Skip to main content

Interworking between Locator/ID Separation Protocol (LISP) and Non-LISP Sites
draft-ietf-lisp-interworking-06

Revision differences

Document history

Date Rev. By Action
2012-08-22
06 (System) post-migration administrative database adjustment to the No Objection position for Adrian Farrel
2012-03-20
06 (System) IANA Action state changed to No IC from In Progress
2012-03-13
06 (System) IANA Action state changed to In Progress
2012-03-07
06 Amy Vezza State changed to RFC Ed Queue from Approved-announcement sent
2012-03-06
06 Amy Vezza State changed to Approved-announcement sent from Approved-announcement to be sent
2012-03-06
06 Amy Vezza IESG has approved the document
2012-03-06
06 Amy Vezza Closed "Approve" ballot
2012-03-06
06 Amy Vezza Ballot approval text was generated
2012-03-06
06 Amy Vezza Ballot writeup was changed
2012-03-06
06 Jari Arkko State changed to Approved-announcement to be sent from IESG Evaluation::External Party
2012-03-06
06 Ralph Droms
[Ballot comment]
0. Thanks for addressing my issue regarding private addresses in section 7.2

1. Thanks for adding Figure 1.  Section 7.2 (discussing private addresses) …
[Ballot comment]
0. Thanks for addressing my issue regarding private addresses in section 7.2

1. Thanks for adding Figure 1.  Section 7.2 (discussing private addresses)
might benefit from an extension to Figure 1 that demonstrates where the
NAT function fits.

2. Cleared.

3. Cleared.

4. Cleared.
2012-03-06
06 Ralph Droms [Ballot Position Update] Position for Ralph Droms has been changed to No Objection from Discuss
2012-03-06
06 Jari Arkko State changed to IESG Evaluation::External Party from IESG Evaluation::AD Followup
2012-03-04
06 Adrian Farrel [Ballot comment]
Thanks for addressing my Discuss and Hoovering up my Comments
2012-03-04
06 Adrian Farrel [Ballot Position Update] Position for Adrian Farrel has been changed to No Objection from Discuss
2012-03-04
06 Adrian Farrel [Ballot comment]
Thanks for Hoovering up my Comments
2012-03-04
06 Adrian Farrel Ballot comment text updated for Adrian Farrel
2012-03-04
06 (System) Sub state has been changed to AD Followup from Revised ID Needed
2012-03-04
06 Darrel Lewis New version available: draft-ietf-lisp-interworking-06.txt
2012-03-01
05 Cindy Morgan State changed to IESG Evaluation::Revised ID Needed from Waiting for AD Go-Ahead
2012-03-01
05 Ralph Droms
[Ballot discuss]
I'm hoping this Discuss point will be easy to resolve.

1. In section 7.2, are these hosts using RFC 1918 addresses as EIDs? …
[Ballot discuss]
I'm hoping this Discuss point will be easy to resolve.

1. In section 7.2, are these hosts using RFC 1918 addresses as EIDs?
I thought from the discussion of the base LISP document that EIDs have
to be globally unique.
2012-03-01
05 Ralph Droms
[Ballot comment]
1. I agree with Adrian's comment that the document would be much more
easily understood with a diagram of the various architectural elements …
[Ballot comment]
1. I agree with Adrian's comment that the document would be much more
easily understood with a diagram of the various architectural elements
and alternatives.  For example, I had a hard time visualizing the
placement of Proxy-ITRs and how that placement would affect the
advertisement of routes to EIDs.

2. Section 7.3, although interesting, seems out of scope for this
document.

3. In section 8, "there are three mechanisms for interworking LISP
with non-LISP Sites" seems to ignore the use of routable EIDs as
described in section 4.

4. Section 1 claims that:

  [...] EID
  prefixes are normally not advertised into the Internet's Default Free
  Zone (DFZ)

But section 4 is all about routable EIDs, which seems to contradict
the claim in section 1.
2012-03-01
05 Ralph Droms [Ballot Position Update] New position, Discuss, has been recorded for Ralph E. Droms
2012-03-01
05 Gonzalo Camarillo [Ballot Position Update] New position, No Objection, has been recorded for Gonzalo Camarillo
2012-02-29
05 Wesley Eddy [Ballot Position Update] New position, No Objection, has been recorded for Wesley Eddy
2012-02-29
05 Stephen Farrell
[Ballot comment]
- Its not clear to me that the mapping system can reliably know
that all non-LISP IP addresses are in fact not EIDs. …
[Ballot comment]
- Its not clear to me that the mapping system can reliably know
that all non-LISP IP addresses are in fact not EIDs. But I'm
willing to suspend disbelief for the experiment:-)
2012-02-29
05 Stephen Farrell [Ballot Position Update] New position, No Objection, has been recorded for Stephen Farrell
2012-02-29
05 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded for Ronald Bonica
2012-02-29
05 Stewart Bryant
[Ballot comment]
Default Free Zone (DFZ) should have a reference, if only a forward ref to section 2 when you first use it in section …
[Ballot comment]
Default Free Zone (DFZ) should have a reference, if only a forward ref to section 2 when you first use it in section 1

====

Asymmetry is a problem with certain types of application, NTP for example. It would be useful if there was some discussion on the relative degree of asymmetry imposed by these LISP solutions vs the degree of asymmetry in the existing Internet, and a note made about the impact of asymmetry on applications
2012-02-29
05 Stewart Bryant [Ballot Position Update] New position, No Objection, has been recorded for Stewart Bryant
2012-02-29
05 Adrian Farrel
[Ballot discuss]
I only have a minor Discussion point (do I hear the authors sighing?)

Section 4.2 says

  Non-LISP sites today use BGP to, …
[Ballot discuss]
I only have a minor Discussion point (do I hear the authors sighing?)

Section 4.2 says

  Non-LISP sites today use BGP to, among other things, enable ingress
  traffic engineering.  Relaxing this requirement is another primary
  design goal of LISP.

I went back to look for the description of this design goal in the LISP
spec and I couldn't find it. Might be my search was a bit random. Might
be the design goal wasn't stated in the base spec and so shouldn't be
claimed here.
2012-02-29
05 Adrian Farrel
[Ballot comment]
Thank you for the paragraph at the end of the Introduction.

---


This document would be made significantly more useful by the addition …
[Ballot comment]
Thank you for the paragraph at the end of the Introduction.

---


This document would be made significantly more useful by the addition
of a figure showing the architectural components.

---

Please s/draft/document/ throughout.

---

Section 2

  For traffic not to be
  dropped, either some mechanism to make this destination EID routable
  must be in place.

Typo "either", or missing "or".

---

Section 5.2

Are there any consequences of the assymetry of PITR use that we should
investigate? Yes, I know that the Internet is not always symmetric,
but in general it often is.
2012-02-29
05 Adrian Farrel [Ballot Position Update] New position, Discuss, has been recorded for Adrian Farrel
2012-02-28
05 Peter Saint-Andre [Ballot Position Update] New position, No Objection, has been recorded for Peter Saint-Andre
2012-02-28
05 Robert Sparks [Ballot Position Update] New position, No Objection, has been recorded for Robert Sparks
2012-02-28
05 Darrel Lewis New version available: draft-ietf-lisp-interworking-05.txt
2012-02-27
04 Rolf Winter Request for Last Call review by TSVDIR Completed. Reviewer: Rolf Winter.
2012-02-27
04 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded for Russ Housley
2012-02-23
04 (System) State changed to Waiting for AD Go-Ahead from In Last Call.
2012-02-22
04 Martin Stiemerling Request for Last Call review by TSVDIR is assigned to Rolf Winter
2012-02-22
04 Martin Stiemerling Request for Last Call review by TSVDIR is assigned to Rolf Winter
2012-02-18
04 Samuel Weiler Request for Last Call review by SECDIR is assigned to Alan DeKok
2012-02-18
04 Samuel Weiler Request for Last Call review by SECDIR is assigned to Alan DeKok
2012-02-17
04 Amanda Baber [Note]: 'Terry Manderson <terry.manderson@icann.org> is the document shepherd.' added by Amanda Baber
2012-02-17
04 Amanda Baber We understand that this document doesn't require any IANA actions.
2012-02-17
04 Miguel García Request for Last Call review by GENART Completed. Reviewer: Miguel Garcia.
2012-02-17
04 (System) New version available: draft-ietf-lisp-interworking-04.txt
2012-02-09
04 Jean Mahoney Request for Last Call review by GENART is assigned to Miguel Garcia
2012-02-09
04 Jean Mahoney Request for Last Call review by GENART is assigned to Miguel Garcia
2012-02-09
04 Amy Vezza Last call sent
2012-02-09
04 Amy Vezza
State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: …
State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Subject: Last Call:  (Interworking LISP with IPv4 and IPv6) to Experimental RFC


The IESG has received a request from the Locator/ID Separation Protocol
WG (lisp) to consider the following document:
- 'Interworking LISP with IPv4 and IPv6'
  as an Experimental RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2012-02-23. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document describes techniques for allowing sites running the
  Locator/ID Separation Protocol (LISP) to interoperate with Internet
  sites (which may be using either IPv4, IPv6, or both) but which are
  not running LISP.  A fundamental property of LISP speaking sites is
  that they use Endpoint Identifiers (EIDs), rather than traditional IP
  addresses, in the source and destination fields of all traffic they
  emit or receive.  While EIDs are syntactically identical to IPv4 or
  IPv6 addresses, normally routes to them are not carried in the global
  routing system so an interoperability mechanism is needed for non-
  LISP-speaking sites to exchange traffic with LISP-speaking sites.
  This document introduces three such mechanisms.  The first uses a new
  network element, the LISP Proxy Ingress Tunnel Routers (PITR)
  (Section 5) to act as a intermediate LISP Ingress Tunnel Router (ITR)
  for non-LISP-speaking hosts.  Second the document adds Network
  Address Translation (NAT) functionality to LISP Ingress and LISP
  Egress Tunnel Routers (xTRs) to substitute routable IP addresses for
  non-routable EIDs.  Finally, this document introduces a Proxy Egress
  Tunnel Router (PETR) to handle cases where a LISP ITR cannot send
  packets to non-LISP sites without encapsulation.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-lisp-interworking/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-lisp-interworking/


No IPR declarations have been submitted directly on this I-D.


2012-02-09
04 Jari Arkko Placed on agenda for telechat - 2012-03-01
2012-02-09
04 Jari Arkko [Ballot Position Update] New position, Yes, has been recorded for Jari Arkko
2012-02-09
04 Jari Arkko Ballot has been issued
2012-02-09
04 Jari Arkko Created "Approve" ballot
2012-02-09
04 Jari Arkko Last Call was requested
2012-02-09
04 (System) Ballot writeup text was added
2012-02-09
04 (System) Last call text was added
2012-02-09
04 Jari Arkko State changed to Last Call Requested from AD Evaluation::AD Followup.
2012-02-09
04 Jari Arkko Last Call text changed
2012-02-09
04 Jari Arkko Looks good to go.
2012-02-09
04 (System) Sub state has been changed to AD Follow up from New Id Needed
2012-02-09
03 (System) New version available: draft-ietf-lisp-interworking-03.txt
2012-01-02
04 Jari Arkko State changed to AD Evaluation::Revised ID Needed from AD Evaluation.
2012-01-02
04 Jari Arkko
I have reviewed this document.

In general, it is well written and almost ready to go forward. There are a couple of areas that need …
I have reviewed this document.

In general, it is well written and almost ready to go forward. There are a couple of areas that need further text, however. The main issue is a clear description of the to-experiment and problematic areas of LISP interworking. (Making those is also needed in order to get the document approved, based on experience of taking the other Lisp documents to the IESG.) Another issue is that I think the security considerations text needs work.

In moder detail:

Technical issue: As with the other documents from the group, Section 1 should include a high-level explanation of what issues are uncertain, potentially problematic, or worth experimenting on. For instance, I presume you should say something about the effects of having to NAT traffic, finding deployment motivations to set up proxy ITRs, possible inclusion of too much non-aggregated EID space in the DFZ, effects of the asymmetric PITR routing, and so on.

Please suggest text.

> An ITR can also know explicitly that the
> destination is non-LISP if the destination IP address matches a
> Negative Map Reply found in its Map Cache.

Technical issue: This is normally the case, but the text seems to avoid going into the details that I think are relevant in this case. The base spec says

  There are two primary applications for
  Negative Map-Replies.  The first is for a Map-Resolver to instruct an
  ITR or PITR when a destination is for a LISP site versus a non-LISP
  site.  And the other is to source quench Map-Requests which are sent
  for non-allocated EIDs.

and

    The actions defined are used by an ITR or PITR when a
    destination EID matches a negative mapping cache entry.
    Unassigned values should cause a map-cache entry to be created
    and, when packets match this negative cache entry, they will be
    dropped.  The current assigned values are:

      (0) No-Action:  The map-cache is kept alive and no packet
        encapsulation occurs.

      (1) Natively-Forward:  The packet is not encapsulated or dropped
        but natively forwarded.

      (2) Send-Map-Request:  The packet invokes sending a Map-Request.

      (3) Drop:  A packet that matches this map-cache entry is dropped.
        An ICMP Unreachable message SHOULD be sent.

That is, first of all there are other situations for which negative map cache entries are used (but it is probably fine to route to the Internet in those cases). Secondly, there are some controls on whether native forwarding is the appropriate action.

Can you add a note about these and/or reformulate the text a bit?

>    3.  In either of the two exceptions mentioned above there could be

Editorial issue: I was unsure what "the two exceptions mentioned above" refer to. Also, your list starts with "This can be achieved by using one of two mechanisms:", so it is odd to find three items in the list. I would suggest making this paragraph a regular paragraph and not a numbered item, and starting it with "In either of the two mechanisms listed above there could be ...".

> 5.  Proxy Ingress Tunnel Routers

Editorial issue: It may be too obvious perhaps, but I think this section should state up front that highly aggregated EID space advertisement implies an entity that routes on the behalf of many LISP sites.

>    240.0.0.0/24.  For the purposes of this example, this prefix and no

Editorial issue: Is there a reason why we are using 240 addresses as examples? I'd prefer using normal example addresses or 10/8 addresses if you need shorter prefixes...

> For the purposes of this example, this prefix and no
> covering aggregate is present in the global routing system.

Editorial issue: Shouldn't this be "... neither this prefix or any covering aggregate are present ...". The way that you have written it now had me confused for a moment, thinking that this prefix is present but no covering prefix is present. I don't think that is what you mean.

> 6. LISP-NAT
>

Technical issue: Section 6 should probably point to some BEHAVE WG RFCs on how the NAT operation should technically work.

> An example of this translation follows.  For this example, a site has
> been assigned a LISP-NR EID of 220.1.1.0/24.  In order to utilize
> LISP-NAT, the site has also been provided the PA EID of
> 128.200.1.0/24, and uses the first address (128.200.1.1) as the
> site's RLOC.  The rest of this PA space (128.200.1.2 to
> 128.200.1.254) is used as a translation pool for this site's hosts
> who need to send packets to non-LISP hosts.

Editorial issue: Please use the officially allocated example addresses.

> 6.4. LISP-NAT and multiple EIDs
>
>
>    When a site has two addresses that a host might use for global
>    reachability, care must be chosen on which EID is found in DNS.  For
>    example, whether applications such as DNS use the LISP-R EID or the
>    LISP-NR EID.  This problem exists for NAT in general, but the
>    specific issue described above is unique to LISP.  Using PITRs can
>    mitigate this problem, since the LISP-NR EID can be reached in all
>    cases.

Technical issue: but if you had a PITR, you would not need LISP-NAT, or am I missing something?

> 6.5. When LISP-NAT and PITRs used by the same LISP Site
>
>
>    With LISP-NAT, there are two EIDs possible for a given host, the
>    LISP-R EID and the LISP-NR EID.  When a site has two addresses that a
>    host might use for global reachability, name-to-address directories
>    may need to be modified.
>
>    This problem, global vs. local addressability, exists for NAT in
>    general, but the specific issue described above is unique to
>    location/identity separation schemes.  Some of these have suggested
>    running a separate DNS instance for new types of EIDs.  This solves
>    the problem but introduces complexity for the site.  Alternatively,
>    using PITRs can mitigate this problem, because the LISP-NR EID can be
>    reached in all cases.

Editorial issue: what's the difference between Sections 6.4 and 6.5? It seems that they both talk about the problem of two addresses in a name mapping system.

Technical issue: I don't think "introduces complexity for the site" begins to explain the type of problems caused by having to separate naming systems from each other. Please expand or otherwise highlight that this approach is problematic.

> 8. Discussion of Proxy ITRs (PITRs), LISP-NAT, and Proxy-ETRs (PETRs)
>
>
>  In summary, there are three mechanisms for interworking LISP with
>  non-LISP Sites (for both IPv4 and IPv6).  In the LISP-NAT option the
>  LISP site can manage and control the interworking on its own.  In the
>  PITR case, the site is not required to manage the advertisement of
>  it's EID prefix into the DFZ, with the cost of potentially adding
>  stretch to the connections of non-LISP sites sending packets to the
>  LISP site.  The third option is Proxy-ETRs, which are optionally used
>  by sites relying on PITRs case to mitigate two caveats for LISP sites
>  sending packets to non-LISP sites.  This means Proxy-ETRs are not
>  usually expected to be deployed by themselves, rather they will be
>  used to assist LISP-NR sites which are already using PITRs.

Technical issue: This paragraph and Setion 8 in general would greatly from a discussion of the tradeoffs involved in these three mechanisms. Just one downside, stretch, is mentioned above. But I think there are others... impacts to naming systems, asymmetric traffic, etc. Please expand.

> 9. Security Considerations

Technical issue: This section seems a bit thin. I'd love to see a discussion of the following additional issues:

Implications to firewalls? Are there any? What about asymmetric routing?

Are there Denial-of-service attacks on PITRs and PETRs?

Are there DNSSEC implications on the naming system implications?

>    Like any router or LISP ITR, PITRs will have the opportunity to
>    inspect traffic at the time that they encapsulate.  The location of
>    these devices in the network can have implications for discarding
>    malicious traffic on behalf of ETRs which request this behavior (via
>    the drop action bit in Map-Reply packets for an EID or EID prefix).

You should also talk about these devices being trusted to route your traffic to begin with, and how both non-Lisp and Lisp networks should be careful in not peering with untrustworthy networks. This is very similar to, say, peering with someone who says they can reach everything in the Internet but in reality their quality or security leaves something to be desired.

(Of course, all additions to the security considerations text could be pointers elsewhere, if the issues have already been noted in other documents.)
2011-12-30
04 Jari Arkko Ballot writeup text changed
2011-10-17
04 Jari Arkko State changed to AD Evaluation from Publication Requested.
2011-07-28
04 Cindy Morgan
(1.a) Terry Manderson is the Shepherd and has reviewed this version
and believes it is ready to be forwarded to the IESG.

(1.b) The document …
(1.a) Terry Manderson is the Shepherd and has reviewed this version
and believes it is ready to be forwarded to the IESG.

(1.b) The document has had adequate review. The shepherd has no concerns
regarding the reviews which have been performed.

(1.c) The document shepherd does not have concerns that the document
requires a broader review.

(1.d) The document shepherd has no specific concerns, No IPR disclosures
have been raised.

(1.e) The WG consensus reflects active agreement among about about 10
participants, with the bulk of the WG being silent.

(1.f) No threats of appeal or discontent on this document have manifested.

(1.g) IDNITs responds with:



== There are 16 instances of lines with non-RFC5735-compliant IPv4
addresses in the document. If these are example addresses, they should
be changed.

== There are 3 instances of lines with private range IPv4 addresses in the
document. If these are generic example addresses, they should be
changed to use any of the ranges defined in RFC 5735 (or successor):
192.0.2.x, 198.51.100.x or 203.0.113.x.


The authors responded with the need to call on a broader and deeper
set of example prefixes to add meaning to the document. Documentation
prefixes alone could not provide this so RFC1918 based addresses were used.


(1.h) References have been split. No downward normative references exist.
The WIP documents are listed as normative references. All three
documents will be submitted to the IESG at the same time as this
document.

(1.i) The document makes no request of the IANA

(1.j) Formal language has been verified.

(1.k)

Technical Summary

This document describes techniques for allowing sites running the
Locator/ID Separation Protocol (LISP) to interoperate with Internet
sites (which may be using either IPv4, IPv6, or both) but which are
not running LISP. A fundamental property of LISP speaking sites is
that they use Endpoint Identifiers (EIDs), rather than traditional IP
addresses, in the source and destination fields of all traffic they
emit or receive. While EIDs are syntactically identical to IPv4 or
IPv6 addresses, normally routes to them are not carried in the global
routing system so an interoperability mechanism is needed for non-
LISP-speaking sites to exchange traffic with LISP-speaking sites.
This document introduces three such mechanisms. The first uses a new
network element, the LISP Proxy Ingress Tunnel Routers (PITR)
(Section 5) to act as a intermediate LISP Ingress Tunnel Router (ITR)
for non-LISP-speaking hosts. Second the document adds Network
Address Translation (NAT) functionality to LISP Ingress and LISP
Egress Tunnel Routers (xTRs) to substitute routable IP addresses for
non-routable EIDs. Finally, this document introduces a Proxy Egress
Tunnel Router (PETR) to handle cases where a LISP ITR cannot send
packets to non-LISP sites without encapsulation.


Working Group Summary

The work group process for this document was uneventful.

Document Quality

This document is a descriptive tome for techniques in LISP
interoperation. It has had significant review as with all other LISP
documents.
2011-07-28
04 Cindy Morgan Draft added in state Publication Requested
2011-07-28
04 Cindy Morgan [Note]: 'Terry Manderson  is the document shepherd.' added
2011-07-01
02 (System) New version available: draft-ietf-lisp-interworking-02.txt
2011-02-26
04 (System) Document has expired
2010-08-26
01 (System) New version available: draft-ietf-lisp-interworking-01.txt
2009-05-26
00 (System) New version available: draft-ietf-lisp-interworking-00.txt