[Hipsec-rg] HIPRG meeting minutes posted

xuxh at huawei.com (Xu Xiaohu) Tue, 07 April 2009 12:26 UTC

From: "xuxh at huawei.com"
Date: Tue, 07 Apr 2009 20:26:20 +0800
Subject: [Hipsec-rg] HIPRG meeting minutes posted
In-Reply-To: <alpine.LFD.2.00.0904071444120.18931@stargazer.pc.infrahip.net>
Message-ID: <000401c9b77c$0eeadaf0$5e0c6f0a@china.huawei.com>

Hi Oleg,

> @@ -110,8 +112,13 @@
>    - Oleg: You need massive caching in the name resolver 
> system. What would
>   be the size of such cache?
>    - Xiaohu: This is a general issue for map-and-encaps.

The cache issue has been mentioned many many times before by different
people in RRG. However, it is still an open issue, and some volunteers from
RRG are now engaged in deep research on it.

> - - Oleg: To my experience, even one host with GB connection 
> can easily -overload such system.
> + - Oleg: What happens when hosts in the network get infected 
> and start 
> +to send SYN packets to random IP addresses at the max speed? To my 
> +experience, even one such host with GigabitEthernet connection can 
> +overload low-cost routers. What will be the performance of 
> your mapping 
> +servers? What if there are thousands of such hosts?
> + - Xiaohu: we did not think about it [try to recap the answer. Oleg]

In fact, we can use some kind of overlay network (e.g. , the virtual
aggregation approach(http://tools.ietf.org/html/draft-francis-intra-va-00).)
to forward the packets once the cache is poisoned. That is one of the
reasons why RANGI adopts the hierarchical host identifers.


>    - Tom: This seems to be HIP with hierarchical HITs?
>    - Xiaohu: Yes.
>    - Tom: So this is a tunelling mechanism for dealing with 
> legacy hosts?
> --
> Regards, Oleg.
> _______________________________________________
> Hipsec-rg mailing list
> Hipsec-rg at listserv.cybertrust.com
> https://listserv.cybertrust.com/mailman/listinfo/hipsec-rg