IEN-156 Danny Cohen
U S C / I S I
September 7, 1980
CONTROLLED ROUTING IN THE CATENET ENVIRONMENT
This note suggests the use of Strict Source Routing,
SSR, for gaining more control over the routes which
are used for messages to traverse the catenet.
One of the cornerstones of the IN-philosophy is that users are
completely separated from the low level transport issues such as
routing.
While this is generally so, there are some real world situations where
it is desired that users be given a way to influence the routing.
The ARPA Internet Protocol, IP, (see IEN-128), allows users to affect
the routing decisions by using the source routing (SR) mechanism.
There are several reasons for users to influence the routing, rather
than trusting the catenet to figure out the best route.
Some of these reasons are:
[A] Help the catenet find a destination otherwise unknown.
[B] Promoting the use of certain nets for reasons such as favorite
tariff.
[C] Avoiding certain networks for reasons such as various
sensativities.
The current source routing option of IP, as described in IEN-128
addresses mainly the first reason, [A], only.
In order to provide help to the catenet in figuring a route it allows
the user to provide a sequence of addresses such that each of them is
locally unique (hence unambiguous and known) where it is supposed to be
interpreted. Obviously, this sequence must be continuous in the sense
that at each address the next address in the sequence, must be known.
The choice of route from each address to the next is left to the catenet
to determine.
2
IP "assume"s that the given source route is a sequence of IP-addresses,
each in the 32-bit format of 8/24 for the "NET-ID" followed by the
"REST" which is typically a host address, including gateways.
However, this does not necessarily have to be so. If the NET-ID filed
may include ESCAPE-CODES, as advocated in IEN-122, a much more powerful
scheme may evolve.
The above scheme may be used in some clever way also for [B], the
promotion of the use of certain nets. However, it does not provide an
acceptable solution for [C], the avoidance of certain networks.
We argue that [C] is not a well formed requirement, and a tighter
definition is required.
The reason for introducing the requirement to avoid certain networks is
based on the classification of nets into friends and foes. If one knows
about all networks, one could classify them all. But if some are
unknown, they lack classification. In a controlled environment, where
foes should be avoided, the unclassified nets must be avoided, too.
Hence, it is not enough to insist on avoiding the set of all known foe
nets. One must insist, instead, on using only nets which are positively
classified as friends.
Therefore, [C] should be changed from "avoiding known foes" into "using
only well established friends".
Since the source routing technique which was described above does not
tell the catenet how to route messages between the given addresses, it
is possible for messages to be routed through foes while traversing a
sequence of friendly addresses.
Hence, the above source routing technique is not adequate at all for
[C], avoiding all foes.
In order to address this problem to following solution is proposed:
Define a new variant of source routing, similar to the one described
above, with the additional requirements that messages cross network
boundaries only at the gateways specified in the source route.
If there is no DIRECT connection, meaning through a single network
between two successive addresses in the source route, the message should
be discarded rather and no attempt is made to reach the next address via
another intermediate network (and gateways).
If this new option of Strict Source Routing, SSR, is adopted then it is
up to the users to construct "safe" SSRs which include only networks and
gateways which are positively identified as trustworthy friends and are
known to have only gateways which are sure to handle the SSR properly.
The source routing which is not SSR may be referred to as an LSR
(Loose SR).
3
One may view the LSR as "piecewise end-to-end" routing at the IP
(gateways) level, as opposed to the SSR which is a kind of hop-by-hop
routing at the same level.
The notion of a gateway being specified in a SSR has to be clarified.
Gateway per se do not have IP addresses, but their interfaces to local
networks do. Under SSR when the address Ni/Hj (Network/Host) is
specified for a gateway, it is required to reach it through the network
Ni even in the cases that other routes are available.
Consider the following example:
+---------------------------------------------------+
| A11 Network-Alpha A22 |
+---------------------------------------------------+
| |
************* *************
* gateway-A * * gateway-B *
************* *************
| |
+---------------------------------------------------------------------+
| H-1 B11 Network-Beta B22 H-2 |
+---------------------------------------------------------------------+
| |
******* *******
* H-1 * * H-2 *
******* *******
If the SSR specifies the address (Alpha/A11) followed by the address
(Beta/B22) then the only accepatble route is to cross Gateway-A and then
to traverse the Network-Beta to B22. It is not acceptable for the
Gateway-A to recognize that (Beta/B22) is actually a gateway which is
also on Network-Alpha and therefore to route through this network to
(Alpha/A22) expecting the message to cross Gateway-B there.
Hence, H-1 can force his message to get to H-2 through the Network-Alpha
by using the following SSR: (Beta/B11)-(Alpha/A22)-(Beta/H-2). If the
Network-Alpha breaks between A11 and A22 this SSR will result in a
communication failure, even though good routes through Network-Beta only
are avilable, and might have been automatically used if LSR was used.
4
ON INTRANET SSR
It is possible to carry the foes and friends classification further from
the nets (internet) level down into the hosts (intranet) level. One way
to achieve that effect is by "teaching" the half-gateways which are in
each host about SSRs.
However, in this case the definition of DIRECT connection has to be
explicitly defined for each network. In the case of the ARPANET hosts
cannot have this notions which is at the IMPs level. In the case of
broadcast nets (such as satellite based, packets radios, Ethernet-like
or ring-like nets) no connection is "direct enough" even though it has
no intermediate agents along the way.
It seems that SSRs are much more difficult to implement at the intranet
(host) level, and we may be on better and safer ground by implementing
SSRs at first only at the internet (nets and gateways) level.
This obviously means that a net can be certified as a friendly net if,
and only if, all of its hosts and intermediate agents are individually
certified as such. For example, an Ethernet-like network is trustworthy
only if all of its hosts (gateways included) are. However, a network
such as the ARPANet can be trustworthy if all af its intermediate agents
(the IMPs) are, even though some of its hosts are not.
The difficulty of implementing intranet SSR should be of no surprise
since the IN-philosophy is to hide the intranet technicalities from the
internet users.
CONCLUSION
A Strict Source Routing could be used by a set of "certified friendly"
networks in order to avoid the transmission of certain datagrams through
all the networks which are parts of the catenet but are not as
trustworthy as others.