The CIX and the NSFNET regionals - a dilemma

• Previous message (by thread): Additions to the NSFNET policy-based routing database
• Next message (by thread): The CIX and the NSFNET regionals - a dilemma
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As some of you are probably aware, BARRNet is in the process of establishing
a connection to the CIX. While working out the details of how routing will
work between BARRNet member sites and customers/members of other CIX-connected
networks, I have run into some difficulty which may indicate a fundamental
problem for use of the CIX to interconnect research-oriented networks. In
short, I believe that such networks face a serious dilemma if they connect to
the CIX: how to provide unrestricted commercial-to-commercial access to the
CIX-reachable networks while at the same time providing optimal routing over
high-bandwidth NSFNET paths for research-oriented traffic. All, of course,
while not creating large amounts of management overhead or strange routing
anomalies. I would very much appreciate feedback from this community on the
enclosed message, which I originally sent to the CIX tech group. Of particular
interest to me is whether this group considers the assymetric routing which
would be engineered by my proposed "solution" to this dilemma to be an issue
and whether or not the "solution" would adequately address any NSFNET AUP
concerns (I use the world "solution" loosely as I am neither proud nor very
pleased with the described scheme).

	Thanks,
	Vince Fuller/BARRNet

                ---------------

  As you are probably aware, BARRNet is in the process of establishing a
connection to CIX-WEST in Santa Clara. At this time, pretty much all of the
administrative details of doing so have been finalized. While thinking about
how routing will work, however, it occurred to me that there are some major
technical details which remain unresolved. In particular, how are we to deal
with routing between research-oriented networks which should use the T3 NSFNET
but which will use the CIX due to the way routing is set up (as I understand
it, current CIX members prefer all CIX-advertised routes over those which they
may learn via the NSFNET, either by weighting advertisements or simply by only
using the NSFNET as a default path). This will be a problem (politically severe
immediately, technically eventually) for certain paths, such as for BARRNet
sites which wish to access the San Diego Supercomputer center (and I assure
you that there are several universities attached to BARRNet which have high
bandwidth requirements for this particular case), and will become more severe
as the T3 NSFNET becomes fully deployed.

  To solve this problem, it is necessary to determine whether a given network
conversation is affectted by the NSFNET AUP or not. Since conformance to the
AUP is based on the content of the conversation, it is not possible for the
routing system to do this in an automated way - the best approximation we can
make is to divide the world into those networks which are unaffected by the AUP
(I'll call them "research" sites) and those which are. Routing via the NSFNET
would then be preferred for all traffic which inolves a "research" site and via
the CIX for all else. Unfortunately, I don't believe such a routing plan is
implementable using current technology, as it requires that routing decisions
be based on both traffic source and destination. The best that could be done
would be to bias routing such that the each CIX-connected midlevel prefers any
NSFNET path it has to "research" sites over the CIX path. This could be done in
two ways:

    1. Configure each CIX-connected mid-level to suppress advertisement of
       "research" sites to the CIX, guarenteeing that those networks are only
       reachable via the NSFNET.

    2. At each CIX-connected mid-level, adjust metrics such that advertisements
       for other mid-levels' "research" networks are preferred via the NSFNET.

Either "solution" creates a number of problems:

    1. Routing must be coordinated among the CIX-connected mid-level networks
       to establish which networks are "research". Not a technical problem,
       but procedurally a pain in the neck.

    2. Both are unwieldy in that each CIX-connected midlevel will need to
       maintain a list of all of "research" sites, either within its own
       network (solution #1, painful) or from all other CIX-connected
       midlevels (solution #2, more painful)

    3. Both engineer route assymetry into the system. This is ugly and may or
       may not be acceptable.

To expand on point #3, here are examples involving real sites, one "research"
(Berkeley) and one "commercial" (InterOP) site in BARRNet and one "research"
(ISI) and one "commercial" (Hughes Aircraft) site in CERFNet/Los Nettos (I
picked these out of a hat, so to speak; I have no idea how much actual traffic
flows among these four). In order to allow the NSFNET path to be used for the
"research" sites, both CERFNet and BARRNet will need to hack their routing
configurations to prefer the NSFNET path for Berkeley and ISI. This generates
symmetric and "appropriate" paths for two of the possible communication pairs:
Berkeley<->ISI and InterOP<->Hughes, but codifies assymetry for the mixed
"commercial" and "research" pairs. For Interop<->ISI, BARRNet will route to
ISI via the NSFNET but CERFNet will route back to InterOP via the CIX. In the
Berkeley<->Hughes case, BARRNet will use the CIX to route to Hughes but
CERFNet will route back to Berkeley via the NSFNET. Not pretty.

  There is also another policy problem with the presence of the NSFNET and it's
AUP - even if all CIX-connected organizations are configured to prefer routing
via the CIX for "commercial" networks, what happens if the path between two
"commercial" networks via the CIX fails? If the networks are also advertised
via the NSFNET, suddenly what was an unrestricted path between the two is now
subject to the NSFNET AUP, without the knowledge of any user. It seems to me
that the only way to prevent this is to never advertise to the NSFNET those
networks which may wish to transmit any non-AUP traffic.

  Have these problems been previously addressed by the CIX membership? Are
there solutions which I am missing? Does no one else consider these issues to
be a problematic? When I explained this to my management, there was very
serious concern voiced, in particular over the use of the non-T3 path for
AUP-conformant sites (i.e. between BARRNET members and SDSC), since traffic
between purely research-oriented sites (such as universities) should use the
network which has been expressly provided for it - the T3 NSFNET.

  Your comments and thoughts on this matter would be greatly appreciated.

• Previous message (by thread): Additions to the NSFNET policy-based routing database
• Next message (by thread): The CIX and the NSFNET regionals - a dilemma
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]