Title: LISP-NERD RRG (IETF 69)
1LISP-NERDRRG (IETF 69)
2NERD is
- A Not-So-novel EID to RLOC Database
- A signed set of mappings
- A suggested initial distribution mechanism- HTTP
- A push model approach
- draft-lear-lisp-nerd-01.txt
3Guiding Principles and Assumptions
- This is provisioned data - it is relatively
static - There is some other means to communicate
operational state changes - In-flight packet loss or delay is bad for
applications - The data does not change from hop to hop
- We are scaling to between 107 and 108 mappings
(2050) - Beg, Borrow, Steal
- PKI works best with few signers and many
verifiers - sign once and dont care about path
4NERD Process Getting The Database to Authorities
- There exists one or more database authorities
that manage mappings for some portion of the EID
address space - The end user communication to these authorities
is similar to that of name service registrars - NERD database authorities collect and validate
mapping requests - Authorities then produce a SIGNED database of
entries, as well as a SIGNED set of changes from
previous versions
5NERD Process Getting the data to ITRs
- When ITR boots first time it retrieves a full
copy of the database via HTTP - Caches are strategically placed and common CDN
technologies are used to direct request - ITRs periodically request updates through same
CDN - Optionally an ITR can request via its BGP
neighbor or from a configured source the database
and updates
6Pictoral
Sign-and-push
Authority
netnews
http server
http cache
P2P
???
Pull to Site
Pull to Site
Register RLOCs
admin
7Some Sloppy Math
RLOC count 2
EID Mask 1
EID AFI 1
V4 EID 4
P1W1AFI1R 4
V4 RLOC1 4
P2W2AFI2R 4
V4 RLOC2 4
16 bytes for first RLOC
8 bytes for each Additional RLOC
8With That In Mind
10n EIDs 2 RLOCs 4 RLOCs 8 RLOCs
3 24,000 40,000 72,000
4 240,000 400,000 720,000
5 2,400,000 4,000,000 7,200,000
6 24,000,000 40,000,000 72,000,000
7 240,000,000 400,000,000 720,000,000
8 2.4GB 4 GB 7.2 GB
9What Does That Mean?
- A daily 0.1 of 720MB change using just 100
servers takes 24 seconds to transmit on 1gb wire
10Use of a PKI
- Makes some operators shake in their boots
- This is not the common use
- Allows for separation of data format from
distribution mechanisms - By default can be hidden from operators
11Questions
- Do we really need a pull model given the amount
of data? - How many sources are there really?
- Who can be those sources?
- Who owns the mapping?
- Can we mix and match NERD with other things?