Multihoming: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Howard C. Berkowitz
(transit provider)
mNo edit summary
 
(15 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{PropDel}}<br><br>
{{subpages}}
{{subpages}}
{{TOC|right}}
'''Multihoming''' includes a wide range of networking techniques that allow organizations to connect to internal or external destinations through more than one path.  There are many reasons for using multiple paths, and perhaps more than one instance of a type of networking equiment, but the most common reasons are [[fault tolerance]] and [[traffic engineering]]. <ref name=Berkowitz1999a>{{citation
'''Multihoming''' includes a wide range of networking techniques that allow organizations to connect to internal or external destinations through more than one path.  There are many reasons for using multiple paths, and perhaps more than one instance of a type of networking equiment, but the most common reasons are [[fault tolerance]] and [[traffic engineering]]. <ref name=Berkowitz1999a>{{citation
  | title = To Be Multihomed: Requirements & Definitions
  | title = To Be Multihomed: Requirements & Definitions
  | date = October 1999
  | date = October 1999
  | first = Howard C.| last = Berkowitz
  | author = Howard C. Berkowitz
  | publisher = Internet Engineering Task Force
  | publisher = Internet Engineering Task Force
  | id = draft-berkowitz-multirqmt-02.txt
  | id = draft-berkowitz-multirqmt-02.txt
  | url =http://tools.ietf.org/id/draft-berkowitz-multirqmt-02.txt
  | url =http://tools.ietf.org/id/draft-berkowitz-multirqmt-02.txt
  | comment = public domain individual contribution to professional society}}</ref>
  | comment = public domain individual contribution to professional society}}</ref>


When organizations connect to the Internet, or directly to other organizations using the Internet protocol model, the ever-increasing criticality of their applications means that they cannot tolerate a single point of failure that could isolate them from the outside world. Indeed, the same concerns are present in complex internal networks, especially between different locations of the same enterprise. Multihoming also can describe connectivity
When organizations connect to the Internet, or directly to other organizations using the Internet protocol model, the ever-increasing criticality of their applications means that they cannot tolerate a single point of failure that could isolate them from the outside world. Indeed, the same concerns are present in complex internal networks, especially between different locations of the same enterprise. Multihoming also can describe connectivity
between [[Internet service provider]]s (ISP) and "upstream" [[internet transit provider]]s, which are sometimes called network service providers (NSP).  
between [[Internet service provider]]s (ISP) and "upstream" [[internet transit provider]]s, which are sometimes called network service providers (NSP).  


Often, organizations, including Internet service providers and telephone companies, have multiple external communications, not just for fault tolerance, but for reasonable load distribution. If a company has external connections to the Internet at Tokyo, New York, and London, it makes more sense for traffic from Yokohama to Rome to enter at Tokyo and leave at London. This sort of [[traffic engineering]] not only improves reliability, but makes more cost-effective use of the available paths and improves network performance.
Often, organizations, including Internet service providers and telephone companies, have multiple external communications, not just for fault tolerance, but for reasonable [[load distribution]]. If a company has external connections to the Internet at Tokyo, New York, and London, it makes more sense for traffic from Yokohama to Rome to enter at Tokyo and leave at London. This sort of [[traffic engineering]] not only improves reliability, but makes more cost-effective use of the available paths and improves network performance.


Unfortunately, '''multihoming''' covers a variety of
Unfortunately, '''multihoming''' covers a variety of
Line 50: Line 52:


==Defining the goals==
==Defining the goals==
Requirements tend to be driven by one or more of several major goals for
Requirements tend to be driven by one or more of several major goals for
server availability and performance. Availability goals are realized
server availability and performance. Availability goals are realized
Line 66: Line 67:


=== Analyzing Application Requirements===
=== Analyzing Application Requirements===
Several questions need to be answered in the process of refining goals:
Several questions need to be answered in the process of refining goals:


Line 76: Line 76:


==== Administrative Model ====
==== Administrative Model ====
A key question is: are endpoints predefined in the multihoming process, or will either the client or server end be arbitrary?  The simplest model is an '''[[intranet]]''', where all endpoints are known in advance and under a single administration, as the network of a business or other enterprise. That business may have multiple physical locations, and may choose to interconnect them with physical facilities, or with simulated facilities in the public Internet.
A key question is: are endpoints predefined in the multihoming process, or will either the client or server end be arbitrary?  The simplest model is an '''[[intranet]]''', where all endpoints are known in advance and under a single administration, as the network of a business or other enterprise. That business may have multiple physical locations, and may choose to interconnect them with physical facilities, or with simulated facilities in the public Internet.


This case becomes more complex when most endpoints are indeed inside, but some internal computers need to reach external servers on the public Internet, whose identities are nto known in advance.  
This case becomes more complex when most endpoints are indeed inside, but some internal computers need to reach external servers on the public Internet, whose identities are not known in advance.  


In an '''[[extranet]]''', which is one form of [[business to business]] (B2B) communications, internal computers need to talk both to other internal computers, but also to computers in other enterprises. Those external computers, however, are known in advance, and their administrators can pre-plan security, backup, and other operational matters. Indeed, the complexity may be such that the participants create a company just to run the extranet. For example, the VISA corporation is actually owned by its member banks, but charges service fees to the banks issuing cards and the banks processing card charges. That network, for obvious reasons, is strictly isolated from the public Internet. Even the member banks are restricted; while one bank may need to access the credit card authorization computer in another, that first bank is not authorized to connect, through VISA, to another bank's mortgage loan department.
In an '''extranet''', which is one form of [[business to business]] (B2B) communications, internal computers need to talk both to other internal computers, but also to computers in other enterprises. Those external computers, however, are known in advance, and their administrators can pre-plan security, backup, and other operational matters. Indeed, the complexity may be such that the participants create a company just to run the extranet. For example, the VISA corporation is actually owned by its member banks, but charges service fees to the banks issuing cards and the banks processing card charges. That network, for obvious reasons, is strictly isolated from the public Internet. Even the member banks are restricted; while one bank may need to access the credit card authorization computer in another, that first bank is not authorized to connect, through VISA, to another bank's mortgage loan department.


Another kind of B2B communications might be ''ad hoc'', where, for example, a business needs some parts or equipment, and puts out an open bid to suppliers connected to the Internet.
Another kind of B2B communications might be ''ad hoc'', where, for example, a business needs some parts or equipment, and puts out an open bid to suppliers connected to the Internet.
Line 88: Line 87:


For the case where an arbitrary user searches the Internet for public information servers, there is no prior relationships. Many server administrator will keep a log of access, should the user deliberately cause harm to the server.  
For the case where an arbitrary user searches the Internet for public information servers, there is no prior relationships. Many server administrator will keep a log of access, should the user deliberately cause harm to the server.  
==== Server function availability====
==== Server function availability====
The first goal involves well-defined applications that appear to run on a well-known server name visible on the Internet. There are two broad class of applications: those that are essentially read-only or have other [[idempotent]] features such that the same result will be produced if the server receives one, or many, copies of the same transaction.  It is easiest to multihome to servers of this type. <ref name=>{{citation
The first goal involves well-defined applications that appear to run on a well-known server name visible on the Internet. There are two broad class of applications: those that are essentially read-only or have other [[idempotent]] features such that the same result will be produced if the server receives one, or many, copies of the same transaction.  It is easiest to multihome to servers of this type. <ref name=>{{citation
Line 118: Line 118:
space.
space.


===== General Internet connectivity from the enterprise=====
=====Connectivity to the public Internet=====
 
The second is high availability of general Internet connectivity for
The second is high availability of general Internet connectivity for
arbitrary enterprise users to the outside. This will be called
arbitrary enterprise users to the outside. This will be called
Line 132: Line 131:
address to public space.
address to public space.


===== Use of Internet services to interconnect "intranet" enterprise campuses =====
=====Intranet over tunnels=====
 
The third involves the growing number of situations where contracted IP
The third involves the growing number of situations where contracted IP
services are used to interconnect parts of an enterprise with [[virtual private network]]s. This will usually involve dedicated or
services are used to interconnect parts of an enterprise with [[virtual private network]]s. This will usually involve dedicated or
virtual circuits, or some sort of tunneling mechanisms.
virtual circuits, or some sort of [[tunneling mechanism]]s.


Beyond general internal campus multihoming, VPN intranet multihoming is concerned with multiple paths for the VPN tunnels that interconnect the campuses.
Beyond general internal campus multihoming, VPN intranet multihoming is concerned with multiple paths for the VPN tunnels that interconnect the campuses.


===== Use of Internet services to connect to [[extranet]] partners=====
=====Extranet connectivity=====
 
A fourth category involves use of the Internet to connect with strategic
A fourth category involves use of the Internet to connect with strategic
partners. True, this does deal with endpoints, but the emphasis is
partners. True, this does deal with endpoints, but the emphasis is
Line 156: Line 153:
Addresses need to be unique in the different enterprises, but do not need to
Addresses need to be unique in the different enterprises, but do not need to
be unique in the global Internet.
be unique in the global Internet.
==== Security Model====
==== Security Model====
Security requirements can include various cryptographic schemes, as well as
Security requirements can include various cryptographic schemes, as well as
Line 163: Line 161:
trusted gateway. Such gateways can be routers or multiported application
trusted gateway. Such gateways can be routers or multiported application
servers.
servers.
==== Addressing Refinements and Issues ====
==== Addressing Refinements and Issues ====
 
At one time, addressing management might have been treated. With today's issue of conserving [[IPv4]] address space, possibly by using [[private address space]] reached through [[network address translators]], and, even more, the transition to [[IPv6]], this can no longer be put aside.  Even with IPv4, changing ISPs, as well as mergers and acquisition of companies with separate networks, may require renumbering. <ref name=RFC2071> {{citation
At one time, addressing management might have been treated. With today's issue of conserving [[IPv4]] address space, possibly by using [[private address space]] reached through [[network address translators]], and, even more, the transition to [[IPv6]], this can no longer be put aside.  Even with IPv4, changing ISPs, as well as mergers and acquistion of companies with separate networks, may require renumbering. <ref name=RFC2071> {{citation
  | author = Ferguson, P., and H. Berkowitz
  | author = Ferguson, P., and H. Berkowitz
  | title=Network Renumbering Overview: Why would I want it and what is it anyway?
  | title=Network Renumbering Overview: Why would I want it and what is it anyway?
Line 212: Line 210:


==== Scope of multihoming ====
==== Scope of multihoming ====
Multihoming may be defined between an end host and a router or application
Multihoming may be defined between an end host and a router or application
gateway, on an end-to-end basis possibly involving virtual servers, among
gateway, on an end-to-end basis possibly involving virtual servers, among
Line 219: Line 216:


=== Application Goals ===
=== Application Goals ===
These goals need to be agreed to by the people or organization responsible
These goals need to be agreed to by the people or organization responsible
for the applications. Not to reach fairly formal agreement here can lead to
for the applications. Not to reach fairly formal agreement here can lead to
Line 233: Line 229:
performance, such as throughput or response time. Ideas here extend the
performance, such as throughput or response time. Ideas here extend the
performance-based model to include availability.
performance-based model to include availability.
== Planning and Budgeting ==
== Planning and Budgeting ==
In each of these scenarios, organization managers need to assign some
In each of these scenarios, organization managers need to assign some
economic cost to outages. Typically, there will be an incident cost and
economic cost to outages. Typically, there will be an incident cost and
Line 249: Line 245:


Operational costs obviously include the costs of redundant mechanisms
Operational costs obviously include the costs of redundant mechanisms
(i.e., the addititional multihomed paths), but also the incremental
(i.e., the additional multihomed paths), but also the incremental
costs of personnel to administer the more complex mechanisms -- their
costs of personnel to administer the more complex mechanisms -- their
training and salaries.
training and salaries.


== Issues ==
== Issues ==
=== Performance vs. Robustness: the Cache Conundrum ===
=== Performance vs. Robustness: the Cache Conundrum ===
Goals of many forms of "multi-homing" conflict with goals of improving
Goals of many forms of "multi-homing" conflict with goals of improving
local performance. For example, DNS queries normally are cached in DNS
local performance. For example, DNS queries normally are cached in DNS
Line 269: Line 263:


=== Service Level Agreements ===
=== Service Level Agreements ===
Enterprise networks, especially mainframe-based, are accustomed to building
Enterprise networks, especially mainframe-based, are accustomed to building
and enforcing service level agreements for application performance. A key to
and enforcing service level agreements for application performance. A key to
Line 290: Line 283:


=== Security ===
=== Security ===
ISPs may be reluctant to let user routing advertisements or DNS zone
ISPs may be reluctant to let user routing advertisements or DNS zone
information flow directly into their routing or naming systems. Users
information flow directly into their routing or naming systems. Users
Line 318: Line 310:


=== Load Balancing vs. Load Sharing ===
=== Load Balancing vs. Load Sharing ===
These terms are often interchanged, but they really mean different things.
These terms are often interchanged, but they really mean different things.
Load balancing is deterministic, and at a finer level of control than load
Load balancing is deterministic, and at a finer level of control than load
Line 328: Line 319:


Paul Ferguson defines load-balancing as "a true "50/50"
Paul Ferguson defines load-balancing as "a true "50/50"
sharing of equal paths.<ref>Ferguson, P., "Re: Comments on "What is a VPN?"" Message to
sharing of equal paths.<ref>Ferguson, P., "Re: Comments on "What is a VPN?" Message to
IETF VPN mailing list, 08 Mar 1998 19:52:29</ref> This can be done by either
IETF VPN mailing list, 08 Mar 1998 19:52:29</ref> This can be done by either
*round robin per-packet transmission
*round robin per-packet transmission
*binding pipes at the lower layers such that bits
*binding pipes at the lower layers such that bits are either 'bit-striped' across all parallel paths (e.g., [[IEEE 802.3ad]])
are either 'bit-striped' across all parallel paths (like the
*binding pipes so that SAR functions are done in a method such as [[multilink PPP]].
etherchannel stuff)
*binding pipes so that SAR functions are done in
a method such as multilink PPP.


These are fundamentally the same." Rather than classic per-packet round-robin, however, today's technology would distribute, using a round-robin model in the absence of explicit traffic engineering, source-destination pairs among the paths.
These are fundamentally the same." Rather than classic per-packet round-robin, however, today's technology would distribute, using a round-robin model in the absence of explicit traffic engineering, source-destination pairs among the paths.
Line 346: Line 334:


=== Application Compatibility ===
=== Application Compatibility ===
Some deployment mechanisms involve network address, or network address and
Some deployment mechanisms involve network address, or network address and
TCP/UDP port, translation (NAT and NAPT). If the application protocols embed
TCP/UDP port, translation (NAT and NAPT). If the application protocols embed
Line 385: Line 372:
  | date =August 2003.
  | date =August 2003.
  | url = http://www.ietf.org/rfc/rfc3582.txt
  | url = http://www.ietf.org/rfc/rfc3582.txt
  | publisher = Internet Engineering Task Force}}</ref> [[liveness protocol]]s with [[quasi-static routing]], [[BGP multihoming]], [[network address translation]], [[resilient packet ring]]
  | publisher = Internet Engineering Task Force}}</ref> [[liveness protocol]]s with [[quasi-static routing]], [[BGP multihoming]], [[network address translation]], [[resilient packet ring]], [[Virtual Router Redundancy Protocol]]
|-
|-
| "Sub-IP"
| "Sub-IP"
Line 407: Line 394:


==References ==
==References ==
{{reflist|2}}
{{reflist|2}}[[Category:Suggestion Bot Tag]]

Latest revision as of 16:01, 21 September 2024

This article may be deleted soon.
To oppose or discuss a nomination, please go to CZ:Proposed for deletion and follow the instructions.

For the monthly nomination lists, see
Category:Articles for deletion.


This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

Multihoming includes a wide range of networking techniques that allow organizations to connect to internal or external destinations through more than one path. There are many reasons for using multiple paths, and perhaps more than one instance of a type of networking equiment, but the most common reasons are fault tolerance and traffic engineering. [1]

When organizations connect to the Internet, or directly to other organizations using the Internet protocol model, the ever-increasing criticality of their applications means that they cannot tolerate a single point of failure that could isolate them from the outside world. Indeed, the same concerns are present in complex internal networks, especially between different locations of the same enterprise. Multihoming also can describe connectivity between Internet service providers (ISP) and "upstream" internet transit providers, which are sometimes called network service providers (NSP).

Often, organizations, including Internet service providers and telephone companies, have multiple external communications, not just for fault tolerance, but for reasonable load distribution. If a company has external connections to the Internet at Tokyo, New York, and London, it makes more sense for traffic from Yokohama to Rome to enter at Tokyo and leave at London. This sort of traffic engineering not only improves reliability, but makes more cost-effective use of the available paths and improves network performance.

Unfortunately, multihoming covers a variety of mechanisms, including naming/directory services, routing, and physical connectivity. The "home" may be identified by a Domain Name Service (DNS) name, an address from Internet Protocol version 4 or Internet Protocol version 6, a combination of IP address and transmission control protocol "port number", or combinations of these and other techniques. To keep the general term "multihoming" in an appropriately broad context, do not immediately think in terms of the mechanism(s) used for connectivity, but the requirement to have multiple ways to reach a "home" destination.

Such a requirement may have aspects of availability, quality of service, routing policy, capacity, network security, and all these and other factors may combine. Another real-world constraint will be the skill levels of the people that will operate the multihomed system.

Several terms have become overloaded to the point of confusion, including multihoming, virtual private networks, and load balancing. This document attempts to bring some order to the definition of multihoming. It partially overlaps definitions of virtual private networks.

Special applications for multihomed connectivity and its variants

There are other motivations for complex connectivity from enterprises to the Internet. Mergers and acquisitions, where the joined enterprises each had their own Internet access, often mean complex connectivity, at least for a transition period. Consolidation of separate divisional networks also creates this situation. A frequent case arises when a large enterprise decides that Internet access should be available corporate-wide, but their research labs have had Internet access for years -- and it works, as opposed to the new corporate connection that at best is untried.

Many discussions of multihoming focus on the details of implementation, using such techniques as the Border Gateway Protocol (BGP) [RFC number of the Applicability Statement], multiple DNS entries for a server, etc. This document suggests that it is wise to look systematically at the requirements before selecting a means of resilient connectivity.

One implementation technique is not appropriate for all requirements. There are special issues in implementing solutions in the general Internet, because poor implementations can jeopardize the proper function of global routing or DNS. An incorrect BGP route advertisement injected into the global routing system is a problem whether it originates in an ISP or in an enterprise.

Defining the goals

Requirements tend to be driven by one or more of several major goals for server availability and performance. Availability goals are realized with resiliency mechanisms, to avoid user-perceived failures from single failures in servers, routing systems, or media. Performance goals are realized by mechanisms that distribute the workload among multiple machines such that the load is distributed in an useful manner. Like multi-homing, the terms load-balancing and load-sharing have many definitions.

In defining requirements, the servers themselves may either share or balance the load, there may be load-sharing or load-balancing routing paths to them, or the routed traffic may be carried over load-shared or load-balanced media.

Analyzing Application Requirements

Several questions need to be answered in the process of refining goals:

  • the administrative model and administrative awareness of endpoints
  • availability requirements
  • the security model
  • addressing requirements
  • scope of multihoming

Administrative Model

A key question is: are endpoints predefined in the multihoming process, or will either the client or server end be arbitrary? The simplest model is an intranet, where all endpoints are known in advance and under a single administration, as the network of a business or other enterprise. That business may have multiple physical locations, and may choose to interconnect them with physical facilities, or with simulated facilities in the public Internet.

This case becomes more complex when most endpoints are indeed inside, but some internal computers need to reach external servers on the public Internet, whose identities are not known in advance.

In an extranet, which is one form of business to business (B2B) communications, internal computers need to talk both to other internal computers, but also to computers in other enterprises. Those external computers, however, are known in advance, and their administrators can pre-plan security, backup, and other operational matters. Indeed, the complexity may be such that the participants create a company just to run the extranet. For example, the VISA corporation is actually owned by its member banks, but charges service fees to the banks issuing cards and the banks processing card charges. That network, for obvious reasons, is strictly isolated from the public Internet. Even the member banks are restricted; while one bank may need to access the credit card authorization computer in another, that first bank is not authorized to connect, through VISA, to another bank's mortgage loan department.

Another kind of B2B communications might be ad hoc, where, for example, a business needs some parts or equipment, and puts out an open bid to suppliers connected to the Internet.

In business-to-consumer (B2C) communications, again, there are the two cases of all endpoints being known in advance. If one is to be an author or editor on Citizendium, for example, the "consumer" author and the "business" Citizendium, before creating or modifying articles, one must go through the administrative process of creating an account and a login identifier.

For the case where an arbitrary user searches the Internet for public information servers, there is no prior relationships. Many server administrator will keep a log of access, should the user deliberately cause harm to the server.

Server function availability

The first goal involves well-defined applications that appear to run on a well-known server name visible on the Internet. There are two broad class of applications: those that are essentially read-only or have other idempotent features such that the same result will be produced if the server receives one, or many, copies of the same transaction. It is easiest to multihome to servers of this type. [2]

Other kinds of servers (e.g., a bank account from which one withdraws), may not exhibit the same behavior if they get multiple copies of a request. An application still may make this idempotent, by remembering when a particular request has run and ignoring additional copies.

As long as the server function either uses read-only data, or has mechanisms that keep databases synchronized, the individual transactions can run on different server instances. run on specific servers visible to the Internet at large. This will be termed "endpoint multihoming", emphasizing the need for resilience of connectivity to well-defined endpoints. Solutions here often involve extensions of FNS servers, where a server has knowledge of current workload or other factors to let it choose among several physical server addresses to return to a client request. For example, en.citizendium.com is a name known to the world, but the functions provided may actually be available on the servers with the relative names en1, en2, and en3. An enhanced DNS server, doing "round robin" traffic engineering, might send the address of en3 back only for every third request.

Should any of the three servers go down, however, the DNS server can spread the load over the two remaining servers, as a form of application multihoming.

From an application standpoint, this is either a many-to-one topology, many clients to one server, or a many-to-many topology when multiple servers are involved. It can be worthwhile to consider a many-to-few case, when the few are multiple instances of a server function, which may appear as a single server to the general Internet. The idea of many-to-few topology allows for a local optimization of inter-server communications, without affecting the global many-to-one model.

Addresses on interfaces that connect to the general Internet need to be unique in the global Internet routing system, although they may be translated, at the network address or port level, from public to internal space.

Connectivity to the public Internet

The second is high availability of general Internet connectivity for arbitrary enterprise users to the outside. This will be called "internetwork multihoming". Solutions here tend to involve routing mechanisms.

This can be viewed as a few-to-many application topology.

Addresses on interfaces that connect to the general Internet need to be unique in the global Internet routing system, although they may be translated, at the network address or port level, from internal private address to public space.

Intranet over tunnels

The third involves the growing number of situations where contracted IP services are used to interconnect parts of an enterprise with virtual private networks. This will usually involve dedicated or virtual circuits, or some sort of tunneling mechanisms.

Beyond general internal campus multihoming, VPN intranet multihoming is concerned with multiple paths for the VPN tunnels that interconnect the campuses.

Extranet connectivity

A fourth category involves use of the Internet to connect with strategic partners. True, this does deal with endpoints, but the emphasis is different than the first case. In the first case, the emphasis is on connectivity from arbitrary points outside the enterprise to points within it. This second case deals with pairs of well-known endpoints.

These endpoints may be linked with dedicated or virtual circuits defined at the physical or data link layer. Tunneling or other virtual private networks may be relevant here as well. There will be coordination issues that do not exist for the third case, where all resources are under common control.

Addresses need to be unique in the different enterprises, but do not need to be unique in the global Internet.

Security Model

Security requirements can include various cryptographic schemes, as well as mechanisms to hinder denial of service attacks. The requirements analyst must determine whether cryptography is needed, and, if so, whether cryptographic trust must be between end hosts or between end hosts and a trusted gateway. Such gateways can be routers or multiported application servers.

Addressing Refinements and Issues

At one time, addressing management might have been treated. With today's issue of conserving IPv4 address space, possibly by using private address space reached through network address translators, and, even more, the transition to IPv6, this can no longer be put aside. Even with IPv4, changing ISPs, as well as mergers and acquisition of companies with separate networks, may require renumbering. [3]

Not all application protocols are unaware of the underlying addressing. Network address translation can break some application protocols, such as File Transfer Protocol, if the translation does not go beyond the network addresses and into translation in the application protocol messages.

There also may be administrative requirements for addressing, such as a service provider that contracts to run a multinet may require addresses to be registered, possibly from the provider's address space.

Consideration also needs to be given to application caches in addition to DNS caches. Firewall proxy servers are a good example where multiple addresses associated with a given destination may not be supported.

Network Address Translation (NAT) is a widespread technique undergoing significant enhancement in the NAT Working Group. The traditional approached either did a one-to-one translation from inside to outside address, or a many-to-one mapping from a large number of addresses on one side to a much smaller number of addresses (with a larger number ot TCP/UDP ports). The traditional approaches, in practice, include:

Addressing and access cases
Inside Outside
Private address space, static or long-term assignments Public Internet space allocated to an ISP
Private address space, static or long-term assignments Extranet space, either private or managed by the Extranet operator
Public address space, provider assigned (PA) Public Internet space allocated to an ISP
Public address space, provider independent (PI) Public Internet space allocated to an ISP

More powerful translation technologies such as Load-Sharing NAT [RFC2391]or Address Layer Gateways (ALG) [RFC2663] may be needed.

Scope of multihoming

Multihoming may be defined between an end host and a router or application gateway, on an end-to-end basis possibly involving virtual servers, among routers, or among elements in a transmission system. Different multihoming scopes may support the same application requirement.

Application Goals

These goals need to be agreed to by the people or organization responsible for the applications. Not to reach fairly formal agreement here can lead to problems of inappropriate expectations.

At the application layer, there will be expectations of connectivity. Not all applications will operate through classical NAT devices. Application designers should proceed on two fronts: following NAT-friendly application design principles [Senie 1999a] and being aware of potential application protocol interactions with NAT technologies [Holdredge 1999a].

The term "service level agreement" often refers to expectations of performance, such as throughput or response time. Ideas here extend the performance-based model to include availability.

Planning and Budgeting

In each of these scenarios, organization managers need to assign some economic cost to outages. Typically, there will be an incident cost and an incremental cost based on the length or scope of the connectivity loss.

Ideally, this cost is then weighted by the probability of outage.

A weighted exposure cost results when the outage cost is multiplied by the probability of the outage.

Resiliency measures modify the probability, but increase the cost of operation.

Operational costs obviously include the costs of redundant mechanisms (i.e., the additional multihomed paths), but also the incremental costs of personnel to administer the more complex mechanisms -- their training and salaries.

Issues

Performance vs. Robustness: the Cache Conundrum

Goals of many forms of "multi-homing" conflict with goals of improving local performance. For example, DNS queries normally are cached in DNS servers, and in the requesting host. From the performance standpoint, this is a perfectly reasonable thing to do, reducing the need to send out queries.

From the multihoming standpoint, it is far less desirable, as application-level multihoming may be based on rapid changes of the DNS master files. The binding of a given IP address to a DNS name can change rapidly.

Service Level Agreements

Enterprise networks, especially mainframe-based, are accustomed to building and enforcing service level agreements for application performance. A key to being able to do this is total control of the end-to-end communications path.

In the current Internet, the enterprise(s) at one or both ends control their local environments, and have contractual control over connections to their direct service providers.

If service level control is a requirement, and both ends of the path are not under control, the general Internet cannot now provide service level guarantees. The need for control should be reexamined, and, if it still exists, the underlying structure will need to be dedicated resources at the network layer or below. A network service provider may be able to engineer this so that some facilities are shared to reduce cost, but the sharing is planned and controlled. Contracting for virtual private networks is one way to have the provider take responsibility for delivering the guaranteed service level in a multihomed network.

The acid test for multihoming is whether or not it delivers the required availability and performance. Sometimes, there are demands for unnecessary features. For example, consider an enterprise that has two points of connection to a service provider. If a request to some external server goes out the first connection, but the reply comes back on the second connection, as long as the required performance is met, the asymmetrical routing observed is not relevant to the objective and needs to be accepted as simply how the network behaves

Security

ISPs may be reluctant to let user routing advertisements or DNS zone information flow directly into their routing or naming systems. Users should understand that BGP is not intended to be a plug-and-play mechanism; manual configuration often is considered an important part of maintaining integrity. Supplemental mechanisms may be used for additional control, such as registering policies in a routing registry[4] or using egress/ingress filtering.[5]

Challenges may arise when client security mechanisms interact with fault tolerance mechanisms associated with servers. For example, if a server address changes to that of a backup server, a stateful packet screening firewall might not accept a valid return. Similarly, unless servers back one another up in a full mirroring mode, if one end of a TCP-based application connection fails, the user will need to reconnect. As long as another server is ready to accept that connection, there may not be major user impact, and the goal of high availability is realized. High availability and user transparent high availability are not synonymous.

Load Balancing vs. Load Sharing

These terms are often interchanged, but they really mean different things. Load balancing is deterministic, and at a finer level of control than load sharing, which is statistical. Load balancing is generally not something that can be realized in general Internet routing, other than in special and local cases between adjacent AS. A degree of load sharing is achievable in routing, but it may introduce significant resource demands and operational complexity.

Paul Ferguson defines load-balancing as "a true "50/50" sharing of equal paths.[6] This can be done by either

  • round robin per-packet transmission
  • binding pipes at the lower layers such that bits are either 'bit-striped' across all parallel paths (e.g., IEEE 802.3ad)
  • binding pipes so that SAR functions are done in a method such as multilink PPP.

These are fundamentally the same." Rather than classic per-packet round-robin, however, today's technology would distribute, using a round-robin model in the absence of explicit traffic engineering, source-destination pairs among the paths.

"Load-sharing is quite different. It simply implies that no link is sitting idle -- that at least all links get utilized in some fashion. Usually in closest exit routing. The equity of utilization may be massively skewed. It may also resemble something along the lines of 60/40, which is reasonable."

Application Compatibility

Some deployment mechanisms involve network address, or network address and TCP/UDP port, translation (NAT and NAPT). If the application protocols embed IP addresses in their protocol fields, NAT or NAPT may cause protocol failures. Translation mechanisms for such cases may require knowledge of the application protocol, as typified by application proxies in firewalls, or in application gateways with multiple interfaces.

Technologies

Protocol family Representative mechanisms
Application DNS load balancing,[7] application redirection
End-to-end Transaction load distribution, tunnels
Internetwork Interior routing multihoming,[8][9] liveness protocols with quasi-static routing, BGP multihoming, network address translation, resilient packet ring, Virtual Router Redundancy Protocol
"Sub-IP" MPLS failover[10]
Data link Multilink PPP, IEEE 802.3 link aggregation
Physical Autodial
Transmission media SONET/SDH

References

  1. Howard C. Berkowitz (October 1999), To Be Multihomed: Requirements & Definitions, Internet Engineering Task Force, draft-berkowitz-multirqmt-02.txt
  2. Fielding R., et al., 9.1 Safe and Idempotent Methods, Hypertext Transfer Protocol -- HTTP/1.1, Internet Engineering Task Force, RFC2616
  3. Ferguson, P., and H. Berkowitz (January 1997), Network Renumbering Overview: Why would I want it and what is it anyway?, RFC 2071
  4. Alaettinoglu, C. et al. (January 1998.), Routing Policy Specification Language (RPSL), RFC2280
  5. Ferguson, P. & D. Senie (May 2000), Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, RFC2827 & BCP 38
  6. Ferguson, P., "Re: Comments on "What is a VPN?" Message to IETF VPN mailing list, 08 Mar 1998 19:52:29
  7. T. Brisco (April 1995), DNS Support for Load Balancing, Internet Engineering Task Force, RFC1794
  8. J. Abley, K. Lindqvist, E. Davies, B. Black, V. Gill (July 2005), IPv4 Multihoming Practices and Limitations, Internet Engineering Task Force, RFC4116
  9. J. Abley, B. Black, V. Gill (August 2003.), Goals for IPv6 Site-Multihoming Architectures, Internet Engineering Task Force, RFC3582
  10. V. Sharma, , F. Hellstrand, Ed., ed. (February 2003), Framework for Multi-Protocol Label Switching (MPLS)-based Recovery., Internet Engineering Task Force, RFC3469