Re: [Hipsec] fault-tolerance for base exchange and update
"Laganier, Julien" <julienl@qualcomm.com> Wed, 20 January 2010 17:14 UTC
Return-Path: <julienl@qualcomm.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1234E3A659B for <hipsec@core3.amsl.com>; Wed, 20 Jan 2010 09:14:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8RrU6G+eFLpK for <hipsec@core3.amsl.com>; Wed, 20 Jan 2010 09:14:27 -0800 (PST)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by core3.amsl.com (Postfix) with ESMTP id 712763A6403 for <hipsec@ietf.org>; Wed, 20 Jan 2010 09:14:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=julienl@qualcomm.com; q=dns/txt; s=qcdkim; t=1264007664; x=1295543664; h=from:to:date:subject:thread-topic:thread-index: message-id:references:in-reply-to:accept-language: content-language:x-ms-has-attach:x-ms-tnef-correlator: acceptlanguage:content-type:content-transfer-encoding: mime-version; z=From:=20"Laganier,=20Julien"=20<julienl@qualcomm.com> |To:=20"miika.komu@hiit.fi"=20<miika.komu@hiit.fi>,=20hip =20WG=20<hipsec@ietf.org>|Date:=20Wed,=2020=20Jan=202010 =2009:14:20=20-0800|Subject:=20RE:=20[Hipsec]=20fault-tol erance=20for=20base=20exchange=20and=20update |Thread-Topic:=20[Hipsec]=20fault-tolerance=20for=20base =20exchange=20and=20update|Thread-Index:=20AcqPafwIDPZ48y eRTHaZQrCKcUqcPAKie86g|Message-ID:=20<BF345F63074F8040B58 C00A186FCA57F1C67584F06@NALASEXMB04.na.qualcomm.com> |References:=20<4B458BB7.8090000@hiit.fi>|In-Reply-To:=20 <4B458BB7.8090000@hiit.fi>|Accept-Language:=20en-US |Content-Language:=20en-US|X-MS-Has-Attach: |X-MS-TNEF-Correlator:|acceptlanguage:=20en-US |Content-Type:=20text/plain=3B=20charset=3D"us-ascii" |Content-Transfer-Encoding:=20quoted-printable |MIME-Version:=201.0; bh=7Up9j6Le5kRAVYIGdCs/NlgCx98Qd8+z6d4Pmw0yy8w=; b=IBivpMwAq8zEcoIHp8RJlqy0nd46kUzyf0qtm/TiBmk9FL3SXexZ/l9r FjPq7VYtaAstUl2cCAfS3UX4PYgxySzaSmJ9rTfnD8XO8fU+2JO6ZvZOn kM17+xZJ+mJfeLehCLH7Fc+hvcvOnu5My3T4IN0JsJiMB+ylvIc1rIYxC 0=;
X-IronPort-AV: E=McAfee;i="5400,1158,5866"; a="32383348"
Received: from pdmz-ns-mip.qualcomm.com (HELO numenor.qualcomm.com) ([199.106.114.10]) by wolverine02.qualcomm.com with ESMTP; 20 Jan 2010 09:14:23 -0800
Received: from ironstorm.qualcomm.com (ironstorm.qualcomm.com [172.30.39.153]) by numenor.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id o0KHENKu006949 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <hipsec@ietf.org>; Wed, 20 Jan 2010 09:14:23 -0800
X-IronPort-AV: E=Sophos;i="4.49,311,1262592000"; d="scan'208";a="34626821"
Received: from nasanexhub06.na.qualcomm.com ([129.46.134.254]) by ironstorm.qualcomm.com with ESMTP/TLS/RC4-MD5; 20 Jan 2010 09:14:23 -0800
Received: from nalasexhub04.na.qualcomm.com (10.47.130.55) by nasanexhub06.na.qualcomm.com (129.46.134.254) with Microsoft SMTP Server (TLS) id 8.2.176.0; Wed, 20 Jan 2010 09:14:23 -0800
Received: from NALASEXMB04.na.qualcomm.com ([10.47.7.114]) by nalasexhub04.na.qualcomm.com ([10.47.130.55]) with mapi; Wed, 20 Jan 2010 09:14:22 -0800
From: "Laganier, Julien" <julienl@qualcomm.com>
To: "miika.komu@hiit.fi" <miika.komu@hiit.fi>, hip WG <hipsec@ietf.org>
Date: Wed, 20 Jan 2010 09:14:20 -0800
Thread-Topic: [Hipsec] fault-tolerance for base exchange and update
Thread-Index: AcqPafwIDPZ48yeRTHaZQrCKcUqcPAKie86g
Message-ID: <BF345F63074F8040B58C00A186FCA57F1C67584F06@NALASEXMB04.na.qualcomm.com>
References: <4B458BB7.8090000@hiit.fi>
In-Reply-To: <4B458BB7.8090000@hiit.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Hipsec] fault-tolerance for base exchange and update
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jan 2010 17:14:29 -0000
Hi, FWIW, RFC5201 already allows sending multiple I1's in parallel: 6.6.1. Sending Multiple I1s in Parallel For the sake of minimizing the session establishment latency, an implementation MAY send the same I1 to more than one of the Responder's addresses. However, it MUST NOT send to more than three (3) addresses in parallel. Furthermore, upon timeout, the implementation MUST refrain from sending the same I1 packet to multiple addresses. That is, if it retries to initialize the connection after timeout, it MUST NOT send the I1 packet to more than one destination address. These limitations are placed in order to avoid congestion of the network, and potential DoS attacks that might happen, e.g., because someone's claim to have hundreds or thousands of addresses could generate a huge number of I1 messages from the Initiator. As the Responder is not guaranteed to distinguish the duplicate I1s it receives at several of its addresses (because it avoids storing states when it answers back an R1), the Initiator may receive several duplicate R1s. The Initiator SHOULD then select the initial preferred destination address using the source address of the selected received R1, and use the preferred address as a source address for the I2. Processing rules for received R1s are discussed in Section 6.8. --julien > -----Original Message----- > From: hipsec-bounces@ietf.org [mailto:hipsec-bounces@ietf.org] On > Behalf Of Miika Komu > Sent: Wednesday, January 06, 2010 11:23 PM > To: hip WG > Subject: [Hipsec] fault-tolerance for base exchange and update > > Hi, > > Baris Boyvat has implemented an experimental fault-tolerance extension > for the HIP base exchange and UPDATE in the HIPL implementation. He > will > document it in his master thesis during this year, but I would like to > start discussion of the topic already now. > > At the protocol level, the extension allows sending multiple I1 or > UPDATE-with-locator packets sequentially. The idea is to scan through > all possible source and destination IP pairs at the HIP layer to > improve > the chances for successful initial contact (I1) and to re-establish > contact (UPDATE-with-locator) in way similar to the NAT-ICE extensions. > We have playfully called the extension as "shotgun" mode in the > implementation :) > > The obvious difference to ICE is that the shotgun mode works at the HIP > protocol layer. A non-obvious difference is that the approach supports > also fault-tolerance for a single relay/rendezvous (Responder's RVS has > crashed) and it can make use of multiple relay/rendezvous servers for > better redundancy. At the moment, neither of these are possible direcly > with the ICE-NAT extensions. I actually believe the shotgun approach > can > be applied even with the ICE-NAT extensions to improve fault-tolerance. > > The shotgun approach seems useful to improve fault-tolerance with an > without (single or multiple) rendezvous/relay middleboxes, but there is > also another use case for this. The Initiator (or Mobile Node) can > learn > multiple mappings for the peer, some of which may have connectivity and > some not. It is also possible that a malign user intentionally sends > invalid mappings for a well-known service in a multiuser system (this > case also requires some rate control for mappings per user). In such > scenarios, it is useful to try multiple peer addresses sequentially > instead of just single one. > > Minimally, the approach requires few considerations in an > implementation: > > i) Allow sending of multiple I1 and UPDATE-with-locator packets in a > rate-controlled fashion > ii) Filter redundant incoming packets. > > Case (ii) could be implemented as filtering of I1 packets or filtering > of R1 packets. We chose filtering of redundant R1 packets in the > implementation and it required a small change in the state machine. For > the UPDATE filtering, filtering based on sequence numbers was > sufficient. > > I would like the WG feedback on whether we could include this approach > in RFC5201-bis and RFC5206-bis (as MAY or SHOULD). > > P.S. Maybe Baris has something to add or to explain some details better. > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec
- [Hipsec] fault-tolerance for base exchange and up… Miika Komu
- Re: [Hipsec] fault-tolerance for base exchange an… Andrew McGregor
- Re: [Hipsec] fault-tolerance for base exchange an… Tobias Heer
- Re: [Hipsec] fault-tolerance for base exchange an… Miika Komu
- Re: [Hipsec] fault-tolerance for base exchange an… Laganier, Julien
- Re: [Hipsec] fault-tolerance for base exchange an… Miika Komu