Large scale interdomain beaconing - draft document This document brainstorm various ideas about how to run the distributed beacon tool on a large scale Internet. It does not discuss how to display the informations gathered by beacons but only protocol and infrastructure issues. 1. Hypothesis We assume that each domains enabled ASM internally (aka they setup a PIM-SM RP) in their domains and that they want to test SSM reachability between sources distributed in various domains of the Internet : ASM is enabled in intra domain, and SSM is enabled in interdomain. A same domain may be distributed geographically. 2. Objectives dbeacon protocol must scale at the interdomain level, this means that it should be possible to stress it with the following hypothesis : - A large number of beacons can be run simultaneously : a number of 10 beacons per domain with 100 domains should be easily reachable. - Theses 1000 potential beacons must belong to the same logical beacon session and must be manageable easily in a distributed way. 3. Solutions 3.1 Distributed dbeacon management We believe that a large part of the interdomain beaconing rely on infrastructure and management problems. Each domains must be responsible of its internal sets of beacons and provide reachability informations to others domains. - The rules to advertise reachability information about internals beacon still needs to be determined, but could be based on political or technical aspects. 3.2 One ASM group per domain Each domains should allocate internally one group address used to send and receive beacon probes. This allow a plug and play feature of beacons inside the domain. One still have to setup an (HTTP) server to be able to read the information on a nice web page. They may be intra domain problems and only a subset of the domain may be reachable in interdomain during a period of time. This must be solved. 3.3 One multi-source SSM session between domains Each domains will have their set of border beacon. Theses beacons registered to their internal group and to the interdomain SSM session group. The problem is how to bootstrap the border beacons as SSM do not provide an in-band source discovery mechanism. We suppose that border beacons are quite stable, and that once a border beacon bootstrapped the SSM group session, it receive interdomain multicast reachability via this session. - A seed node is required to bootstrap a border beacon, this seed node is another already active beacon sending toward a well known SSM channel used to propagate session information. This seed active node can be found on a web page. The bootstrapping mechanism involves no particular protocol actions, instead a starting beacon joins the chosen seed node's SSM channel and follows the protocol: waits for beacon reports and while it doesn't receive a report about itself sends period unicast reports to the seed beacons. This integrates bootstrapping into the architecture without any protocol additions while at the same time managing the fact that SSM provides only unidirectional communication. No special protocol considerations need to be taken to support border beacons as well, the only problem is border router discovery and SSM channel setup which we provided solutions for above. Border beacons are point of convergence in the infrastructure in the sense that they know about intra and inter domain stats. So to see if a domain can reach a extra domain source it must be possible to ask it to the respective border domain, maybe by looking at the border domain beacon web page. 3.4 Security One must cope with possible bad seed nodes announcing wrong informations about the session. We assume that most of the border beacons are "good" beacons and announce good information. One solution to detect bad beacons or bad announced SSM source would be to register to them one by one and check them against others information present in the session. By building a kind of "trust" multicast session between border beacon, the security can be improved.