Upload
aldous-wilkinson
View
212
Download
0
Embed Size (px)
DESCRIPTION
Guiding Principles and Assumptions This is provisioned data - it is relatively static There is some “other” means to communicate operational state changes In-flight packet loss or delay is bad for applications The data does not change from hop to hop We are scaling to between 10 7 and 10 8 mappings (2050) Beg, Borrow, Steal PKI works best with few signers and many verifiers - sign once and don’t care about path
Citation preview
LISP-NERDRRG (IETF 69)
Eliot Lear
NERD is…• A Not-So-novel EID to RLOC
Database• A signed set of mappings• A suggested initial distribution
mechanism- HTTP• A push model approach• draft-lear-lisp-nerd-01.txt
Guiding Principles and Assumptions
• This is provisioned data - it is relatively static• There is some “other” means to communicate
operational state changes• In-flight packet loss or delay is bad for
applications• The data does not change from hop to hop• We are scaling to between 107 and 108
mappings (2050)• Beg, Borrow, Steal• PKI works best with few signers and many
verifiers - sign once and don’t care about path
NERD Process: Getting The Database to Authorities
• There exists one or more database authorities that manage mappings for some portion of the EID address space
• The end user communication to these authorities is similar to that of name service registrars
• NERD database authorities collect and validate mapping requests
• Authorities then produce a SIGNED database of entries, as well as a SIGNED set of changes from previous versions
NERD Process: Getting the data to ITRs
• When ITR boots first time it retrieves a full copy of the database via HTTP
• Caches are strategically placed and common CDN technologies are used to direct request
• ITRs periodically request updates through same CDN
• Optionally an ITR can request via its BGP neighbor or from a configured source the database and updates
Pictoral
ITR
httpcache
ITR ETRadmin
RegisterRLOCs
Pull to SitePull to Site
Sign-and-push
P2P
Authority httpserver
netnews
???
Some Sloppy MathRLOC count 2EID Mask 1EID AFI 1V4 EID 4P1+W1+AFI1+R 4V4 RLOC1 4P2+W2+AFI2+R 4V4 RLOC2 4
16 bytes for firstRLOC
8 bytes for eachAdditional RLOC
With That In Mind10n EIDs 2 RLOCs 4 RLOCs 8 RLOCs
3 24,000 40,000 72,000
4 240,000 400,000 720,000
5 2,400,000 4,000,000 7,200,000
6 24,000,000 40,000,000 72,000,000
7 240,000,000 400,000,000 720,000,000
8 2.4GB 4 GB 7.2 GB
What Does That Mean?• A daily 0.1% of 720MB change
using just 100 servers takes 24 seconds to transmit on 1gb wire
Use of a PKI• Makes some operators
shake in their boots• This is not the common
use• Allows for separation of
data format from distribution mechanisms
• By default can be hidden from operators
Questions• Do we really need a “pull model” given
the amount of data?• How many sources are there really?• Who can be those sources?• Who owns the mapping?• Can we mix and match NERD with other
things?