Added: Julee Fullen - Date: 02.10.2021 22:37 - Views: 39221 - Clicks: 1360
Network Working Group E. This memo presents an experimental database and a discussion of methods to transport the mapping of EIDs to RLOCs to routers in a reliable, scalable, and secure manner. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress. All rights reserved.
Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Base Assumptions. What is NERD? Theory of Operation. Database Updates. Who are database authorities?
NERD Format. Database Update Format. Initial Bootstrap. Retrieving Changes. Database Size. Router Throughput Versus Time. of Servers Required. Security Considerations. Other Risks. Why not use XML? Other Distribution Mechanisms.
What About DNS as a mapping retrieval model? Perhaps use a hybrid model? Deployment Issues. Open Questions. IANA Considerations. Normative References.
Informative References. Generating and verifying the database ature with OpenSSL.
This reduces the amount of state change that occurs on routers within the default-free zone on the Internet, while enabling end sites to be multihomed. NERD is offered primarily as a way to avoid dropping packets, the underlying assumption being that dropping packets is bad for applications and end users. Those who do not agree with this underlying assumption may find that other approaches make more sense. NERD is specified in such a way that the methods used to distribute or retrieve it may vary over time.
Multiple databases are supported in order to allow for multiple data sources. An effort has been made to divorce the database from access methods so that both can evolve independently through experimentation and Just a nerd updated validation. Applicability This memo is based on experiments performed in the time frame.
At the time of its publication, the author is unaware of operational use of NERD. Those wishing to pursue NERD should consider the substantial amount of work left for the future. See Section 10 for more details. Base Assumptions In order to specify a mapping it is important to understand how it will be used, and the nature of the data being mapped. In the case of LISP, the following assumptions are pertinent: o The data contained within the mapping changes only on provisioning or configuration operations, and is not intended to change when a link either fails or is restored.
Some other mechanism such as the use of LISP Reachability Bits with mapping replies handles healing operations, particularly when a tail circuit within an service provider's aggregate goes down. NERD can be used as a verification method to ensure that whatever operational mapping changes an ITR receives are authorized. Hence the information contained within the mapping does not change based on where one sits within the topology.
It consists of the following components: 1. The network database format is compressible. However, at this time we specify no compression method. HTTP has restart and compression capabilities. It is also widely deployed. There exist many methods to show differences between two versions of a database or a file, UNIX's "diff" being the classic example. Glossary The reader is once again referred to [ I-D.
The following terms are specific to this memo. It is the source of both. Pull Model: An architecture where clients pull only the information they need at any given time, such as when a packet arrives for forwarding. Push Model: An architecture in which clients receive an entire dataset, containing data they may or may not require, such as mappings for EIDs that no host served is attempting to send to. Hybrid Model: An architecture Just a nerd updated which some information is pushed toward the receiver from a source and some information is pulled by the receiver.
Theory of Operation Operational functions are split into two components: database updates and state exchange between ITR and ETR during a communication. Specifics can be found in Section 3. The general way in which NERD works is as follows: 1. As part of this process the authority generates a digest for the database and s it with a private key whose public key is part of an X. The NERD is distributed to a group of well known servers. ITRs are preconfigured with a group of certificates whose private keys are used by database authorities to the NERD. This list of certificates should be configurable by administrators.
ITRs next verify both the validity of the public key and the ed digest. The process iterates until either a valid database is found or the list of sources is exhausted. At some point the authority updates the NERD and increments the database version counter. At the same time it generates a list of changes, which it also s, as it does with the original database. Periodically ITRs will poll from their list of servers to determine if a new version of the database exists. When a new version is found, an ITR will attempt to retrieve a change file, using its list of preconfigured servers.
The ITR validates a change file just as it does the original database. Assuming the change file passes validation, the ITR installs new entries, overwrites existing ones, and removes empty entries, based on the content of the change file. As time goes on it is quite possible that an ITR may probe a list of configured peers for a database or change file copy. It Just a nerd updated equally possible that peers might advertise to each other the version of their database. Such methods are not explored in depth in this memo, but are mentioned for future consideration.
This memo does not specify who the database authority is. That is because there are several possible operational models. In each case the of database authorities is meant to be small so that ITRs need only keep a small list of authorities, similar to the way a name server might cache a list of root servers.
In this case all entries in the database are registered to a single entity, and that entity distributes the database. Because the EID space is provider independent address space, there is no architectural requirement that address space be hierarchically distributed to anyone, as there is with provider-ased address space. Hence, there is a natural affinity between the IANA function and the database authority function. In this case, provider independent address space is allocated to either Regional Internet Registries RIRs or to affiliates of such organizations of network operations guilds NOGs.
The benefit of this approach is that there is no single organization that controls the database. It allows one database authority to backup another. One could envision as many as ten database authorities in this scenario. One drawback to this approach, however, is that any reference to a region imposes a notion of locality, thus potentially diminishing the split between locator and identifier. This could occur should countries decide to regulate this function. While limiting the scope of any single database authority as the scenario describes, this approach would introduce some overhead as the list of database authorities would grow to as many asand possibly more if jurisdictions within countries attempted to regulate the function.
There are two drawbacks to this approach. First, as distribution of EIDs is driven to more local jurisdictions, an EID prefix is tied even tighter to a location. Second, a large of database authorities will demand some sort of discovery mechanism. This has the appeals of being location independent, and enabling competition for good performance.
This method has the drawback of potentially requiring a discovery mechanism. The latter two approaches are not mutually exclusive. While this specification allows for multiple databases, discovery mechanisms are left as future work. The authentication block itself consists of a ature and a certificate whose private key counterpart was used to generate the ature.
This is so that after a database update it should be possible Just a nerd updated reconstruct the database to verify the digest ature, which may be retrieved separately from the database for verification purposes. The database file version is incremented each time the complete database is generated by the authority. In the case of an update, the database file version indicates the new database file version, and the old database file version is indicated in the "old DB version" field. The database file version is used by routers to determine whether or not they have the most current database.
This is the name that will appear in the Subject Just a nerd updated of the certificate used to verify the database. The purpose of the database name is to allow for more than one database. Such databases would be merged by the router. However, it may be possible to transition a mapping from one database to another. During the transition period, the mappings would be identical. When they are not, the resultant behavior will be undefined. The database name is padded with NULLs to the nearest fourth byte. For purposes of this experiment all implementations will support the RSA encryption ature algorithm and SHA1 digest algorithm, and the standard attributes are expected to be present.
At the time this experiment was performed, CMS was not yet widely deployed. However, it is certainly the correct direction, and should be strongly considered in future related work. There will always be at least one routing locator. The minimum record size for IPv4 is 16 bytes. The purpose of this format is to keep the database compact, but somewhat easily read.
The meaning of weight and priority are described in [ I-D. In order to reduce storage and transmission amounts for IPv6, only the necessary of bytes of an EID as specified by the prefix length are kept in the record, rounded to the nearest four byte word boundary. Database Update Format A database update contains a set of changes to an existing database. Records that contain EIDs and prefix lengths that were not ly listed are simply added.
Otherwise, the old record for the EID and prefix length is replaced by the more current information.Just a nerd updated
email: [email protected] - phone:(684) 512-8230 x 7260