Multihoming
Encyclopedia
Multihoming is a technique used to increase the reliability of the Internet connection for an IP
network. As an adjective, it is typically used to describe a customer, rather than an Internet service provider
(ISP) network. In the context of competing business networks, platform multihoming refers to the condition of users affiliating with more than a single platform.
Single Link, Multiple IP address (spaces): The host has multiple IP address
es (e.g. 2001:db8::1 and 2001:db8::2 in IPv6
), but only one physical upstream link. When the single link fails, connectivity is down for all addresses.
Multiple Interfaces, Single IP address per interface: The host has multiple interfaces
and each interface has one, or more, IP addresses. If one of the links fails, then its IP address becomes unreachable, but the other IP addresses will still work. Hosts that have multiple IPv6 or IPv4 records enabled can then still be reachable at the penalty of having the client program
time out and retry on the broken address. Existing connections can't be taken over by the other interface, as TCP
does not support this. To remedy this, one could use SCTP
which does allow this situation. However SCTP is not used very much in practice.
Multiple Links, Single IP address (space): This is what in general is meant with Multihoming. With the use of a routing protocol
, in most cases BGP
, the end-site announces this address space to its upstream links. When one of the links fails, the protocol notices this on both sides and traffic is not sent over the failing link any more. Usually this method is used to multihome a site and not for single hosts.
Multiple Links, Multiple IP address (spaces):This approach uses a specialized Link Load Balancer (or WAN Load Balancer) appliance between the firewall and the link routers. No special configuration is required in the ISP’s routers. It allows use of all links at the same time to increase the total available bandwidth and detects link saturation and failures in real time to redirect traffic. Algorithms allow traffic management. Incoming balancing is usually performed with a real time DNS resolution.
Another common use of this variant is to control routing between the separate address spaces used by each interface. This is often used for PC Server based firewalls.
(SPOF), certain implementation caveats apply which can affect the success of such a strategy.
In particular, each of the following items must be addressed in order to eliminate the network SPOF:
The elimination of a single point of failure is achieved only when each component that could potentially fail is duplicated.
number. Then a connection to two (or more) separate ISPs is established. The routing over these connections is normally controlled by a BGP
enabled router.
In the case where one outgoing link from the multihomed network fails, outgoing traffic will automatically be routed via one of the remaining links. More importantly, other networks will be notified, through BGP updates of the multihomed network routes, of the need to route incoming traffic via another ISP and link.
A key pitfall in multihoming is that two apparently independent links, from completely different ISPs may actually share a common transmission line and/or edge router. This will form a single point of failure
and considerably reduce the reliability benefits from multihoming.
Another problem to look out for is that multihoming too small a network may not be effective since route filtering
is very common among BGP users and smaller prefixes may be filtered out. This will make multihoming fail.
) is not yet standardized, as discussions about the various possible approaches to multihoming are still unresolved.
Because many ISPs filter out route announcements with small prefixes, this will generally require a large "ISP-sized" IP allocation, such as a /32, to ensure global reachability. Using such large prefixes is an inefficient use of IPv6's address space; there are only about 4 billion /32 prefixes. However, from a pragmatic perspective, allocating a /32 is equivalent in global address space cost to allocating a single IPv4 address, and this may be acceptable if, as seems to be likely for the foreseeable future, the number of multihomed sites can be numbered only in the millions, as opposed to the many billions of non-multihomed endpoints which are anticipated to comprise the vast majority of IPv6 endpoints. Some RIRs such as RIPE has started to allocate /48 from a specific prefix for this purpose. RIPE allocate IPv6 PI /48s or shorter from 2001:0678::/29.
IPv6 multihoming:
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
network. As an adjective, it is typically used to describe a customer, rather than an Internet service provider
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
(ISP) network. In the context of competing business networks, platform multihoming refers to the condition of users affiliating with more than a single platform.
Multihoming variants
In the IP context, there are several ways to multihome, separate from the actual protocols used to do so, amongst which the most important are:Single Link, Multiple IP address (spaces): The host has multiple IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
es (e.g. 2001:db8::1 and 2001:db8::2 in IPv6
IPv6
Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
), but only one physical upstream link. When the single link fails, connectivity is down for all addresses.
Multiple Interfaces, Single IP address per interface: The host has multiple interfaces
Network interface
Network interface may refer to:* Network interface controller, the device a computer uses to connect to a computer network* Network interface device, a demarcation point for a telephone network...
and each interface has one, or more, IP addresses. If one of the links fails, then its IP address becomes unreachable, but the other IP addresses will still work. Hosts that have multiple IPv6 or IPv4 records enabled can then still be reachable at the penalty of having the client program
Client (computing)
A client is an application or system that accesses a service made available by a server. The server is often on another computer system, in which case the client accesses the service by way of a network....
time out and retry on the broken address. Existing connections can't be taken over by the other interface, as TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
does not support this. To remedy this, one could use SCTP
Stream Control Transmission Protocol
In computer networking, the Stream Control Transmission Protocol is a Transport Layer protocol, serving in a similar role to the popular protocols Transmission Control Protocol and User Datagram Protocol...
which does allow this situation. However SCTP is not used very much in practice.
Multiple Links, Single IP address (space): This is what in general is meant with Multihoming. With the use of a routing protocol
Routing protocol
A routing protocol is a protocol that specifies how routers communicate with each other, disseminating information that enables them to select routes between any two nodes on a computer network, the choice of the route being done by routing algorithms. Each router has a priori knowledge only of...
, in most cases BGP
Border Gateway Protocol
The Border Gateway Protocol is the protocol backing the core routing decisions on the Internet. It maintains a table of IP networks or 'prefixes' which designate network reachability among autonomous systems . It is described as a path vector protocol...
, the end-site announces this address space to its upstream links. When one of the links fails, the protocol notices this on both sides and traffic is not sent over the failing link any more. Usually this method is used to multihome a site and not for single hosts.
Multiple Links, Multiple IP address (spaces):This approach uses a specialized Link Load Balancer (or WAN Load Balancer) appliance between the firewall and the link routers. No special configuration is required in the ISP’s routers. It allows use of all links at the same time to increase the total available bandwidth and detects link saturation and failures in real time to redirect traffic. Algorithms allow traffic management. Incoming balancing is usually performed with a real time DNS resolution.
Another common use of this variant is to control routing between the separate address spaces used by each interface. This is often used for PC Server based firewalls.
Multihoming caveats
While multihoming is generally used to eliminate network connectivity as a potential single point of failureSingle point of failure
A single point of failure is a part of a system that, if it fails, will stop the entire system from working. They are undesirable in any system with a goal of high availability or reliability, be it a business practice, software application, or other industrial system.-Overview:Systems can be made...
(SPOF), certain implementation caveats apply which can affect the success of such a strategy.
In particular, each of the following items must be addressed in order to eliminate the network SPOF:
- Upstream connectivity: A given network operations center must have multiple upstream links to independent providers. Furthermore, to lessen the possibility of simultaneous damage to all upstream links, the physical location of each of these upstream links should be physically diverse: far enough apart that a piece of machinery (such as a backhoeBackhoeA backhoe, also called a rear actor or back actor, is a piece of excavating equipment or digger consisting of a digging bucket on the end of a two-part articulated arm. They are typically mounted on the back of a tractor or front loader...
) won't accidentally sever all connections at the same time. - Routers: Routers and switchesNetwork switchA network switch or switching hub is a computer networking device that connects network segments.The term commonly refers to a multi-port network bridge that processes and routes data at the data link layer of the OSI model...
must be positioned such that no single piece of network hardware controls all network access to a given host. In particular, it is not uncommon to see multiple Internet uplinks all converge on a single edge router. In such a configuration, the loss of that single router disconnects the Internet uplink, despite the fact that multiple ISPs are otherwise in use. - Host connectivity: A "reliable" host must be connected to the network over multiple network interfaceNetwork interfaceNetwork interface may refer to:* Network interface controller, the device a computer uses to connect to a computer network* Network interface device, a demarcation point for a telephone network...
s, each connected to a separate router or switch. Alternatively, and preferably, the function of a given host could be duplicated across multiple computers, each of which is connected to a different router or switch. - Referencing Entities: Not only must a host be accessible, but in many cases it must also be "referenced" to be useful. For most servers, this means in particular that the name resolutionDomain name systemThe Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
to that server be functional. For example, if the failure of a single element blocks users from properly resolving the DNS name of that server, then the server is effectively inaccessible, despite its otherwise connected state.
The elimination of a single point of failure is achieved only when each component that could potentially fail is duplicated.
IPv4 multihoming
In order to be multihomed, a network must have its own public IP address range and an ASAutonomous system (Internet)
Within the Internet, an Autonomous System is a collection of connected Internet Protocol routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet....
number. Then a connection to two (or more) separate ISPs is established. The routing over these connections is normally controlled by a BGP
Border Gateway Protocol
The Border Gateway Protocol is the protocol backing the core routing decisions on the Internet. It maintains a table of IP networks or 'prefixes' which designate network reachability among autonomous systems . It is described as a path vector protocol...
enabled router.
In the case where one outgoing link from the multihomed network fails, outgoing traffic will automatically be routed via one of the remaining links. More importantly, other networks will be notified, through BGP updates of the multihomed network routes, of the need to route incoming traffic via another ISP and link.
A key pitfall in multihoming is that two apparently independent links, from completely different ISPs may actually share a common transmission line and/or edge router. This will form a single point of failure
Single point of failure
A single point of failure is a part of a system that, if it fails, will stop the entire system from working. They are undesirable in any system with a goal of high availability or reliability, be it a business practice, software application, or other industrial system.-Overview:Systems can be made...
and considerably reduce the reliability benefits from multihoming.
Another problem to look out for is that multihoming too small a network may not be effective since route filtering
Route filtering
In the context of network routing, route filtering is the process by which certain routes are not considered for inclusion in the local route database, or not advertised to one's neighbours...
is very common among BGP users and smaller prefixes may be filtered out. This will make multihoming fail.
IPv6 multihoming
Multihoming in the next-generation Internet Protocol (IPv6IPv6
Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
) is not yet standardized, as discussions about the various possible approaches to multihoming are still unresolved.
Current solutions
- Provider Independent Address SpaceProvider Independent Address SpaceA provider-independent address space is a block of IP addresses assigned by a regional Internet registry directly to an end-user organization...
is available in IPv6. This technique has the advantage of working like IPv4, supporting traffic balancing across multiple providers, and maintaining existing TCP and UDP sessions through cut-overs. Critics say that the increased size of routing tableRouting tableIn computer networking a routing table, or Routing Information Base , is a data table stored in a router or a networked computer that lists the routes to particular network destinations, and in some cases, metrics associated with those routes. The routing table contains information about the...
s needed to handle multi-homing in this way will overwhelm current router hardware. Proponents say that new hardware will be able to handle the increase due to cheaper memory, which drops in price according to Moore's lawMoore's LawMoore's law describes a long-term trend in the history of computing hardware: the number of transistors that can be placed inexpensively on an integrated circuit doubles approximately every two years....
. Proponents also say this is the only viable solution right now, and the worse is betterWorse is betterWorse is better, also called the New Jersey style, was conceived by Richard P. Gabriel to describe the dynamics of software acceptance, but it has broader application. The idea is that quality does not necessarily increase with functionality. There is a point where less functionality is a...
philosophy supports the idea that it is better to deploy an imperfect solution now than a perfect solution after it's too late.
Because many ISPs filter out route announcements with small prefixes, this will generally require a large "ISP-sized" IP allocation, such as a /32, to ensure global reachability. Using such large prefixes is an inefficient use of IPv6's address space; there are only about 4 billion /32 prefixes. However, from a pragmatic perspective, allocating a /32 is equivalent in global address space cost to allocating a single IPv4 address, and this may be acceptable if, as seems to be likely for the foreseeable future, the number of multihomed sites can be numbered only in the millions, as opposed to the many billions of non-multihomed endpoints which are anticipated to comprise the vast majority of IPv6 endpoints. Some RIRs such as RIPE has started to allocate /48 from a specific prefix for this purpose. RIPE allocate IPv6 PI /48s or shorter from 2001:0678::/29.
Other current possibilities
- Automated renumbering. If one uplink goes down, all addresses in the network will be renumbered into a new /48 subnet. DNS and firewall records must be updated to redirect traffic to a different /48 subnet. This renumbering will break live TCP and UDP sessions.
- Maintaining multiple simultaneous sets of host addresses, from different upstream /48's for each host, and using multiple AAAA records. This works in most cases, but has the disadvantage that DNS and firewall records must be updated to redirect traffic to the correct set of IP addresses if one of the links goes down. Since this also changes IP addresses on failure, it will still break live TCP and UDP sessions.
Potential future solutions
- Site Multihoming by IPv6 IntermediationSite Multihoming by IPv6 Intermediation-Architecture:The SHIM6 architecture defines SHIM6 Failure Detection and Locator Pair Exploration functions. The first is used to detect outages through the path defined by the current locator pair for a communication. To achieve this, hints provided by upper protocols such as TCP are used, or...
- Con: Operators don't believe in it
- Con: Multihoming configured on host stack, no support for middleboxes (firewalls, proxies)
- Host Identity ProtocolHost Identity ProtocolThe Host Identity Protocol is a host identification technology for use on Internet Protocol networks, such as the Internet. The Internet has two main name spaces, IP addresses and the Domain Name System. HIP separates the end-point identifier and locator roles of IP addresses...
- Host Identity Protocol
- Con: Not deployed
- Con: All applications need to support it
- Pro: Free certificates
- Stream Control Transmission ProtocolStream Control Transmission ProtocolIn computer networking, the Stream Control Transmission Protocol is a Transport Layer protocol, serving in a similar role to the popular protocols Transmission Control Protocol and User Datagram Protocol...
- Stream Control Transmission Protocol
- Con: All applications need to support it
- Locator/Identifier Separation ProtocolLocator/Identifier Separation ProtocolLISP is a "map-and-encapsulate" protocol which is currently developed by the Internet Engineering Task Force LISP Working Group. The basic idea behind the separation is that the Internet architecture combines two functions, routing locators and identifiers in one number space: the IP address...
- Locator/Identifier Separation Protocol
See also
- The Media independent handover or vertical handover standard IEEE 802.21IEEE 802.21802.21 is an IEEE standard published in 2008. The standard supports algorithms enabling seamless handover between networks of the same type as well as handover between different network types also called Media independent handover or vertical handover...
- Mobile IPMobile IPMobile IP is an Internet Engineering Task Force standard communications protocol that is designed to allow mobile device users to move from one network to another while maintaining a permanent IP address. Mobile IP for IPv4 is described in IETF RFC 5944, and extensions are defined in IETF RFC 4721...
- Load balancingLoad balancing (computing)Load balancing is a computer networking methodology to distribute workload across multiple computers or a computer cluster, network links, central processing units, disk drives, or other resources, to achieve optimal resource utilization, maximize throughput, minimize response time, and avoid...
External links
IPv4 multihoming:- O'Reilly article on BGP Multihoming
- Elfiq Networks' introduction to multihoming though link balancer appliances without BGP
- Cisco multihoming configuration example
- Linux Multihoming configuration example
- Windows Multihoming example for Single Link, Multiple IP address (Link down as per 2009 Jan 28, see the internet archive for a cached version)
IPv6 multihoming: