enterprise multihoming using provider assigned addresses
play

Enterprise Multihoming using Provider-Assigned Addresses without - PowerPoint PPT Presentation

May 24, 2023 •94 likes •422 views

Enterprise Multihoming using Provider-Assigned Addresses without Network Prefix Translation: Requirements and Solution Draft-bowbakova-rtgwg-enterprise-pa-multihoming-00 F. Baker, C. Bowers, J. Linkova IETF96, Berlin, July 2016 1 Problems

  1. Enterprise Multihoming using Provider-Assigned Addresses without Network Prefix Translation: Requirements and Solution Draft-bowbakova-rtgwg-enterprise-pa-multihoming-00 F. Baker, C. Bowers, J. Linkova IETF96, Berlin, July 2016 1

  2. Problems with PA Multihoming Q: How to send packets to the correct uplink (BCP38)? Q: How to implement policies? Q: How to react to links failure/recovery? WITHOUT NAT! 2

  3. Solutions with PA Multihoming Q: How to send packets to the correct uplink (BCP38)? NO NAT! A: Source Address Dependent Routing (SADR) Q: How to implement policies? Q: How to react to link failure and recovery? A: Influence source address & next-hop selection on hosts 3

  4. Requirements/Expectations Hosts have addresses from 2 or more non-overlapping blocks Packets are sent to an ISP only if src address belongs to PA space of that ISP “No uplink for this source” is signalled to hosts Hosts are expected to properly select a source address Different DA might require different sources Intra-site communication is not affected 4

  5. Example Topology 5

  6. Part 1: The Network Source Address Dependent Routing 6

  7. SADR: Overview SADR-capable Routers have: ● forwarding tables scoped to given prefixes ● unscoped (scoped to S=::/0) forwarding table might not be required if all routers support SADR ○ Incremental Rollout: ● At least Site Edge Routers (SERs) support SADR ● Other routers can do destination-based routing Traffic path might be suboptimal and tunnels might be ○ required 7

  8. Creating Scoped Tables 1. Compute the next-hops for the source-prefix-scoped destination prefixes using only routers in the connected SADR domain (source-prefix- scoped forwarding table) 2. Compute the next-hops for the unscoped destination prefixes using all routers in the IGP (unscoped forwarding table) Augment each source-prefix-scoped forwarding table with unscoped 3. forwarding table entries based on the following rule. If the destination prefix of the unscoped forwarding entry exactly matches the destination prefix of an existing source-prefix- scoped forwarding entry (including destination prefix length), then do not add the unscoped forwarding entry. If the destination prefix does NOT match an existing entry, then add the entry to the source-prefix-scoped forwarding table. 8

  9. R8 ( S=2001:db8:0:a000::/52, D=2001:db8:0:5555/64) forwarding entries (S=2001:db8:0:a000::/52, D=::/0) scoped to 2001:db8:0:a000::/52 (D=2001:db8:0:5555::/64) SERa (D=::/0) D=2001:db8:0:5555/64 NH=R7 D=::/0 NH=R7 ( S=2001:db8:0:b000::/52, D=::/0) (D=::/0) SERb1 forwarding entries scoped to S=2001:db8:0:b000::/52 ( S=2001:db8:0:b000::/52, D=2001:db8:0:6666::/64) D=2001:db8:0:6666::/64 NH=SERb2 (D=2001:db8:0:6666::/64) SERb2 D=::/0 NH=SERb1 unscoped forwarding entries (D=2001:db8:0:a010::/64) R1 (D=2001:db8:0:b010::/64) D=2001:db8:0:a010::/64 NH=R2 D=2001:db8:0:b010::/64 NH=R2 D=2001:db8:0:a020::/64 NH=R5 ( D=2001:db8:0:a010::/64) D=2001:db8:0:b020::/64 NH=R5 (D=2001:db8:0:b010::/64) R2 D=2001:db8:0:5555::/64 NH=R7 D=2001:db8:0:6666::/64 NH=SERb2 ( D=2001:db8:0:a020::/64) D=::/0 NH=SERb1 R3 (D=2001:db8:0:b020::/64) 9

  10. R8 R8 forwarding entries D=2001:db8:0:a010::/64 NH=R2 D=2001:db8:0:b010::/64 NH=R2 scoped to S= 2001:db8:0:a000::/52 D=2001:db8:0:a020::/64 NH=R5 D=2001:db8:0:b020::/64 NH=R5 D=2001:db8:0:5555/64 NH=R7 D=2001:db8:0:5555::/64 NH=R7 D=2001: D=::/0 NH=R7 db8:0:6666::/64 NH=SERb2 D=::/0 NH=R7 forwarding entries D=2001:db8:0:a010::/64 NH=R2 scoped to S= 2001:db8:0:b000::/52 D=2001:db8:0:b010::/64 NH=R2 D=2001:db8:0:a020::/64 NH=R5 D=2001:db8:0:6666::/64 NH=SERb2 D=2001:db8:0:b020::/64 NH=R5 D=::/0 NH=SERb1 D=2001:db8:0:5555::/64 NH=R7 D=2001:db8:0:6666::/64 NH=SERb2 unscoped forwarding entries D=::/0 NH=SERb1 D=2001:db8:0:a010::/64 NH=R2 D=2001:db8:0:a010::/64 NH=R2 D=2001:db8:0:b010::/64 NH=R2 D=2001:db8:0:b010::/64 NH=R2 D=2001:db8:0:a020::/64 NH=R5 D=2001:db8:0:a020::/64 NH=R5 D=2001:db8:0:b020::/64 NH=R5 D=2001:db8:0:b020::/64 NH=R5 D=2001:db8:0:5555::/64 NH=R7 D=2001:db8:0:5555::/64 NH=R7 D=2001:db8:0:6666::/64 NH=SERb2 D=2001:db8:0:6666::/64 NH=SERb2 D=::/0 NH=SERb1 D=::/0 NH=SERb1 10

  11. Packet Forwarding If the source address of the packet matches one of the source prefixes, then look up the destination address of the packet in the corresponding source-prefix-scoped forwarding table to determine the next-hop for the packet. If the source address of the packet does NOT match one of the source prefixes, then look up the destination address of the packet in unscoped forwarding table to determine the next-hop for the packet. 11

  12. R8 D=2001:db8:0:a010::/64 NH=R2 D=2001:db8:0:b010::/64 NH=R2 D=2001:db8:0:a020::/64 NH=R5 packets from 2001:db8:0:a000::/52 D=2001:db8:0:b020::/64 NH=R5 D=2001:db8:0:5555::/64 NH=R7 D=2001: db8:0:6666::/64 NH=SERb2 D=::/0 NH=R7 D=2001:db8:0:a010::/64 NH=R2 D=2001:db8:0:b010::/64 NH=R2 D=2001:db8:0:a020::/64 NH=R5 packets from 2001:db8:0:b000::/52 D=2001:db8:0:b020::/64 NH=R5 D=2001:db8:0:5555::/64 NH=R7 D=2001:db8:0:6666::/64 NH=SERb2 D=::/0 NH=SERb1 D=2001:db8:0:a010::/64 NH=R2 D=2001:db8:0:b010::/64 NH=R2 packets from other sources D=2001:db8:0:a020::/64 NH=R5 D=2001:db8:0:b020::/64 NH=R5 D=2001:db8:0:5555::/64 NH=R7 D=2001:db8:0:6666::/64 NH=SERb2 No unscoped table => no spoofing!! D=::/0 NH=SERb1 12

  13. Incremental Deployment Step 1 SERs Only 13

  14. Incremental Deployment Final Step: All Routers 14

  15. Part 2: The Host Source Address Selection 15

  16. Source Address Selection Rules (RFC6724) Rule 1: Prefer same address Rule 2: Prefer appropriate scope. Rule 3: Avoid deprecated addresses. Rule 4: Prefer home addresses. Rule 5: Prefer outgoing interface. Rule 5.5: Prefer addresses in a prefix advertised by the next-hop Rule 6: Prefer matching label. Rule 7: Prefer temporary addresses. Rule 8: Use longest matching prefix. 16

  17. How to Influence Source Address Selection DHCPv6 : Labels Table Distribution (Rule 6) SLAAC (RAs) : Next-hop (Rule 5.5) Preferred vs. deprecated addresses (Rule 3) ICMPv6: Signalling “incorrect” source address back to hosts 17

  18. Distributing Address Selection Policy Using DHCPv6 Modifying the labels to influence source address selection (RFC7078) E.g. “Use 2001:db8:0:a000::/52 to access Internet and 2001:db8:0:b000::/52 to access ISP_B services such as H61 (2001:db8:0:6666::61)” Prefix Label 2001:db8:0:6666::/64 33 2001:db8:0:b000::/52 33 18

  19. DHCPv6 & RFC7078: Drawbacks ● DHCPv6 support is not a hard requirement for hosts ● RFC7078 is not widely implemented ● Policy configuration might be complex ● How to react to topology changes? ● Failover time ● Scalability 19

  20. Example Topology 20

  21. RAs and Source Addresses Selection Long term solution: invent a new RA option to associate source and destination? Can we have tactical solution w/o too many changes on hosts? 21

  22. “Scoped” RAs, Router Pref and RIOs (all uplinks are up) 22

  23. Scoped RAs, Router Pref and RIOs (SERb1 uplink is down) 23

  24. Scoped RAs, Router Pref and RIOs (all ISP_B uplink down) 24

  25. Scoped RAs, Router Pref and RIOs (all uplinks down) Broken intra-site communication! 25

  26. Scoped RAs, Router Pref and RIOs ULA Usage 26

  27. Scoped RAs, Router Pref and RIOs ULA Usage For intra-site communication 27

  28. ICMPv6 ICMPv6 Destination Unreachable (Type 1, Code 5): “Source address failed ingress/egress policy” Potential Issues: ● Scalability? ● Delay (trying all available IPs)? ● If the “right” prefix stored in the Destination Cache: for how long? Failed uplink recovery scenario ○ ● Shall the host be informed of the “right” prefix to use? How hosts behave in real world? - to be investigated 28

  29. Summary: Network ● SADR allows network to send packets to the “right” egress point ● SADR can be deployed incrementally ● MUST be enabled on the edge ● Enabling on first-hop routers helps to control address selection on hosts 29

  30. Summary: Source Address Selection on Hosts ● SADR-capable routers sending scoped RAs allow hosts to select the correct source address ● No changes in hosts behaviour are required for hosts supporting (some testing required) : RFC4191 (Default Router Preferences and More-Specific ○ Routes) Rule 5.5 of Source Address Selection Algorithm ○ ● If local connectivity is required when all uplinks are down: use ULAs ● ICMPv6 could be used to signal errors 30

  31. QUESTIONS/COMMENTS? 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On the Cost of Supporting Mobility and Multihoming Mobility and Multihoming Vatche Ishakian,

On the Cost of Supporting Mobility and Multihoming Mobility and Multihoming Vatche Ishakian,

On the Cost of Supporting Mobility and Multihoming Mobility and Multihoming Vatche Ishakian, Ibrahim Matta, Joseph Akinwumi Computer Science Boston University I. Matta 1 Mobility = Dynamic Multihoming Mobility Dynamic Multihoming Hosts

404 views • 24 slides
Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based

Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based

Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based multihoming protocol 2 Traditional Multihoming peerlink switch2 switch1 Host2 Host1 3 Open Multihoming solution with VxLAN Overlay E-VPN

673 views • 11 slides
IPv6 Site Multihoming: Now What? (A view on what we should be doing now)

IPv6 Site Multihoming: Now What? (A view on what we should be doing now)

IPv6 Site Multihoming: Now What? (A view on what we should be doing now) draft-savola-multi6-nowwhat-00.txt Pekka Savola, CSC/FUNET Now WHAT? Now WHAT? Assumptions One size fits all solutions are only possible in fantasy or a long term

108 views • 8 slides
Android for the Enterprise Ge#ng from Here to There 1

Android for the Enterprise Ge#ng from Here to There 1

Android for the Enterprise Ge#ng from Here to There 1 Confiden)al Overview 3LM addresses enterprise needs: security and device management. 2 Confiden)al Overview m

281 views • 26 slides
Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a

Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a

Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a wholesale distribution business providing complete range of Electronic Security Systems Kamlesh 093232 51184 Adit Enterprise Adit Enterprise Adit

619 views • 29 slides
Enterprise Provider Training Introduction VNSNY CHOICE TRANSITION Training and Agenda items:

Enterprise Provider Training Introduction VNSNY CHOICE TRANSITION Training and Agenda items:

Enterprise Provider Training Introduction VNSNY CHOICE TRANSITION Training and Agenda items: Introduction to VNSNY implementation Rollout, Benefit of Linkage, Workflow differences Highlight of Payer vs. Provider Matrix Member

839 views • 79 slides
Enterprise Provider Training Introduction VNSNY CHOICE TRANSITION Training and Agenda items:

Enterprise Provider Training Introduction VNSNY CHOICE TRANSITION Training and Agenda items:

Enterprise Provider Training Introduction VNSNY CHOICE TRANSITION Training and Agenda items: Introduction to VNSNY implementation Rollout, Benefit of Linkage, Workflow differences Highlight of Payer vs. Provider Matrix Member

1.22k views • 77 slides
Optimizing Cost and Performance for Content Multihoming Hongqiang Harry Liu Ye Wang Yang

Optimizing Cost and Performance for Content Multihoming Hongqiang Harry Liu Ye Wang Yang

Optimizing Cost and Performance for Content Multihoming Hongqiang Harry Liu Ye Wang Yang Richard Yang Hao Wang Chen Tian Aug. 16, 2012 Yale LANS Content Multihoming is Widely Used Content Publisher Content Viewers Yale LANS Why Content

1.07k views • 60 slides
Enterprise Base Provider Training Introduction VNSNY CHOICE TRANSITION Training and Agenda

Enterprise Base Provider Training Introduction VNSNY CHOICE TRANSITION Training and Agenda

Enterprise Base Provider Training Introduction VNSNY CHOICE TRANSITION Training and Agenda items: Introduction to VNSNY implementation Highlight of Payer vs. Provider Matrix Member Management Placement Management

900 views • 65 slides
Virtual and Physical Addresses Physical addresses are provided by the hardware: one physical

Virtual and Physical Addresses Physical addresses are provided by the hardware: one physical

D Memory Management Virtual and Physical Addresses Physical addresses are provided by the hardware: one physical address space per machine; valid addresses are usually between 0 and some machine- specific maximum; not all addresses

250 views • 22 slides
Monetising IP Addresses Geoff Huston APNIC Addresses are not Property The original view of

Monetising IP Addresses Geoff Huston APNIC Addresses are not Property The original view of

Monetising IP Addresses Geoff Huston APNIC Addresses are not Property The original view of IP addresses is that they were merely enabling tokens to access the common Internet network The critical resource was the network addresses

293 views • 12 slides
Scaling issues with routing+multihoming Vince Fuller, Cisco Systems

Scaling issues with routing+multihoming Vince Fuller, Cisco Systems

Scaling issues with routing+multihoming Vince Fuller, Cisco Systems http://www.vaf.net/~vaf/apricot-plenary.pdf 1 Acknowledgements This is not original work and credit is due: Noel Chiappa for his extensive writings over the years on

396 views • 24 slides
Dental Refresher Workshop Presented by The Department of Social Services & HP Enterprise

Dental Refresher Workshop Presented by The Department of Social Services & HP Enterprise

Dental Refresher Workshop Presented by The Department of Social Services & HP Enterprise Services 1 Training Topics Provider Bulletins Electronic Messaging Client Eligibility Provider Enrollment and Re-enrollment

923 views • 70 slides
Enterprise Applications Enterprise Systems Enterprise Systems Also called enterprise

Enterprise Applications Enterprise Systems Enterprise Systems Also called enterprise

9/20/2012 Enterprise Applications Enterprise Systems Enterprise Systems Also called enterprise resource planning (ERP) systems Suite of integrated software modules and a common central database Collects data from many

460 views • 16 slides
Economic Feasibility Study of Seamless Multihoming WAN Solution Antti Mkel, Henna Warma,

Economic Feasibility Study of Seamless Multihoming WAN Solution Antti Mkel, Henna Warma,

Economic Feasibility Study of Seamless Multihoming WAN Solution Antti Mkel, Henna Warma, Aurelien Decros, Kalevi Kilkki & Jukka Manner FUTURE INTERENT PROGRAMME OF FINLAND ICT SHOK June 28, 2011 NGI 2011 Outline Background and

231 views • 7 slides
Pointers and dynamic objects Topics Pointers Memory addresses Declaration

Pointers and dynamic objects Topics Pointers Memory addresses Declaration

Pointers and dynamic objects Topics Pointers Memory addresses Declaration Dereferencing a pointer Pointers to pointer Static vs. dynamic objects new and delete Computer Memory Each variable is assigned a memory

636 views • 48 slides
Time Dependent Backgrounds and AdS/CFT Correspondence Sumit R. Das S.R.D, J. Michelson, K. Narayan

Time Dependent Backgrounds and AdS/CFT Correspondence Sumit R. Das S.R.D, J. Michelson, K. Narayan

Time Dependent Backgrounds and AdS/CFT Correspondence Sumit R. Das S.R.D, J. Michelson, K. Narayan and S. Trivedi, PRD 74 (2006) 026002 S.R.D, J. Michelson, K. Narayan and S. Trivedi, PRD 74 (2007) 026002 A.Awad, S.R.D, K. Narayan and S. Trivedi,

823 views • 61 slides
Beginning of Presentation CDEEP EE 705/707 NGSPICE - Demo Presented By: Sandeep Kasliwal

Beginning of Presentation CDEEP EE 705/707 NGSPICE - Demo Presented By: Sandeep Kasliwal

IIT Bombay Beginning of Presentation CDEEP EE 705/707 NGSPICE - Demo Presented By: Sandeep Kasliwal (TA) Autumn 2009 Instructor : Prof. Maryam Shojaei Baghini IIT Bombay Slide 1 Introduction NGSPICE is a general-purpose circuit

657 views • 14 slides
One-Port v Admittance Parameters Network - Hybrid Parameters i' 1 Transmission

One-Port v Admittance Parameters Network - Hybrid Parameters i' 1 Transmission

Two-Port Networks One-Port Networks Definitions i 1 + Impedance Parameters One-Port v Admittance Parameters Network - Hybrid Parameters i' 1 Transmission Parameters A pair of terminals at which a signal (voltage or

238 views • 9 slides
Topic 7 Linearity, Superposition & Thevenin Equivalent Circuits Professor Peter YK Cheung

Topic 7 Linearity, Superposition & Thevenin Equivalent Circuits Professor Peter YK Cheung

Topic 7 Linearity, Superposition & Thevenin Equivalent Circuits Professor Peter YK Cheung Dyson School of Design Engineering URL: www.ee.ic.ac.uk/pcheung/teaching/DE1_EE/ E-mail: p.cheung@imperial.ac.uk PYKC 14 May 2020 Topic 7 Slide 1

341 views • 13 slides
decaying to leptons in ATLAS James Coggeshall (University of Illinois) Representing the ATLAS

decaying to leptons in ATLAS James Coggeshall (University of Illinois) Representing the ATLAS

Status of the search for Z bosons decaying to leptons in ATLAS James Coggeshall (University of Illinois) Representing the ATLAS Collaboration 2012 USLUO Meeting 20 October 2012 What is a Z ? From our perspective, a Z is any massive

301 views • 18 slides
The Fermi -LAT Sky with focus on interstellar emission Gulaugur Jhannesson

The Fermi -LAT Sky with focus on interstellar emission Gulaugur Jhannesson

The Fermi -LAT Sky with focus on interstellar emission Gulaugur Jhannesson gudlaugu@hi.is Dark Matter with Machine Learning, Trieste, April 8 2018 LAT collaboration, Troy Porter & Igor Moskalenko Gulli Johannesson HI &

1.02k views • 55 slides
CMake with Qt Stephen Kelly stephen.kelly@kdab.com Qt Buildsystems Why CMake? Finding

CMake with Qt Stephen Kelly stephen.kelly@kdab.com Qt Buildsystems Why CMake? Finding

CMake with Qt Stephen Kelly stephen.kelly@kdab.com Qt Buildsystems Why CMake? Finding dependencies Providing shared libraries Platform independence Configure checks Code generators Extendible Scalable Related tools

456 views • 43 slides
From Belle to Belle II Peter Krian University of Ljubljana and J. Stefan Institute Joef

From Belle to Belle II Peter Krian University of Ljubljana and J. Stefan Institute Joef

Seminar, Birmingham University, Dec 14, 2011 From Belle to Belle II Peter Krian University of Ljubljana and J. Stefan Institute Joef Stefan University I nstitute of Ljubljana Peter Krian, Ljubljana Contents Highlights from B

1.04k views • 68 slides

More recommend