[11519] in Commercialization & Privatization of the Internet
Re: The whole CIX concept is flawed
daemon@ATHENA.MIT.EDU (Sean Doran)
Tue Apr 5 08:18:30 1994
To: com-priv@psi.com
Cc: karl@mcs.com (Karl Denninger), avg@sprintlink.net (Vadim Antonov)
In-Reply-To: Your message of "Sun, 03 Apr 1994 20:53:43 PDT."
<m0pnfjL-000BcLC@mercury.mcs.com>
Date: Tue, 5 Apr 1994 01:52:49 -0700
From: Sean Doran <smd@cesium.clock.org>
In message <m0pnfjL-000BcLC@mercury.mcs.com>, Karl Denninger writes:
vadim> [CIX] policy technically
vadim> cannot be enforced. Since IP is based on destination-only routing
vadim> decisions if i route to some networks thru CIX i have to route
vadim> packets this way for *all* my customers.
karl> This is simply not true. I can refuse a route for any particular IP number,
karl> and poof -- no transit through me.
The lack of source-based routing policy mechanisms on the Internet is
what Vadim is referring to. Given the lack of source-based routing,
it is impossible now to set up a system whereby packets originating
from MCSNet for some CIX routes (e.g., CERFNet's CIX routes) go to the
CIX, but packets originating from another of his reseller-customers
get to those same routes by another path (like the NSFNet[*]).
However, he can and does set things up so that CERFNet will send
traffic to MCSNet via the CIX, but to non-CIX SPRINTLink routes via
some other transit network (e.g. NSFNet[*]). This is standard
destination-based routing.
The problem is that having a policy mechanism that works only on
packet destination leads one into assymetrical routing. In the case
above, the packets from CERFNet for the non-CIX SPRINTLink reseller
will travel across the NSFNet[*], but the packets from the non-CIX
SPRINTLink reseller to CERFNet will go via the CIX.
Using filters to blackhole traffic is the wrong way to correct this.
In order to enforce a policy that says that traffic in both directions
between A and A' take path a and not path b (and also not path a in
one direction and path b in the other direction, which is the problem
Vadim faces), you need to do routing algebra on source/destination
address pairs. Currently routing is done on destination address only.
The lack of source-based routing for IP is why the D-GIX project
Vadim refers to will need to do policy at a level lower than IP,
in a protocol (probably SMDS) that does have a source/destination
routing policy mechanism in place now.
vadim> As it stands CIX is a perfect example of politics ignoring technical
vadim> laws.
I would agree with this, too, but I'd also say that the politics and
needs of the situation were (and perhaps still are) important enough
to overlook the fact that it can't be done right in order to get it
done at all.
Sean.
[*] argument of the week: what words does one use when talking about
AUP-laden NSF-sponsored traffic that is transiting ANSNet? Will
Ittai tweak my nose for using "NSFNet" to describe that metafabric? ;>
