[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RRG] Re: TRRP implementation path concerns

To: "Brian Dickson" <briand@ca.afilias.info>
Subject: [RRG] Re: TRRP implementation path concerns
From: "William Herrin" <bill@herrin.us>
Date: Thu, 21 Feb 2008 23:03:22 -0500
Cc: "Routing Research Group" <rrg@psg.com>
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=leNLH9PN5XCPiDNPvHZnJtRrCSkwmx8FNVOFLscS0Ra1WZHCvp3oFmVm7evbokWn5hH/1IfNeRXtCQjutd00irYO/4pfrZIZWNzOczsxbfs3x3GnGIFWNhArMbRl3UxjEYsF0BlrBHtsYG44kkCmmlkGZj3ZNxER+BIKbnzsJKk=
In-reply-to: <47BE25A4.2060507@ca.afilias.info>
References: <47B655F7.7080703@firstpr.com.au> <3c3e3fca0802152036n5066d1fl2504b931fbdff22e@mail.gmail.com> <47BC2489.5060400@firstpr.com.au> <3c3e3fca0802200821k66d3bd89nc4d0e3ab14510da4@mail.gmail.com> <47BCCFCF.2030302@firstpr.com.au> <3c3e3fca0802202323q7d976b42n6b09861750d2953b@mail.gmail.com> <47BDF92D.7080001@ca.afilias.info> <3c3e3fca0802211538y6c751f3cyfec0a1a8f71b4085@mail.gmail.com> <47BE25A4.2060507@ca.afilias.info>

On Thu, Feb 21, 2008 at 8:30 PM, Brian Dickson <briand@ca.afilias.info> wrote:
>  There's a few big gotchas, for sure:
>
>  Phase 5 stick - many/most TLD DNS servers are anycast in IPv6, with PI
>  /48's. (I know because it is my day job :-))
>  So, filtering *those* is going to be a non-starter. Circular
>  dependencies are bad, especially if they are DNS.

Hi Brian,

I believe that's true of f-root's IPv4 /24 as well. This topic is
addressed elsewhere in the TRRP documentation but it bears repeating
there: address space supporting DNS servers in the trrp hierarchy must
remain in the BGP table, in what TRRP calls "Globally Routeable (GR)
space." In fact, the ITR specifically deals with the case where it is
asked to find an ETR for a DNS request in the TRRP hierarchy.

This means that as other /24's and /48's are withdrawn, those specific
ones must remain.

>  The requirement on DNS involving UDP might not fly - what about servers
>  doing TCP only

Only a recursive request from an ITR to an external resolver is
required to use UDP but the use of only UDP throughout is *strongly*
encouraged. TCP answers are slower coming and anycast TCP is not
stable.

>  or those with large RR sets?

The TRRP TXT result set is constrained to fit within a 512 byte
payload and the ITR has specific instructions for how to interpret a
truncated result. Since this allows at least 15 ETR entries for a
given EID I don't see it as a serious problem. Surely by the time
there are 15 ways in to your network, you can justify a place in the
BGP table?

>  What about EDNS0?

Optional.

> DNSSEC?

Optional.

>  Then there is the big question about the "first" ITR. Who gets that
>  contract, and what are the terms?

Anybody who wants to bid on it. If no one else bids, I will and I'll
throw a box in a data center on some Cogent bandwidth. That's the
beauty of starting small.

The terms are that the space is registered to the end-users, not to
the contractor, and that a basic minimum throughput must be honored
regardless of whether the space's registrant subscribes. The latter
can be considered the entry fee for the bidding process.

>  What happens if that party turns out to be another SCO? Or gets bought
>  by MS or one of their stooges?

1. Contract renewals. The space isn't allocated to that company; they
just provide a service related to it, one that can be transferred to a
new contractor and than any other AS can internally preempt with their
own ITR.

2. The contract doesn't preclude similar contracts covering other
network space should there be sufficient demand.

3. The contract doesn't preclude some savvy ISP setting up a
competitive service using space that is in fact allocated to them.

>  Remember, for the first while, the ITR operator will be a monopoly, and
>  how they behave has a huge impact
>  on the long-term success of TRRP, as well as possibly the ability for
>  other parties to operate ITRs.

Too true. But then wise stewardship is ARIN's job and overall they've
done well. At some point I'll have to wander over to PPML and seek
more detailed comment on whether this is something they can reasonably
do for us. I briefly chatted up one of the board members about it back
at ARIN XX. I didn't go into any detail but I got a generally positive
response.

Regards,
Bill Herrin

-- 
William D. Herrin herrin@dirtside.com bill@herrin.us
3005 Crane Dr. Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

References:
- [RRG] Map-encap space for "server" vs. "client" end-users?
  - From: Robin Whittle <rw@firstpr.com.au>
- [RRG] Re: Map-encap space for "server" vs. "client" end-users?
  - From: "William Herrin" <bill@herrin.us>
- Re: [RRG] Re: Map-encap space for "server" vs. "client" end-users?
  - From: Robin Whittle <rw@firstpr.com.au>
- Re: [RRG] Re: Map-encap space for "server" vs. "client" end-users?
  - From: "William Herrin" <bill@herrin.us>
- Re: [RRG] Map-encap space for "server" vs. "client" end-users?
  - From: Robin Whittle <rw@firstpr.com.au>
- Re: [RRG] Map-encap space for "server" vs. "client" end-users?
  - From: "William Herrin" <bill@herrin.us>
- Re: [RRG] Map-encap space for "server" vs. "client" end-users?
  - From: Brian Dickson <briand@ca.afilias.info>
- Re: [RRG] Map-encap space for "server" vs. "client" end-users?
  - From: "William Herrin" <bill@herrin.us>
- [RRG] TRRP implementation path concerns
  - From: Brian Dickson <briand@ca.afilias.info>

Prev by Date: [RRG] How to Incrementally Deploy APT
Next by Date: [RRG] Re: The Map-Encap "third party" problem
Previous by thread: [RRG] TRRP implementation path concerns
Next by thread: [RRG] The Map-Encap "third party" problem
Index(es):
- Date
- Thread