[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Happiness; lack thereof

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: [RRG] Happiness; lack thereof
From: Michael Meisel <meisel@cs.ucla.edu>
Date: Thu, 06 Mar 2008 15:30:39 -0800
Cc: Routing Research Group <rrg@psg.com>
In-reply-to: <E6631878-A9A1-4D00-A9DB-D714961F44F2@muada.com>
References: <E6631878-A9A1-4D00-A9DB-D714961F44F2@muada.com>
User-agent: Thunderbird 2.0.0.12 (Macintosh/20080213)

Hi Iljitch, thanks for a great post, I think it's really important webring our discussion back up to higher-level issues like this if we'regoing to make progress. See my comments below.


Iljitsch van Beijnum wrote:

After a hiatus in reviewing drafts/proposals, I've been reading theLISP-APT draft.


I think you mean LISP-ALT. :-D

Implicit mapping requests should be considered harmful. Don't hiderelevant information. The correlation between the need to send packetsover the third infrastructure and lack of mapping state is not equal to1, so treating the result of one as the other is a bad idea. ITRs knowwhen they need to send mapping requests, so they should do soexplicitly. This way, the mapping database doesn't have to dounnecessary work and a modicum of data and control plane separation ismaintained.

This is worth exploring, but, in APT at least, there is no time that anITR requests a mapping from a default mapper without also requesting apacket to be forwarded on its behalf. So it seems unnecessary.

Depending on return packets to indicate problems, such as the addressfor an ETR becoming unreachable, an ETR becoming unreachable or adestination "behind" and ETR becoming unreachable is way too dangerous.Path MTU discovery does this and it works quite poorly in practice. At aminimum, unreachables will be rate limited. They may also fail to begenerated, be filtered or spoofed.

Though APT relies on return packets to indicate problems, I think we'veaddressed a number of these issues. First of all, we use normal IPpackets for this purpose, so filtering is unlikely. The destinationaddress for such packets comes from the mapping database, and the sendercryptographically signs these packets. The info that went into themapping database was also cryptographically verified. So spoofing shouldbe very difficult. Since it's part of the APT protocol, I don't see whythese packets are any less likely to be generated than a BGP withdrawaltoday.


-Michael

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

Follow-Ups:
- Re: [RRG] Happiness; lack thereof
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: [RRG] Happiness; lack thereof
  - From: "William Herrin" <bill@herrin.us>

References:
- [RRG] Happiness; lack thereof
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: [RRG] Happiness; lack thereof
Next by Date: Re: [RRG] comments on IVIP Conceptual Summary and Analysis documents
Previous by thread: [RRG] Happiness; lack thereof
Next by thread: Re: [RRG] Happiness; lack thereof
Index(es):
- Date
- Thread