Re: sockets APIs extensions for Host Identity Protocol
Miika Komu <miika@iki.fi> Fri, 11 May 2007 15:26 UTC
Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HmX0v-0004o6-Ma; Fri, 11 May 2007 11:26:37 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1HmX0u-0004ny-Ek for discuss-confirm+ok@megatron.ietf.org; Fri, 11 May 2007 11:26:36 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HmX0u-0004nq-5D for discuss@apps.ietf.org; Fri, 11 May 2007 11:26:36 -0400
Received: from twilight.cs.hut.fi ([130.233.40.5]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HmX0r-00055g-IA for discuss@apps.ietf.org; Fri, 11 May 2007 11:26:36 -0400
Received: by twilight.cs.hut.fi (Postfix, from userid 60001) id 031CF2CFA; Fri, 11 May 2007 18:26:30 +0300 (EEST)
X-Spam-Checker-Version: SpamAssassin 3.2.0-niksula20070322 (2007-05-01) on twilight.cs.hut.fi
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.2.0-niksula20070322
X-Spam-Niksula: No
Received: from kekkonen.cs.hut.fi (kekkonen.cs.hut.fi [130.233.41.50]) by twilight.cs.hut.fi (Postfix) with ESMTP id EE55C2CED; Fri, 11 May 2007 18:26:29 +0300 (EEST)
Date: Fri, 11 May 2007 18:26:29 +0300
From: Miika Komu <miika@iki.fi>
X-X-Sender: mkomu@kekkonen.cs.hut.fi
To: Keith Moore <moore@cs.utk.edu>
Subject: Re: sockets APIs extensions for Host Identity Protocol
In-Reply-To: <4644779F.60805@cs.utk.edu>
Message-ID: <Pine.SOL.4.64.0705111801430.8816@kekkonen.cs.hut.fi>
References: <Pine.SOL.4.64.0705041801060.14418@kekkonen.cs.hut.fi> <20070507082737.GB21759@nic.fr> <46413DD7.8020702@cs.utk.edu> <20070509121703.GA21070@nic.fr> <4641CA52.70504@cs.utk.edu> <Pine.LNX.4.64.0705091449360.26169@hermes-1.csi.cam.ac.uk> <4641D94C.9070304@cs.utk.edu> <Pine.SOL.4.64.0705102013550.10049@kekkonen.cs.hut.fi> <46436B10.5090706@cs.utk.edu> <Pine.SOL.4.64.0705102159020.10049@kekkonen.cs.hut.fi> <4643F873.3000501@cs.utk.edu> <Pine.SOL.4.64.0705110851440.24038@kekkonen.cs.hut.fi> <46442588.7020405@cs.utk.edu> <Pine.SOL.4.64.0705111344130.16213@kekkonen.cs.hut.fi> <4644779F.60805@cs.utk.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5d7a7e767f20255fce80fa0b77fb2433
Cc: discuss@apps.ietf.org
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org
On Fri, 11 May 2007, Keith Moore wrote: > >>> I don't know why a HIP-aware app would use sockaddr_in* for any socket >>> on which it wanted to use HIP. Such an app might want to use >>> sockaddr_in for some sockets if it had a reason to not use HIP on >>> specific sockets. (say for diagnostic purposes) >> >> Sorry, I meant sockaddr_in6 in this case. > > the same argument applies. If I want to specify that I'm connecting to > a HIT, I don't want to use a sockaddr_in6 structure to do that and have > it somehow magically know the difference between a HIT and an IPv6 > address. I want to use a sockaddr_hit structure for that. That way, I > get a clean separation of layers, with all that that implies - better > ability to distinguish errors from different layers and handle each > appropriately, clearer visibility to the programmer as to what's > happening underneath the API, etc. Ok. Would you be fine with having a new address family (AF_HIP) to separate between sockaddr_hip and sockaddr_in6? >>> I must have missed the point of locally-scoped identifiers. I thought >>> it was so that you could fit a pseudo-HIT into 32 bits and pretend it >>> was an IPv4 address for the sake of backward compatibility. >> >> Yes. There can be two types of "pseudo-HITs": >> >> Local Scope Identifier (HIP legacy apps draft): >> * Looks like an IPv4 address >> * Might even have a locally configured prefix to separate between a LSI >> and non-LSI address >> >> Endpoint descriptor (HIP native apps draft): >> * Looks more like a FD (increasing or random number) >> * No prefix > > I don't immediately see the purpose of the latter type of pseudo-HIT? > (guess I should go dig up the draft...) I don't see any reason to give HIP aware applications LSIs that look like IPv4 addresses but are actually presenting HITs. Here's also a couple of short slide sets: http://www3.ietf.org/proceedings/05aug/slides/apparea-3.pdf http://www3.ietf.org/proceedings/06jul/slides/hip-2.pdf And some future research extensions for the endpoint descriptors: http://kathrin.dagstuhl.de/files/Materials/06/06441/06441.KomuMiika.Abstract.txt http://kathrin.dagstuhl.de/files/Materials/06/06441/06441.KomuMiika.Slides.pdf >>> But if your application was written to be HIP-aware, it would be >>> cleaner to use HIP-specific sockaddrs. And in that case, why use a >>> locally-scoped identifier when you can use a globally-scoped one? >>> (and if your application wasn't originally written to use HIP it's >>> probably the case that the best you can hope for with small mods to >>> your code is opportunistic HIP anyway.) >> >> Yes, but how to do opportunistic mode in a new application that wants >> to use opportunistic mode for some connections and normal mode for >> others? > > well, the setsockopt() mechanism for enabling opportunistic HIP that > would be useful for modifying legacy apps could also be used for new apps. > > if you wanted to have a mechanism to do the same thing with > sockaddr_hit, say by setting the HIT field to HIT_UNKNOWN or some such, > that could be defined also. though the details would be interesting to > work out. Ok. >> One of reasons for the local-scope identifier was to hide the "which >> HIT maps to which IP" complexity from the application. This does not >> prevent the application rearranging the identifiers behind the >> locally-scoped >> identifiers using a separate function call. > > at this level of API, hiding the "which HIT maps to which IP" complexity > seems misguided. let the high-level API do that. you need an API that > exposes this stuff. Right. >> What kind of redirect servers are we talking about? > > I haven't keep track of the HIP discussions on this topic, so I don't > know what they're being called. but at one time there was an idea that > you could have a server that could be associated with a HIT that would > securely be updated with current IP addresses for that HIT, and which > could securely tell peers of that HIT when the host associated with the > HIT had moved. (those servers would need to be located at relatively > stable addresses). you'd want to be able to discover those servers > through DNS or a similar mechanism. I think you are talking about rendezvous server that are similar to the home agents in MobileIP. > we're a very long way from being able to trust a kernel to make > effective address selection across a wide variety of network > environments and application requirements. until we get there, the > addresses need to be exposed to the application, and the application > needs to be able to specify which addresses are allowed to be used. if > nothing else, you're going to need that for diagnostics. if some user > tells his sysadmin that his program can't connect to HIT xxxx, the > sysadmin has no way to know how to debug the problem. if instead the > message is "cannot connect to HIT xxxx at address yyyy", a traceroute to > yyyy might yield some useful information. > > granted, however, that the sockaddr_hit structure can only communicate > the IP addresses at which the peer with that HIT might initially be > found. once the connection is established, all assumptions about the > HIT-to-IP bindings that were established in sockaddr_hit are invalid. Are you fine with a sockaddr_hit structure that contains only the HIT and letting a getsockopt() call to figure out the IP addresses in the context of HIP aware applications? (I think getsockname and getpeername should return the HITs.) -- Miika Komu http://www.iki.fi/miika/
- sockets APIs extensions for Host Identity Protocol Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Stephane Bortzmeyer
- Re: sockets APIs extensions for Host Identity Pro… Chris Newman
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Stephane Bortzmeyer
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Stephane Bortzmeyer
- Re: sockets APIs extensions for Host Identity Pro… Stephane Bortzmeyer
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- RE: sockets APIs extensions for Host Identity Pro… Henderson, Thomas R
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Tony Finch
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- RE: sockets APIs extensions for Host Identity Pro… Chris Newman
- Re: sockets APIs extensions for Host Identity Pro… Chris Newman
- Re: sockets APIs extensions for Host Identity Pro… Chris Newman
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Tony Finch
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Tony Finch
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu