Re: [Anima] Is this how BRSKI/IPIP works?

Toerless Eckert <> Mon, 17 July 2017 16:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DD831131CAC for <>; Mon, 17 Jul 2017 09:32:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CF-aTSI4JrWJ for <>; Mon, 17 Jul 2017 09:32:41 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CA5B2131CAA for <>; Mon, 17 Jul 2017 09:32:40 -0700 (PDT)
Received: from ( [IPv6:2001:638:a000:4134::ffff:77]) by (Postfix) with ESMTP id C222258C4CB; Mon, 17 Jul 2017 18:32:36 +0200 (CEST)
Received: by (Postfix, from userid 10463) id 91251B0C5EF; Mon, 17 Jul 2017 18:32:36 +0200 (CEST)
Date: Mon, 17 Jul 2017 18:32:36 +0200
From: Toerless Eckert <>
To: Michael Richardson <>
Cc: Eliot Lear <>, Anima WG <>
Message-ID: <>
References: <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <>
Subject: Re: [Anima] Is this how BRSKI/IPIP works?
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 17 Jul 2017 16:32:43 -0000

I think.... *righ*... eg: The only clean way with IPinIP is that every proxies
subnet can be distinguished on a registrar by the encapsulation header of IPinIP
and that only has source and destination ACP ULA addresses, yada yada: we need
either more ULA on the proxy and/or the registrar. 

I guess we do not want any on-demand actions on the proxy because that would be
a dynamic state establishment that we try to avoid, so the proxy would need
to set up all the state needed upfront which means it needs one IPinIP tunnel
per subinterface, just at the off-chance that some pledges have the same address.

So then we look at the total address waste and obviously we may have 1000 pledges
but 1 or few registrars, so it definitely would make most sense to get these addresses
on the registrar, announce via GRASP and let pleges build tunnels with them.

And the registrars would dynamically build these tunnels based on (Src,Dst) encap headers
received, and hopefully somebody comes up with a better way for linux to do this than
loosing the first packet which seems to be what Michael is running into.

And given how the tunnels ultimately are built only on a (per-proxy,interface)
basis there is also not a direct attack vector against dynamic creation based
on nasty pledges.

So, i am warming up more to this ;-)


On Mon, Jul 17, 2017 at 10:55:40AM +0200, Michael Richardson wrote:
> Eliot Lear <> wrote:
>     > On the other hand, maybe it's fundamental, but is relying on LL in this
>     > architecture to go beyond LL boundaries the right thing to do?
> We've already established a way around the concern that made me think
> that we needed multiple LL for the proxy, and also that we needed multiple
> Ar for the proxy connection.
> --
> Michael Richardson <>, Sandelman Software Works
>  -= IPv6 IoT consulting =-