idea I proposed in mid June
> and which became part of Ivip.
>
> There are no doubt other aspects to incremental deployability, but
> one problem which certainly needs to be solved is reachability
> from non-upgraded networks.  A sending host in a network with
> no ITR needs to be able to successfully send a packet to a
> destination host with an address which is managed by the LISP/
> eFIT-APT/Ivip/TRRP system.

I understood that to be a fundamental requirement of this work; you can't 
call a solution "incrementally deployable" unless upgraded sites are 
reachable from non-upgraded ones.  Fortunately, that seems easy to tack on 
to any of the proposals I've read.  (see below)

> The only way this is going to happen, as far as I can see, is for
> the destination host's address to be part of a BGP advertised
> prefix.  Otherwise, the border router of the sending host's network
> will drop the packet.

It might be the sending host's upstream, but the idea is correct.  If there 
isn't a route in the DFZ to the destination EID, and there's no ITR in the 
path, then the packet won't make it there.

> I think that every end-user network with a LISP-mapped address would
> require continued reachability from non-upgraded networks, so the
> idea of limiting the number of prefixes to 100 or so makes no sense
> to me.  I imagine that any successful ITR-ETR scheme would have
> hundreds to tens of thousands of address blocks, each block, on
> average, containing many "micronets".

In theory, one doesn't necessarily need lots of prefixes to reach millions 
of micronets -- you just need all EIDs to be within a small number of 
aggregate prefixes.

> Dino seems to have a very firm goal with advertised prefixes - to
> radically reduce their number.  My aims are more modest - to be
> happy with a similar or higher number of BGP advertised prefixes
> than there are at present, as long as the ITR-ETR scheme is used
> in a way that many more end-user networks get multihomable and
> portable address space than would be possible with the same
> number of BGP advertised prefixes without the scheme.

I think asking folks to give up existing PI blocks they're using is probably 
a waste of effort, though we can certainly try.  We could definitely ensure 
no new ones were assigned, though, which means the total would gradually 
dwindle over time.  Trying to shrink the routing table is an admirable goal, 
but none of these proposals will make any noticeable progress since the vast 
majority of routes in the DFZ today are PA deaggregates.  There are other 
folks working on solving _that_ problem.

> The addresses which Ivip manages are all part of BGP advertised
> prefixes.  The idea is that there are one or more ITRs outside the
> non-upgraded networks which advertise this prefix, and the packet is
> forwarded to one of these, where it is tunnelled to the ETR of the
> destination host.
...
> I think it can be seen that Eliot arrived at an arrangement for
> LISP-NERD in August which is much the same as Ivip's "anycast ITRs
> in the core".
...
> I think Dino accepted that a similar approach would be needed for
> LISP-CONS to achieve reachability from sending hosts in networks
> without ITRs:
...
> Bill Herrin discussed TRRP reachability from non-upgraded networks:
>
>  http://psg.com/lists/rrg/2007/msg00488.html
>
> This too involves "anycast ITRs in the core" and I think address
> space for each end-user network (a "micronet") being part of larger
> blocks of address space, each of which remains advertised in BGP,
> for as long as there needs to be reachability from non-upgraded
> networks.  For Ivip, this is forever.  For TRRP and perhaps other
> systems, this may not be forever.

Reading all the various proposals and archives of the discussions here, the 
mental model I've come up with is that there would be two types of ITRs: 
ITR-Cs, or ITRs with caches, and ITR-Ds, or ITRs with a full copy of the 
mapping database.

Eventually large end sites and ISP POPs would have ITR-Cs.  If the ITR-C 
encountered an EID it didn't have cached, it'd (a) send a mapping request to 
an ITR-D, either buffering the packet to be forwarded when a response is 
received or dropping it, or (b) forward the packet to an ITR-D (which would 
make it a RETR, I suppose) and hopefully receiving a mapping response back 
which would enable shortcut forwarding.  One could also envision multiple 
layers of ITR-Cs/RETRs, if that ever turns out to be necessary.

However, the initial case (and probably final case, for some parts of the 
'net) is that there won't be ITR-Cs deployed and all packets would end up 
flowing to the (anycast) ITR-Ds.  Overloading or rate-limiting (both of 
which seem likely, for obvious reasons) of those ITR-Ds is the only real 
motivation for deploying ITR-Cs, and in some cases it may not be bad enough 
to bother.  It shouldn't be much of a problem for the first few dozen sites 
that deploy...

The above model seems quite compatible with most of the existing proposals, 
except that it may be merging LISP-NERD and LISP-CONS* into a single LISP. 
Ivip is the main exception, but it already has a similar anycast ITR 
mechanism to what I describe.

(* I'll admit to not understanding LISP-CONS very well; my eyes started 
glazing over when CARs and CDRs were added to ITRs and ETRs -- too many 
moving parts for me.)

S

Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking 



--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg