[Hipsec-rg] HIPRG meeting minutes posted

oleg.ponomarev at hiit.fi (Oleg Ponomarev) Tue, 07 April 2009 11:49 UTC

From: "oleg.ponomarev at hiit.fi"
Date: Tue, 07 Apr 2009 14:49:14 +0300
Subject: [Hipsec-rg] HIPRG meeting minutes posted
In-Reply-To: <77F357662F8BFA4CA7074B0410171B6D07B0BFEF@XCH-NW-5V1.nw.nos.boeing.com>
References: <77F357662F8BFA4CA7074B0410171B6D07B0BFEF@XCH-NW-5V1.nw.nos.boeing.com>
Message-ID: <alpine.LFD.2.00.0904071444120.18931@stargazer.pc.infrahip.net>

Hi! On Thu, 2 Apr 2009, Henderson, Thomas R wrote:

> The meeting minutes for our San Francisco meeting are posted: 
> http://www.ietf.org/proceedings/09mar/minutes/HIPRG.txt
> Please reply to the list if you would like to make corrections.

Just some minor corrections:

--- HIPRG.txt	2009-04-02 19:49:00.000000000 +0300
+++ HIPRG-oleg.txt	2009-04-07 14:42:49.000000000 +0300
@@ -60,13 +60,15 @@
     (See slides)
     - Robert: There should be the address of the RVS in the DNS, not the
  address of the device.
+   - Oleg: I think HIP RR should be more flexible, but ok, if RVS is the device itself
     - Tim Shepard: Are all applications going through HIP?
     - Oleg Ponomarev: Destination HIT determines need for HIP.
     - Tim: Firefox is not a good example for a application that needs HIP.
     - Oleg: HIP may well be useful for long-lasting connections.
     - Tim: Legacy apps should not use HIP by default. Firefox will probably
  not be a legacy app for long.
-   - Oleg: I would like to see HIP in practice, not just in a lab.
+   - Oleg: It is just an example, I will change it next time. I would 
+like to make HIP usable to see HIP in practice, not only in a lab.
     - Tom: Will this be discussed in another meeting here in San Fransisco?
     - Oleg: Just breiefly with DNS ops people.
     - Tom: We should continue discussions this on the list.
@@ -110,8 +112,13 @@
   - Oleg: You need massive caching in the name resolver system. What would
  be the size of such cache?
   - Xiaohu: This is a general issue for map-and-encaps.
- - Oleg: To my experience, even one host with GB connection can easily 
-overload such system.
+ - Oleg: What happens when hosts in the network get infected and start 
+to send SYN packets to random IP addresses at the max speed? To my 
+experience, even one such host with GigabitEthernet connection can 
+overload low-cost routers. What will be the performance of your mapping 
+servers? What if there are thousands of such hosts?
+ - Xiaohu: we did not think about it [try to recap the answer. Oleg]
   - Tom: This seems to be HIP with hierarchical HITs?
   - Xiaohu: Yes.
   - Tom: So this is a tunelling mechanism for dealing with legacy hosts?

Regards, Oleg.