Presentation is loading. Please wait.

Presentation is loading. Please wait.

Subnetwork Encapsulation and Adaptation Layer (SEAL) Fred L. Templin

Published byHarvey Crawford Modified over 9 years ago

Similar presentations

Presentation on theme: "Subnetwork Encapsulation and Adaptation Layer (SEAL) Fred L. Templin"— Presentation transcript:

1 Subnetwork Encapsulation and Adaptation Layer (SEAL) Fred L. Templin fred.l.templin@boeing.com

2 Tunnels in the Internet Widely used: VPNs, virtual overlays, etc. Virtual link abstraction (tunnel endpoints are neighbors) Traverse “subnetworks” in a single IP hop –examples: Interdomain core, Enterprise networks, MANETs, etc. IP-in-IP Encapsulation –Examples: IPv4/IPv4, IPv4/IPsec/IPv6, IPv6/UDP/IPv4, etc. –Ingress Tunnel Endpoint (ITE) encapsulates –Egress Tunnel Endpoint (ETE) decapsulates Introduce oddities that are not dealt with well in current practices (e.g., MTU reduction, ICMP black holing, etc.)

3 Tunnel Maximum Transmission Unit (MTU) MTU=1KB MTU=2KB MTU=1500 MTU=9KB MTU=4KB MTU=9KB Original Source (MTU=9KB) Final Destination (MRU=1500) High-end Site A Low-end Site B End-to-End Ingress Tunnel Endpoint Egress Tunnel Endpoint Tunnel Subnetwork Marginal Link MTU=??

4 Tunnel MTU Problem Statement Tunnel encapsulation reduces path MTU Path MTU feedback within the tunnel can be lost Unmitigated IP fragmentation is hazardous Hosts in “low-end” sites frequently expect 1500B MTUs Hosts in “high-end” sites frequently want larger MTUs Hosts in all sites expect robust Path MTU discovery

5 SEAL Approach 4Byte encapsulation sublayer with 32 bit SEAL-ID Track MTU w/o classical path MTU discovery Detect and tune out in-the-network IPv4 fragmentation Segmentation to mitigate misconfigured MTUs and marginal links Promotes desired end-state of MTU-robust subnetworks

6 SEAL Encapsulation Outer Headers (IP, UDP/IP, etc.) Payload SEAL Header (4 Bytes) Inner Headers (IP, IP/ESP, etc.) 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ID Extension |A|R|M|RSV| SEG | Next Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ID Extension (16 bits) A – Acknowledgement Requested (1 bit) R – Report Fragmentation (1 bit) M – More Segments (1 bit) RSV – Reserved (2 bits) SEG – Segment number (3 bits) Next Header (8 bits) Extends IP-ID to 32 bits Report Fragmentation mechanism Tunnel segmentation and reassembly Nonce-protected error feedback Compatible with wide variety of tunnels

7 SEAL Operation Ingress Tunnel Endpoint (ITE): –sets reassembly limit ‘R’ (2KB max) –sets initial MTU estimate ‘M’ (e.g., MTU of the outgoing link); reduces ‘M’ based on fragmentation reports –admits packets of size ‘S’ <= M into tunnel with DF=0 –performs SEAL segmentation for packets of size (M < S <= R) –returns ICMP Packet Too Big for packets of size (S > MAX(M, R)) Egress Tunnel Endpoint (ETE): –sets static reassembly limit (exactly 2KB) –reassembles SEAL-segmented packets (*) –reports any IPv4 fragmentation

8 Additional Considerations ITE can use Inner IP fragmentation (destination reassembles): –Isolated large packets with DF=0 get through –Supports recursion for nested tunnels-within-tunnels ITE can cache MTU and return PTBs without wasting tunnel resources ITE can return translated ICMP unreachables All packets are MTU probes – ETE will Report Fragmentation Nonce-protected probe feedback packets of size (S <= R) get through even if there are small MTU links packets of size (R < S) get through only if there are no small MTU links (*) Should ETE have the option to *not* reassemble? –Original source will get < 1500 ICMP PTB –Recursion limits for nested tunnels-within-tunnels

9 Observations  “Unmitigated Fragmentation Considered Harmful”  “Carefully-managed Fragmentation Considered Useful”  In-the-network fragmentation is NOT a misfeature! For more information: http://tools.ietf.org/html/draft-templin-sealhttp://tools.ietf.org/html/draft-templin-seal (specification) http://osprey67.com/sealhttp://osprey67.com/seal (linux source code)

10 BACKUPS

11 Problems with Classical Path MTU Discovery ICMPs may be lost, erroneous, fabricated ICMPs may have insufficient information for relaying ALWAYS drops packets when MTU insufficient In-the-network tunnels may have 1000’s of packets in-flight when a routing change hits an MTU restriction: –all packets are dropped –flood of ICMPs returned to ITR –resources wasted

12 MTU Configuration Knob < 1280: MinMTU underflow < 1400: fragmentation unlikely < 2048: fragmentation managed 2048 – 64KB: best-effort > 64KB: jumbogram 1280 …. 2048

Download ppt "Subnetwork Encapsulation and Adaptation Layer (SEAL) Fred L. Templin"

Similar presentations

TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.

TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
PRIVATE NETWORK INTERCONNECTION (NAT AND VPN) & IPv6

PRIVATE NETWORK INTERCONNECTION (NAT AND VPN) & IPv6
CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.

CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.
20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
IPv4 - The Internet Protocol Version 4

IPv4 - The Internet Protocol Version 4
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
CSE 461: IP/ICMP and the Network Layer. Next Topic  Focus:  How do we build large networks?  Introduction to the Network layer  Internetworks  Service.

CSE 461: IP/ICMP and the Network Layer. Next Topic  Focus:  How do we build large networks?  Introduction to the Network layer  Internetworks  Service.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
1 IP - The Internet Protocol Relates to Lab 2. A module on the Internet Protocol.

1 IP - The Internet Protocol Relates to Lab 2. A module on the Internet Protocol.
CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)

CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)
Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.

Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.
Lesson 4 The IPv6 Header.

Lesson 4 The IPv6 Header.
Network Layer Packet Forwarding IS250 Spring 2010

Network Layer Packet Forwarding IS250 Spring 2010
The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.

The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.
Chapter 5 The Network Layer.

Chapter 5 The Network Layer.
EEC-484/584 Computer Networks Lecture 10 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.

EEC-484/584 Computer Networks Lecture 10 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 ECSE-6961:Internet Protocols Quiz 1: Solutions Time: 60 min (strictly enforced) Points: 50 YOUR.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 ECSE-6961:Internet Protocols Quiz 1: Solutions Time: 60 min (strictly enforced) Points: 50 YOUR.
11- IP Network Layer4-1. Network Layer4-2 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection.

11- IP Network Layer4-1. Network Layer4-2 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection.
Transition Mechanisms for Ipv6 Hosts and Routers RFC2893 By Michael Pfeiffer.

Transition Mechanisms for Ipv6 Hosts and Routers RFC2893 By Michael Pfeiffer.

Similar presentations

Ads by Google