分享
 
 
 

RFC911 - EGP Gateway under Berkeley UNIX 4.2

王朝system·作者佚名  2008-05-31
窄屏简体版  字體: |||超大  

Network Working Group

Request for Comments: 911

EGP GATEWAY UNDER BERKELEY UNIX 4.2

PAUL KIRTON

University of Southern California, Information Sciences Institute

Visiting Research Fellow from Telecom Australia Research Laboratories

22 August 1984

ABSTRACT

This report describes an implementation of the Exterior Gateway Protocol that

runs under the Unix 4.2 BSD operating system. Some issues related to local

network configurations are also discussed.

Status of this Memo:

This memo describes an implementation of the Exterior Gateway Protocol (EGP)

(in that sense it is a status report). The memo also discusses some possible

extentions and some design issues (in that sense it is an invitation for

further discussion). Distribution of this memo is unlimited.

Funding for this research was provided by DARPA and Telecom Australia.

RFC911 i

Table of Contents

1. INTRODUCTION 1

1.1 Motivation for Development 1

1.2 Overview of EGP 2

2. GATEWAY DESIGN 4

2.1 Routing Tables 4

2.1.1 Incoming Updates 5

2.1.2 Outgoing Updates 5

2.2 Neighbor Acquisition 6

2.3 Hello and Poll Intervals 6

2.4 Neighbor Cease 7

2.5 Neighbor Reachability 7

2.6 Sequence Numbers 8

2.7 Treatment of Excess Commands 8

2.8 Inappropriate Messages 8

2.9 Default Gateway 9

3. TESTING 10

4. FUTURE ENHANCEMENTS 11

4.1 Multiple Autonomous Systems 11

4.2 Interface Monitoring 11

4.3 Network Level Status Information 11

4.4 Interior Gateway Protocol Interface 12

5. TOPOLOGY ISSUES 13

5.1 Topology Restrictions and Routing Loops 13

5.1.1 Background 13

5.1.2 Current Policy 14

5.2 Present ISI Configuration 15

5.2.1 EGP Across ARPANET 17

5.2.2 EGP Across ISI-NET 17

5.2.3 Potential Routing Loop 18

5.3 Possible Future Configuration 18

5.3.1 Gateway to UCI-ICS 18

5.3.2 Dynamic Switch to Backup Gateway 19

5.3.2.1 Usual Operation 19

5.3.2.2 Host Initialization 19

5.3.2.3 When Both the Primary and Backup are Down 20

5.3.2.4 Unix 4.2 BSD 20

6. ACKNOWLEDGEMENT 21

7. REFERENCES 22

RFC911 1

1. INTRODUCTION

The Exterior Gateway Protocol (EGP) [Rosen 82; Seamonson & Rosen 84; Mills 84a]

has been specified to allow autonomous development of different gateway systems

while still maintaining global distribution of internet routing information.

EGP provides a means for different autonomous gateway systems to exchange

information about the networks that are reachable via them.

This report mainly describes an implementation of EGP that runs as a user

* **

process under the Berkeley Unix 4.2 operating system run on a VAX computer.

Some related issues concerning local autonomous system configurations are also

discussed.

The EGP implementation is eXPerimental and is not a part of Unix 4.2 BSD. It is

anticipated that Berkeley will incorporate a version of EGP in the future.

The program is written in C. The EGP part is based on the C-Gateway code

written by Liza Martin at MIT and the route management part is based on Unix

4.2 BSD route management daemon, "routed".

The EGP functions are consistent with the specification of [Mills 84a] except

where noted.

A knowledge of EGP as described in [Seamonson & Rosen 84; Mills 84a] is

assumed.

This chapter discusses the motivation for the project, Chapter 2 describes the

gateway design, Chapter 3 is on testing, Chapter 4 suggests some enhancements

and Chapter 5 discusses topology issues.

Further information about running the EGP program and describing the software

is being published in an ISI Research Report ISI/RR-84-145 [Kirton 84].

Requests for documentation and copies of the EGP program should be sent to

Joyce Reynolds (JKReynolds@USC-ISIF.ARPA). Software support is not provided.

1.1 Motivation for Development

With the introduction of EGP, the internet gateways will be divided into a

"core" autonomous system (AS) of gateways maintained by Bolt, Beranek and

Newman (BBN) and many "stub" AS's that are maintained by different

organizations and have at least one network in common with a core AS gateway.

The core AS will act as a hub for passing on routing information between

_______________

*

Unix is a trade mark of AT&T

**

VAX is a trade mark of Digital Equipment Corporation

RFC911 2

different stub AS's so that it will only be necessary for stub AS's to conduct

EGP with a core gateway. Further detail is given in [Rosen 82].

At the time of this project there were 28 "non-routing" gateways in the

internet. Non-routing gateways did not exchange routing information but

required static entries in the core gateway routing tables. Since August 1,

1984 these static entries have been eliminated and previously non-routing

gateways are required to communicate this information to the core gateways

dynamically via EGP [Postel 84].

At the USC Information Sciences Institute (ISI) there was a non-routing gateway

to the University of California at Irvine network (UCI-ICS). With the

elimination of non-routing gateways from the core gateway tables it is

necessary to inform the core ISI gateway of the route to UCI-ICS using EGP.

Also, we would like a backup gateway between ISI-NET and the ARPANET in case

the core ISI gateway is down. Such, a gateway would need to convey routing

information via EGP. Details of the ISI network configuration are discussed in

Section 5.2.

Of the 28 non-routing gateways 23 were implemented by Unix systems, including

ISI's. Also, ISI's proposed backup gateway was a Unix system. Thus there was a

local and general need for an EGP implementation to run under Unix. The current

version of Unix that included Department of Defense (DoD) protocols was

Berkeley Unix 4.2 so this was selected.

1.2 Overview of EGP

This report assumes a knowledge of EGP, however a brief overview is given here

for completeness. For further details refer to [Rosen 82] for the background to

EGP, [Seamonson & Rosen 84] for an informal description, and [Mills 84a] for a

more formal specification and implementation details.

EGP is generally conducted between gateways in different AS's that share a

common network, that is, neighbor gateways.

EGP consists of three procedures, neighbor acquisition, neighbor reachability

and network reachability.

Neighbor acquisition is a two way handshake in which gateways agree to conduct

EGP by exchanging Request and Confirm messages which include the minimum Hello

and Poll intervals. Acquisition is terminated by exchanging Cease and

Cease-ack messages.

Neighbor reachability is a periodic exchange of Hello commands and I-H-U (I

heard you) responses to ensure that each gateway is up. Currently a 30 second

minimum interval is used across ARPANET. Only one gateway need send commands as

the other can use them to determine reachability. A gateway sending

reachability commands is said to be in the active mode, while a gateway that

just responds is in the passive mode.

RFC911 3

Network reachability is determined by periodically sending Poll commands and

receiving Update responses which indicate the networks reachable via one or

more gateways on the shared network. Currently 2 minute minimum interval is

used across ARPANET.

RFC911 4

2. GATEWAY DESIGN

EGP is a polling protocol with loose timing constraints. Thus the only gateway

function requiring good performance is packet forwarding. Unix 4.2 already has

packet forwarding built into the kernel where best performance can be achieved.

At the time of writing Unix 4.2 did not send ICMP (Internet Control Message

Protocol) redirect messages for misrouted packets. This is a requirement of

internet gateways and will later be added by Berkeley.

The EGP and route update functions are implemented as a user process. This

facilitates development and distribution as only minor changes need to be made

to the Unix kernel. This is a similar approach to the Unix route distribution

program "routed" [Berkeley 83] which is based on the Xerox NS Routing

Information Protocol [Xerox 81].

2.1 Routing Tables

A route consists of a destination network number, the address of the next

gateway to use on a directly connected network, and a metric giving the

distance in gateway hops to the destination network.

There are two sets of routing tables, the kernel tables (used for packet

forwarding) and the EGP process tables. The kernel has separate tables for host

and network destinations. The EGP process only maintains the network routing

tables. The EGP tables are updated when EGP Update messages are received. When

a route is changed the kernel network tables are updated via the SIOCADDRT and

SIOCDELRT ioctl system calls. At initialization the kernel network routing

tables are read via the kernel memory image file, /dev/kmem, and copied into

the EGP tables for consistency.

This EGP implementation is designed to run on a gateway that is also a host.

Because of the relatively slow polling to oBTain route updates it is possible

that the host may receive notification of routing changes via ICMP redirects

before the EGP process is notified via EGP. Redirects update the kernel tables

directly. The EGP process listens for redirect messages on a raw socket and

updates its routing tables to keep them consistent with the kernel.

The EGP process routing tables are maintained as two separate tables, one for

exterior routes (via different AS gateways) and one for interior routes (via

the gateways of this AS). The exterior routing table is updated by EGP Update

messages. The interior routing table is currently static and is set at

initialization time. It includes all directly attached nets, determined by the

SIOCGIFCONF ioctl system call and any interior non-routing gateways read from

the EGP initialization file, EGPINITFILE. The interior routing table could in

future be updated dynamically by an Interior Gateway Protocol (IGP).

Maintaining separate tables for exterior and interior routing facilitates the

preparation of outgoing Update messages which only contain interior routing

information [Mills 84b]. It also permits alternative external routes to the

internal routes to be saved as a backup in case an interior route fails.

Alternate routes are flagged, RTS_NOTINSTALL, to indicate that the kernel

RFC911 5

routes should not be updated. In the current implementation alternate routes

are not used.

2.1.1 Incoming Updates

EGP Updates are used to update the exterior routing table if one of the

following is satisfied:

- No routing table entry exists for the destination network and the

metric indicates the route is reachable (< 255).

- The advised gateway is the same as the current route.

- The advised distance metric is less than the current metric.

- The current route is older (plus a margin) than the maximum poll

interval for all acquired EGP neighbors. That is, the route was

omitted from the last Update.

If any exterior route entry, except the default route, is not updated by EGP

within 4 minutes or 3 times the maximum poll interval, whichever is the

greater, it is deleted.

If there is more than one acquired EGP neighbor, the Update messages received

from each are treated the same way in the order they are received.

In the worst case, when a route is changed to a longer route and the old route

is not first notified as unreachable, it could take two poll intervals to

update a route. With the current poll interval this could be 4 minutes. Under

Unix 4.2 BSD TCP connections (Transmission Control Protocol) are closed

automatically after they are idle for 6 minutes. So this worst case will not

result in the automatic closure of TCP connections.

2.1.2 Outgoing Updates

Outgoing Updates include the direct and static networks from the interior

routing table, except for the network shared with the EGP neighbor.

The networks that are allowed to be advised in Updates may be specified at

initialization in EGPINITFILE. This allows particular routes to be excluded

from exterior updates in cases where routing loops could be a problem. Another

case where this option is necessary, is when there is a non-routing gateway

belonging to a different AS which has not implemented EGP yet. Its routes may

need to be included in the kernel routing table but they are not allowed to be

advised in outgoing updates.

If the interior routing table includes other interior gateways on the network

shared with the EGP neighbor they are include in Updates as the appropriate

RFC911 6

first hop to their attached networks.

The distance to networks is set as in the interior routing table except if the

route is marked down in which case the distance is set to 255. At present

routes are only marked down if the outgoing interface is down. The state of all

interfaces is checked prior to preparing each outgoing Update using the

SIOCGIFFLAGS ioctl system call.

Unsolicited Updates are not sent.

2.2 Neighbor Acquisition

EGPINITFILE lists the addresses of trusted EGP neighbor gateways, which are

read at initialization. These will usually be core gateways as only core

gateways provide full internet routing information. At the time of writing

there were three core gateways on ARPANET which support EGP, Css-GATEWAY,

ISI-GATEWAY and PURDUE-CS-GW, and two on MILNET, BBN-MINET-A-GW and AERONET-GW.

EGPINITFILE also includes the maximum number of these gateways that should be

acquired at any one time. This is usually expected to be just one. If this

gateway is declared down another gateway on the list will then be acquired

automatically in sufficient time to ensure that the current routes are not

timed out.

The gateway will only accept acquisitions from neighbors on the trusted list

and will not accept them if it already has acquired its maximum quota. This

prevents Updates being accepted from possibly unreliable sources.

The ability to acquire core gateways that are not on the trusted list but have

been learned of indirectly via Update messages is not included because not all

core gateways run EGP.

New acquisition Requests are sent to neighbors in the order they appear in

EGPINITFILE. No more new Requests than the maximum number of neighbors yet to

be acquired are sent at once. Any number of outstanding Requests are

retransmitted at 32 second intervals up to 5 retransmissions each at which time

the acquisition retransmission interval is increased to 4 minutes. Once the

maximum number of neighbors has been acquired, unacquired neighbors with

outstanding Requests are sent Ceases. This approach provides a compromise

between fast response when neighbors do not initially respond and a desire to

minimize the chance that a neighbor may be Ceased after it has sent a Confirm

but before it has been received. If the specified maximum number of neighbors

cannot be acquired, Requests are retransmitted indefinitely to all unacquired

neighbors.

2.3 Hello and Poll Intervals

The Request and Confirm messages include minimum values for Hello and Poll

intervals. The advised minimums by this and the core gateways are currently 30

and 120 seconds respectively.

RFC911 7

The received intervals are checked against upper bounds to guard against

nonsense values. The upper bounds are currently set at 120 and 480 seconds

respectively. If, they are exceeded the particular neighbor is considered bad

and not sent further Requests for one hour. This allows the situation to be

corrected at the other gateway and normal operation to automatically resume

from this gateway without an excess of unnecessary network traffic.

The actual Hello and Poll intervals are chosen by first selecting the maximum

of the intervals advised by this gateway and its peer. A 2 second margin is

then added to the Hello interval to take account of possible network delay

variations and the Poll interval is increased to the next integer ratio of the

Hello interval. This results in 32 second Hello and 128 second Poll intervals.

If an Update is not received in response to a Poll, at most one repoll (same

sequence number) is sent instead of the next scheduled Hello.

2.4 Neighbor Cease

If the EGP process is sent a SIGTERM signal via the Kill command, all acquired

neighbors are sent Cease(going down) commands. Ceases are retransmitted at the

hello interval at most 3 times. Once all have either responded with Cease-acks

or been sent three retransmitted Ceases the process is terminated.

2.5 Neighbor Reachability

Only active reachability determination is implemented. It is done as

recommended in [Mills 84a] with a minor variation noted below.

A shift register of responses is maintained. For each Poll or Hello command

sent a zero is shifted into the shift register. If a response (I-H-U, Update

or Error) is received with the correct sequence number the zero is replaced by

a one. Before each new command is sent the reachability is determined by

examining the last four entries of the shift register. If the neighbor is

reachable and <= 1 response was received the neighbor is considered

unreachable. If the neighbor is considered unreachable and >= 3 responses were

received it is now considered reachable.

A neighbor is considered reachable immediately after acquisition so that the

first poll received from a core gateway (once it considers this gateway

reachable) will be responded to with an Update. Polls are not sent unless a

neighbor is considered reachable and it has not advised that it considers this

gateway unreachable in its last Hello, I-H-U or Poll message. This prevents

the first Poll being discarded after a down/up transition. This is important as

the Polls are used for reachability determination. Following acquisition at

least one message must be received before the first Poll is sent. This is to

determine that the peer does not consider this gateway down. This usually

requires at least one Hello to be sent prior to the first poll. The discussion

of this paragraph differs from [Mills 84a] which recommends that a peer be

considered down following acquisition and Polls may be sent as soon as the peer

is considered up. This is the only significant departure from the

RFC911 8

recommendations in [Mills 84a].

Polls received by peers that are considered unreachable are sent an Error

response which allows their reachability determination to progress correctly.

This action is an option within [Mills 84a].

When a neighbor becomes unreachable all routes using it as a gateway are

deleted from the routing table. If there are known unacquired neighbors the

unreachable gateway is ceased and an attempt is made to acquire a new neighbor.

If all known neighbors are acquired the reachability determination is continued

for 30 minutes ([Mills 84a] suggests 60 minutes) after which time the

unreachable neighbor is ceased and reacquisition attempted every 4 minutes.

This is aimed at reducing unnecessary network traffic.

If valid Update responses are not received for three successive polls the

neighbor is ceased and an alternative acquired or reacquisition is attempted in

4 minutes. This provision is provided in case erroneous Update data formats are

being sent by the neighbor. This situation did occur on one occasion during

testing.

2.6 Sequence Numbers

Sequence numbers are managed as recommended in [Mills 84a]. Single send and

receive sequence numbers are maintained for each neighbor. The send sequence

number is initialized to zero and is incremented before each new Poll (not

repoll) is sent and at no other time. The send sequence number is used in all

commands. The receive sequence number is maintained by copying the sequence

number of the last Request, Hello, or Poll command received from a neighbor.

This sequence number is used in outgoing Updates. All responses (including

Error responses) return the sequence number of the message just received.

2.7 Treatment of Excess Commands

If more than 20 commands are received from a neighbor in any 8 minute period

the neighbor is considered bad, Ceased and reacquisition prevented for one

hour.

At most one repoll (same sequence number) received before the poll interval has

expired (less a 4 second margin for network delay variability) is responded to

with an Update, others are sent an Error response. When an Update is sent in

response to a repoll the unsolicited bit is not set, which differs from the

recommendation in [Mills 84a].

2.8 Inappropriate Messages

If a Confirm, Hello, I-H-U, Poll or Update is received from any gateway (known

or unknown) that is in the unacquired state, synchronization has probably been

lost for some reason. A Cease(protocol violation) message is sent to try and

reduce unnecessary network traffic. This action is an option in [Mills 84a].

RFC911 9

2.9 Default Gateway

A default gateway may be specified in EGPINITFILE. The default route (net 0 in

Unix 4.2 BSD) is used by the kernel packet forwarder if there is no specific

route for the destination network. This provides a final level of backup if all

known EGP neighbors are unreachable. This is especially useful if there is only

one available EGP neighbor, as in the ISI case, Section 5.2.2.

The default route is installed at initialization and deleted after a valid EGP

Update message is received. It is reinstalled if all known neighbors are

acquired but none are reachable, if routes time out while there are no EGP

neighbors that are acquired and reachable, and prior to process termination.

It is deleted after a valid EGP Update message is received because the default

gateway will not know any more routing information than learned via EGP. If it

were not deleted, all traffic to unreachable nets would be sent to the default

gateway under Unix 4.2 forwarding strategy.

The default gateway should normally be set to a full-routing core gateway other

than the known EGP neighbor gateways to give another backup in case all of the

EGP gateways are down simultaneously.

RFC911 10

3. TESTING

A few interesting cases that occurred during testing are briefly described.

The use of sequence numbers was interpreted differently by different

implementers. Consequently some implementations rejected messages as having

incorrect sequence numbers, resulting in the peer gateway being declared down.

The main problem was that the specification was solely in narrative form which

is prone to inconsistencies, ambiguities and incompleteness. The more formal

specification of [Mills 84a] has eliminated these ambiguities.

When testing the response to packets addressed to a neighbor gateway's

interface that was not on the shared net a loop resulted as both gateways

repeatedly exchanged error messages indicating an invalid interface. The

problem was that both gateways were sending Error responses after checking the

addresses but before the EGP message type was checked. This was rectified by

not sending an Error response unless it was certain that the message was not

itself an Error response.

On one occasion a core gateway had some form of data error in the Update

messages which caused them to be rejected even though reachability was being

satisfactorily conducted. This resulted in all routes being timed out. The

solution was to count the number of successive Polls that do not result in

valid Updates being received and if this number reaches 3 to Cease EGP and

attempt to acquire an alternative gateway.

Another interesting idiosyncrasy, reported by Mike Karels at Berkeley, results

from having multiple gateways between MILNET and ARPANET. Each ARPANET host has

an assigned gateway to use for Access to MILNET. In cases where the EGP gateway

is a host as well as a gateway, the EGP Update messages may indicate a

different MILNET/ARPANET gateway from the assigned one. When the host/gateway

originates a packet that is routed via the EGP reported gateway, it will

receive a redirect to its assigned gateway. Thus the MILNET gateway can keep

being switched between the gateway reported by EGP and the assigned gateway. A

similar thing occurs when using routes to other nets reached via MILNET/ARPANET

gateways.

RFC911 11

4. FUTURE ENHANCEMENTS

4.1 Multiple Autonomous Systems

The present method of acquiring a maximum number of EGP neighbors from a

trusted list implies that all the neighbors are in the same AS. The intention

is that they all be members of the core AS. When updating the routing tables,

Updates are treated independently with no distinction made as to whether the

advised routes are internal or external to the peer's AS. Also, routing

metrics are compared without reference to the AS of the source.

If EGP is to be conducted with additional AS's beside the core AS, all

neighbors on the list would need to be acquired in order to ensure that

gateways from both AS's were always acquired. This results in an unnecessary

excess of EGP traffic if redundant neighbors are acquired for reliability. A

more desirable approach would be to have separate lists of trusted EGP gateways

and the maximum number to be acquire, for each AS. Routing entries would need

to have the source AS added so that preference could be given to information

received from the owning AS (see Section 5.1.2)

4.2 Interface Monitoring

At present, interface status is only checked immediately prior to the sending

of an Update in response to a Poll. The interface status could be monitored

more regularly and an unsolicited Update sent when a change is detected. This

is one area where the slow response of EGP polling could be improved. This is

of particular interest to networks that may be connected by dial-in lines.

When such a network dials in, its associated interface will be marked as up but

it will not be able to receive packets until the change has been propagated by

EGP. This is one case where the unsolicited Update message would help, but

there is still the delay for other non-core gateways to poll core EGP gateways

for the new routing information.

This was one case where it was initially thought that a kernel EGP

implementation might help. But the kernel does not presently pass interface

status changes by interrupts so a new facility would need to be incorporated.

If this was done it may be just as easy to provide a user level signal when an

interface status changes.

4.3 Network Level Status Information

At present, network level status reports, such as IMP Destination Unreachable

messages, are not used to detect changes in the reachability of EGP neighbors

or other neighbor gateways. This information should be used to improve the

response time to changes.

RFC911 12

4.4 Interior Gateway Protocol Interface

At present any routing information that is interior to the AS is static and

read from the initialization file. The internal route management functions have

been written so that it should be reasonably easy to interface an IGP for

dynamic interior route updates. This is facilitated by the separation of the

exterior and interior routing tables.

The outgoing EGP Updates will be correctly prepared from the interior routing

table by rt_NRnets() whether or not static or dynamic interior routing is done.

Functions are also provided for looking up, adding, changing and deleting

internal routes, i.e. rt_int_lookup(), rt_add(), rt_change() and rt_delete()

respectively.

The interaction of an IGP with the current data structures basically involves

three functions: updating the interior routing table using a function similar

to rt_NRupdate(), preparing outgoing interior updates similarly to rt_NRnets(),

and timing out interior routes similarly to rt_time().

RFC911 13

5. TOPOLOGY ISSUES

5.1 Topology Restrictions and Routing Loops

5.1.1 Background

EGP is not a routing algorithm. it merely enables exterior neighbors to

exchange routing information which is likely to to be needed by a routing

algorithm. It does not pass sufficient information to prevent routing loops if

cycles exist in the topology [Rosen 82].

Routing loops can occur when two gateways think there are alternate routes to

reach a third gateway via each other. When the third gateway goes down they end

up pointing to each other forming a routing loop. Within the present core

system, loops are broken by counting to "infinity" (the internet diameter in

gateway hops). This (usually) works satisfactorily because GGP propagates

changes fairly quickly as routing updates are sent as soon as changes occur.

Also the diameter of the internet is quite small (5) and a universal distance

metric, hop count, is used. But this will be changed in the future.

With EGP, changes are propagated slowly. Although a single unsolicited NR

message can be sent, it won't necessarily be passed straight on to other

gateways who must hear about it indirectly. Also, the distance metrics of

different AS's are quite independent and hence can't be used to count to

infinity.

The initial proposal was to prevent routing loops by restricting the topology

of AS's to a tree structure so that there are no multiple routes via alternate

AS's. Multiple routes within the same AS are allowed as it is the interior

routing strategies responsibility to control loops.

[Mills 84b] has noted that even with the tree topology restriction, "we must

assume that transient loops may form within the core system from time to time

and that this information may escape to other systems; however, it would be

expected that these loops would not persist for very long and would be broken

in a short time within the core system itself. Thus a loop between non-core

systems can persist until the first round of Update messages sent to the other

systems after all traces of the loop have been purged from the core system or

until the reachability information ages out of the tables, whichever occurs

first".

With the initial simple stub EGP systems the tree topology restriction could be

satisfied. But for the long term this does not provide sufficient robustness.

[Mills 83] proposed a procedure by which the AS's can dynamically reconfigure

themselves such that the topology restriction is always met, without the need

for a single "core" AS. One AS would own a shared net and its neighbor AS's

would just conduct EGP with the owner. The owner would pass on such information

indirectly as the core system does now. If the owning AS is defined to be

closest to the root of the tree topology, any haphazard interconnection can

RFC911 14

form itself into an appropriate tree structured routing topology. By routing

topology I mean the topology as advised in routing updates. There may well be

other physical connections but if they are not advised they will not be used

for routing. Each AS can conduct EGP with at most one AS that owns one of its

shared nets. Any AS that is not conducting EGP over any net owned by another AS

is the root of a subtree. It may conduct EGP with just one other AS that owns

one of its shared nets. This "attachment" combines the two subtrees into a

single subtree such that the overall topology is still a tree. Topology

violations can be determined because two different AS's will report that they

can reach the same net.

With such a dynamic tree, there may be preferred and backup links. In such

cases it is necessary to monitor the failed link so that routing can be changed

back to the preferred link when service is restored.

Another ASPect to consider is the possibility of detecting routing loops and

then breaking them. Expiration of the packet time-to-live (TTL) could be used

to do this. If such a loop is suspected a diagnostic packet, such as ICMP echo,

could be sent over the suspect route to confirm whether it is a loop. If a loop

is detected a special routing packet could be sent over the route that

instructs each gateway to delete the route after forwarding the packet on. The

acceptance of new routing information may need to be delayed for a hold down

period. This approach would require sensible selection of the initial TTL. But

this is not done by many hosts.

5.1.2 Current Policy

Considering the general trend to increased network interconnection and the

availability of alternative long-haul networks such as ARPANET, WBNET (wideband

satellite network), and public data networks the tree topology restriction is

generally unacceptable. A less restrictive topology is currently recommended.

The following is taken from [Mills 84b].

EGP topological model:

- An autonomous system consists of a set of gateways connected by

networks. Each gateway in the system must be reachable from every

other gateway in its system by paths including only gateways in that

system.

- A gateway in a system may run EGP with a gateway in any other system

as long as the path over which EGP itself is run does not include a

gateway in a third system.

- The "core system" is distinguished from the others by the fact that

only it is allowed to distribute reachability information about

systems other than itself.

- At least one gateway in every system must have a net in common with a

gateway in the core system.

RFC911 15

- There are no topological or connectivity restrictions other than

those implied above.

A gateway will use information derived from its configuration (directly

connected nets), the IGP of its system, called S in the following, (interior

nets) and EGP (interior and exterior nets of neighboring systems) to construct

its routing tables. If conflicts with respect to a particular net N occur, they

will be resolved as follows:

- If N is directly connected to the gateway, all IGP and EGP reports

about N are disregarded.

- If N is reported by IGP as interior to S and by EGP as either

interior or exterior to another system, the IGP report takes

precedence.

- If N is reported by EGP as interior to one system and exterior to

another, the interior report takes precedence.

- If N is reported as interior by two or more gateways of the same

system using EGP, the reports specifying the smallest hop count take

precedence.

- In all other cases the latest received report takes precedence.

Old information will be aged from the tables.

The interim model provides an acceptable degree of self-organization.

Transient routing loops can occur between systems, but these are eventually

broken by old reachability information being aged out of the tables. Given the

fact that transient loops can occur due to temporary core-system loops, the

additional loops that might occur in the case of local nets homed to multiple

systems does not seem to increase the risk significantly.

5.2 Present ISI Configuration

A simplified version of the ISI network configuration is shown in Figure 5-1.

ISI-Hobgoblin can provide a backup gateway function to the core ISI-Gateway

between ARPANET and ISI-NET. ISI-Hobgoblin is a VAX 11/750 which runs Berkeley

Unix 4.2. The EGP implementation described in this report is run on

ISI-Hobgoblin.

ISI-Troll is part of a split gateway to the University of California at Irvine

network (UCI-ICS). The complete logical gateway consists of ISI-Troll, the 9600

baud link and UCI-750A [Rose 84]. ISI-Troll runs Berkeley Unix 4.1a and hence

cannot run the EGP program. It is therefore a non-routing gateway. The

existence of UCI-ICS net must be advised to the core AS by ISI-Hobgoblin. This

can be done by including an appropriate entry in the EGPINITFILE.

Hosts on ISI-NET, including ISI-Troll, have static route entries indicating

ISI-Gateway as the first hop for all networks other than UCI-ICS and ISI-NET.

RFC911 16

-------------------------------------------------

/ / ARPANET \ 10 /

\ /

-------------------------------------------------

+-------------+ +-------------+ +---------------+

ISI-PNG11

Arpanet ISI-GATEWAY ISI-HOBGOBLIN

Address Vax 11/750

logical Core EGP Unix 4.2

multiplexer

+-------------+ +-------------+ +---------------+

--------------- ----------------------------

/ \ / / 3 Mb/s Ethernet \ / ISI-NET \ net 10 / \ 128.9 /

\ / \ /

--------------- ----------------------------

+--------------+

ISI-TROLL

Vax 11/750

Unix 4.1a

Non-routing

9600 ISI-TROLL, UCI-750A

baud and the link form a

link single logical gateway

UCI-750A

Vax 11/750

Unix 4.2

+--------------+

----------------------

/ / UCI-ICS \ 192.5.19 /

\ /

----------------------

Figure 5-1: Simplified ISI Network Configuration

RFC911 17

EGP can either be conducted with ISI-Gateway across ARPANET or ISI-NET.

5.2.1 EGP Across ARPANET

ISI-Hobgoblin will advise ISI-Gateway across ARPANET, and hence the core

system, that it can reach ISI-NET and UCI-ICS.

Packets from AS's exterior to ISI and destined for UCI-ICS will be routed via

ISI-Gateway, ISI-Hobgoblin and ISI-Troll. The extra hop via ISI-Gateway (or

other core EGP gateway) is because the core gateways do not currently pass on

indirect-neighbor exterior gateway addresses in their IGP messages

(Gateway-to-Gateway Protocol). Packets originating from UCI-ICS destined for

exterior AS's will be routed via ISI-Troll and ISI-Gateway. Thus the incoming

and out going packet routes are different.

Packets originating from ISI-Hobgoblin as a host and destined for exterior AS's

will be routed via the appropriate gateway on ARPANET.

UCI-ICS can only communicate with exterior AS's if ISI-Troll, ISI-Hobgoblin and

ISI-Gateway are all up. The dependence on ISI-Gateway could be eliminated if

ISI-Troll routed packets via ISI-Hobgoblin rather than ISI-Gateway. However,

as ISI-Hobgoblin is primarily a host and not a gateway it is preferable that

ISI-Gateway route packets when possible.

ISI-Hobgoblin can provide a back-up gateway function to ISI-Gateway as it can

automatically switch to an alternative core EGP peer if ISI-Gateway goes down.

Even though ISI-Hobgoblin normally advises the core system that it can reach

ISI-NET the core uses its own internal route via ISI-Gateway in preference.

For hosts on ISI-NET to correctly route outgoing packets they need their static

gateway entries changed from ISI-Gateway to ISI-Hobgoblin. At present this

would have to be done manually. This would only be appropriate if ISI-Gateway

was going to be down for an extended period.

5.2.2 EGP Across ISI-NET

ISI-Hobgoblin will advise ISI-Gateway across ISI-NET that its indirect

neighbor, ISI-Troll, can reach UCI-ICS net.

All exterior packet routing for UCI-ICS will be via ISI-Gateway in both

directions with no hops via ISI-Hobgoblin. Packets originating from

ISI-Hobgoblin as a host and destined for exterior AS's will be routed via

ISI-Gateway, rather than the ARPANET interface, in both directions, thus taking

an additional hop.

UCI-ICS can only communicate with exterior AS's if ISI-Troll and ISI-Gateway

are up and ISI-Hobgoblin has advised ISI-Gateway of the UCI-ICS route. If

ISI-Hobgoblin goes down, communication will still be possible because

ISI-gateway (and other core gateways) do not time out routes to indirect

RFC911 18

neighbors. If ISI-Gateway then goes down, it will need to be readvised by

ISI-Hobgoblin of the UCI-ICS route, when it comes up.

Conducting EGP over ISI-NET rather than ARPANET should provide more reliable

service for UCI-ICS for the following reasons: ISI-Gateway is specifically

designed as a gateway, it is expected to be up more than ISI-Hobgoblin, it is

desirable to eliminate extra routing hops where possible and, the exterior

routing information will persist after ISI-hobgoblin goes down. If

ISI-Hobgoblin is to be used in its back-up mode, EGP could be restarted across

ARPANET after the new gateway routes are manually installed in the hosts.

Therefore, EGP across ISI-NET was selected as the preferred mode of operation.

5.2.3 Potential Routing Loop

Because both ISI-Gateway and ISI-Hobgoblin provide routes between ARPANET and

ISI-NET there is a potential routing loop. This topology in fact violates the

original tree structure restriction. Provided ISI-Hobgoblin does not conduct

EGP simultaneously with ISI-Gateway over ISI-NET and ARPANET, the gateways will

only ever know about the alternative route from the shared EGP network and not

from the other network. Thus a loop cannot occur. For instance, if EGP is

conducted over ISI-NET, both ISI-Gateway and ISI-Hobgoblin will know about the

alternative routes via each other to ARPANET from ISI-NET, but they will not

know about the gateway addresses on ARPANET to be able to access ISI-NET from

ARPANET. Thus they have insufficient routing data to be able to route packets

in a loop between themselves.

5.3 Possible Future Configuration

5.3.1 Gateway to UCI-ICS

An improvement in the reliability and performance of the service offered to

UCI-ICS can be achieved by moving the UCI-ICS interface from ISI-Troll to

ISI-Hobgoblin. Reliability will improve because the connection will only

require ISI-Hobgoblin and its ARPANET interface to be up and performance will

improve because the extra gateway hop will be eliminated.

This will also allow EGP to be conducted across ARPANET giving access to the

alternative core gateways running EGP. This will increase the chances of being

able to reliably acquire an EGP neighbor at all times. It will also eliminate

the extra hop via ISI-Gateway for packets originating from ISI-Hobgoblin, as a

host, and destined for exterior networks.

This configuration change will be made at sometime in the future. It was not

done initially because ISI-Hobgoblin was experimental and down more often than

ISI-Troll.

RFC911 19

5.3.2 Dynamic Switch to Backup Gateway

It was noted in Section 5.2.1 that ISI-Hobgoblin can provide a backup gateway

function to ISI-Gateway between ARPANET and ISI-NET. Such backup gateways could

become a common approach to providing increased reliability.

At present the change over to the backup gateway requires the new gateway route

to be manually entered for hosts on ISI-NET. This section describes a possible

method for achieving this changeover dynamically when the primary gateway goes

down.

The aim is to be able to detect when the primary gateway is down and have all

hosts on the local network change to the backup gateway with a minimum amount

of additional network traffic. The hosts should revert back to the primary

gateway when it comes up again.

The proposed method is for only the backup gateway to monitor the primary

gateway status and for it to notify all hosts of the new gateway address when

there is a change.

5.3.2.1 Usual Operation

The backup gateway runs a process which sends reachability-probe messages, such

as ICMP echoes, to the primary gateway every 30 seconds and uses the responses

to determine reachability as for EGP. If the primary gateway goes down a

"gateway-address message" indicating the backup gateway address is broadcast

(or preferably multicast) to all hosts. When the primary gateway comes up

another gateway message indicating the primary gateway address is broadcast.

These broadcasts should be done four times at 30 second intervals to avoid the

need for acknowledgements and knowledge of host addresses.

Each host would run a process that listens for gateway-address messages. If a

different gateway is advised it changes the default gateway entry to the new

address.

5.3.2.2 Host Initialization

When a host comes up the primary gateway could be down so it needs to be able

to determine that it should use the backup gateway. The host could read the

address of the primary and backup gateways from a static initialization file.

It would then set its default gateway as the primary gateway and send a

"gateway-request message" to the backup gateway requesting the current gateway

address. The backup gateway would respond with a gateway-address message. If

no response is received the gateway-request should be retransmitted three times

at 30 second intervals. If no response is received the backup gateway can be

assumed down and the primary gateway retained as the default.

Whenever the backup gateway comes up it broadcasts a gateway-address message.

Alternatively, a broadcast (or multicast) gateway-request message could be

RFC911 20

defined to which only gateways would respond. The backup gateway-address

message needs to indicate that it is the backup gateway so that future requests

need not be broadcast. Again, three retransmissions should be used. But the

primary gateway also needs to broadcast its address whenever it comes up.

5.3.2.3 When Both the Primary and Backup are Down

If the primary gateway is down and the backup knows it is going down, it should

broadcast gateway-address messages indicating the primary gateway in case the

primary gateway comes up first.

But the backup could go down without warning and the primary come up before it.

If the primary gateway broadcasts a gateway-address message when it comes up

there is no problem. Otherwise, while hosts are using the backup gateway they

should send a gateway-request message every 10 minutes. If no response is

received it should be retransmitted 3 times at 30 second intervals and if still

no response the backup assumed down and the primary gateway reverted to.

Thus the only time hosts need to send messages periodically is when the primary

gateway does not send gateway-address messages on coming up and the backup

gateway is being used. In some cases, such as at ISI, the primary gateway is

managed by a different organization and experimental features cannot be

conveniently added.

5.3.2.4 Unix 4.2 BSD

One difficulty with the above is that there is no standard method of specifying

internet broadcast or multicast addresses. Multicast addressing is preferable

as only those participating need process the message (interfaces with hardware

multicast detection are available). In the case of Unix 4.2 BSD an internet

address with zero local address is assumed for the internet broadcast address.

However, the general Internet Addressing policy is to use an all ones value to

indicate a broadcast function.

On Unix 4.2 BSD systems, both the gateway and host processes could be run at

the user level so that kernel modifications are not required.

A User Datagram Protocol (UDP) socket could be reserved for host-backup-gateway

communication.

Super user access to raw sockets for sending and receiving ICMP Echo messages

requires a minor modification to the internet-family protocol switch table.

RFC911 21

6. ACKNOWLEDGEMENT

I acknowledge with thanks the many people who have helped me with this project,

but in particular, Dave Mills, who suggested the project, Jon Postel for

discussion and encouragement, Liza Martin for providing the initial EGP code,

Berkeley for providing the "routed" code, Mike Brescia for assistance with

testing, Telecom Australia for funding me, and ISI for providing facilities.

RFC911 22

7. REFERENCES

[Berkeley 83] "Unix Programmer's Manual", Vol. 1, 4.2 Berkeley Software

Distribution, University of California, Berkeley.

[Kirton 84] Kirton, P.A., "EGP Gateway Under Berkeley Unix 4.2", University

of Southern California, Information Sciences Institute,

Research Report ISI/RR-84-145, to be published.

[Mills 83] Mills, D.L., "EGP Models and Self-Organizing Systems" Message

to EGP-PEOPLE@BBN-UNIX, Nov. 1983.

[Mills 84a] Mills, D.L., "Exterior Gateway Protocol Formal Specification",

Network Information Center RFC904, April 1984.

[Mills 84b] Mills, D.L., "Revised EGP Model Clarified and Discussed",

Message to EGP-PEOPLE@BBN-UNIX, May 1984.

[Postel 84] Postel, J., "Exterior Gateway Protocol Implementation Schedule"

Network Information Center RFC890, Feb. 1984.

[Rose 84] Rose, M.T., "Low-Tech Connection into the ARPA-Internet: The

Raw-Packet Split Gateway", Department of Information and

Computer Science, University of California, Irvine, Technical

Report 216, Feb. 1984.

[Rosen 82] Rosen, E.C., "Exterior Gateway Protocol", Network Information

Center RFC827, Oct. 1982.

[Seamonson & Rosen 84]

Seamonson, L.J. and Rosen, E.C., "Stub Exterior Gateway

Protocol", Network Information Center RFC888, Jan. 84.

[Xerox 81] "Internet Transport Protocols", Xerox System Integration

Standard XSIS 028112, Dec. 1981.

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有