May 1995 - routing-wg - mailman.ripe.net

routing minutes - draft - ripe21
by Willem van der Scheun 31 May '95

31 May '95

Here are the draft minutes of the routing WG held at the 21th RIPE meeting in Rome. Please give your comments, if any, before June 9. DRAFT -- DRAFT -- DRAFT -- DRAFT -- DRAFT -- DRAFT -- DRAFT -- DRAFT -- Routing Working Group Minutes RIPE 21 Rome, May 8, 1995 Chairman: Willem v.d. Scheun ---------------------------- 1. Opening and agenda bashing Willem v.d. Scheun opened the session and welcomed everyone to the meeting. The agenda was agreed with some scheduling changes which will be reflected in the minutes. 2. Minutetaker Anne Lord volunteered to take the minutes. 3. Status of the Route Arbiter project, Elise Gerich, Merit 3.1 PRDB -> RADB transition. There was much discussion during and following Elise's presentation. The main points are: - May 8th (day of WG meeting) is the last day that NACR's will be accepted by Merit. After this date, old style NACR's will automatically be translated into ripe-181 compliant route objects. Objects should be sent to : <auto-dbm(a)ra.net> - If you have registrations in the PRDB your data will automatically be converted. - If you require connectivity to AS690 you will need to register your route in the RADB using the "advisory" tag. As AS690 config files are currently generated from the RADB only. - The "advisory" tag replaces the old-style NACRS but will be short term only The end of May was mentioned as the "short-term". - Global IRR schema means that registering in one RR should be sufficient. However, registering in more than one database will be allowed but not encouraged. Problem of determining priority when there are conflicts in RR data is still not solved. Question was asked concerning how to remove duplicates once priority issue was resolved? There was some discussion, but the problem has yet to be resolved. 3.2 RA Project Project began on July 1st, 1994 as collaboration between Merit, ISI (and IBM). ISI and IBM are responsible for the software development of the Route Server and advanced protocol development. Merit is responsible for development and maintenance of the RADB, network management and routing engineering. Current status: - 6 route servers (RS) are deployed: o 2 Mae East o Sprint NAP o Ameritech o PacBell o Mae West (not fully operational) - Main interconnection-point effort is focussed on Mae East. o 15 ISP's present o 11 peering with primary RS and backup o 6 import and exporting routes from RS. o none is yet fully dependant on RS. o only problems reported have been from Sprint. Elise reported that for the last 10 months RSes have been operational, although the fact has not been communicated since more network management tools were needed and the NOC does not yet have out of band access to the RSes. - Network Management Area development o deployed bi-lingual SNMP agent v.2 o Discovery Rover code - reports on state and topology of net. - NOC formerly ANS, now Merit, University of Michigan. - RADB is implementation of ripe-181. Some extensions to the syntax were necessary. Specifically there are now attributes: o extended-interas-in o entended-interas-out - PGP v.2.6 email authentication added. Development work done by Laurent Joncheray. Description of the mechanism can be found at: o http://www.ra.net o ftp://ftp.ra.net/routing-arbiter/tools/RAToolSet - Software development by Cengiz Alaettinoglu on tools that generate config files for ripe-181 policy expressions. Tools are (available from above URL's): o rtconfig o toolkit There was a question concering duration of project and available resources. The RA project is a 5 year project which will terminate in 1999. 14 people are working on the project. All the software is public domain. 4. Report on the population and usage of the routing registry - RIPE NCC - Maintainence of the RR is a RIPE NCC core activity. - Little time for actual work to date - current resources are 1 hour per day from Mirjam Kuehne and Anne Lord. - 3 stage workplan developed based on BGP dump of amsterdam.ripe.net o chase non-registrations of ripe-181 policy of EU ASes -> nag. o extract AS path and compare with registered policy -> nag. o develop tools to do above work auto-magically Comments: - Question concerning the consistency of route objects and the home AS. Is this part of the RR activity? Answer was yes, but focus of effort prioritised to above. - Registering in the RIPE RR is vital. When "advisory" tag goes away, some EU networks not registered may lose some connectivity. - Ideal end state is to register in one RR only. This should be sufficient for full connectivity. - Should be free (but not encouraged) to make multiple registrations. Currently some RR's require this (MCI & RADB). Seen as short-term (+/- 2 weeks). Advice for now is to make multiple registrations. - Currently RR's mirror each others databases. RIPE NCC will monitor dual registrations. 5. Routing Policy System (RPS) - Importance of ripe-181 acknowledged as document has become rfcxxxx standards track document. - IETF working group formed o rps - Charter o to develop a routing policy description language based on ripe-181. o co-ordinate efforts of various RR's - Co-chaired o Cengiz Alaettinoglu o Daniel Karrenberg. - Mailing list establised. To subscribe send mail to o <rps(a)isi.edu> o <rps-request(a)isi.edu> 6. CIDRD wg report (Danvers IETF) - ALE wg merged with CIDRD - ALE is now 2018 +/- 8 years - Analysis of address space utilisation was presented. Stats were taken from amsterdam1.dante.net. Figures showed that in 193/194 blocks there was an average of 4,000 hosts per route. CIDR works! - Routing table growth slowing down. Chief problems now seen to be route update processing and flapping. - Yakov Rekter presented paper which will soon become Internet Draft o "Address Ownership Considered Fatal" Paper discusses problems arising from portable address space. All ISP's encouraged to assign only "provider aggregatable" address space. "Provider independant" address space assigned by Regional Registries will offer no guarantee of routability. (will be determined by ISP's - some of whom claim to be filtering on longer prefixes.) Trade off between renumbering to ISP block when you move provider or paying for ISP to route your prefix. Uncertain how this will develop. Daniel Karrenberg asked for European input to document, which is vitally important. - rfc1597 stands and is on standards track. Comments in rfc1627 will be incorporated. 7. AOB Nothing was reported under AOB so the session was formally closed.

4 3

AS690 advisories
by Daniel Karrenberg 29 May '95

29 May '95

We have met with both the RA team and ANS last Tuesday. The message below is the result of these discussions. The upshot is: If you want your routes imported by ANS (AS690) you need to now: make sure you have route objects with correct advisory attruibutes in the RADB. Put those advisories in the RIPE RR. after Friday: European route objects can be removed from the RADB. AS690 advisories in the RIPE RR are sufficient to talk to ANS. July: advisory attributes will no longer be needed. This is a little easier as we expected at the RIPE meeting, so I hope everyone is happy. Daniel ------- Forwarded Message Date: Fri, 26 May 1995 16:44:47 -0400 From: Steve Heimlich <heimlich(a)ans.net> To: nanog(a)merit.edu Subject: AS690 use of multiple routing registries Folks, This note outlines changes to the ANS AS690 use of various registries which comprise the Internet Routing Registry (IRR). [RIPE gang, please forward to your mailing lists as appropriate]. Currently, the IRR consists of the following four well-known registries: the RADB, the CA*Net registry, the MCI registry, and the RIPE registry. AS690, to date, has relied exclusively on the RADB for generation of its configurations. As a result, those organizations which would naturally register in the MCI, CA*Net, or RIPE registries have been making redundant registrations in the RADB to ensure connectivity with ANS. This redundant registration has been inconvenient for many, and leads to multiple copies of route objects with inconsistent attributes. As of next week, ANS will begin to use route objects from the CA*Net, MCI, and RIPE routing registries. In order to do this, we will first create an ANS registry (containing customers of ANS) with "source: ANS" as its distinguishing attribute. Beginning with next Wednesday's AS690 config run (changed from Tuesday due to the U.S. Memorial Day holiday), we will prefer routes with AS690 advisories from these registries in the following order: ANS, CA*Net, MCI, and the RADB. Once we verify that this has succeeded, we will include the RIPE registry ahead of the RADB on next Friday's config run (i.e., ANS, CA*Net, MCI, RIPE, RADB). This method for config generation will eliminate the need for multiple registrations of singly-homed routes. Toward the end of June, we expect to have software running which will eliminate the use of AS690 advisories. This software generates an initial policy first by using registered advisories (a one-time operation). Currently, this results in a 16,000 line aut-num object for AS690. As this is somewhat unreasonable, we will be reducing the number of per-network exceptions in favor of one policy per home AS. As we approach the deployment of this capability, we will be working with peer providers on arranging mutually acceptable policies with AS690. Steve ------- End of Forwarded Message

1 0

Conflit between ICMP redirect code and default route dissemination
by Jean-Luc Richier 19 May '95

19 May '95

I have discovered a problem with the implementation of ICMP redirect in the BSD code: Due to interaction between this code and the router discovery protocol, stations may receive and keep a wrong default route, and the routers will not correct this wrong route. This leads to excessive traffic on Ethernet cables. I wish to have opinions on this problem. Which is wrong, automatic configuration of router discovery (and of any method of distributing defult routes which can be sub optimal), or the BSD routing code ? The problem was discovered with Solaris 2 staions, as they use the router discovery by default, but the Solaris system is not the cause of the problem. Description: 1/ Configuration Ethernet R1 +---+ ---------------------------------------| R | --> + connexion to station D | | +---+ using the default route +---+ +---+ + connexion to station C | A | | B | using an explicit net route +---+ +---+ | ------------ Ethernet R2 - A is a Sun station (1 Ethernet card), system Solaris 2.3 or 2.4, automatic configuration (no explicit routing information configured) - B is a Sun server (2 Ethernet cards), system Solaris 2.3 or 2.4, automatic configuration (no explicit routing information configured) - R is a router (not a Sun) running RIP but not running the Router Discovery protocol. R is connected to cable R1, and connect the site to outside. It gives access to machine C (using an explicit net route), and to machine D, using the defaut route. 2/ The problem All the packets from A to D are routed through B. Therefore each packet appears twice on the ethernet cable R1. Using snoop and netstat -r on A one can see: - A has received a default route to B. - Packets sent from A to D are sent by A to B on Ethernet, and then are sent by B to R on Ethernet. - No ICMP redirect is sent by B to A to correct the routing information. On the opposite, packets from A to C behave correctly: - the first packet from A to C is forwarded to B, then to R - On this first packet, B sends a ICMP redirect to A (redirect C through R). - the following packets from A to C are directly forwarded to R. So in this configuration, a station acquires a wrong default route, and routers fail to generate ICMP redirects to correct it. 3/ Discussion The fact that A acquires a wrong default route comes from the default configuration of both A and B (use of in.rdisc): - At boot time, B starts the in.rdisc -r daemon. (and also in.routed -s, so B receives all routes of R, including a default route) - At boot time, A starts the in.rdisc -s daemon. As B's in.rdisc daemon is active, A will use in.rdisc information and will not start in.routed. - But as R is not using the router discovery protocol, A will not discover the router R, and so will install a poor default route. One should note that : - If B sends ICMP redirects, the problem is solved : the ICMP redirect will correct the wrong route. But B does not send ICMP redirects for messages forwarded by the default route. - B knows all the correct routes received from R through RIP. It also receives the correct default routel to Internet. - Even if R is a router using rdisc protocol, there is still a problem: with standard configuration, the rdisc messages sent by R and B will have the same preference, and so there is a chance that A chooses B as default routeur. The decision not to send ICMP redirects for default routes is explicit in all the BSD codes. For example here is the comment and test in the bsd.networking code (file ip_input.c): /* * If forwarding packet using same interface that it came in on, * perhaps should send a redirect to sender to shortcut a hop. * Only send redirect if source is sending directly to us, * and if packet was not source routed (or has any options). * Also, don't send redirect if forwarding using a default route * or a route modfied by a redirect. */ #define satosin(sa) ((struct sockaddr_in *)(sa)) if (ipforward_rt.ro_rt && ipforward_rt.ro_rt->rt_ifp == ifp && (ipforward_rt.ro_rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0 && >>>>>> satosin(&ipforward_rt.ro_rt->rt_dst)->sin_addr.s_addr != 0 && ipsendredirects && ip->ip_hl == (sizeof(struct ip) >> 2)) { struct in_ifaddr *ia; My opinion is that ``don't send redirect if forwarding using a default route'' is a wrong decision and should be suppressed. This contradicts the RFCs on ``gateway requirements'', which do not suggest that a default route is something special. It also contradicts the philosophy of Router discovery ICMP. In order to use efficiently the net when using default routes on hosts, routers must be able to correct all routes. Default routes for a router are normal, they are a mean to lower the route information exchanged and stored. In a hierarchic routing domain, the default route is simply ``let the upper domain do the correct thing''. The problem can also appear in a site which use static default routes on hosts, when the topology changes. Suppose stations are manually configured with a default route pointing on a router B (the default router of the site). Some time after a new default router R is installed. With the current code for ICMP redirect all stations must be modified in order to correct the default route. Here are some parts of relevant RFCs: RFC1009 (Gateway requirements) A gateway will generate an ICMP Redirect if and only if the destination IP address is reachable from the gateway (as determined by the routing algorithm) and the next-hop gateway is on the same (sub-)network as the source host. Redirects must not be sent in response to an IP network or subnet broadcast address or in response to a Class D or Class E IP address. RFC1716 (Gateway requirements) Routers MUST be able to generate the Redirect for Host message (Code 1) and SHOULD be able to generate the Redirect for Type of Service and Host message (Code 3) specified in [INTERNET:8]. Routers MUST NOT generate a Redirect Message unless all of the following conditions are met: o The packet is being forwarded out the same physical interface that it was received from, o The IP source address in the packet is on the same Logical IP (sub)network as the next-hop IP address, and o The packet does not contain an IP source route option. The source address used in the ICMP Redirect MUST belong to the same logical (sub)net as the destination address. A router using a routing protocol (other than static routes) MUST NOT consider paths learned from ICMP Redirects when forwarding a packet. RFC 1256 (ICMP outer discovery message) The router discovery messages do not constitute a routing protocol: they enable hosts to discover the existence of neighboring routers, but not which router is best to reach a particular destination. If a host chooses a poor first-hop router for a particular destination, it should receive an ICMP Redirect from that router, identifying a better one. It has been suggested that, when the preference level of an address has not been explicitly configured, a router could set it according to the metric of the router's "default route" (if it has one), rather than defaulting it to zero as suggested above. ...... ....... Such a strategy might reduce the amount of ICMP Redirect traffic on some links by making it more likely that a host's first choice router for reaching an arbitrary destination is also the best choice. On the other hand, Redirect traffic is rarely a significant load on a link, and there are some cases where such a strategy would result in more Redirect traffic, not less (for example, on links from -- Jean-Luc RICHIER (Jean-Luc.Richier(a)Imag.Fr richier(a)imag.fr) LGI, IMAG-CAMPUS, BP 53, F-38041 GRENOBLE Cedex 9 Tel : (33) 76 82 72 32 Fax : (33) 76 44 66 75

1 0

Draft agenda WG meeting ROME
by Willem van der Scheun 04 May '95

04 May '95

Draft agenda for the routing WG meeting RIPE 21, Rome 1. Opening and agenda bashing 2. Minutetaker 3. Report on the population and usage of the routing registry RIPE NCC 4. Report from the CIDRD working group at the Danvers IETF RIPE NCC 5. Status of the Route Arbiter project Elise Gerich, Merit 6. Routing Policy System Daniel Karrenberg, RIPE NCC 7. AoB 8. Closing -- Willem

1 0