[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RRG] Re: TRRP's micronet length specification?



Hi Bill,

Thanks for explaining why in TRRP the initial map request only
returns the ETR for that destination address, not any further
information about the micronet of adjacent addresses which might
have the same mapping information.

You wrote:

> The reason TRRP doesn't immediately act on netmask information 
> contained in the EID response is that the ITR can't authenticate
> the netmask without an additional query. This lesson was learned
> from a Bind "cache poisoning" problem in the late '90s where a
> hacker's DNS server would return "additional" records for which
> it was not authoritative and the caching resolver would accept
> those records uncritically.

This would make sense to me if the nameserver which was
authoritative for the micronet was sometimes or always different
from the nameserver which is authoritative for a single IP address
within that micronet.

However, I don't see a reason why this would be the case.

Let's say end-user E has been assigned a prefix of space, which I
call a User Address Block (UAB) - 11.22.33.16/28.  They can do what
they like with the mapping of this space, including dividing it into
as many micronets as they like, right down to 16 micronets, each of
a single IP address.

A micronet is a contiguous range of address space with the same
mapping information.  In Ivip, neither the UAB or micronet need be
prefixes, but in this example they are, because I understand this is
the case with TRRP.

Here we see a little of nearby UABs of other end-users.

            End-user Micronet

  11.22.33.14  D     ] Some micronet of D's.
  11.22.33.15  D     ]

  11.22.33.16  E        ] E's micronet X.
  11.22.33.17  E        ]
  11.22.33.18  E        ]
  11.22.33.19  E        ]

  11.22.33.20  E           ] E's micronet Y.
  11.22.33.21  E           ]
  11.22.33.22  E           ]
  11.22.33.23  E           ]

  11.22.33.24  E              ] E's micronet Z.
  11.22.33.24  E              ]
  11.22.33.26  E              ]
  11.22.33.27  E              ]

  11.22.33.28  E              ]
  11.22.33.29  E              ]
  11.22.33.30  E              ]
  11.22.33.31  E              ]

  11.22.33.32  F     ]  Some micronet of F's.
  11.22.33.33  F     ]

I think it is reasonable to assume that E would use the one
authoritiative nameserver for its whole UAB - all 16 IP addresses.
However, maybe there would be some reason not to do this.

I can't imagine a reason the end-user could not be required to run
the same nameserver for all the addresses of any micronet they define.



An ITR queries the mapping for 11.22.33.27.  In LISP-ALT, as I
recall, the answer comes back with some one or more ETR addresses
and a specification that this mapping applies for the entire EID
prefix 11.22.33.24/29.

Isn't it reasonable to require end-users to use a single mameserver
for each micronet they define?  If so, then I think you can build
your TRRP protocol so the initial mapping response also returns the
full details of the micronet, as does LISP.

   - Robin


--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg