On Fri, Mar 16, 2018 at 12:17 PM, Dino Farinacci <[email protected]> wrote: >> Such complexity is why I am still keen on the redirect model for a > > I hear you loud and clear. But we do the redirect model in LISP in many forms > as well. > >> mapping system. An ILA cache is an optional element and the control >> plane is never inline with packet forwarding and packets are not >> dropped on a cache miss. Neither does the generate request packets for > > We did that in the ITR as well. A cache missed meant to send a Map-Request > and to encapsulate the packet to a PETR (proxy decapsulator) where the PETR > usually had a full cache (how it got populated could be with pull or push > mechanisms). > > But this results in duplicate packets going to the destination as well as out > of order packets. > >> bogus addresses that can't resolved. These properties bound the worse >> case DOS attack to be that legitimate traffic takes an unoptimized >> route but is not blocked nor dropped. Conservatively, this does > > Yes, understand. But even in your constrained “domain”, there may be just too > much state to push to all nodes. Especially in the 5G use-case. It wasn’t a > problem in the LISP beta network because the proxy xTRs had relatively coarse > prefixes that reached lots of EIDs. > The state would need to be sharded. You'd probably need to do this anyway for mapping-servers or high thoughput Internet facing routers for which using a cache would be challenging.
Tom >> require provisioning ILA-Rs to handle the full load if necessary to be >> robust. > > Yes indeed. > > Dino > _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
