lisp-nerd rrg (ietf 69) eliot lear. nerd is… a not-so-novel eid to rloc database a signed set of...

LISP-NERDRRG (IETF 69)

Eliot Lear

NERD is…• A Not-So-novel EID to RLOC

Database• A signed set of mappings• A suggested initial distribution

mechanism- HTTP• A push model approach• draft-lear-lisp-nerd-01.txt

Guiding Principles and Assumptions

• This is provisioned data - it is relatively static• There is some “other” means to communicate

operational state changes• In-flight packet loss or delay is bad for

applications• The data does not change from hop to hop• We are scaling to between 107 and 108

mappings (2050)• Beg, Borrow, Steal• PKI works best with few signers and many

verifiers - sign once and don’t care about path

NERD Process: Getting The Database to Authorities

• There exists one or more database authorities that manage mappings for some portion of the EID address space

• The end user communication to these authorities is similar to that of name service registrars

• NERD database authorities collect and validate mapping requests

• Authorities then produce a SIGNED database of entries, as well as a SIGNED set of changes from previous versions

NERD Process: Getting the data to ITRs

• When ITR boots first time it retrieves a full copy of the database via HTTP

• Caches are strategically placed and common CDN technologies are used to direct request

• ITRs periodically request updates through same CDN

• Optionally an ITR can request via its BGP neighbor or from a configured source the database and updates

Pictoral

ITR

httpcache

ITR ETRadmin

RegisterRLOCs

Pull to SitePull to Site

Sign-and-push

P2P

Authority httpserver

netnews

???

Some Sloppy MathRLOC count 2EID Mask 1EID AFI 1V4 EID 4P1+W1+AFI1+R 4V4 RLOC1 4P2+W2+AFI2+R 4V4 RLOC2 4

16 bytes for firstRLOC

8 bytes for eachAdditional RLOC

With That In Mind10n EIDs 2 RLOCs 4 RLOCs 8 RLOCs

3 24,000 40,000 72,000

4 240,000 400,000 720,000

5 2,400,000 4,000,000 7,200,000

6 24,000,000 40,000,000 72,000,000

7 240,000,000 400,000,000 720,000,000

8 2.4GB 4 GB 7.2 GB

What Does That Mean?• A daily 0.1% of 720MB change

using just 100 servers takes 24 seconds to transmit on 1gb wire

Use of a PKI• Makes some operators

shake in their boots• This is not the common

use• Allows for separation of

data format from distribution mechanisms

• By default can be hidden from operators

Questions• Do we really need a “pull model” given

the amount of data?• How many sources are there really?• Who can be those sources?• Who owns the mapping?• Can we mix and match NERD with other

things?