Re: [Hipsec] a state machine proposal for mm-03
Miika Komu <miika@iki.fi> Mon, 10 April 2006 20:37 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FT38x-0003Al-2N; Mon, 10 Apr 2006 16:37:51 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FT38v-0003Ag-Au for hipsec@ietf.org; Mon, 10 Apr 2006 16:37:49 -0400
Received: from twilight.cs.hut.fi ([130.233.40.5]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FT38t-0003Zi-Rv for hipsec@ietf.org; Mon, 10 Apr 2006 16:37:49 -0400
Received: by twilight.cs.hut.fi (Postfix, from userid 60001) id 4FC002FD7; Mon, 10 Apr 2006 23:37:47 +0300 (EEST)
X-Spam-Checker-Version: SpamAssassin 3.1.1-niksula20060321 (2006-03-10) on twilight.cs.hut.fi
X-Spam-Level:
X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.1.1-niksula20060321
X-Spam-Niksula: No
Received: from kekkonen.cs.hut.fi (kekkonen.cs.hut.fi [130.233.41.50]) by twilight.cs.hut.fi (Postfix) with ESMTP id CDEC12F5B; Mon, 10 Apr 2006 23:37:46 +0300 (EEST)
Received: (from mkomu@localhost) by kekkonen.cs.hut.fi (8.11.7p1+Sun/8.10.2) id k3AKbk909037; Mon, 10 Apr 2006 23:37:46 +0300 (EEST)
Date: Mon, 10 Apr 2006 23:37:46 +0300
From: Miika Komu <miika@iki.fi>
X-X-Sender: mkomu@kekkonen.cs.hut.fi
To: Pekka Nikander <pekka.nikander@nomadiclab.com>, hipsec@ietf.org
Subject: Re: [Hipsec] a state machine proposal for mm-03
In-Reply-To: <Pine.GSO.4.58.0604101247030.26662@kekkonen.cs.hut.fi>
Message-ID: <Pine.GSO.4.58.0604101734020.26662@kekkonen.cs.hut.fi>
References: <Pine.GSO.4.58.0604031851540.25408@kekkonen.cs.hut.fi> <9AEF0EF5-18B0-4D1D-8722-37DB49721A94@nomadiclab.com> <Pine.GSO.4.58.0604101247030.26662@kekkonen.cs.hut.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 386e0819b1192672467565a524848168
Cc:
X-BeenThere: hipsec@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hipsec>
List-Post: <mailto:hipsec@lists.ietf.org>
List-Help: <mailto:hipsec-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@lists.ietf.org?subject=subscribe>
Errors-To: hipsec-bounces@lists.ietf.org
> I have a feeling that you are imposing the complexity on the design > yourself. You seem to be making assumptions that seem unnecessary and > complicating to me. For example, why do you attempt to have some kind > of mirrored and identical state machines at both ends? I see no need > for that. You also seem to try too hard or achieve a too strong > consistency between the hosts. Try to think simple, and have address- > based rather than host-based state machines. Maybe the state machines are now perhaps separated now better. I revised it based your nits online and also Tobias Heer gave some offline comments. They could be used even as simplified, example models instead of forcing them to be mandatory if the flebility/parallelity is the issue. For example, the processing rules of section 5 could be illustrated and summarized in section 5.7 with the simplified state machine. Pekka, thanks for references. I have some background reading to do. Please decide as you think is best for the draft. Other tasks await me already. == Common state machine == Receive HIP UPDATE in ESTABLISHED: - Verify the HIP packet: HMAC, SIG, the presence, dependencies and validity of the parameters. - If the result is failure, goto DROP. - If success, proceed based on presence of LOCATOR, ECHO_REQUEST or ECHO_RESPONSE (only one of them can be contained in the packet) == MN example state machine == Send UPDATE with LOCATOR: - Triggered at the MN depending on changes in network attachments and according to local policies - Removed addresses are DEPRECATED (and not included in the LOCATOR) - All other addresses are ACTIVE - Set preferred LOCATOR depending on local policies - Send UPDATE with LOCATOR for the CN Received ECHO REQUEST: - Send ECHO_RESPONSE UPDATE retransmission timeout for LOCATOR: - State is UNVERIFIED - Resend and decrease retransmission counter - Any other state - DROP and zero retransmission counter == CN example mobility state machine === Received LOCATOR: - For each MN address not present anymore in the locator - Goto DEPRECATED - For each old MN address (already known) in the received LOCATOR - State is DEPRECATED - Goto UNVERIFIED and send ECHO_REQUEST - State is ACTIVE - Stay in ACTIVE - For each new MN address in the received LOCATOR - State is UNVERIFIED - Send ECHO_REQUEST Received ECHO_RESPONSE: - For each MN address in the corresponding LOCATOR - State is UNVERIFIED or ACTIVE - Goto ACTIVE - Change preferred LOCATOR when necessary - Any other state, DROP Receive ESP: - For the ESP address - State is UNVERIFIED - Verify ESP validity. Goto DROP if failed - Process ESP if there are credits left, and decrease credits. - Otherwise DROP - State is ACTIVE - Process ESP - Any other state, DROP Send ESP: - Increase credits UPDATE retransmission timeout for ECHO_REQUEST (at CN): - State is UNVERIFIED - If retransmission counter is zero, goto DEPRECATED - Otherwise, resend and decrease retransmission counter - Any other state - DROP and zero retransmission counter ==== -- Miika Komu miika@iki.fi http://www.iki.fi/miika/ _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec
- [Hipsec] a state machine proposal for mm-03 Miika Komu
- Re: [Hipsec] a state machine proposal for mm-03 Pekka Nikander
- Re: [Hipsec] a state machine proposal for mm-03 Miika Komu
- Re: [Hipsec] a state machine proposal for mm-03 Pekka Nikander
- RE: [Hipsec] a state machine proposal for mm-03 Henderson, Thomas R
- Re: [Hipsec] a state machine proposal for mm-03 Miika Komu
- RE: [Hipsec] a state machine proposal for mm-03 Miika Komu