1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
|
Network Working Group M. Little
Request for Comments: 1126 SAIC
October 1989
Goals and Functional Requirements for
Inter-Autonomous System Routing
Status of this Memo
This document describes the functional requirements for a routing
protocol to be used between autonomous systems. This document is
intended as a necessary precursor to the design of a new inter-
autonomous system routing protocol and specifies requirements for the
Internet applicable for use with the current DoD IP, the ISO IP, and
future Internet Protocols. It is intended that these requirements
will form the basis for the future development of a new inter-
autonomous systems routing architecture and protocol. This document
is being circulated to the IETF and Internet community for comment.
Comments should be sent to: "open-rout-editor@bbn.com". This memo
does not specify a standard. Distribution of this memo is unlimited.
1. Introduction
The development of an inter-autonomous systems routing protocol
proceeds from those goals and functions seen as both desirable and
obtainable for the Internet environment. This document describes
these goals and functional requirements. The goals and functional
requirements addressed by this document are intended to provide a
context within which an inter-autonomous system routing architecture
can be developed which will meet both current and future Internet
routing needs. The goals presented indicate properties and general
capabilities desired of the Internet routing environment and what the
inter-autonomous system routing architecture is to accomplish as a
whole.
The goals are followed by functional requirements, which address
either detailed objectives or specific functionality to be achieved
by the architecture and resulting protocol(s). These functional
requirements are enumerated for clarity and grouped so as to map
directly to areas of architectural consideration. This is followed
by a listing and description of general objectives, such as
robustness, which are applicable in a broad sense. Specific
functions which are not reasonably attainable or best left to future
efforts are identified as non-requirements.
The intent of this document is to provide both the goals and
functional requirements in a concise fashion. Supporting arguments,
Little [Page 1]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
tradeoff considerations and the like have been purposefully omitted
in support of this. An appendix has been included which addresses
this omission to a limited extent and the reader is directed there
for a more detailed discussion of the issues involved.
The goals and functional requirements contained in this document are
the result of work done by the members of the Open Routing Working
Group. It is our intention that these goals and requirements reflect
not only those foreseen in the Internet community but are also
similar to those encountered in environments proposed by ANSI, ECMA
and ISO. It is expected that there will be some interaction and
relationship between this work and the product of these groups.
2. Overall Goals
In order to derive a set functional requirements there must be one or
more principals or overall goals for the routing environment to
satisfy. These high level goals provide the basis for each of the
functional requirements we have derived and will guide the design
philosophy for achieving an inter-autonomous system routing solution.
The overall goals we are utilizing are described in the following
sections.
2.1 Route to Destination
The routing architecture will provide for the routing of datagrams
from a single source to one or more destinations in a timely manner.
The larger goal is to provide datagram delivery to an identifiable
destination, one which is not necessarily immediately reachable by
the source. In particular, routing is to address the needs of a
single source requiring datagram delivery to one or more
destinations. The concepts of multi-homed hosts and multicasting
routing services are encompassed by this goal. Datagram delivery is
to be provided to all interconnected systems when not otherwise
constrained by autonomous considerations.
2.2 Routing is Assured
Routing services are to be provided with assurance, where the
inability to provide a service is communicated under best effort to
the requester within an acceptable level of error. This assurance is
not to be misconstrued to mean guaranteed datagram delivery nor does
it imply error notification for every lost datagram. Instead,
attempts to utilize network routing services when such service cannot
be provided will result in requester notification within a reasonable
period given persistent attempts.
Little [Page 2]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
2.3 Large System
The design of the architecture, and the protocols within this
architecture, should accommodate a large number of routing entities.
The exact order of magnitude is a relative guess and the best designs
would provide for a practical level of unbounded growth.
Nevertheless, the routing architecture is expected to accommodate the
growth of the Internet environment for the next 10 years.
2.4 Autonomous Operation
The routing architecture is to allow for stable operation when
significant portions of the internetworking environment are
controlled by disjoint entities. The future Internet environment is
envisioned as consisting of a large number of internetworking
facilities owned and operated by a variety of funding sources and
administrative concerns. Although cooperation between these
facilities is necessary to provide interconnectivity, it is viewed
that both the degree and type of cooperation will vary widely.
Additionally, each of these internetworking facilities desires to
operate as independently as possible from the concerns and activities
of other facilities individually and the interconnection environment
as a whole. Those resources used by (and available for) routing are
to be allowed autonomous control by those administrative entities
which own or operate them. Specifically, each controlling
administration should be allowed to establish and maintain policies
regarding the use of a given routing resource.
2.5 Distributed System
The routing environment developed should not depend upon a data
repository or topological entity which is either centralized or
ubiquitous. The growth pattern of the Internet, coupled with the
need for autonomous operation, dictates an independence from the
topological and administrative centralization of both data and
control flows. Past experience with a centralized topology has shown
that it is both impractical for the needs of the community and
restrictive of administrative freedoms. A distributed routing
environment should not be restrictive of either redundancy or
diversity. Any new routing environment must allow for arbitrary
interconnection between internetworks.
2.6 Provide A Credible Environment
The routing environment and services should be based upon mechanisms
and information that exhibit both integrity and security. The
routing mechanisms should operate in a sound and reliable fashion
while the routing information base should provide credible data upon
Little [Page 3]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
which to base routing decisions. The environment can be unreliable
to the extent that the resulting effect on routing services is
negligible. The architecture and protocol designs should be such
that the routing environment is reasonably secure from unwanted
modification or influence.
2.7 Be A Managed Entity
Provide a manger insight into the operation of the inter-autonomous
system routing environment to support resource management, problem
solving, and fault isolation. Allow for management control of the
routing system and collect useful information for the internetwork
management environment. Datagram events as well as the content and
distribution characteristics of relevant databases are of particular
importance.
2.8 Minimize Required Resources
Any feasible design should restrain the demand for resources required
to provide inter-autonomous systems routing. Of particular interest
are those resources required for data storage, transmission, and
processing. The design must be practical in terms of today's
technology. Specifically, do not assume significant upgrades to the
existing level of technology in use today for data communication
systems.
3. Functional Requirements
The functional requirements we have identified have been derived from
the overall goals and describe the critical features expected of
inter-autonomous system routing. To an extent, these functions are
vague in terms of detail. We do not, for instance, specify the
quantity or types for quality-of-service parameters. This is
purposeful, as the functional requirements specified here are
intended to define the features required of the inter-autonomous
system routing environment rather than the exact nature of this
environment. The functional requirements identified have been
loosely grouped according to areas of architectural impact.
3.1 Route Synthesis Requirements
Route synthesis is that functional area concerned with both route
selection and path determination (identification of a sequence of
intermediate systems) from a source to a destination. The functional
requirements identified here provide for path determination which is
adaptive to topology changes, responsive to administrative policy,
cognizant of quality-of-service concerns, and sensitive to an
interconnected environment of autonomously managed systems.
Little [Page 4]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
a) Route around failures dynamically
Route synthesis will provide a best effort attempt to detect
failures in those routing resources which are currently being
utilized. Upon detection of a failed resource, route synthesis
will provide a best effort to utilize other available routing
resources in an attempt to provide the necessary routing
service.
b) Provide loop free paths
The path provided for a datagram, from source to destination,
will be free of circuits or loops most of the time. At those
times a circuit or loop exists, it occurs with both negligible
probability and duration.
c) Know when a path or destination is unavailable
Route synthesis will be capable of determining when a path
cannot be constructed to reach a known destination.
Additionally, route synthesis will be capable of determining
when a given destination cannot be determined because the
requested destination is unknown (or this knowledge is
unavailable).
d) Provide paths sensitive to administrative policies
Route synthesis will accommodate the resource utilization
policies of those administrative entities which manage the
resources identified by the resulting path. However, it is
inconceivable to accommodate all policies which can be defined
by a managing administrative entity. Specifically, policies
dependent upon volatile events of great celerity or those which
are non-deterministic in nature cannot be accommodated.
e) Provide paths sensitive to user policies
Paths produced by route synthesis must be sensitive to policies
expressed by the user. These user policies are expressed in
terms relevant to known characteristics of the topology. The
path achieved will meet the requirements stated by the user
policy.
f) Provide paths which characterize user quality-of-service
requirements
The characteristics of the path provided should match those
indicated by the quality-of-service requested. When
Little [Page 5]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
appropriate, utilize only those resources which can support the
desired quality-of-service (e.g., bandwidth).
g) Provide autonomy between inter- and intra-autonomous system
route synthesis
The inter- and intra-autonomous system routing environments
should operate independent of one another. The architecture
and design should be such that route synthesis of either
routing environment does not depend upon information from the
other for successful functioning. Specifically, the inter-
autonomous system route synthesis design should minimize the
constraints on the intra-autonomous system route synthesis
decisions when transiting (or delivering to) the autonomous
system.
3.2 Forwarding Requirements
The following requirements specifically address the functionality of
the datagram forwarding process. The forwarding process transfers
datagrams to intermediate or final destinations based upon datagram
characteristics, environmental characteristics, and route synthesis
decisions.
a) Decouple inter- and intra-autonomous system forwarding
decisions
The requirement is to provide a degree of independence between
the inter-autonomous system forwarding decision and the intra-
autonomous system forwarding decision within the forwarding
process. Though the forwarding decisions are to be independent
of each other, the inter-autonomous system delivery process may
necessarily be dependent upon intra-autonomous system route
synthesis and forwarding.
b) Do not forward datagrams deemed administratively inappropriate
Forward datagrams according to the route synthesis decision if
it does not conflict with known policy. Policy sensitive route
synthesis will prevent normally routed datagrams from utilizing
inappropriate resources. However, a datagram routed abnormally
due to unknown events or actions can always occur and the only
way to prohibit unwanted traffic from entering or leaving an
autonomous system is to provide policy enforcement within the
forwarding function.
Little [Page 6]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
c) Do not forward datagrams to failed resources
A datagram is not to be forwarded to a resource known to be
unavailable, notably an intermediate system such as a gateway.
This implies some ability to detect and react to resource
failures.
d) Forward datagram according to its characteristics
The datagram forwarding function is to be sensitive to the
characteristics of the datagram in order to execute the
appropriate route synthesis decision. Characteristics to
consider are the destination, quality-of-service, precedence,
datagram (or user) policy, and security. Note that some
characteristics, precedence for example, affect the forwarding
service provided whereas others affect the path chosen.
3.3 Information Requirements
This functional area addresses the general information requirements
of the routing environment. This encompasses both the nature and
disbursal of routing information. The characteristics of the routing
information and its disbursal are given by the following functional
requirements.
a) Provide a distributed and descriptive information base
The information base must not depend upon either centralization
or exact replication. The content of the information base must
be sufficient to support all provided routing functionality,
specifically that of route synthesis and forwarding.
Information of particular importance includes resource
characteristics and resource utilization policies.
b) Determine resource availability
Provide a means of determining the availability of any utilized
resource in a timely manner. The timeliness of this
determination is dependent upon the routing service(s) to be
supported.
c) Restrain transmission utilization
The dynamics of routing information flow should be such that a
significant portion of transmission resources are not consumed.
Routing information flow should adjust to the demands of the
environment, the capacities of the distribution facilities
utilized, and the desires of the resource manager.
Little [Page 7]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
d) Allow limited information exchange
Information distribution is to be sensitive to administrative
policies. An administrative policy may affect the content or
completeness of the information distributed. Additionally,
administrative policy may determine the extent of information
distributed.
3.4 Environmental Requirements
The following items identify those requirements directly related to
the nature of the environment within which routing is to occur.
a) Support a packet-switching environment
The routing environment should be capable of supporting
datagram transfer within a packet-switched oriented networking
environment.
b) Accommodate a connection-less oriented user transport service
The routing environment should be designed such that it
accommodates the model for connection-less oriented user
transport service.
c) Accommodate 10K autonomous systems and 100K networks
This requirement identifies the scale of the internetwork
environment we view as appearing in the future. A routing
design which does not accommodate this order of magnitude is
viewed as being inappropriate.
d) Allow for arbitrary interconnection of autonomous systems
The routing environment should accommodate interconnectivity
between autonomous systems which may occur in an arbitrary
manner. It is recognized that a practical solution is likely
to favor a given structure of interconnectivity for reasons of
efficiency. However, a design which does not allow for and
utilize interconnectivity of an arbitrary nature would not be
considered a feasible design.
3.5 General Objectives
The following are overall objectives to be achieved by the inter-
autonomous routing architecture and its protocols.
a) Provide routing services in a timely manner
Little [Page 8]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
Those routing services provided, encapsulated by the
requirements stated herein, are to be provided in a timely
manner. The time scale for this provision must be reasonable
to support those services provided by the internetwork
environment as a whole.
b) Minimize constraints on systems with limited resources
Allow autonomous systems, or gateways, of limited resources to
participate in the inter-autonomous system routing
architecture. This limited participation is not necessarily
without cost, either in terms of responsiveness, path
optimization, or other factor(s).
c) Minimize impact of dissimilarities between autonomous systems
Attempt to achieve a design in which the dissimilarities
between autonomous systems do not impinge upon the routing
services provided to any autonomous system.
d) Accommodate the addressing schemes and protocol mechanisms of
the autonomous systems
The routing environment should accommodate the addressing
schemes and protocol mechanisms of autonomous systems, where
these schemes and mechanisms may differ among autonomous
systems.
e) Must be implementable by network vendors
This is to say that the algorithms and complexities of the
design must be such that they can be understood outside of the
research community and implementable by people other than the
designers themselves. Any feasible design must be capable of
being put into practice.
4. Non-Goals
In view of the conflicting nature of many of the stated goals and the
careful considerations and tradeoffs necessary to achieve a
successful design, it is important to also identify those goals or
functions which we are not attempting to achieve. The following
items are not considered to be reasonable goals or functional
requirements at this time and are best left to future efforts. These
are non-goals, or non-requirements, within the context of the goals
and requirements previously stated by this document as well as our
interpretation of what can be practically achieved.
Little [Page 9]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
a) Ubiquity
It is not a goal to design a routing environment in which any
participating autonomous system can obtain a routing service to
any other participating autonomous system in a ubiquitous
fashion. Within a policy sensitive routing environment, the
cooperation of intermediate resources will be necessary and
cannot be guaranteed to all participants. The concept of
ubiquitous connectivity will not be a valid one.
b) Congestion control
The ability for inter-autonomous system routing to perform
congestion control is a non-requirement. Additional study is
necessary to determine what mechanisms are most appropriate and
if congestion control is best realized within the inter-AS
and/or intra-AS environments, and if both, what the dynamics of
the interactions between the two are.
c) Load splitting
The functional capability to distribute the flow of datagrams,
from a source to a destination, across two or more distinct
paths through route synthesis and/or forwarding is a non-
requirement.
d) Maximizing the utilization of resources
There is no goal or requirement for the inter-autonomous system
routing environment to be designed such that it attempts to
maximize the utilization of available resources.
e) Schedule to deadline service
The ability to support a schedule to deadline routing service
is a non-requirement for the inter-autonomous routing
environment at this point in time.
f) Non-interference policies of resource utilization
The ability to support routing policies based upon the concept
of non-interference is a not a requirement. An example of such
a policy is one where an autonomous system allows the
utilization of excess bandwidth by external users as long as
this does not interfere with local usage of the link.
Little [Page 10]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
5. Considerations
Although neither a specific goal nor a functional requirement,
consideration must be given to the transition which will occur from
the current operational routing environment to a new routing
environment. A coordinated effort among all participants of the
Internet would be impractical considering the magnitude of such an
undertaking. Particularly, the issues of transitional coexistence,
as opposed to phased upgrading between disjoint systems, should be
addressed as a means to minimize the disruption of service. Careful
consideration should also be given to any required changes to hosts.
It is very unlikely that all hosts could be changed, given historical
precedence, their diversity and their large numbers.
Appendix - Issues in Inter-Autonomous Systems Routing
A.0 Acknowledgement
This appendix is an edited version of the now defunct document
entitled "Requirements for Inter-Autonomous Systems Routing", written
by Ross Callon in conjunction with the members of the Open Routing
Working Group.
A.1 Introduction
The information and discussion contained here historically precedes
that of the main document body and was a major influence on its
content. It is included here as a matter of reference and to provide
insight into some of the many issues involved in inter-autonomous
systems routing.
The following definitions are utilized:
Boundary Gateway
A boundary gateway is any autonomous system gateway which
has a network interface directly reachable from another
autonomous system. As a member of an autonomous system, a
boundary gateway participates in the Interior Gateway
Protocol and other protocols used for routing (and other
purposes) between other gateways of this same autonomous
system and between those networks directly reachable by this
autonomous system. A boundary gateway may also
participate in an Inter-Autonomous System Routing Protocol.
As a participant in the inter-autonomous system routing
protocol, a boundary gateway interacts with other boundary
gateways in other autonomous systems, either directly or
indirectly, in support of the operation of the
Little [Page 11]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
Inter-Autonomous System Routing Protocol.
Interior Gateway
An interior gateway is any autonomous system gateway which
is not a boundary gateway. As such, an interior gateway
does not have any network interfaces which are directly
reachable by any other autonomous system. An interior
gateway is part of an autonomous system and, as such,
takes part in the Interior Gateway Protocol and other
protocols used in that autonomous system. However, an
interior gateway does not directly exchange routing
information with gateways in other autonomous systems via
the Inter-Autonomous System Routing Protocol.
The following acronyms are used:
AS -- Autonomous System
This document uses the current definition of "Autonomous
System": a collection of cooperating gateways running a
common interior routing protocol. This implies that networks
and hosts may be reachable through one or more Autonomous
Systems.
NOTE: The current notion of "Autonomous System" implicitly
assumes that each gateway will belong to exactly one AS.
Extensions to allow gateways which belong to no AS's
and/or gateways which belong to multiple AS's, are beyond
the scope of this discussion. However, we do not preclude
the possibility of considering such extensions in the
future.
IARP -- Inter-Autonomous System Routing Protocol
This is the protocol used between boundary gateways for
the purpose of routing between autonomous systems.
IGP -- Interior Gateway Protocol
This is the protocol used within an autonomous system for
routing within that autonomous system.
A.2 Architectural Issues
The architecture of an inter-autonomous system routing environment is
mutually dependent with the notion of an Autonomous System. In
general, the architecture should maximize independence of the
Little [Page 12]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
internals of an AS from the internals of other AS's, as well as from
the inter-autonomous system routing protocols (IARP). This
independence should allow technological and administrative
differences among AS's as well as protection against propagation of
misbehavior. The following issues address ways to achieve
interoperation and protection, and to meet certain performance
criteria. We also put forth a set of minimal constraints to be
imposed among Autonomous Systems, and between inter- and intra-AS
functions.
A.2.1 IGP Behavior
The IARP should be capable of tolerating an Autonomous System in
which its IGP is unable to route packets, provides incorrect
information, and exhibits unstable behavior. Interfacing to such an
ill-behaved AS should not produce global instabilities within the
IARP and the IARP should localize any effects. On the other hand,
the IGP should provide a routing environment where the information
and connectivity provided to the IARP from the IGP does not exhibit
rapid and continual changes. An Autonomous System therefore should
appear as a relatively stable environment.
A.2.2 Independence of Autonomous Systems
The IARP should not constrain any AS to require the use any one
specific IGP. This applies both to IGPs and potentially to any other
internal protocols. The architecture should also allow intra-AS
routing and organizational structures to be hidden from inter-AS use.
An Autonomous System should not be required to use any one specific
type of linkage between boundary gateways within the AS. However,
there are some minimal constraints that gateways and the associated
interior routing protocol within an AS must meet in order to be able
to route Inter-AS traffic, as discussed in Section A.2.6.
A.2.3 General Topology
The routing architecture should provide significant flexibility
regarding the interconnection of AS's. The specification of IARP
should impose no inherent restriction on either interconnection
configuration or information passing among autonomous systems. There
may be administrative and policy limitations on the interconnection
of AS's, and on the extent to which routing information and data
traffic may be passed between AS's. However, there should be no
inherent restrictions imposed by limitations in the design of the
routing architecture. The architecture should allow arbitrary
topological interconnection of Autonomous Systems. Propagation of
routing information should not be restricted by the specification of
the IARP. For example, the restrictions imposed by the "core model"
Little [Page 13]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
used by EGP are not acceptable.
A.2.4 Routing Firewalls
We expect AS's to have a certain amount of insulation from other
AS's. This protection should apply to both the adequacy and
stability of routes produced by the routing scheme, and also to the
amount of overhead traffic and other costs necessary to run the
routing scheme. There are several forms which these "routing
firewalls" may take:
- An AS must be able to successfully route its own internal
traffic in the face of arbitrary failures of other IGPs and the
IARP. In other words, the AS should be able to effectively
shutout the rest of the world.
- The IARP should be able to operate correctly in the face of IGP
failures. In this case, correct operation is defined as
recognizing that an AS has failed, and routing around it if
possible (traffic to or from that AS may of course fail).
- In addition, problems in Inter-AS Routing should, as much as
possible, be limited in the extent of their effect.
Routing firewalls may be explicit, or may be inherent in the design
of the algorithms. We expect that both explicit and inherent
firewalls will be utilized. Examples of firewalls include:
- Separating Intra- and Inter-AS Routing to some extent
isolates each of these from problems with the other. Clearly
defined interfaces between different modules/protocols provides
some degree of protection.
- Access control restrictions may provide some degree of
firewalls. For example, some AS's may be non-transit (won't
forward transit traffic). Failures within such AS's may be
prevented from affecting traffic not associated with that AS.
- Protocol design can help. For example, with link state routing
you can require that both ends must report a link before is may
be regarded as up, thereby eliminating the possibility of a
single node causing fictitious links.
- Finally, explicit firewalls may be employed using explicit
configuration information.
Little [Page 14]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
A.2.5 Boundary Gateways
Boundary gateways will exchange Inter-AS Routing information with
other boundary gateways using the IARP. Each AS which is to take
part in Inter-AS Routing will have one or more boundary gateways, of
which one or more of these boundary gateways exchanges information
with peer boundary gateways in other AS's.
Information related to Inter-AS Routing may be passed between
connected boundary gateways in different AS's. Specific designated
boundary gateways will therefore be required to understand the IARP.
The external link between the boundary gateways may be accomplished
by any kind of connectivity that can be modeled as a direct link
between two gateways -- a LAN, an ARPANET, a satellite link, a
dedicated line, and so on.
A.2.6 Minimal Constraints on the Autonomous System
The architectural issues discussed here for inter-AS routing imply
certain minimal functional constraints that an AS must satisfy in
order to take part in the Inter-AS Routing scheme. These minimal
requirements are described in greater detail in this section. This
list of functional constraints is not necessarily complete.
A.2.6.1 Internal Links between Boundary Gateways
In those cases where an AS may act as a transit AS (i.e., may pass
traffic for which neither the source nor the destination is in that
AS), the gateways internal to that AS will need to know which
boundary gateway is to serve as the exit gateway from that AS. There
are several ways in which this may be accomplished:
1. Boundary gateways are directly connected
2. "Tunneling" (i) using source routing (ii) using encapsulation
3. Interior gateways participate (i) limited participation (ii)
fully general participation
With solution (1), the boundary gateways in an AS are directly
connected. This eliminates the need for other gateways in the AS to
have any knowledge of Inter-AS Routing. Transit traffic is passed
directly among the boundary gateways of the AS.
With solution (2), transit traffic may traverse interior gateways,
but these interior gateways are protected from any need to have
knowledge about Inter-AS routes by means such as source routing or
encapsulation. The boundary gateway by which the packet enters an AS
Little [Page 15]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
determines the boundary gateway which will serve as the exit gateway.
This may require that the entrance boundary gateway add a source
route to the packet, or encapsulate the packet in another level of IP
or gateway-to-gateway header. This allows boundary gateways to
forward data traffic using the appropriate tunnelling technique.
Finally, with solution (3), the interior gateways have some knowledge
of Inter-AS Routing. At a minimum, the interior gateways would need
to know the identity of each boundary gateway, the address(es) that
can be reached by that gateway, and the Inter-AS metric associated
with the route to that address(es). If the IARP allows for separate
routing for multiple TOS classes, then the information that the
interior gateways need to know includes a separate Inter-AS metric
for each TOS class. The Inter-AS metrics are necessary to allow
gateways to choose among multiple possible exit boundary gateways.
In general, it is not necessary for the Inter-AS metrics to have any
relationship with the metric used within an AS for interior routing.
The interior gateways do not need to know how to interpret the
exterior metrics, except to know that each metric is to be
interpreted as an unsigned integer and a lesser value is preferable
to a greater value. It would be possible, but not necessary, for the
interior gateways to have full knowledge of the IARP.
It is not necessary for the Inter-AS Routing architecture to specify
which of these solutions are to be used for any particular AS.
Rather, it is possible for individual AS's to choose which scheme or
combination of schemes to use. Independence of the IARP from the
internal operation of each AS implies that this decision be left up
to the internal protocols used in each AS. The IARP must be able to
operate as if the boundary gateways were directly connected.
A.2.6.2 Forwarding of Data from the AS
The scheme used for forwarding transit traffic across an AS also has
implications for the forwarding of traffic which originates within an
AS, but whose destination is reachable only from other AS's. If
either of solutions (1) or (2) in Section A.2.6.1 is followed, then
it will be sufficient for an interior gateway to forward such traffic
to any boundary gateway. Greater efficiency may optionally be
achieved in some cases by providing interior gateways with additional
information which will allow them to choose the "best" boundary
gateway in some sense. If solution (3) is followed, then the
information passed to interior gateways to allow them to forward
transit traffic will also be sufficient to forward traffic
originating within that AS.
Little [Page 16]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
A.2.6.3 Forwarding of Data to a Destination in the AS
If a packet whose destination is reachable from an AS arrives at that
AS, then it is desired that the interior routing protocol used in
that AS be able to successfully deliver the packet without reliance
on Inter-AS Routing. This does not preclude that the Inter-AS
Routing protocol will deal with partitioned AS's.
An AS may have access control, security, and policy restrictions that
restrict which data packets may enter or leave the AS. However, for
any data packet which is allowed access to the AS, the AS is expected
to deliver the packet to its destination without further restrictions
between parts of the AS. In this sense, the internal structure of
the AS should not be visible to the IARP.
A.3 Policy Issues
The interconnection of multiple heterogeneous networks and multiple
heterogeneous autonomous systems owned and operated by multiple
administrations into a single combined internet is a very complex
task. It is expected that the administrations associated with such
an internet will wish to impose a variety of constraints on the
operation of the internet. Specifically, externally imposed routing
constraints may include a variety of transit access control,
administrative policy, and security constraints.
Transit access control refers to those access control restrictions
which an AS may impose to restrict which traffic the AS is willing to
forward. There are a large number of access control restrictions
which one could envision being used. For example, some AS's may wish
to operate only as "non-transit" AS's, that is, they will only
forward data traffic which either originates or terminates within
that AS. Other AS's may restrict transit traffic to datagrams which
originate within a specified set of source hosts. Restrictions may
require that datagrams be associated with specific applications (such
as electronic mail traffic only), or that datagrams be associated
with specific classes of users.
Policy restrictions may allow either the source of datagrams, or the
organization that is paying for transmission of a datagram, to limit
which AS's the datagrams may transit. For example, an organization
may wish to specify that certain traffic originating within their AS
should not transit any AS administered by its main competitor.
Security restrictions on traffic relates to the official security
classification level of traffic. As an example, an AS may specify
that all classified traffic is not allowed to leave its AS.
Little [Page 17]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
The main problem with producing a routing scheme which is sensitive
to transit access control, administrative policy, and security
constraints is the associated potential for exponential growth of
routes. For example, suppose that there are 20 packets arriving at a
particular gateway, each for the same destination, but subject to a
different combination of access control, policy, and security
constraints. It is possible that all 20 packets would need to follow
different routes to the destination.
This explosive growth of routes leads to the question: "Is it
practically feasible to deal with complete general external routing
constraints?" One approach would allow only a smaller subset of
constraints, chosen to provide some useful level of control while
allowing minimal impact on the routing protocol. Further work is
needed to determine the feasibility of this approach.
There is another problem with dealing with transit access control,
policy, and security restrictions in a fully general way.
Specifically, it is not clear just what the total set of possible
restrictions should be. Efforts to study this issue are currently
underway, but are not expected to produce definitive results within a
short to medium time frame. It is therefore not practical to wait
for this effort to be finished before defining the next generation of
Inter-AS Routing.
A.4 Service Features
The following paragraphs discuss issues concerning the services an
Inter-AS Routing Protocol may provide. This is not a complete list
of service issues but does address many of those services which are
of concern to a significant portion of the community.
A.4.1 Cost on Toll Networks
Consideration must be given to the use of routing protocols with toll
(i.e., charge) networks. Although uncommon in the Internet at the
moment, they will become more common in the future, and thought needs
to be given to allowing their inclusion in an efficient and effective
manner.
There are two areas in which concerns of cost intrude. First,
provision must be made to include in the routing information
distributed throughout the system the information that certain links
cost money, so that traffic patterns may account for the cost.
Second, the actual operation of the algorithm, in terms of the
messages that must be exchanged to operate the algorithm, must
recognize that fact that on certain links, the exchange may have an
associated cost which must be taken into account. These areas often
Little [Page 18]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
involve policy questions on the part of the user. It is a
requirement of the algorithm that facilities be available to allow
different groups to answer these questions in different ways. The
first area is related to type-of-service routing, and is discussed in
Section A.4.2. The second area is discussed below.
Previous attempts at providing these sorts of controls were
incomplete because they were not thought through fully; a new effort
must avoid these pitfalls. For instance, even though the Hello rate
in EGP may be adjusted, turning the rate down too low (to control the
costs) could cause the route to be dropped from databases through
timeout.
In a large internet, changes will be occurring constantly; a
simplistic mechanism might mean that a site which is only connected
by toll networks has to either accept having an old picture of the
network, or spend more to keep a more current picture of things.
However, that is not necessarily the case if incomplete knowledge and
cache-based techniques are used more. For instance, if a site
connected only by toll links keeps an incomplete or less up-to-date
map of the situation, an agreement with a neighbor which does not
labor under these restrictions might allow it to get up-to-date
information only when needed.
A.4.2 Type-of-Service Routing
The need for type-of-service (TOS) has been increasing as networks
become more heterogeneous in physical channel components, high-level
applications, and administrative management. For instance, some
recently installed fiber cables provide abundant communication
bandwidths, while old narrow-band channels will still be with us for
a long time period. Electronic mail traffic tolerates delivery
delays and low throughput. New image transmissions are coming up;
these require high bandwidths but are not effected by a few bit
errors. Furthermore, some networks may soon install accounting
functions to charge users, while others may still provide free
services.
Considering the long life span of a new routing architecture, it is
mandatory that it be built with mechanisms to provide TOS routing.
Unfortunately, we have had very little experience with TOS routing,
even with a single network. No TOS routing system has ever been
field-tested on a large-scale basis.
We foresee the need for TOS routing and recognize the possible
complexities and difficulties in design and implementation. We also
consider that new applications coming along may require novel
services that are unforeseeable today. We feel a practical approach
Little [Page 19]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
is to provide a small set of TOS routing functions as a first step
while the design of the architecture should be such that new classes
of TOS can be easily added later and incrementally deployed. The
Inter-AS Routing Architecture should allow both globally and locally
defined TOS classes.
We intend to address TOS routing based on the following metrics:
- Delay
- Throughput
- Cost
Delay and throughput are the main network performance concerns.
Considering that some networks may soon start charging users for the
transmission services provided, the cost should also be added as a
factor in route selection.
Reliability is not included in the above list. Different
applications with different reliability requirements will differ in
terms of what Transport Protocol they use. However, IP offers only a
"moderate" level of reliability, suitable to applications such as
voice, or possibly even less than that required by voice. The level
of reliability offered by IP will not differ substantially based on
the application. Thus the requested level of reliability will not
affect Inter-AS Routing.
Delay and throughput will be measured from the physical
characteristics of communication channels, without considering
instantaneous load. This is necessary in order to provide stable
routes, and to minimize the overhead caused by the Inter-AS Routing
scheme.
A number of TOS service classes may be defined according to these
metrics. Each class will present defined requirements for each of
the TOS metrics. For example, one class may require low delay,
require only low throughput, and require low cost.
A.4.3 Multipath Routing
There are two types of multipath routing which are useful for Inter-
AS Routing: (1) there may be multiple gateways between any two
neighboring AS's; (2) there may be multiple AS-to-AS paths between
any pair of source and destination AS's. Both forms of multipath are
useful in order to allow for loadsplitting. Provision for multipath
routing in the IARP is desirable, but not an absolute requirement.
Little [Page 20]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
A.5 Performance Issues
The following paragraphs discuss issues related to the performance of
an Inter-AS Routing Protocol. This discussion addresses size as well
as efficiency considerations.
A.5.1 Adaptive Routing
It is necessary that the Inter-AS Routing scheme respond in a timely
fashion to major network problems, such as the failure of specific
network resources. In this sense, Inter-AS Routing needs to use
adaptive routing mechanisms similar to those commonly used within
individual networks and AS's. It is important that the adaptive
routing mechanism chosen for Inter-AS Routing achieve rapid
convergence following internet topological changes, with little or
none of the serious convergence problems (such as "counting to
infinity") that have been experienced in some existing dynamic
routing protocols.
The Inter-AS Routing scheme must provide stability of routes. It is
totally unacceptable for routes to vary on a frequent basis. This
requirement is not meant to limit the ability of the routing
algorithm to react rapidly to major topological changes, such as the
loss of connectivity between two AS's. The need for adaptive routing
does not imply any desire for load-based routing.
A.5.2 Large Internets
One key question in terms of the targets is the maximum size of the
Internet this algorithm is supposed to support. To some degree, this
is tied to the timeline for which this protocol is expected to be
active. However, it is necessary to have some size targets.
Techniques that work at one order of size may be impractical in a
system ten or twenty times larger.
Over the past five years there has been an approximate doubling of
the Internet each year. In January 1988, there were more than 330
operational networks and more than 700 network assigned numbers.
Exact figures for the future growth rate of the Internet are
difficult to predict accurately. However, if this doubling trend
continues, we would reach 10,000 nets sometime near January 1993.
Taking a projection purely on the number of networks (the top level
routing entity) may be overly conservative since the introduction and
wide use of subnets has absorbed some growth, but will not continue
to be able to do so. In addition, there are plans being discussed
that will continue or accelerate the current rate of growth.
Nonetheless, the number of networks is very important because
Little [Page 21]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
networks constitute the "top level entities" in the current
addressing structure.
The implications of the size parameter are fairly serious. The
current system has only one level of addressing above subnets. While
it is possible to adjust certain parameters (for example, the
unsolicited or unnecessary retransmission rate) to produce a larger
but less robust system, other parameters (for example, the rate of
change in the system) cannot be so adjusted. This will provide
eventual limits on the size of a system that can be dealt with in a
flat address space.
The exact size that necessitates moving from the current single-
level system to a multi-level system is not clear. Among the
parameters which affect it are the assumed minimum speed of links in
the system (faster links can allocate more bandwidth to routing
traffic before it becomes obtrusive), speed and memory capacity of
routing nodes (needed to store and process routing data), rate at
which topology changes, etc. The maximum size which can be handled
in a single layer is generally thought to be somewhere on the order
of 10 thousand objects. The IARP must be designed to deal with
internets bigger than this.
A.5.3 Addressing Implications
Given the current rate of growth of the Internet, we can expect that
the current addressing structure will become unworkable early within
the lifetime of the new IARP. It is therefore essential that any new
IARP be able to use a new addressing format which allows for
addressing hierarchies beyond the network level. Any new IARP should
allow for graceful migration from the current routing protocols, and
should also allow for graceful migration from a routing scheme based
on the current addressing, to a scheme based on a new multi-level
addressing format such as that described by OSI 8473.
A.5.4 Memory, CPU, and Bandwidth Costs
Routing costs can be measured in terms of the memory needed to store
routing information, the CPU costs of calculating routes and
forwarding packets, and the bandwidth costs of exchanging routing
information and of forwarding packets. These significant factors
should provide the basis for comparison between competing proposals
in IARP design.
Little [Page 22]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
The routing architecture will be driven by the expected size of the
Internet, the expected memory capacity of the gateways, capacity of
the Inter-AS links, and the computing speed of the gateways. Given
our experience with the current Internet, it is clearly necessary for
the scheme to function adequately even if the Internet grows more
quickly than we predict and its capacity grows more slowly. Memory,
CPU, and bandwidth costs should be in line with what is economically
practical at any point in time given the size of the Internet at that
time.
A.6 Other Issues
The following are issues of a general nature and includes discussion
of items which have been considered to be best left for future
efforts.
A.6.1 Implementation
The specification of IARP should allow interoperation among multi-
vendor implementations. This requires that multiple vendors be able
to implement the same protocol, and that equipment from multiple
vendors be able to interoperate successfully.
There are potential practical difficulties of realizing multi-vendor
interoperation. Any such difficulty should not be inherent to the
protocol specifications. Towards this end, we should produce a
protocol specification that is precise and unambiguous. This implies
that the specification should include a detailed specification using
Pseudo-Code or a Formal Description Technique.
A.6.2 Configuration
It is expected that any IARP will require a certain amount of
configuration information to be maintained by gateways. However, in
practice it is often difficult to maintain configuration information
in a fully correct and up-to-date form. Problems in configuration
have been known to cause significant problems in existing operational
networks and internets. The design of an Inter-AS Routing
architecture must therefore simplify the maintenance of configuration
information, consistent with other requirements. Simplification of
configuration information may require minimizing the amount of
configuration information, and using automated or semi-automated
configuration mechanisms.
A.6.3 Migration
In any event, whether the address format changes or not, a viable
transition plan which allows for interoperability must be arranged.
Little [Page 23]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
In a system of this magnitude, which is in operational use, a
coordinated change is not possible. Where possible, changes should
not affect the hosts, since deploying such a change is probably
several orders of magnitude more difficult than changing only the
gateways, due to the larger number of host implementations as well as
hosts. There are two important questions that need to be addressed:
(1) migration from the existing EGP to a new IARP; (2) migration from
the current DD IP to future protocols (including the ISO IP, and
other future protocols).
A.6.4 Load-Based Routing
Some existing networks are able to route packets based on current
load in the network. For example, one approach to congestion
involves adjusting the routes in real time to send as much traffic as
possible on lightly loaded network links.
This sort of load-based routing is a relatively delicate procedure
which is prone to instability. It is particularly difficult to
achieve stability in multi-vendor environments, in large internets,
and in environments characterized by a large variation in network
characteristics. For these reasons, we believe that it would be a
mistake to attempt to achieve effective load-based routing in an
Inter-AS Routing scheme.
A.6.5 Non-Interference Policies
There are policies which are in effect, or desired to be in effect,
which are based upon the concept of non-interference. These policies
state that the utilization of a given resource is permissible by one
party as long as that utilization does not disrupt the current or
future utilization of another party. These policies are often of the
kind "you may use the excess capacity of my link" without
guaranteeing any capacity will be available. The expectation is to
be able to utilize the link as needed, perhaps to the exclusion of
the other party. The problem with supporting such a policy is the
need to be cognizant of highly dynamic state information and the
implicit requirement to adapt to these changes. Rapid, persistent,
and non-deterministic state changes would lead to routing
oscillations and looping. We do not believe it is feasible to
support policies based on these considerations in a large
internetworking environment based on the current design of IP.
Security Considerations
Security issues are not addressed in this memo.
Little [Page 24]
^L
RFC 1126 Inter-Autonomous System Routing October 1989
Author's Address
Mike Little
Science Applications International Corporation (SAIC)
8619 Westwood Center Drive
Vienna, Virginia 22182
Phone: 703-734-9000
EMail: little@SAIC.COM
Little [Page 25]
^L
|
