Comments welcome!
Comments inline.
Lixia
-----------
LISP Critique
LISP continues to go through changes based on lessons learned in
actual deployment. This critique is based on the (understanding of)
description at the time of this writing. This critique includes
LISP is going through engineering changes as a reflection of
deployment. There really aren't any architectural changes happening.
issues from fundamental architectural limitations, potential
problems that require co-ordinated change, and new issues as the
results of the design; in addition it also includes a clarification
of some basic definitions.
First, two basic terms in LISP needs clarification: as state in LISP
drafts:
"LISP specifies an architecture and mechanism for replacing the
addresses currently used by IP with two separate name spaces:
Endpoint IDS (EIDs), used within sites, and Routing Locators
(RLOCs),
used on the transit networks that make up the Internet
infrastructure."
Thus "EID" in LISP is not a host identifier, but IP addresses used
within a site for packet delivery. Furthermore, an RLOC is not
simply any IP address reachable in the global default free zone; it
is an special address that binds to an attachment point of a site.
A LISP EID is a host identifier. It is also a locally scoped locator
that does not require global routing knowledge from core routers.
Regarding the architecture, LISP's most serious challenges are due
to the fact that it effectively divides today's routed IP address
space into two, edges and the core, which comes with all the
challenges that such a grand division brings; the list below
attempts to capture the major ones that have been identified (not in
priority order).
The first question is whether, or how, one can draw a clear boundary
to sort existing networks into the core and edges. For example where
should one put those transit networks that do not provide global
connectivity (e.g. Internet2)? Do such networks belong to the core
or edges? Does the core represent a connected cloud (bar transient
failures)?
The second class of challenges arises from the fact that the
reachability to each edge destination is now a combined result of 3
major components: the mapping database that captures connectivity
between an edge site and its TRs, realtime status between an edge
site and its TRs, and the connectivity between ITR and ETR to
encapsulate packets over. In designing these components, three goals
are often in conflict: minimizing overhead, minimizing complexity,
and maximizing performance.
Because the mapping database will be very large in size, LISP lets
ITRs query mapping on demand, which brings up the question of how to
handle packets while ITR waiting for the mapping information. The
current decision (dropping packets) favors simplicity at the cost of
data performance. Would be feasible to buffer the packets? How deep
such a buffer could be? Such questions need future research.
An implementation *could* queue packets. This has the same
architectural tradeoffs that ARP and IPv6 Neighbor Discovery have. And
the architecture says data packets could be used as Map-Requests.
Another issue arises from caching the mapping information: caching
improves the performance, but introduces the problem of detecting,
and replacing, outdated mappings. This is a very lengthy topic with
many subtly different failure modes, which cannot be covered here in
any detail.
But you make is sound that LISP doesn't address this. There are
numerous solutions to this and several are implemented.
Because of this caching effect, and the fact that the ETR to a
multihomed destination site is chosen at ITR, LISP design also faces
challenges of response to component failures. LISP cannot easily
test reachability of ultimate destinations (e.g. behind an ETR).
Well it could. It could ping EIDs. Just like a BGP router could ping
an endpoint host. But it doesn't because it would not scale. It
doesn't mean that because a BGP route is in a routing table that the
destination is reachable.
So please compare apples and apples. That means compare what the new
LISP idea challenges are with the same challenges existing routing
architectures have.
Regarding the mapping system, the ALT design has potential
performance and scaling issues (e.g. concentration of request load
at the top-level nodes); an interface has been built to allow
If you say ALT doesn't scale, then you must say the BGP based Internet
doesn't scale. Are you willing to say that?
replacement of the mapping system. Another issue is potential
identification (EIDs) namespace provider lock-in, unless some
mechanism can be worked out to allow multiple competing providers to
provide resolutions from EIDs to ETRs (perhaps as part of a new
mapping system). This last point touches on an even more important
issue: an ISP's performance critically depends on the performance of
the mapping system, a single mapping system to serve all seems
problematic.
There are no address providers. It is a one time sale. You buy an
address block from a registry and the relationship is over.
If you want to bind it with locators and buy service from a Mapping
Service Provider (MSP), then you have choices because they all attach
at the ALT at the same aggregation layer.
We are modeling this in our 3rd generation of the LISP test network.
The only relationship a LISP site has with a service provider is the
link that attaches to it and the single address the SP assigns to the
CE side of the link. Once you disable the contract with the SP, the
link goes away and the address does. The EID-prefixs and other
locators do not change. The mapping entry for the site gets updated
dynamically in the Map-Server as well as existing caches and
communication continues. In fact, TCP connections stay up during this
change.
Another class of issues relates to network management and operations.
- Although LISP does provide significant tools for multi-homing,
load-sharing, optimal-entry-selection, etc, these currently depend
on correct
configuration; response to component failures is also limited.
Can you sight examples where this is true. Just making a claim doesn't
mean it is true.
- LISP is currently working through NAT boxes, but only in limited
configurations. In particular, due to the use of fixed UDP ports,
it is not
currently possible to support more than one ETR behind a NAT box.
This is easily fixed with a protocol change and not an architectural
change. And this is only the case when the NAT and LISP are not co-
located in the same box(es).
- Encapsulations of data packets increase the packet size and may
lead to PMTU problems.
Just like existing tunneling solutions that seem to work and generate
revenue in practice.
Last but not least: One would not be able to see global routing
table size reduction unless/until LISP has been adopted by
significant number of networks. On the other hand, LISP is
potentially a useful tool in data centers where its one-level of
indirection may help significantly simplify the support for virtual
servers.
This is simply not true. The more specifics from site advertisements
are withdrawn at the expense of coarse prefixes being injected by
PITRs. The difference in the number of 1 or 2 orders of magnitude.
And why is there two points in the same paragraph? The data center
comment came out of no where.
Dino
_______________________________________________
rrg mailing list
rrg@irtf.org
http://www.irtf.org/mailman/listinfo/rrg
_______________________________________________
rrg mailing list
rrg@irtf.org
http://www.irtf.org/mailman/listinfo/rrg