[ppml] Oxymorons (was: Geo PI)
Vince Fuller
vaf at cisco.com
Thu Feb 16 18:04:31 EST 2006
Others who read NANOG suggested that two postings I recently made there
are germaine to this discussion.
These messages attempt to explain why "geo-topo addresses" and "provider-
ndependent addresses" make no sense if the goal is a scalable Internet
routing system built on the (flawed) ipv6 routing architecture (fatally
flawed in the sense that it confuses the concept of transport identifier
and routing locator into a single "address").
--Vince
--------------------
From: Vince Fuller <vaf at cisco.com>
To: Fred Baker <fred at cisco.com>
Cc: nanog at merit.edu
Subject: Re: a radical proposal (Re: protocols that don't meet the need...)
I'm sure I'm going to regret posting this, if for no other reason than that
I will immediately start receiving more spam, and I suspect that I am just
re-stating things that TLi and others have been trying to state both here
and on PPML, but I guess I just can't resist today...
[Disclaimer: I don't work for a provider these days; in fact, I work for
the same vendor that Fred does, so it may seem odd that we are arguing...
but I did work for university/regional/national/global ISPs from 1988
until 2001 and during this time did participate, to some degree, in the
IETF process. I even tried to contribute to the IPNG process early on
until it became clear that the political process that drove the selection
of ipv6 had very little connection to operational reality. In case it
isn't obvious, these views are mine alone and do not represent the position
of my or your employer]
> Interesting. This is what has been called metropolitan addressing.
> I'm certainly not the one who first proposed it, although I have
> thought about it for a while, dating at least as far back as 2001.
...
> This turns the business model of routing on its head. Typically today
> if Alice is using ISP AliceNet and Bob is using ISP BobNet, Alice
> hands her packet to AliceNet, AliceNet gets it to BobNet in the
> cheapest way it can, and BobNet carries it halfway around the world
> to Bob. Bob's ISP carries the burden of most of the work. But in this
> model, if AliceNet happens to also provide service in Bob's region,
> AliceNet might carry the packet to the region and only give it to
> BobNet for the last 500 feet.
To address your points:
> Whenever I have talked about the model with an ISP, I have gotten
> blasted. Basically, I have been told that
>
> (1) any idea on operations proposed in the IETF is a bad idea because
> the IETF doesn't listen to operators
Would you disagree that the IPNG process essentially ignored the "hard"
issues (multihoming, endpoint-id/routing locator split, easy/transparent
renumbering, etc.) that were raised some 10 or more years ago? It may have
been "operators" who were most vocal in raising these issues (since they
are the ones who are suffering and will suffer the consequences of their
not being addressed -- no pun intended) but there were some pretty smart
people who didn't work for operators (e.g. JNC, TLi) who also argued for
something better than "IP with bigger addresses" as being needed for IPNG.
This certainly gave some credence to the idea that the IETF "doesn't listen
to operators" or to the others calling for a re-examination of the routing
architecture.
Slight digression: I recall getting up during the plenary (at the time, I
was very public-speaking-averse, so the memory is vivid) at the Amsterdam
IETF (July, 1993) back when the whole "IP isn't going to scale; we need to
build something better" sentiment was starting. I stated that any solution
that didn't deal with transparent renumbering and multihoming was a non-
tarter. There was lots of applause then and promises that these issues would
definitely be covered. We still wound up with a non-functional ipv6.
> (2) the ISPs aren't going to be willing to make settlement payments
> among themselves in accordance with the plan
> (3) routing isn't good enough to support it
> (4) and in any event, this makes it too easy to change ISPs
>
> In short, "hell no".
It's a little more basic than that. I'm no graph theory expert and reading
such stuff gives me a headache, but I do understand that abstraction
(summarization or aggregation) of routing information is only possible if the
identifiers that are used for numbering network elements (the "addresses") are
assigned in a manner that is isomporphic to the network topology. TLi started
writing a good paper which described this in terms of sets and subsets;
unfortunately, I don't think it ever saw the light of day).
Those who propose "geo-topological" addressing, an oxymoron if ever there
were one, are effectively dictating how the network topology is to be
organized, with rather profound implications for provider business models.
If addresses are assigned in this manner, then service providers whose
networks span multiple address assignment domains (connect to more than
one city or however the geograpic areas are split up) must:
a) connect to all designated interconnection facilities associated with
the address assignment authorities in the geographic areas they wish
to serve
and
1) carry all more-specific routes for all providers in all of the cities
that they serve (which eliminates aggregation)
or
2) provide free transit service for any customer of a competitor in a
geographic area whose addresses are aggregated
or
3) enter into a settlement agreement (which implies a regulatory regime
unprecedented in the Internet business) with all other providers in
geographic areas which they serve
Is it any surprise that large service providers are fundamentally opposed to
such a radical change in Internet business practices, one which effectively
dictates how they have to build their networks, what interconnection
facilities they must join, and how they must interact with competitors,
either by offering free transit service or by negotiating settlement contracts?
Until the IP "address" is replaced by an endpoint identifier and a routing
locator, it will not be possible to design a scalable routing architecture.
Years ago, some smart people (much smarter than me) tried to make it clear
how vitally important this distinction was. But the IPNG political process
ignored those people and the result was the undeployable mess that is ipv6.
If you want the Internet to scale to millions of customer sites that have
full flexibility to multihome with providers of their choice, the id/locator
split is essential; it may be possible to acheive this and still use ipv6
packet formats but incompatible implementation changes to "address" handling
semantics are needed at the transport and internetworking layer (think:
8+8/GSE and "agile transport identifier use").
--Vince
--------------------
Date: Thu, 16 Feb 2006 14:37:47 -0800
From: Vince Fuller <vaf at cisco.com>
To: Michael.Dillon at btradianz.com
Cc: nanog at merit.edu
Subject: Re: a radical proposal (Re: protocols that don't meet the need...)
Uh-oh, two postings to NANOG in as many days... hopefully, this will be
my last.
> [[pushed the wrong button last time. This is the complete reply]]
Oh, the irony in that statement... this whole argument has certainly pushed
"the wrong button" for me.
>
> > - join a local IXP, which may be a physical switch or
> > virtualized by a set of bilateral agreements.
>
> Why should they join an IXP if they already have
> private peering arrangements?
>
> > - outside the region, they advertise the prefix of the
> > regional authority
>
> Mixing government with operations? If you favor doing
> that then why not just give IPv6 addresses to the various
> national governments and let the UN sort it out?
>
> Personally I disagree with any scheme which calls for
> national or municipal governments to assign IPv6 addresses
> to end users. Dressing it up as a "regional authority"
> does not make it any nicer.
>
> Forcing people to join an unecessary IX is not the way
> to solve the problem of regional aggregation of routes.
> This is a purely technical problem which can be solved
> by the RIR practices in allocating IPv6 addresses. If they
> would allocate addresses in a geo-topological manner then
> end users and ISPs would be free to aggregate routes
> outside of their region without any involvement of governments
> or any requirement to join consortia or IXes. It does
> require the users of such geo-topological addresses to
> ensure that in THEIR region, there is sufficient
> interconnectivity (physical and policy) between ISPs for
> the addressing to work. But that does not need to be determined
> or managed centrally.
>
> Geo-topological addressing refers to RIRs reserving large
> blocks of designated addresses for areas served my large
> cities (over 100,000) population. When end users are located
> in fringe areas roughly equidistant between two or more such
> centers, the RIR simply asks the end user (or ISP) which is
> the center to which they want to connect (communicate).
> This addressing scheme operates in parallel with the existing
> provider-oriented IPv6 addressing scheme but uses a different
> block of IPv6 addresses out of the 7/8ths that are currently
> reserved. No hardware or software changes are required for this
> to work, merely some geographical/economical research to determine
> the relative sizes of the address pool to be reserved for each
> of the world's 5000 largest cities.
The routing system doesn't particularly care whether your "geo-topo"
addressing is imposed by governments, RIRs, or a beneveolent dictator;
in all cases, the result is Soviet-style central planning to force the
network topology to conform to your idea of what it "should" be rather
than following the economic realities of the those who would build the
network.
A "geo-topo" addressing scheme works great for address assignment *within*
a single AS and it even could have worked pretty well back in 1990, when
there was a "core" NSFNET and a bunch of regional networks. But the key
attribute of these scanerios is the existance of centralized control of
the topology. There is no such control of the topology today; those who wish
to impose such control are asking for a regulatory environment that would
radically change the nature of the Internet.
>
> > Whenever I have talked about the model with an ISP, I have gotten
> > blasted. Basically, I have been told that
> >
> > (1) any idea on operations proposed in the IETF is a bad idea because
> > the IETF doesn't listen to operators
>
> This is true. Top-down does not work in Internet operations.
> We need bottom-up, i.e. customer demand. The IETF needs to
> view their role as enablers of customer demand. If the IETF
> can create something that will work for ISP customers, then
> ISPs will be happy to go along, once the customers demand
> the service.
Interesting to see an argument for bottom-up design in a post which
otherwise calls for top-down planning of the network architecture.
What the IETF, and more specifically the IAB, really needs to do is to
acknowledge that there is a very real problem with the ipv6 routing
architecture (which is identical to the IPv4 routing architecture), one
that cannot be fixed without making incompatible changes to protocol
implementation. Band-aids like shim6 just aren't going to cut it if the
goal is to build a highly-scalable network of autonomous routing domains
(in other worse, a really big network where end sites have very flexible
choices of providers). The first step to finding a solution is to admit
that there is a problem.
> > (2) the ISPs aren't going to be willing to make settlement payments
> > among themselves in accordance with the plan
>
> Wait until this starts appearing as a requirement in
> custome RFPs.
Then wait until governmental bodies step in to offer their help in the
form of regulation. The two go hand-in-hand. If you want to re-invent the
telco model of interconnection, this is a pretty big step in that direction.
...
> > Note 2: Provider-provisioned addresses continue to make sense for
> > folks that don't plan to multihome.
>
> Indeed they do. But the current IPv6 addressing model is completely
> slanted towards provider-provisioned addresses for single-homed
> entities. Calling a small block of these provider-provisioned
> addresses PI (provider independent) does not really make the addresses
> provider independent and does not help small enterprises to implement
> meaningful multihoming. The IETF has imposed this provider-provisioned
> model on IPv4 and is thus directly responsible for the ISP cartel
> which now exists.
Methinks we are re-interpreting history here. The IETF didn't create an "ISP
cartel" for IPv4. What CIDR did, and I think I can speak with some degree
of authority on this subject, was to allow routing state to scale
in a non-exponential manner by encouraging address assignment to follow
topology. Of course, the fact is that it is the providers which determine
network topology because it is they who create it (this is something of a
tautology). There are consequences of this, namely that provider changes
imply renumbering, but this really isn't some grand scheme to lock customers
in to providers; it is an unfortunate consequence of the combination of
addressing following topology and a poor, late-1960's design decision to
combine endpoint identification and routing locator into a single quantity
known as an IP address.
It is important to note that CIDR was explicitly specified as a short-term
measure to prevent the explosion of routing state from causing the Internet
to become unmanageable, which was the alternative to its adoption back in
the early-to-mid-1990s. It was also explicitly intended to be replaced by
a scalable, long-term solution which, unfortunately, has yet to be designed.
If you don't believe me, go read the documents for yourself - they say
exactly the same thing.
In the interests of demonstrating why "geo-topo" addressing can't possibly
work without radical changes to the business and regulatory models of the
Internet, consider the simple example of a provider who has connections
to two popular "geo-topo" addressing domains, say the Bay Area and the
DC area. Let's say that 10.0.0.0/8 is the "geo-topo" address block in the
Bay Area and 172.16.0.0/12 is the "geo-topo" block in the DC area. This
provider has four customers in the Bay Area:
10.1.1.0/24
10.10.4.0/22
10.100.8.0/21
10.200.0.0/16
How is the provider supposed to make use of the 10.0.0.0/8 aggregate? Does
he advertise it to other providers in the DC area or anywhere else where
he offers service (Asia, Europe, etc.)? By doing so, he is stating that he
can provide connectivity to all hosts which are numbered in that address
range. But he only provides transit service to the address ranges associated
with his customers. For him to provide connectivity to all the address range,
he must
a) have full routing connectivity to all other providers that have
addresses in the same range; this implies that he connects to all IXs
within the region and maintaines a full-mesh of routing information
(today, BGP sessions) to all of these providers
and
b) must be willing to provide connectivity to all sites within the region
to any place that he advertises the prefix 10.0.0.0/8 through routing
exchanges; if he advertises this prefix to non-customers, it implies
that he is will provide free transit to his competitors' customers
which are numbered out of this block
Both of these requirements defy business sense, so absent the imposition of
strong regulation and negotiated settlements, they are unlikely to appeal to
any provider which wishes to offer service to and between multiple cities;
without such providers, you don't have a global Internet.
I'm not sure how I can make this much more clear. It seems appropriate to
re-state Dave's quote Yakov:
"Addressing can follow topology or topology can follow addressing.
Choose one."
and I'd offer a corollary:
Transit relationships (i.e money) must follow topological relationships
(and thus addressing); the alternative is some combination of inefficient
or non-scalable routing, black holes, settlements, regulation, or other
undesireable things.
If you really want to combine transport identifier and routing locator into
a single "address", you give up a lot of flexibility. For routing to scale,
addressing must follow topology, so in such a network architecture the term
"topology independent address" (aka "provider independent address") is truly
an oxymoron.
--Vince
More information about the ARIN-PPML
mailing list