LISP-NERD RRG (IETF 69)

1
LISP-NERDRRG (IETF 69)

• Eliot Lear

2
NERD is

• A Not-So-novel EID to RLOC Database
• A signed set of mappings
• A suggested initial distribution mechanism- HTTP
• A push model approach
• draft-lear-lisp-nerd-01.txt

3
Guiding Principles and Assumptions

• This is provisioned data - it is relatively
  static
• There is some other means to communicate
  operational state changes
• In-flight packet loss or delay is bad for
  applications
• The data does not change from hop to hop
• We are scaling to between 107 and 108 mappings
  (2050)
• Beg, Borrow, Steal
• PKI works best with few signers and many
  verifiers - sign once and dont care about path

4
NERD Process Getting The Database to Authorities

• There exists one or more database authorities
  that manage mappings for some portion of the EID
  address space
• The end user communication to these authorities
  is similar to that of name service registrars
• NERD database authorities collect and validate
  mapping requests
• Authorities then produce a SIGNED database of
  entries, as well as a SIGNED set of changes from
  previous versions

5
NERD Process Getting the data to ITRs

• When ITR boots first time it retrieves a full
  copy of the database via HTTP
• Caches are strategically placed and common CDN
  technologies are used to direct request
• ITRs periodically request updates through same
  CDN
• Optionally an ITR can request via its BGP
  neighbor or from a configured source the database
  and updates

6
Pictoral
Sign-and-push
Authority
netnews
http server
http cache
P2P
???
Pull to Site
Pull to Site
Register RLOCs
admin
7
Some Sloppy Math
RLOC count 2
EID Mask 1
EID AFI 1
V4 EID 4
P1W1AFI1R 4
V4 RLOC1 4
P2W2AFI2R 4
V4 RLOC2 4
16 bytes for first RLOC
8 bytes for each Additional RLOC
8
With That In Mind
10n EIDs 2 RLOCs 4 RLOCs 8 RLOCs
3 24,000 40,000 72,000
4 240,000 400,000 720,000
5 2,400,000 4,000,000 7,200,000
6 24,000,000 40,000,000 72,000,000
7 240,000,000 400,000,000 720,000,000
8 2.4GB 4 GB 7.2 GB
9
What Does That Mean?

• A daily 0.1 of 720MB change using just 100
  servers takes 24 seconds to transmit on 1gb wire

10
Use of a PKI

• Makes some operators shake in their boots
• This is not the common use
• Allows for separation of data format from
  distribution mechanisms
• By default can be hidden from operators

11
Questions

• Do we really need a pull model given the amount
  of data?
• How many sources are there really?
• Who can be those sources?
• Who owns the mapping?
• Can we mix and match NERD with other things?