We have developed a prototype implementation of the extended directory and routing service required in TRIAD. The key issues are the client name lookup performance and the directory/routing storage and maintenance overhead.
Regarding name lookup, we expect most environments to use transparent IRTs, which have the concatenation property mentioned in Section 4. Thus, the caching of names behaves the same as with current DNS because a name server can lookup the address to an authoritative server once, then send name requests using the relay fast path to this server rather than through the name service on each intervening relay agent. The concatenation property also allows addresses looked up for one client to be used for another client on the same ``side'' of a relay node. Caching of names thus behaves the same as with current DNS.
Opaquing the IRTs can defeat caching, particularly if the returned IRT encodes source dependencies, but the cost is low compared to the other overheads with secure connection setup.
On a name cache miss, in TRIAD, the name lookup may proceed through several relay nodes, causing a full name lookup at each relay node. In contrast, a conventional DNS name cache miss (within an enterprise) causes a DNS request to be sent to a root name server. Thus, TRIAD may use more cycles in total, summed across several relay nodes, but it distributes this load over the relay nodes on the path of communication. In contrast, DNS incurs fewer total lookup cycles but concentrates the demand on the smaller number of root servers.
The number of name suffixes which must be searched is large, but not unacceptably so. There are currently 1.7 million second-level names in use world-wide, e.g. Harvard.EDU, Ietf.ORG, etc. (This number closely matches the number of suffixes obtained from the experiment explained below.) Assuming 64 bytes of space per entry (including hash indexes, etc.), storing the whole name database would cost 128 megabytes, an insignificant amount of disk space, even if the number was to be 10 times as much by the time TRIAD was deployed. NBRP table lookup is not on the packet forwarding fast path, unlike IP routing, so time spent searching the table is typically only paid during connection setup rather than per-packet. Note also that name lookups already encounter the cost of searching through a database of this size in conventional DNS.
In sum, we expect TRIAD name lookup to have comparable performance and scaling as current DNS, differing primarily for portions of the Internet configured for greater security requirements than supported by current DNS.
Considering the directory and routing overhead, at the ISP level, the name aggregation generally closely matches the address and routing aggregation. For example, Harvard.EDU corresponds to a small number of IP address ranges that further correspond to a small number of routes. This strong correspondence means the aggregation feasible with routing table entries is largely intact in going to name-based routing and directory services. Conversely, organizations with large numbers of hosts scattered throughout the Internet are uncommon.
To evaluate the expected performance of name-based routing in the current Internet, we processed a comprehensive list of address-to-name mappings in the Domain Name System[17] and BGP table dumps from the MAE-East exchange point[18] by the following algorithm, making the assumption that address realm boundaries roughly correspond to current BGP autonomous system boundaries:
One representative set of results is shown in Table 1.
Table 1: Number of routes (and aggregates) in thousands for different site and aggregate threshold values.
With a site threshold of 10 and an aggregate threshold of 3,
NBRP produces approximately 14,800 routing table entries
(and 5,900 aggregates)
which improves significantly on the original BGP number
of 68,200 routing table entries.
These numbers indicate that NBRP results in a set of destinations (and thus update frequency) comparable to BGP; higher-level aggregation may be able to reduce this yet further without resorting to renumbering or renaming.
BGP does have a limited mechanism for aggregation: a single route update may include several address prefixes. It is not clear the extent to which BGP software makes use of this to optimize update calculations: there is no requirement that advertisements keep these address prefixes together, and the address ranges must appear separately in the IP routing table. The entry in Table 1 corresponding to ``original BGP'' with an aggregation threshold of 3 indicating 11,800 entries indicates the best possible number of routes with BGP aggregation.
Addition of a new name is common, unlike addition of new BGP prefixes, and this name information must propagate to all relay points. However, name addition is done on human time scales; during the recent past, third-level domain names have been added at about 12 per minute. To put this in perspective, a backbone router may receive more than 2,000 routing updates per minute. Also, the actual level of routing updates necessary for new names will be lower, since changes to aggregates can be ``batched'' to reflect many new names with one update.