From sac-owner Mon Oct 15 10:10:50 2007 Received: from sunmail4.Singapore.Sun.COM (sunmail4.Singapore.Sun.COM [129.158.71.19]) by sac.sfbay.sun.com (8.13.8+Sun/8.13.8) with ESMTP id l9FHAnF8006469 for ; Mon, 15 Oct 2007 10:10:49 -0700 (PDT) Received: from sunmail4.Singapore.Sun.COM (localhost [127.0.0.1]) by sunmail4.Singapore.Sun.COM (8.13.4+Sun/8.13.3/ENSMAIL,v2.2) with ESMTP id l9FH7SU7018664 for ; Tue, 16 Oct 2007 01:07:28 +0800 (SGT) Received: (from noaccess@localhost) by sunmail4.Singapore.Sun.COM (8.13.4+Sun/8.13.3/Submit) id l9FH7SLI018663 for one-pager-not-2b-used-directly; Tue, 16 Oct 2007 01:07:28 +0800 (SGT) Received: from brm-avmta-1.central.sun.com (brm-avmta-1.Central.Sun.COM [129.147.4.11]) by sunmail4.Singapore.Sun.COM (8.13.4+Sun/8.13.3/ENSMAIL,v2.2) with ESMTP id l9FH7Qxl018658 for <@sunmail2sca.sfbay.sun.com:one-pager@sun.com>; Tue, 16 Oct 2007 01:07:27 +0800 (SGT) Received: from pmxchannel-daemon.brm-avmta-1.central.sun.com by brm-avmta-1.central.sun.com (Sun Java System Messaging Server 6.2-3.04 (built Jul 15 2005)) id <0JPY0050DQ8DOQ00@brm-avmta-1.central.sun.com> for one-pager@sun.com (ORCPT one-pager@sun.com); Mon, 15 Oct 2007 11:07:25 -0600 (MDT) Received: from phorcys.east.sun.com ([129.148.174.143]) by brm-avmta-1.central.sun.com (Sun Java System Messaging Server 6.2-3.04 (built Jul 15 2005)) with ESMTP id <0JPY004CLQ8CEE20@brm-avmta-1.central.sun.com> for one-pager@sun.com (ORCPT one-pager@sun.com); Mon, 15 Oct 2007 11:07:24 -0600 (MDT) Received: from phorcys.east.sun.com (localhost [127.0.0.1]) by phorcys.east.sun.com (8.14.1+Sun/8.14.1) with ESMTP id l9FH73H2017359 for ; Mon, 15 Oct 2007 13:07:03 -0400 (EDT) Received: (from carlsonj@localhost) by phorcys.east.sun.com (8.14.1+Sun/8.14.1/Submit) id l9FH73gA017356; Mon, 15 Oct 2007 13:07:03 -0400 (EDT) Date: Mon, 15 Oct 2007 13:07:03 -0400 From: James Carlson Subject: [2007/596]RBridges: Routing Bridges To: one-pager@sun.com Message-id: <18195.40503.103922.756693@gargle.gargle.HOWL> MIME-version: 1.0 X-Mailer: VM 7.01 under Emacs 21.3.1 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT X-PMX-Version: 5.2.0.264296 Status: RO Content-Length: 14599 Template Version: @(#)onepager.txt 1.34 07/08/27 SMI This information is Copyright 2007 Sun Microsystems 1. Introduction 1.1. Project/Component Working Name: RBridges: Routing Bridges 1.2. Name of Document Author/Supplier: James Carlson 1.3. Date of This Document: 10/11/2007 1.4. Name of Major Document Customer(s)/Consumer(s): 1.4.1. The PAC or CPT you expect to review your project: Solaris PAC 1.4.2. The ARC(s) you expect to review your project: PSARC 1.4.3. The Director/VP who is "Sponsoring" this project: william.franklin@sun.com 1.4.4. The name of your business unit: OPG 1.5. Email Aliases: 1.5.1. Responsible Manager: shantnu.sharma@sun.com 1.5.2. Responsible Engineer: james.d.carlson@sun.com 1.5.3. Marketing Manager: paul.steeves@sun.com 1.5.4. Interest List: rbridges-dev@opensolaris.org 2. Project Summary 2.1. Project Description: The RBridges product provides Solaris with bridging functionality, including a new protocol (under development in the IETF) that will replace Spanning Tree Protocol, and also with IS-IS routing for IP networks. 2.2. Risks and Assumptions: The TRILL protocol underpinning RBridges is under active development in the IETF now, and is still changing rapidly. Mitigation: we will concentrate on the basic (and separately useful) functionality first, participate in the IETF discussions, and release prototypes on opensolaris.org. The Quagga IS-IS code base may not be very mature. Mitigation: part of our project plan will include a review of this software and a replan if additional work is needed. The bridging prototype is incomplete and may require additional work to make it usable and to integrate with coming Clearview and Crossbow kernel changes. Mitigation: extend the schedule to include required work. Functional requirements and associated costs in several areas (VLANs, multiple instances, and multicast, in particular) are not yet known. Mitigation: evaluate costs of these features and implementation options, set functional boundaries. 3. Business Summary This project addresses multiple business areas. First, the basic bridging functionality is an oft-requested feature: 6223953 Solaris should provide layer 2 bridging This functionality is also related to the ability to do "stealth firewall" filtering, as documented here: 6438218 Need a way to apply "stealth" packet filtering on a bridged network Second, the functionality is needed for appliance-like applications, including Virtual Network Machines: http://www.opensolaris.org/os/project/vnm/ Third, the project also delivers a supported IS-IS solution into OpenSolaris. Some competitive systems, such as IBM's AIX, support IS-IS today, but others, such as Microsoft's Windows, do not. Having IS-IS for IP routing puts Solaris ahead. Fourth, the IETF TRILL effort was spawned by original work by Sun's Radia Perlman. Developing this idea into a product via OpenSolaris helps turn Sun research into a marketplace advantage. Finally, the Spanning Tree Protocol has multiple deficiencies, both in terms of functionality (non-optimal paths are used and no multipathing is possible) and in terms of safety (failed negotiation results in link-open and potential network-melting loops). RBridges replaces that with a robust protocol. 3.1. Problem Area: This project delivers a replacement for Spanning Tree Protocol that addresses the known shortcomings of that protocol, and provides a robust solution. With inexpensive hardware and high port counts, this software will allow customers and system integrators to create new deployments that avoid the problems inherent with older ones. This project also delivers IS-IS routing, which is commonly used for IP routing in large networks, and interoperates with Cisco, Juniper, and other routing platforms. Without this project, customers must configure their routers to redistribute routes into other routing protocols that present-day Solaris can use, making Solaris a less-equal peer. 3.2. Market/Requester: (Open project: no names supplied. Contact project lead if you need customer names or contacts.) Large customers running mostly flat networks have had occasional (but expensive) outages due to Spanning Tree failures are primary targets. 3.3. Business Justification: Provides valuable components for Virtual Network Machines project. Provides bridging and IS-IS routing features for OpenSolaris. At least one customer (likely a beta site as well) is interested in TRILL to replace STP. 3.4. Competitive Analysis: Sun (Radia Perlman) is an industry leader in the research behind this project, and is recognized as such. Having a Sun product based on it puts us ahead. No competitor currently has an RBridges solution. However, most competitors include some form of bridging (often including STP), and many UNIX and Unix-like competitors include IS-IS routing. Participants in the IETF discussion include employees of Brocade (a switch manufacturer), Motorola, Nuova Systems (data center networking start-up), Neterion (Ethernet adapter maker), Ericsson, and Cisco. The OpenSolaris advantage over the other entrants in this area is flexibility: we are unique in having an open-source operating system, and this means that ISVs and customers can tailor the product to fit a wide range of uses. 3.5. Opportunity Window/Exposure: The main opportunity for this project aligns with the IETF working group deliverables. It is, however, difficult to get a hold on that figure. The current working group charter shows the group finishing its work this past July. That clearly hasn't happened. The group may be six months to a year away from completing its work, and products based on it will begin appearing around that time or shortly after. 3.6. How will you know when you are done?: Besides the usual and expected testing (including UNH and internal test suites): - Beta sites successfully deploy functionality and report back usage. - Demonstrated interoperability in a lab or bake-off with at least one alternative implementation. - Functionality is evaluated and packaged for use in VNM project. 4. Technical Description: 4.1. Details: We will be evaluating, enhancing, and integrating the existing "ethbridge" prototype. An alternative to this, if the ethbridge code proves unworkable, would be design bridging from scratch. We will investigate sources for an STP implementation; perhaps using the rstplib code from sourceforge. Alternatives for this would be to write one from scratch, locate another source, or omit the ordinary bridging capability. We will also port the Quagga IS-IS implementation, evaluate it for suitability, and enhance with LSP support needed to implement RBridges. The only known alternative is the GateD implementation, but there are licensing problems that prohibit that path. We're fairly committed to Quagga. We will create a new OpenSolaris kernel forwarding mechanism based on TRILL header encapsulation (a form of tunneling). This will include a forwarding table (using TRILL "nicknames"), tunnel ingress/egress for L2 packets, and a control interface for IS-IS. There are no open implementations of this to date, and this code will need to integrate tightly with OpenSolaris interfaces, so it's likely that this will be a from-scratch implementation. Because RBridges are intended to replace regular bridges, they're expected to be "plug and play" -- meaning zero configuration effort. In order to achieve that, the IETF working group is specifying automatic configuration attributes, and we will need to support these, within the limitations of "secure by default." 4.2. Bug/RFE Number(s): 6223953 Solaris should provide layer 2 bridging Others TBD. 4.3. In Scope: IPv4 and IPv6 routing with IS-IS, provided that the Quagga sources permit it. 4.4. Out of Scope: PPP bridging support. (May be addressed if we have sufficient time.) Packet filtering. (This is the topic of a separate project.) 4.5. Interfaces: dladm command line: new subcommands to control bridging connections between interfaces. Stability: Committed Nemo: new interfaces to control MAC learning (required promiscuous mode operation), output path modification (local traffic handling), and mac-to-mac bridging. Stability: Consolidation Private IS-IS: the protocol itself is an international standard (Committed). Additions (new TLVs) for RBridges operation will initially be Uncommitted, due to ongoing IETF work, but intent is for Committed interfaces. (Cannot deploy otherwise.) TRILL: headers, forwarding, tunnel ingress/egress will initially be Uncommitted (IETF work), but intent is for Committed interfaces. (Cannot deploy otherwise.) Kstats: mix of Committed and Project Private interfaces for new TRILL behavior. Kernel: new user-space programming interfaces to control bridging and TRILL behavior. Stability: Consolidation Private 4.6. Doc Impact: dladm(1M) will need updates for bridging behavior. Network Administrator's Guide will need two new sections: one on IS-IS routing (using Quagga) and another on bridging. 4.7. Admin/Config Impact: No changes by default. Administrator will be able to designate Ethernet interfaces as supporting bridging, and will be able to configure different bridging options, including STP and RBridges. 4.8. HA Impact: N/A 4.9. I18N/L10N Impact: Minimal impact; there may be some new messages in dladm that need to be translated. 4.10. Packaging & Delivery: No new packages are anticipated; existing SUNWquaggar, SUNWquaggau, SUNWcsu, and SUNWcsr will be updated. No install/upgrade issues. 4.11. Security Impact: By default, all of the features of this project are disabled. Administrators must explicitly enable the features, and the documentation will explain the security implications of doing so. Bridging itself lacks security, but does not present an "attack surface" on Solaris. There are no listening applications other than the kernel-resident forwarding component. The forwarding component can be tricked by hosts that can forge MAC/L2 addresses. STP can be attacked, and has no security. The effect of an attack would likely be to force overload (by making frequent topology changes) and to disable viable paths (by creating "phantom" paths with false messages or selecting a non-functioning root node). In the worst case, complete partitioning of the network may be possible (warm brick). IS-IS has two forms of security. First, as an IP routing protocol, it has some inherent (though weak) security based on the fact that it does not run over IP. Attackers must have direct access to the network, and cannot send packets to an IS-IS node from remote locations. Secondly, IS-IS can use HMAC-MD5 message authentication to secure the messages between routers, and there is a draft describing arbitrary (draft-ietf-isis-hmac-sha-03) algorithms, including HMAC-SHA. However, one of the key goals of RBridges is to replace ordinary bridges, and this requires zero configuration usage. Thus, message authentication will not normally be enabled in practice. RBridges allow certain sources of L2 location information to be considered more reliable than others, such as information from wireless access points employing authentication. OpenSolaris has no AP functionality itself, but will use those bits as described in the RFCs. 4.12. Dependencies: The Virtual Network Machines project has a dependency on this project to deliver components it can use. This project and the layer 2 filtering project both depend on bridging in Solaris, and we will need to coordinate in that effort. This project depends on areas that are being modified by Clearview and Crossbow, and thus will need to track changes in those areas. This project also depends on the IETF TRILL effort, and the progress made in standardizing the protocol itself. 5. Reference Documents: Project web page http://www.opensolaris.org/os/project/rbridges/ - Contains links to relevant documentation. IETF working groups http://www.ietf.org/html.charters/trill-charter.html - Transparent Interconnection of Lots of Links http://www.ietf.org/html.charters/isis-charter.html - IS-IS for IP Internets IETF documents http://www.ietf.org/internet-drafts/draft-ietf-trill-rbridge-arch-03.txt - TRILL/RBridge architecture http://www.ietf.org/internet-drafts/draft-ietf-trill-rbridge-protocol-05.txt - TRILL/RBridge protocol http://www.ietf.org/rfc/rfc1195.txt - IS-IS routing in IPv4 networks http://www.ietf.org/internet-drafts/draft-ietf-isis-ipv6-07.txt - IS-IS routing in IPv6 networks http://www.ietf.org/rfc/rfc3567.txt - IS-IS authentication with HMAC-MD5 http://www.ietf.org/internet-drafts/draft-ietf-isis-hmac-sha-03.txt - IS-IS authentication with HMAC-SHA and others RFEs 6223953 Solaris should provide layer 2 bridging 6. Resources and Schedule: 6.1. Projected Availability: 2 years 6.2. Cost of Effort: (_Very_ preliminary estimates.) Development: 3 engineers for 2 years Testing: 2 engineers for 1 year Documentation: 1 person for 6 months 6.3. Cost of Capital Resources: Approximately $10K - $20K for test systems. 6.4. Product Approval Committee requested information: 6.4.1. Consolidation or Component Name: ON and SFW 6.4.3. Type of CPT Review and Approval expected: FastTrack 6.4.4. Project Boundary Conditions: N/A 6.4.5. Is this a necessary project for OEM agreements: No 6.4.6. Notes: Interacts with Xen, Crossbow, Clearview, IP Filter, and VNM projects. 6.4.7. Target RTI Date/Release: November 2009 6.4.8. Target Code Design Review Date: Early 2009 6.4.9. Update approval addition: No 6.5. ARC review type: Standard 6.6. ARC Exposure: open 6.6.1. Rationale: OpenSolaris project 7. Prototype Availability: 7.1. Prototype Availability: IS-IS routing is available now. Basic bridging support should be available by 2008. Subset needed to leave "prototype" stage includes stable TRILL support and IS-IS integration. 7.2. Prototype Cost: Cost to leave "prototype" stage is nearly 100% of the project effort, but need not include capital expense.