The MPLS WG Archive

Cell Relay Retreat>MPLS WG Archive>month:2000-Oct> msg00475



[Date Prev][Date Next][Thread Prev][Thread Next]  
  [Date Index][Thread Index][Author Index][Subject Index]

VPN solution - White flag ?

  • From: Eric Rosen <erosen@cisco.com>
  • Date: Wed, 25 Oct 2000 16:49:44 -0400
  • cc: yakov@cisco.com, rnewcomb@ennovatenetowrks.com, mpls@UU.NET, diego@estos.upc.es
  • User-Agent: EMH/1.10.0 WEMI/1.13.2 (Mochimune) FLIM/1.12.1(Nishinokyō) Emacs/20.6 (sparc-sun-solaris2.5.1)MULE/4.0 (HANANOEN)

Paul> I'm  a little  puzzled by  you  choosing to  define (the  NBVPN) as  a
Paul> 'smaller' environment 

The reason I  regard the NBVPN routing environment as  smaller in scale than
the Internet routing environment is the following. 

In the Internet routing environment, anyone in the world needs to be able to
reach  anyone  else  in  the   world.   This  creates  an  enormous  "inter-
connectivity matrix", and one which  is constantly growing.  If, through the
liberal application of route aggregation, this inter-connectivity matrix can
be reduced to 100,000 routes, then quite  a few routers are going to have to
be  able to  hold 100,000  routes.  Since  the inter-connectivity  matrix is
constantly growing in  size, this poses an evident  box scaling problem; the
number of routes which a single router must hold is constantly growing.  

In the  NBVPN routing environment, it is  not true that anyone  in the world
needs to be  able to reach anyone else  in the world.  Each VPN  has its own
inter-connectivity  matrix,  much  smaller  than the  Internet  connectivity
matrix.  Now if you add up all the VPN routes, summed over all VPNs, you may
indeed get  a much larger  number than the  number of Internet  routes.  But
there is no one box which needs  to hold them all.  Since an instance of BGP
runs in a particular box, and only  has to deal with the routes that need to
be in that box,  you don't run up against the same  box scaling problems you
run up  against in  the Internet routing  environment.  You can  design your
system to  have a given box  handle as many routes  or as few  routes as you
want.  

Now someone will say, "Wait a  minute, as your customer base increases, this
may require  you to deploy more  boxes; unscalable, unscalable".   I have to
admit,  the scheme  does not  allow you  to provide  an unbounded  amount of
service in  a single  box.  Both the  growth is not  exponential, geometric,
factorial, or any of that really  bad stuff.  The growth is linear, which is
about the best you can do.

There are other  differences between the NBVPN environment  and the Internet
routing environment that make the former less stressful.  In the most common
cases,  you are  not relying  on routing  information from  independent (and
perhaps uncooperative) third parties in order to provide service to your own
customers. This in itself reduces the stress on the system considerably.

What we  really have is the  application of highly  scalable techniques from
the  world  of inter-domain  routing  applied to  a  much  more orderly  and
controllable  environment.  I  think  it does  provide  virtually  unlimited
scalability because  there is nothing that  will stop you  from adding more,
and the "more"  you have to add grows at worst  linearly with the additional
service you need to provide.

Some people shudder at the thought of having to add all the VPN routes to an
already stressed out Internet routing  system, but that's really not how the
scheme works.  You can maintain as  much or as little separation as you want
between the VPN routing and the Internet routing. 

Paul> And we haven't begun to think  about the poor folks who are being told
Paul> that they can use BGP to  support VPNs while it is also performing the
Paul> role for which it was  designed.  And they are being told this......or
Paul> at least not being clearly told the opposite.

I'm not sure  I can comment on who  you say is being told what  by whom.  As
far as I  know, we have always  placed an emphasis on scaling  the system by
limiting  the number  of routes  that need  to be  known in  any  one place,
including  partitioning  the system  of  route  reflectors.  It's  perfectly
accurate  to say  that BGP  is supporting  both VPNs  and  Internet routing,
what's not accurate is to say that it has to support all those routes in any
one box.

To save you the trouble of replying, let me compose a reply for you:

        "Eric, you  didn't read my message  carefully, you didn't
        answer my  question, what you are saying  makes no sense,
        what  you  are  saying  is  irrelevant,  you  don't  know
        anything  about   routing,  you  don't   understand  BGP,
        everyone  at cisco  is a  rogue, and  I have  a  bunch of
        detailed technical  criticisms of your ideas  but I don't
        have time to write them down now."