Network Working Group B. Black
Internet-Draft Layer8 Networks
Expires: December 24, 2001 V. Gill
J. Abley
Metromedia Fiber Network Inc.
June 25, 2001
Requirements for IP Multihoming Architectures
draft-ietf-multi6-multihoming-requirements-01
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 24, 2001.
Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract
Multihoming is an essential component of service for enterprises [3]
which are part of the Internet. Existing IPv4 multi-homing
practices, described in a companion draft [1], provides a set of
capabilities that must be accommodated by the adopted multi-homing
architecture in IPv6, and a set of limitations that must be overcome,
relating in particular to scalability.
This document outlines a set of requirements for a new IPv6 multi-
homing architecture.
Black, et. al. Expires December 24, 2001 [Page 1]
Internet-Draft IP Multihoming Requirements June 2001
1. Introduction
Multihoming is an essential component of service for enterprises
which are part of the Internet. Current IPv4 multihoming practices
have been added on to the CIDR architecture [2], which assumes that
routing table entries can be aggregated based upon a hierarchy of
customers and service providers [1].
However, it appears that this hierarchy is being supplanted by a
dense mesh of interconnections [9]. Additionally, there has been an
enormous growth in the number of multihomed organizations. For
purposes of redundancy and load sharing, the multihomed customer
blocks, which are almost always a longer prefix from the provider
aggregate, are announced, along with the larger aggregate by the
provider. This results in rapidly increasing size of the global
routing table. This explosion places significant stress on the
inter-provider routing system.
Migration to IPv6, which will allow unprecedented scaling of the
number of potentially multihomed sites, will seriously exacerbate
this stress unless a substantially different approach to multihoming
is adopted.
Black, et. al. Expires December 24, 2001 [Page 2]
Internet-Draft IP Multihoming Requirements June 2001
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [4].
An "enterprise" is an entity autonomously operating a network using
TCP/IP and, in particular, determining the addressing plan and
address assignments within that network. This is the definition of
"enterprise" used in [3].
A "transit provider" is an enterprise which provides connectivity to
the Internet to one or more other enterprises. The connectivity
provided extends beyond the transit provider's own network.
A "multi-homed" enterprise is one with more than one transit
provider. "Multihoming" is the practice of being multi-homed.
The term "re-homing" denotes a transition of an enterprise between
two states of connectedness, due to a change in the connectivity
between the enterprise and its transit providers.
Black, et. al. Expires December 24, 2001 [Page 3]
Internet-Draft IP Multihoming Requirements June 2001
3. Multihoming Requirements
3.1 Capabilities of IPv4 Multihoming
The following capabilities of current IPv4 multihoming practices are
required to be supported by an IPv6 multihoming architecture. IPv4
multihoming is discussed in more detail in [1].
3.1.1 Redundancy
By multihoming, an enterprise should be able to insulate itself from
certain failure modes within one or more transit providers, as well
as failures in the network providing interconnecting with one or more
transit providers.
The multihoming architecture must accommodate (in the general case,
issues of shared-fate notwithstanding) the following failure modes:
o Physical link failure, such as a fiber cut or router failure,
o Logical link failure, such as a misbehaving router interface,
o Routing protocol failure, such as a BGP peer reset,
o Transit provider failure, such as a backbone-wide IGP failure, and
o Exchange failure, such as a BGP reset on an inter-provider
peering.
3.1.2 Load Sharing
By multihoming, an enterprise should be able to distribute both
inbound and outbound traffic between multiple transit providers.
3.1.3 Performance
By multihoming, an enterprise should be able to protect itself from
performance difficulties between transit providers.
For example, suppose enterprise E obtains transit from transit
providers T1 and T2, and there is long-term congestion between T1 and
T2. The multihoming architecture should allow E to ensure that in
normal operation none of its traffic is carried over the congested
interconnection T1-T2.
A multi-homed enterprise must also be able to distribute inbound
traffic particular multiple transit providers according to the
Black, et. al. Expires December 24, 2001 [Page 4]
Internet-Draft IP Multihoming Requirements June 2001
particular network within their enterprise which is sourcing or
sinking the traffic.
3.1.4 Policy
A customer may choose to multihome for a variety of policy reasons
outside technical scope (e.g. cost, acceptable use conditions, etc.)
For example, customer C homed to ISP A may wish to shift traffic of a
certain class or application, NNTP, for example, to ISP B as matter
of policy. A new IPv6 multihoming proposal must provide support for
multihoming for external policy reasons.
3.1.5 Simplicity
As any proposed multihoming solution must be deployed in real
networks with real customers, simplicity is paramount. The current
multihoming solution is quite straightforward to deploy and maintain.
A new IPv6 multihoming proposal must not be substantially more
complex to deploy and operate than current IPv4 multihoming
practices.
3.1.6 Transport-Layer Survivability
Multihoming solutions must provide re-homing transparency for
transport-layer protocols; i.e. exchange of data between devices on
the multi-homed enterprise network and devices elsewhere on the
Internet may proceed with no greater interruption than that
associated with the transient packet loss during the re-homing event.
New transport-layer sessions must also be able to be created
following a re-homing event.
3.2 Additional Requirements
3.2.1 Scalability
Current IPV4 multihoming practices contribute to the significant
growth currently observed in the state held in the global inter-
provider routing system; this is a concern both because of the
hardware requirements it imposes and also because of the impact on
the stability of the routing system. This issue is discussed in
great detail in [9].
A new IPv6 multihoming architecture should scale to accommodate
orders of magnitude more multi-homed enterprises without imposing
unreasonable requirements on the routing system.
Black, et. al. Expires December 24, 2001 [Page 5]
Internet-Draft IP Multihoming Requirements June 2001
3.2.2 Impact on Routers
The solution may require changes to IPv6 router implementations, but
these changes must be either minor, or in the form of logically
separate functions added to existing functions.
Such changes must not prevent normal single-homed operation, and
routers implementing these changes must be able to interoperate fully
with hosts and routers not implementing them.
3.2.3 Impact on Hosts
The solution must not destroy IPv6 connectivity for a legacy host
implementing RFC 2373 [5], RFC 2460 [7], RFC 2553 [8] and other basic
IPv6 specifications current in June 2001. That is to say, if a host
can work in a single-homed site, it must still be able to work in a
multihomed site, even if it cannot benefit from multihoming.
It would be compatible with this requirement for such a host to lose
connectivity if the site's primary ISP connection failed.
If the solution requires changes to the host stack, these changes
must be either minor, or in the form of logically separate functions
added to existing functions.
If the solution requires changes to the socket API and/or the
transport layer, it must be possible to retain the original socket
API and transport protocols in parallel, even if they cannot benefit
from multihoming.
The multi-homing solution should allow host or application changes to
enhance session survivability.
3.2.4 Interaction between Hosts and the Routing System
The solution may involve interaction between a site's hosts and its
routing system; this interaction should be simple, scaleable and
securable.
3.2.5 Operations and Management
It must be posssible to monitor and configure the multihoming system.
Black, et. al. Expires December 24, 2001 [Page 6]
Internet-Draft IP Multihoming Requirements June 2001
4. Security Considerations
Multihoming no doubt offers some attractive opportunites for denial
of service and spoofing attacks. Multihomed sites must be protected
against such attacks at least as well as single-homed sites.
Black, et. al. Expires December 24, 2001 [Page 7]
Internet-Draft IP Multihoming Requirements June 2001
References
[1] Abley, J., Black, B. and V. Gill, "IPv4 Multihoming Motivation,
Practices and Limitations (work-in-progress)", I-D draft-ietf-
multi6-v4-multihoming-00, June 2001,
<http://www.automagic.org/~jabley/draft-ietf-multi6-v4-
multihoming-00.txt>.
[2] Fuller, V., Li, T., Yu, J. and K. Varadhan, "Classless Inter-
Domain Routing (CIDR): an Address Assignment and Aggregation
Strategy", RFC 1519, September 1993.
[3] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G. and E.
Lear, "Address Allocation for Private Internets", RFC 1918,
February 1996.
[4] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March 1997.
[5] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 2373, July 1998.
[6] Hinden, R., O'Dell, M. and S. Deering, "An IPv6 Aggregatable
Global Unicast Address Format", RFC 2374, July 1998.
[7] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6)
Specification", RFC 2460, December 1998.
[8] Gilligan, R., Thomson, S., Bound, J. and W. Stevens, "Basic
Socket Interface Extensions for IPv6", RFC 2553, March 1999.
[9] Huston, G., "Analyzing the Internet's BGP Routing Table",
January 2001.
Authors' Addresses
Benjamin Black
Layer8 Networks
EMail: ben@layer8.net
Black, et. al. Expires December 24, 2001 [Page 8]
Internet-Draft IP Multihoming Requirements June 2001
Vijay Gill
Metromedia Fiber Network Inc.
8075 Leesburg Pike
Suite 300
Vienna, VA 22182
US
Phone: +1 410 262 0660
EMail: vgill@mfnx.net
Joe Abley
Metromedia Fiber Network Inc.
2204 Pembroke Court
Burlington, ON L7P 3X8
Canada
Phone: +1 905 319 9064
EMail: jabley@mfnx.net
Black, et. al. Expires December 24, 2001 [Page 9]
Internet-Draft IP Multihoming Requirements June 2001
Full Copyright Statement
Copyright (C) The Internet Society (2001). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Black, et. al. Expires December 24, 2001 [Page 10]