[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [RRG] arguments for map and encap

To: "'Templin, Fred L'" <Fred.L.Templin@boeing.com>, "'David R Oran'" <oran@cisco.com>, "'Christian Vogt'" <christian.vogt@nomadiclab.com>
Subject: RE: [RRG] arguments for map and encap
From: "Tony Li" <tony.li@tony.li>
Date: Wed, 21 May 2008 19:21:55 -0700
Cc: "'Michael Meisel'" <meisel@cs.ucla.edu>, "'Dan Jen'" <jenster@cs.ucla.edu>, "'Routing Research Group Mailing List'" <rrg@psg.com>
In-reply-to: <39C363776A4E8C4A94691D2BD9D1C9A1029EE0B0@XCH-NW-7V2.nw.nos.boeing.com>
References: <481FAF17.10607@cs.ucla.edu> <9E8A7A7A-928D-4EF1-84B8-0329AA8AE795@nomadiclab.com> <1C587CBA-FC4C-4140-9D10-3F2CFF0958D7@cisco.com> <C5FC6D5C-CA9C-4C3C-AFC5-9492962C96B0@nomadiclab.com> <674C8452-2D94-4E5A-A7B7-08BED26EF132@cisco.com> <39C363776A4E8C4A94691D2BD9D1C9A1029EE0B0@XCH-NW-7V2.nw.nos.boeing.com>
Reply-to: <tony.li@tony.li>


Fred, 

|>Quarantining is a special form of buffering where you need to  
|>rendezvous the buffered packet(s) with a particular set of 
|>state which  
|>arrives asynchronously and possibly delayed by a significant amount.  
|>This is not nearly as simple as buffering for ARQ-like protocols, or  
|>for QoS purposes. It's in the same class IP fragment reassembly in  
|>that there is a whole class of state-based attacks that need to be  
|>considered as well as the inability of any hardware-based forwarding  
|>scheme I know of to handle this without punting to a control plane.  
|>Some protocols, like ARP, ussually do quarantining in hosts, but  
|>dropping in routers.
|
|I'm not quite seeing this as in the same class as IP fragment
|reassembly; IP reassembly is like putting together a patchwork
|quilt based on whatever oddly-shaped scraps the network throws
|at you. But, if every component is identically sized and shaped
|its as easy as stacking coins. Routers have been doing that
|in fast path since the ATM days, haven't they?


In part, you are correct.  The quarantining that Dave mentions need not
reorder the incoming flow.  However, it must effectively buffer the entire
flow for a considerable amount of time.  Typically routers have fast-path
buffering today that is on the order of 50-400ms.  Depending on the actual
mechanisms involved to resolve a mapping entry, I'd posit that one might
need to quarantine traffic for up to 10x that amount of time.  This should
be on the same order of magnitude as resolving a DNS query.  Storing full
flows in active components would be VERY expensive and even the aggregate
bandwidth into disk arrays would be non-trivial.

This is, in part, why I very much liked the idea of putting mapping lookups
in parallel with DNS lookups: if you can resolve the mapping prior to the
data flowing, then this issue is reduced.

Tony


--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

References:
- [RRG] arguments for map and encap
  - From: Michael Meisel <meisel@cs.ucla.edu>
- Re: [RRG] arguments for map and encap
  - From: Christian Vogt <christian.vogt@nomadiclab.com>
- Re: [RRG] arguments for map and encap
  - From: David R Oran <oran@cisco.com>
- Re: [RRG] arguments for map and encap
  - From: Christian Vogt <christian.vogt@nomadiclab.com>
- Re: [RRG] arguments for map and encap
  - From: David R Oran <oran@cisco.com>
- RE: [RRG] arguments for map and encap
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>

Prev by Date: [RRG] Arguments against Transport, Translation & Six/One Router
Next by Date: RE: [RRG] Arguments against Transport, Translation & Six/One Router
Previous by thread: RE: [RRG] arguments for map and encap
Next by thread: Re: [RRG] arguments for map and encap
Index(es):
- Date
- Thread