[Nsi-wg] UvA/TUD topology exchange proposal

Henrik Thostrup Jensen htj at nordu.net
Fri Sep 19 05:24:27 EDT 2014 

Hi Diederik

On Thu, 18 Sep 2014, Diederik Vandevenne wrote:

> Sorry to jump into this discussion. Given the agenda of the upcoming NSI 
> meeting on monday I am very interested in the restrictive policies you 
> have that are not easy to describe or should only work when the control 
> plane and data plane er equal (chain).

So chaining allows better control of how you connect different networks 
together. That is, how the data should transit.

>> The basic shortcoming of the system is that it is based around a single 
>> representation of each network (the NML way of thinking). However this 
>> is practially never the case.
>>
>> You can try and encode switching capabilities into each network 
>> description and do pathfinding (the current approach for some in the 
>> NSI group), but this falls to the ground when there are restrictive 
>> policies about re-transit (i.e., I am allowed to transit a service into 
>> another network, but the entity I am selling to is not allowed to 
>> re-transit).
>
>
> If I understand your example well, A is allowed to transit B to reach C, 
> but B is not allowed to send traffic back to A (see diagram below),

I don't know any cases like that (but I won't say they don't exist).

> right? If this is correct, I think you should be able to describe this 
> policy in NML with the unidirectional ports and links. Or do you mean B 
> is allowed to transit C, but A is not allowed to transit C through B?

Moving diagram up:

> A — B — C — D

Yes. You can have cases where A is allowed to transit to C, but not D. 
This is the case for some NRENs that we provide some transit services too, 
but not our full transit services (due to AUPs about R&E/commercial 
traffic or simply due to the network having their own peering 
infrastructure in one region of the world but not another).

> This would be hard to describe. I think the only way is to make a list 
> of source domains that are allowed to transit. But I do not see how 
> domain C could do this with BGP without the cooperation of domain B. Can 
> you explain?

You can apply filters in BGP for what you choose to announce further (in 
fact, this is a core part of BGP to avoid loops). Typically you won't 
re-announce peering stuff from peering links, but we have customers/peers 
where this is these cases are not clear cut. Say a customer announces an 
IP range and some AS-paths to us. We may only announce part of the range 
and as-paths further down.


     Best regards, Henrik

  Henrik Thostrup Jensen <htj at nordu.net>
  Software Developer, NORDUnet

More information about the nsi-wg mailing list