Please comment: Is asymmetric routing harmful?

We've always been trying to minimize asymmetric routing, in both design and implementation phase, as it impacts a number of IP services/features, including:

  • Network Address Translation;
  • Content-based Access Control (CBAC);
  • Reflexive access lists;
  • Redundant firewalls (at least until recently);
  • IP Multicast;

In some scenarios, asymmetric routing can impact delay/jitter and consequently the perceived quality of service.

However, asymmetric routing is a reality within the Internet (it's close to impossible to guarantee symmetric routing even for multi-homed end users) and it might even help in some scenarios (low-speed/low-delay upstream link with high-speed/high-delay downstream link).

What's your opinion? Is asymmetric routing harmful? Should we strive to avoid it ... or do you just accept it as one of facts of life?

10 comments:

  1. If you're inserting state into the network via devices/services such as stateful firewalls and NAT, which require symmetrical routing *at a given area of the topology*, then, sure, you need to enforce traffic symmetry *in that particular area of the topology*. But otherwise, it's generally inefficient and undesirable to try and engineer artificial symmetry, especially in networks which are larger than a handful of devices, where it's well-nigh impossible, even if it were desirable, which it isn't.

    To be clear, asymmetry, far from being considered a negative, is often *desirable*.
  2. in our case - when we deal with voice - asymmetrical routing is killing; it introduces Jitter as two ISP's cant be same (even if you have Managed MPLS from them). But generally, Asymmetrical routing on internet cause different peering issues and in-case you get stuck with such a problem, its very hard to solve it.
  3. Roland put it very well, so I don't have much to add. I fully agree with his explanations.

    Indeed, traffic demands in any realistic IP network are very often asymmetric in volume, i.e. A sends to B more that B to A. This is a natural asymmetry inherent in general purpose IP networks usage patterns.

    On the side note: if a network carries *only* voice traffic, this argument doesn't apply, since voice traffic matrices are almost perfectly symmetric.

    Forcing artificial path symmetry onto network with sufficiently asymmetric traffic matrix would result in suboptimal resource utilization and possibly congestion on overloaded paths.

    Sometimes, symmetric routing is *percieved* as easier to understand and troubleshoot, but in reality it doesn't make much difference.

    All in all, forced path symmetry, unless dictated by stateful network elements, doesn't buy you much, but can lead to suboptimalities in your network. IMHO, routing symmetry per se is not a valid design goal, but optimal routing in terms of network utilization is.
  4. yeah I have to agree with roland and dbg. Well said guys. I guess perception has a lot to do with it. Symmetric anything is usually perceived as easier to understand and troubleshoot but the reality is that its not always possible. In striving for symmetric routing you can over-engineer the network and actually make it more difficult to understand and troubleshoot.
  5. binary-zero - routing asymmetry isn't your problem. Throughput/bandwidth/backhaul asymmetry is your problem.
  6. asymmetric routing causes jitter, one way audio, packet loss and quality issues. You might find it useful under some circumstances for Data Traffic but it is a NO-NO on voice traffic.

    Cheers, UC
  7. I don't see how you could hope to achieve symmetrical routing over BGP, nor why if you are motivated by keeping costs down and staying employed.
  8. @Guest above-- I know it's impossible to force symmetry, but I don't see why BGP prepending wouldn't handle the majority of multi-homed ISP scenarios?

    Dan
  9. From my experience the multicast requires to pass RPF check - it is required to have loop free multicast routing.
    Another example is spoofinc prevention when we employ uRPF (http://tools.ietf.org/html/rfc3704).
    There are other examples like unknown MAC flooding when the asymmetric routing causes switch to flood unkwnon router MAC (HSRP environment with aymmetric routing).

    I do not think the aymmetric routing is completelly harmless if you do not have stateful elements on the path... It's much more complex problem when you deal with complex networks.
  10. In addition to multicast RPF check, certain upper-layer protocols such as NTP or even applications (arguably design limitation or poorly written) are impacted by asymmetric routing, mainly due to the transit time difference between the two directions. Personally I would minimise asymmetric routing within administrative boundary, influence as much as possible the carriers or ISP to do the same, and accept that asymmetric routing is the norm out on the internet.
Add comment
Sidebar