Re: sockets APIs extensions for Host Identity Protocol
Keith Moore <moore@cs.utk.edu> Fri, 11 May 2007 08:13 UTC
Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HmQFS-0004In-H7; Fri, 11 May 2007 04:13:10 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1HmQFR-0004Ia-Hu for discuss-confirm+ok@megatron.ietf.org; Fri, 11 May 2007 04:13:09 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HmQFP-0004IN-Pb for discuss@apps.ietf.org; Fri, 11 May 2007 04:13:08 -0400
Received: from bes.cs.utk.edu ([160.36.56.220]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HmQFP-0006nr-Al for discuss@apps.ietf.org; Fri, 11 May 2007 04:13:07 -0400
Received: from localhost (localhost [127.0.0.1]) by bes.cs.utk.edu (Postfix) with ESMTP id B45821032AD; Fri, 11 May 2007 04:13:02 -0400 (EDT)
X-Virus-Scanned: by amavisd-new with ClamAV and SpamAssasin at cs.utk.edu
Received: from bes.cs.utk.edu ([127.0.0.1]) by localhost (bes.cs.utk.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LwOIzrx+yFfv; Fri, 11 May 2007 04:12:57 -0400 (EDT)
Received: from lust.indecency.org (user-119b1dm.biz.mindspring.com [66.149.133.182]) by bes.cs.utk.edu (Postfix) with ESMTP id B3F93103099; Fri, 11 May 2007 04:12:56 -0400 (EDT)
Message-ID: <46442588.7020405@cs.utk.edu>
Date: Fri, 11 May 2007 04:12:56 -0400
From: Keith Moore <moore@cs.utk.edu>
User-Agent: Thunderbird 2.0.0.0 (Macintosh/20070326)
MIME-Version: 1.0
To: Miika Komu <miika@iki.fi>
Subject: Re: sockets APIs extensions for Host Identity Protocol
References: <Pine.SOL.4.64.0705041801060.14418@kekkonen.cs.hut.fi> <20070507082737.GB21759@nic.fr> <46413DD7.8020702@cs.utk.edu> <20070509121703.GA21070@nic.fr> <4641CA52.70504@cs.utk.edu> <Pine.LNX.4.64.0705091449360.26169@hermes-1.csi.cam.ac.uk> <4641D94C.9070304@cs.utk.edu> <Pine.SOL.4.64.0705102013550.10049@kekkonen.cs.hut.fi> <46436B10.5090706@cs.utk.edu> <Pine.SOL.4.64.0705102159020.10049@kekkonen.cs.hut.fi> <4643F873.3000501@cs.utk.edu> <Pine.SOL.4.64.0705110851440.24038@kekkonen.cs.hut.fi>
In-Reply-To: <Pine.SOL.4.64.0705110851440.24038@kekkonen.cs.hut.fi>
X-Enigmail-Version: 0.95.0
OpenPGP: id=E1473978
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 3002fc2e661cd7f114cb6bae92fe88f1
Cc: discuss@apps.ietf.org
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org
>> It strikes me that if I'm using opportunistic HIP, then I probably want >> to use normal sockaddr_in* structures and do a setsockopt() that says >> "give me HIP if both ends support it" before doing connect() or >> listen(). In that case I'd want getpeername() to still return the >> peer's (current) IP address, but I'd want additional functions to return >> the peer's HIT. In that case I don't see any real value in having >> locally-scoped pseudo-HITs. The reason for doing things this way is >> that it would require fewer changes to legacy code to support >> opportunistic HIP. > > We have implemented opportunistic mode in the HIPL implementation in > the way you described. It required some tricks under the sockets API > hood to get it working, but it is great for legacy apps. Even > referrals work, assuming that you are behind a NAT or a firewall :) in other words, they don't work. :) > What about "native" HIP applications that are aware of HIP? The whole > point of the locally scoped identifier was to provide single, unified > end-point token to applications. Is it acceptable to handle both > sockaddr_in and sockaddr_hip structures in HIP aware apps? I think a > single identifier type would be simpler. I don't know why a HIP-aware app would use sockaddr_in* for any socket on which it wanted to use HIP. Such an app might want to use sockaddr_in for some sockets if it had a reason to not use HIP on specific sockets. (say for diagnostic purposes) I must have missed the point of locally-scoped identifiers. I thought it was so that you could fit a pseudo-HIT into 32 bits and pretend it was an IPv4 address for the sake of backward compatibility. But if your application was written to be HIP-aware, it would be cleaner to use HIP-specific sockaddrs. And in that case, why use a locally-scoped identifier when you can use a globally-scoped one? (and if your application wasn't originally written to use HIP it's probably the case that the best you can hope for with small mods to your code is opportunistic HIP anyway.) >> OTOH, if I'm doing "real" HIP then I want to use something like a >> sockaddr_hip structure that lets me specify both the HIT (as the >> "address") and a variable number of IP addresses (including both IPv4 >> and IPv6 addresses) at which the peer named by the HIT might be >> reachable (or at which a redirect to the actual peer might be >> obtainable). > > The is certainly possible. One could also implement opportunistic mode > by leaving out the HIT from sockaddr_hip and by specifying only the > IP. However, there is an inherent problem with this approach as > described below. > >> And then you probably want a HIP-specific replacement for >> getaddrinfo() that will return not only addresses but also the HIT >> associated with a DNS name and whatever other information is useful in a >> form that's easily stuffed into a sockaddr_hip. > > Why this can't be done in the current resolver by specifying a flag? for starters, the addrinfo structure doesn't have a field for a HIT, and in a HIP aware app you'd certainly want to specify which HIT you wanted to talk to. neither does addrinfo have any way of representing things that are quite reasonable - like a single DNS name mapping to multiple HITs, each of which maps to multiple IP addresses, where some of those addresses are addresses at which the peer might reasonably be found, and others are for redirect servers. more generally, getaddrinfo() sucks so bad that any excuse to get rid of it is worth considering. >> really you want to be able to map a DNS name into multiple HITs, each of >> which can have zero or more IPv* addresses associated with it.... and >> you want a standard data structure that consists of a HIT + IP addresses >> that can be passed around in referrals. > > The problem with this approach is that it will encourage developers to > use the IP address directly from the socket address structure. The > host corresponding to the HIT may have changed it's IP address at that > point (independently of whether the structure describes the local or > remote host). I believe that it is be much better to "force" the > developer to obtain a valid IP address using a separate function call > (see draft-ietf-shim6-multihome-shim-api). An extra call should not be > a problem in a HIP aware application. it's certainly the case that DNS-to-HIT mapping might change independently of a HIT-to-IP mapping. that, and when there are multiple HITs associated with a single DNS name, a single routine might end up doing several different lookups for the HIT-to-IP mappings, which could take a lot of time. so on reflection I agree that it makes sense to do the lookups separately.
- sockets APIs extensions for Host Identity Protocol Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Stephane Bortzmeyer
- Re: sockets APIs extensions for Host Identity Pro… Chris Newman
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Stephane Bortzmeyer
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Stephane Bortzmeyer
- Re: sockets APIs extensions for Host Identity Pro… Stephane Bortzmeyer
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- RE: sockets APIs extensions for Host Identity Pro… Henderson, Thomas R
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Tony Finch
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- RE: sockets APIs extensions for Host Identity Pro… Chris Newman
- Re: sockets APIs extensions for Host Identity Pro… Chris Newman
- Re: sockets APIs extensions for Host Identity Pro… Chris Newman
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Tony Finch
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Tony Finch
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu