Difference between translation in LISP vs. Six/One Router -- Re: [RRG] Six/One Router Design Clarifications

[Christian Vogt <christian.vogt@nomadiclab.com>]

Dino,

you wrote:

> I implemented translation in LISP so I am not speculating. What you
> are doing in Six/One is no different than LISP.

No, the two are very different:  LISP translation requires *per-
session state*, whereas Six/One Router translation is *stateless*.

As a consequence of being stateful, LISP translation shares many of
the disadvantages of NATs, which Six/One Router avoids.

I am saying this based on the current specifications of LISP [1], its
translation extensions [2] (section 6), and Six/One Router [3].

Let's be more specific on (1) the reasons why LISP translation
requires state, (2) how Six/One Router avoids state, and (3) which
architectural disadvantages LISP has due to the stateful translation.

I will use the terms "LISP router" and "Six/One router" to describe
tunnel/translation routers in LISP and Six/One Router, respectively.


(1)  Why does LISP translation require state?

Two independent reasons why LISP routers need per-session state:

- EID multiplexing:  LISP routers multiplex a large set of EIDs onto a
  smaller set of locators.  They need the state to demultiplex a
  received locator back to the correct EID.

- Distinguish between tunneled and translated sessions:  To enable a
  transition path from translation to tunneling, hosts behind a LISP
  router must be reachable at both a locator and an EID:
  Correspondent hosts in legacy edge networks must contact a locator
  (via one LISP router), and correspondent hosts in upgraded edge
  networks should contact an EID (via two LISP routers).  The
  necessary implication of this is that correspondent hosts in
  upgraded edge networks will able to contact hosts in upgraded edge
  networks at two address types, locators and EIDs.  LISP routers
  must therefore be able to decide whether an egress packet exiting
  their edge network should be tunneled or translated.  This is
  important because the packet's source address, when eventually
  delivered to the correspondent host, will be different depending
  on whether the packet is tunneled or translated:  If the packet is
  tunnled, its source address will be an EID upon packet delivery.
  If the packet is translated, its source address will be a locator.

  LISP routers need state to decide whether an egress packet should be
  tunneled or translated, because the egress packet alone has
  insufficient information to make this decision.  This state must be
  per session.

  http://users.piuha.net/chvogt/misc/why-lisp-is-stateful.pdf

  The link above is to a slide that illustrates the need for state in
  LISP routers:  Host A, located in an upgraded edge network, can be
  reached at two addresses -- at an EID (ABC::1) via tunneling, or at
  a locator (1000::1) via translation.  Correspondent host B can use
  either address because it is also in an upgraded edge network.
  Independent of which address correspondent host B uses, the address
  seen by host A is EID ABC::1.  So return packets from host A to host
  B won't hold any information based on which the LISP router on host
  A's edge network could decide whether the return packets should be
  tunneled or translated.  Consequently, LISP routers must memorize
  whether a session is tunneled or translated at the time they receive
  the first ingress packet of that session.  This requires per-session
  state.


(2)  How does Six/One Router avoid state?

- Six/One routers do not multiplex multiple EIDs onto a single
  locator.  Hence no state is needed to demultiplex a received
  locator back onto the right EID:  The right EID can be
  unambiguously determined based on the received locator.

- Six/One routers do not need to decide whether packets should be
  tunneled or translated, because packets are always translated.
  How this translation is specifically performed is described in
  section 2.4 of [3].


(3)  Which architectural disadvantages does LISP have due to the
     stateful translation?

- Limited host reachability:  Since the locators that LISP translators
  are using for a given host are not stable (since they are
  allocated dynamically on an on-demand basis), it is difficult to
  reach these hosts.  You cannot place the locators in DNS.  (FWIW,
  the original NAT-PT had the same issue, and this was one of the
  reasons to deprecate it.)  Six/One Router provides unlimited host
  reachability because hosts have stable locators.

- Need for synchronization:  The LISP routers of a given edge network
  must synchronize their state in order to allow for fail-over and
  load balancing.  Without state synchronization, active sessions
  would break when handed over from one LISP router to another.
  Six/One routers don't have to be synchronized because they are
  stateless.


So much, so good.  Needless to say:  I'll be very happy to answer any
remaining questions, be it on this list, throughout the ongoing IETF
meeting, or later during the RRG session.  Don't hesitate to ask.

- Christian


[1] http://tools.ietf.org/html/draft-farinacci-lisp
[2] http://tools.ietf.org/html/draft-lewis-lisp-interworking
[3] http://users.piuha.net/chvogt/pub/2008/vogt-2008-six-one-router-design.pdf



--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg