[10:59:38] --- leslie-ietf has joined [11:51:39] --- dthaler has joined [11:56:13] --- iljitsch has joined [11:59:10] --- leslie-ietf has left [11:59:51] --- rhe has joined [12:02:37] --- touch has joined [12:02:58] --- touch has left [12:04:01] I'm jabber scribe [12:04:05] someone is taking minutes [12:04:11] --- gih900 has joined [12:04:12] --- touch has joined [12:04:17] --- touch has left [12:05:01] tony li: our charter is to make one proposal or recommendation, so we want to start converging into that direction but the floor is still open to new proposals [12:05:06] --- rvdp has joined [12:05:15] --- shikob has joined [12:05:45] dave meyer: are we going to develop objective criteria to sort this out? [12:06:02] tli: we have a document on design goals and one on taxonomy [12:06:25] --- jgs@jabber.org has joined [12:06:37] dm: maybe we have to develop a methodology for this [12:06:59] --- touch has joined [12:07:10] tli: presenters of proposals will hold those proposals up to goals and there will be criticial discussion [12:07:25] --- presnick has joined [12:07:32] --- benno@jabber.secret-wg.org has joined [12:07:42] --- dcrocker has joined [12:07:46] someone at the mike: lixia and I talked about this but... [12:07:57] tli: mailinglist is open [12:08:39] (these jabber notes aren't going to be very good, I can hardly hear the people at the mike and nobody is saying their name) [12:08:54] there will be a list of proposals [12:09:08] tli: everything is still on the table, not taking them off the table just yet [12:09:13] also look at the wiki [12:09:21] --- leslie-ietf has joined [12:10:23] slide says: [12:10:31] start driving towards convergence march 08 [12:10:39] attain rough consensus via debate etc [12:10:43] conclude by march 09 [12:11:13] jari arkko: still questions about whether things can work in practice [12:11:40] geoff juston: we've been here before with multi6 [12:11:58] we tried to take proposals and create a more general architecture from that [12:12:07] then classify proposals in terms of that architecture [12:12:17] --- presnick has left [12:12:19] --- washad has joined [12:12:29] don't think wiki summery is going to cut it here, things are deep and complex [12:12:41] need to evaluate in a consistent architectural framework [12:13:00] tli: agenda bashing [12:13:20] agenda for friday has much LISP [12:14:00] simon schuetz, node identtity internetworkng architecture [12:14:03] up now [12:14:19] --- resnick has joined [12:14:52] niia is not: [12:14:59] not purelay a routing architecture [12:15:03] not ITR-ETR based [12:15:08] not transparent for end-hosts [12:15:13] not incremental update to bgp [12:15:19] it is not unifiying the network layer [12:15:21] it is: [12:15:25] new internetworking arc h [12:15:29] id/loc split approach [12:15:41] framework for netw routing approaches [12:15:57] accepting the existence of different networking technologies: v4, v6, even 3G [12:16:17] everything is a "node" [12:16:23] with a hip-like crypto identifier [12:16:32] nodes are interconnected and have locators [12:16:50] nodes are grouped in locator domains [12:17:15] NID routers bridge bettween LDs [12:17:55] node identities are ~ public key [12:18:15] node identity forwarding tag (NIFT) is fixed length has of NID [12:18:36] one or small number of core LDs [12:18:47] other LDs hang off of the core [12:19:07] registration based default routing mechanism [12:19:14] open to other routing schemes [12:19:32] joel helpern: how central to your proposal is the core/hanging off idea? [12:19:50] nervous with having a center [12:20:14] simon: is relatively static [12:20:25] effects of LD concept: [12:20:34] don't have to unify on one networking technlogoy [12:20:43] locators don't have to have meaning outside locator domain [12:20:56] hides LD internal structure from outse LD [12:21:14] mobility can be localized [12:22:00] (please look at "default routing overview" slide) [12:22:35] nodes register their NID/NIFT [12:22:57] to all NRs (don't know what those are) in the path towards the core [12:23:22] --- pellepolis@gmail.com has joined [12:23:33] first-hop NID router takes care of the rest [12:23:44] so node only registers there [12:24:52] again, see slides [12:27:46] --- benno@jabber.secret-wg.org has left [12:28:08] --- benno has joined [12:28:24] (explanation of packet flows going on) [12:28:32] forwarding options: [12:28:41] no per-session or per-comm-pair state [12:28:53] NID header must be present in each packet, follwoing IP header [12:29:13] cointains dstNIFT dstHint, srcNIFT, srfHint [12:29:20] possibly more, can get large [12:29:58] I think he's saying the header can later be suppressed but it says "must be present in every packet" on the slide.... [12:30:11] oh wait, the above was stateless approach [12:30:21] in stateful approach you install state and then... [12:30:37] anonymous on the mike: [12:30:49] how does network mobility work? [12:30:56] simon: no answer at this time [12:30:59] Eric Fleischman on the mic, FWIW. [12:31:11] other routing approaches are possible [12:32:58] global naming system: [12:33:11] in niia source node must lookup dest NIFT, dest hint [12:33:22] (sorry slides are going a bit fast now) [12:33:28] node mobility: [12:33:36] mobi expected at edges [12:33:39] --- badra has joined [12:33:49] intra-LD mobi can be handled inside LD [12:34:00] inter-LD requires re-registration of node [12:34:21] NR within the core LD can serve as "home agent" [12:34:53] --- badra has left [12:35:01] network mobility: [12:35:12] requires NR(s) of the moving network reregister [12:35:20] also update node registrationinformation [12:35:30] easy with recursive registration scheme or in batch mode [12:37:26] open design issues: [12:37:38] niia is not a routing protocol as such [12:37:52] routing hint lookup ssystem, depends on the nature of the routing hint [12:37:54] (...) [12:38:01] prototype [12:38:13] based on HIP implementation [12:40:36] see the draft and two other references in the slides [12:40:56] question that I didn't understand [12:41:34] another question that I didn't follow [12:42:01] simon is done [12:42:04] If you're referring to my question it was to establish that this proposal is (at least) a proposal for a new internetwork later [12:42:06] layer [12:42:19] next up: sheng jiang, hierarchical routing architecture [12:43:01] jgs: yes, seems that way with IP on top to be backward compatible [12:43:18] LDs sound a lot like OSPF areas [12:43:28] sheng jiang: [12:44:01] refers to issues coming out of routing/addressing workshop [12:44:37] hourglass diagram with IP layer veering off into identifier and locator parts [12:45:14] there are other approaches like shim6, HIP, LISP, ENCAPS, HLP [12:45:22] iljitsch: I'd say that with with IP - optionally - underneath, not on top. Maybe it depends on which way up you hold your diagram... [12:45:26] HRA is id/loc split solution [12:45:52] multiple LD domains (I think, LD is singular on the slide) [12:46:31] jgs: hm yes in the packet underneath but I'd say conceptually on top [12:46:52] sj: reuse of addresses in different LDs [12:47:05] --- tom5760@gmail.com has joined [12:47:15] hierarchical host identifier tag: combo of management domain ID and has of host identifier = public key [12:47:23] hiearchcical mapping system [12:47:30] HIT as the lookup key [12:48:06] 2-level hierarchical routing [12:48:10] inter-ld and intra-ld [12:48:22] locator domain border routers exchange LD reachability info [12:48:34] LDBRs only store LD-ID based routing info [12:48:41] internal routers do prefix-based routing [12:49:41] see slide for packet flow overview [12:52:14] --- benno has left [12:54:56] flat host identifier taqg [12:55:01] has scalability issues [12:55:20] hierarchical host identifier tag [12:55:33] combinationo f management domain id and hash of HI [12:55:37] easier manangement [12:55:51] --- benno has joined [12:55:51] allows for highly efficient lookup system [12:56:31] again missed a question at the mike [12:56:51] sj: we have duplication detection mechanisms in ipv6 [12:57:25] each locator domain is relatively small, no way to deploy a global duplication detection mechanism, but within an LD it's possible [12:57:58] hierarchical mapping system [12:58:08] --- nm has joined [12:58:18] each management domain which may cover multiple LDs has at least one local mapping server [12:58:34] --- nm has left [12:58:53] --- arifumi has joined [12:58:57] lookup requests for non-local MDIDs are forwarded to remote locator domain and come from the mapping server there [12:59:32] --- arifumi has left [13:01:43] --- washad has left: Computer went to sleep [13:01:48] routing table size in all routers will be greatly reduced [13:01:59] --- arifumi has joined [13:02:01] stability improved, reusable locator space [13:02:15] supports communication between heterogenous networks [13:02:26] management of global HIT space becomes practical [13:03:03] opne issues: ld managment, merge and split [13:03:08] routing policy [13:03:12] incremental deployment [13:04:13] question about end system identifiers: [13:04:25] if I move I need to change that identifier? [13:04:30] how do people find me? [13:04:43] answer: no, you change your registration in the mapping system [13:05:25] q: there can be billions of entries [13:05:35] a: you have a home mapping server [13:05:42] --- jgs@jabber.org has left: Replaced by new connection [13:05:47] q: so standard mobility [13:06:01] another questioner: [13:06:11] can't understand it [13:06:22] audio is way too low and I'm sitting next to the door to the kitchen [13:06:56] answer: when you move you don't change your identity, only your locator [13:07:06] q: my name is still based on my own country [13:07:15] a: when you move you keep your citizenship [13:07:23] another questioner: [13:08:08] you're basically replacing the network layer [13:08:38] up next: [13:08:47] christian vogt, the path to six/one [13:09:13] we've known for a long time that there's something wrong with interdomain routing scalability [13:09:18] why is change so hard? [13:09:26] because we need a good transition path [13:09:58] on the mailinglist we've seen that there is a transition path for 6/1 and in this talk I'll talk more about that [13:11:13] address bunch: routing prefix + crypto interface id (= ipv6) [13:11:23] routers may rewrite soruce address [13:11:34] host recognizes and adapts [13:12:33] see slide for diagram [13:15:55] --- sftcd has joined [13:16:33] routers don't rewrite addresses before session establishment to preserve backward compatibility [13:18:27] transition path: [13:18:28] --- havard.eidnes has joined [13:18:36] small routing table, less frequent table updates [13:18:45] packet flow redirection ability [13:18:49] reduced renumbering costs [13:18:57] hosts cna influence path selection [13:19:00] --- jpc has joined [13:19:08] light-weight ipv6 crypto [13:19:13] cross-layer optimization [13:19:23] deployment flexibility and backward compatbility [13:19:43] --- nm has joined [13:20:36] --- nm has left [13:21:07] new transition tools [13:21:17] proxiies run 6/1 on behalf of host [13:21:36] translators (???) [13:26:31] --- pellepolis@gmail.com has left [13:26:38] (explanation of proxy operation details, plz see slides) [13:31:55] proxies are used to interface legacy host with 6/1 [13:32:42] translators are used to communicate with remote legacy hosts (6/1 agnostic at the other end) [13:33:07] proxy and translators can ben combined for v4 support [13:34:25] six/one proxy can redirect/map/translate addresses to bridge ipv6 to ipv6 [13:34:32] sorry ipv6 to ipv4 [13:34:39] and vice versa [13:35:38] v4 gateways interconnect v6 edge networks via v4 internet [13:36:18] v4 gateway operation explained in detail... (see slides) [13:37:02] --- havard.eidnes has left [13:37:32] conclusions: three techniques to improve transition path [13:37:34] --- jgs@jabber.org has joined [13:37:55] --- rhe has left [13:38:08] higher deploymnet flexibiliyt, benefits legacy hosts, backward compatibility with v4 [13:38:16] --- jgs@jabber.org has left [13:38:42] --- jgs@jabber.org has joined [13:38:44] flexible, arbitrary composition, depending on need [13:38:58] reusabel for v4 to v6 transtions [13:39:04] many people at the mik [13:40:03] cv: allow the host to be v6 gateway (allows transition to v6 ) [13:40:33] cv: need transition to complete v6 address space [13:40:56] question: need for solution with less work, don't see thsi in this solution [13:41:18] cv: it is an automatic solution [13:41:23] jari at mike [13:41:35] avoid host changes by using proxy [13:42:11] cv : it does require changes , but not in neighbor discover [13:42:23] need for dhcp [13:42:48] --- sftcd has left: Computer went to sleep [13:42:57] I was at the mic first; asked why proxies/translators/gateways would work here when they haven't for v6 for the many years now. The answer appears to be that this solution provides more options to the end host; IMO, that's a step in the opposite direction of what's needed. (repeated here for the archive) [13:42:58] another comment by jari [13:44:07] is the pain bad enough for these solutions? [13:44:19] (pain in the routing infrastructure) [13:45:15] jari: comment, liked 6/1 in its original proposal, but now tries to do all other things others also do [13:45:48] cv: back to earlier question, dhcp, [13:46:02] other solution with preconfig [13:46:14] missed name at the mic [13:46:20] dow street [13:47:06] --- trond has joined [13:47:27] dow street: question the length/range of influence of a host on the routing ? [13:48:09] cv: the edge network needs the ability to do traffic engineering. [13:48:55] when edge network does not need traffic engineering, the host is in charge to routing [13:49:06] derryl? at mic [13:50:17] question: are you concerned about the amount of state a proxy has? some domains are large ... [13:50:23] cv: don't think so [13:50:37] similar to ingress router [13:51:42] does failure of proxy impact on session? [13:51:47] cv: yes, it does [13:51:59] (same for ingress tr) [13:53:31] one more comment by cv [13:53:49] transition path is long if we go as derryl pointed out. [13:54:17] we should do transition net sequential, but at the same time [13:54:38] derryl say, that the time frames could last for ever [13:55:48] next speaker, petri jokela, integrated six/on HIP implementation [13:56:17] there is a six/one implementation, now combining this with HIP [13:56:23] functions quite similar [13:56:52] intergrating six/one into hip to maximize reuse [13:56:54] --- rhe has joined [13:57:11] diffrerent, no traffic eningeering in HIP [13:57:27] HIP basics: associated settup [13:57:59] hist identity associated with one or more IP addresses [13:58:23] applications see only HI, IP address for routing [13:59:08] SA created during 4-way handshake, currently ESP [13:59:22] (SA security association) [13:59:50] comparing functionality six/one-hip [13:59:59] --- arifumi has left [14:00:15] in six/one six req. identified [14:00:17] --- arifumi has joined [14:00:26] ip address conf, exists in hip [14:00:35] ip address selection, does not [14:00:47] florw rediriection, does not [14:00:57] address ownership, exists in hip [14:01:05] ip address mapping, exists [14:01:13] context establishment, exists [14:01:21] IP configuration [14:01:58] HIP: SPI based on interface (small modification to HIP) [14:02:11] IP address selection [14:02:21] --- touch has left [14:02:40] flow redirection [14:03:07] HIP basically end-host protocol: not hip related, a new function in the router [14:03:15] end host related: [14:03:32] Address ownership [14:03:47] HIP : host identities, reachability exists [14:03:57] IP address mapping [14:04:15] HIP: host identities on upper layers [14:04:30] HIP: IP-> host identity conversion already done [14:04:42] Context establishment [14:04:59] HIP: Base exchange -> HIP association [14:05:12] (authentication of hosts, ip address exchange) [14:05:28] summary: six/one implementation [14:05:44] basedd on current HIP for BSD http://hip4inter.net [14:05:52] implementation started [14:06:04] required modifications are small [14:06:23] onl major is address rewriting in the network [14:06:45] question christian vogt [14:06:56] one lsides mentioned cga [14:07:31] cga is public key authentication,but not necessary in six/one (is clarification by cv) [14:08:00] next speaker fred templing, boeing [14:08:21] simple protocol for robust tunnel endpoint mtu determination [14:08:52] mtu determination problem, explanation by figure [14:08:56] see slides [14:09:33] different mtu allong the path to destination [14:10:06] tunnel mtu issues, ipv4 path mtu discovery has limitations for tunnels [14:10:34] e.g. packets too big, results in undiagnosable black hole [14:10:52] unmitigated IPv4 fragmentation is harmful [14:11:53] challenge: tne cannot blindly send big packets into the tunnel with dont fragment = 0 [14:12:05] set of goals on slide [14:12:36] robust, maximize deliviery ration, manage fragmentation, avoid in-the-netwokr fragmentation [14:12:43] ... [14:12:52] Solution: SPRITE-MTU [14:13:07] UDP echo service for MTU discovery [14:13:10] --- tom5760@gmail.com has left [14:13:22] softstate management to track tunnel parameters [14:13:30] explicit congestion notification [14:13:43] imporoves operating conditions, [14:13:59] relevant elements of normative specifications [14:14:07] rfc2003 [14:14:18] and just must the other (see slide) [14:14:48] configuration knob for fragmentable outer packets [14:15:41] avoid tfe receive buffer overrun, and avoid/minimize fragmentation on the TNE->TFE path [14:16:06] setting the configuation knob [14:16:25] setting DF: DF=1 in all packets large than threshold, [14:16:43] set DF=1 even if TNE fragments packets beofre sending [14:16:52] may set DF=0 to incread pdr [14:17:12] send big packets into tunnle [14:17:24] --- rvdp has left [14:17:34] set DF=1, but also send PTB back to source [14:17:51] what if it might be fragmenting? [14:18:07] if probe size is smaller, relax pacing [14:18:35] soft state management protocol [14:18:56] TNE creates soft state send to TFE [14:19:06] TFE send reply [14:19:25] TNE sends sprite using TFE's currint sprite address [14:20:02] sprite-mtu checksum sums every 10th byte of hte packet using the Fletcher-16 algorithm [14:20:11] --- dcrocker has left [14:20:24] explicit congestion notification [14:20:48] TNE sets ECT(0) or ECT(1) codepoints in its sprites [14:21:19] --- peetu has joined [14:21:30] Futures, IEEE 802.3as frame expansion proposes large than 1500 MTUs for 802.3 links [14:21:45] larger, EMTU_Rs for tunnel endpoints [14:21:56] gigabit ethernet 9kb jumboframes [14:22:00] todo: [14:22:20] some encapsulation dangerous with any level of outer fragmentation [14:22:28] (e.g., Teredo) [14:22:48] solution (UDP fragmentation for teredo) [14:23:24] other thing to do: use ICMP echo request/reply as fallback if TFE does not implemnet sprite-mtu [14:23:45] iljitsch at mic [14:24:33] what kind of MTU will send hosts to each other over the tunnel with different MTUs in between [14:24:47] at end points is MTU 1500 [14:25:12] in the tunnel no large than MTU 1500 minus encapsulation overhead [14:26:04] what happens with 1500 byte packet, and tunnel header must be added, what happens? [14:26:34] than packet size is to large, and should be set smaller [14:26:53] --- resnick has left: Lost connection [14:27:29] next question by iljitsch [14:27:57] if we go to an ITR solution, is it acceptable to create these blackholes? [14:28:22] or do we require people to run ITR use jumbo frames. [14:28:48] answer, if you run ITR, it is suggested you used 2k MTUs [14:29:03] tony li: any other topics for discussion? [14:29:08] --- peetu has left [14:29:12] --- shikob has left [14:29:25] tony li: ok, it closed, see you all friday morning [14:29:39] --- benno has left [14:29:45] --- arifumi has left [14:31:57] --- gih900 has left [14:34:41] --- iljitsch has left [14:45:37] --- trond has left [14:45:48] --- jgs@jabber.org has left [14:46:00] --- leslie-ietf has left [15:04:43] --- jpc has left [15:11:39] --- dthaler has left [16:06:00] --- dthaler has joined [16:24:04] --- gih900 has joined [17:00:56] --- benno has joined [17:01:47] --- benno has left [18:03:08] --- gih900 has left [18:15:53] --- dthaler has left: Replaced by new connection [18:16:39] --- gih900 has joined [18:30:29] --- gih900 has left [23:07:20] --- Tony Li has joined [23:12:12] --- Tony Li has left [11:55:57] --- iljitsch has joined [12:00:42] --- arifumi has joined [12:01:15] --- Doug Hantula has joined [12:01:20] /subject RRG friday morning, all LISP all the time [12:02:44] --- mohsen has joined [12:02:59] --- Joe Touch has joined [12:03:04] --- trond has joined [12:04:09] --- eliot.lear has joined [12:04:17] hello [12:04:23] i'll be your jabber scribe [12:04:24] hi [12:04:26] hi eliot [12:04:29] thx! [12:04:31] thank you [12:04:38] if you have a question you would like voiced, please preface it with MIC: [12:04:51] there is limited time, and so tony and lixia will probably limit questions [12:05:02] I'll do backup if Elliot goes to the mic. [12:05:09] thanks, joe! [12:05:11] --- bhoeneis has joined [12:05:11] thx Joe [12:05:26] tony has brought the meeting to order [12:05:33] the LISP "extravaganza" is about to begin [12:05:35] dino is up front [12:06:11] I hear Dino [12:06:26] --- rhe has joined [12:06:36] this is a delta update from the Chicago RRG [12:06:57] presentation agenda bashing! [12:07:19] we're dropping NERD, EMACS, and CONS presos [12:07:28] this should leave more time for discussions [12:07:46] who got the URL of Dino's presentation (Tutorial) of yesterday? [12:08:14] added mobility section to the text [12:08:25] any mobile-ip & mipv6 can run on top of LISP [12:09:03] hundreds of reviewers at this point [12:09:08] building a negative mapping entry [12:09:26] this means that the destination prefix is not LISP capable [12:09:48] inter-router links are at 4470, so don't worry about MTUs [12:10:01] --- mtjabber has joined [12:10:18] new udp port number 4341 [12:10:24] this removes a data check [12:10:44] simplified data plane [12:10:53] reduced the nonce 48 to 32 bits [12:11:13] packet format now up on screen [12:11:25] locator reachability bits are now 32 bits [12:11:35] format of control plane packets haven't changed [12:11:48] inside header built by host. outside header built by ITR [12:12:01] --- xiaohunhun has joined [12:12:15] clarified use of UDP checksums [12:13:16] not checksumming [12:13:33] Lars: you could use UDP light which is there just for this purpose [12:13:45] tim shepherd: required in ipv6 because ipv6 has no checksum [12:14:06] dino: we have much bigger fish to fry [12:14:21] lars: ok, but we need to work this out- violating rfcs isn't a nice thing to do [12:14:31] R-bit added to map-reply [12:14:47] "i want to use ones that are local v. ones that are in the header" [12:14:58] now moving on to database designs [12:15:44] if you build a network based solution, the main problem is that the packet comes to a box, and if you don't have the mapping state, you can drop and "arp", you can queue the data until you get a reply (not scalable), or you can send the data and make the data part of the request [12:15:50] everyone is split on this issue [12:15:57] --- nm has joined [12:15:58] many say dropping packets is not bad [12:16:04] others say "every packet is precious" [12:16:40] --- lars.eggert@googlemail.com has joined [12:16:44] where do you put the mapping, where do you find it? do you push? or do you pull it only on demand? use secondary storage? [12:16:51] how do you prevent dos attacks? [12:17:12] keith moore: who controls it? how does it get paid for? how do you keep it out of the control of unsavory governments? [12:17:23] dmm: can we leave policy until later? [12:17:28] dino: agree [12:17:45] keith: these things interact. i don't want to drill down into policy now, but you should be thinking about it now [12:17:53] dmm: (repeats same question) [12:18:02] keith: let's not repeat ourselves [12:18:13] chair: rathole [12:18:41] --- shikob has joined [12:18:51] we're not talking about a bunch of mappings, just due to time constraints [12:19:07] the new one is LISP-ALT and it fits with 1.5, and we'll talk about it today [12:19:30] we added LISP-EMACS - multicast-based. [12:19:52] we are going to backburner some proposals... [12:20:07] all have some of the same assumptions [12:20:23] subscription-based mapping [12:20:40] locator reachability kept out of the databases [12:20:47] don't depend on any other security design or infrastructure [12:22:08] cons and nerd are control-plane based [12:22:17] data plane- 1.0, ALT, EMACS [12:22:32] --- benno has joined [12:22:35] ALT & EMACS use alternate topologies [12:23:02] prototyped mobility design [12:23:35] jari: [12:23:38] were there host changes? [12:23:41] dino: no [12:23:46] just lisp itr and etr changes [12:24:31] this doesn't require host routes - but does require more state in the ETR [12:24:46] we're putting the design on the shelf now, because there are a lot of unresolved issues [12:24:57] --- nm has left: Replaced by new connection [12:24:58] --- nm has joined [12:24:58] (like security) [12:25:07] we'll talk about interworking later [12:25:25] in a lisp site, we want to be able to detect a non-lisp site [12:25:32] what addresses do we use for each? [12:25:36] darrell will go into details [12:25:40] open policy for LISP [12:25:46] it's been a year since RAWS [12:25:53] loc/id split has been around for 10 years [12:25:56] or more [12:26:02] this is not a cisco only effort [12:26:21] cisco has invited juniper and we've spoken to host vendors [12:26:33] cisco has no ipr [12:26:43] --- intvelt has joined [12:26:57] on lisp, that is [12:27:01] we want implementors [12:27:04] we want interoperability [12:27:16] we learn more about interoperability through deployment [12:27:24] we need a lot of research analysis [12:28:13] (we're having an animation moment with the slides) [12:28:19] lisp-cons [12:29:13] when an itr gets a packet, it sends a request up a hierarchy to the authoritative edge, and the edge replies with a map reply [12:30:02] nerd [12:30:04] push model [12:30:13] needs memory [12:30:27] there will never be a cache lookup miss in the itr [12:30:52] --- Simon Leinen has joined [12:31:06] now looking at projects for memory requirements for NERD [12:31:30] now moving on to ALT [12:31:34] Vince Fuller taking over [12:32:16] alt, what it is, where it came from, how it differs from CONS and why [12:32:18] and example [12:32:39] design goals: [12:33:15] are these slides on the net? [12:33:44] i don't think so [12:34:15] minimal memory impact on ITRs [12:34:31] initial data takes a longer stretch path while the mapping is being resolved [12:34:40] avoid latency in having to retransmit [12:35:03] allow infrastructure players to achieve new revenue source [12:35:25] alt is similar is a hybrid push/pull model [12:35:42] summary information is pushed out to large parts of the infrastructure, but the mappings are pulled on demand [12:35:57] --- john.zhao has joined [12:36:31] --- taiji-k has joined [12:36:43] cons was the invention of a whole new set of protocols [12:36:51] alt is built with GRE and BGP [12:37:49] we allow initial data packet to be routed over the overlay. [12:38:11] --- benno has left [12:38:44] because the alt topology is not expected to be used for high capacity data flows, one could build it out of linux boxes [12:39:09] assumption remains that EID space is assigned hierarchically [12:39:17] ITRs and ETRs connect at the edge [12:39:28] original proposal calls for ITRs and ETRs to run BGP [12:39:43] we want to be able to support the edge WITHOUT bgp [12:39:59] who runs ALT routers? [12:40:08] ISPs, IXCs, RIRs, neutral parties? [12:40:56] jari: does that aggregation mean that you are bound to your identifier provider? [12:42:10] dino: there will be an example [12:42:31] christian vogt: [12:42:37] the best attach is within a provider [12:42:54] vince: but that attachment isn't a physical attachment [12:43:04] --- dthaler has joined [12:43:10] hold this discussion for transition/coexistence [12:43:57] GRE and BGP operation [12:44:11] ETRs at edge of the network [12:44:27] think of them as CPEs that advertise into the network [12:44:50] ITRS learn EID prefixes via BGPO or ALT routers or use "default" [12:45:29] map requests are forwarded into the lat via first hop ALT routers [12:45:39] LAT routes map request to ETR who "owns" EID prefix [12:45:47] possible to send data over the LAT [12:46:20] LAT = LISP Alternate Topology [12:46:58] again, with the hierarchy the edge LAT routers aggregate upwards with strict hiearchy [12:47:18] now example on the screen [12:48:19] --- nm has left [12:48:36] (i'm not attempting to translate the graphic into jabber) [12:49:18] when a packet reaches an ITR, say 240.0.0/1 -> 240.1.1.1 which are identifiers [12:49:49] ITR wraps the packet into a LISP packet, uses the destination EID in the OUTER header [12:49:57] then forward the packet to the first edge alt router [12:50:30] that packet then uses BGP to route the packet to the edge ETR that has specific prefix information for 240.1.1.1 [12:51:00] ETR knows destination, unwraps, and forwards the packet [12:51:04] it also sends a map reply [12:52:16] now LISP-EMACS [12:52:22] dino speaking [12:53:10] --- dmm613@gmail.com has joined [12:53:22] can we reduce state by just advertising state for tree roots [12:53:27] (via multicast) [12:53:33] hash EID to a multicast group [12:54:15] prototype status [12:54:38] --- vaf has joined [12:54:42] --- swb has joined [12:54:52] 240/4 support, "gean mapping" for multicast [12:55:27] terms variants of LISP are not adding value. let's talk about how the mappings work with LISP [12:55:29] --- jan has joined [12:55:44] so forget 1 1.5 2 3 and consider LISP with ALT or something else as a mapping [12:55:53] right now we [12:55:59] are working on the alternative topology [12:56:22] so implement ALT in a different VRF... [12:56:48] VRF technology is extremely powerful [12:57:13] It was really amazing how easy it was to get ALT running [12:57:37] we want to focus on LISP-ALT because a low amount of effort will give us a lot of gain [12:58:27] and because approaches like EMACS have potentially serious design problems ... but it would be great if someone fixed them [12:58:43] now on the scren is the test topology [13:00:08] we have a mailing list now: lisp-interest@lists.civil-tongue.net [13:00:12] we have basic interworking simply based on what's in the alt topology and what's not [13:00:13] please sigh up [13:00:38] trying not to use iBGP at all [13:01:33] next steps [13:01:39] deeper dive into ALT [13:01:40] more testing [13:01:50] think more about security mechanisms [13:01:56] think more about hybrid models [13:02:06] w/ NERD; w/ CONS [13:02:35] note that ALT inherits whatever security mechanisms exist for GRE+BGP... that may be seen as a feature or a bug, depending on one's point of view... [13:02:38] Dave, what's the signup procedure? lisp-interest-request? [13:02:53] we're hoping to push mobility off, and should mobility be solved at layer 3 at all? [13:03:00] what happens if there is deaggregation? [13:03:15] think more about aggregation and anti-entropy [13:03:34] I think send an email to majordomo@lists.civil-tongue.net with subscribe in the body [13:03:40] let me know if that works [13:04:12] we're thinking about how LISP can assist IPv4<>IPv6 interwork [13:04:30] status of pilot deployment [13:04:43] we're taking names for external pilot [13:05:01] want to test multiple implementations [13:05:26] start deployment in March [13:05:27] jari: [13:05:35] what is the purpose of this experimentation [13:05:57] we have a number of different alternative techniques. what works better than something else? [13:05:57] Dave: Yep, that seems to be the one, thanks! [13:06:24] we need to talk about what are the things we want to test within the RRG? [13:06:34] great. Lucy just put up the list for us this am, so I wasn't sure [13:07:01] dino: yes, we always hit a point where we have to decide to go deep [13:07:11] jari: i'm asking for a plan within the rrg [13:07:21] dave thaler: [13:07:59] q about the prototype, when communicating from the lisp site from a non lisp site, [13:08:37] did you assume that the table was only a complete table of sites that had lisp enabled? [13:08:39] dino: yes [13:09:21] (fast exchange between dave thaler and dino: what did you prototype) [13:09:52] kevin fall; [13:10:40] jari brought up the notion that there will be EID providers that you'll then be attached to instead of the underlying IP address [13:10:51] dino: it's imperative that the coupling be loose [13:11:20] if an RIR is going allocate an EID, it will aggregate [13:11:41] kevin: you don't need to aggregate [13:11:50] dino: we think aggregation is important [13:12:12] tim shepherd: is there code? [13:12:19] dino: not so much from cisco. [13:12:55] (?) at mic: lisp can do anything, doesn't depend on EID being an IP address [13:13:24] Elliot at mic: NERD doesn't aggregate at all. Worst case for ALT is the state you have for NERD. [13:13:35] thanks joe! [13:13:52] darrell lewis now presents interworking [13:15:30] now- lisp inteworking models [13:15:47] picture on screen [13:15:51] my 2nd question to dino (the "fast exchange" eliot referred to) was basically that in the test example there was no hierarchy, if you have hierarchy where the ITR doesn't have a complete table, what do you do in the prototype with a packet destined to a non-lisp site: drop, queue, or forward? answer was apparently: haven't gotten that far, today prototype assumes complete table. [13:16:23] (compete table of the LISP sites that is) [13:16:45] a lisp-R site is where the space is in both of the systems [13:16:56] lisp-NR is not routable in the dfz [13:17:02] Dave: Do you mean ... what if a site is not reachable by LISP but the LISP announcement includes it in an including prefix? [13:17:11] if you make every site a lisp-R site then transition is easy! [13:17:32] but that will lead to a soup of non-aggregatable addresses in the DFZ [13:17:51] (can someone take over jabbering for a few minutes?) [13:18:31] proxy tunnel routers (PTRs) [13:18:34] originate EID prefixes [13:18:41] no. what if the destination address is in a non-lisp site. does the ITR automatically know that, or does it have to send a map-request to find out whether it's in a lisp site? and if the latter, what happens to the data packet, is it dropped, queued until it finds that there's no mapping, or is it forwarded with the map request to a default place which has to decapsulate and forward? [13:18:52] encapsulates traffic and the routes on RLOC [13:19:34] no hard state [13:19:50] you want to place near the source of the traffic [13:20:03] traffic is asymmetrical [13:20:39] you get closest exit routing after encap if the PTR is close to the source [13:20:51] (jabber scribe stepping out for a moment) [13:21:19] (taking over temporarily as scribe) [13:21:24] return traffic does not go back through PTR [13:21:42] fred templin: isn't 6to4 relay router basically the same thing? [13:21:46] answer yes [13:22:01] PTR is a misnomer sort of since it doesn't proxy it is a remote encapsulator [13:22:04] LISP-NAT [13:22:32] two cases: non-routable global EIDs to non-LISP, and 1918 private EIDs talking to other sites [13:23:20] public side of NAT is PA EID space, private side is site pool LISP-NR [13:23:33] --- csp has joined [13:23:44] christian vogt: routable EIDs, are they PI? [13:24:16] answer is someone using PI space today probably would not remove them from the global routing table today [13:24:24] CV: so how do you reduce the routing table? [13:25:09] thanks dav! [13:25:11] DF: we'd have to make then NR sites and have them withdraw it, there's no magic here. if they get the features of lisp, they could remove it [13:25:40] --- bert has joined [13:25:41] limitation of cost [13:25:52] (christain vogt) [13:26:08] it looks quite costly because you need to participate in two new topologies [13:26:17] the proxy topology and the LAT [13:26:36] you want a proxy tunnel close to legacy site and there is no motivation for that [13:27:09] dino: ptr is in the infrastructure where you can take advantage of aggregation, and you want to have enough of them that you distribute the load [13:28:06] darrell: you can start with one or two and all traffic will sync to that when it is advertised [13:28:17] of course that has lots of stretch but you have to start somewhere [13:28:33] but the deployment models need to be discussed [13:28:50] (robin's questions now being asked) [13:29:15] --- gih900 has joined [13:30:25] --- benno has joined [13:30:31] there could be security benefits by putting negative cache entries into the ptrs [13:30:33] jari: [13:30:52] differentiate between technical capabilities versus motivations for doing so [13:31:05] why would i as an end site do this? [13:31:11] darrell: [13:31:19] an end site doesn't have to run bgp [13:31:41] and sites could do a lot of this without running bgp [13:31:48] dino: [13:31:53] jari: [13:31:57] don't forget pi space [13:31:59] dino: [13:33:24] having a jabber problem. am i still connected? [13:33:30] yes [13:33:32] thanks [13:33:33] I see you [13:34:15] ?: as the number of LISP sites grow, these things would have to do more and more work [13:34:28] what is the motivation at mid-level? [13:34:39] and in core [13:34:46] I mean, top-level alt routers [13:35:31] darrell: the good news is that decap is harder than encap, and so we're on the right side of the equation there [13:35:53] dino: let's err on having routes rather than hard state [13:36:05] very similar to 6to4 routers - there is no mapping table [13:36:05] easier to manage 100k routes than 10k interfaces [13:36:29] iljitsch: [13:37:01] you look in the alt mapping to see if something is there and then look into the routing table. why that order? [13:37:03] dino: [13:37:21] you have to go that order because you want to encapsulate if possible. [13:37:28] think about default route [13:37:49] I: you lose unreachability information [13:38:12] dino: what if part of the ALT topology splits off from itself? [13:38:24] and the physical topology could still be reachable? [13:38:39] in reality, there's enough meshiness and aggregation that prefixes don't go away in the core [13:39:27] now discussion about whether this is aggregatable still [13:39:37] dino: yes, iljitsch no [13:40:00] why do you use UDP? [13:40:45] --- john.zhao has left: Computer went to sleep [13:41:00] we're using udp because the itr needs to modify the source port so that you can hash something to a prefix on equal cost [13:41:21] did anyone explain yesterday about the IP ID problem? [13:41:45] eric nordmakr [13:42:13] nordmark [13:42:19] what prevents someone from accidentally or intentionally advertising someone else's prefix? [13:42:26] dino: you can have filters [13:42:29] Upstream filters ... the node above the ETR knows what it's allowed to do [13:43:04] eric: you need a business relationship between the ETRs and the LAT [13:43:12] --- bert has left: Replaced by new connection [13:43:13] --- bert has joined [13:43:51] eric: how do you have fanout [13:44:17] dino: you're right- it's going to have a different topology fanout [13:44:19] --- john.zhao has joined [13:44:43] jari: how would filters work with ?TRs? [13:45:21] steve blake [13:45:45] how do you do ITR anti-spoofing? [13:47:10] --- mtjabber has left: Computer went to sleep [13:47:13] ok... [13:47:22] LISP Extravaganza over [13:47:27] APT [13:48:06] michael meisel talking [13:48:21] --- Simon Leinen has left [13:48:29] this will be a very comparison focused talk [13:48:34] The Big Picture [13:48:42] APT and LISP are very similar at a high level [13:48:57] separate routable addresses from endpoint addresses and both use map-encap [13:49:09] (having a moment re: slides) [13:49:33] we're having technical difficulties. please stand by [13:49:58] both need a mapping service design [13:50:14] our design philosophy is "do no harm" [13:50:22] keep network as much the same as it is today [13:50:32] our main goal is routing scalability [13:50:35] avoid packet loss [13:50:38] --- benno has left [13:50:38] minimize latency [13:50:55] the people who are paying for deploying the service gain the benefit [13:51:08] LISP and APT differ in significant ways [13:51:16] 1. distribution of mapping information [13:51:28] handling of transient failures [13:51:32] deployment scenarios [13:52:15] where do we want to deploy the solution and what the motivations are for doing that [13:52:32] outline: (a) overview (b) comparison [13:52:50] the different lisp mapping mechanisms have differing properties. we're focusing on ALT [13:53:19] dan jen: [13:53:50] terminology: [13:54:12] EID and RLOC: for this presentation are the same as used in LISP [13:54:39] MapSet [13:55:10] maps an eid prefix to all RLOCs that are potentially reachable [13:55:23] Map Req maps an EID to a single RLOC [13:55:43] APT TRs only cache map reqs [13:56:17] LISP TRs have a cache of map sets [13:56:20] eliot: not true for nerd? [13:56:24] in apt [13:56:38] scott, right, but the assumption here is that we're talking about ALT [13:57:11] APT routers can query local default router for map reqs [13:57:14] sorry rec [13:57:27] TRs live at the ISP [13:57:46] cache only maprecs [13:57:52] delete unused maprecs after some TTL [13:58:37] dmm: why have TRs at the ISP? [13:59:03] default mappers store full mapsets [13:59:18] every ISP stores full mapsets [14:00:18] full mapsets means mapsets for everyone [14:00:27] example now on the screen [14:00:50] Does anybody know where one can download this presentation? [14:01:33] http://www3.tools.ietf.org/group/irtf/trac/wiki/RRGagendaVancouver [14:01:39] thx [14:01:42] default router forwards packet and responds with a cache add [14:01:53] then ETR1 decaps [14:02:18] handling transient failures [14:02:27] 3 major situations: [14:02:29] pe fails [14:02:30] ce fails [14:02:34] or ce-pe link fails [14:02:59] a. handling packets in transit [14:03:08] b. notifying sending itrs [14:04:48] in lisp, packets are dropped, but etrs are aggressive to inform itrs [14:04:51] dino disagrees [14:04:54] in apt [14:05:09] packets in transit are routed by default mappers [14:06:32] default mappers keep reachability state [14:06:54] this is done with data-triggered control messages [14:06:59] example now up on the screen [14:07:09] --- simon has joined [14:07:17] also in ALT the overlay prefix reachability is updated [14:07:34] that previous comment is incorrect: it would probably be true if there were only a few dropped packets for all sessions combined, but the problem is that this is per destination, which means that it WILL often happen for interactive sessions such as HTTP and TCP doesn't handle losing its first packet particularly well because it doesn't yet have any notion of RTTs [14:07:47] when do laptops drop packets? isn't that only on restart? wouldn't ALT drop packets for --every new destination-- (until the map gets populated) and isn't that different? [14:08:15] when mappers learn of a failed etr, they look for alternate etrs [14:08:19] anyone else having trouble distnguishing those two colors? [14:08:35] then me informs m1 of the failure [14:08:43] s/me/m2/ [14:08:52] dave oran: [14:09:05] are there negative motivations for ISPs to expose the fact that routers within its network are down? [14:09:30] dan: we assume isps want to help get packets to customers [14:09:37] --- xiaohunhun has left [14:09:44] christian: can you get pingpong effects [14:09:48] dan: it will get resolved [14:09:57] I'm very interested in the routing protocol between the default mappers [14:11:22] CE-PE link failure looks just like a CE failure [14:11:26] mapping dissemination [14:11:35] now speaking: michael meissel [14:12:14] use separate BGP sessions running on another port: "DMBGP" [14:12:20] only default mappers peer [14:12:33] what they send is a new attribute type that carries mapping information [14:12:49] --- chvogt has joined [14:13:22] security of mapping announcements [14:13:32] authentication of mapping information is pretty important [14:13:49] false map sets cause ddos attacks, can be used to hijack all traffic for a prefix [14:13:52] --- matthewt has joined [14:14:33] updates are signed cryptographically by the originator [14:15:29] we want ISPs to deploy APT [14:15:36] so ISPs become APT islands [14:15:50] and islands join together to become archipelagos [14:15:53] and ISPs can merge their islands with other islands [14:16:01] ;-) [14:16:14] No WAN is an Island [14:16:31] communication of non-APT sites is not discussed today, and the subject of additional work [14:16:46] ISP vs. end-site deployment [14:16:48] --- john.zhao has left: Computer went to sleep [14:17:19] potential incentives [14:17:23] smaller internal routing tables [14:17:37] offer pi addressing to customers without affecting routing scalability [14:17:59] can deploy unilaterally [14:18:05] isps that is [14:19:04] --- jan has left [14:20:05] benefits of partial deployment: lisp [14:20:09] first mover lisp end sites [14:20:17] ... require ptr functionality [14:20:23] partial deployment [14:20:31] ... requires source is lisp site [14:20:34] for te [14:21:09] local v. remote mapping pull [14:21:14] dan now speaking: [14:21:23] apt uses local pull to retrieve mappings [14:21:27] itrs can obtain mappings quickly [14:21:44] large overhead to distribute mapping changes [14:22:10] default mapper storage requirements may be significant [14:22:32] LISP uses remote pull to retrieve mappings [14:22:43] sites are authoritative for their own mappings [14:22:50] no need to distribute mapping changes [14:23:01] empirical evaluation is needed to quantify differences [14:23:17] flat v. hierarchical [14:23:32] are we also working to reduce presenter-flap? [14:24:16] if the presenter-flap is damped by the time it reaches the receiver, is that okay? [14:24:47] APT hierarhical mapping introduces new mechanism [14:24:56] --- benno has joined [14:25:05] to get aggregation requires a peering structure [14:25:20] and this involves some sort of economic relationship [14:25:21] --- gih900 has left [14:25:55] --- csp has left [14:26:22] questions [14:26:25] --- Joe Touch has left [14:27:02] caching loses source specific te [14:27:27] --- dmm613@gmail.com has left [14:27:57] hares: are signatures verified in each node or is stuff added in each node in a distributed fashion? [14:28:19] verify source but don't care about path it took to get there [14:28:45] --- simon has left [14:29:35] --- arifumi has left: Disconnected [14:29:45] hares: rapid movement of an outage or link... how do you handle? how do you know you're not correct in a push scheme [14:30:27] failure doesn't show up in mapping database only permanent changes in peering [14:31:54] with dmbgp we push out updates fairly regularly. i might have to wait an hour based on provisioned state update delay [14:32:32] eric nordmark: [14:33:06] about security mechanisms, how does it relate to other design decisions? how does it relate to aggregation? [14:34:03] dan: we met a week ago with the lisp team [14:34:22] differences are primarily in the mapping services. [14:34:25] --- intvelt has left [14:35:02] plan on writing a LISP-APT draft to try to converge [14:35:39] lear: PI notion is very different in lisp, +/-'s to both. needs more exploration on business and research side [14:35:59] I wouldn't say "PI", too many connotations with address alocation. [14:36:18] lear: ETR in provider means provider desiring stickiness can play games [14:36:42] lear: if consumer, how does it look if you want to multihome, know how it works in lisp but not apt yet [14:37:40] street: is multihomed thing a business, household, device? [14:38:07] speaker: full ip addresses won't scale in any design [14:38:15] speaker = Dow Street [14:38:20] ack [14:38:38] no, questioner = dow street. speaker = an apt person [14:39:02] sorry, got it [14:39:05] Chandra Arpanna [14:39:19] --- trond has left [14:39:38] speaker: i think it's okay. goal of exercise should be about end to end reachability. there are already devices out there to deal with service providers who aren't providing the right level of service [14:39:52] i think speaker == dan massey [14:39:54] --- matthewt has left [14:39:58] aiming to meet on friday [14:39:59] --- vaf has left [14:40:03] at philly [14:40:07] we're adjourned. [14:40:08] --- eliot.lear has left [14:40:14] --- swb has left [14:40:17] --- benno has left [14:40:19] --- dthaler has left [14:40:24] --- iljitsch has left [14:40:24] --- Doug Hantula has left [14:40:27] --- bert has left [14:41:28] --- taiji-k has left [14:41:57] --- shikob has left [14:42:08] --- mohsen has left [14:45:59] --- lars.eggert@googlemail.com has left [14:56:16] --- bhoeneis has left [15:11:14] --- john.zhao has joined [15:11:37] --- chvogt has left [15:13:48] --- john.zhao has left [16:12:49] --- vaf has joined [16:12:56] --- vaf has left [19:00:05] --- gih900 has joined [19:32:53] --- gih900 has left: Replaced by new connection [19:32:53] --- gih900 has joined [19:32:53] --- gih900 has left