Internet DRAFT - draft-bagnulo-shim6-addr-selection
draft-bagnulo-shim6-addr-selection
Network Working Group M. Bagnulo
Internet-Draft UC3M
Expires: April 5, 2006 October 2, 2005
Address selection in multihomed environments
draft-bagnulo-shim6-addr-selection-00
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 5, 2006.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This note describes mechanisms for address selection in hosts within
a multihomed site. The goal of these mechanisms is to allow hosts
within the multihomed site to establish new communications after an
outage. The presented mechanisms are not by themselves a complete
multihoming solution but rather a component of such solution.
Bagnulo Expires April 5, 2006 [Page 1]
�
Internet-Draft Address selection for multihoming October 2005
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Reference topology . . . . . . . . . . . . . . . . . . . . . . 4
3. The problem: address selection after failures . . . . . . . . 5
4. Goals and non-goals . . . . . . . . . . . . . . . . . . . . . 7
4.1. Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.2. Non goals . . . . . . . . . . . . . . . . . . . . . . . . 7
5. Proposed mechanisms . . . . . . . . . . . . . . . . . . . . . 8
5.1. Proactive mechanisms . . . . . . . . . . . . . . . . . . . 8
5.1.1. Direct link failures . . . . . . . . . . . . . . . . . 8
5.1.2. Other failure modes . . . . . . . . . . . . . . . . . 9
5.2. Reactive mechanisms . . . . . . . . . . . . . . . . . . . 11
6. Future steps . . . . . . . . . . . . . . . . . . . . . . . . . 14
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 16
Intellectual Property and Copyright Statements . . . . . . . . . . 17
Bagnulo Expires April 5, 2006 [Page 2]
�
Internet-Draft Address selection for multihoming October 2005
1. Introduction
A way to solve the issue of site multihoming is to have a separate
site prefix for each connection of the site, and to derive as many
addresses for each hosts. This approach to multi-homing has the
advantage of minimal impact on the inter-domain routing fabric, since
each site prefix can be aggregated within the larger prefix of a
specific provider; however, it opens a number of issues, that have to
be addressed in order to provide a multihoming solution compatible
with such addressing scheme.
In this memo we will present a set of mechanisms that enable the
hosts within the multihomed site to select the addresses in order to
be able to establish new communications after an outage. The
presented mechanisms are not by themselves a complete multihoming
solution but rather a component of such solution.
Bagnulo Expires April 5, 2006 [Page 3]
�
Internet-Draft Address selection for multihoming October 2005
2. Reference topology
In the following discussion, we will use this reference topology:
/-- ( A ) ---( )
X (site X) ( IPv6 ) ---(C)---(site Y)Y
\-- ( B ) ---( )
The topology features two hosts, X and Y. The site of X is multihomed
while the site of Y is single homed. Host X has to global IPv6
addresses, which we will note "A:X" and "B:X", formed by combined the
prefixes allocated by ISP A and B to "site X" with the host
identifier of X. Y has only one address "C:Y".
We assume that Y, when it starts engaging communication with X, has
learned the addresses A:X and B:X, for example because they were
published in the DNS. We do not assume that the DNS is dynamic:
there will be situations in which both A:X and B:X are published,
while in fact only one is reachable. We assume that X, when it
receives packets from Y, has only access to information contained in
the packet coming from Y, e.g. the source address; we do not assume
that X can retrieve by external means the set of addresses associated
to Y. similar assumptions are made when X is initiating the
communication, only that in this case, a single address i.e. C:Y is
published in the DNS
In this scenario, both ISPA and ISPB are performing ingress filtering
and have not relaxed the source address checks. So, we assume that
an ingress filtering compatibility mechanism [7] is available in the
multihomed site (Site X) so that packets are forwarded through the
ISP that corresponds to the source address prefix included in the
packet by the host.
Bagnulo Expires April 5, 2006 [Page 4]
�
Internet-Draft Address selection for multihoming October 2005
3. The problem: address selection after failures
In case that a failure occurs in one of the ISPs of the multihomed
site, it may not be possible to establish a new communication towards
a destination outside the site using the addresses derived from the
prefix of the ISP affected by the failure. For instance, in the case
that the link between ISPA and the Internet fails, it will not be
possible to establish a communication between X and Y using address
A:X. In this case, any communication involving this address will fail
because:
- If Y tries to establish a communication with X using A:X as a
destination address, packets would be discarded because there is no
path available from the Internet to ISPA.
- If X tries to communicate with Y using A:X as a source address,
packets will be routed through ISPA in order to comply with ingress
filters, and because ISPA has no link available wit the rest of the
Internet, the packet will be discarded (it should be noted that even
if the packet could make it to Y, reply packets from Y to X would
contain A:X as a destination address, which is unreachable from Y).
So, in order to establish a communication between X and Y when a
failure has occurred in ISPA, the address derived from ISPA block
i.e. A:X, must not be used for the communication.
The solution for this problem has to be provided by the address
selection mechanisms. In particular, when the communication is
established from the host Y to the host X, the solution has to be
provided by the destination address selection mechanism at host Y and
when the communication is established from the host X to the host Y,
the solution has to be provided by the source address selection
mechanism at host X. Default address selection for IPv6 hosts is
specified in RFC 3484 [5]
We will next analyze the support provided by RFC 3484 when the
communication is established from host Y to host X. In this case,
host Y has two possible destination addresses A:X and B:X. Without
any additional knowledge, both addresses are equivalent to host Y, so
the default destination address selection mechanism will return a
list of the two addresses ordered as they were returned by the
resolver. It may occur that A:X is first. In this case, host Y will
use A:X to reach host X and it will fail. At this point, RFC 3484
states that if there are other destination addresses available, the
application should retry to establish the communication, using the
next address in the list. If the application retries with address
B:X, the communication will be established successfully.
Bagnulo Expires April 5, 2006 [Page 5]
�
Internet-Draft Address selection for multihoming October 2005
In conclusion, the current destination address selection mechanism is
enough to deal with this situation (as long as applications retry
with all the addresses).
Next, we will analyze the support provided by RFC 3484 when the
communication is established from host X to host Y. In this case,
destination address selection performed in host X is trivial, since
there is only one address available for Y (C:Y). Source address
selection mechanism as specified in RFC 3484 will not prefer any of
the two source addresses if no additional information is available,
so any of the addresses can be selected as source address. In the
case that address A:X is selected, the communication will fail. In
this case there are no alternative destination address to retry with,
so the communication will definitely fail.
In conclusion, the source address selection mechanism defined in RFC
3484 is not enough to support this scenario. This memo defines
mechanisms to provide a solution for this case.
Bagnulo Expires April 5, 2006 [Page 6]
�
Internet-Draft Address selection for multihoming October 2005
4. Goals and non-goals
4.1. Goal
The goal of this memo is to provide mechanisms to complement the
source address selection of the host within the multihomed that allow
it to succesfully establish new communications after an outage,
without requiring any modification to the hosts outside the
multihomed site.
4.2. Non goals
It is not a goal of this memo to modify hosts located outside the
multihomed site.
It is not the goal of this memo to define a complete multihoming
solution, but rather to define a component of such solution.
Bagnulo Expires April 5, 2006 [Page 7]
�
Internet-Draft Address selection for multihoming October 2005
5. Proposed mechanisms
There are two types of mechanisms that can be used to enable the host
within the multihomed site to select the appropriate source address:
proactive mechanisms, where the host is notified about which source
address prefixes should be used for the different destinations and
reactive mechanisms, which are based on the trial and error approach,
where the hosts try with different source address prefixes and detect
which one is available.
5.1. Proactive mechanisms
In this case, two mechanisms are needed: first, a mechanism to detect
the outage and then a mechanisms to inform the host about which
prefixes should be used in the source address for the different
destinations. While this may seem a lot of information to be stored
in the host, it should be noted that in the default case, when no
outage has occurred, all prefixes can be used to reach all the
destinations, so no information is needed. When an outage occurs,
the host must be informed of which source address prefix should not
be used to reach a certain set of destinations. Depending on the
type of outage, the amount of information may vary.
We will first present mechanisms that can be used when the outage
occurs in the direct link between the multihomed site and the ISP and
then we will present a more general approach.
5.1.1. Direct link failures
In the case that the failure has occurred affecting the direct link
between the multihomed site and one of its ISP (let's say ISPA), the
prefix associated with that ISP should not be used for any new
external communication, since the prefix is unreachable from any
other part of the Internet.
There are several mechanisms that can be used to detect the outage.
For instance, if any routing protocol is used between the ISP and the
multihomed site, such protocol can be used to detect the outage. In
any case, it is possible to use a periodic ICMP echo request for
detecting the outage on direct links.
In addition, we must establish a communication channel that quickly
signals these failures to the hosts. The logical channel to use is
the "router advertisement" message, which the routers use to
communicate to hosts the list of available prefixes. We propose here
to use the "preferred" and "valid" flags in these prefixes to signal
to hosts the addresses that should, or should not, be used as source
address at any given time.
Bagnulo Expires April 5, 2006 [Page 8]
�
Internet-Draft Address selection for multihoming October 2005
The router advertisement messages are defined in [1] ; their use for
address configuration is defined in [2] . As specified in [1] , the
router advertisements include a variable number of Prefix Information
parameters. Each Prefix Information parameter specifies:
* an address prefix value,
* an "on-link" flag, used in neighbor discovery,
* an "autonomous" flag, used for autonomous address configuration,
* the "valid" lifetime,
* the "preferred" lifetime.
We propose to use the "preferred" lifetime to indicate whether
addresses derived from the prefix can be used as source address in
multihomed networks. When a prefix is temporarily not available
routers MUST advertise a null preferred lifetime for that prefix.
In conformance with section 5.5.4 of [1] , the hosts will notice that
the formerly preferred address becomes deprecated when its preferred
lifetime expires. They will not use the deprecated addresses in new
communications if an alternate (non-deprecated) address is available
and has sufficient scope.
This solution is sufficient when the site is composed of a single
link; for more complex sites with multiple subnets, we need a
mechanism with a broader scope than Router Advertisement. There are
two available candidates that provide the required fucntionality: the
Router Renumbering protocol [3] and the prefix delegation option
defined for DHCP [8].
In order to advertise a null preferred lifetime for a specific
prefix, the sites routers must be able to learn about that prefix.
Any of the two proposed protocols, Router Renumbering or DHCP Prefix
Delegation can be used to pass this information. These protocols
allow an authorized agent, in that case the egress site, to update
the list of prefixes advertised by the site's routers. The protocols
can be used to change parameters associated to a prefix, such as the
preferred lifetime.
5.1.2. Other failure modes
There are other failures modes where there are some parts of the
Internet reachable using one prefix and other parts of the Internet
are reachable using a different prefix. For instance, in the next
figure, when a failure occurs in the link between ISPA and the rest
of the Internet, host X should use address B:X to reach host C:Y, but
host X should use address A:X to reach D:Z.
Bagnulo Expires April 5, 2006 [Page 9]
�
Internet-Draft Address selection for multihoming October 2005
Z
( Site Z)
|
( ISPD )
|
/-- ( ISPA ) ---( )
X (site X) ( IPv6 ) ---( ISPC )---(site Y) Y
\-- ( ISPB ) ---( )
In this scenario, ISPD has its own prefix Prefix D and it obtains
Internet connectivity through ISPA. So, in this case, deprecating
the prefix associated with ISPA would preclude communication with
Site Z.
In this scenario a mechanism like NAROS [6] can be used. In this
mechanism, a server acquires the reachability information available
in the inter-domain routing system using BGP. This means that there
are BGP sessions established between each site exit router and the
border router of the correspondent ISP, through which the site exit
router obtains interdomain routing information. The server
establishes IBGP sessions with each site exit router, so it discovers
which destinations are reachable through each ISP. In the case there
is no outage, all destinations are reachable through all the ISPs, so
no information has to be propagated to the hosts. In case of a
failure, a set of destinations will become unreachable through one (o
more) ISP(s). In this case, the server has to inform the hosts about
which prefix to use for the different destinations. The host can
store this information in the policy table defined in RFC 3484. This
policy table allows the host to prefer a certain source address for a
given set of destinations.
The missing part is a mechanism to convey the information from the
server to the host. A possible option is to define a new DHCP option
to transmit policy table information.
In the example above, the mechanism would work as follows. Before
the outage, the site exit router of site X are obtaining a default
route from both ISPs. The hosts have the default policy table
configured.
When an outage occurs in the link between ISPA and the Internet, ISPB
still announces a default route, while ISPA will announce only a
route to prefix A and to prefix D (and not a default route). This
information is transmitted to the server that will craft the new
policy table. Because of the longest prefix match rule of source
address selection algorithm defined in RFC 3484, A:X will be the
preferred source address when sending packet to destinations
Bagnulo Expires April 5, 2006 [Page 10]
�
Internet-Draft Address selection for multihoming October 2005
containing prefix A. So, the new policy table must inform that for
destinations containing prefix D the prefix A should be used in the
source address. Additionally the policy table must reflect that for
the rest of destinations prefix B should be preferred. This is
achieved by adding the following entries to the policy table:
Prefix Precedence Label
Prefix A 10 11
Prefix D 10 11
::/0 10 12
Prefix B 10 12
Because both entries have the same Label, Rule 6 (Prefer matching
label) of the source address selection algorithm will select the
source address containing prefix A when sending packets to
destinations containing Prefix D. Also because rule 6, for the rest
of the destinations, the source address containing Prefix B will be
preferred. The new policy table is transmitted to the hosts using
the new DHCP option.
It is also possible to enable the multihomed host to query the server
to obtain the source address prefix information as proposed in [6] .
In this case, each time the multihomed node initiates a communication
with a new destiantion, it would query the server for the proper
prefix to include in the source address. The server, would reply
based on the routing information it has gathered through BGP.
5.2. Reactive mechanisms
In this approach, the host will try with different source addresses
until the communication is established. After the communication is
established, the information about which source address to use for a
given destination is stored in a Source Address Cache. Each entry of
the cache contains for a Destination Address, information about the
corresponding Source Address and its lifetime.
The source address cache entry creation process is the following:
When the host receives a packet containing a Source Address SA and a
Destination Address DA, the Exit Path Cache is searched for an entry
that contains SA Destination Address field.
- If such entry is found, the Source Address is verified.
-- If the Source Address contains DA, then the lifetime of the entry
is extended.
Bagnulo Expires April 5, 2006 [Page 11]
�
Internet-Draft Address selection for multihoming October 2005
-- If the Source Address is other than DA, then the cache entry is
updated and DA is stored in the Source Address field. The lifetime
of the entry is extended.
- If the entry is not found, the entry is created, with SA as the
Destination Address and DA as the Source Address. The entry is
blocked from changes for a period of Tb (TBD) seconds to avoid that
multiple answers produce suboptimal behavior.
There are different retrial strategies that can be used in this
approach.
The first option is to simply let the upper layers to handle
retrials. In this case, the IP layer only has to make sure that a
different source address is used in each retrial as long as there is
not a preferred source address in the source address cache. So, in
this approach, when the IP layer receives a packet, it searches the
Source Address Cache for a preferred source address associated to the
selected destination. If no entry exists for that destination
address, one of the available source addresses is selected randomly.
If reply packets arrive, an entry will be created in the Source
Address Cache for that destination address. If no reply packets
arrive, no entry will be created, so when the upper layer protocol
resends the packet, a new source address will be used.
The second option would be that the IP layer handles retrials. In
this case, the IP layer stores the packet and retries until a Source
Address Cache entry is created for that destination. This approach
imposes that the IP layer has to store the packets sent to
destinations that still don't have a Source Address Cache entry
created. It should be noted that the IP layer is incapable of
recognizing if incoming packets are actually replies to the packets
sent, since the IP layer knowledge is limited to the source and
destination address pair. This means that the retransmission service
provided by the IP layer won't be reliable. Additionally, this
approach requires the definition of timeouts after which the IP layer
will resend the packets. Since the IP layer has no information about
the round trip times or reply time of the involved applications, the
selection of this timer will be arbitrary.
The third option would be to try with all possible source address
simultaneously. In this approach, when the IP layer receives a
packet from the upper layer, it searches the Source Address Cache for
the destination of the packet. If an entry is found for that
destination, the source address contained in the Source Address Cache
is used. If no entry is found for that destination, the IP layer
sends as many packets as different source address are available, each
one with a different address. In this case, the IP layer doesn't
Bagnulo Expires April 5, 2006 [Page 12]
�
Internet-Draft Address selection for multihoming October 2005
need to store any packets and it doesn't rely retransmission by upper
layer protocols. What is more, this approach would provide the
selection of the "best path" (under certain criteria), since the
destination address of the first reply packet could be used as source
address, selecting the fastest path available. The main drawback of
this approach is the additional load imposed by duplicated packets.
Bagnulo Expires April 5, 2006 [Page 13]
�
Internet-Draft Address selection for multihoming October 2005
6. Future steps
This memo presents multiple possible approaches to select address for
initiating new communications after an outage in multihomed
environments. At this point, the goal of the memo is to foster
discussion about the benefits and drawbacks of each approach, so that
eventually a set of mechanisms can be selected.
Bagnulo Expires April 5, 2006 [Page 14]
�
Internet-Draft Address selection for multihoming October 2005
7. Acknowledgments
This memo contains parts of a previous work entitled "Host-Centric
IPv6 Multihoming" that benefited from comments from Alberto Garcia
Martinez, Cedric de Launois, Brian Carpenter, Dave Crocker, Xiaowei
Yang and Erik Nordmark.
8. References
[1] Narten, T., Nordmark, E., and W. Simpson, "Neighbor Discovery
for IP Version 6 (IPv6)", RFC 2461, December 1998.
[2] Thomson, S. and T. Narten, "IPv6 Stateless Address
Autoconfiguration", RFC 2462, December 1998.
[3] Crawford, M., "Router Renumbering for IPv6", RFC 2894,
August 2000.
[4] Abley, J., Black, B., and V. Gill, "Goals for IPv6 Site-
Multihoming Architectures", RFC 3582, August 2003.
[5] Draves, R., "Default Address Selection for Internet Protocol
version 6 (IPv6)", RFC 3484, February 2003.
[6] de Launois, C. and O. Bonaventure, "NAROS : Host-Centric IPv6
Multihoming with Traffic Engineering",
ID draft-de-launois-multi6-naros-00.txt, May 2003.
[7] Huitema, C. and R. Draves, "Ingress Filtering compatibility for
IPv6 multihomed sites",
ID draft-huitema-shim6-ingress-filtering-00.txt, October 2005.
[8] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host
Configuration Protocol (DHCP) version 6", RFC 3633,
December 2003.
Bagnulo Expires April 5, 2006 [Page 15]
�
Internet-Draft Address selection for multihoming October 2005
Author's Address
Marcelo Bagnulo
Universidad Carlos III de Madrid
Av. Universidad 30
Leganes, Madrid 28911
SPAIN
Phone: 34 91 6249500
Email: marcelo@it.uc3m.es
URI: http://www.it.uc3m.es
Bagnulo Expires April 5, 2006 [Page 16]
�
Internet-Draft Address selection for multihoming October 2005
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Bagnulo Expires April 5, 2006 [Page 17]
�
