[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] thoughts on the design space 4: encapsulate vs. translate

To: tony.li@tony.li
Subject: Re: [RRG] thoughts on the design space 4: encapsulate vs. translate
From: "William Herrin" <bill@herrin.us>
Date: Sat, 26 Jul 2008 09:28:29 -0400
Cc: "Dino Farinacci" <dino@cisco.com>, "Jari Arkko" <jari.arkko@piuha.net>, rrg <rrg@psg.com>
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=jaY3QG0Z05lTk+IBbyS4Pmxg4Dtt3Z7tfwDN3gSTA+jBt7yxZGBwlADyM8+4PFy+h3 XPBMhTVrVdTP4bINjoIOqKnRSzLL0i4DwBFnQvG1epdMy4gn2SPnAcPeRMMXQncT/g0y UKmm3QEM2LYjVwQRDasx6JrCcgVW1EtDh8knQ=
In-reply-to: <4C77E445E7F8493289C76FD9A7868CEB@ad.redback.com>
References: <4888745E.4050305@piuha.net> <7219F621-11D2-4201-B977-9A30DB11B510@cisco.com> <3c3e3fca0807251423q6f2b5631qf625a5cf0f668d5@mail.gmail.com> <840066FA-CE6B-4877-8967-CF443DB6299A@cisco.com> <0061301F395341D6813EEC4C70FBB55A@ad.redback.com> <0B4D6BFA-236A-4611-BD89-2FEA2AD0E369@cisco.com> <076965F0417C43B086AB51B0CB62E7E5@ad.redback.com> <3c3e3fca0807252108w2f841ec5p43d50cc57ed66b49@mail.gmail.com> <4C77E445E7F8493289C76FD9A7868CEB@ad.redback.com>

On Sat, Jul 26, 2008 at 1:52 AM, Tony Li <tony.li@tony.li> wrote:
> |1. You don't do a lookup for every packet; you do a lookup for the
> |first packet in a time-bounded series. That's true for both the
> |query-cache map proposals and the DNS.
>
> True, I should have said for each connection...

Hi Tony,

It isn't even per connection. It's per time-bounded series which is
likely to include many connections as necessary to complete a "visit"
by the person at the origin. A web server doesn't have a big cache of
recently-looked-up addresses. A hypothetical ITR does.

At least one map-encap approach take this a step further: a supply of
bare, non-multihomed and highly-aggregated network addresses remains
available on the Internet. In theory at least, applications and
servers requiring brief, anonymous connections can make use of this
supply, relying on map-encap only for the direction that must remain
stable over time.

> But that's no reason to be rude about it.

Apologies. Was not intended that way.

> The issue, IMHO, isn't the delay, it's the scalability, especially in front
> of hot spots like Google.  In these cases, it would make sense to have a
> hybrid mapping, where we can install full mappings at hot spots.

If we use DNS for our example assume that nearly all packet flows have
performed a DNS lookup at the client side in order to find the server
then  we're talking about tripling the load on the DNS system. Find me
a DNS op who doesn't believe the DNS system can readily expand to
serve triple the load.

On the flip side, the first connection is held open longer than normal
while the ITRs complete lookups. This has an impact on the web and
other servers. However, such connections are in the syn/synack stage.
So, the problem fits neatly into the generic syn-flood DOS attack
problem which is already solved.

Regards,
Bill

-- 
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

References:
- [RRG] thoughts on the design space 4: encapsulate vs. translate
  - From: Jari Arkko <jari.arkko@piuha.net>
- Re: [RRG] thoughts on the design space 4: encapsulate vs. translate
  - From: Dino Farinacci <dino@cisco.com>
- Re: [RRG] thoughts on the design space 4: encapsulate vs. translate
  - From: "William Herrin" <bill@herrin.us>
- Re: [RRG] thoughts on the design space 4: encapsulate vs. translate
  - From: Dino Farinacci <dino@cisco.com>
- RE: [RRG] thoughts on the design space 4: encapsulate vs. translate
  - From: "Tony Li" <tony.li@tony.li>
- Re: [RRG] thoughts on the design space 4: encapsulate vs. translate
  - From: Dino Farinacci <dino@cisco.com>
- RE: [RRG] thoughts on the design space 4: encapsulate vs. translate
  - From: "Tony Li" <tony.li@tony.li>
- Re: [RRG] thoughts on the design space 4: encapsulate vs. translate
  - From: "William Herrin" <bill@herrin.us>
- RE: [RRG] thoughts on the design space 4: encapsulate vs. translate
  - From: "Tony Li" <tony.li@tony.li>

Prev by Date: [RRG] GLI-Split
Next by Date: Re: [RRG] Mapping Distribution and Management: contribution for comments
Previous by thread: RE: [RRG] thoughts on the design space 4: encapsulate vs. translate
Next by thread: Re: [RRG] thoughts on the design space 4: encapsulate vs. translate
Index(es):
- Date
- Thread